Working with your auditor to prevent fraud
Posted 10 Oct 16 by Guy Underwood
There are a number of high profile cases in the media at present involving major accounting firms being sued by companies who have lost money as a result of the auditors allegedly failing to identify fraud within their own company or a company in which they have invested. The aim of this article is not to cast aspersions on any auditors but to discuss how significant fraudulent conduct can go undetected. It has also been written to educate organisations on how to engage better with their auditors to allow fraud to be detected early – or better still, prevented from occurring in the first instance.
We know from statistics published by the Association of Certified Fraud Examiners that globally, organisations lose over USD6billion in fraud each year and that most frauds go undetected for around 18 months (ACFE Report to the Nations 2016). With such large numbers and time frames, questions are often raised as to why the auditors do not pick up fraud during the audit process. To answer that question, it is worth noting the following:
1. Whilst they are supposed to exercise professional scepticism and consider fraud during the audit process, identifying fraud is not the purpose of an audit.
2. The typical fraudster is in middle to senior management and therefore is aware of what auditors are looking for during the audit process and can disguise their fraud methods accordingly.
3. Auditors are largely reliant on information and data provided by the client – of that data or information is fraudulent or false it can be difficult to identify fraud.
4. Most frauds involve a large number of small frauds which – although end up as a large quantum – are not material to the financial accounts when considered separately.
So, if auditors cannot be counted on to detect fraud, what can organisations do to help prevent fraud from occurring?
One of the solutions is to have better engagement with the auditors through providing them with historical data around losses from stock/inventory shortages, credit card discrepancies etc which are indications of fraud occurring within the organisation. Better still, organisations can undertake a Fraud Risk Assessment to identify areas at high risk of fraud. The results of this Fraud Risk Assessment should then be provided to and discussed with the auditors to ensure that any audit is risk-based, with a greater likelihood of uncovering fraud at the earliest possible point in time.
Whether an organisation operates in the private or public sector, it cannot rely solely on third parties such as its auditors to prevent and detect fraud. Every organisation should make itself aware of its fraud risk environment and engage more closely with its auditors to design audit programs which are risk-based and consider areas that are at high risk of fraud or corrupt conduct.