IT auditors are expected to be involved in auditing for fraud both directly and indirectly. This article provides a fraud risk assessment approach covering various areas of fraud control through IT auditing, including:
• Integrating controls in the early stages of IT project development
• Raising necessary BICs and identifying EWSs as references for fraud prevention
• Developing ICQs around the process (both IT and business) instead of being technically focused
• Initiating and assisting in fraud investigations through the identification and recovery of direct and circumstantial evidence
The ability to identify and investigate a fraud by an IT auditor is strongly influenced by the extent of the IT auditor's knowledge of the business operations, IT process and technical know-how. Through this report, it is expected that IT auditors will have obtained a better understanding of the common practices that allow an enhanced level of fraud detection in an IT environment.