Face Your Auditor: Why In-Person Meetings Are Essential
One critical task for auditors is to assess the risk that fraud has caused material misstatement, then determine the auditee’s responses to those risks. In other words, where are you vulnerable, and what are you doing to protect your organization? This can be a complex issue, so a personal, face-to-face meeting is essential to answering the fraud risk question.
Fraud inquiries
Entities being audited sometimes feel fraud-related questions are probing and invasive, but they’re a critical part of the audit process. The AICPA requires auditors to identify and assess the risks of material misstatement due to fraud and to determine overall and specific responses to those risks under Clarified Statement on Auditing Standards (AU-C) Section 240, Consideration of Fraud in a Financial Statement Audit.
What kinds of questions does Section 240 require?
- Whether management has knowledge of any actual, suspected or alleged fraud
- Management’s process for identifying, responding to and monitoring the fraud risks in the entity
- The nature, extent and frequency of management’s assessment of fraud risks and the results of those assessments
- Any specific fraud risks that management has identified or that have been brought to its attention
- The classes of transactions, account balances or disclosures for which a fraud risk is likely to exist
- Management’s communications, if any, to those charged with governance about its process for identifying and responding to fraud risks, and communications to employees on its views on appropriate business practices and ethical behavior
The auditor may also need to meet with some of the people charged with governance (such as board members), internal auditors and other employees. For example, the fraud risk interviews might involve the chief ethics officer, in-house legal counsel, and employees involved in initiating, processing, or recording complex or unusual transactions (and their supervisors).
Interviews
How does your auditor gain as much fraud-related information as possible from these interviews? During the audit planning stage, the audit partner meets with the audit team to brainstorm potential company- and industry-specific risks and to outline specific areas of inquiry and high-risk accounts. The auditors then craft questions designed to probe those specific risks.
Interviews are required for every audit — auditors can’t just assume that fraud risks are the same as they were last year. While in your office, auditors meet in person with managers and others to discuss fraud risks. Why? A large part of uncovering fraud involves picking up on nonverbal clues.
Nuances such as an interviewee’s tone and inflection, the speed at which he or she responds and body language provide important context to the words being spoken. In a face-to-face interview, the auditor can also observe signs of interviewee stress in responding to the questions, including long pauses before answering or starting answers over.
In addition, in-person interviews provide an opportunity for immediate follow-up questions. When it isn’t possible to have a face-to-face interview, a videoconference or phone call is the next best option because it provides the auditor many of the same advantages as meeting in person.
It’s important for interviewees to be patient when answering the auditor’s questions. Auditors are trained to ask for clarification if an interviewee uses an unfamiliar word, rather than to assume its meaning or skip over the response. Dishonest people often use confusing language and appear edgy when they’re trying to intentionally conceal misconduct, including fraud.
Audit limitations
Even when an audit is properly planned and performed in accordance with the auditing standards, some dishonest behaviors may not be detected. It’s generally easier to find unintentional errors than to detect a material misstatement resulting from fraud. Fraud may involve sophisticated concealment schemes, such as:
- Forgery
- Deliberate failure to record transactions
- Intentional misrepresentations made to the auditor
In addition, collusion between employees and suppliers or customers can disguise fraud. The risk of the auditor not detecting a material misstatement is greater when upper-level management is involved in the fraud scheme. That’s because top managers may have the opportunity to directly or indirectly manipulate accounting records, present fraudulent financial information or override controls designed to prevent fraud.
To catch a thief
Evaluating fraud risks is a critical part of your auditor’s responsibilities. You can facilitate this process by anticipating the types of questions your auditor will ask and the types of audit evidence that your auditor will need. Forthcoming and prompt responses help keep your audit on schedule and minimize any unnecessary delays.
In addition to our experienced financial audit teams, Weaver includes a practice group that focuses entirely on detecting, tracing and documenting fraud. We hope you never need such services, but if you ever have reason to suspect fraud, see our website at https://weaver.com/services/forensics-litigation-services or contact us with your questions.
Motive, opportunity and attitude: the fraud triangle
Auditors look inside and outside of the organization to assess the risks of two types of fraud: 1) fraudulent financial reporting, and 2) asset misappropriation. In general, they categorize risk factors based on the three conditions that must be present for fraud to happen: the fraud triangle.
- Incentives and pressures. Employees resort to fraud only if they have a motive to be dishonest. For example, the company’s financial stability (and, therefore, the employee’s livelihood) might be at risk due to competition, significant declines in customer demand or new regulatory requirements. Or management could exert excessive pressure to achieve metrics necessary to obtain additional financing, meet debt covenants or earn performance-based compensation such as bonuses, stock options, and earn-out arrangements.
Sometimes personal financial obligations create pressure on individuals with access to cash or other assets susceptible to theft. The pressure to steal assets may be even greater if, for example, an employee anticipates future layoffs or changes to compensation plans.
- Opportunity. Conditions that create the opportunity to “cook the books” include significant related party transactions, the use of subjective accounting estimates, significant complex transactions, foreign operations in locations with differing regulatory environments and inadequate internal controls.
The risk of asset theft also increases if, say, the company processes large amounts of cash or if inventory items and fixed assets are small in size, of high value, in high demand or lack markers of ownership.
- Attitudes and rationalizations. Fraudsters typically rationalize their dishonesty. For instance, an embezzler might justify theft because the owner is domineering, bickers with shareholders, or commingles personal and business assets.
That’s why auditors evaluate not only morale among employees but also the “tone at the top” of the organization. Legal and ethical issues in the C-suite — such as sexual harassment or unlawful termination claims, a win-at-all-costs mentality, evasive tax practices or known regulatory violations — tend to trickle down the organization. Auditors also consider how management responds to their inquiries; an auditor may view an adversarial relationship as an indication that management is hiding fraud.
Each organization faces unique risk factors. These are just a few examples of what’s on your auditor’s radar when assessing fraud. If you notice these risk factors or any other suspicious behaviors, contact us to investigate the matter further.
© 2018