VideoThe fundamental question is: What do we want them to do? What is the point of an audit? Auditors and companies contend that the purpose of an audit is to back up a company's contention that its numbers are "reliable." "An audit is a test of a company's records that backs up the company's representation of the company results," says Greg Weaver, national managing partner for assurance at Deloitte Touche Tohmatsu. "We're doing a test of assertions."
But can auditors be sure results are reliable without testing for fraud? Auditors say it's not that they don't want to catch fraud, but since it's impossible to catch it 100 percent of the time, they shouldn't be held responsible if they miss it. "We get it right 98 percent of the time," says Weaver. "But to do 100 percent verification, you'd basically be recreating the records. There's no way that anyone could do that at a cost the public would consider acceptable."
History of a Profession
Historically, accounting has been considered a highly professional and trustworthy profession. Firms have always trained new accountants in the audit function, but with keen oversight from senior partners who saw their firm's integrity riding on every engagement.
At the same time, auditors have always called their customers "clients," and have worked hard to cultivate them. Partners routinely entertained clients two to three nights a week, and not uncommonly moved on to work in their clients' firms. But the inherent conflicts of these relationships were kept in check by the firm's commitment to professionalism.
All that changed as consulting services grew, spurred on by increased IT consulting work in the late 1970s and early '80s. By the mid-'80s, the AICPA had lifted its ban on advertising. Revenue generation became the foundation on which the partners' compensation was based. Revenues for management consulting in early 1999 accounted for more than 50 percent of the Big Five's revenue stream as a whole.
The audit function itself became a commodity service — a loss leader accounting firms offered in conjunction with vastly more lucrative consulting fees. As they competed more aggressively on price, they were forced to shrink the number of procedures performed for the audit. Auditors claim these reductions didn't harm audit quality, but it often meant they used increasingly computer-based test controls and statistical models, and fewer of the basic, time-consuming auditing practices that could increase the likelihood of finding fraud — site visits to multiple locations, observation of assets, or random sampling at nonmaterial levels.
In addition, junior auditors were often assigned the crucial oversight roles usually filled by senior partners, who were increasingly busy selling to prospective clients. "A lot of the audit changes were [prompted by] competitive proposals based on pricing decisions by management," says Ellen Masterson, global head of audit methodology at PwC and point person for the firm's new antifraud auditing initiative, "and as a profession we allowed that to happen."
Roster of Reforms
The Sarbanes-Oxley provisions that make the auditors report to the audit committee will somewhat increase the distance between management and auditing firm. The act also places far more responsibility for the integrity of the financial statements on audit-committee members, who can be prosecuted by the Securities and Exchange Commission for fraudulently influencing or misleading a company's auditors. "Uppermost in the [client management's] mind was reducing the cost of the audit," says Masterson. "They pressured auditors to do the minimum. Now, with the untold number of fraudulent activities by managers, the minimum is not where we should be. We spent 15 years in a cost-pressured audit situation, and now we have a lot more interest in quality audits by those who hire us — the audit committee."
With nervous audit committees calling the shots, and with a far-less-accommodating PCAOB about to start dictating standards for auditors, accounting firms are seeing the writing on the wall. PwC is going to implement a program involving the use of extended procedures performed by fraud specialists at a subset of its audit engagements. "For so long we've said we're not responsible for detection of fraud," says Masterson. "In the court of public opinion, however, that's not holding true. We recognize that if the books and records don't reflect the company's performance, it's our responsibility."
Here Masterson is bridging the semantic barrier between "detecting fraud" and "attesting to reliable financial statements." While her peers might not go quite so far, they are taking the initiative to add forensic (or investigative) capabilities to their audits. KPMG, for instance, added more than 300 "forensic professionals," including some who trained at the Federal Bureau of Investigation, who will take part in some routine audits. At one recent audit, KPMG ran all the addresses of a client's vendors to see if any of them matched a list of rental post office box addresses — a hallmark of a fictitious vendor. It found 17 addresses fitting that description. The firm is also launching a pilot program to conduct due-diligence-type reviews on certain audits.
Deloitte is comparing clients' financial results with those of their industry peers, and taking a closer look at outliers. All the firms are adopting new software programs that will allow them to more quickly run checks for duplicate addresses, duplicate employees, or statistical outliers that may be red flags for fraudulent activity.
Reader Comments» Post a comment