Fraud Detection and Prevention in Financial Reporting – Is It the Auditors’ Responsibility?
The issue of fraud has been in existence for ages leading to the collapse of most businesses due to misleading financial reporting and misappropriation of funds. It has also questioned the integrity of some key industry players as well as major accounting firms. Unfortunately, fraud is not in any physical form such that it can easily be seen or held. It refers to an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.
According to the Association of Certified Fraud Examiners, fraud is defined as any intentional or deliberate act to deprive another of property or money by guile, deception, or other unfair means. It classifies fraud as follows:
- Corruption: conflicts of interest, bribery, illegal gratuities, and economic extortion.
- Cash asset misappropriation: larceny, skimming, check tampering, and fraudulent disbursements, including billing, payroll, and expense reimbursement schemes.
- Non-cash asset misappropriation: larceny, false asset requisitions, destruction, removal or inappropriate use of records and equipment, inappropriate disclosure of confidential information, and document forgery or alteration.
- Fraudulent statements: financial reporting, employment credentials, and external reporting.
- Fraudulent actions by customers, vendors or other parties include bribes or inducements, and fraudulent (rather than erroneous) invoices from a supplier or information from a customer.
Fraud involves the motivation to commit fraud and a perceived opportunity to do so. A perceived opportunity for fraudulent financial reporting or misappropriation of assets may exist when an individual believes internal control could be circumvented, for example, because the individual is in a position of trust or has knowledge of specific weaknesses in the internal control system. Fraud is generally fuelled by three variables: pressures, opportunity and rationalization as depicted in the diagram.
There is the need to distinguish between fraud and error in financial statement preparation and reporting. The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement in the financial statements is intentional or unintentional. Unlike error, fraud is intentional and usually involves deliberate concealment of the facts. Error refers to an unintentional misstatement in the financial statements, including the omission of an amount or disclosure.
Although fraud is a broad legal concept, the auditor is concerned with fraudulent acts that cause a material misstatement in the financial statements and there are two types of misstatements in the consideration of fraud – misstatements resulting from fraudulent financial reporting and those arising from misappropriation of assets. (par. 3 of ISA 240)
Misappropriation of assets involves the theft of an entity’s assets and can be accomplished in a variety of ways (including embezzling receipts, stealing physical or intangible assets, or causing an entity to pay for goods and services not received). It is often accompanied by false or misleading records or documents in order to conceal the fact that the assets are missing. Individuals might be motivated to misappropriate assets, for example, because the individuals are living beyond their means.
Fraudulent financial reporting may be committed because management is under pressure, from sources outside and inside the entity, to achieve an expected (and perhaps unrealistic) earnings target – particularly since the consequences to management of failing to meet financial goals can be significant. It involves intentional misstatements, or omissions of amounts or disclosures in financial statements to deceive financial statement users. Fraudulent financial reporting may be accomplished through:
i. Deception i.e. manipulating, falsifying, or altering of accounting records or supporting documents from which the financial statements are prepared.
ii. Misrepresentation in, or intentional omission from, the financial statements of events, transactions, or other significant information.
iii. Intentionally misapplying accounting principles with regards to measurement, recognition, classification, presentation, or disclosure.
The case of Auditors’ in Fraud Detection and Prevention in Financial Reporting
Auditors maintain that an audit does not guarantee that all material misstatements will be detected due to the inherent limitation of an audit and that they can obtain only reasonable assurance that material misstatements in the financial statements will be detected. It is also known that the risk of not detecting a material misstatement due to fraud is higher than that of not detecting misstatements resulting from error because fraud may involve sophisticated and carefully organized schemes designed to conceal it, such as forgery, deliberate failure to record transactions, or intentional misrepresentations being made to the auditor.
Such attempts at concealment may be even more difficult to detect when accompanied by collusion and as such the auditor’s ability to detect a fraud depends on factors such as the skillfulness of the perpetrator, the frequency and extent of manipulation, the degree of collusion involved, the relative size of individual amounts manipulated, and the seniority involved. However, users of financial information expect auditors to take steps to detect fraud during the audit because they are often displeased when fraud goes undetected and is later uncovered by a tip or accident whiles the resulting investigation or financial statement restatement creates negative consequences for the company and its employees.
Who then has the responsibility to detect fraud in financial reporting?
Auditors’ responsibilities and roles in audit are enshrined in the International Standards on Auditing (ISA) which serves as the “bible” for auditors in the discharge of their duties and to ensure that their reporting complies with international standards. The provisions of the standard which are under consideration for this purpose are ISA 240 (i.e. The Auditor’s Responsibilities Relating to Fraud in An Audit of Financial Statements) and ISA 315.
Paragraph 4 of ISA 240 deals with the responsibility for the prevention and detection of fraud and it states that “the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. It is important that management, with the oversight of those charged with governance, place a strong emphasis on fraud prevention, which may reduce opportunities for fraud to take place, and fraud deterrence, which could persuade individuals not to commit fraud because of the likelihood of detection and punishment. This involves a commitment to creating a culture of honesty and ethical behavior which can be reinforced by an active oversight by those charged with governance. Oversight by those charged with governance includes considering the potential for override of controls or other inappropriate influence over the financial reporting process, such as efforts by management to manage earnings in order to influence the perceptions of analysts as to the entity’s performance and profitability”.
Paragraph 5 also states that “An auditor conducting an audit in accordance with ISAs is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed in accordance with the ISAs”.
Besides, ISA 315 requires auditors to evaluate the effectiveness of an entity’s risk management framework in preventing misstatements, whether through fraud or otherwise, during an audit and that auditors should consider the risk of misstatement from fraud or error of each significant account balance, recognizing the material classes of transactions included therein, in order to identify specific risk and if a material misstatement is found due to the possibility of fraud, then that could cause them to question management’s integrity and the reliability of evidence obtained from management in other areas of the audit.
Theses suggests that the Directors are responsible for ensuring that the company keeps proper accounting records that disclose with reasonable accuracy at any time the financial position of the Company as well as responsible for safeguarding the assets of the Company and taking reasonable steps for the prevention and detection of fraud and other irregularities and that auditors’ responsibility is to express an opinion on whether the summary financial statements are consistent, in all material respects, with the audited financial statements based on their procedures, which were conducted in accordance with International Standards on Auditing (ISA). Is for this reason that all annual financial reports have directors and auditors’ responsibilities clearly spelt out.
Obviously, it can be concluded that auditors play just a complementary role in the detection and prevention of fraud in financial reporting and that the ultimate responsibility rest with those charged with governance.
The Institute of Internal Auditors (IIA) standard 1210.A2 however requires auditors to possess “sufficient knowledge” to identify indicators of fraud meaning that while auditors cannot be expected to develop these skills to the level of a fraud examiner, they should try to become more proficient through training, hands-on experience, reading the professional literature, brainstorming, and using fraud detection skills during the audit so they be aware of the impact of both fraud and error on the accuracy of the financial statements.