ECCTA failure to prevent fraud: a guide for internal audit
Internal audit provides the independent assurance that fraud-prevention procedures are not just designed but operating. DefenceFile gives audit a discoverable evidence trail to test against, rather than a document hunt across the business.
The sample board pack opens in your browser — no email, no form.
What you are accountable for
You provide independent assurance over the design and operating effectiveness of fraud-prevention procedures, and your testing is itself part of the monitoring evidence.
The worries
- Testing controls means chasing evidence scattered across teams and tools
- No clear trail of what was reviewed, by whom, and when
- Demonstrating the third-line view fed back into the programme
How the defence file helps
- Test fraud-prevention controls against a discoverable evidence register
- Trace associated-person attestations and due-diligence records to source
- Record audit findings and follow-ups as part of the monitoring trail
- Evidence that assurance work informed the risk assessment and procedures
Evidence to prioritise
A reviewable evidence register to sample and test against
Audit trail of reviews, decisions, and follow-ups
Records linking assurance findings back to procedure changes
Head of Internal Audit questions
- How does internal audit use a defence file?
- As a single, dated source to test the design and operation of fraud-prevention procedures, and to evidence the third-line view. DefenceFile organises the record; the assurance opinion remains internal audit's.
- Does this replace audit judgement?
- No. The platform makes evidence discoverable and review-ready; it does not form opinions, certify controls, or decide whether procedures were reasonable.
- Can we export evidence for the audit committee?
- Yes — a sign-off-gated board pack and CSV exports make the trail portable. It organises the evidence; it does not provide legal advice.
For other roles
- Chief Risk OfficerHow CROs own the fraud risk assessment and monitoring for the ECCTA offence and keep the evidence reviewable in a defence file.
- Audit Committee ChairHow audit committee chairs and NEDs evidence oversight and challenge of ECCTA fraud-prevention procedures.
- Company SecretaryHow company secretaries evidence board commitment and governance for the ECCTA failure-to-prevent-fraud offence — a reviewable defence file.
Keep going
- Failure to prevent fraud: the offence explainedThe statutory offence, the size test, and what a defence file is for.
- Reasonable proceduresHow the six principles map to evidence you can organise.
- Straight answersSourced answers on scope, penalties, and the defence.
- Pricing and pilotsHow a structured pilot review of your evidence works.
DefenceFile organises evidence for legal and compliance review. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed.