What was the original name for the FBI?
Answer: B.O.I. Bureau of Investigation
What professions did J. Edgar Hoover like to hire for FBI agents?
Answer: Lawyers, reporters, and accountants
At the risk of repeating myself again, in last month’s blog I wrote: “Before you start reading, let me warn you! The report format I am suggesting is very different than a traditional audit report.” Well, a fraud audit finding is also very different. Before I start, let’s look at the format of an audit finding according to the IIA or the Yellow Book.
The objective of the audit finding is to improve internal controls. So, what is the objective of a fraud audit finding?
The objective of the fraud audit finding is to assist your attorney in evaluating the legal merits of your fraud audit findings. There is an old saying in the writing profession, “know your audience! With that said, avoid using legal terms or legal jargon in expressing your findings.
The starting point is the fraud risk statement. By using the five elements of a fraud risk statement you will provide the attorney with the required minimum information to formulate a legal opinion on the merits of your finding.
Person committing: Identify the person that you believe is committing the fraud risk statement. I would suggest that you use the title of the person committing the fraud risk statement rather than a person’s name. Then describe why you believe the person is linked to the entity and the fraud action.
Type of entity: Is the entity real or false, is the entity complicit or not complicit? Is the entity a vendor, customer, or employee? You should provide sufficient information to clearly communicate the type of entity. Then, list the facts that support your finding.
Fraud action statement: First describe what act was committed. Then describe how the person committed the fraud action statement.
Fraud conversion statement: Describe how the person obtained the monetary funds.
Fraud impact: Indicate the extent of the monetary losses. Then provide an exhibit listing the actual transactions that comprise the monetary losses.
Considerations in Writing the Fraud Audit Finding
It is important for you as the auditor to express your opinion and the facts that support your opinion. In offering your opinion, you will need to find words that express your degree of certainty.
I suggest that you start each fraud element with the phrase “there is (is not) credible evidence” then insert the relevant part of the fraud risk statement. Remember, we are not offering an opinion of guilt or innocence, but rather a statement of what occurred and the facts that support our opinion.
As a matter of style, we provide a separate opinion for each element of the fraud risk statement. In this way, legal counsel is better able to assess the weight of evidence that supports each element of your fraud risk statement.
There is credible evidence that the controller was responsible submitting the ABC invoices to the accounts payable function for payment.
There is credible evidence that the ABC Company is a shell company.
There is credible evidence that the items listed on the ABC invoice were never provided.
There is credible evidence that the accounts payable function issued company checks in the name of the ABC Company. Each check was endorsed “for deposit only” listing a bank account number at the Richie Rich bank.
There is credible evidence that the payments totaling $500,000 were provided to the ABC Company.
After each statement, list the facts that support your observation. In writing the facts be concise and accurate with the words that you use. To illustrate:
There is credible evidence that the controller was responsible for submitting the ABC invoices to the accounts payable function for payment.
In writing your fraud audit finding, I offer the following guidance:
As always, a common question is: Do these fraud schemes really occur. So, next month I will provide examples of real-life fraud schemes that have been reported in the media.