Why Didn’t Our Auditors Find the Fraud?

Why Didn’t Our Auditors
Find the Fraud?

Wisconsin Law Journal January 25, 2006
By Tracy L. Coenen, CPA, MBA, CFE

Companies and organizations that situation that is purposely disguised by misstatement. If material errors in the
are hit with employee fraud, including a dishonest employee. financial statements are discovered,
embezzlement, asset misappropriation, the auditors will direct management to
and financial statement manipulation The bookkeeper used what she correct them.
are often surprised that the incident knew about the accounting process
occurred. Even more surprising to and the year-end audit to escape Tracy Coenen is a CPA, a Certified
executives and boards of directors is detection. She knew that management Fraud Examiner, and president of
the fact that their auditors didn’t find wasn’t checking her work or Sequence Inc., a forensic accounting
the fraud sooner, or didn’t find it at monitoring the bank account. By firm with offices in Milwaukee and
all. After all, isn’t that what auditors utilizing small dollar transactions, Chicago. She is a nationally-
are supposed to do? recording false transactions in the recognized expert on fraud and
accounting system, and discarding financial investigations.
In one case, the bookkeeper for a canceled checks, she successfully beat
non-profit organization was stealing the system and ran off with hundreds So how does fraud fit into the idea
for several years and cleverly covering of thousands of dollars. of material misstatements? Misstate-
her tracks. She didn’t let the checks ments can be caused by either error or
get too large, and she divided the Auditing Defined fraud. Auditors have some
check amounts between many Audits and reviews are procedures responsibility for the detection of both
accounts so that the entries in each errors and frauds that are material, but
account would be very small. She performed on the financial statements this responsibility is not absolute.
knew that if the amounts were small of a company, for the purpose of Auditors give “reasonable” assurance
enough, they probably would not be determining whether the financial that material misstatements have been
carefully examined during the annual statements include any material uncovered, but not total assurance.
audits. misstatements. Misstatements are
essentially wrong numbers due to Errors are much more likely to be
She was right, and her scheme numerical errors, fraud, or errors in discovered during an audit than are
worked until an auditor found a interpreting the accounting rules. fraud. Fraud schemes are crafted to
problem with the bank reconciliation. Misstatements are material if they are purposely exploit the accounting
That problem led to further large enough to make a difference to a system and controls, and therefore it is
investigation, which ultimately user of the financial statements, such more difficult for an auditor to find
uncovered the fraud. You could say as a bank or investor. them. Since auditors are not all-
that the fraud was discovered by
accident. The board of the directors Auditors utilize sampling
wondered why the auditors didn’t find techniques to test certain transactions
the fraud sooner, since it had been during the performance of an audit or
ongoing for at least three years. review, since it would be nearly
The answer was simple. The auditors impossible and too expensive to test
followed the rules, but those rules every single transaction. The
aren’t always effective at uncovering a sampling may be aimed at the largest
items or the items on the financial
statements that pose the most risk of

© 2005 Sequence Inc. All rights reserved.
Sequence Inc. Forensic Accounting ■ 316 North Milwaukee Street, Suite 16 ■ Milwaukee, WI 53202 ■ 414.727.2361 ■ www.sequence-inc.com

Why Didn’t Our Auditors
Find the Fraud?

knowing beings, the assurance that the that fraud is becoming a bigger issue Audit Alternatives
financials statements are correct can for clients. All of this alphabet soup Executives, attorneys, and board
only be “reasonable” assurance and can be boiled down to the fact that it is
not total assurance. management’s responsibility, not the members may be left asking
auditor’s, to prevent and detect fraud. themselves why they pay for audits if
Auditing Rules The auditors must consider fraud the procedures aren’t going to detect
It’s important to understand the throughout their procedures, but they all the potential problems with the
do not have an absolute responsibility numbers. Audits and reviews have
guidance given to auditors on the topic for the detection of fraud. their place in the business world, as
of fraud. Accountants performing they help companies identify risky
audits in the United States follow Expectation Gap areas of the financial reporting
Generally Accepted Auditing If the guidance on fraud is so clear process, and they hopefully find
Standards (GAAS) in their material errors and frauds.
performance of audits. Additional from the perspective of the auditor,
guidance is provided in the Statements why does there seem to be an Since reviews and audits can only
on Standards for Auditing and Review expectation gap between the auditors provide limited (but not absolute)
Services (SSARS) and Statements on and the clients? Regardless of assurance on the numbers, they are
Auditing Standards (SAS). These sets whatever guidance exists, clients are only one part of a company’s financial
of authoritative guidance outline the inclined to mistakenly expect that picture. If management wants to go a
responsibilities that auditors have for auditors can, must, and will find fraud step further, they will look beyond
finding fraud while performing audits if it exists within the company. audits and reviews.
and reviews.
The client sometimes fails to Internal control reviews with a
SAS number 99, “Consideration of acknowledge that the auditors clearly “focus on fraud” can help prevent
Fraud in a Financial Statement Audit,” outline their audit and review fraud. They probably won’t detect old
became effective in late 2003. This responsibilities with engagement frauds, but the involvement of an anti-
statement directs auditors to use letters. Those letters usually state that fraud professional during the review
professional skepticism and to the auditors provide reasonable of controls will help the company
consider that a fraud could have assurance that they will detect material identify areas of the company most at-
occurred and could materially affect misstatements, but not absolute risk for fraud.
the financial statements. The auditors assurance.
must consider and identify the risk of The next step is the development of
fraud, and must continuously evaluate The client also often does not procedures specifically designed to
evidence throughout the audit to consider the fact that immaterial prevent fraud. This requires
determine whether or not there are any frauds may never be found. If a fraud management to take a proactive stance
fraud indicators. is not large enough to “make a against fraud. Since management
difference” in the financial statements, cannot fully rely on audits and reviews
The American Institute of Certified then it stands to reason that it most to detect fraud, the better alternative is
Public Accountants (AICPA) recently likely will not be detected. Detecting to shore up controls so that the
issued SSARS number 12, “Omnibus an immaterial fraud would be like opportunities for fraud are decreased.
Statement on Standards for finding a needle in a haystack.
Accounting and Review Services.” At the end of the day, the
This applies to reviews, rather than The expectation gap boils down to responsibility for fraud prevention and
audits. Reviews provide less misconceptions on the part of the detection is on the company’s
assurance on the financial statements, client. Management and employees management. Executives and
as the review procedures are typically wrongly believe that reviews and manager must clearly understand the
less thorough and less detailed than audits can and should always detect inherent limitations of audits and
audit procedures. This statement fraud. Auditors also bear some reviews, and recognize that they
dictates that during a review, the responsibility for the expectation gap, cannot and will not detect all frauds.
auditor is not required to assess the and they might consider addressing Audits and reviews should not be
risk of fraud or develop plans this issue verbally with the client. avoided or discarded, but management
specifically to identify fraud. That discussion should echo the is advised to add proactive fraud
engagement letter and address any prevention measures to help the
The guidance for auditors is concerns or unrealistic expectations company maintain better control over
continuously evolving as the held by the client. the potential for fraud. ■
accounting profession acknowledges

© 2005 Sequence Inc. All rights reserved.
Sequence Inc. Forensic Accounting ■ 316 North Milwaukee Street, Suite 16 ■ Milwaukee, WI 53202 ■ 414.727.2361 ■ www.sequence-inc.com

© 2005 Sequence Inc. All rights reserved.
Sequence Inc. Forensic Accounting ■ 316 North Milwaukee Street, Suite 16 ■ Milwaukee, WI 53202 ■ 414.727.2361 ■ www.sequence-inc.com