In order to fully appreciate how a traditional audit can differ from a fraud audit, it is necessary to grasp how the two types of audit are similar. Bridging the gap between the two can help you minimize the fraud risk for your company and better deploy the programs that are going to work within your organization. While the two audit types can produce vastly different results, they both have similar groundings and structure:
The Four Phases
There are four phases to both audits: planning, sampling, testing, and reporting. In many ways, within each of these stages the traditional and fraud audit approach are both similar and completely different.
Before looking into the similarities and differences in each phase it is crucial to understand that, unlike the traditional approach, the Fraud audit program is designed to uncover fraud. Where the traditional audit is often used simply to assure an organization that internal controls are in place that will mitigate fraud occurrence in core business systems, the fraud audit program sets out to identify and detect fraud in an organization.
During the planning stage of either audit program you might assign the audit to your team, encourage them to gather the relevant information and determine the audit criteria, and then choose methodologies before formalizing a plan. While your team would follow this process for both types of audit, the fraud risk statement generated during a fraud audit will directly correlate to building the fraud audit program rather than simple linking controls to fraud risk.
This distinction means that your fraud audit program is based upon your fraud risk statement and tailored to the particular instances of fraud that are being searched for. It follows, then, that fraud audits also directly adjusted to the level of concealment sophistication present.
Sampling and Testing
Traditional auditing and fraud audits begin to differ much more when we start discussing sampling and testing. During the fraud audit, sampling is incredibly extensive and will typically be performed by the most senior auditor on the audit team. This sampling is not a random selection as with a traditional audit, but rather is biased focused sampling technique. For my historians, this was once referred to as discovery sampling. Fraud data analytics is now the driver for the search of fraudulent transactions. The approach is about creating a fraud data profile for the fraud risk statements within your audit scope. So, the sample is based on all transactions meeting the fraud data profile.
In addition to the sampling method used, Fraud audits also go beyond searching for evidence of controls and look to authenticate assertions. It is not enough to simply have an evidence of a signature or document of approval for a transaction, the approval itself must be compared to originals and questioned.
Reporting Your Findings
For both audits the resulting report contains opinions and subjective conclusions based on objective evidence. The evidence itself may be unbiased but the nature of reporting and uncovering complex fraud requires a degree of extrapolation and inference that comes down to the team creating the report. A good team of auditors will be able to balance their assumptions while providing a level of unique insight and pattern identification, which in turn will enable better fraud detection.
Finding an Audit Plan That Fits
When determining whether to use a traditional or fraud audit plan it is first essential to understand the purpose of your audit and the methods involved. Integrating fraud testing into your team's audit plan can better mobilize your efforts and lead to a more effective approach.
At Fraud Auditing Inc. we have over 38 years of diversified fraud auditing experience. Contact us today to start your journey toward a better approach to fraud detection and prevention. We are registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors, and we offer courses on integrating fraud testing into the audit program.