Breaking Tradition in the Auditing Profession

Established auditing approaches cannot adequately detect financial statement fraud. The ACFE proposes a Model Organizational Fraud Deterrence Program as an alternate, more effective strategy for both auditors and investors. 

One of the most difficult issues facing the auditing profession is that there are no auditing procedures that can provide absolute assurance in detecting all fraudulent financial reporting. As a result, auditors have historically attempted to avoid the responsibility for fraud detection, albeit unsuccessfully. In the current environment, the public holds expectations of auditors with respect to fraud that simply cannot be fulfilled.

In a perfect world, auditors would concentrate primarily on prevention – not detection – of fraud. We all are aware that, from cancer to crime, it is much more effective to prevent problems rather than to deal with the aftermath. The ACFE was a strident voice in adding prevention concepts to the new U.S. auditing standard on fraud, SAS 99. Although this is an improvement on SAS 82, it will not solve the whole problem and we propose a different approach that could be better for investors and for auditors.

As many members know, the ACFE studied and evaluated nearly 4,000 cases of fraud from 1996 to 2002 that covered asset misappropriations, corruption, and fraudulent statements. The results subsequently were detailed in the ACFE’s “Report to the Nation on Occupational Fraud and Abuse” of the same years. To our knowledge, these represent the largest research projects on the topic.

Although fraud prevention was not the primary focus of our research, it became clear that some organizations were less prone to fraud than others. The reasons are not entirely known, but it appears that the prevention of fraud extends beyond traditional accounting controls. It involves a number of diverse disciplines such as behavioral sciences and criminology.

Moreover, we believe that internal controls and fraud prevention – although interrelated – are not one and the same. Criminologists have long established that the willingness to commit any crime is inversely proportional to an individuals’ perception (not necessarily the reality) that the illegal conduct will be detected. That explains why the mere presence of police in crime-prone neighborhoods deters criminal activity.

Contrarily, criminological research has shown that general deterrence – a politically popular notion that concentrates on sending a message by punishing criminal behavior – is relatively ineffective. In short, punishment is irrelevant for those who are convinced that they will not be caught.

We believe that the public and the auditing profession could be better served by adopting a more holistic approach to the deterrence of fraud. Our concept, called the Model Organizational Fraud Deterrence Program (the Model), would employ a “best practices” approach to fraud prevention.

Through in-depth research, the profession would set out the factors that are present in organizations – both accounting and otherwise – which are the most likely to prevent fraud. It would then become the auditor’s responsibility to determine the extent of the organization’s compliance with the Model. Instead of opining that the entity is essentially free of material fraud, the auditor would grade the entity’s compliance, say from A to F. Such a grading system would convey more information and reduce biasing compared to a pass/fail system. This approach would provide investors, lenders, and other key stakeholders with transparency as to the entity’s fraud prevention measures, allowing them to make informed financial decisions that reflect their own risk tolerance. Bond investors make similar decisions using ratings from Standard & Poor’s, Moody’s, etc. to take account of credit risk. People still buy “junk” bonds, but they demand a premium return to offset the increased risk of loss. The same approach can work with fraud risk.

Although this is a paradigm shift in the way auditors serve users of financial statement, it has four distinct advantages. First, it would move the emphasis away from an unwinnable strategy – detecting 100 percent of fraud – to an achievable one – measuring the implementation of appropriate fraud prevention strategies, reducing the occurrence of fraud. Second, it would create an incentive for entities to adopt a prevention strategies, reducing the occurence of fraud. Third, it would provide transparency to investors, enabling them to better protect themselves from fraud risk. Finally, it could solve the liability dilemma that plagues the auditing profession.

The internal control reporting requirements of section 404 of the Sarbanes-Oxley Act is a steppingstone in this direction, but new standards are needed against which fraud-specific prevention processes can be evaluated. Also, the reporting system needs to incorporate graded responses if useful information is to be conveyed. Most public companies would be lucky to score half marks compared to recommended anti-fraud practices today, as the ACFE’s Fraud Prevention Check-up (see CFEnet.com) has demonstrated. A graded system encourages transparency and improvement, while a pass/fail system is particularly vulnerable to manipulation and bias and could chaos if used honestly.

Anti-Fraud Education 

Fraud, of course, is much broader than accounting. We believe the students do not receive sufficient anti-fraud education covering both fraud prevention and detection. The ACFE has been at the forefront in supporting this much-needed training for accounting students.

Since the public expects accountants to protect them from fraud, improving that expectation begins in college, where accountants receive their initial accounting education. And because fraud schemes change over time, accounting graduates who practice as public accountants should dedicate a portion of their required continuing professional education in this area, too. Perhaps various global governing bodies should mandate a certain basic level of anti-fraud CPE each year for all auditors of public companies.

As late as 1999, there were only 19 colleges out of nearly 900 in the U.S. that offered a fraud course. Through the ACFE’s Higher Education Program, we have donated resources that have enabled more than 100 colleges to teach the principles of fraud examination. More than 200 others are considering adding the course. It is our goal that, within five years, most colleges in the United States will be offering a separate course in fraud. We are working with the American Accounting Association and the American Institute of CPAs to move this forward. We have also extended the Higher Education Program to Canada and will be offering similar assistance to colleges throughout the world.

Anti-Fraud Research 

Our profession suffers from a shortage of knowledge that addresses fraud. The current wave of fraudulent financial reporting is more than accounting problem; it is a societal issue.

As fraud examiners, we should support multi-disciplined research designed to seek long-term solutions to deterring fraud – in all its forms. Until this year, no institution of higher learning in the United States dedicated itself to this important mission.

The University of Texas at Austin, in collaboration with the ACFE, the AICPA, and select other organizations, has recently established the Institute for Fraud Studies (IFS). When operational, the IFS will begin conducting in-depth research into the causational factors of fraud, which will be shared with government, academia, and the public. We currently are seeking modest funding from eight founding sponsor organizations to support the IFS for an initial three-year period. We hope that our global colleagues will participate in the mission of the IFS, too.

Anti-Fraud Specialists on Public Company Audits  

Accepting the fact that fraud and accounting are not the same disciplines, we believe the auditing profession should use the unique skills of anti-fraud specialists on public company audits. Virtually all the major accounting firms are currently staffed with Certified Fraud Examiners. However, they principally are used reactively instead of proactively.

Rather than employing their skills mainly to investigate allegations of fraud once they have been reported, anti-fraud specialists should also be used during the audit to help identify key risk areas, evaluate fraud prevention processes, design effective anti-fraud tests, and evaluate evidence of potential fraud. Anti-fraud specialists bring extensive knowledge and experience of fraud that most auditors have not had the opportunity to acquire. They also bring a high level of professional skepticism and decision processes that can be more effective in resolving potential fraud appropriately. Moreover, the mere presence of anti-fraud specialists during audits could have a significant impact on increasing the perception that illegal activity will be detected.

Financial Transparency for Boards, Insiders, and Executives  

From our study of a long list of financial statement frauds – beginning with the classic Equity Funding fraud in the 1970s and continuing through today’s multi-billion dollar accounting scandals – a distinct pattern has emerged: Corporate insiders have lined their pockets at the expense of the shareholders. Their methods vary and are often cloaked behind complex transactions that are not readily apparent to the entity’s auditors.

But the lure of these illegal schemes nearly always finds its way into the personal finances of those involved. In some situation, the individual tax returns of insiders were prepared by the same firm that conducted the audit, albeit by different personnel. That was the case in the $300 million ESM Government Securities fraud of the 1980s. Although the financial fraud was concealed on the company’s books, the insiders had declared the proceeds on their own personal tax returns. Had the auditors examined the tax returns of the principals (which they did not) the scheme would have been obvious.

This illustrates a fundamental tenet of fraud examination: Follow the money. There are but two ways that this can be accomplished. Illicit transactions can be traced from an insider to the organization or vice-versa. The former approach is invariably easier.

Corporate insiders have a well-recognized fiduciary duty to act in the best interests of the shareholders. We believe a part of this duty must include their financial transparency. Auditors should be given access to any financial information that bears on this issue. That would include – but would not be limited to – personal tax returns and detailed banking records. By so doing, two important objectives could be accomplished. First, it would make it more difficult for insiders to conceal ill-gotten gain. Second, financial transparency could be a significant and powerful deterrent.

The ideas contained here are not the complete solution. Even if all of them are adopted in some form, we all recognize that there is no mechanism that can prevent all financial statement fraud. But we strongly believe that traditional auditing approaches cannot and will not solve these difficult problems. The downfall of Enron and Andersen has created an urgent need, and an opportunity, for a new strategy for auditors to fight fraud more effectively. It is in the interest of auditors, as well as investors, to seize this opportunity.

Joseph T. Wells, CFE, CPA, is the founder and Chairman of the ACFE. 
Toby J. F. Bishop, CFE, CPA, FCA, is President and Chief Executive Officer of the ACFE.