The Quaestor - Volume 1, Issue 3

It’s Your Turn to be Audited

Last time we reviewed the Audit Planning and Audit Fieldwork phases of an audit engagement. Below is a discussion of the last two phases.

The Reporting Phase

During the reporting phase, audit issues are drafted, discussed with the client, and formalized for inclusion in the audit report. Audit issues are generally situations where adequate internal controls do not exist within the client department. Our audit issue write-up will provide a background on the situation (if necessary for clarification), the observation, a statement that explains the risk of the situation, and recommendations for curing the inadequate internal control. For each audit issue, the client must provide an action plan that resolves the internal control deficiency. The complete final audit report, comprised of an executive summary and detailed audit issues section, is issued to the client (director, department head, etc.), the appropriate divisional vice president, and Dr. Watters - Sr. Vice President for Finance and Administration. The executive summary only is issued to President Simone, members of the Audit Committee of the RIT Board of Trustees, and RIT’s external auditors.

The Follow-up Phase

The final phase of the engagement occurs after the audit report has been issued. During the follow-up phase, IACA re-visits the client department to verify that the audit issue action plans have been implemented, thereby curing the internal control deficiency. It is very important that all audit issues are closed in a timely manner to protect the department from further exposure to the risks identified in the report.

Hopefully this information has helped to clarify what happens during an IACA audit engagement. If you have any questions, please contact any of the IACA staff.

Fraud and Theft in the Workplace

Why do people commit fraud? Three essential elements are common to all types of fraud schemes: opportunity, need, and rationalization. These three elements comprise the fraud triangle.


The first and most critical element of the fraud triangle is opportunity. Many organizations unwittingly and unwisely provide their employees with a variety of opportunities to commit fraud. The most common factor is the lack of adequate controls for monitoring employee behavior. For example, a bookkeeper in a clinic was given the responsibility to prepare checks, sign checks, and record the payments in the cash disbursements journal. The bookkeeper discovered the opportunity for fraud and embezzled almost $1 million in cash. Adequate internal controls require—at the very least—that these three responsibilities be segregated among at least two or more employees


Not all employees will exploit the opportunity to commit fraud. What is it that induces one employee to commit fraud and another to remain honest? The answer is need, the second element of the fraud triangle. Financial need can come from a variety of sources, including:

  • Lifestyle, including the perceived need to maintain a high standard of living;
  • Personal debt, from credit cards, gambling losses, substance abuse, or poor investments;
  • Business losses, caused by inflation, high interest rates, poor economy, or lack of demand.

Employees burdened with financial need may search for ways to relieve that need. Consequently, they should not be put in a position that would provide them with the opportunity to commit fraud. Doing so would be an unwise decision with predictable results.


The third and final element of the fraud triangle is rationalization, the means by which the fraudster psychologically justifies the fraud. Common rationalizations include the following:

  • “They owe it to me. I deserve to get paid more.”
  • “I’m only borrowing the money. I’ll pay it back.”
  • “Nobody will miss it. The company can afford it.”
  • “Everyone does it. I’m not hurting anyone.”

Whatever a person’s reason is for fraudulent activity, it is not considered acceptable behavior and will be dealt with seriously by Institute management.

Remember, as an employee of Rochester Institute of Technology, you have stewardship responsibility for safeguarding Institute assets under your purview.

Fraud Facts

Fraud affects organizations of all shapes and sizes. In the Report to the Nation on Occupational Fraud and Abuse, published by the Association of Certified Fraud Examiners, it was reported that small businesses are the most vulnerable to occupational fraud and abuse. The average scheme in a small business causes $127,500 in losses. The average scheme in the largest companies costs $97,000. The average fraud scheme lasted 18 months.

Additional Information by IACA

Learn more about your IACA team.