Auditors Need to Identify and Respond to Financial Statement Fraud

Cases of financial fraud continue to plague the world’s economy and cause significant losses to businesses and the economy. According to the Association of Certified Fraud Examiners, financial statement fraud represented the least common (9%) but most costly source of financial damage in 2022, amounting to a median loss of $593,000.

In addition to financial statement misrepresentations to enhance earnings or to misappropriate assets, tax liability management can be a driving factor behind financial statement fraud, as parties artificially distort their income—whether by manipulation, misrepresentation, or evasion—to reduce their tax obligations.

This interplay between tax reporting and financial statement fraud underscores the importance of robust internal controls, diligent auditing practices, and effective regulatory oversight to detect and prevent fraudulent activities. External auditors play a vital role in the financial reporting framework.

Fraud—in any form—carries a reputational and regulatory risk for companies and audit/advisory firms that exceeds potential gains. As we have seen in the press recently, for professional services firms that includes leaking confidential data obtained from one client to benefit the firm.

Auditors’ Professional Responsibilities

External auditors must identify and respond to the risk of material misstatement in financial statements due to fraud. The external audit of financial statements has been found to reduce median loss of fraud by 33%.

The key professional standards relating to the auditor’s responsibilities are American Institute of Certified Public Accountants AU-C Section 240 and International Standard on Auditing 240. While there may be some differences based on region and terminology, both largely define financial statement fraud as intentional acts of deception, misrepresentation, or omission that lead to material misstatements in financial statements or asset misappropriation.

Each emphasizes the importance of auditors maintaining professional skepticism, exercising professional judgment, and obtaining sufficient evidence to ensure that financial statements are free from material misstatement caused by fraud or error. Together, they state that auditors are required to consider management override of controls, communicate suspected or identified fraud cases to governance bodies and management, and obtain written representations from management regarding knowledge of fraud or suspected fraud.

A series of recent fines handed down by the US Public Company Accounting Oversight Board, Securities and Exchange Commission, and UK Financial Reporting Council highlights the rigorous standards auditors are being held to by regulators.

Two UK big four firms recently received multi-million-pound fines for failings in their audits of a public UK company. Fines in excess of $13 million were recently assessed to a mid-sized U.S. auditing firm due to systemic quality control failures and violations of audit standards across audit documentation, engagement quality reviews, risk assessments, audit committee communications, and engagement partner supervision.

Engagement Level Responses

To identify and respond to the risk of fraud at the audit engagement level, and to meet professional responsibilities, there are critical audit considerations to be emphasized.

Understanding and using the fraud triangle to assess fraud risks. The fraud triangle is a conceptual framework developed by criminologist Donald R. Cressey that helps auditors analyze the conditions that may increase fraud risk. It consists of three key elements:

Incentive/pressure: Individuals or companies may face financial difficulties, personal ambitions, or external pressures that provide a motive to commit fraud. Additionally, employees may be influenced by compensation arrangements based on performance metrics. On a personal level, auditors may notice evidence of lavish spending or extravagant lifestyles of employees beyond their known income levels—although the auditor must exhibit prudence in assessing this potential red flag.

Opportunity: Opportunity is often defined in the context of internal control weaknesses such as the lack of segregation of duties, a lack of oversight, and/or a lack of transparency in financial reporting such as complex or unusual transactions, unexplained entries, and/or frequent adjustments.

Rationalization/attitude: Fraudsters justify their actions by convincing themselves that fraud is justifiable or “‘excused,” often due to desperation, personal circumstances, or perceived grievances.

The presence of these conditions doesn’t necessarily mean that fraud has occurred, nor do all conditions need to be present for heightened fraud risk to exist. However, their presence indicates a heightened risk of fraud that the auditor should consider in their analysis.

Potential management override of internal controls. Even in the presence of well-designed and implemented internal controls, management can bypass or override controls to enable material misstatement in financial statements. To address this risk, auditors should:

• Understand the control environment: Assess management’s philosophy, ethical values, and commitment to integrity. Evaluate whether management encourages and communicates its expectations for a strong control environment that discourages fraudulent behavior.
• Evaluate controls: Assess the design and implementation of internal controls—including entity-level, activity-level, and general information technology controls—and identify any control weaknesses that may facilitate management override.
• Analyze journal entries, accounting policies, and adjustments: Analyze significant or unusual journal entries and adjustments, especially those made at period-end, which may indicate potential management override. Assess the appropriateness of accounting policies for evidence of potential earnings management.
• Incorporate an element of unpredictability in the selection of the nature, timing, and extent of audit procedures.

Engagement team brainstorming sessions. The required engagement team brainstorming sessions during planning are critical for identifying and addressing fraud risks. These sessions facilitate open discussions among auditors to share their knowledge, experiences, and insights related to potential fraud risks, and provide a development opportunity for staff members. Here are some considerations:

• Pre-session preparation: Review relevant information, such as industry-specific fraud risks, prior-year audit findings, and management’s communications regarding fraud prevention.
• Facilitate open discussions: Encourage all team members, including those from other functions, such as tax or valuation, to actively participate and share their perspectives on potential fraud risks and corresponding audit responses. Emphasize the need for professional skepticism by all engagement team members from the planning to the concluding phase of the audit.
• Focus on unusual transactions: Discuss transactions or events that are unusual, complex, subjective, or involve significant judgment, as they often carry a higher risk of material misstatement due to fraud.
• Document and follow up: Document all identified fraud risks, related audit procedures, and conclusions, and follow up during the audit. Encourage continued dialogue among engagement team members throughout the engagement.

This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.

Author Information

Herbert M. Chain is deputy technical director at Kreston Global Audit Group and shareholder at Kreston Global member firm Mayer Hoffman McCann P.C.

We’d love to hear your smart, original take: Write for us.