Fluent Essays

150-200 words  Explain the difference between the role of auditing, forensic accounting, and fraud examination. Discuss key characteristics of each, especially in relation to methodology used. Which role interests you most as a professional and why? In a follow up post, comment on a classmate’s interest and the interdependence your role and your classmate’s role may have in a professional setting.  book for the class:   Forensic Accounting and Fraud Examination Kranacher, J. M., & Riley, R. (2019). Forensic accounting and fraud examination (2nd ed.). Wiley & Sons. ISBN-13: 9781119494331 By Douglas R. Carmichael What’s the Real Difference? W hen an auditor has failed to detect a massive mis- statement of financial statements caused by fraud, the defensive refrain is often that “an audit of financial statements is not a fraud audit.” In this author’s view, this comparison improperly implies that an auditor of financial statements has no responsibility to detect fraud and erodes the public’s confidence in the quality and usefulness of independent audits. It can also mislead those evaluating the auditor’s conduct after a major undetected fraud, such as boards of directors and audit committees considering reappointment, judges and juries deciding liability, and even audit firms themselves evaluating their own culpability and determining whether firm policies and procedures ought to be revised. There is even greater significance for the integrity of the audit process; if the audit team’s view is that detecting fraud is not really an auditor’s job, then compliance with the requirements of auditing standards on fraud detection may become a rote exercise and not a focus of the audit. The purpose of this article is to clarify the true differences between an audit of financial statements and a fraud audit, and to dispel some of the myths that surround com- parisons of them. This article is not an attempt to fully explain or even summarize all aspects of fraud examinations and audits; rather, the focus is to explain how the responsibility to detect fraud differs between the two services. The Auditor of Financial Statements Has a Fraud Detection Responsibility It is indisputable that an auditor of financial statements has a fraud detection responsibility. Auditing Standard (AS) 1001, Responsibilities and Functions of the Independent Auditor, clear- ly states that “the auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the finan- cial statements are free of material misstatement, whether caused by error or fraud. Because of the nature of audit evidence and the characteristics of fraud, the auditor is able to obtain reason- able, but not absolute, assurance that material misstatements are detected.” A fair reading of this conceptual description of respon- sibility is that the auditor is required to obtain reasonable assur- ance that frauds which materially misstate the financial statements are detected. In other words, it is clearly a respon- sibility related to detection. The auditing standards describe reasonable assurance as a “high level of assurance” that is obtained when the auditor has obtained sufficient appropriate evidence to reduce the risk that financial statements are materially misstated to an “appropriately low level” (AS 1015.10 and 1101.2). In other words, there should be an appropriately low level of risk that a fraud which materially mis- states the financial statements will not be detected. Some auditors maintain that they have no responsibility to detect fraud. It is true that the auditor is not responsible for detection of all fraud; for the auditor to have any detection responsibility, the fraud must misstate the financial statements, and the misstatement must be material. The only other relevant stipulation is that the 48 FEBRUARY 2018 / THE CPA JOURNAL IN BRIEF Contrary to what many think, the typical audits of financial statements do entail certain responsibility for the detection of fraud. The author examines the differences between the conventional audit and the fraud audit, addressing some common misapprehensions and emphasizing some simi- larities. In his opinion, it is the duty of all auditors to be on the lookout for fraud. In FOCUS Audit Versus Fraud Examination 04-02-0108 Infocus_Carmichael.qxp_Layout 1 2/8/18 5:02 PM Page 48 FEBRUARY 2018 / THE CPA JOURNAL 49 04-02-0108 Infocus_Carmichael.qxp_Layout 1 2/8/18 5:03 PM Page 49 50 FEBRUARY 2018 / THE CPA JOURNAL In FOCUS level of assurance of detection is not abso- lute, and the auditor is not necessarily at fault just because the audit failed to detect a material misstatement. No professional, however, provides a guarantee of success in providing a professional service, includ- ing the service that is sometimes mistak- enly called a “fraud audit.” The two organizations that establish auditing standards in the United States— the PCAOB and the AICPA—have high- lighted the importance of the auditor’s fraud detection responsibility. The PCAOB, for example, has stated that “the auditor’s responsibility with respect to detection of a material misstatement caused by fraud is an important focus of the Board … the auditor should … assess risks and apply procedures directed specifically to the detection of a material, fraudulent mis- statement of financial statements … the detection of a material misstatement in the financial statements caused by fraud is an essential element of an audit” (PCAOB Release 2007-001, Observations on Auditors’ Implementation of PCAOB Standards Relating to Auditor’s Responsibilities With Respect to Fraud, Jan. 22, 2007, http://bit.ly/2CX6DeE). The AICPA’s Board of Directors has also stated that “the public looks to the independent auditor to detect fraud, and it is the auditor’s responsibility to do so” (Meeting the Financial Reporting Needs of the Future: A Public Commitment from the Public Accounting Profession, June 1993). Key Differences Between Auditors and Fraud Examiners The “fraud audit” is not a defined term or defined professional service; what is likely meant by this term is a fraud inves- tigation or examination. The Association of Certified Fraud Examiners (ACFE) explains that the term “fraud examination” “refers to a process of resolving allegations of fraud from inception to disposition, and it is the primary function of the anti-fraud professional” (2017 Fraud Examiners Manual). Earlier (pre-2014) editions of the manual contained an oft-cited chart com- paring an audit of financial statements to a fraud examination. That chart compared auditing versus fraud examination on the basis of timing, scope, objective, relation- ship, methodology, and presumption. This comparison’s primary shortcoming was its failure to probe how the two services differ with respect to responsibility for fraud detection or acknowledge the auditor’s own detection responsibilities. For example, the objective of an audit was described as “expressing an opinion on financial state- ments or related information,” while a fraud examination’s goal was “to determine whether fraud has/is occurring and to deter- mine who is responsible.” These descrip- tions are accurate as far as they go, but omit that auditing has the objective of detecting material misstatement of the financial statements caused by fraud. Because both services involve some level of responsibility for fraud detection, a meaningful comparison must differentiate the services within that area of overlap. It is not that the fraud examiner and auditor perform similar services, or have equivalent responsibility for fraud detection; the services are distinctly different, and are planned and performed to accomplish unique purposes. Rather, both have a responsibility to detect fraud, and the dif- ferences in the nature of that responsibility do not provide an excuse for an auditor’s failure to obtain reasonable assurance of detecting a material misstatement due to fraud. Predication. The Fraud Examiners Manual advises that “fraud examiners should begin a fraud examination only when there are circumstances that suggest a fraud has occurred, is occurring, or will occur, and they should not investigate beyond the available predication.” In other words, a fraud examination is undertaken when a fraud is known, alleged, or sus- pected. An audit of financial statements is undertaken with a different mindset; sus- picion of fraud is not necessary. The audit team is required to identify how and where the financial statements may be susceptible to material misstatement due to fraud, and the auditor is directed to “conduct the engagement with a mindset that recognizes the possibility that a material misstatement due to fraud could be present regardless of any past experience with the entity” (AS 2401.13–.18). The notion that the auditor was not required to perform procedures directed at detection of fraud unless circumstances aroused the auditor’s suspicions that fraud was occurring was articulated in auditing standards in 1960, was reversed to an extent in 1977, and consigned to the dust- bin of history in 1988. The conceptual description of the level of fraud detection responsibility has not changed since then, but the performance requirements directed specifically at detection of fraud have increased. For example, many of the required procedures in current auditing standards are forensic in nature and similar to those used by fraud examiners: “Such procedures involve the performance of sub- stantive tests of the application of methods and techniques that presume dishonesty at various levels of management, including override of controls, falsification of docu- ments and collusion” (Forensic Services, Audits, and Corporate Governance: Bridging the Gap, AICPA Discussion Memorandum, July 15, 2004, http:// bit.ly/2EC3JwB). No professional provides a guarantee of success in providing a professional service, including the service that is sometimes mistakenly called a “fraud audit.” 04-02-0108 Infocus_Carmichael.qxp_Layout 1 2/8/18 5:03 PM Page 50 FEBRUARY 2018 / THE CPA JOURNAL 51 Objective. The basic goal for most fraud examinations is to determine whether fraud occurred, and if so, who perpetrated it. A particular engagement may, however, have additional goals, such as to establish and secure evidence to be used in a criminal or other disciplinary action or to provide proof to recover losses from an insurer (2017 Fraud Examiners Manual). The objective in an audit of financial statements is to determine whether they are free of material misstatement, regardless of whether that misstatement is intentional or not; in other words, a fraud examiner’s priority is prov- ing the nature and extent of a particular fraud, but an auditor’s focus is detecting material misstatements. Implicit in this dif- ference are several other naturally resulting differences related to scope, methodology and professional standards, and the rela- tionship to stakeholders. Scope. An auditor’s scope is the com- plete set of financial statements presented, but a fraud examiner’s is established by the specific allegations of fraud, targeted to spe- cific accounts implicated by the predication, and has the objective of resolving the alle- gations by obtaining evidence that proves or disproves fraudulent activity. The bound- aries or extent of a fraud examiner’s inves- tigation may be limited to a specific subject matter, department, or geographic area at issue (2017 Fraud Examiners Manual). An auditor’s selection of significant accounts to examine is based on the assessment of the risks of material misstatement caused by either fraudulent activity or unintentional misstatement. Accordingly, an auditor’s work is significantly affected by the con- cept of materiality, but a fraud examiner’s scope is not so constrained. In addition, in areas of the financial statements that are judged to be less susceptible to material misstatement due to fraud, an auditor is more likely to select a representative sam- ple to reach audit conclusions. Methodology and applicable profession- al standards. The auditor of a public com- pany’s financial statements is required to adhere to all applicable PCAOB standards, and may be subject to a PCAOB disci- plinary proceeding for failure to meet those standards, as well as actions by other reg- ulators or private parties (PCAOB Rule 3100 and PCAOB Release 2003-009). For all other entities, the applicable auditing standards are those issued by the AICPA. Because audit reports on financial state- ments of nonpublic entities typically rep- resent that the auditor complied with AICPA auditing standards, alleged viola- tions of those standards may be subject to disciplinary actions by the AICPA, state boards of accountancy, other relevant reg- ulators, and private litigation. The ACFE has issued a Code of Professional Ethics for fraud examiners and a Code of Professional Standards, but fraud examiners need not represent conformity with these standards in their reports, nor is the issuance of a written report mandatory (2017 Fraud Examiners Manual). Members of the AICPA who provide fraud examination services are also expected to adhere to relevant rules of the AICPA Code of Professional Conduct and the con- sulting standards, but these guidelines lack the specificity and detail of auditing stan- dards. A significant aspect of the role of pro- fessional standards with respect to fraud detection responsibilities is that an auditor cannot contract away responsibility to adhere to the auditing standards. When an auditor represents that the audit has been performed in conformity with auditing stan- dards, no provision in an engagement letter can alleviate the duties imposed by the stan- dards. In contrast, a fraud examiner can reach an understanding with the client (or employer) about the scope and limitations of the fraud examination that limits the area at issue and establishes the boundaries or extent of the investigation (2017 Fraud Examiners Manual). The distinction between an audit and a fraud examination is sometimes presented in engagement letters in a misleading man- ner. Audit engagement letters typically state that there is some risk that an audit in accordance with auditing standards may not detect a material misstatement caused by error or fraud. This is accurate because, as alluded to earlier, an auditor does not obtain absolute assurance. Sometimes, however, this statement is followed by a statement that if the client wants assurance of fraud detection, additional fraud services can be provided. This second statement is misleading because it implies an audit does not provide any assurance of detection of material misstatements caused by fraud. It is also misleading concerning the nature of a fraud examination engagement, because it incorrectly implies that a fraud examina- tion is an all-purpose search for any and all fraudulent activity. Furthermore, a fraud examination is not a guaranty that provides assurance that fraud will be detected. The ACFE, for example, recommends that a fraud examination engagement letter state, “We cannot provide assurances that fraud, if it exists, will be uncovered as a result of our examination” (2017 Fraud Examiners Manual). Relationship to stakeholders. An auditor of financial statements has a unique rela- tionship with a wide group of stakeholders. The SEC has stated that the federal secu- rities laws make independent auditors “gatekeepers” to the public securities mar- kets and has endorsed the Supreme Court’s formulation that the independent auditor assumes a public responsibility and owes The distinction between an audit and a fraud examination is sometimes presented in engagement letters in a misleading manner. 04-02-0108 Infocus_Carmichael.qxp_Layout 1 2/8/18 5:04 PM Page 51 52 FEBRUARY 2018 / THE CPA JOURNAL In FOCUS “ultimate allegiance” to the investing public (SEC Release 33-7870, November 2001). CPAs have generally viewed the Supreme Court’s characterization of the independent audit as involving a public responsibility as applicable to audits of both public companies and of other entities (see, e.g., Advisory Panel on Auditor Independence, “Strengthening the Professionalism of the Independent Auditor,” AICPA, 1994). The AICPA Code of Conduct expects CPAs to “serve the public interest” and “honor the public trust,” and the AICPA’s auditing standards acknowledge that the purpose of an audit of financial statements is to provide users with an opinion that “enhances the degree of confidence that users can place in the financial statements” (AUC-200.04). Fraud examiners have a different rela- tionship to stakeholders; they are engaged by the defrauded organization, and that organization sets the extent of the investi- gation. The fraud examiner reports the results of the investigation to those desig- nated by the contract with the client; the examiner’s report may be oral or written, and is tailored to the needs of the party requesting the report. Fraud examiners’ reports submitted in judicial or administra- tive proceedings may be used by parties outside of the client, such as attorneys, defendants, plaintiffs, witnesses, juries, judges, or the media. Thus, fraud examiners do have public interest responsibilities when their reports are used by parties other than the client. Nevertheless, the large vari- ety of users of audited financial statements who depend upon those statements for eco- nomic decision making significantly dis- tinguishes fraud examinations from audits. Other Differences There are several matters that are often cited as important differences between fraud examinations and audits that are mat- ters of degree only, and not fundamental distinctions. Techniques. The differences between audit techniques and fraud examination techniques are not nearly as great as com- monly stated or assumed. The auditing stan- dards regarding confirmation of receivables and observation of inventories were initially adopted in response to a major undetected collusive fraud (Statement on Auditing Procedure 1, “Extensions of Auditing Procedure,” 1939, http://bit.ly/2DIdSbR). The current auditing standard on auditors’ responsibility for detection of fraud has many required procedures directed specif- ically at fraud detection, including brain- storming possible ways the auditor can be deceived in order to plan an appropriate response and performing procedures intend- ed to detect the occurrence of management override and revenue-related fraud. The above-mentioned chart found in prior editions of the Fraud Examiners Manual cites the procedures of interviews, review of outside data, and document examination as the fraud examination tech- niques that differ from audit techniques. Auditors, however, should be aware that “interviewing is both an art and a rational technique that is fundamental to effective auditing” (Phillip L. Defliese, Kenneth P. Johnson, and Roderick K. Macleod, Montgomery’s Auditing, Ninth Edition, Ronald Press, 1975). Inspection of docu- ments and use of outside data are also common audit procedures. Furthermore, there are many examples of specific pro- cedures recommended in auditing stan- dards that are also techniques commonly used in fraud examinations. Attitudes or stances. Some of the com- mon statements about differences in attitude or stance between auditing and fraud exam- ination concern adversarial and nonadver- sarial relationships, professional skepticism, and document authentication. These are not distinct differences, but rather matters of degree that are natural consequences of the key difference of the requirement of pred- ication for fraud examinations. Adversarial relationship. The audit pro- cess is said to be nonadversarial, and fraud examinations, because they involve efforts to affix blame, are said to be adversarial. An audit is essentially adversarial in the planning process and, in some circum- stances, in performing procedures and eval- uating evidence. Professional skepticism. Both the audi- tor and the fraud examiner are required to exercise professional skepticism (2017 Fraud Examiners Manual). The auditor does not assume honesty or dishonesty, but maintains the mindset that fraud is always possible. Fraud examiners begin assign- ments with the belief that someone is com- mitting fraud and maintain that belief unless the evidence shows no signs of fraudulent activity. This belief, however, is directed at the perpetrators of frauds, not the defrauded organizations. Document authentication. Neither fraud examiners nor auditors are expected to be document experts, but they may need to Forensic Procedures Recommended in Auditing Standards • Obtaining evidential matter from independent sources outside the entity such as public record information (AS 2401.52 and AU-C 240.A76). • Contacting outside sources, such as major customers and suppliers, orally in addition to sending written confirmations (AS 2401.53 and AU-C 240.A76). • Performing procedures, such as observing inventories or counting cash on a surprise or unannounced basis or at unexpected locations (AS 2401.53 and AU-C 240.A76). • Testing an entire population instead of a sample using computer assistance (AS 2401.52 and AU-C 240.A7). • Assigning forensic specialists to the engagement (AS 2401.50 and AU-C 240.A39). • Performing a computerized match of the vendor list with a list of employees to identify matches of addresses or phone numbers (AU-C 240.A76). • Performing a computerized search of payroll records to identify duplicate addresses, employee identification or taxing authority numbers, or bank accounts (AU-C 240.A76). 04-02-0108 Infocus_Carmichael.qxp_Layout 1 2/8/18 5:04 PM Page 52 FEBRUARY 2018 / THE CPA JOURNAL 53 consult an expert document examiner to determine authenticity if they recognize possible alteration or falsification (2017 Fraud Examiners Manual). Because fraud examiners begin their assignments only when there is predication, they may be more disposed to using an expert document examiner. Auditors, however, should better understand what genuine documents look like, so that circumstances in which there is a need for document examiners would be more apparent. Concealment. Both auditors and fraud examiners are on notice to expect conceal- ment by fraud perpetrators. Again, because a fraud examiner’s work is based on pred- ication, the need to be alert for indications of concealment and creative in response is second nature for fraud examiners. Auditors, however, also need to be aware that collusion, false documents, and mis- leading responses to inquiries are normal methods of concealment of material mis- statements due to fraud. For example, the PCAOB has observed that because fraud usually involves deliberate concealment and may involve collusion with third par- ties, the auditor should assess risks and apply procedures directed specifically to the detection of a material, fraudulent mis- statement of financial statements (Release 2007-001, http://bit.ly/2CX6DeE). To respond effectively to risks of concealment, auditors must emphasize the vulnerability to fraud if management or employees, alone or in collusion with third parties, were inclined to perpetrate it, and not solely the likelihood that fraud has occurred. Auditors are also expected to recognize that audit procedures effective for detecting misstate- ment caused by error may not be effective in detecting those caused by fraud. This awareness should affect the selection of audit procedures and items to which the procedures are applied. No Excuses, No Guarantees That an audit of financial statements is not a fraud examination is no excuse for an auditor’s failure to detect fraud. An audit is not a guarantee of the accuracy of finan- cial statements, but auditors must plan and perform the audit to obtain reasonable assurance the financial statements are not materially misstated by fraud. If the pur- pose of an audit is to detect fraudulent material misstatements, and the purpose of a fraud examination is, by definition, to detect fraud, what is the difference? That question should now be clearly answered. The two professional services of fraud examination and audit are distinctly differ- ent services, but both professionals have responsibilities related to fraud detection. A valid comparison of the two has to focus on how exactly they differ with respect to that key responsibility. The aim of the fraud examination is to resolve allegations of fraud by determining whether fraud occurred and who perpetrated it, and to report findings that may be used in a legal action or to recover fraud losses. An audi- tor’s fraud detection responsibilities are not triggered by suspicion of fraud; an auditor must have the mindset that fraud is always possible. An audit is planned and per- formed using the concepts of materiality and focusing on material misstatement. A fraud examination is not constrained by materiality or whether material misstate- ment results. The fraud examiner is hired by the potentially defrauded organization and owes primary responsibility to the party who engaged him or her even though out- side parties may see and use the report in certain circumstances. The auditor is usu- ally engaged by the audited entity, but owes primary allegiance to the investing public. The professional standards applicable to an audit and a fraud examination differ in many respects, including the fact that the standards for a fraud examiner pro- vide guidelines (which may be further limited by a contractual agreement), but auditing standards include many require- ments that are unconditional or presump- tively mandatory. Other differences that are sometimes described as differentiating an audit from a fraud examination are actu- ally not nearly as significant, and differ only in degree. It is this author’s hope that auditors will stop using the empty excuse that an audit is not a fraud examination, and recognize that they have a responsi- bility for fraud detection that, although not absolute, is an essential responsibility that has to be aggressively pursued. q Douglas R. Carmichael, PhD, CPA, CFE, is the Claire and Eli Mason professor of accountancy at Baruch College, New York, N.Y. Adversarial Attitudes Reflected in Auditing Standards • Identify how and where the financial statements might be susceptible to material misstatement due to fraud, how management could perpetrate and conceal fraudulent financial reporting, and how assets could be misappropriated (AS 2401.14 and AU-C 240.15). • Consider factors that might create incentives/pressures for management and others to commit fraud and opportunities to do so—the same fraud triangle used by fraud examiners (AS 2401.15 and AU-C 240.15). • Be continually alert for information or other conditions that indicate a material misstatement due to fraud may have occurred (AS 2401.16 and AU-C 240.22). • Presume that improper revenue recognition is a fraud risk (AS 2401.41 and AU-C 240.26). • Address the risk of management override in every audit and perform prescribed procedures designed to detect whether override has occurred (AS 2401.42 and .57-.67 and AU-C 240.32). • Keep in mind that management has a unique ability to perpetrate fraud and cause manipulation of accounting records and present fraudulent financial information (AS 2401.08 and .57 and AU-C 240.31). • Whenever the auditor has determined that there is evidence that fraud may exist, consider the organizational position of the persons involved (AS 2401.75-.79 and AU-C 240.35-.36). 04-02-0108 Infocus_Carmichael.qxp_Layout 1 2/8/18 5:05 PM Page 53 Copyright of CPA Journal is the property of New York State Society of Certified Public Accountants and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.