About Partners Contact Client Portal
LinkedIn Twitter
Services Industries Insights & Events Careers & Culture
Insights & Events

Services

RubinBrown specializes in providing a comprehensive range of services to meet business and personal needs. Whether you require expert tax, strategic business consulting, audit services or more, RubinBrown's team of experienced professionals are here to support you.

View All Our Services
Assurance Services
Benefit Plan Audit Services Public Company Services SOC Examinations, IT Audit, & Third-Party Risk
Consulting Services
AI & Data Services Business Process Improvement Services Business Restructuring & Bankruptcy Services Cyber Security Services Independent ERP Selection Consultants Fraud & Forensics Healthcare Consulting Services SOC Examinations, IT Audit, & Third-Party Risk Information Technology Services Litigation Services Mergers & Acquisitions Services Risk & Internal Audit Services Valuation Services
Entrepreneurial Services
Outsourced Accounting & Advisory Services
Tax Services
Federal Tax Services Private Client Services Credits & Incentives Services State & Local Tax Services
Wealth Management Services by RubinBrown Advisors RubinBrown Corporate Finance

Industries

At RubinBrown, we bring experience across a range of industries. Our experience enables our professionals to offer tailored solutions catering to the intricacies of each sector. Our professionals have years of focused engagement and skills, allowing them to navigate industry-specific challenges to benefit our clients.

View All Our Industries
Colleges & Universities Construction Financial Institutions Gaming Law Firms Life Sciences & Technology Manufacturing & Distribution Not-For-Profit Private Equity Public Sector Real Estate Transportation & Dealerships

Careers & Culture

At RubinBrown, we are inspired team members, working as one firm, living our core values, and Being Our Best for Others while delivering totally satisfied clients. We invite you to learn more about the Firm's culture, the Be Your Best for Others mentality, and explore the available opportunities at RubinBrown.

Discover Our Culture
Baker Tilly International Campus Recruiting Diversity & Inclusion Experienced Recruiting RubinBrown Charitable Foundation Join The Team
Back to Insights

When "Nothing Was Wrong" Was the Biggest Red Flag: An Internal Audit Perspective

Contact Us

When "Nothing Was Wrong" Was the Biggest Red Flag: An Internal Audit Perspective

Contact Us
During a routine internal audit, everything appeared to be in order.

Reconciliations were completed on time. Approvals were present and documented. Reports were generated consistently. On the surface, the control environment reflected discipline and compliance exactly what auditors expect to see.

And yet, something didn’t sit right.

As the audit team moved beyond checklists and into data analysis, a subtle but persistent pattern began to emerge: an unusually high volume of financial adjustments. Individually, none were material. Collectively, however, they painted a different story, one that didn’t align with the nature or stability of the business.

When questioned, the process owner responded with confidence:
“Everything is working exactly as designed.”

That statement, instead of reassuring the audit team, became the turning point.

Where Fraud Enters the Conversation

The most telling element in this scenario is not just the data; it’s the combination of data and response. At first glance, a high volume of small, immaterial adjustments may appear to reflect process inefficiencies or system limitations. However, from an internal audit perspective, this pattern raises a more serious question. Fraud rarely presents itself through large, obvious misstatements. More often, it evolves through repetitive, low-visibility actions that individually are overlooked but collectively shape outcomes.

The Modern Fraud Landscape: Persistent, Evolving, and Underestimated

Recent guidance from the Anti-Fraud Collaboration, and related thought leadership, highlights a clear and sobering truth: fraud risk is increasing in both frequency and sophistication across industries. 

Organizations are navigating a perfect storm:
  • Rapid technological change
  • Increasingly complex business models
  • Economic and geopolitical pressures
  • Expanding digital ecosystems and data environments
Together, these forces are not only creating new and more agile pathways for fraud but are also exposing the limitations of traditional control frameworks, which were not designed to operate at today’s speed, complexity, or level of interconnectivity.
 
The data underscores the urgency and scale of the challenge:
  • Nearly two-thirds of professionals report that fraud levels have increased in recent years and expect this trajectory to continue. 
  • U.S. public companies are estimated to lose more than 1% of annual revenue to known fraud, representing a persistent and material erosion of value. 
  • Internal audit is consistently identified as the front line of fraud detection and prevention, reinforcing both its critical importance and the growing demands placed on the function. 
Known fraud represents only the visible portion of the threat. Because fraud is designed to evade detection, organizations must assume that some risks and incidents remain undiscovered, making effective fraud management as much about identifying hidden vulnerabilities as responding to detected cases.

The Expanding Role of Internal Audit in Fraud Risk Management

Traditionally, internal audit has been viewed as a compliance-focused function centered on control testing and assurance. That paradigm is no longer sufficient. Leading organizations are redefining internal audits as a strategic business partner.  One that is focused on value creation, not just validation of controls or compliance, but a department sought out to anticipates risk and challenges of the status quo.

Today, internal audit is increasingly expected to provide forward-looking insight into emerging fraud threats and systemic vulnerabilities. According to the Anti-Fraud Collaboration, its role is critical in:
  • Evaluating the strength and effectiveness of fraud risk governance frameworks
  • Assessing whether internal controls are truly operating as intended not just designed appropriately
  • Challenging management assumptions and uncovering blind spots
  • Leveraging data analytics to identify stress-fractures in the control framework, before it’s a complete break down
  • Strengthening fraud deterrence by increasing transparency, accountability, and oversight
More importantly, according to the Occupational Fraud 2024: A Report to the Nations by the Association of Certified Fraud Examiners (ACFE), organizations with a mature internal audit function see tangible benefits:
  • Fraud losses are reduced by approximately 43%
  • Fraud schemes are detected 50% faster 
This is not simply about compliance; it’s about protecting enterprise value.

Professional Skepticism: The Most Underrated Control

At the heart of effective fraud risk management is a principle that is frequently cited-but too often absent in practice: professional skepticism.

Professional skepticism is a disciplined refusal to accept information at face value, it is the mindset that separates superficial assurance from meaningful risk detection. It requires auditors and risk professionals to:
  • Question inconsistencies
  • Validate assumptions
  • Seek independent evidence
  • Remain alert to subtle anomalies
Without this mindset, even the most sophisticated audit frameworks become ineffective, reduced to “check-the-box” exercises that create the illusion of oversight while risk quietly builds.

From Insight to Action: Five Practical Steps for Strengthening Fraud Risk Management

While organizations often focus on pressure and rationalization, the most actionable factor is opportunity, the one area internal audit and management can directly influence. Weak segregation of duties, excessive access privileges, ineffective monitoring, and control overrides remain among the most common enablers of fraud across organizations.

The following five steps provide an immediate, practical path to strengthening fraud risk management:
1.    Reassess the Fraud Risk Framework
  • Conduct a fresh, forward-looking fraud risk assessment aligned to current business realities
  • Challenge long-standing assumptions, particularly in areas historically deemed “low risk”
  • Incorporate cross-functional perspectives to uncover blind spots
2.    Embed Fraud Thinking into Audit Planning
  • Integrate fraud risk considerations into every audit engagement, not as an afterthought, but as a core objective
  • Use structured fraud brainstorming to identify realistic schemes and vulnerabilities
  • Consistently ask: What could go wrong and how would it actually happen?
3. Leverage Data Analytics and AI tools Purposefully
  • Move beyond sampling and analyze full populations to uncover hidden anomalies
  • Focus on patterns, outliers, and behavioral signals, not just transactions
  • Use data to independently validate management’s assumptions and risk narratives
4. Reduce Opportunity Through Stronger Controls
  • Rigorously evaluate access controls and system permissions
  • Enforce meaningful segregation of duties across critical processes
  • Implement continuous monitoring to identify issues in near real time
5. Build a Culture That Detects and Deters
  • Invest in ongoing, role-specific fraud awareness and training
  • Foster an environment where questioning is expected, not discouraged
  • Empower employees to escalate concerns without fear of retaliation

Looking Ahead: Fraud Risk as a Strategic Imperative

The organizations that will be most resilient in the years ahead will not be those with the greatest number of controls but those with the most intelligent, adaptive, and relentlessly skeptical risk functions.  In this environment, internal audit is no longer a support function, it is a strategic enabler. When positioned effectively, it becomes a catalyst for enterprise-wide resilience by:
  • Closing the gap between strategy and risk execution
  • Delivering timely, actionable insight into emerging and evolving threats
  • Equipping leadership with the independent perspective needed to make better, more informed decisions under uncertainty
The stakes have fundamentally changed. Fraud is no longer confined to operational disruption, it has become a strategic threat with direct and measurable impact on financial performance, organizational reputation, and stakeholder trust.

Organizations that fail to recognize this shift risk systemic exposure.

Conclusion: Seeing What Others Miss

Returning to the opening story, the organization did not fail due to a lack of controls, talent, or oversight. It failed because it did not pause to confront a fundamental question: Does this actually make sense?” 

Simple, direct, and often uncomfortable, this question remains one of the most powerful tools in fraud detection. When applied with rigor, data, and experience, it distinguishes organizations that identify risk early from those that uncover it only after significant damage has occurred.

In today’s environment, fraud risk management cannot be confined to compliance or routine assurance. It requires constant vigilance, true skepticism, and a deliberate shift toward proactive, intelligence-led risk management. Organizations that move decisively strengthening capabilities, challenging assumptions, and leveraging experienced perspectives gain a meaningful and lasting advantage.
 
 

Published: 06/23/2026

Readers should not act upon information presented without individual professional consultation.

Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.

 

Contact Us:

Talk to Our Experts

Nathan Croll, CPA, CGMA, CCA Partner nathan.croll@rubinbrown.com 314-290-3484
Brandon Loeschner, CPA, CISA, CGMA Partner brandon.loeschner@rubinbrown.com 314-290-3324
Darek McCoy, CIA, CISA, CFE Partner darek.mccoy@rubinbrown.com 702.853.5405

Be Your Best for Others at RubinBrown

At RubinBrown, our firm fosters a culture built upon five vision points, and are guided by our philosophy of Being Our Best for Others. Discover how you can be your best at RubinBrown today by visiting our Careers & Culture Overview for available opportunities and more.

Discover Our Culture

Join Our Mailing List

RubinBrown periodically sends breaking regulatory updates, technical summaries, industry-specific information and event (in-person and virtual) invitations through electronic newsletters.

Sign Up for Our Communications
1-800-678-3134 Certified Public Accountants & Business Consultants

Ranked a Top 50 Accounting Firm by Inside Public Accounting

Firm News Disclaimers Privacy Policy Client Payment © 2026 RubinBrown LLP
RubinBrown Executive Recruiting RubinBrown Advisors RubinBrown Corporate Finance