Winning a case against an auditing firm when there is a sizeable fraud (such as the Koss Corp. embezzlement) or the collapse of a Ponzi scheme (such as the Bernie Madoff case) is not easy. Simply because there is a fraud, a business failure, or a pyramid scheme collapse, the auditors are not necessarily at fault. The auditors may have carried out their professional responsibilities exactly as they should have, but they still did not uncover the fraud.
How does a fraud go undetected by auditors? The first thing to remember is that audits are not designed to find fraud, so they rarely do. Equally important, is the fact that frauds are deliberately (and often effectively) covered up by those perpetrating them. Particularly in the case of executives embezzling or perpetrating financial statement fraud, they are keenly aware of exactly how the auditors do their work, and take careful steps to avoid detection.
Technically speaking, auditors are not engaged to find fraud. They are engaged to give an opinion on the financial statements, and whether they are fairly stated. The auditors are required to perform certain procedures related to fraud, essentially assessing the risk of fraud and increasing the testing of the financial statements as there is a greater perceived risk of fraud. The auditors are not specifically engaged to (or expected to) find fraud, under the current auditing standards.
However, the auditors are still required to carry out their professional responsibilities and complete all testing properly. If they didn’t carry out these responsibilities, then we have to determine whether that failure affected their ability to find fraud. We must assess whether they would have found the fraud if they had fulfilled all their duties.
Here is an example from a case on which I was retained to examine the auditors’ working papers and files to determine whether or not they failed to fulfill their professional responsibilities…
An organization had a large theft of cash receipts from donors. The first question I asked as a forensic accountant and expert witness was, “How could the auditors have discovered the fraud?” There were several areas of the audit to investigate, and I ended up zeroing in on the testing of cash receipts. What I turned up was disastrous for the auditors.
Typically the testing of cash receipts is fairly straightforward and difficult to screw up. Not so for these auditors. In this case, there was documentation regarding the amount of cash collected. The auditors attempted to trace those cash collections to the bank statements to verify that the funds received were actually deposited.
The bookkeeper retained the records which accurately showed the amount of cash received. She stole the cash, and therefore didn’t deposit the cash to the bank. She didn’t alter or destroy any records, however. A simple comparison of the cash receipts records and the bank statements showed that there was missing cash.
The auditor saw that the cash receipts records did not match the bank statement and asked the bookkeeper why. She told him that sometimes they combined more than one day of cash receipts when making deposits, so the amounts didn’t match. He accepted this explanation and did no further testing or verification.
The auditors had a duty to verify the representation of the bookkeeper in some way, but they did nothing more. If they had examined things more closely, they would have seen the following:
Cash receipts records Day 1: $15,000
Cash receipts records Day 2: $21,000
Bank deposit that week: $9,500
You can see that the bookkeeper’s explanation can’t possibly be true. The bank deposit that week was less than any single day’s cash receipts, so it is obvious that none of the cash receipts could have been combined.
In this case, the auditors were clearly responsible for missing the fraud. Had they discovered the fraud during their first audit after the embezzlement scheme started, the organization would have lost far less to this dishonest employee.
(Note too, that even if the auditors do everything right when they’re auditing something like cash, a fraud may still go undetected.)
Of course, determining whether auditors have any liability for a botched audit isn’t always so easy. Depending on where in the financial statements a fraud is buried, there may be many factors that come into play when assessing liability. For example, overstatement of certain assets or manipulation of reserve accounts might not be so easy to prove, since the balances of these accounts often rely on estimates, assumptions, and the judgment of management. These fall into a gray area in which it is not so simple to assign blame.