Every public organization, regardless of size, should have some type
of internal auditing process to help it manage enterprise-wide risk.
Corporate fraud cannot be taken lightly. Management, boards of directors and
audit committees should consider the questions presented below and
quickly take steps to convert any “no” answer to a “yes.”
- Is there a process or function within the organization
responsible for assessing and monitoring risk?
- Do I have assurance that controls are operating as planned?
- Is there a thorough and appropriate reporting mechanism within the
organization that allows for an adequate checks-and-balances system
for fraud prevention and risk management?
- Do I have assurance that financial and other information is
- Are risk management, control and governance processes being
evaluated and reviewed for efficiency and effectiveness on an
- Do I have a clear understanding of enterprise-wide risk and the
organization’s key areas of vulnerability?
- Does the organization have an operational system for managing
- Is there an internal process within the organization for adding
value to and improving operations?
- Are the organization’s stakeholders provided with reliable
assurances that their investment is protected?
- If I were not a part of management or the board, would I be
comfortable with the assurances provided to me as a stakeholder?
- Am I able to sleep at night without worrying about risk in the
- Am I comfortable that all risks have been appropriately addressed?
Source: The Institute of Internal Auditors. Altamonte Springs, Florida. The Web site is www.itaudit.org.