Auditors Play Key Role in Deterrence and Detection of Fraud

Internal auditors also have professional standards (IIA standards 1210.A2) requiring them to have sufficient knowledge to evaluate the risk of fraud and the manner by which it is managed within an organization. Those auditors also assist management in the design and implementation of systems and procedures to protect the organization’s assets.

Herein lies the problem: Although an auditor may be qualified in assessing risks and identifying where a fraud might occur, most don’t know how to recognize the indicators of fraud, primarily because they have never seen the patterns of a real scheme. Moreover, auditors have not been taught how a fraud occurs nor how a fraudster might attempt to hide their tracks and dupe the auditor.

My granddaughter loves to play the game “Spot the Differences Between These Two Pictures,” in which she is looking for differences (or anomalies). As auditors we are not playing a game – we are looking at facts and must be keenly aware of anomalies.

This game mirrors a critical element in our field: we must know what fraud looks like – it truly is an anomaly. Without designing our plan and projecting our course, we are like a boat on the ocean without a rudder or a compass.

In my presentation at the 29^th Annual ACFE Global Fraud Conference in June 2018, I asked my classes a candid question: after hearing a story of a fraud discovery at another organization, did they have a sinking feeling that such a scheme might be occurring at their organization? Even worse — had they missed the signs? Everyone acknowledged they had experienced this genuinely frightening feeling. This circumstance should cause everyone to pause and question: has identifiable fraud occurred at my organization?

In the 2016 case of Livent, Inc. v. Deloitte & Touche, a Canadian court upheld a 2014 decision by the Ontario Superior Court. The court had ordered Deloitte & Touche to pay $118 million in damages (later reduced to $40.5 million by the Supreme Court of Canada) for breaching its duty of care owed to the investors of the theater company in its work as auditor. The judge ruled:

“It is more likely than not that a careful and objective investigation in Livent’s financial statements, pursued with ‘an attitude of professional skepticism,’ would have revealed the fraud.”

In 2018, a federal judge ruled that PricewaterhouseCoopers, LLP must pay $625 million in damages in the case of Colonial BancGroup Inc. and the FDIC v. PricewaterhouseCoopers LLP. This judgment is the largest ever against an audit firm in the United States. The judge said that PwC:

“did not design its [Colonial Bank] audits to detect fraud and PwC’s failure to do so constitutes a violation of the auditing standards.”

Unfortunately for the investing public and business stakeholders, fraud schemes both large and small continue to proliferate. In spite of laws such as SOX enacted in 2002 and the new Committee of Sponsoring Organizations (COSO) model, organizations aren’t detecting fraud.

Professional standards don’t mandate that auditors resolve fraud or allegations of fraud. However, auditors can dramatically improve their abilities to recognize fraud indicators. This involves discovering where a fraud scheme may exist, and then applying additional procedures (such as calling in an expert if needed) to offer reasonable assurance that financial statements are free of misstatement due to fraud. Therein is the objective of all the laws and professional standards. The investing public and business stakeholders look for this assurance that financial statements are free of misstatement due to fraud and, clearly, the courts are ruling that auditors have a duty to offer this assurance.

Failures precipitated in accounting malpractice cases

My work in dozens of accounting malpractice cases where auditors failed to identify fraud has proven, in case after case, that auditors must be trained to identify fraud. In order to identify a fraud scheme, auditors should study actual occurrences of fraud with the goal of understanding how the scheme was perpetuated and learn to spot its distinguishing features. More importantly, auditors must learn how the fraudster fooled the other auditors.

In a recent case, I served as a testifying expert for the plaintiffs who were suing an accounting firm for accounting malpractice. This was due to the auditor’s failure to identify a massive fraud scheme. The scheme had been perpetuated over seven years, and had not once been detected by the auditors. At the end of the case one of the plaintiff’s attorneys asked me, “Are all auditors just dumb?”

The answer to that is quite simple — of course not! All accounting students study diligently and pass rigorous examinations. Often, we were the ones staying home studying and working on accounting problems while other students were out socializing.

In fairness to the attorney’s question, I’ve observed some rather foolish situations in lawsuits against CPAs. For example, I’ve seen auditors fail to:

1. Perform assessments to determine risk factors.
2. Perform procedures identified in their planning.
3. Test controls where they observed risks identified as significant.
4. Test controls or perform walkthroughs of significant accounts.
5. Properly supervise assistants who weren’t properly trained.

In these cases, the work of the auditors was clearly below the standard of care for their profession. Clients of auditors whose work falls below these standards will most likely, eventually, be sued. This means that the court may hold the auditors responsible for substantial damages. If auditors, on the other hand, are trained to identify fraud schemes and how auditors get duped, they would be more likely to identify potential fraud.

A Plan to Identify Fraud

According to AICPA professional standards AS 2110 and AS 2301, during the initial steps of planning an audit of financial statements, auditors must follow a process to identify risk factors. They then design tests to determine if management has instituted sufficient controls. In this planning stage, the standards require the auditor to consider whether identified risk factors and their examination indicate if misstatements indicative of fraud are evident. If so, the auditor must evaluate the implications.

The Association of Certified Fraud Examiners founder and Chairman Dr. Joseph T. Wells, CFE, CPA, has written extensively on this subject. In his classic book “Occupational Fraud and Abuse,” Dr. Wells identifies and details approximately four dozen fraud schemes in The Fraud Tree. Dr. Wells explains how these situations occur and describes their unique attributes. However, most auditors have never read a book like this. They have never seen examples of this kind of fraud, nor have they been trained in how the fraudsters duped the auditors.

It is our duty, therefore, to teach others about these schemes, give examples of how fraudsters have tricked auditors and share the warning signs of fraud. Once this becomes common knowledge in our profession, auditors will then begin to notice indications of fraud more clearly. Unless auditors understand that their job is to plan and perform procedures to detect fraud schemes, we cannot achieve reasonable assurance that financial statements are not materially misstated due to fraud.

How about you? Have you ever seen a real fraud? Have you witnessed the devastation, heartbreak and loss suffered by victims of a fraud scheme? Are you actively looking for indicators of fraud?

 ======

 

Ralph Q. Summerford, CPA, CFF, ABV, CFE, CIRA, CDBV, is the president of Forensic Strategic Solutions and has a broad range of forensic expertise, testifying as an expert witness in federal and state courts on matters involving complicated financial transactions, including fraud, economic damages, business valuation, bankruptcy and accountants’ malpractice. Summerford has served as an instructor for the AICPA, IIA and ACFE for over 20 years, and was the recipient of the ACFE’s 2010 Cressey Award. Contact him at ralph@forensicstrategic.com.