Over the last few weeks, I have had the pleasure of hearing from readers who have uncovered fraud schemes in their companies. This includes two chief auditors who attributed their ability to locate fraud schemes to my lectures or my fraud auditing techniques. I want to thank these individuals for contacting me. It was very kind of them.
One, a CPA & CIA, wrote, “We caught your presentation in Austin. When I returned to the office, I had our A/P manager in my office. Long story short, we caught a shell company that had been billing us for eighteen years and beat us out of $180,000. Thanks to your wonderful book, we are on another vendor that has been overbilling us for years.”
The other, a CPA, said she had heard me speak at General Audit Management Conference - GAM - in Dallas. She called me because she had detected a pass-through scheme that had been occurring for over five years. She had a few questions. They are still in the middle of sorting out all the issues.
I am seeing a change in our profession. Auditors are starting to proactively search for fraud using fraud auditing methodologies. I have been told by some professionals that I may be the grandfather of the fraud auditing concept. Well. I have been writing about fraud auditing for more than ten years. I continue to publish every month and lecture on the concept of fraud auditing. I think I still have ten more years in me.
So, what is fraud auditing? It is the proactive search for fraud risk statements that are occurring in your core business systems. The search occurs by audit design rather than responding to an allegation. The three major considerations are:
- What fraud risk statements are included in your audit?
- How can you improve the odds that your audit sample will include a fraudulent transaction?
- How can you design a fraud audit test procedure?
In this blog, I will not provide a dissertation about fraud auditing methodology. Rather, I will provide eleven statements in the spirit of causing you to think about your audit plan and helping you create a dialog in your company about improving your ability to find fraud risk statements within your audit.
- 1. Finding fraud in an audit is easier than you think.
- I was at a conference sitting at a round table when I made the preceding statement at my table. I was fascinated by the disagreement that the individuals at my table had with my comment. I decided to sit and listen rather than debate.
- 2. “Fraud” may be one of the most misunderstood words in the audit profession. After you look at the legal definition of fraud, ask yourself: Are we really preparing a fraud risk assessment or are we preparing an asset misappropriation or corruption, etc. risk assessment? Remember, words are important.
- 3. The auditor’s view of fraud is often too vague to be useful. Fraud risk facing business is more than the theft of an asset. To illustrate, an actual fraud risk statement from a real company was: “The risk of internal parties committing fraud or misconduct.” Unfortunately, I can provide you with many more examples.
- 4. Fraud auditing is not the same as a fraud investigation. The only thing that these two concepts have in common are the word fraud.
- 5. The methodology for detecting fraud in an audit is different from testing the adequacy and effectiveness of internal controls. I believe this may be one of the biggest hurdles for our profession.
- 6. We need to stop arguing over whether a procedure is an audit procedure or an investigation procedure. Simply stated, both are designed to gather evidence. The argument should be about the “quality” of evidence rather than whether the procedure is audit or investigation.
- 7. Taking a random sample from a fraud detection process should be called the “trip across fraud” technique. Yes, that’s sarcasm. If we want to be relevant in the fraud detection discussion, we must incur the cost of fraud data analytics.
- 8. Real fraud auditing requires less time to perform than a traditional internal audit of internal controls. Right now, the perception is that fraud auditing takes more time than a traditional internal audit. This seems to be one of the barriers to implementing fraud auditing.
- 9. In ten years. there will be a software solution for detecting internal fraud. That is my prediction. In fact, I am currently working with a software company, Valire Software LTD, developing fraud detection technology, Please, visit their website
- 10. Every large company has fraud schemes occurring in their core business systems right now. This is my opinion Yes, many of the schemes are material, maybe not to the financial statements, but the cost of the scheme is very large.
- 11. Auditors should be responsible for detecting fraud in the conduct of an audit. This is one of my most controversial statements.
The goal of this blog is simple: to cause audit to become the number one method for fraud detection. We can do this. Our profession is full of bright, talented and hardworking individuals. We simply need to re-tool our audit process to respond to the fraud risk.
Remember that I said the intent of my comments is to spark discussion? So, my plan is to discuss these comments over my next few blogs. For those of you who know me, I listed eleven items versus ten because I prefer odd numbers to even numbers and I like prime numbers. I share this for those of you who like the up close and personal touch.