Almost two years ago, I wrote about a PCAOB proposal that would require companies to rotate auditors every 5 to 10 years. The theory was that forcing companies to change auditors regularly would make audits better, because fresh eyes on the books every few years would mean a more skeptical audit.
My position was that it doesn’t matter how long an auditor worked on the same engagement. Instead, the problem is audits themselves. Audits have never been designed to detect fraud. Thus, audits rarely find fraud. I wrote previously:
Research by the Association of Certified Fraud Examiners supports the notion that financial statement audits are not effective at finding fraud. In the most recent Report to the Nations on Occupational Fraud and Abuse, external audits were responsible for detecting only 4.6% of the frauds examined in the underlying study. This was in spite of the fact that in more than 76% of the cases studied, the victimized organizations had regular external audits.
Further, 31.5% of fraud examiners participating in the study stated that external audits were “very important” in detecting or limiting the fraud. This demonstrates the disconnect between the perception of the effectiveness of audits in detecting fraud and the reality. Even though independent audits detected only a tiny portion of the frauds, the fraud investigators still thought they were very important to doing so.
If this kind of disconnect exists with those investigating fraud, it is likely even worse for management and outside investors. Despite boiler plate disclaimers on the auditors’ responsibility for detecting fraud, and the independent evidence that demonstrates over and over that audits do not regularly find fraud, users of financial statements still appear to expect that external auditors can and will find fraud.
Unless the process of auditing is changed substantially, the rate of detection of fraud during audits will not increase in any meaningful way. And Sarbanes Oxley has proven that regulations don’t make auditors better at preventing and detecting fraud.
So it is interesting that PCAOB has abandoned the idea of auditor rotation. Maybe PCAOB could instead focus on figuring out what would make audits more effective when it comes to finding fraud?