Internal auditors support management's efforts to establish a culture that embraces ethics, honesty, and integrity. They assist management with the evaluation of internal controls used to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are involved in any fraud investigations.
Although it is management's responsibility to design internal controls to prevent, detect, and mitigate fraud, the internal auditors are the appropriate resource for assessing the effectiveness of what management has implemented.
Prevention: As a part of their assurance activities, internal auditors watch for potential fraud risks, assess the adequacy of related controls, and make recommendations for improvement.
Detection: Because the internal auditors are exposes to key processes throughout the organization and have open lines of communication with the executive board and staff, they are able to play an important role in fraud detection. In many organizations, the chief audit executive (CAE) is responsible for responding to issues raised on the ethics hotline or through another process that may lead to detection of fraud.
Investigation: Internal auditors may either have a direct role in investigating fraud incidents, or act as a resource to those responsible, they generally are not expected to have the expertise of those whose primary responsibility is detecting and investigating fraud.