By Carissa DeLuca, CPA, CFE
In the Association of Certified Fraud Examiners, Inc. (ACFE)’s Report to the Nations 2020 Global Study on Occupational Fraud and Abuse, they noted external audits of financial statements were the number one most common anti-fraud control in the small and large businesses they studied. However, the auditor’s responsibility regarding fraud is only to provide reasonable assurance that the financial statements do not include material misstatements due to fraud or misappropriation of assets.
In fact, it’s management’s responsibility to design, implement and maintain internal controls that prevent and detect fraud. This is even more evident in the fact that of the 2,504 fraud cases studied, external audits only were only responsible for 4% of the discoveries. Tips (from both employees and outsiders) were the number one reason fraud was detected in the cases studied at 43%.
Despite the limited cases in which fraud was discovered by an external audit, there are many ways auditors can be great resource to management for preventing and detecting fraud.
First, we’re pretty fluent in fraud. Having the knowledge that comes with auditing a variety of industries gives us some insight into the common fraud schemes seen in each industry. Not to mention, California CPA’s are required to take a minimum of 4 hours of fraud specific training which allows us to stay up to date with the most recent and pervasive fraud schemes.
Secondly, we are a set of outside eyes. This fact alone could be a deterrent to many fraudsters. Our audits are intended to be designed with an element of unpredictability so our testing and inquiries will vary each year which may be an additional deterrent.
Lastly, we can be a resource to management. When we issue a Management Comment Letter or internal control letter, it is to notify management of deficiencies we found but this also may include recommendations to management on areas their internal controls could be lacking or not operating as intended. While the letter is intended to formally document findings and recommendations, our auditors are more than happy to discuss in detail the areas found to be at risk and recommendations for additional controls or best practices.
While an audit by an independent third party auditor will never be your primary control against fraud, there are many ways in which we can be leveraged to help reduce the risk that fraud occurs. Effective internal controls can reduce the opportunity your company could be open to fraud and your auditor can provide you with fraud knowledge, an outside perspective and recommendations based on our findings.
To learn more about anti-fraud control, please contact your WFY audit specialist or email us here.