Auditors think about how fraud affects audit clients, but could it be that fraud might affect auditors? After all, auditors do have responsibility for detecting fraud. In this article, I show how undetected theft can adversely affect audit firms.
The Phone Call
An audit client discovers, through an inside tip, an employee fraud and you, the audit engagement partner, receive the following phone call:
“George, we just found out our controller has stolen about $70,000 per year for the last three years. Since you guys have been doing our audit, I thought I’d call and discuss what we need to do.” The caller does not verbally say it, but he intimates, “where were you guys?” and “how are you going to resolve this?”
Your first thought is this amount is immaterial, and you begin to explain that audits are not designed to detect immaterial fraud–the first time your client has ever heard these words. It sounds technical, evasive, and hollow. Your client is thinking, “what did I pay you for?” as you are reading his mind and thinking, “not for this.”
The First Mistake
The first mistake is not clearly explaining to your client what an audit is, and, more importantly, what it is not.
The Association of Certified Fraud Examiners’ (ACFE) biennial fraud survey notes that most frauds have a life of about 18 months before they are detected, and less than 10% of frauds are detected by external audits. Even if the external auditor is performing the engagement in accordance with generally accepted auditing standards, the procedures are designed to detect material fraud, something your client needs to know before you start the audit.
Your client files a claim with his insurance company in order to recoup the stolen funds, and, at this point, the insurance company contacts you and asks, “may we have a copy of your internal control letter?” You’ve known all along that there were significant deficiencies in controls, but you’ve been afraid to communicate the weaknesses in writing, knowing that doing so might jeopardize your relationship with management (the guys and gals who hired you).
The Second Mistake
The second mistake is not communicating all significant weaknesses and material weaknesses in writing.
Now things go from bad to worse: the insurance company sues your firm and subpoenas your work papers as they prepare to take you to court. The insurance company’s attorney obtains copies of your fraud work for the last three years, and he notes that the three respective audit files have the same fraud inquiry form. All three annual fraud forms reflect your CPA firm interviewed the same two management personnel who noted, “the company has high ethical standards and there are no known ways to commit fraud.” No other fraud work exists in the files.
In the deposition, the insurance company’s attorney asks you four times, “did you perform any fraud tests other than inquiring of management?” Now you wish you had.
The Third Mistake
The third mistake is inquiring of the same personnel year after year and not performing an annual fraud test (at least one).
You now resolve to do the following on all future audits:
- Resolved – I will explain to my client that an audit does not address immaterial fraud.
- Resolved – I will communicate all significant control deficiencies and material weaknesses in writing.
- Resolved – I will perform at least one new fraud test each year (and those tests will relate to control weaknesses noted in planning walk-throughs and inquiries); additionally, I will perform fraud inquiries of different personnel each year.
More Fraud-Related Articles
For more information about fraud detection and prevention, check out my list of articles here.
If you are looking for examples of fraud tests (that you can use in your audits), check out:
Comment from Stephen Pedneault
Stephen Pedneault, the principal of Forensic Accounting Services, made the following comment about the above article:
You truly have to live through one of these phone calls from a client to appreciate what happens when this occurs. I completely concur that better auditor communications up front during the planning phase, long before fieldwork starts, would decrease the risk a client’s expectations are beyond what an audit can accomplish (and detect). Documented for your files, the conversation you had with your client will help “remind” the client, who is now enraged and reacting emotionally versus rationally due to the discovered fraud, that you discussed the associated audit risks. The representation letter your client signed will augment your defense should your client commence litigation, which is becoming more and more commonplace. Your best defense – avoidance altogether. Perform fraud-related tests as part of your audit.
Stephen has written several fraud books that are available on Amazon. Check him out here.
Learn from the CPA Scribo newsletter!
Get my free weekly accounting and auditing digest with the latest content.