This is the second of three blogs looking at the state of the auditing profession. In the first blog, we looked at what has changed as companies have grown and gone global. In this article, we’re considering the use of words and the significance of precision.
The answers to last month's trivia
In which country is the museum of counterfeiting? France
As a revenue stream, what is the annual revenue of counterfeiting? $500 billion
Can tattoos be copyrighted? Interestingly, there are undecided court cases pending on this issue.
True or false: There are over 150 synonyms or antonyms associated with the word counterfeits. True. (This is for my word friend)
What is the most counterfeit product category? Footwear
What are the most common forms of wine fraud? Refilling authentic bottles with substandard wines, substituting popular vintages for less well-known ones, deliberately using grapes from the wrong varietal or region, and reselling wines that have been damaged in floods and fires without disclosing the damage. Yes, this was a Law & Order episode.
“Words have a magical power. They can bring either the greatest happiness or deepest despair; they can transfer knowledge from teacher to student; words enable the orator to sway his audience and dictate its decisions. Words are capable of arousing the strongest emotions and prompting all men's actions.”
--Sigmund Freud
Wells Fargo: Life Changing Event?
Before we examine the fraud words, I hope you realize that life has changed for the Internal Audit Profession. Take a look at the United States of America Department of the Treasury Office of the Comptroller of the Currency report on the events that occurred at Wells Fargo.
The agency alleged that three former executives, of which two have audit responsibilities, did not perform their duties and responsibilities adequately, and that their failures contributed to systemic problems at the bank. All three were assessed civil penalties. FYI, all three are appealing.
For its own part, Wells Fargo agreed to pay $3 billion in 2020 to resolve a criminal probe by the Department of Justice and the SEC. The San Francisco bank also acknowledged that employees broke the law by committing fraud and identity theft and falsifying bank records.
Let’s assume a significant fraud has occurred in your organization. Let’s further assume you audited the function in the last 12 months and your audit had no significant findings. Meaning you missed the fraud. Now everyone is looking at the words you used to describe your work and conclusions.
Based on the words you used, will you be cleared? Accused of cover-up? Called negligent? Since words matter so much, let’s identify commonly used words and then discuss them.
Common Fraud Words or Fraud Phrases Used by our Profession that Should Have Common Definitions
- Fraud
- Fraud Risk, Fraud Schemes, Fraud Scenarios, Fraud Risk Statement, Risks of Fraud
- Types of Fraud, Fraud Tree, Fraud Risk Universe
- Forensic
- Forensic Auditing Technique, Fraud Auditing
- Red Flags of Fraud
- Potential for Fraud, Fraud Likelihood Fraud Risk Assessment
- Respond to the Risk of Fraud, Consider Fraud
- Fraud Prevention, Fraud Detection & Fraud Deterrence Controls
Wells Fargo Reflections
Based on our profession’s words or your words, has the legal standard of “due care” been met? The Legal Dictionary defines due care as “the conduct that a reasonable man or woman will exercise in a particular situation, in looking out for the safety of others”
Now ask yourself, is your audit approach going to meet the legal expectation based on the words used by our profession? Based on the words used by you?
The Right Word Quandry
Should we say exactly what we mean, or assume everyone knows? With precision in mind, let’s examine five examples of words or phrases used by our profession.
Fraud Risk Assessment
Fraud is “knowing misrepresentation of the truth or concealment of a material fact to induce another to act to his or her detriment” Source Black’s Law Dictionary
Risk Assessment: “A risk assessment determines possible mishaps, their likelihood and consequences, and the tolerances for such events. The results of this process may be expressed in a quantitative or qualitative fashion. Risk assessment is an inherent part of a broader risk management strategy to help reduce any potential risk-related consequences.” Source Wiki
Here is my question: are we really performing a fraud risk assessment or an asset misappropriation assessment with an element of deceit?
Forensic
The IIA Competency Framework uses “forensic” under expert knowledge, stating “applying forensic auditing procedures in fraud prevention, deterrence, and investigation”
Black’s Law Dictionary defines “forensic” as “used in, or suitable to, courts of law or public debate”.
Here’s my question: Is forensic the right word? Are auditors communicating in court or communicating with management regarding “robust internal control procedures”?
Fraud prevention
“Organizations should have robust internal control procedures to limit the risk of fraud” Source IIA Fraud And Internal Audit Assurance Over Fraud Controls Fundamental to Success Paper
Here is my question: Is prevention the right word or should we say fraud mitigation?
Pressure
Yellow Book: 8.71 Auditors should assess the risk of fraud occurring that is significant within the context of the audit objectives.
The profession says we should assess pressure, rationalization, and opportunity. Let’s focus on the word pressure in its use as described in the fraud triangle.
Here is my question: If you started to look into employee lifestyle issues that correlate to asset misappropriation, how would Human Resources respond? Remember, the standard says “audit” not “investigation”.
Fraud Red Flags
If someone were to examine your work papers, do you document the red flags that your audit team is looking for or are you relying on auditor awareness? Remember, the standards indicate that if it is not in your work papers, you did not do it!
Here is my question: When your team examines a vendor invoice, what exactly are they looking for? I must tell the following story, for years in my fraud classes I would show my students (entry-level to audit directors) examples of real-life vendor invoices used to perpetrate an asset misappropriation fraud scheme. Auditors would provide answers, but for the most part, they had no clue as to the actual red flags. I know tough words.
Here is another question: what makes something a red flag on a vendor invoice? Is a PO Box a red flag or a bank lockbox number?
Now, I am sure someone is thinking that I am nitpicking. Or maybe just being negative, for the sake of argument. So, let me offer a standard in which I believe the words are on point.
Yellow Book 8.73 Fraud involves obtaining something of value through willful misrepresentation. Whether an act is, in fact, fraud is determined through the judicial or other adjudicative system and is beyond auditors’ professional responsibility.
I have no question; the word precession is wonderful.
Now ask yourself, of the five examples, if you were being held accountable by a court of law, which example, as written, provides you with the best protection?
Importance of Word Precision
As someone that has dedicated his career to the audit profession, I am sure I can explain each of the words, the fraud phrases, or the professional standards. I just believe it is time for our profession to start using the right words to properly explain our professional responsibilities rather than trying to mitigate our responsibilities. I applaud the yellow book standard 8.73 for its careful selection of words.
Fraud Trivia
What was the name of the book which was the principal source of guidance to auditors in the 1800’s?
What was the name of the book which was the principal source guidance to auditors in the early 1900s?
Assuming you have a copy of the 1900 book or can find a copy, what did the auditor say about auditing in the preface of the book?
What term did the author for internal control. Hint, he did not use the word internal control.
Which Federal laws changed the world of auditing forever?
Here is an opinion question: Should auditing standards be principle-based or rule-based?