In recent years, the importance of good corporate governance has received significant public and regulatory attention. A crucial part of an entity's corporate governance is its internal audit function. At the same time, there has been significant public concern about the level of fraud within organizations. The purpose of this study is to assess whether organizations with an internal audit function are more likely to detect and self-report fraud than those without. In this study, we use a unique self-reported measure of misappropriation of assets fraud for the first time. The fraud data are from the 2004 KPMG Fraud Survey, which reported fraud from 491 organizations in the private and public sector across Australia and New Zealand. The internal audit data are from a separate mail survey sent to the respondents of the KPMG Fraud Survey. We find that organizations with an internal audit function are more likely than those without such a function to detect and self-report fraud. Furthermore, organizations that rely solely on outsourcing for their internal audit function are less likely to detect and self-report fraud than those that undertake at least part of their internal audit function themselves. These findings suggest that internal audit adds value through improving the control and monitoring environment within organizations to detect and self-report fraud. These results also suggest that keeping the internal audit function within the organization is more effective than completely outsourcing that function.