Fraud happens. In fact, it is probably happening at your workplace as you read this article. OK, maybe not this exact moment, but definitely in the recent past. It may not be much: an embellished expense report, a personal charge on a company credit card, employees recording four hours of overtime instead of two … but it happens. I could give you all kinds of statistics provided by the Association of Certified Fraud Examiners, like an estimated 5 percent of revenues are lost annually to fraud, or on average frauds go undetected for 16 months, and fraud can happen at all levels of employment. I am not here to bore you with statistics. I am here to answer THE question. The question that is asked by most of the organizations we help who have suffered a fraud loss. The question that is on everyone’s mind each time they read about another embezzlement in the news: “Why didn’t the auditors catch it?”
It’s a fair question. Auditors are your accounting expert, so why wouldn’t they identify an embezzlement occurring within their client’s business? To answer these questions, we need to understand a few things.
What Is an Auditor’s Job?
When organizations hire an auditor, they are asking them to validate their bookkeeping as it relates to their financial statements. Your auditor is utilizing their expertise to verify that your organization’s financial statements are not materially misstated. The amount considered material is determined by your auditor and can depend on several factors.
Are Auditors Looking for Fraud?
To a degree. The responsibilities of an auditor, as it relates to fraud, are spelled out within the auditing standards. According to those standards, “an auditor conducting an audit in accordance with Generally Accepted Auditing Standards is responsible for obtaining reasonable assurance that the financial statements as a whole are free from material misstatement, whether caused by fraud or error.” So what is this saying? Your auditor will maintain professional skepticism and objectivity throughout the audit and will perform procedures in response to identified fraud risks. However, their primary concern is making sure your financial statements are presented fairly to stakeholders. In fact, in a large portion of fraud cases we examine, the fraud is actually reflected in the financial statements. In these instances they are typically concealed within the organization’s expenses by the fraudster. It is the hidden nature of fraud that makes it so difficult to identify.
Who Is Responsible?
Unfortunately, when fraud occurs there can be a lot of finger pointing. Management can be blamed for failing to implement proper internal controls, board members can be blamed for their lack of oversight, and auditors can be blamed for the simple reason that they are the auditors. Ultimately, the responsibility of fraud prevention and detection lands on the individuals tasked with governance or management of the organization.
Even though financial statement audits are not designed to identify immaterial employee theft, they still can and sometimes do. I do not personally conduct financial statement audits, but because I work in the forensic accounting department for a top 25 accounting firm, I am aware that auditors do identify fraud. In fact, having a financial statement audit is always a better option for fraud prevention than not having a financial statement audit.
Fraud happens, but it can be mitigated. It takes a team effort to prevent fraud. Management, board of directors, accounting staff and auditors all play their part. Utilize your resources and ask for help if needed. You should not rely on financial statement audits to be your organization’s only measure of detection.