Skip to Content

Pandemic and Need for Continuous Assurance Put Internal Audit at Forefront of Companies’ Defense

Communications The IIA Mar 28, 2022

New Research Shows Organizations Are Strengthening Systems and Internal Controls to Combat Increased Cyber/Phishing Fraud

LAKE MARY, Fla., March. 28, 2022 – The Internal Audit Foundation and The Institute of Internal Auditors (IIA) announced today that they have issued a new research report in collaboration with Kroll. The report, “Fraud and the Pandemic – Internal Audit Stepping Up to the Challenge,” is based on a recent global survey and focus groups with internal auditors, discussing how the role of internal audit in fraud risk management has changed since the start of the pandemic.

This is the second report in The Internal Audit Foundation’s fraud risk management series with Kroll. The first, Fraud Risk Management in Internal Audit, was based on a survey conducted in 2020, before the start of the pandemic.

By comparing the new data to the original pre-pandemic results, the organizations were able to see if internal audit’s ability to prevent, detect and investigate fraud had changed, and identify lessons that can be learned and applied to fraud risk management today.

The new report shows that the remarkable circumstances over the past two years, including rapidly-changing work practices, a move to remote working, and the factors that usually drive instances of fraud higher (opportunity, rationalization, and pressure/incentive), created a perfect storm in terms of the likelihood of fraud occurring and going undetected.

Results show organizations faced increased exposure to cyber, social engineering, and phishing attacks, as well as instances of impersonating senior management in order to embezzle funds. More than half (54%) of survey respondents noticed an increase in cyber and phishing fraud, while 40% noted an increase in fraud relating to asset misappropriation.

"No aspects of business operations have been immune from pandemic disruption, and we wanted to see precisely how that disruption impacted organizations' fraud risk management practices,” said Anthony Pugliese, CIA, CPA, CGMA, CITP and president and CEO of The IIA. “As companies increase investments in new technologies, it’s clear that when the independent internal audit function is actively providing assurances of internal controls and risk management systems, the impact of fraud is reduced.”

As a result of heightened fraud risks, 36% of respondents said they had devoted additional resources to internal controls, and 29% had devoted additional resources to data analytics. Since the start of the pandemic, business leaders have required internal audit to take a more proactive and flexible continuous assurance approach. The most successful organizations were flexible enough to respond quickly to these circumstances by implementing changes that positioned them for future risk planning.

“We have seen the external, organized threat of fraud, for example through cyberattacks and social engineering, strengthen during the pandemic, with the internal threat becoming increasingly hard to identify and remediate,” said Matthew Weitz, associate managing director, forensic investigations and intelligence, at Kroll. “This has driven a rethink of the role of internal audit with many internal auditors stepping up to become more strategic advisors in the fight against fraud.”

Download the report

Find Out More During the 7 June Global Webinar

During a free global webinar, an expert panel will discuss key findings from a recent IIA and Kroll report exploring how the role of internal audit in fraud risk management has changed since the start of the pandemic.

Learn More


The Institute of Internal Auditors

Get a Group Membership

Learn More