How to Avoid Audit Problems

by Ron Klein, JD, CFE

Financial statement fraud leads all other types of fraud in terms of cost per case by a wide margin. Median losses from fraudulent statements ranged from $4.25 million per case in 2002 to $2 million per case in 2005, according to the Association of Certified Fraud Examiners (ACFE). The next leading type of fraud, corruption schemes, ranged from $530,000 in median cost per case in 2002 and $538,000 in 2005.

CAMICO claims experience has found fraud to be the main cause of claims losses among audit engagements: 60 percent of all audit claims from 2002 through 2004 were caused by fraud and defalcation. (See chart, “Audit Claims, Three-Year Average, 2002-2004.”)

Fraud is so easy to conceal and difficult to detect that the CPA profession generally accepts that there are no auditing procedures for providing absolute assurance in detecting all fraudulent financial reporting. Auditors instead have historically attempted to provide reasonable, rather than absolute, assurance of detecting material misstatements.

Meanwhile, the public has historically expected auditors to detect all material misstatements—an expectation that often leads to disappointment among clients, creditors and investors, who then turn to legal remedies for their disappointment.

Professional standards established since the Enron/WorldCom scandals, such as SAS 99, “Consideration of Fraud in a Financial Statement Audit,” have heightened the importance of identifying and assessing the risks of fraud, but the standards do not come close to meeting public and jury expectations of what CPA responsibilities should be in fraud detection.

CPAs should include in engagement letters an acknowledgment that the client has responsibility for: 1) their financial statements, 2) accuracy and completeness of the information that goes into the statements, 3) adjusting the financial statements to correct material misstatements and 4) communicating to the CPA any material changes to the statements.

At the same time, CPAs should not get comfort from their belief that the financial statements are the responsibility of management. As far as a jury may be concerned, the statements are the CPA’s responsibility.

Audits involving a third-party creditor are especially troublesome. The basic problem is that the client pays for the work, but the work benefits the creditor. Over a period of time, the client may begin to pressure the CPA to do the work in a way that will satisfy the bank but result in a significant material misstatement. The work may become so rote to the CPA that the CPA becomes complacent and loses the skepticism necessary for a competent audit.

A common error is for the CPA to go along with the client on a particular issue, such as the valuation of inventory or assets, which may result in a significant material misstatement. The lender then has an inaccurate view of the client’s business from the financial statement, and if the business fails, the CPA is exposed to liability for the misstatement.

In order to avoid audit problems, the CPA must avoid complacency and exercise skepticism about issues such as the value of client inventory and accounts receivable. Also, understand which issues are critical to the third party, and be sure to utilize client and engagement screening processes.

Useful Checklists

Following are checklists to help auditors avoid problems.

• Screen or have background checks done on audit and other significant clients. See AICPA Practice Alert 2003-03, Acceptance and Continuance of Clients and Engagements, available at: www.aicpa.org/download/cpaltr/2004_01/supps/pajan04.pdf.
• Think in terms of a worst-case fraud scenario for the client (i.e., look for fraud).
• Make it harder for anyone to determine the mechanisms used by the auditor in detecting fraud.
• Do not be predictable in the audit procedures (e.g., don’t adjust to client schedules or announce the timing, location or nature of the procedures).
• Question management and staff, including those on the loading dock; ask penetrating questions in a non-threatening, non-accusatory manner.
• Take a “big picture” approach in evaluating evidence and assessing fraud risk.

Some of the classic risk factors associated with fraud include:

• financial condition of the organization;
• pressure to show profits in the marketplace;
• internal accounting controls;
• the state of the economy;
• integrity level of corporate leaders and employees;
• commitment to the organization’s value system;
• personal traits and characteristics of executives and employees;
• reward systems for ethical behavior;
• organizational culture and dynamics;
• peer pressure;
• the perception of detection; and
• the swiftness, certainty and severity of punishment.

Five classifications of financial statement fraud include:

1. fictitious revenues;
2. timing differences/premature revenue recognition;
3. improper asset valuations;
4. concealed liabilities and expenses; and

5. improper disclosures.

SAS 99 directs auditors to:

• exercise professional skepticism when considering the possibility of a material misstatement due to fraud;
• discuss the risks of material misstatement among engagement personnel;
• obtain the information needed to identify the risks of material misstatement;
• assess those risks;
• design an audit in response to them;
• evaluate audit evidence; and
• communicate about fraud to management, the audit committee and others.

Ron Klein is vice president of claims with CAMICO Mutual Insurance Company. CAMICO is a CPA-owned and -operated insurance company providing professional liability insurance and risk management services to more than 6,800 CPA firms throughout the United States.