Should detecting fraud or other major infractions be part of an auditor's professional duty of care or is it a step too far?
By Nina Hendy
Director and national head of Fraud & Forensic Services, Australia, RSM
No, in short. This is a question that is often asked and an area that is often misunderstood. A leading global fraud study from the Association of Certified Fraud Examiners (ACFE) reveals that as a means of detecting fraud, external audit only features in 3 per cent of detected fraud cases.
The top three methods by which fraud is detected are tip-off, internal audit, and management review. External audit is not designed to detect fraud.
One component of the external audit process is to assess the risk of material fraud and be aware of the potential for it, then take that into account when designing, planning and undertaking an external audit. Testing for fraud risk usually means a multi-million dollar threshold, not transactional, smaller dollar-sized immaterial frauds or multiple fraud methods by a single fraudster.
"... an auditor is a watchdog, not a bloodhound." Roger Darvall-Stevens
Companies are more prudently focusing on bolstering their whistleblower or tip-off avenues, such as the internal audit function, if they have one, and ensuring management review of transactions is effective. This complements professional, sceptical management, and external auditors.
In short, an auditor is a watchdog, not a bloodhound.
James Madden CPA
Director, Madden Partners
What would holding auditors liable for failing to detect fraud actually achieve? [More] frauds would be detected, but it would most definitely result in a much more disruptive and far more expensive audit process, and potentially turn people off entering an already dwindling profession.
Because time available to spend on an audit is capped and testing cannot go on indefinitely, the auditor employs a risk- based approach when conducting audit testing, which means not everything is looked at. Auditors use their professional judgement, experience and the accounting standards to focus the audit and provide an opinion based on what they have seen. This gives the client some reassurance, without bankrupting them.
Due to its inherently illegal nature, fraud is almost always hidden or disguised, making it very difficult to detect. Even if the auditor was to double or triple the sample size, it would not guarantee a transaction indicating wrongdoing would be selected. If the auditor looked at every transaction comprising the financial statements, the cost would likely far outweigh the dollar value of the fraud committed.
"If fraud is discovered after the audit, the auditor doesn't just shrug and walk away." James Madden
If fraud is discovered after the audit, the auditor doesn’t just shrug and walk away. Registered company auditors (RCAs) are answerable to the Australian Securities and Investments Commission (ASIC), which has the power to strip an auditor of registration.
Put bluntly, the threat of losing your ability to generate income by using your skill set is a much darker prospect than having to make a claim against indemnity insurance.
Applying the auditing standards. This course provides comprehensive coverage of the auditing standards and how to communicate, document and apply the requirements, including key audit matters, enhanced auditor reporting and review engagements.
Claire Grayston CPA
Policy adviser – audit and assurance, CPA Australia
The governing body and management of the entity hold primary responsibility for prevention and detection of fraud, so blame cannot be placed automatically or solely on the auditor. The auditor should be liable only if inadequacies in their audit resulted in failure to detect the fraud.
If fraud was perpetrated during a period covered by the auditor’s report on the entity’s financial statements, but not detected before the report was signed off, the auditor should be liable in certain circumstances. However, it would not be reasonable for the auditor to always be liable.
Primarily, it will depend on whether failure to detect the fraud was due to shortcomings in the auditor’s work.
An auditor’s role is to form an opinion about whether the financial report as a whole is free from material misstatement, whether due to fraud or error. The auditing standards provide the legal requirements for the conduct of an audit, which is intended to provide reasonable but not absolute assurance that the financial report contains no fraud or errors. It is not a guarantee. The magnitude of any fraud, whether there was collusion and the sophistication of any concealment, will have a significant impact on whether the audit procedures are likely to identify that fraud.
"The auditor should be liable only if inaduacies in their audit resulted in failure to detect the fraud." Claire Grayston CPA
Due to these factors, the auditor is less likely to detect a fraud than an error, but the auditor still needs to be sceptical and identify and address the risks of fraud.
Roger Darvall-Stevens is a partner and director of RSM in Australia
. He has over 25 years’ experience in forensic investigations and forensic accounting; fraud; bribery and corruption control; related training; forensic IT; compliance (including foreign bribery and corruption risk); and corporate security. Darvall-Stevens started his career with the Victoria Police, and spent 13 years with EY as a partner in fraud investigation and dispute services, before joining RSM.
James Madden CPA
James Madden is a director of cloud-based accounting and audit firm, Madden Partners
. He has worked as an accountant for over 10 years, focused primarily on not-for-profit audits. Madden is a CPA Australia member, belongs to the National Accountants and Tax Association (NTAA), and is also a CAANZ member.
Claire Grayston CPA
Claire Grayston is policy adviser – audit and assurance, at CPA Australia
. She is responsible for monitoring, influencing and contributing to public policy, regulation, standard setting and implementation of audit and assurance practice both within Australia and internationally. Grayston focuses on improving audit and assurance quality, through communication, education and resources, and supporting the future relevance and value of audit, through outreach, thought leadership and innovation.
Are you distrusting enough to be a great auditor?