auditors’ responsibility - cpareport.com · auditors’ responsibility putting ethics and...

24 JUNE 2012 / THE CPA JOURNAL

In Focus

Auditors’ ResponsibilityPutting Ethics and Morality First

JUNE 2012 / THE CPA JOURNAL 25

p o i n t / c o u n t e r p o i n t

for Detecting Fraud

The public accounting profession has been held virtually blameless forits role in the events that led up to the recent global financial melt-down—which, to many, seemed to be a “crisis with countless vic-tims but no perpetrators” (Francesco Guerrera, “Crisis with CountlessVictims but No Perpetrators,” Financial Times, November 15, 2010).

The destruction of wealth in excess of over $30 trillion has resulted in per-manent losses for some and a decade of recovery for others. Some might char-acterize these failures as the breakdown of ethics and morality within theprofession (William Stephens, Carol Vance, and Loyd S. Pettegrew,“Embracing Ethics and Morality: An Analytic Essay for the Accounting

By Richard H. Kravitz


Profession,” TheCPA Journal ,

January 2012). Thisauthor, however, sug-

gests a more practical and reasonedexplanation: generally accepted accountingprinciples (GAAP) and generally accept-ed auditing standards (GAAS) are notdesigned to uncover fraud, and auditors arenot taught that they have a responsibilityto protect society and the public interest.(The Exhibit shows the number—or lackthereof—of fraud, ethics, and social respon-sibility courses at 10 accounting schools.)

The following discussion asserts that theprofession is no less ethical or moral thanin the past, but that it has abandoned thevision of one of America’s foundingfathers of auditing, George May, in his “zealto protect the public trust” and to “useaccounting as a social force” (Twenty-FiveYears of Accounting Responsibility:1911–1936, Price, Waterhouse & Co., 1936).The profession has abdicated its responsi-bility to the public it serves.

A Young and Honorable ProfessionIt is easy to forget that the public account-

ing profession is also a new profession.Unlike the evolution of medicine, engineer-ing, or law, which took place over thousandsof years, the attest function of the publicaccounting profession is barely more than100 years old. The foundation of our knowl-edge is primarily rules- and principles-based,unlike the fields of medicine and law, whichare primarily case-based.

The accounting profession’s newness isdemonstrated by the fact that it has notyet formally codified a single set of pro-fessional standards, defined by the AICPAand Public Company Accounting OversightBoard (PCAOB), relating to auditing, attes-tation, quality control, ethics, and inde-pendence. In fact, according to the mostrecent PCAOB Standards and RelatedRules, as of January 2011:

The AICPA has not made conformingchanges to the PCAOB’s InterimProfessional Standards to reflect therequirements and intent for standardsissued by the PCAOB and approved bythe SEC. Therefore, there may be con-flicts between a PCAOB standard and thePCAOB’s Interim Professional Standards(AICPA, Release No. 2003-006).Furthermore, no comprehensive global

accounting framework for presenting finan-

cial statements currently exists. While bil-lions of dollars of investment capitalcross borders daily and the largest U.S.,U.K., Japanese, and French corporationsdo business in a global environment,basic convergence (or, more recently, con-dorsement) between U.S. accountingprinciples and practices and the newlyempowered International FinancialReporting Standards (IFRS) is not expect-ed until 2015 or later under the new SECtimetable (unanimously approved inFebruary 2010).

Institutional ethics have not broken down;the profession and its members remain high-ly ethical. A CPA’s institutional role is toserve as the moral and ethical compass with-in our democratic society, to ensure thatfinancial disclosure and reporting of gov-ernment and private enterprises are truthful,honest, fair, accurate, and responsible(Richard H. Kravitz, “Socially ResponsibleAccounting: A Call for Reform in theProfession,” The CPA Journal, November2009). The AICPA clearly defines a CPA’srole in society as one characterized by a“commitment to objectivity, integrity, com-petence; excellent performance on behalfof clients, employers, and the public; andaccountability for the highest professionaland business ethics” (AICPA Annual Report,2007–2008).

The Reality of FraudOpposing this promise is the reality of

the past four years, during which formerlyhealthy businesses obtained unqualified auditopinions literally months before they failed,most recently MF Global (which received anunqualified audit opinion in May 2011 andwent into bankruptcy in early autumn with$1.2 billion allegedly pledged as collateraland missing from customer custodialaccounts); the Federal National MortgageAgency; the Federal Home Loan MortgageCorporation; Lehman Brothers (seven-yearalleged Repo 105 fraud); Olympus Camera(alleged 11-year goodwill write-down fraud);American International Group (AIG, thelargest corporate failure in history);Washington Mutual; the hurried acquisitionof Merrill Lynch by Bank of America;Countrywide Savings; and 67,190 suspiciousactivity frauds reported to the FBI, with aprojected record-breaking loss in excess of$4 billion in 2010 (Jorina Fontelera, “FBIAgent Speaker: Mortgage Fraud on the Rise,”The Trusted Professional, January 2011).

But the magnitude and extent of fraud iseven more extensive than these examplesimply. The earlier frauds that includedDennis Kozlowski at Tyco and BernardEbbers at WorldCom have been super-seded by Calisto Tanzi at Parmalat in 2004;Kanebo, which claimed $2 billion of nonex-istent profits between 1996 and 2004(Howard Schilit, Financial Shenanigans:How to Detect Accounting Gimmicks andFraud in Financial Reports, McGraw-Hill,2010, pp. 36–37); Satyam in 2009, wherethe auditor failed to detect inflated cash andbank balances on the order of $1 billion(Schilit 2010); Allen Stanford, who is cur-rently on trial; Bernard Madoff; WestridgeCapital in 2009; Sky Capital in 2011; MarcDreier (2004–2008); and others.

More troubling is that financial fraudcontinues to grow, according to the FBI.Statistically, “since 2007 [through 2009]there have been more than 1,700 FBI pend-ing corporate, securities, commodities, andinvestment fraud cases, an increase of 37%since 2001” (http://www.fbi.gov/stats-ser-vices/publications/facts-and-figures-2010-2011/investigative-programs). This fraudoccurs despite accelerated oversight ofthe accounting profession, including thefollowing measures:■ The creation of “white shoe” commis-sions, such as the AICPA’s Fraud ResearchSteering Task Force

The following discussion asserts

that the profession is no less

ethical or moral than in the past,

but that it has abdicated its

responsibility to the public it serves.


■ The AICPA's sponsorship of academ-ic research relating to fraud ■ New Statements on Auditing Standards(SAS), including SAS 99, Considerationof Fraud in a Financial Statement Audit—issued in late 2002 by the AuditingStandards Board (ASB), which brought theconcept of “professional skepticism” to thefraud debate—and subsequent auditingstandards released in January 2011 thataddressed audit risk■ The establishment of a new oversightcommittee and the issuance of new audit-ing standards by the PCAOB, beginning in2004■ International Standards on Auditing(ISA) on an auditor’s responsibility todetect fraud, such as ISA 240, TheAuditor's Responsibilities Relating to Fraudin an Audit of Financial Statements■ The Committee on SponsoringOrganizations’ (COSO) guidance in late2005 (COSO, however, chose not to includea discussion on the prevention and detectionof fraud, according to the Practitioner’sGuide to GAAS 2009: Covering All SASs,SSAEs, SSARs, and Interpretations, byMichael Ramos [Wiley, p. 63].)■ The passage of arguably the mostsweeping financial reform legislation inmore than 70 years, the Dodd-Frank WallStreet Reform and Consumer ProtectionAct of 2010, leaving the licensure and pro-fessional conduct of CPAs to individualstate boards ■ The upholding of the PCAOB’s con-stitutionality in 2010 (Free Enterprise Fundv. PCAOB, 561 U.S. _, 2010).

The Gap in GAAPThe chairman of the International

Accounting Standards Board (IASB)Advisory Council, Paul Cherry, said,“We have an antiquated conceptual frame-work … it is like substance abuse; youhave to admit you have a serious prob-lem. Chipping away at the edges isn’tgoing to solve it” (“Accounting LeadersDiscuss Simplifying Financial Reporting,”Journal of Accountancy, July 2009). TheSEC’s chief accountant of its corporatefinance division, Wayne Carnell, echoedthis sentiment when he said, “If we couldstep back and look at issues on a longerterm basis, it would help” (Journal ofAccountancy 2009).

Auditors don’t audit for fraud. GAAPand GAAS provide the tools, techniques,

and audit processes to ensure the accura-cy of financial statements and the financialcondition of the enterprise. The GAAP andGAAS rulebooks do not, however, answerthe question: “Why are auditors not respon-sible for uncovering fraud?”

That CPAs are not ultimately responsi-ble for uncovering material misstatementsin financial statements is the greatest dis-parity between the public’s perception ofan auditor’s responsibility and the auditor’sactual responsibility to professional insti-

tutions. This 100-year-old issue continuesto plague the accounting profession in theeyes of the public.

Although fraud is a broad legal concept,for the purposes of GAAS, an auditor isprimarily concerned with fraud that causesa “material misstatement in the financialstatements, resulting either from fraudulentfinancial reporting or misappropriation ofassets” (SAS 99, redrafted and effective onor after December 15, 2012). In the revisedJanuary 2011 auditing standards (not effec-tive until 2013), an audit in accordancewith GAAS provides no assurance that ille-gal acts will be detected or that any contin-gent liabilities that follow will be disclosed.Even if an audit is properly planned and per-formed in accordance with GAAS, the inher-ent limitations of the audit may not detect

material misstatements in the financial state-ments (SAS 99 redrafted, para. A54–A55,Official Releases, Journal of Accountancy,January 2011)

That accountants are not responsible fordetecting fraud is also one of the most fun-damental gaps in contemporary auditing lit-erature. More than 1,000 pages of codifiedrules are devoted to the 15 auditing standardsthat the AICPA, the PCAOB, and the SECdefine as authoritative. These range fromgeneral auditing standards to fieldwork stan-dards, to financial reporting and disclosurerequirements. But a discussion of the respon-sibility that requires auditors to design auditswith the intention of uncovering or detect-ing fraud remains absent from the authori-tative literature.

In addition, there is an extensive dis-cussion (more than 200 pages in the author-itative auditing literature) and dozens ofreasons why auditors should not be heldresponsible for detecting fraud, includingthe notion that “management is frequent-ly in a position to manipulate accountingrecords and perpetrate a fraud” (SAS 99redrafted, para. 7). If we are aware thatsenior management can perpetrate thefraud—a 10-year SEC study proved thatalmost three-quarters of corporate fraudswere committed by a CEO or with aCEO’s knowledge—and, in fact, is respon-sible for the vast majority of enterprisefraud, is there a reason for auditors toignore it?

What is even more perplexing is that theaccounting literature provides substantialguidance and hundreds of examples of howfraud is committed, where fraud has a highlikelihood of occurring, and even the con-ditions and probability of its occurrence;the literature offers a clear road map toguide an auditor in uncovering fraud. Theredrafted SAS 99 discusses the auditor’sability to detect fraud:

Fraud may involve sophisticated and care-fully organized schemes designed to con-ceal it, such as forgery, deliberate failureto record transactions, or intentionalmisrepresentations being made to theauditor … [On the other hand,] theauditor’s ability to detect fraud dependson factors such as the skillfulness of theperpetrator, the frequency and extent ofmanipulation, the degree of collusioninvolved, the relative size of individualamounts manipulated and the seniority ofthose individuals involved (para. 6).

If we are aware that senior

management can perpetrate the

fraud and, in fact, is responsible

for the vast majority of enterprise

fraud, is there a reason for

auditors to ignore it?


Managementalone is respon-

sible for the finan-cials. As this author

has argued before, manage-ment bears responsibility for a company’sfinancial statements. (This section has beenadapted from “Why Bank and FinancialService Audits Failed,” published byThomson Media Group LLC, Spring2011.) Over 100 years ago, the concentra-tion of control within corporations andthe absence of checks and balances led toa serious debate among economists andbusiness leaders, who worked to developthe structures of the modern corporationand their governing rules. In his early 20th

century textbook, Principles of Economics,Harvard Professor F.W. Taussig wrote:

In the United States, where the tradi-tion of checks and balances continues toshape political organization, directorsin great corporations are often no morethan figureheads, while presidents arebenevolent despots … one-man rule hasno doubt promoted boldness, efficiency,progress; but it has also concentratedpower in a degree to justify uneasiness[and democratic imbalance of powerwithin the corporate structure].Against a backdrop of the largest global

corporate failures in history and recent gov-ernment removals of a number of autocrat-ic corporate leaders, auditors continue to rely

on “amounts based on informed estimatesand judgments of management” (SAS 99redrafted). Auditors continue to place pri-mary responsibility for the prevention anddetection of fraud on “both those chargedwith governance of the entity and manage-ment. … This involves a commitment to cre-ating a culture of honesty and ethical behav-ior” (SAS 99 redrafted, para. 4).Furthermore, AU section 110.03,“Distinction Between Responsibilities ofAuditor and Management,” confirms that:

The financial statements are manage-ment’s responsibility … management isresponsible for adopting sound account-ing policies and for establishing and main-taining internal control … the entity’s

University Degree Number of Required Courses in:

Social Ethics1 Responsibility Fraud

University of Texas at Austin BBA (accounting) 0 0 0

Wharton School at the University of Pennsylvania BBA (accounting) 0 0 0

University of Illinois at Urbana-Champaign BS (accounting) 0 0 0

Brigham Young University BS (accounting) 0 2 0 0

University of Notre Dame BBA (accounting) 1 3 0 0

Leventhal School of Accounting at the University of BS (accounting) 0 0 1 4

Southern California

Texas A&M University BBA (accounting) 1 0 1

Kelly School of Business at Indiana University BS (accounting) 0 0 0

Broad College of Business at Michigan State University BBA (accounting) 0 0 0

Stern School of Business at New York University BS (accounting) 0 0 14

Fisher College of Business at Ohio State University BBA (accounting) 0 0 0

University of Georgia BBA (accounting) 0 0 0

Arizona State University BS (accounting) 0 0 0

1 A required ethics course for accountants would include formal study of the legal, moral, and ethical obligations of accountants; generally accepted accounting principles (GAAP)-compliant versus legally misleading financials; professionalresponsibility; and other ethical issues.2 Ethics for Management (Bus M 390) is not specific to accountants3 Ethics in Accounting (Acct 30750)4 Detecting Fraudulent Financial Reporting

Source: Top 10 Best Accounting Schools in America (U.S. News and World Report), as compiled by the Center for SociallyResponsible Accounting

EXHIBITCourses in Ethics, Fraud, and Social Responsibility


transactions … are within the directknowledge and control of management …fair presentation of financial statements inconformity with generally acceptedaccounting principles is an implicit andintegral part of management’s responsi-bility … the auditor’s knowledge of thesematters and internal control is limited tothat acquired through the audit.Whether it was Skilling or Fastow at

Enron or Jim Basille at Research inMotion, the search to uncover fraud beginsand ends at the top. Based on enforce-ment actions by the SEC between 1987and 1999, the company’s chief executivewas involved about 70% of the time (KenBrown, “Auditors’ Methods Make ItHard to Catch Fraud by Executives,”Wall Street Journal, July 8, 2002, p. c3).

The pattern has repeated hundreds oftimes and has become the norm rather thanthe exception. The pattern is familiar: a dom-inant CEO emerges and packs the board andthe company with like-minded executiveswho owe their position to him and are reluc-tant to challenge his judgment (StewartHamilton and Alicia Micklethwait, Greedand Corporate Failure: Lessons from RecentDisasters, Palgrave McMillan, 2006).Hamilton and Micklethwait also state that:

The dominant CEO may begin, perhapsunconsciously, to behave as though it ishis own creation and—as Kozlowski didat Tyco, Ebbers at WorldCom, andTanzi at Parmalat—use [the company]as his own piggy bank … [That iswhen] shareholders and the board becomeirrelevant.The herd mentality holds no originality in

the corner office. Fraudulent practices likePonzi schemes and overstatements of earn-ings that generate huge bonuses can be cat-egorized and identified, and their risk factorscan be predicted. The journal entries or ques-tionable accounting treatment initiated,reviewed, or approved by CEOs and CFOswhose jobs are under pressure (and whotransfer huge amounts from expense to bal-ance sheet accounts or cause the disappear-ance of liabilities from the financials) are dis-coverable (Charles Mulford and EugeneComiskey, “The Financial Numbers Game:Detecting Creative Accounting Practices,”Wiley, 2002).

Predicting and Discovering FraudAs a fellow of the American College

of Forensic Examiners, one of the most

eye-opening discoveries in this author’seducational training was the realization thatnot only is fraud discoverable, but there area finite number of fraud scenarios,schemes, and permutations. Fraudsters arereally not all that clever, as shown by thefollowing characteristics of fraud:■ “Each business system has a finiteand predictable list of inherent fraudschemes.”■ “Each inherent fraud scheme has a finiteand predictable list of fraud permutations.”■ “Each fraud scheme permutation cre-ates a finite and predictable list of fraudscenarios.” (Leonard Vona, The FraudAudit, John Wiley & Sons, 2011, p. 29)

A more reasoned explanation of the fail-ure to uncover fraud is an auditor’s lack oftraining, sophistication, and objectivity, aswell as failure of the design of the auditand the auditing firm’s standard programsto examine high-risk areas where fraud is

traditionally committed. None of thehigh-profile fraud cases over the past 10years was highly sophisticated, nor was theperpetrator particularly skilled. (For oneexample, see “Enron 10 Years Later:Lessons to Remember,” by Anthony H.Catanach, Jr., and J. Edward Ketz, TheCPA Journal, May 2012.)

A place of defining a difference is thatthe fraud examiner or fraud-trained CPAwould accept less of what they are toldby a client or a client’s financial teamand require more in the way of corrob-orating documentation, preferably lean-ing toward third-party evidence. It is per-haps the weighting of evidentiary mat-ter as well as the unrelenting demandof the fraud-trained auditor that keeps

looking for clues where the CPA mightlook less to sleuthing (Eric Kreuter,interview for the Financial Fraud LawReport, February 1, 2011, publishedApril 2011).

Resistance by the Accounting ProfessionThere exist, of course, additional argu-

ments supporting the idea that the professioncannot assume responsibility for detecting oruncovering fraud; however, if one agreeswith George May, one will conclude thatnone of these explanations relates to the pro-fession’s ethical or moral breakdown.Consider the following four arguments:■ Errors in judgment may result in audi-tors missing fraud.■ Auditors lack the ability to authenticatedocuments.■ There are substantial legal loopholes(e.g., the in pari delicto doctrine of equalfault) that insulate auditors.

■ Uncovering audit failures will costclients too much.

Errors in judgment. “Even with goodfaith and integrity, mistakes and errors injudgment can be made. … The auditorexercises professional judgment in evalu-ating the reasonableness of accounting esti-mates based on information that could rea-sonably be expected to be available priorto the completion of the field work. As aresult of these factors, the auditor has torely on evidence that is persuasive ratherthan convincing” (AU section 230.11,“Reasonable Assurance”).

It is unconvincing that, for seven years,the treatment of Lehman’s repurchaseagreements was based solely on informa-tion only available prior to completion of

Whether it was Skilling or Fastow at Enron or Jim Basille at Research

in Motion, the search to uncover fraud begins and ends at the top.


the audit. Havingreviewed the 176

pages of MF Global’s10K (issued four months

before bankruptcy), this author remainsunconvinced that the excessive swings inrepurchase agreement arrangements orthe CEO’s articulation of a radical changein company trading strategy would nothave raised some eyebrows with the com-pany’s auditors. In another case, that ofOlympus Camera, why did it take 11 yearsto uncover the evidence that a new CEOdiscovered in his first six months in office?

In addition, many forensic auditorsbelieve that traditional reliance on current

auditing practices, such as reviewing inter-nal controls and testing thousands of thecompany’s transactions, are not relevantfor detecting fraud and should not be reliedon for that purpose; instead, forensicaccountants use more effective and effi-cient practices and procedures.

Lack of ability to authenticate docu-ments. “An audit conducted in accordancewith generally accepted auditing standardsrarely involves authentication of documen-tation, nor are auditors trained as or expect-ed to be experts in such authentication” (AUsection 230.12, “Reasonable Assurance”).Yet every large public accounting firm hasforensic and consulting services designedto provide forensic examination of docu-ments. If documents require authentication,the appropriate services are available.Regardless, document forgery does not seemto be the primary reason why audits over thelast three years have failed (other than as oneof Marc Dreier’s many fraudulent activities).

The legal loophole of in pari delicto. Ifan accounting firm is deemed complicit ina fraud, the courts in New York State willnot intercede. In two major fraud cases,the New York Court of Appeals conclud-ed that the courts would not intercede toresolve a dispute between two wrongdoers(“New York Courts Exclude Auditors fromBeing Held Liable for Client Actions,”The Trusted Professional, November 15,2010, p. 17). In Kirschner v. KPMG LLP(15 N.Y.3d 446, 938 N.E.2d 941 [NewYork, 2010]), a company orchestrated aseries of loans that hid hundreds of millionsof dollars of uncollectible debt. In Teachers’Retirement System of Louisiana et. al. v.

PricewaterhouseCoopers (WL 13545,2011), public accounting firms allegedly par-ticipated in carrying out a fraud or were neg-ligent in failing to discover it. The court’sconclusion was analogous to the case of anarsonist who, when singed, cannot sue thefire department for failing to put out theblaze (The Trusted Professional 2010).

Audit failures will cost too much. Inan amicus curiae brief filed on behalf ofthree of the four largest accounting firmsinvolved in the two cases above, thefirms argued that accusing them of failureto uncover fraud would ultimately andimproperly transfer the cost to publicaccountants and would also disincentivizemanagement to police corporate conductand dramatically expand accountants’ lia-bility. In the majority opinion, the courtargued that principals, rather than third par-ties, are best suited to police their chosenagents (The Trusted Professional 2010).

The dissent, however, noted that the role

played by auditors as gatekeepers servesthe public as well as the corporations thatcontract for such services; thus, it is in thepublic’s best interest to maximize diligenceand thwart malfeasance on the part of thesegatekeepers. The majority decision invitesgatekeeper professionals to neglect theirduty to ferret out fraud by corporateinsiders because, even if they are negligent,there will be no damages assessed againstthem for their malfeasance (The TrustedProfessional 2010).

If one were to add up the cost of auditfailures, the total could be in excess of $1 trillion—the lost wages of bankruptcompanies (such as MF Global, Lehman,Enron, WorldCom, and others), the valueof employee pension funds destroyed, thecustomer losses aggregated, the losses inmutual funds, and the value of collateral-ized debt obligations and collateralizedmortgage obligations in investor accountssignificantly impaired.

The question, of course, is that if audi-tors can reasonably assess the elements offraud, then shouldn’t they be able to detectit? And if much of the audit work is basedon failed audit processes and practices,shouldn’t the audit process be changed?

A Watchdog Role“Confidence in the accuracy of account-

ing statements is the bedrock of investors’willingness to invest, in lenders’ willing-ness to lend, and for employees knowingthat their firms’ obligations to them can betrusted” (William McDonough, http://www.sec.gov/news/extra/mcdonough41503.htm). There are no other private or gov-ernmental organizations and no global insti-tutions as effective as CPAs when it comesto safeguarding the public interest. Publicaccounting firms hold one of the most crit-ically important and unique roles in ourdemocratic society as the principal watch-dogs of corporate enterprise. Isn’t it timeto lead rather than follow? ❑

Richard H. Kravitz, MBA, CPA, is thefounding director of the nonprofit Centerfor Socially Responsible Accounting, as wellas a fellow of the American College ofForensic Examiners and a member of theNYSSCPA, the AICPA, and the AmericanSociety of Pension Professionals andActuaries. He is managing director of R HKravitz & Company, Island Park, N.Y.

Public accounting firms hold one of the most critically important

and unique roles in our democratic society as the principal watchdogs

of corporate enterprise. Isn’t it time to lead rather than follow?


In Focus


Many forms of government have been tried, and will be tried in this world of sin andwoe. No one pretends that democracy is perfect or all-wise. Indeed, it has been said thatdemocracy is the worst form of government except all those other forms that have beentried from time to time.

—Winston Churchill, Speech in the House of Commons, November 11, 1947

Are CPAs who audit an enterprise in accordance with U.S. generally accept-ed auditing standards (GAAS) responsible for finding material fraud in thefinancial statements upon which they report? Some say they are, or shouldbe, yet others say that they are not. The first step in addressing this impor-tant issue is to answer several questions on the subject.

What Do the Standards Say?The standards clearly denote that auditors conducting GAAS audits must design

audit procedures to obtain reasonable—but not absolute—assurance that the financialstatements being audited are free of material misstatement, whether the misstatementresulted from error or fraud. The standards recognize that absolute assurance is not attain-able, due to the nature of fraud and the nature of a GAAS audit—that is, testingthrough various sampling or other techniques, rather than examining all economic eventsaffecting an enterprise’s operations, cash flow, and financial position. In addition, theneed for an audit to be timely, in order for the financial statements to be useful, andthe need for an audit to be performed at a reasonable cost work against an absoluteassurance requirement. But this does not mean that an auditor gets a “free pass” whena GAAS audit fails to detect a material misstatement due to error or fraud in the finan-cial statements.

Auditors’ Responsibility for Detecting FraudApplying Professional Judgment and Maintaining IntegrityBy Vincent J. Love

p o i n t / c o u n t e r p o i n t


An auditor’s per-formance needs to be

evaluated before any blamecan be imposed. The auditor’s workpapersmust demonstrate—based upon an assess-ment of risk, including an evaluation of inter-nal controls—that the procedures used dur-ing the audit were designed to obtain rea-sonable assurance that the financial state-ments were free of material misstatement.The standards for a GAAS audit recognizethat there is a “high” level of assurance thatthe financial statements are fairly presentedin all material respects in accordance withU.S. generally accepted accounting princi-ples (GAAP) or another accepted account-ing framework, and that the risk of theaudit opinion being wrong is limited to a“low” level.

GAAP is simply the grammar and vocab-ulary of the language of accounting, whichis used to describe the effect of economicevents on an enterprise. It is the frameworkused in the United States for financial report-ing, and it does not establish procedures foran audit or the issuance of an auditor’s opin-ion. If users of financial statements take thetime to understand the language and theimplications of its use, they will be able toread it, speak it, and thus understand thefinancial statements. It is not a cause of,nor does it abet, fraud. Circumventing theunderlying conceptual principles of GAAPapplications can act as the vehicle for com-mitting a fraud, but adhering to bright-lineaccounting rules is not an element of fraud.The application of reasonable—and not infal-lible—judgment is required to account formany transactions affecting an enterprise.

Users of financial statements must readand understand the notes to the financialstatements to truly understand the numbersand other information displayed on the

statements. They are not “footnotes” thatgive biographical or ancillary informa-tion; instead, they are an integral part ofthe financial statements. The notes shouldcontain all material matters needed forusers to understand the statements,including disclosures required by GAAP,GAAS, or SEC rules. GAAP is not a causeof fraud, but the misuse of GAAP byaccountants and preparers of financial state-ments is fraudulent.

It should be understood that proceduresapplied based on GAAS are not fail-safe;however, they should be sufficiently com-prehensive to reduce the risk of issuing awrong opinion to a low level at an eco-nomically reasonable cost. There is a pos-sibility of audit failure, commonly termed“audit risk” (i.e., the risk that the auditormay unknowingly issue a “clean” opinionon financial statements that include mate-rial misstatements). If an audit is properlyplanned and performed, the greater themateriality of the error or fraud, the lowerthe risk that it will not be detected. Thenecessary applications of estimates basedon judgments increase the risk of error andare fertile ground for anyone seeking tocommit fraud.

The standard of due professional carerequires that an auditor exercise profession-al skepticism when conducting an audit.Because management integrity is so vital tothe efficacy of a GAAS audit, the auditprocess needs to be reevaluated—and, inmost cases, intensified—regardless of whenduring an audit a question of managementintegrity surfaces. A GAAS audit is an iter-ative process; the discovery of facts or cir-cumstances that lead to questions concern-ing management integrity, or possible fraud,requires an auditor to reevaluate all areas andphases of the audit process before design-

ing new procedures and proceeding with,or withdrawing from, the engagement. Whilethe standards place significant pressure onan auditor to identify material error or fraud,they also fairly recognize that “fraud may beconcealed by withholding evidence or mis-representing information in response toinquiries or by falsifying documentation”(AU section 316.09, “Description andCharacteristics of Fraud”). The standards fur-ther recognize the difficulty in detecting fraudcaused by collusion among the enterprise’spersonnel or third parties, forgery, and undis-closed side agreements, among otherschemes. This is a realistic assessment of thecapability to detect fraud in a GAAS audit.

The major auditing firms have excellentinternal programs to train auditors, guid-ance materials for managing and conductinga GAAS compliant audit, recommended pro-cedures for conducting those audits, andmonitoring programs to enforce compli-ance with the standards and firm policy.When GAAS audits do fail, it is generallybecause of the recognized GAAS limitationsrelated to testing and deception using forgery,collusion, and other techniques—or thefailure of the auditor to adhere to GAASrequirements, most notably in the exerciseof professional skepticism and the mainte-nance of integrity and objectivity through-out the engagement.

In some of the famous financial scan-dals of the last century, GAAS was eithernot sufficiently codified or was simply defi-cient. Recognition of these deficiencies ledthe profession to make changes in requiredaudit procedures. (Exhibit 1 identifies theeffects of two early cases.)

In this century, Enron and other financialscandals led to changes in auditors’ respon-sibilities related to reporting on internal con-trols of enterprises regulated by the SEC,as well as the suggestion to consider theuse of forensic specialists in certain instancesduring GAAS audits. The profession has alsoreacted to public criticism and court deci-sions by changing its standards.

GAAS has changed and improved in therecent past, especially in areas related tothe detection of financial statement fraudand audit risk analysis. This system ofreviewing the current standards and sug-gesting changes to address perceived issuesis working. The Auditing StandardsBoard’s (ASB) recent rewriting and clari-fication of the GAAS standards is an exam-

Company Changes to Auditing Procedures

Kreuger & Toll Helped build support for the Securities ExchangeActs of 1933 and 1934 and, as a result, the require-ment that all publicly traded enterprises be audited

McKesson & Robbins Led to the requirement to confirm receivables andobserve inventory, as well as a greater review ofinternal controls

EXHIBIT 1Two Early Cases Resulting in Changes to Auditing Standards


ple of the resiliency and effectiveness ofthe established methodology for address-ing concerns related to the standards andto fraud detection.

How Does a GAAS Audit Differ from Other Types of Audits?

The performance of a GAAS audit isdistinctly different from other types ofaudits, particularly a fraud audit, investi-gation, or examination (collectively referredto as a fraud examination).

A fraud examination is an entirely dif-ferent engagement from a GAAS audit ofan entity’s financial statements, preparedand presented in accordance with anaccepted accounting framework. In a fraudexamination, auditors presume that fraudis present. Testing procedures are vastlymore intensive than those in a GAAS auditand are designed to detect such fraud. Ina GAAS audit of financial statements, theauditor knows that fraud may be present,but focuses on determining whether thefinancial statements are fairly presented inaccordance with an accepted accountingframework.

In the preface to The Fraud Audits,Leonard W. Vona states:

I also believe that we need to recognizethat fraud auditing is different from tra-ditional auditing by using all the method-ologies of traditional auditing, but justapplying them differently. … To illus-trate the “different” concept, fraud audit-ing recognizes that the greatest audit pro-cedure in the world will not detect fraudif the sample does not include one fraud-ulent transaction. The following sections compare a

GAAS audit with a fraud examination,taken from the Association of FraudExaminer’s (ACFE) Fraud ExaminersManual and material in AICPA literature.Although fraud examinations and audit-ing are related, they are not the same dis-cipline. Exhibit 2 lists some of the princi-pal differences between them.

Both the ACFE and the AICPA agreeon the expectations resulting from theirmembers’ work—members of the formerorganization are professionals directly relat-ed to the investigation of fraud, and mem-bers of the latter are professionals who con-duct GAAS audits. The GAAS audit is notdirected toward finding fraud, but towardrendering an opinion that the financial

statements, taken as a whole, fairly presentthe enterprise’s financial position, results ofoperations, and cash flows in all materialrespects. A fraud examination is not a cost-effective alternative to a GAAS audit.

GAAS does give an auditor fraud guid-ance in the clarified auditing standardsunder AU-C section 240, “Considerationof Fraud in a Financial Statement Audit.”This clarification of the information cur-rently included under AU section 316 setsforth the requirements in a more under-standable, logical manner. (AU-C section

240 is effective for audits of financial state-ments for periods ending on or afterDecember 15, 2012.) Topics coveredinclude insights into the environment thatcan lead to fraud, evidence to look for ina GAAS audit that may indicate fraud, andthe types of additional procedures thatcan be used to determine if fraud exists.Appendix A to AU-C section 240 includesexamples of factors that are conducive tothe incidence of fraud. Appendix Bincludes examples of possible audit pro-cedures to address an assessment of therisk of material misstatements from fraud.Appendix C contains examples of cir-cumstances that indicate the possibility offraud. GAAS give an auditor guidance toidentify, seek, and detect fraud, but itdoes not guarantee that an auditor fully

complying with GAAS will uncover allmaterial errors or frauds due to the natureof fraud and the scope of a GAAS audit.

On February 22, 2007, the PublicCompany Accounting Oversight Board’s(PCAOB) Standing Advisory Group metto discuss forensic audit procedures. Thispanel found that:

While AU sec. 316 states that personswith specialized forensic skills may beassigned to the audit in response to anidentified risk of material misstatementdue to fraud, it does not mandate thatforensic accountants participate in audits.As the auditor becomes aware of indi-cations of the possibility of fraud, andas the existence of fraud becomes morelikely, the quality of the audit might beenhanced by requiring forensic accoun-tants to participate in the audit process.However, the PAE [Panel on AuditEffectiveness] did not recommend thatauditors be required to use forensicaccountants, and the Board’s interimstandards do not include such a require-ment (http://pcaobus.org/News/Events/Documents/02222007_SAGMeeting/Forensic_Audit_Procedures.pdf).In addition, the PCAOB’s Auditing

Standards (AS) have focused on fraudand ways to detect it in an audit of finan-cial statements—particularly AS 11,Consideration of Materiality in Planningand Performing an Audit, and AS 12,Identifying and Assessing Risks of MaterialMisstatement, issued for audits of financialstatements for fiscal years starting on orafter December 15, 2010.

The general standards require that anauditor exercise due professional care.When faced with an indication of fraud, anauditor should consider involving a foren-sic specialist on the engagement; howev-er, this is not mandatory, nor is it any dif-ferent from the requirement for an auditorto apply reasonable professional judgmentin the administration and execution of theengagement, including the decision ofwhen to use specialists.

Fraud examinations of all of an enter-prise’s material balances can be conducted,but at what cost in economic resources, time-liness, and loss of relevancy? To state thata GAAS audit should detect all materialfraud, without fail, is to say that the entireaudit framework should be changed to pre-sume, at the outset, that fraud has occurred

Fraud examinations of all of an

enterprise’s material balances can

be conducted, but at what cost

in economic resources, timeliness,

and loss of relevancy?


and to audit accord-ingly (i.e., to perform

a fraud examination). Inessence, this places an audit firm in

the position of an insurer of the financialstatements—a position that has an entirelydifferent and distinct economic structure.

Will Fraud Ever Disappear?Fraud has existed since the beginning of

recorded history. But before asking whetherfraud will ever cease to occur, one shouldexamine what fraud actually is. Black’s LawDictionary defines it as “a knowing misrep-resentation of the truth or concealment of amaterial fact to induce another to act to hisor her detriment.” Clearly, knowingly falsi-fying information presented to a third partyin financial statements is fraud.

Fraud has been with us since Biblicaltimes. The talking serpent in the Garden ofEden deceived Eve into eating the forbid-den fruit, or so it says in the book of Genesis.One example of early financial fraud fromancient Greek history was related byIsocrates, circa 393 B.C. He told of anAthenian banker who misappropriateddeposits, deceived, forged, stole contracts, andbribed others. Instances of fraud occur morefrequently today because of the complexityand velocity of business transactions andever-increasing technological advances.

Fraud will continue to exist, regardlessof any economically sound safeguard,

because greed is often a part of human nur-turing, and human ingenuity knows nobounds. To assume that one can econom-ically audit to find any material or signif-icant fraud in all instances is unsupport-able; instead, audit procedures can contin-ually be improved if shortcomings arefound—that is what the profession hasdone and will continue to do. Fraud willnever be eradicated or always be detectedby performing a GAAS audit, but its occur-rence can be reduced substantially.

Who Is Responsible for Fraud?The answer is simple: the individual or

individuals who commit the fraud areresponsible for it. But that is not the com-plete answer. Over the last few years, someindividuals have been asking about theauditors’ responsibility in the numerousPonzi schemes that came to light when thesinking economy drained liquidity out ofthe market. Ponzi schemes differ fromother frauds because they usually center onan individual who claims to have some-thing that no one else has (e.g., a method-ology or a system). This characteristic goesback to its very namesake, Charles Ponzi.Consider the individual investors in Ponzischemes. Are they all blameless for theirlosses? Do they hold any responsibility fortheir decisions? Not all of them are “wid-ows and orphans”—often, they are welleducated or are following the example and

advice of those who are supposedlyfinancially sophisticated. Consider the insti-tutions and boards that invested withMadoff: Did they not see the highreturns, regardless of market conditions?Was it greed that motivated them? Ponzischemes exist because of the greed andgullibility of the investors who give theirmoney to the scammer. How muchresearch do they do before making theirinvestments? They share in the responsi-bility for their own losses.

As for the “red flags” mentioned bythose who try to assess blame, one shouldconsider whether they were really red atthe time in question. Looking at the Madoffscheme, many commentators mentionedred flags that should have been seen by thefeeder fund auditors. One of these claimedred flags was a May 2001 MarHedge (ahedge fund trade publication) report byMichael Ocrant, “Madoff Tops Chart;Skeptics Ask How.” In this report, BernardL. Madoff Investment Securities (BMIS)was described as having 600 major bro-kerage clients and being one of the topthree market makers in Nasdaq stocks. Thereport also stated that if BMIS was men-tioned “to anyone working on Wall Streetat any time over the last 40 years … you’relikely to get a look of immediate recogni-tion.” Moreover, the article stated that“Madoff operates one of the most suc-cessful ‘third markets’ for trading equities

Area Auditing Fraud Examination

Objective The objective is to obtain sufficient competent The objective is to determine whether a fraud has or is evidential matter to provide a reasonable basis occurring, and to determine who is responsible for the fraud. for forming an opinion on the financial statements. Fraud examinations are performed only with a sufficient

basis to presume that a fraud may have occurred.

Scope The scope of the audit is a general examination The fraud examination is conducted to resolve specific of financial data. allegations.

Methodology Audits are conducted primarily by examining Fraud examinations are conducted by examining financial data using various testing techniques. documents, reviewing outside data such as public

records, and conducting interviews.

Presumption Auditors are required to approach audits with Fraud examiners approach the resolution of a fraud professional skepticism. allegation by attempting to support or refute the allegation.

Sufficiency of In the majority of cases, auditors rely on evidence Fraud examiners attempt to establish proof to support evidential matter that is persuasive rather than convincing. or refute an allegation of fraud.

EXHIBIT 2Differences Between Auditing and Fraud Examination


after regular exchange hours, and is anactive market maker in the European andAsian equity markets.”

More importantly, this article included adiscussion of what some individuals cite asred flags. But how red could those flags havebeen if they were known to the financialinvestment community in May 2001 andBMIS continued to grow in size, dealing withthe very community targeted by the publi-cation? With 20/20 hindsight, these obser-vations are now tagged as red flags. How canconditions that were obvious to the financialcommunity who dealt with BMIS on adaily basis, yet did not affect BMIS’s con-tinuing operations in the financial commu-nity, supposedly be a red flag to the auditorof a feeder fund? “Lack of volatility” isspecifically addressed in the article: “Evenamong the four of five professionals whoexpress both an understanding of the strate-gy and have little trouble accepting the report-ed returns it has generated, a majority stillexpress the belief that, if nothing else, Madoffmust be using other stocks and options ratherthan only those in the S&P 100.”

Qualified and competent investors, amongwhom were some of the most experiencedand well-known leaders in the investmentcommunity, looked at the same results,lack of volatility, and operating characteris-tics of Madoff and BMIS; after evaluatingthem, they continued to invest withMadoff. In addition, the investors includeduniversities, trusts, and pension and benefitplans, all of which have, or should have,competent investment advice from paid advi-sors or supposedly competent members ofinvestment or similar committees. Thereare some questions to consider: Weren’t theyall looking at the same results? Didn’t manyof them have in-depth knowledge ofinvesting, and isn’t that why they were puton the investment committee? Why didn’tthey see the red flags that some now claimthat the auditors should have seen? Thissame fact pattern of red flags found inhindsight also existed in many other Ponzischemes and in allegations against auditors.

In looking at a current financial scandal,some refer to MF Global as an audit fail-ure; however, it is too early to determinewhat actually happened at MF Global.News reports concurrent with the writingof this article suggest that the diversion ofclients’ funds occurred in the final daysof the company’s existence and not

throughout its life, where it might havebeen discovered in a GAAS audit. In manycases relating to recent financial scandals,some individuals have taken the presump-tive position that auditors should havedetected fraud during their GAAS audits.The work of the auditor, in many of thesepurported audit failures, has not beenfully investigated by an independent orga-nization. Where the failures have beenadjudicated, the auditor was either absolvedof blame or penalized based on studiedanalyses of the auditor’s adherence to thestandards, including the exercise of dueprofessional care.

In many of the publicized business fail-ures, one question that is not alwaysanswered or focused on is whether it wasa business risk failure that caused thelosses. Auditors do not guarantee users offinancial statements that the business modelis free of risk and not subject to failure.There exists no requirement in GAAS,the auditors’ report, SEC rules and regu-lations, and auditing and business literaturefor the auditor to be a “guarantor” of thesuccess or failure of a business strategy. Itwould be impossible to audit a companyif the auditor was also responsible for thesuccess or failure of the enterprise’s busi-ness model.

Has the Accounting Profession BeenHeld Virtually Blameless?

The accounting profession, far frombeing held blameless when financialscandals occur, has taken a large share ofthe blame. But to properly asses blame, oneneeds to seek the root cause of the fraud.Only in a few rare instances, such asE.S.M. Government Securities Inc. andWedtech Corporation (and, most recently,the BMIS failure), was an outside auditoractively involved in the fraud. Financialand other officers of an enterprise—that is,the people who perpetrate the fraud—areprimarily responsible for the fraud andthe resulting third-party losses. The owner-managers of enterprises and others whoactively work in the business and are incontact with or supervise the perpetrator(s)might also be responsible.

Auditors should be held secondarilyresponsible if—and only if—they failed tofollow GAAS when auditing the enterpriseand did not exercise reasonable profes-sional judgment when planning the audit,

designing the audit procedures, and eval-uating the audit findings. Consequently,giving an opinion in such circumstancesthat the financial statements were fairly pre-sented under GAAP or other acceptedaccounting framework when they were notshould subject the auditor to civil or crim-inal penalties, depending upon the facts.

When evaluating the massive fraud ofAIG in Accounting Ethics … and the NearCollapse of the World’s FinancialSystem, Michael Pakaluk and Mark L.Cheffers state, in part:

Too often the external auditor is accord-ed all the blame when circumstances offinancial reporting improprieties arise.… Thus any critique of the externalaudit would have to be focused onactual auditing deficiencies. Yet, whileit seems that auditing deficiencies musthave existed, the facts and circumstanceshere point primarily to widespread lackof ethical behavior and professionalismamong the internal CPAs throughout theAIG organization.Many of the individuals who are respon-

sible for deception and misstated financialstatements go unpunished, including indi-viduals within the enterprise who turn ablind eye to what is occurring. The enter-prise, those directly involved, and the insur-er bear the brunt of any civil action; theauditor is also subject to civil litigationfor damages and, in some instances, tocriminal prosecution.

Should Auditors Be Responsible for Finding Fraud?

A properly executed GAAS audit does notguarantee that the audited financial statementsdo not contain material error or fraud; aGAAS audit diminishes the risk of materialerror or fraud existing in the audited finan-cial statements to a low level. The audit shouldbe designed to uncover material error or fraud,should it exist in the financial statements.Auditors must evaluate the reasonablenessof management’s estimates and judgmentsin preparing the financial statements todetermine if they are indeed “reasonable.”

Hindsight is not a proper measure to eval-uate the performance of an auditor. The factsand circumstances existing during the auditand at the time the auditor’s report issigned need to be evaluated. Moreover, it istrue that reasonable people looking at thesame set of facts and circumstances can


come to different conclu-sions. The issue can be

framed by the following ques-tion: was reasonable professional judg-

ment applied? Simply saying that profes-sional judgment is involved in the processdoes not mean that an audit failure can neveroccur; the auditor must rely on reasoned pro-fessional judgment soundly based on thefacts and circumstances known at the time.

Can the Issue Ever Be Resolved?The aforementioned quote from Winston

Churchill can be paraphrased to describethe world of financial statement auditing:Many forms of auditing have been sug-gested, and will be suggested in thisworld of imperfection and fraud. No onepretends that GAAS auditing for financialreporting is perfect or infallible. Indeed, ithas been said that a GAAS audit is theworst form of financial statement audit,except all those other forms that have beensuggested, but fail to give the desiredresults—reliable, timely, and economical-ly verified financial data.

Fraud will always be with us, regard-less of how much is done to protectagainst it and detect it. To seek a worldwhere all material fraud will be detectedby auditing, whether by following GAASor other standards or by simply intensi-fying audit procedures, is comparable toclaiming that one can eradicate crime bysimply increasing the number of lawenforcement personnel. Having the ruleof law and auditing to find materialfraud substantially reduces the incidenceof crime and materially misstated finan-cial statements. No one would suggest thata police state or close examination ofevery transaction would be a cure for allcrime or fraud.

The idea that a fraud examination shouldset the standard for financial reporting is,at the outset, unrealistic. It is more thanjust a matter of cost—the timeliness offinancial reporting, particularly in today’sage of economic transactions geometrical-ly increasing in velocity and complexity,is crucial to its relevancy. Where will allof the auditors who are needed to per-form these intense audits in a short time-frame come from? What will they doafter the “busy season” is over? What arethe real “costs” necessary to develop asound cost-benefit analysis?

One resolution would be to make theauditor an insurer. Such an auditor couldensure the accuracy of the financial state-ments, using a given materiality amount toserve as the deductible under the policyand charging a fee for the audit and apremium for the insurance coverage. Theinsurance fee can vary based on the qual-ity of the financial statements as deter-mined during the audit. The opinion wouldstate the maximum insurance under thepolicy. The insured amount can be basedon a percentage of average market capi-talization over a given period, or someother acceptable determination. But willthat give the markets and third-party usersa better, more reliable and relevant prod-uct? This author doubts it.

A Reliable and Sustainable MethodologyJoseph Wells, the founder and chair-

man of the ACFE, stated it well when hewrote:

But these [undetected frauds whereaccounting firms paid significant sumsto settle litigation] don’t tell the wholestory. CPAs detected countless financialstatement frauds, embezzlements and taxoffenses before they became seriousproblems (“So That’s Why It’s Calleda Pyramid Scheme,” Journal ofAccountancy, October 2000).

Because of the nature of fraud; humannature and nurture; human ingenuity; thegeometric increase in the volume, veloci-ty, and complexity of business and invest-ment transactions; new technologicaladvances; and the need for reliable, rele-vant, and timely financial reporting, a prop-erly preformed GAAS audit is the bestproduct available or on the horizon, eventhough in certain instances it can lead toan auditor issuing an erroneous opinion onthe financial statements being audited.

When a GAAS audit fails to disclose amaterial error or fraud in the financial state-ments, an auditor’s performance and imple-mentation of GAAS during the audit needsto be evaluated before blame can be assessed.A GAAS audit is not infallible; however, ifit is properly implemented, it does reduce therisk of the auditor issuing an incorrect opin-ion to a low level. Moreover, an auditor isnot a guarantor or insurer of the enterprise’sfinancial statements or business modelwhen properly performing a GAAS audit.

The profession has a reliable and sus-tainable methodology to address auditingissues and make reasoned changes. In1931, George May wrote that “the high-minded accountant who undertakes thispractice assumes high ethical obligations… none in which the practitioner is undera greater ethical obligation than to per-sons who are not his immediate clients …to employ accounting as a social force.”Despite all that has transpired since, thatsame spirit is alive today in the AICPACode of Professional Conduct, specifical-ly in Article III, “The Public Interest.”

The profession’s standards have beenimproved significantly since George Mayand Robert Montgomery practiced audit-ing. A system is in place that continues torecognize that when change is needed, itwill be accomplished. These two giantsof the profession would be proud of howfar we have come and the quality andefficacy of the current standards. But nei-ther of them professed that auditing couldunfailingly detect all frauds, regardless ofhow sophisticated the fraudulent scheme;they recognized that there were inherentlimitations in an audit. ❑

Vincent J. Love, CPA/CFF, CFE, is themanaging director of VJL Consulting LLC,New York, N.Y.

An auditor is not a guarantor

or insurer of the enterprise’s

financial statements or business

model when properly

performing a GAAS audit.