When a company discovers an internal fraud, it’s not uncommon for owners and management to look for a party to blame. After all, someone should have known that a fraud was in-progress, right? Often, the blame is cast in the direction of the auditors.
The auditors are an easy target. Not only do they usually have professional liability insurance policies to fall back on, the auditors initially seem like the logical culprit.
Management often believes that the auditors worked very closely with the financial information; therefore, they should have discovered the fraud.
The mistake management makes is in believing that a financial statement audit will find fraud. It’s understandable that owners and management want audits to find fraud, and sometimes the audits do find fraud. But the reality is that financial statement audits are not designed to detect fraud, and so they most often do not uncover wrongdoing.
Financial statement audits by independent accountants are generally aimed at accomplishing two things. First, auditors attempt to determine if the accounting rules have been properly applied to the company’s financial statements. (Have the debits and credits been made correctly?) Second, an audit is a basic check of the math. (Do the debits and credits add up?)
Auditors make no assurances about whether or not fraud exists in a company. If fraud is found by the auditors, they are required to report it to management. But they aren’t responsible for finding fraud as one of their primary duties.
Getting Away With Fraud
It’s not really difficult for employees to get away with fraud right under the noses of the auditors. Typically, the auditors doing the bulk of the field work on an audit are young and inexperienced. They are not necessarily well-equipped to recognize the signs of fraud.
Management has plenty of opportunities to conceal fraud by using accounts that require a great deal of judgment, estimates, and specialized knowledge. Accounts such as warranty reserves, research and development expenses, and discontinued operations are not necessarily understood by auditors.
The auditors rely on management to be forthright in explaining these accounts and the estimates used in establishing the account balances. It’s easy for management to mislead the auditors or provide incomplete information, both of which can facilitate fraud.
There are many risks and many ways to exploit the auditors and their lack of knowledge of the inner-workings of a company and its accounting system. Even the best audit procedures often fail to find fraud because of active concealment by employees. Add in the element of social engineering that could be used to manipulate auditors and their work, and it’s likely that a corporate fraud will not be detected.
Although it’s easy to point the finger at the auditors when a fraud is finally uncovered, proving that the firm was to blame for not finding it sooner is not so easy. Again, the purpose of an audit is not to find fraud, and the auditors typically make many disclaimers about their responsibility in this regard.
It’s also important to remember that the perpetrator of a fraud scheme is generally taking steps to hide the fraud. An employee who is familiar with the auditors and their work may have an easier time effectively covering up after the theft. These overt acts to conceal a fraud make it even more difficult for auditors to detect fraud.
The auditing firm that carefully completes all necessary audit procedures and follows up on questionable transactions or documentation will be less likely at fault for not discovering a fraud. But even if an auditor did nothing wrong in the performance of the audit, that may not stop a victimized company from accusing the auditors of malpractice.
There are times when the auditors fail in their work. If the auditors have failed to properly perform audit procedures or fail to follow up on discrepancies discovered, they may end up being accused of malpractice and ultimately held responsible for not detecting a fraud scheme.
It is unlikely that the scope and purpose of financial statement audits will change anytime soon. Therefore, it’s important for management to be proactive in finding other ways to detect and prevent fraud in their companies. Audits have their place in the business world, but management cannot mistakenly believe that audits will find fraud.
Auditors don’t really have an incentive to change their process to increase the chances of finding fraud. Doing so would create a greater burden for them, and the firms may not wish to take on that additional risk.
Since companies should not rely on audits to find fraud, they should look toward better fraud prevention efforts. That includes strengthening internal controls, and designing those controls to address fraud risks. Management must be proactive in the fight against fraud, and should not wait for a fraud to be discovered to take action.