Global Technology Audit Guide (GTAG) series
Guide to the Assessment of IT Risk (GAIT) series
IT Audit Guidance main page
Guide 13: Fraud Prevention and Detection in an Automated World
Download (members only): PDF, French (PDF 1021 KB)
Rate this guide
Non-members purchase from IIA Bookstore.
As technology advances, so do schemes to commit fraud. Therefore, technology can not only be used to perpetrate fraud, but also to prevent and detect it. Using technology to implement real-time fraud prevention and detection programs will enable organizations to reduce the cost of fraud by lessening the time from which a fraud is committed to the time it is detected. Considering this, it is crucial that auditors stay ahead of fraudsters in their knowledge of technology and available tools. This GTAG focuses on IT related fraud risks and risk assessments and how the use of technology can help internal auditors and other key stakeholders within the organization address fraud and fraud risks.
Through a step-by-step process for auditing a fraud prevention program, an explanation of the various types of data analysis to use in detecting fraud, and a technology fraud risk assessment template, the GTAG aims to inform and provide guidance to chief audit executives and internal auditors on how to use technology to help prevent, detect, and respond to fraud. The GTAG also supplements The IIA’s practice guide, Internal Auditing and Fraud, and informs CAEs and internal auditors on how to use technology to help prevent, detect, and respond to fraud.
TABLE OF CONTENTS
Executive Summary
Chapter 1 – Introduction
1.1 Definition of Fraud
1.2 The IIA's Fraud-related Standards
1.3 Using Technology to Prevent and Detect Fraud
Chapter 2 – IT Fraud Risks
2.1 IT Fraud Risk Assessments
2.2 Assessing Fraud Schemes
2.3 IT Fraud Schemes
Chapter 3 – Fraud Detection Using Data Analysis
3.1 Why Use Data Analysis for Fraud Detection
3.2 Analytical Techniques for Fraud Detection
3.3 Typical Types of Fraud Tests
3.4 Analyzing Full Data Populations
3.5 Fraud Prevention and Detection Program Strategies
3.6 Analyzing Data Using Internal and External Data Sources
Chapter 4 – The CAE’s Role in Addressing IT Fraud
4.1 The Audit Committee
4.2 Twenty Questions the CAE Should Ask About Fraud
References and Resources
Authors
- Ken Askelson, CIA, CPA.CITP, retired from JCPenney
- Rich Lanza, CPA, CFE, PMP, President of Cash Recovery Partners, LLC
- Peter Millar, Director, Technology Application, ACL Services Ltd
- Marilyn Prosch, Ph.D. W.P Carey School of Business, Associate Professor, Department of Information Systems Management Arizona State University
- Donald E Sparks, CIA, CISA, ARM, Vice President, Audimation Services, Inc.
Questions about this guide for the author? E-mail guidance@theiia.org.