In the August blog, I provided you with a homework question.
I asked why the following fraud risk statement would not be included in the scope of your audit work:
“Payroll function causes a payroll payment to be issued in the name of an employee who is not on the human resources database.”
The answer is:
- 1. The perpetrator in the blog was an operations person, so a fraud risk statement committed by payroll is not in the scope of the audit.
- 2. employee is not defined as a real person or a fictitious person, so we really do not know if the risk statement, as written, is included in the scope of the audit.
Remember, the risk statement is the foundation of your audit scope. Without precision in writing the statement, no one will know exactly what is included and what is not in your scope.
Now on to the main topic of this month, which is how to write a fraud audit report.
Before you start reading, let me give you a warning: The report format I am suggesting is extremely different than a traditional audit report. But, so is fraud auditing.
The end result of a fraud audit is a document that provides the parties with information to make necessary decisions. Management needs to know whether sufficient evidence exists to warrant an investigation. The fraud investigator and legal counsel need to understand what facts have been gathered to support the allegations. The fraud audit report should provide the basis for further action and the framework for an investigation. A fraud audit report written in the format of an expert witness report provides the medium to accomplish both the audit and the eventual legal objectives.
Structuring the fraud audit report around the federal rules of evidence allows for a seamless transition from the audit standards to the investigation standards. The extent of compliance with the rules will depend on the facts and circumstances under which the auditor is operating. Our fraud audit report consists of seven sections:
- 1. Background and assumptions
- 2. Statement of opinions
- 3. Relevant information
- 4. Exhibits
- 5. Basis of the opinions
- 6. Recommended actions
- 7. Documents necessary to complete investigation
Background and assumptions
Think of this section as the objectives and scope section of an audit report. This section should identify who conducted the audit, the reason why the original audit was conducted, the report date, the date the audit was commenced, and the date of the opinions.
It is important to identify the reason for the audit. Was it a scheduled audit or in response to an allegation? Was the primary purpose of the audit to test internal controls or was the purpose to uncover fraud? See my March 2021 and August 2021 blogs.
Statement of opinions
This is the executive summary. Here you offer an opinion regarding the fraud risk statements in the scope of your audit. I know this is different than a traditional audit report, but it is an important component.
Our recommended language is:
In my opinion, there is no creditable evidence that the fraud scheme is occurring (identify the fraud risk statement)
Or
In my opinion, there is creditable evidence that the fraud scheme is occurring.
Now as a matter of style, you can either write one fraud risk statement or you can write multiple opinions effectively breaking the fraud risk statement into smaller parts. To illustrate the multiple opinion style:
In my opinion, there is creditable evidence that the ABC Company is a shell company.
In my opinion, there is creditable evidence that ABC Company’s billed for services that were not provided.
In my opinion, there is creditable evidence the manager of Human Resources hired the ABC Company and approved all the invoices for payment.
Relevant information
This section indicates what documents records and other information the auditor relied upon to formulate his opinions. The auditor should identify the type of documents used to formulate their opinions. The report should include company reports, document names, relevant dates, account numbers, and other identifying information. It is generally not necessary to provide a listing of each specific document identified in the section.
Exhibits
A listing of the exhibits attached to the report. The exhibits support the basis of the opinions and provide management with information. Using the prior opinion, an example of an exhibit would be all the questionable invoices from the ABC Company. If in fact, this goes into legal action, the exhibit will be a required piece of evidence for the court.
Basis of Opinions
This section is the statement of facts that support your opinion. As a matter of style, we repeat the opinion and then list all the facts that support our opinion.
Recommended actions
The first action is to either recommend an investigation or state that no additional audit work is necessary. As a guideline, we do not provide recommendations for internal controls. We suggest that you provide these recommendations in a separate document.
Documents necessary to complete investigation
The purpose of this section is to make management aware of the documents, records or witnesses that are necessary to assist the legal department in formulating an opinion as to whether a legal action is necessary, capable, possible, or cost-effective.
Other sections for consideration
A report distribution section that states the parties receiving the report and a specific statement that the report expressly prohibits copying the report and further distribution of the report.
A limiting condition section that states limitations or weaknesses relevant to the documents, access to records, or the failure of cooperation by employees. Hopefully, all these issues are resolved prior to issuing a report. However, if the issues are not resolved, the failure to disclose the limitations could make the report misleading.
An attorney work product statement if the audit was conducted under the direction of legal counsel. The report was prepared for attorney D.Q. Smith, Esq.
A confidentiality statement as to the information in the report. A report should never be written assuming that a third party with adverse interests to the company will not read the report.
Final Thoughts.
Yes, this report format is a different report typically written by auditors. But we think it is the right format to communicate the results of a fraud audit. Our next blog will provide guidance on how to write a fraud audit finding.
Just for fun, I have a couple of trivia questions for next month's blog.
- 1. What was the original name of the FBI?
- 2. What professions did J. Edgar Hoover like to hire for FBI agents?