Two weeks ago, I wrote a short piece on the possibility of PCAOB requiring public companies to rotate auditors on a regular basis. Today’s article delves more deeply into the topic, and more clearly lays out the reasons why it won’t work…. and this time I even included independent statistics.
This article was written for an organization that invited me to write about fraud for one of their monthly e-newsletters for corporate finance professionals. The article was rejected because it appeared to criticize the organization and the audit process. Apparently, offering ideas on what might be wrong with audits or how to improve audits is not allowed. Thus, I am publishing the article here.
In August, the Public Company Accounting Oversight Board (PCAOB) floated the idea of requiring companies to switch auditors every 5 to 10 years. It has been suggested that forced auditor rotation would make audits more effective. Essentially, a new auditing firm would equal a fresh set of eyes, resulting in a more skeptical audit.
More than 625 comment letters were sent to PCAOB from CFOs, controllers, chief accounting officers, and audit committee chairs. The comment period has now been extended through April 22, in order to allow comments following the March 21 and 22 PCAOB public meeting on ways to increase auditor independence, objectivity, and skepticism.
Opponents to this possible new rule says that forced rotation of auditors will create new problems, such as the difficulty with new auditors understanding complex companies and the cost and time incurred with each auditor change. Large companies would also be limited in their auditor choices, as many already use two of the Big Four firms for auditing and consulting services. This would leave a choice between only two other big audit firms when it is rotation time.
The Real Problem
The PCAOB’s idea is misguided because the problem with audits is not the length of time the auditor is engaged by a company. The problem is a fundamental deficiency in audits as we know them: Audits have never been designed to detect fraud. Unless the process of auditing is changed drastically, audits will never detect fraud with any great regularity.
For decades, audits have been geared toward verifying the math and adherence to Generally Accepted Accounting Principles (GAAP). While auditors are required to assess internal controls, consider fraud risks, and design audit tests in accordance with the level of assessed risk, this has proven inadequate to detect fraud in the financial statements.
One only has to look at the almost daily headlines about embezzlement by executives and fraudulent misstatements of financial results for proof. Companies reporting these frauds, by and large, have annual independent audits and quarterly reviews of financial statements. Yet such fraud schemes have been carried out for years at a time before being discovered.
Research by the Association of Certified Fraud Examiners supports the notion that financial statement audits are not effective at finding fraud. In the most recent Report to the Nations on Occupational Fraud and Abuse, external audits were responsible for detecting only 4.6% of the frauds examined in the underlying study. This was in spite of the fact that in more than 76% of the cases studied, the victimized organizations had regular external audits.
Further, 31.5% of fraud examiners participating in the study stated that external audits were “very important” in detecting or limiting the fraud. This demonstrates the disconnect between the perception of the effectiveness of audits in detecting fraud and the reality. Even though independent audits detected only a tiny portion of the frauds, the fraud investigators still thought they were very important to doing so.
If this kind of disconnect exists with those investigating fraud, it is likely even worse for management and outside investors. Despite boiler plate disclaimers on the auditors’ responsibility for detecting fraud, and the independent evidence that demonstrates over and over that audits do not regularly find fraud, users of financial statements still appear to expect that external auditors can and will find fraud.
Nearly a decade after the enactment of Sarbanes-Oxley, audits are not measurably better at preventing and detecting fraud. The investing public, however, still seems to believe that auditors can and will find fraud in their financial statement audits. They have been lulled into a false sense of security, wrongly believing that Sarbanes-Oxley has decreased the instance of fraud and increased the discovery of frauds by external auditors.
This proposed change by the PCAOB will do nothing to enhance audits. Rotating auditing firms every 5 to 10 years will not increase the probability that fraud will be detected during financial statement audits. Only a drastic change to the process of independent audits can make a real difference in the rate of fraud detection.
Maybe the answer is not in changing audits, as we have seen that even with costly changes and monitoring of auditing firms, the process is not measurably better at stopping fraud. Maybe the answer is in developing an alternative requirement for companies, such as regularly engaging fraud-focused consultants to perform procedures specifically designed to detect fraud.
A new process with a specific focus on fraud could help companies better prevent and detect fraud. Companies could voluntarily participate in fraud prevention and detection activities, but experience has shown us that an “optional” process like this is often overlooked while companies are busy focusing on expensive mandatory regulations. Maybe new regulations are needed to force companies to address fraud head-on, and those should not be rooted in the old and ineffective process of financial statement auditing.
Tracy L. Coenen, CPA, CFF, is a forensic accountant and fraud investigator with Sequence Inc. in Milwaukee and Chicago. She has conducted hundreds of high-stakes investigations involving corporate embezzlement, financial-statement fraud, securities fraud, investment fraud, tax fraud, and criminal defense. Coenen is the author of Expert Fraud Investigation: A Step-by-Step Guide and Essentials of Corporate Fraud, and has been qualified as an expert witness in both state and federal courts.