This is the third blog looking at the state of the auditing profession. In the first blog, we looked at what has changed as companies have grown and gone global. Last month we considered the use of words and the significance of precision. And in this blog, we'll delve into principles that form the bases for our work.
Answers to last month's Trivia
What was the name of the book which was the principal source of guidance to auditors in the 1800’s? Auditing: A Practical Manual for Auditors
What was the name of the book that was the principal source of guidance to auditors in the early 1900s? Montgomery’s Auditing. FYI, this was my audit bible when I started in the audit profession.
Assuming you have a copy of the 1900 book or can find a copy, what did the auditor say about auditing in the preface of the book? “The most important branch of accountancy”
What term did the author for internal control? (Hint, we did not use the phrase internal control.) “Internal Check”
Which Federal laws changed the world of auditing forever? Securities Act of 1933 and Security Exchange Act of 1934. These acts required the financial statements of publicly traded companies to be audited.
Here is an opinion question: Should auditing standards be more principle-based or rule-based?
In my opinion, clearly, the standards should be principle-based. We need to teach people how to think. At one time, I referred to fraud auditors as fraud engineers. I used that thought process because engineers are taught how to solve problems. saw a correlation to solving fraud problems. With that said, there should be guidance for the principles. After all, auditors were not born fraud geniuses.
As promised in my March blog, I will offer my framework for integrating fraud detection procedures into your audit.
As usual, in researching my topic, I found a quote on the internet. While not exactly on point with the topic of fraud auditing, I do believe it is a good introduction to the thought process of fraud auditing.
What is a principles-based approach to corporate governance?
A principles-based approach to corporate governance is an alternative to a rules-based approach. It is based on the view that a single set of rules is inappropriate for every company. Circumstances and situations differ between companies. The circumstances of the same company can change over time. Source: Etude Risk Management, a South African Company
Fraud Auditing the Thought Process
Winnie the Pooh once said, “Did you ever stop to think, and forget to start again?” Well, I am going to ask you to “stop to think” What I am really asking you to do is stop thinking about everything you think you know about the field of auditing. So, I have three questions for you.
- 1. Can you set aside everything you know about auditing for a moment, so that you can reflect?
- If not, stop reading.
- If yes, go to question # 2
- 2. Do you think an auditor should be able to detect a significant fraud scheme in the course of an audit?
- If not, stop reading.
- If yes, go to question three.
- 3. Do you think the phrase “consider fraud” is sufficient to assist the auditor in designing an audit to detect a significant fraud?
- If not, continue to read and reflect.
- If yes, stop reading because you did not heed Winnie’s advice.
I think, to discuss the framework, we will need two blogs. Today’s blog will focus on some of the guiding principles of fraud auditing and June’s blog will focus on the associated rules. To be clear, this blog is intended to make you think. That is the essence of the principle-based approach. Let's start the discussion by introducing five principles of fraud auditing (acknowledging that there are more):
Intentional error versus unintentional error
When considering fraud, you must start with the premise that what you see is not what you are getting. Fraud risk by its nature has an element of concealment. Your audit plan must be designed to see through the lies in the documents, representations, and evidence of the performance of an internal control. In other words, the search for the intentional error.
Quality of evidence versus the quantity of evidence
The starting point is to understand the rules of audit evidence. This is supported by a sentence and a definition from SAS 142.
The objective of the auditor is to evaluate information to be used as audit evidence, including the results of audit procedures, to inform the auditor’s overall conclusion about whether sufficient appropriate audit evidence has been obtained.
Appropriateness (of audit evidence): The measure of the quality of audit evidence, that is, its relevance and reliability in providing support for the conclusions on which the auditor’s opinion is based.
Every auditor gathers evidence to support their conclusions. In judging the quality of the evidence, we are required to consider the relevance and the reliability. I prefer to say the authenticity of the evidence. Your audit plan must be designed to gather the highest form of evidence, or, using the official language, the most “reliable” evidence.
Authenticity of the control/documents/representations versus the evidence of the performance of an internal control
A key element of every audit is an opinion on the adequacy and effectiveness of the internal controls. The control test is witnessing the audit trail that suggests the controls are operating effectively. Your audit plan must be designed to first see the control and then verify the authenticity of the representation made by the control owner through a source of evidence not under the influence of the control owner.
Consider fraud versus consider a fraud risk statement
The phrase “consider fraud” is simply too broad to be effective. The search for fraud must be defined by fraud risk statements rather than lofty statements. Your audit plan must define the scope of the audit plan by using the fraud risk universe step-down process. Think of the risk statements as audit objectives.
Residual control assessment versus assessing the likelihood of fraud occurring
Control assessment is the cornerstone of every audit. It is simple to understand. If the control is adequately designed and operating effectively, the risk should be mitigated to an acceptable level.
Now let’s look at the flaws of the logic regarding fraud.
Many frauds can occur and either comply with your internal controls or provide the appearance of complying with the internal control because of the sophistication of concealment. The audit plan should in the planning stage base the likelihood of fraud on the data profile of the fraud risk statements in your scope.
I hope I made you think. Next month, I will provide examples of rules associated with the principles. Maybe, just maybe, we can start a movement in defining the concept of fraud auditing. Remember, our goal is to make audit the number one reason for fraud detection.
Fraud Trivia
In what year was the first record of an audit being performed?
In 1997, the American Association of Public Accountants was created. What is the primary purpose of the organization?
Which US State was the first to create the designation of Certified Public Accountant, CPA. In what year?
What was the name of the first person to receive a NYS CPA licenses?
What was the name of the first person to pass the CPA exam?
In what year were calculators allowed for use in the CPA exam?
In Australia, what does the designation CPA stand for?
Trivia source: Wiki
