Internal Audit as a Strategic Fraud Detector

Why It Matters

In many organizations, internal audit is still seen as a checklist function. But the real power of internal audit lies in its ability to pre-empt fraud and misconduct through structured reviews, anomaly detection, and risk-based sampling, often spotting red flags long before whistleblowers or external auditors.

With frauds becoming more digital, complex, and fast-moving, internal audit needs to evolve into a proactive investigative arm, not just a compliance gatekeeper.

Key Techniques Used by Modern Internal Auditors

Indicators That Should Trigger a Closer Look

• Repeated control overrides without justification
• Manual entries in high-value transactions
• Vendor concentration risk
• Frequent returns or credit notes from a specific department
• Multiple employees with overlapping financial responsibilities

Real Case Snapshot – Undetected Procurement Fraud in a Private Sector Company

Background

A large private organization operating in the retail and lifestyle sector noticed a consistent rise in store fit-out and renovation expenses, despite no significant increase in store count or project scale. The anomalies were first noticed by a finance business partner who questioned repeated budget overruns and unusually frequent change orders on standard retail refurbishment projects.

The Internal Audit team initiated a targeted audit focusing on procurement and project management practices. The review covered supplier selection procedures, invoice pricing trends, and post-approval modifications across several projects over a two-year period.

What Was Uncovered:

Using forensic sampling and analytics on procurement transactions, the internal audit team found:

• Disproportionate Awarding: Over 75% of projects had been awarded to a single contractor despite multiple approved vendors on record.
• Inflated Pricing Trends: Material and labour costs were consistently higher than market benchmarks, by 20–35%, even for standard items procured across other business units.
• Manipulated Change Orders: Change requests were systematically approved just before financial quarter-ends, often lacking sufficient documentation, and used to absorb surplus budgets.
• Conflict of Interest: The lead project coordinator was linked to the contractor through a close relative’s ownership stake. This was uncovered via cross-verification of shareholder registry data and internal IP log correlations showing dual login activity.

Outcome

• The employee was immediately suspended, followed by disciplinary action and legal proceedings.
• The contract with the vendor was terminated and flagged as high-risk.
• The financial leakage across affected projects was estimated at nearly 3 million in project costs over 18 months.
• The audit committee mandated a complete overhaul of procurement controls, including automated conflict-of-interest declarations and dynamic vendor rotation policies.

Key Lesson

1. Internal audit played a preventive role, identifying fraud that had not yet reached external visibility or caused reputational harm.
2. Trend analysis and peer benchmarking across similar projects exposed pricing anomalies that manual reviews had missed.
3. Cross-referencing stakeholder declarations with external databases (e.g., beneficial ownership records) can reveal undisclosed connections critical to understanding misconduct.
4. A vigilant employee's early doubts led to this investigation, emphasizing the importance of a culture that encourages reporting without fear.

Coming Next Week

Next week, we’ll explore how organizations respond after uncovering fraud, from revamping internal controls to taking disciplinary action, and cultivating a culture that deters future misconduct.