In this chapter:
- Analytical Review
- Key Financial Ratios
- Write-offs, Adjustments, and Miscellaneous
- Manual Disbursements
- What about Financial Statement Audits?
- Looking for Fraud in Little Things
Is your company looking for fraud? Do you think that your financial statement auditors are looking for fraud? Think again. Financial statement auditors are not designed to detect fraud, and therefore they very rarely find fraud.
From the book:
Many consumers, investors, professionals, and users of financial statements mistakenly believe that financial statement audits performed by independent accounting firms are akin to fraud investigations. They think that if fraud is present, an audit will find it. After all, what else are they paying for, if not to find fraud?
The financial statement audits done by external auditors are not designed to detect fraud, plain and simple. Audits of financial statements really do two things, when you break them down to the most basic objectives: (1) they double check the math to see whether everything has been added and subtracted correctly; and (2) they make sure that Generally Accepted Accounting Principles (GAAP) have been correctly applied. That may not sound like much, but that is what audits are. Audits were never designed to detect fraud.
Now, you are wondering why audits are not changed so that they become more effective at detecting fraud. That is easier said than done. The bodies that govern the work of auditors have not done that, and probably will not do it anytime soon. Audits have a specific purpose, and that purpose is largely being fulfilled by the work done by today’s auditors. There is no pressure to change that. Even the Sarbanes-Oxley Act, which was intended to make audits more effective and therefore give investors greater confidence in the financial statements of public companies, really has not done much to decrease fraud.
In conjunction with Sarbanes-Oxley, accounting and auditing bodies took some steps to address the issue of fraud. Statement on Auditing Standards No. 99: Consideration of Fraud in a Financial Statement Audit was issued in 2002 by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). It became effective for audits of financial statements for periods beginning on or after December 15, 2002. In general, this statement requires auditors to do a little more work regarding the issue of fraud. It does not, however, make auditors responsible for detecting fraud. Auditors are required to:
- Consider the risks and potential for fraud prior to the audit.
- Have a brainstorming session to come up with ways that fraud might be perpetrated and concealed at the company.
- Consider the results of analytical procedures, and determine whether any of them could be indicative of irregularities or fraud.
- Exercise professional skepticism when considering the potential for fraud.
- Inquire with management and key employees to determine whether there have been lapses in internal controls that could lead to fraud.
- Think about the evidence gathered during the audit and decide whether there may be indications that fraud has occurred.
If these points seem insignificant, that is because they largely are. These are, quite frankly, things that auditors should do anyway. Auditors should already be planning engagements in a way that addresses the risk of fraud and misstatements in the financial statements. Information developed during audit planning and performance that suggests fraud might have occurred should be examined further. This standard does nothing more than repeat the auditor’s responsibility to do his or her job, yet doesn’t really require the detection of fraud. This standard essentially says that if an auditor finds something that might be linked to fraud, it should be dealt with. And if nothing is found, that is okay, too.
These steps have not really protected the users of financial statements from fraud any more than they were protected before. The new standards were largely window dressing, meant to give the general public greater comfort that something was being done. In reality, little has changed. So, to suggest that financial statement audits can negate the need for fraud investigations could not be further from the truth.
Audits have a small place in a company’s management of the accounting and financial statement process. They can have a slight deterrent effect when it comes to fraud, because employees who are typically honest will fear that an audit might catch any wrongdoing that they are contemplating. But audits do not directly address fraud, and any company interested in preventing and detecting fraud must do much more than just have an annual audit. They must take proactive steps to both prevent fraud and seek out instances of fraud. Companies must not use audits as their chief fraud prevention and detection effort.