why auditors fail to detect fraud presented by: dennis f. dycus, cpa, cfe, cgfm ...
TRANSCRIPT
Why Auditors Fail to Why Auditors Fail to Detect FraudDetect Fraud
Presented by:Presented by:
Dennis F. Dycus, CPA, CFE, CGFMDennis F. Dycus, CPA, CFE, CGFMwww.dennisdycus.com
[email protected]@bellsouth.net
AGA – Baltimore ChapterAGA – Baltimore Chapter
Baltimore, MDBaltimore, MD
May 9, 2012May 9, 2012
2
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
Willful Ignorance:Willful Ignorance:
If you keep your eyes shut, you If you keep your eyes shut, you won’t see anything!won’t see anything!
Go in with your eyes wide shut!Go in with your eyes wide shut!
3
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
A little historyA little history February, 1997February, 1997 Barry Melancon, President of the AICPA Barry Melancon, President of the AICPA
at the ACFE’s Annual Conference in at the ACFE’s Annual Conference in VegasVegas
FRAUD is a four letter wordFRAUD is a four letter word SAS No. 53, SAS No. 53, Errors and ….Errors and ….
4
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud Per SAS No. 82, Per SAS No. 82, Consideration of Fraud Consideration of Fraud
in a Financial Statement Audit,in a Financial Statement Audit, in the past in the past auditors failed to detect fraud because auditors failed to detect fraud because they did not know what it looked likethey did not know what it looked like And they had not been trained to look for itAnd they had not been trained to look for it
Although introduced with much fan fare, Although introduced with much fan fare, SAS No. 82 did not increase the auditor’s SAS No. 82 did not increase the auditor’s responsibility for the detection of fraudresponsibility for the detection of fraud
5
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud For financial statement reporting purposes, it For financial statement reporting purposes, it
does not matter whether a misstatement is due does not matter whether a misstatement is due to an error or fraudto an error or fraud
But for audit purposes, it’s a huge differenceBut for audit purposes, it’s a huge difference SAS No. 99 did not increase the auditor’s SAS No. 99 did not increase the auditor’s
responsibility for the detection of fraudresponsibility for the detection of fraud It did require a significant amount of It did require a significant amount of
additionaladditional documentation as to how the documentation as to how the auditor considered the possibility of fraud auditor considered the possibility of fraud in an auditin an audit
6
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud Fraud takes on the characteristics of its Fraud takes on the characteristics of its
surroundingssurroundings So what does fraud look likeSo what does fraud look like
Once the AICPA said the Once the AICPA said the F Word F Word (FRAUD)(FRAUD), , they could talk about itthey could talk about it
Prior to SAS No. 82, the only voice in the Prior to SAS No. 82, the only voice in the wilderness was the Association of Certified wilderness was the Association of Certified FraudFraud Examiners (ACFE) Examiners (ACFE)
7
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
For the first time, SAS No. 82 For the first time, SAS No. 82 requiredrequired the the auditor to inquire of management about the auditor to inquire of management about the possibility of fraudpossibility of fraud Also required Also required brainstormingbrainstorming with staff with staff
Also referred to SAS No. 78, Also referred to SAS No. 78, Consideration ofConsideration of Internal Control in a Financial Statement Internal Control in a Financial Statement Audit, Audit, and the and the Tone at the TopTone at the Top
8
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
In defining internal control, SAS No. 78, In defining internal control, SAS No. 78, breaks it down into five elementsbreaks it down into five elements
The first element is the TONE AT THE TOPThe first element is the TONE AT THE TOP All other controls are a function of the TONE All other controls are a function of the TONE
AT THE TOPAT THE TOP SAS No. 78, states that ……SAS No. 78, states that ……
THE TONE AT THE TOP IS THE TONE AT THE TOP IS EVERYTHINGEVERYTHING
9
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
How do you think most How do you think most
frauds are detected?frauds are detected?
It’s not by the external auditor!It’s not by the external auditor!
10
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
ACFE’s ACFE’s 2010 Report to the Nations on 2010 Report to the Nations on Occupational Fraud and AbuseOccupational Fraud and Abuse
Frauds are detected by:Frauds are detected by: 37.8% - Tips (Somebody Knows)37.8% - Tips (Somebody Knows) 23.0% - Internal Controls23.0% - Internal Controls 17.1% - Management Review17.1% - Management Review 9.3% - By accident (Dumb Luck)9.3% - By accident (Dumb Luck) 4.2% - External Audit (9% in 2008)4.2% - External Audit (9% in 2008)
11
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
The auditor often fails to consciously decide The auditor often fails to consciously decide whether to retain an entity as a continuing whether to retain an entity as a continuing client or take a new entity on as a clientclient or take a new entity on as a client
Auditors should be very careful about initial Auditors should be very careful about initial impressionsimpressions
Failure to develop and maintain Failure to develop and maintain Professional Professional SkepticismSkepticism
12
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
Professional Professional SkepticismSkepticism
It’s An AttitudeIt’s An Attitude
13
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
REMEMBERREMEMBER
FRAUD AND STUPIDFRAUD AND STUPID
OFTEN LOOK OFTEN LOOK EXACTLY THE SAMEEXACTLY THE SAME
14
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud Failure to Failure to know your clientknow your client
Do you know what a normal/usual transaction isDo you know what a normal/usual transaction is What’s there that should not be thereWhat’s there that should not be there What’s not there that should be thereWhat’s not there that should be there Do you understand the environment your client Do you understand the environment your client
works inworks in Little things can mean a lotLittle things can mean a lot Do you see what you seeDo you see what you see
Often fraud is right in front of you, just looking at Often fraud is right in front of you, just looking at you…. And you don’t see ityou…. And you don’t see it
15
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud Failure to Failure to know your clientknow your client
Do you know what a normal transaction isDo you know what a normal transaction is What’s there that should not be thereWhat’s there that should not be there What’s not there that should be thereWhat’s not there that should be there
Little things can mean a lotLittle things can mean a lot Do you see what you seeDo you see what you see
Often fraud is right in front of you, just looking at you Often fraud is right in front of you, just looking at you and you don’t see itand you don’t see it
You never know when you may see indications of You never know when you may see indications of fraudfraud
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
Look for things that should be Look for things that should be there but are notthere but are not
Look for things that are there Look for things that are there but should notbut should not
16
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
It’s not what you look at that matters; It’s not what you look at that matters; it’s what you see.it’s what you see. Henry David Thoreau
17
18
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
The auditor’s failure to take into consideration The auditor’s failure to take into consideration who steals …..who steals …..
BASICALLY HONEST PEOPLEBASICALLY HONEST PEOPLE
The Fraud TriangleThe Fraud Triangle
19
Fraud TriangleFraud Triangle
Need Rationale
Opportunity
Control Environment
20
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud Failure to take an individual’s lifestyle into Failure to take an individual’s lifestyle into
considerationconsideration 43%43%
Over reliance on …..Over reliance on …..
DOCUMENTATIONDOCUMENTATION The workprogram and the Xerox The workprogram and the Xerox
machinemachine
21
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
Failure to empower staff …..Failure to empower staff ….. You won’t find most fraud sitting behind You won’t find most fraud sitting behind
a deska desk Walkn’, Talkn’, Lookn’ and Listenn’Walkn’, Talkn’, Lookn’ and Listenn’ Someone knowsSomeone knows
Can we talkCan we talk
22
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud Not knowing how to ask a question …..Not knowing how to ask a question …..
Without asking a questionWithout asking a question What message are you sending with your questionWhat message are you sending with your question
Failure to make yourself availableFailure to make yourself available They have something you wantThey have something you want You don’t have anything they wantYou don’t have anything they want
You may only have one chanceYou may only have one chance Don’t blow itDon’t blow it Remember the 85/15 ruleRemember the 85/15 rule
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
Use caution in asking questionsUse caution in asking questions As a rule, you should never ask a question that As a rule, you should never ask a question that
you don’t have a pretty good idea what the you don’t have a pretty good idea what the answer will be …….answer will be …….
Especially in courtEspecially in court
23
24
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
Failure to know when someone is lying or Failure to know when someone is lying or telling the truthtelling the truth
People use words to lie, but the body People use words to lie, but the body always tells the truthalways tells the truth
Do you Do you reallyreally understand the answer …. understand the answer …. does it make sensedoes it make sense
25
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
Failure to know when someone is lying or Failure to know when someone is lying or telling the truthtelling the truth
People use words to lie, but the body always People use words to lie, but the body always tells the truthtells the truth
Do you Do you reallyreally understand the answer …. does understand the answer …. does it make senseit make sense
But you got your But you got your DOCUMENTATIONDOCUMENTATION
26
Why Auditors Fail to Detect FraudWhy Auditors Fail to Detect Fraud
At the beginning of this presentation, I At the beginning of this presentation, I asked what did fraud look like. I don’t asked what did fraud look like. I don’t know, but I’ll know it when I see it. Look know, but I’ll know it when I see it. Look for things that are out of place; unusual for things that are out of place; unusual transactions; things that surprise you; transactions; things that surprise you; things that should not be there; things that things that should not be there; things that should be there but aren’t; explanations that should be there but aren’t; explanations that don’t make sense …..don’t make sense …..
27
Detecting fraud is like going hunting ….Detecting fraud is like going hunting ….
The woods are full of animals ….The woods are full of animals ….
You just have to know what they look like You just have to know what they look like and where they hideand where they hide
Good HuntingGood Hunting
Let me leave you with one Let me leave you with one last thoughtlast thought