What audit committees should ask about fraud risk

What audit committees should ask about fraud risk? A corporate governance education guide to ensuring this crucial committee fulfils its mandate.

Fraud risk is only increasing in this modern, chaotic global business landscape. EY describes that reality as “NAVI” – non-linear, accelerated, volatile, and interconnected. In general, changes happen faster, tech capabilities are getting broader, and bad actors are able to break the law in far more elusive and creative ways. 

At the governance level, the audit committee is one of the primary barriers against fraud. Its responsibilities for financial reporting give it unique opportunities to question financial activities that don’t look right. Even if there is a legitimate reason behind something that seems odd, it often falls to the audit committee to ask until there’s a full understanding.  

This guide will break down that responsibility into specific focus areas and give you starting points for fulfilling an important governance mandate.

Traditional forms of misconduct, like revenue recognition fraud and improper expense recognition, remain prevalent. However, they are now joined by newer digital threats, fuelled by game-changing innovations that have arrived in quick succession, giving many businesses little chance to catch up. 

In particular, AI is reshaping the threat landscape. It enables “deepfake” attacks  – manipulating audio or video in sophisticated ways that would fool even those who consider themselves tech-savvy. In the US, the Audit Committee Priorities for 2026 from BDO shows that audit committees are increasingly prioritising enterprise risk management (ERM) beyond traditional financial reporting to address this.

Nowadays, the ramifications extend far beyond the immediate financial loss. In the short term, boards could face huge reputational damage, both among consumers and other public groups, and among shareholders. This confidence is extremely hard to win back. 

And then, even more seriously, boards can face huge legal penalties for failing to prevent fraud. This often takes the form of fines equal to a hefty percentage of global turnover. However, in some severe cases (and depending on the local laws), some directors could land themselves in court or even prison, because their actions were judged to have been so blatantly incompetent or deliberate that they are considered active players in the acts of fraud. 

Such penalties were large and nonexistent in decades past, but regulators and other stakeholders have been piling on the pressure for this to change.

The reason we have these basic questions below is to provide some structure and context. It can often be difficult to concentrate on potential fraud amid the wider work of an audit committee. Sometimes, the concept might not even spring to mind until it’s too late. 

These questions will help keep fraud risk where it needs to be on the internal agenda:

• Are our risk assessments outdated? This is possibly the most relevant question to ask in the current decade, defined by rapid sophistication in fraud techniques and a more chaotic business landscape, which makes spotting foul play more difficult. Older, more linear risk frameworks may often not work in this environment. If yours had not been thoroughly examined in a while, it might be missing several key risks that could derail your business if unchecked. 
• Is bad news being suppressed? Audit committees may often rely on information passed to them from other parts of a business. However, this system falls apart if the corporate culture discourages bad news and dresses up problems to frame them as routine or even progress. As this kind of culture can often develop gradually, it’s always good to bear it in mind during audit committee work. 
• How are we defending against deepfakes? It’s one of the most important new threats, and boards have to verify if their protocols can mitigate them to acceptable, modern standards. 
• Are internal audits resource-constrained? Costs go up, and companies are always on the lookout for ways to cut unnecessary expenses. However, blind spots can develop in response to declining headcounts or a lack of investment. It’s important for audit committees to know if this is becoming a problem. 
• Are we using AI for detection? While AI creates risks, it also offers powerful tools for detection; advanced analytics should be leveraged to flag financial anomalies early.

While this guide can give you a synopsis of questions to ask, there’s no denying that the scale of responsibilities often requires more than that. 

Nowadays, dedicated training is what sets any director up for success, let alone those who take on the extra role of audit committee work. To meet these expanding responsibilities, it’s important that you explore your options for recognised corporate governance qualifications and combine them with your own personal needs. Do you need a broad certification covering many aspects, or does micro-learning suit you better? 

If you can answer these questions and follow through on the educational side, you’ll find the day-to-day work in groups like an audit committee will be far easier.

Like any governance element, the success of any audit committee is rooted in its ability to ask questions. Simple queries one day could mean the difference between avoiding a major corporate blunder or steering the business straight into it. 

While the questions above will help set the scene, it’s important to complement them with a robust knowledge of modern corporate governance. The combination is what fuels modern success.

• 2026 audit committee priorities: navigating complexity and … – EY
• Setting the 2026 Audit Committee Agenda | Protiviti Global
• Audit Committee Handbook – 2025 edition – KPMG agentic corporate services
• Audit Committee Insights | March 2026 | The CAQ
• UK Corporate Governance Code 2024 – Financial Reporting Council
• Audit Committee Priorities for 2026 – BDO USA