While the primary responsibility for preventing and detecting fraud rests with entities themselves, auditing standards require auditors to identify and assess the risks of material misstatement due to fraud and to determine overall and specific responses to those risks. Here’s what auditors look for during fraud-risk interviews and why face-to-face meetings are essential.
Fraud inquiries
Entities being audited sometimes feel fraud-related questions are probing and invasive, but they’re a critical part of the audit process. The American Institute of Certified Public Accountants requires auditors to identify and assess the risks of material misstatement due to fraud and to determine overall and specific responses to those risks under Clarified Statement on Auditing Standards (AU-C) Section 240, Consideration of Fraud in a Financial Statement Audit.
Specific areas of inquiry under AU-C Sec. 240 include:
Fraud-related inquiries may also be made of those charged with governance, internal auditors and others within the organization. Examples of other people an auditor might ask about fraud risks include the chief ethics officer, in-house legal counsel, and employees involved in initiating, processing, or recording complex or unusual transactions (and their supervisors).
Interviews
So how does your auditor ensure he or she gains as much fraud-related information as possible from fraud-risk interviews? During the planning stage of the audit, the audit partner meets with the audit team to brainstorm potential company- and industry-specific risks in order to outline specific areas of inquiry and high-risk accounts.
Interviews must be conducted for every audit—auditors can’t just assume fraud risks are the same as those that existed in the previous accounting period. During audit fieldwork, auditors meet in person with managers and others to discuss fraud risks. Why? A large part of uncovering fraud involves picking up on nonverbal clues.
Nuances such as an interviewee’s tone and inflection, the speed at which he or she responds and body language provide important context to the words being spoken. In a face-to-face interview, the auditor can also observe signs of stress on the part of the interviewee in responding to the question, including long pauses before answering or starting answers over.
In addition, in-person interviews provide an opportunity for immediate follow-up questions. When it isn’t possible to have a face-to-face interview, a videoconference or phone call is the next best option because it provides the auditor many of the same advantages as meeting in person.
It’s important for interviewees to be patient when answering the auditor’s questions. Auditors are trained to ask for clarification if an interviewee uses an unfamiliar word, rather than to assume its meaning or skip over the response. Dishonest people often use confusing language and appear edgy when they’re trying to intentionally conceal misconduct, including fraud.
Audit limitations
Even when an audit is properly planned in accordance with the auditing standards, some dishonest behaviors may not be detected. It’s generally easier to find unintentional errors than to detect a material misstatement resulting from fraud. Fraud may involve sophisticated concealment schemes, such as forgery, deliberate failure to record transactions, or intentional misrepresentations made to the auditor.
In addition, collusion between employees, suppliers and customers can make it harder for audit evidence to reveal fraud. The risk of the auditor not detecting a material misstatement is even greater when upper-level management is involved in the fraud scheme. That’s because top managers may have the opportunity to directly or indirectly manipulate accounting records, present fraudulent financial information or override control procedures designed to prevent similar frauds by other employees.
To catch a thief
Evaluating fraud risks is a critical part of your auditor’s responsibilities. You can facilitate this process by being patient about questions your auditor will ask and the types of audit evidence your auditor will need.
Auditors look inside and outside of the company for the risks of two types of fraud: 1) fraudulent financial reporting, and 2) asset misappropriation. In general, they categorize risk factors based on the three conditions that must be present for fraud to happen. Together, these three conditions are known as the fraud triangle.
Each organization faces unique risk factors. These are just a few examples of what’s on your auditor’s radar when assessing fraud. If you notice these risk factors or any other suspicious behaviors, contact your auditor to present your findings and discuss how you can facilitate further investigation of the matter.
October 29, 2018