After initial investigation, an IS auditor has reasons to believe that fraud may be present.
The IS auditor should:
expand activities to determine whether an investigation is warranted.
report the matter to the audit committee.
report the possibility of fraud to top management and ask how they would like to proceed.
consult with external legal counsel to determine the course of action to be taken.
An IS auditor’s responsibilities for detecting fraud include evaluating fraud indicators and deciding
whether any additional action is necessary or whether an investigation should be recommended.
The IS auditor should notify the appropriate authorities within the organization only if it has
determined that the indicators of fraud are sufficient to recommend an investigation. Normally, the
IS auditor does not have authority to consult with external legal counsel.