“How did the auditors not catch this? Isn’t it the auditor’s job to detect fraud?”
It is a common misconception that fraud is detected by external auditors. According to the Association of Certified Fraud Examiner’s 2018 Report to the Nations, tips are the most common detection method, at 40%, for occupational fraud while external audit only accounts for 4% of detection. Where is the disconnect? Well, it is key to understand the role and responsibility of the external auditor, and who ultimately holds responsibility for preventing and detecting fraud.
The responsibility of an auditor during an audit is to provide reasonable assurance that the financial statements are free of material misstatements whether due to fraud or error. For private companies, external auditors do not test the effectiveness of an organization’s internal controls, but rather consider the controls to assess risk and design audit procedures. While the auditors have a responsibility to design the audit in a way to detect material misstatements, companies should not rely upon their annual audit to detect fraud.
Because auditors use sampling techniques and do not test every transaction within a company, the likelihood of an auditor uncovering fraud is limited. While auditors examine unusual journal entries, conduct fraud inquiries with employees, and walk through internal controls during the audit, this does not relieve companies from taking their own proactive measures to prevent and detect fraud.
The 2018 Report to the Nations lists the following as active detection methods that drastically reduce the length of the fraud and loss resulting from the activity:
- IT controls
- Account reconciliation
- Internal audit
- Management review
- Document examination
Management and those charged with governance should constantly evaluate fraud risk within their company and implement and monitor internal controls that will aid in preventing and detecting fraudulent activity. Companies that take proactive measures against fraud significantly reduce the fraud duration and subsequent loss. Your external auditors can help provide recommendations with prevention and detection controls that you can be put in place to combat fraud, however, the auditors should never be relied upon to detect fraud within your organization.
Jonathan Poppel, CPA