The PCAOB is trying to figure out how to explain the answer to the public.
Sarah Johnson, CFO.com | US
April 13, 2010
A fraud which take a year to be done couldn't be found in 3 months audit period. So instead to extend auditors' scope, issues in corporate governance should be designed in more helpful way for company's oversight boards which mostly consist on famous non-executive directors.
Posted by Meer Ali | April 19, 2010 09:38 am
Though many may wish it were otherwise, financial statement audits are not designed to find fraud. In fact, external audits are horrible at finding fraud, identifying fraud just 9% of the time (Source: Association of Certified Fraud Examiners 2008 Report to the Nation on Fraud and Abuse). If the public wants more done to identify fraud, they should require different types of fraud detection tools than audits. The ACFE's 2008 study also reported on many cost-effective fraud prevention tools that can be completed in just a few days a year, including whistleblower hotlines, ethics training and segregation of duties. Audits are fine for what they are and they do not need to change just to satisfy the public's expectations. There are other, more effective tools available. (SOX and internal controls audits) Regulators understood the limitations of financial statement audits when they drafted SOX, so they added internal control audits as a requirement for publicly traded companies. Internal control audits are designed to (1)evaluate the design an organization's internal controls to ensure that errors and irregularities are identified in the normal course of business and (2)ensure that the internal controls are operating as designed. I'm not the biggest fan of internal controls audits, not because I don't they're effective in preventing and detecting fraud because I'm sure they are, it's just that internal control audits are unnecessarily expensive given there are other more cost-effective fraud prevention/detection tools available that have been proven to be highly effective.
Posted by Sheila Keefe | April 16, 2010 03:49 pm
Statutory audit is all about compliance audit which is never aimed at detecting frauds unless and until such incident arose attention of the Auditor concerned while he/she is carrying out statutory audit. One should remember the golden proverb "an auditor is a watch dog but not the bloodhound."
Posted by Shaikh Ahmed | April 16, 2010 04:39 am
This article, while technically accurate misses the important point about changes in the PCAOB's guidance for auditors in finding fraud. The key document the Board recently released is called Staff Audit Practice Alert No. 5-- it is a clear reaction (perhaps politically motivated; not) to the fiasco involving Ernst & Young's controversial treatment -- or non-treatment-- of Lehman Brothers' Repo 105 accounting "gimmickry" criticized by the Lehman Bankruptcy Examiner. PCAOB's new guidance provides auditors specific guidance on how to handle "unusual transactions"-- which is another way of saying how auditors should cover their rear ends with regard to potentially fraudulent accounting activity on the part of their clients. As for the OVERALL role of auditors (specifically INTERNAL auditors) in finding fraud, the latest important guidelines come from the Institute of Internal Auditors which in December released very clear guidance on the role of I/A in finding fraud.
Posted by Peter Goldmann | April 15, 2010 09:47 am
The AICPA does a poor job of addressing the expections gap. It should address clearly what auditors do and what they don't do, defining clear boundaries that people can understand. Without clear boundaries that people understand, they will interpret in their own favor, which usually means expansively.
Posted by Roland Cycan | April 14, 2010 11:03 am
Hi Sarah, Thanks for the excellent article. I like how you highlight the history behind the auditor's role (really lack thereof) in finding fraud. I find it amazing that the auditing industry (primarily the Big Four public accounting firms) continues to be so successful at framing the issue as the public's misunderstanding of their lack of role in finding fraud--they aren't paid to do it and they don't intend to do it. And it seems that as valiant as the PCAOB is, they continue to be handcuffed without consent to do anything to rein in the auditors (see my post of the same title--link below). http://saramcintosh.wordpress.com/2010/02/03/handcuffed-without-consent/ For instance, last year Deloitte Touche Tohmatsu shrugged off the PCAOB's audit exceptions by simply telling the PCAOB to quit second-guessing them (direct quote below from D&T response to PCAOB 2009 Inspection Report). "A number of the PCAOB's comments relate to situations in which we believe that the engagement team, in some cases after significant consultation with specialists and other subject matter experts, made and documented well reasoned and supported judgments during the audit. In our view, such reasonable judgments should be respected and not second guessed." (Yes, they really wrote that.) This "pound sand" response was for the audit work they ARE being paid to do, but that the PCAOB felt they did not do adequately. How would we (or the PCAOB) ever expect to be able to get the external auditor's role to include finding fraud? And how clever that the auditing industry has now framed the issue such that it's now the PCAOB's job to clear up the public's misinformed "expectation gap" instead of holding them accountable to find fraud. Thanks again for publishing such insightful articles, Sarah Johnson and CFO Magazine. Ciao for Now, Sara McIntosh
Posted by Sara McIntosh | April 14, 2010 11:01 am© CFO Publishing Corporation 2009. All rights reserved.