VideoAnyway you slice it, it's a lot of work.
2. Increased Forensics
Auditors appear to be a bit uncertain about how much they should broaden the scope of their audits in the search for fraud. On one hand, says Carmichael, "the auditor's job is to give people rather high levels of assurance that financial statements are not materially misstated."
That suggests a big anti-fraud role in the future. On the other hand, auditors can't be expected to go looking for fraud in every audit. The fact is, auditors (at least in the past) have been hired to make sure that a company's accounting treatments are proper — not to ferret out fraud. Smoking out that kind of information has generally involved a forensic audit — a whole different kind of audit animal.
Striking a balance between the two could prove difficult. Even Carmichael concedes that "articulating [what the proper] response is in that range has been a problem."
AICPA tried to provide a solution last year in issuing its Statement on Auditing Standards No. 99, "Consideration of Fraud in a Financial Statement Audit." Among other things, the standard advises auditors to be skeptical about their clients' honesty, to perform unpredictable audit tests, and to be alert to management overrides of journal entries.
The standard's a step in the right direction, says PwC's Masterson. But auditors need more guidance on how to define fraud, as well as how to detect and deter it. "Sometimes, there's just that fine line between fraud and error," she says. "In the past, as long as we corrected the error, it's [been] OK."
Then there's the question of materiality. "Do people think that auditors will look within every type of fraud, or just those that would result in a material misstatement to financials?" Masterson asks.
Answers — in the form of new rules — appear to be on the way. While providing auditors with an internal-controls standard remains the top priority for the PCAOB, Carmichael says fraud detection is high on PCAOB's agenda as well. The reason? The board's inspectors and investigators need fodder for their own fraud probes.
Scrutiny of management overrides of accounting controls — via bogus journal entries — will be the focus of new rulemaking. Despite "sophisticated accounting systems and elaborate routines," says Carmichael, some senior managers have been able to commit fraud by making large reporting entries manually. Indeed, manual entries into an accounts-receivable ledger seems to be at the heart of the HealthSouth scandal.
One way SAS 99 addresses fraudulent management overrides is by requiring auditors to pore over reporting adjustments for material misstatements. That positive move, however, is undercut in the standard by wordy discussions of the risks of journal entries being improper, he says. "The amount of work the auditor would have to do on journal entries is very unclear."
To Carmichael, the issue is simple. "You'd better always review all the journal entries made during the end of the accounting [period]," he says.
To make their new detection work easier, auditors are likely to develop new software — or get use out of existing systems. Deloitte & Touche, for instance, is developing an automated way to access client computer files, says Greg Weaver, a managing partner.
The software, which D&T auditors are using for a few clients, can pick out duplicate payments, duplicate employees, and other "specific types of characteristics that might be fraud indicators," says Weaver. He expects it to be used in most of the firm's audits within the next year and a half.
Similarly, PwC plans to make some of its software amenable to fraud detection. One problem, however, is that anti-fraud software can be too predictable, Masterson notes. Designers have to find ways to block would-be frauds from working their way around the system, she adds.
Either way, corporate audit clients can expect more sniffing around by their independent auditors.
3. Skyrocketing Prices
The one-two punch of internal-controls and fraud-detection work is driving audit costs into the stratosphere, auditors say. New anti-fraud work alone has jacked up PwC audit fees by 15 percent to 20 percent, says Masterson. But add in internal-controls work, and the increases can be well over 50 percent.
Obviously, some hikes can stem simply from a rise in billable hours. But auditors are likely to add a premium for the new internal-controls and forensics work, which is uncharted terrain for many of them. For instance, while the controls testing for a tightly run company could bump up overall audit hours by 20 percent to 25 percent, total audit fees could jump 30 percent to 40 percent, predicts Deloitte's Weaver.
Indeed, average annual audit fees should jump by more than 35 percent to cover auditor testing of corporate internal controls, according to a survey of 83 executives at public companies with annual sales revenue averaging $3.27 billion done last month by Financial Executives International (FEI).
Start-up investments in Section 404 compliance will doubtless spur increases. The respondents to the FEI survey expect their companies to average a $480,000 spending boost for such things as evaluation software, consulting, and worker training. Mostly, however, "it's not a one-time hit on the part of the auditor, because the auditor will have to opine on a continual basis," notes Eaton's Billie Rawot.
Reader Comments» Post a comment