Insights: Article

Internal Audit or a Forensic Examination: Which Do I Actually Need

By Eric Berman

May 29, 2018

A medium–sized organization reached out to one of our offices with a problem. A long-term employee responsible for the reconciliation of the organization’s deposit account retired. A little over a year after this retirement, another employee discovered the account had not been reconciled since that person’s departure. Something was amiss. But how to resolve this situation? The employee wondered if they needed an internal audit.

Determining if an internal audit is needed versus a forensic examination can easily be misunderstood. Both types of engagements can be extremely helpful to improve internal controls for any entity of any size. Deciding which type of engagement fits best depends on facts, circumstances, goals and objectives.

Your entity may actually need an internal audit if:

  • Ethical or accuracy lapses have occurred and/or accountability is lacking.
  • Specialized expertise is required to accomplish projects beyond regular operations.
  • Risks in operations, compliance and reporting are unrecognized or are increasing due to significant changes in the industry, technology, laws and regulations.
  • Existing policies and procedures may not be followed.
  • Information technology data breaches have occurred or there is significant concern that such risk exists.
  • Compliance with laws and regulations is a significant organizational risk and noncompliance may become a serious issue if not monitored and evaluated.
  • Those charged with governance are focused on the "big picture," but remain concerned about what they may not know about the "little picture" (or vice versa).
  • Communications internally have led to morale and turnover issues, while external communication quality has led to an air of skepticism from stakeholders about operations.

Your entity may actually need a forensic audit if:

  • Suspicions exist of fraud or theft.
  • Similarly to the above described issue, turnover has occurred and account balances are not what they should be (positively or negatively).
  • Accounts that were thought to be in your entity’s name are not really owned by your entity.
  • Reconciliation procedures result in timing differences or unidentified differences or don’t reconcile at all.
  • Contractors that should have been paid have been unpaid and customers that should have paid have not.
  • Theft of personally (or business) identifiable information has occurred (or systems have been "hacked").
  • Labor and materials have resulted in poor quality products that are not selling (or worse, out of compliance with laws and regulations).
  • A whistleblower hotline identified issues such as assets stolen or other defalcations.

While there are cases where you may need both a forensics examination and an internal audit, the key differential between the two types of services is time and objective of the project(s). An internal audit engagement is typically much more current and forward looking focusing on where the organization is today while simultaneously taking a consultative look at the future state of an organization’s inherent risks and what they are or should potentially be doing to control those risks.

A forensic examination is retrospective in nature with the focus on reconstructing how things should be and uncovering what may have happened. After considering these factors, the organization above determined that it wanted to look back in time to determine what happened and to reconcile their deposit account. It was agreed that a forensic examination was actually what they needed.

Latest Insights

March 22, 2019
The advent of better technologies has created a huge opportunity for critical access hospitals to access information that can help them make informed decisions and improve efficiency.
March 21, 2019
Arizona has filed a lawsuit against California over its “doing business” tax. 
March 21, 2019
Firm News
The union adds a new office and state to the regional CPA firm and adds additional ERP talent to their growing NetSuite practice.
March 20, 2019
If your answer to this question is yes – or you are considering doing business internationally – you probably know there are many fine details that need your attention. Some questions to ask yourself: Do you have related parties in different…
March 20, 2019
Ready to think about what life is like post-business? If a transition is on the horizon, we offer seven steps to help you create a successful succession plan.
March 20, 2019
The decision to transition your business is a big one, but there are a few questions you can ask to determine if you’re ready.