Fraud Stings Auditor

An audit client discovers, through an inside tip, an employee fraud and you, the audit engagement partner, receive the following phone call:

“George, we just found out our controller has stolen about $70,000 per year for the last three years. Since you guys have been doing our audit, I thought I’d call and discuss what we need to do.” The caller does not verbally say it, but he intimates, “where were you guys?” and “how are you going to resolve this?”

iStock_000007701361XSmall.jpg

Your first thought is this amount is immaterial, and you begin to explain that audits are not designed to detect immaterial fraud – the first time your client has ever heard these words. It sounds technical, evasive, and hollow. Your client is thinking, “what did I pay you for?” as you are reading his mind and thinking, “not for this.”

The first mistake: Not clearly explaining to your client what an audit is, and, more importantly, what it is not.

The Association of Certified Fraud Examiners’ (ACFE) biennial fraud survey notes that most frauds have a life of about 18 months before they are detected, and less than 10% of frauds are detected by external audits. Even if the external auditor is performing the engagement in accordance with generally accepted auditing standards, the procedures are designed to detect material fraud, something your client needs to know before you start the audit.

Your client files a claim with his insurance company in order to recoup the stolen funds, and, at this point, the insurance company contacts you and asks, “may we have a copy of your internal control letter?” You’ve known all along that there were significant deficiencies in controls, but you’ve been afraid to communicate the weaknesses in writing, knowing that doing so might jeopardize your relationship with management (the guys and gals who hired you).

The second mistake: Not communicating all significant weaknesses and material weaknesses in writing.

Now things go from bad to worse: the insurance company sues your firm and subpoenas your work papers as they prepare to take you to court. The insurance company’s attorney obtains copies of your fraud work for the last three years, and he notes that the three respective audit files have the same fraud inquiry form. All three annual fraud forms reflect your CPA firm interviewed the same two management personnel who noted, “the company has high ethical standards and there are no known ways to commit fraud.” No other fraud work exists in the files.

In the deposition, the insurance company’s attorney asks you four times, “did you perform any fraud tests other than inquiring of management?” Now you wish you had.

The third mistake: Inquiring of the same personnel year after year and not performing an annual fraud test (at least one).

Lessons Learned

You now resolve to do the following on all future audits:

  1. Resolved – I will explain to my client that an audit does not address immaterial fraud.
  2. Resolved – I will communicate all significant control deficiencies and material weaknesses in writing.
  3. Resolved – I will perform at least one new fraud test each year (and those tests will relate to control weaknesses noted in planning walk-throughs and inquiries); additionally, I will perform fraud inquiries of different personnel each year.

Fraud-Test Ideas

If you need fraud-test ideas, I will offer some detailed suggestions in my next blog post.

Learn from the CPA Scribo newsletter!

Get my free weekly accounting and auditing digest with the latest content.

Powered by ConvertKit

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 thoughts on “Fraud Stings Auditor

  1. You truly have to live through one of these phone calls from a client to appreciate what happens when this occurs. I completely concur that better auditor communications up front during the planning phase, long before fieldwork starts, would decrease the risk a client’s expectations are beyond what an audit can accomplish (and detect). Documented for your files, the conversation you had with your client will help “remind” the client, who is now enraged and reacting emotionally versus rationally due to the discovered fraud, that you discussed the associated audit risks. The representation letter your client signed will augment your defense should your client commence litigation, which is becoming more and more commonplace. Your best defense – avoidance altogether. Perform fraud-related tests as part of your audit.

    • Stephen, Yes, there is a great deal of emotion, especially when a fraud has just been discovered. The upfront communication really helps when fraud appears. I agree that the performance of fraud-related tests is also critical. Thanks for the comment.