Published online in Wiley Online Library (wileyonlinelibrary.com). DOI 10.1002/jcaf.21829 f e a t u r e a r t i c l e Gin Chong I n 2010, the Asso- ciation of Certified Fraud Examiners (ACFE) estimated that the IRS has lost US$994 billion due to fraud, and a whopping US$2.9 trillion world- wide was lost due to fraudulent financial statements, asset mis- appropriation, and corruption. The fraud- related losses represent approximately 7% of the U.S. gross domes- tic product (ACFE, 2008; ACFE, 2010). Based on the U.S. fiscal year 2008 budget, losses result- ing from fraud have exceeded the combined net costs of the Departments of Defense, Home- land Security, Transportation, and Education. Fraud is costly and damages the reputation and cred- ibility of the audit profession. Stakeholders are pressuring audi- tors to include detection of fraud in the audit programs and audit reports. In an effort to restore public trust, accounting standard setters, including the Public Company Accounting Oversight Board (PCAOB), require auditors to adhere to the requirements of Statement on Auditing Standards (SAS) No. 99, Consideration of Fraud in a Financial Statement Audit (PCAOB, 2007). The Standard requires audi- tors to participate in brainstorm- ing sessions and to consider the possibility that a material misstatement due to fraud could be present (American Institute of Certified Public Accoun- tants [AICPA], 2002). Though the PCAOB inspection reports constantly paint disappointing pictures, the findings are surpris- ing. Financial statement auditors are not fraud examiners, but are to determine the reliability of internal control and the extent of audit risk, and to report whether the financial statements are presented fairly in accordance with generally accepted accounting prin- ciples (GAAP). Fraud detections require unique skill sets and the development of forensic techniques. Specifically, individu- als need to apply investigative and analytical skills to gather and evaluate audit evidence, to interview all parties relating to an alleged fraud situation, and to serve as an expert witness. All these involve resources in terms of time, money, and, in many cases, personal risk of being persecuted even before a case begins. But requiring auditors to be aware of the possibility that fraud may exist is not enough. Waves of fraud emerge despite professional bodies and standard setters that formulate various auditing standards as a response, to restore public trust, and act Detecting Fraud: What Are Auditors Responsibilities? High-profile fraud cases have continued to make the news over the past few years. But exactly what are auditors responsibilities when it comes to detecting fraud? The author of this article reveals that the auditing profession has come full circle from being responsible to not being responsible for detecting fraud. But the volume and critical nature of fraud cases remain high, as do the number of auditing standards addressing this issue. The author explores this problem in depth, identifies situations where fraud may take place, and sug- gests various tools that auditors should use for fraud detection. 2013 Wiley Periodicals, Inc. 48 The Journal of Corporate Accounting & Finance / January/February 2013 DOI 10.1002/jcaf 2013 Wiley Periodicals, Inc. Audit firms responded by limit- ing audit hours in an engagement and reducing time and resources on searching for fraud. By the mid-1980s, the vol- ume and dollar amounts involved in fraud cases had increased tremendously, making SAS No. 16 a redundant guideline. A new wave of public concerns and outcries forced Congress to form the Treadway Commission. The Commission was charged to identify causal factors that lead to fraudulent financial report- ing and to recommend steps to reduce its incidence. The Com- mission concluded that at least 36% of the cases involved audi- tors failure to recognize, or to view with sufficient skepticism, certain fraud-related warning signs or red flags that would have been noted had the audi- tors been more diligent in their audits. In response to the report, the Accounting Standards Board (ASB) issued nine statements of auditing standards (SASs 53 61) in 1988 to outline external audi- tors role on fraud prevention and detection and the potential illegal activities of audit clients. Audi- tors are required to apply pro- fessional skepticism to assume management is neither honest nor dishonest (PCAOB, 1993). Despite all these efforts, there is no obvious decrease in audit failures of fraud detection. The Public Oversight Board (POB) recognized that these new SASs seemed to be having little impact, as the auditors neither consistently complied with these standards nor applied the proper degree of professional skepti- cism to detect fraud (PCAOB, 2004). There was a widespread public belief that while audi- tors have a responsibility to detect fraud, they were neither willing nor capable of doing so. Mounting criticisms of the Examination of Financial State- ments, in 1960. Although SAP No. 30 acknowledged that audi- tors should be aware of the pos- sibility that fraud may exist dur- ing an audit, it was so negatively stated that auditors felt little or no obligation to detect fraud. The Equity Funding scandal was the next major audit fail- ure of fraud detection 2 (Seidler, Andrews, and Epstein, 1977). In response to the congressional inquiry, the AICPA formed the Cohen Commission to reexam- ine auditors responsibility to detect fraud. The Commission recognized that while auditors should actively consider the potential for fraud, the inherent limitations in an audit process dampen auditors responsibility for detecting all material frauds. Specifically, the Commission recognized that it is challeng- ing for auditors to detect frauds that are concealed and derived from forgery or collusion by members of management. In response to Cohens report, the AICPA issued SAS No. 16, The Independent Auditors Responsi- bility for the Detection of Errors or Irregularities, to implicitly acknowledge that auditors are responsible for using a list of red flags to detect fraud. In the 1970s, the Department of Justice and the Federal Trade Commission (FTC) required pro- fessional organizations including the AICPA to eliminate elements of their codes of professional behavior that the government deemed to violate federal anti- trust statues. For example, the codes had allowed audit firms to engage in unrestricted advertis- ing. The FTC also imposed a ban on contingent fees and com- missions for nonaudit clients. Banning competitive bidding for audit services has narrowed audit firms profit margins on audits. as reminders of their duties of care. These reminders primarily serve a symbolic function, but in fact, the failure in fraud detec- tion is due to differences in skill sets and task objectives between financial statement audits and fraud detections. HISTORICAL PERSPECTIVE With the passage of time, auditors responsibility for fraud detection has changed dramatically. Prior to the 1500s, the British auditing objectives that centered on the discovery of defalcations became the basis of the American auditing approach. The emphasis on fraud detection gradually dissipated during the period of the 1930s until the infamous McKesson and Robbins scandal in late 1938. 1
McKesson and Robbinss auditor, Price Waterhouse & Company, was under intense scrutiny for its inability to detect and prevent the massive accounting fraud. In the aftermath of the McKesson and Robbins scandal, audi- tors were required to perform additional audit procedures on accounts receivable and inven- tories while the audit profession formulated Statement of Audit- ing Procedures (SAP) No. 1, Extension of Auditing Procedure (AICPA, 1939) to shift auditors focus away from fraud detection. Instead, the focus became deter- mining fairness of the financial statements in accordance with the accounting standards. Subse- quent to SAP No. 1, the auditing profession came under mounting pressure from the public and the Securities and Exchange Com- mission (SEC) to clarify audi- tors responsibility with respect to fraud detection. As a result, the AICPA issued SAP No. 30, Responsibilities and Functions of the Independent Auditor in the The Journal of Corporate Accounting & Finance / January/February 2013 49 2013 Wiley Periodicals, Inc. DOI 10.1002/jcaf FRAUD TRIANGLE Both SAS No. 99 and ISA 240 identify three conditions that generally present mate- rial misstatements due to fraud risk: (a) incentives/pressures, (b) opportunities, and (c) atti- tudes/rationalizations. Incentives or pressure may arise due to external conditions like eco- nomic, industry, or entity operat- ing conditions that threaten the financial stability or profitability of the client. Or management may be under excessive pressure to perform and meet the require- ments or expectations of the firms own sales or profitability targets, or to meet the expecta- tions of external parties, includ- ing lenders, analysts, and stock- holders. Opportunities for fraud also arise due to inherent risk within the industry. The nature or complexity of the entitys opera- tions also provides opportunities to engage in fraudulent financial reporting. This is exacerbated by poor internal control systemsin particular, ineffective accounting and control of information sys- temsa dominating management style, and lack of segregation of duties among the employees. Attitudes of or rationaliza- tions by board members, manage- ment, or employees arise due to many factors. They include a lack of communication or ineffective management communication; ineffective implementation, sup- port, or enforcement of the enti- tys values or ethical standards; nonfinancial managements excessive participation in or pre- occupation with the selection of accounting policies or the deter- mination of significant estimates; a known history of violations of securities laws or other laws and regulations; excessive manage- ment interest in maintaining or increasing the entitys stock price fraud. These procedures include conducting surprise inventory or cash counts and performing substantive tests on potential fraud risk areas. However, the watchdogs failed to meet these requirements and faced the con- sequences of the Enron fiasco and the demise of Arthur Ander- sen. To restore public confidence and to limit the auditors respon- sibilities on fraud detection, Congress passed the Sarbanes- Oxley Act (SOX) and created the PCAOB. Though the PCAOB does not require the auditors to detect fraud, it requires exter- nal auditors to report specific situations and events relating to fraud and illegal acts to the clients audit committee as well as to the authorized authorities. These authorized authorities include relevant government agencies like the IRS, fraud investigators, and federal and state governments. As the exter- nal pressure mounted, the Inter- national Auditing and Assur- ance Standards Board issued the International Standard on Auditing (ISA) 240, The Audi- tors Responsibilities Relating to Fraud in an Audit of Finan- cial Statements, in December 2009, stating that management is responsible for detecting fraud while the auditors are not. This is in line with an auditors objective: to conduct an audit in accordance with ISAs to obtain reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed in accordance with the ISAs. audit profession over its failure of fraud detection prompted the POB to propose a number of rec- ommendations to improve audi- tors willingness to detect fraud. The AICPA supported the POBs recommendations to develop an auditing standard that focused solely on financial statement fraud, and eventually formed a fraud task force to formulate SAS No. 82, Consideration of Fraud in a Financial Statement Audit, in February 1997. For the first time, fraud was included in the title of an auditing standard. SAS No. 82 classifies fraud into two distinct catego- ries: intentional falsification of financial statements and theft of assets. It provides auditors with a list of risk factors cov- ering instances of fraudulent financial reporting and misap- propriation of assets that they should assess during an audit, and requires auditors to docu- ment both the assessments on fraud risk and modifications to the audit plans. Though SAS No. 82 provides additional assurance to the public that the external auditors have taken extensive steps to ensure that they did not overlook any underlying fraud and the financial statements are free of material misstatements, the Standard does not increase the auditors responsibility for detecting fraud beyond the key concepts of materiality and rea- sonable assurance. In 2000, the SEC requested POB to appoint a panel to review firms audit effective- ness. In the report, the panel recommended that audit firms hire forensic specialists to pro- vide auditors with fraud-related training, and that external auditors perform forensic-type procedures on every audit to enhance the likelihood of detect- ing material financial statement 50 The Journal of Corporate Accounting & Finance / January/February 2013 DOI 10.1002/jcaf 2013 Wiley Periodicals, Inc. PCAOB Standing Advisory Groups Questions Related to Fraud No. Questions SAS No. 99 related 1 Is it appropriate for stockholders to expect auditors to detect fraud that could have a material effect on the financial statements? 2 Does SAS No. 99 appropriately describe the auditors responsibility for detecting fraud? Risk and Fraud Risk Factors related 3 Is this list [SAS No. 99] of fraud risk factors helpful to the auditor? 4 Are there other significant fraud risk factors? Revenue Recognition related 5 Should auditors presume that revenue recognition is a higher risk area demanding that the auditor perform more extensive procedures? 6 If so, to overcome this presumption, should auditors be required to identify and document persuasive supporting reasons that the risk of material misstatement due to fraud is remote? 7 Should a proposed standard on fraud include specific procedures that auditors would be required to perform with respect to revenue recognition? 8 Should auditors be required to inquire of sales and marketing personnel and internal legal counsel about their knowledge of the companys customary and unusual customer terms or conditions of sales? 9 Are there other practice problems you are aware of in this area? Significant or Unusual Accruals related 10 Should auditors presume that significant or unusual accruals are a higher risk area demanding that the auditor perform more extensive procedures? 11 If so, to overcome this presumption, should auditors be required to identify and document persuasive supporting reasons that the risk of material misstatement due to fraud is remote? 12 Should auditors be required to test the activity within accrual accounts during the period and not just the ending balances? 13 Should auditors be required to apply substantive tests of details (that is, not rely on analytical proce- dures only) to corroborate the support for managements judgments and assumptions? 14 Should a proposed standard on fraud include other specific procedures that auditors would be required to perform with respect to significant or unusual accruals? 15 Are there other practice problems you are aware of in this area? Related Parties related 16 Should auditors presume that transactions with related parties are a higher risk area demanding that the auditor perform more extensive procedures? 17 If so, to overcome this presumption, should auditors be required to identify and document persuasive supporting reasons that the risk of material misstatement due to fraud is remote? 18 Should auditors be required not only to inquire of management, but also the entire board of directors, about related parties and transactions with those parties? 19 Are there other practice problems you are aware of in this area? Exhibit 1 (Continues) The Journal of Corporate Accounting & Finance / January/February 2013 51 2013 Wiley Periodicals, Inc. DOI 10.1002/jcaf PCAOB Standing Advisory Groups Questions Related to Fraud (Continued) No. Questions Estimates of Fair Value related 20 Should auditors presume that assets or liabilities valued using pricing models or similar methods are a higher risk area demanding that the auditor perform more extensive procedures? 21 Should a proposed standard on fraud include specific procedures that auditors would be required to perform with respect to such fair value estimates? 22 Are there other practice problems you are aware of in this area? Analytical Procedures related 23 In performing and evaluating the results of analytical procedures, should auditors be required to identify key performance indicators of the issuer and the issuers industry? 24 Should auditors be required to compare the key performance indicators to the same measures in prior peri- ods, to budgets, to the experience of the industry as well as principal competitors within the industry? 25 Should auditors be required to compare nonfinancial information (such as operating statistics) with the audited financial information? 26 Do auditors overrely on analytical procedures when used as substantive tests? That is, should auditors be provided definitive direction as to when analytical procedures are appropriate and when analytical procedures should not be used? 27 Are there other practice problems you are aware of in this area? Quarterly Financial Information related 28 Should auditors be required to perform certain procedures with respect to the higher risk audit areas (that is, revenue recognition, related parties, and other high-risk audit areas) while performing quarterly reviews? 29 Should a proposed standard provide specific direction for auditors to follow up each quarter on mate- rial matters from the prior annual audit and quarterly reviews? (For example, if during the annual audit the auditor has been told that a significant receivable will be collected within 60 days, then the auditor should follow up on that matter in the first quarter of the next period.) 30 Should auditors be required to audit significant or unusual transactions concurrently with a review of the quarterly financial information? 31 Although financial statements are not formally prepared for the fourth quarter, should auditors perform certain procedures with respect to the financial information for the fourth quarter? 32 Are there other practice problems you are aware of in this area? Journal Entries related 33 Should a proposed standard on fraud contain explicit imperatives or expectations with respect to the review of journal entries? 34 If so, should specific direction about the review of journal entries be focused primarily on the review of nonstandard journal entries as opposed to all journal entries? 35 Should auditors be expected to review journal entries at the close of each reporting periodthat is, quarterly as well as annual reporting periods? 36 Should auditors be required to review postclosing journal entries, including top-side entries, for each reporting period? 37 Should auditors be required to review consolidating journal entries for each reporting period? 38 Are there other practice problems you are aware of in this area? Exhibit 1 (Continues) 52 The Journal of Corporate Accounting & Finance / January/February 2013 DOI 10.1002/jcaf 2013 Wiley Periodicals, Inc. PCAOB Standing Advisory Groups Questions Related to Fraud (Continued) No. Questions Discussions With the Audit Committee related 39 Should auditors be required to inquire of the audit committee about information on complaints and concerns (from whistleblowers and others) that have been submitted to the board of directors or audit committee? 40 Should auditors make such inquiries for each quarter and annual reporting period? Detection of Illegal Acts related 41 Should a proposed standard on fraud include specific procedures for auditors to perform in discharging their obligations under Section 10A? 42 Should a new standard on the auditors responsibility for the detection of illegal acts by their audit clients also be considered? 43 Are there other practice problems you are aware of in this area? Forensic Accountants in an Audit of Financial Statements related 44 Should a forensic specialist, whether employed by the auditors firm or engaged by the auditor, be regarded as a member of the audit team? Would treating a forensic accountant as an SAS No. 73type specialist create an artificial distinction between the work necessary to detect fraud and the work necessary to complete an audit? 45 What professional standards should apply to forensic accountants participating in an audit of financial statements? Should auditors obtain the necessary skills to detect fraud, including forensic skills? 46 Is it acceptable for an auditor to assign responsibility to or otherwise use the work of a forensic spe- cialist engaged by the company in an audit of financial statements and treat that persons work as the work of a specialist under SAS No. 73, Using the Work of a Specialist (AU sec. 336)? 47 Can auditors obtain the reasonable assurance required by paragraph .02 of AU sec. 110, Responsibili- ties and Functions of the Independent Auditor, without performing investigations to determine the impact of alleged fraudulent activities on the financial statements? 48 What restrictions on the arrangements for the in-depth investigation would be necessary to avoid an impairment of independence? 49 Does a forensic accountant employ an investigative mindset that is different from the professional skepticism of an auditor of financial statements? 50 Are there other practice issues that should be addressed in an auditing standard on financial fraud? beyond the three key conditions including the need for forensic specialists in an audit assignment. CONCLUSION The audit profession has gone through a full circle of not PCAOB on the development of auditing and related professional practice standards. This group has compiled 50 questions that help identify fraud and fraud risk factors in the course of an audit (see Exhibit 1) (PCAOB, 2004). External auditors need to look or earnings trend; and low morale among senior management. Apart from the preceding audit guidance is the Standing Advisory Group (SAG), a group that consists of external audi- tors, investors, and public com- pany executives who advise the Exhibit 1 The Journal of Corporate Accounting & Finance / January/February 2013 53 2013 Wiley Periodicals, Inc. DOI 10.1002/jcaf statement audit. Statement on Audit- ing Standards No. 99. New York, NY: Author. Association of Certified Fraud Examiners (ACFE). (2008). Report to the nation on occupational fraud abuse. Austin, TX: Author. Association of Certified Fraud Examiners (ACFE). (2010). Report to the nations on occupational fraud and abuse. Aus- tin, TX: Author. International Auditing and Assurance Standards Board. (2009). The auditors responsibilities relating to fraud in an audit of financial state- ments. International Standard on Auditing (ISA) No. 240. New York, NY: Author. Public Oversight Board (POB). (1993). In the public interest. Stamford, CT: Author. Public Company Accounting Oversight Board (PCAOB). (2004, September 89). PCAOB Standing Advisory Group meet- ing: Financial fraud. Retrieved January 13, 2012, from http://pcaobus.org /News/Events/Documents/09082004 _SAGMeeting/Fraud.pdf Public Company Accounting Oversight Board (PCAOB). (2007, January 22). Observations on auditors implementa- tion of PCAOB standards relating to auditors responsibilities with respect to fraud. PCAOB Release No. 2007-001. Seidler, L. J., Andrews, F., and Epstein, M.J. (1977). The Equity Funding papers: The Anatomy of a Fraud. New York, NY: Wiley. auditor and the client about fraud detection and prevention. NOTES 1. McKesson and Robbins was a wholesale drug company acquired by F. Donald Coster in 1926. Coster and his brothers ran an elaborate accounting scheme to inflate the companys reported assets for more than a decade. By 1937, this trans- lated into over $18 million of fictitious sales and $19 million worth of nonexist- ent assets. 2. The Equity Funding scandal involved bookings of fictitious receivables and income to inflate earnings per share to net earnings expectations. Equity Fund- ing sold insurance to fictitious customers by selling phony policies. Although there were sufficient red flags to cause audi- tors to be more skeptical, they missed the ongoing fraud including 64,000 phony transactions with a face value of $2 bil- lion, $25 million in counterfeit bonds, and $100 million in missing assets. REFERENCES American Institute of Certified Public Accountants (AICPA). (1939). Exten- sion of auditing procedure. Statement on Auditing Procedures No. 1. New York, NY: Author. American Institute of Certified Pub- lic Accountants (AICPA). (2002). Consideration of fraud in a financial being responsible to being fully responsible. Standard setters and professional bodies have responded to widely publicized fraud cases. Standards are merely guides to the profession, and the auditors themselves need to exer- cise due care and diligence in all assignments. Though manage- ment is responsible for design- ing and implementing internal control systems and detecting fraud, the auditors need to assess reliability of the control systems and report fraud to appropriate authorities. All these add value to the audit reports and assure the public that the reports are doing what they were designed to do. Auditors need to constantly review their resources, which includes considering the needs for forensic specialists and infor- mation technology specialists in major audits, and understanding the clients business activities by having interim audit visits and holding regular meetings with the clients. The two-way exchanges help improve commu- nications and educate both the Gin Chong, professor of accounting at Prairie View A&M University (PVAMU) in Texas, is best known for his research work on materiality and audit risk, fraud audits, firms performance measurements, and governance and ethics. He has presented at various national and international conferences, published over 100 scholarly publications, and is a recipient of several research awards. Professor Chong teaches undergraduate and graduate courses on accounting, auditing, law and ethics, and accounting information systems and control, and is a visiting professor of various universities in China and Europe. He has received many teaching awards. His contact e-mail address is hgchong@pvamu.edu.