The published Sarbanes Oxley
incorporates concepts and procedures to deter and to catch fraud in audits of
internal controls over financial reporting. However, the focus of financial
audits and financial reporting ultimately is concerned with providing
reasonable assurance that a material misstatement to financial statements has
not occurred, regardless of the reason.
Many in the public have questioned
why financial auditors do not detect more fraud. The general public believes
that a financial auditor would detect a fraud if one were being perpetrated
during the financial auditor’s audit. The truth, however, is that the procedures
for financial audits are designed to detect material misstatements, not
immaterial frauds.
While it is true that many of the
financial statements and frauds could have, perhaps should have, been detected
by financial auditors, the vast majority of frauds could not be detected with
the GAAS of financial audits. Reasons include the dependence of financial
auditors on a sample and the auditors’ reliance on examining the audit trail
versus examining the events and activities behind the documents. The latter is
simply resource prohibitive in terms of costs and time.
There are some basic differences
today between the procedures of fraud auditors and those of financial auditors.
Fraud auditors look behind and
beyond the transactions and audit trail to focus on the substance of the
transactions instead. The fraud auditor doesn’t question if there is a prudent
internal control in place. It does not question if the accounting process
comply with the accounting standard, either. But it rather question about:
- Where are the weakest links in this system’s chain of controls?
- What deviations from conventional good accounting practices are possible in this system?
- How are off-line transactions handled, and who can authorize such transactions?
- What would be the simplest way to compromise this system?
- What control features in this system can be bypassed by higher authorities?
- What is the nature of the work environment?
Another difference is the current
status of technical guidance combined with research on frauds. Frauds can be
divided into three main categories: (1) financial frauds, (2) asset
misappropriations, and (3) corruption (ACFE fraud tree). Financial frauds are
typically perpetrated by executive management and average millions of dollars
in losses.
According to a recent KPMG Fraud
Survey, that average is about $258 million. Generally speaking, therefore,
financial frauds are likely to be material, and thus financial audit procedures
have the potential to detect them—because they would be a material
misstatement, due to a material fraud.
However, those who might be
responsible for fraud audits internal to the firm could be constrained or
thwarted in detecting the fraud because executives are in a position to hide
the fraud or misdirect fraud auditors’ efforts. Cynthia Cooper argues that at
WorldCom she was thwarted from doing her job as internal auditor, but she
eventually did uncover the financial fraud being perpetrated there.
Next, let’s have a look at financial
auditors, fraud auditors and forensic accountants.
Hello, my name is Jack Sparrow. I'm a 50 year old self-employed Pirate from the Caribbean.
No comments