Apprehending fraud in audits

Audit firms of all shapes and sizes are trying to raise their game in relation to fraud deterrence and detection, and resources that may assist with this are increasingly available from ICAEW and other trusted sources.

The tips in this article highlight ways that firms may increase the likelihood that their financial statement audits and auditors will be better able to apprehend fraud. They are among insights that were gleaned by the faculty during 2021, while interviewing auditors for information on their approaches and experiences for a forthcoming fraud thought leadership report.

1. Shape thinking

Mindset influences the likelihood that fraud will be spotted during a financial statement audit. Firms are trying to ‘get this right’ in various ways, informed by research and by insights from behavioural specialists. Approaches include:

• a fraud risk model that focuses on professional scepticism and includes risks within the audit firm, such as conscious and unconscious biases among audit team members;
• using language to influence thinking, by discouraging references to management as ‘the client’ and encouraging references to the ‘audited entity’;
• measures to open the minds of all auditors to the potential for fraud (from the most junior team member to the engagement partner); and
• communicating with entities before/early in/during an audit on what to expect overall and from particular phases such as audit closedown.

2. Cultivate a culture of challenge

To enhance the likelihood of fraud detection during audits, firms are facilitating the auditor’s challenge of management and challenge between those within audit teams. Approaches to this include:

• encouraging and reinforcing good practices, such as resisting pressure to sign off when the audit partner is not ready to;
• processes to support more junior audit team members to challenge audited entity management;
• encouraging challenge of the engagement partner and other managers by more junior team members; and
• strengthening challenge of management in highly judgemental areas such as long-term contracts, goodwill impairment, the valuation of financial instruments and over-optimistic management estimates.

3. Broaden horizons

Firms are being more proactive and responsive. They are increasing the range of factors that inform risk assessment and ranking. Approaches include:

• risk assessing and monitoring more small frauds and irregularities that could become material over multiple years and audits;
• ‘risk sensing’, to inform fraud risk assessment by considering news of fraud or press attention in a sector and considering market information;
• broadening the pool of people at the entity that auditors speak to; and
• increasing the involvement of forensic specialists, to widen and deepen the perspective of audit teams (see tip number seven).

4.  Make education matter

Firms are expanding and enhancing fraud-related training and education to maximise its potential impact on the auditor’s apprehension of fraud. Approaches include:

• giving audit teams more knowledge on the potential ways that fraud can be committed;
• identifying behavioural, logistical and other impediments to timely auditor apprehension of fraud and factoring these into training and education;
• increasing fraud training and expanding it across all levels of experience; and
• enhancing interpersonal skills and building confidence among junior auditors.

5. Keep it real

Firms find that some ways of conveying information are more effective than others when raising awareness and knowledge levels on fraud-related matters among auditors. Approaches include:

• sharing personal ‘war stories’ from those with experience of fraud and fraudsters, such as auditors and forensic experts, from inside or outside the firm;
• getting insights from those who missed material frauds that subsequently became apparent or were involved in ‘high-profile’ audits that failed to find material fraud, and focusing on known frauds;
• using root cause analysis to explore what went wrong, how it can be avoided and building lessons learned into case studies and other training resources; and
• focusing on known fraudsters – some convicted ex-fraudsters can be engaging, providing insights into how frauds are perpetrated and ‘red flags’ to look for.

6. Exploit technology

There are numerous ways in which firms are using technology to support apprehension of fraud during financial statement audits. Approaches include:

• upskilling auditors, to get the most from available data and technologies;
• using analytics tools for enhanced journal entry testing and grading journal entries by their potential fraud risk to direct audit testing;
• overlaying data analytics with machine learning to drive recognition of fraud patterns; and
• deploying forensic-type tools and techniques, such as software that can automate document authentication.

7. Make the most of forensic specialists

Firms are utilising the skills and knowledge of forensic experts in various ways at various stages of the audit and in areas such as education and training (see tip number four). Approaches include:

• involving forensic specialists during audits on a risk-assessed basis as happens, for example, with areas such as valuations or forecasts and experts on digital- and tax-related matters;
• involving forensic people at the planning stage to broaden thinking and discussion in the audit team about what the fraud risks might be;
• building forensic knowledge into training, for example, by helping auditors to understand the ‘suspicious mindset’ and when this is appropriate; and
• involving forensic people in development of audit programmes so they have an influence even when they are not in the room.

8. Strengthen closedown

Areas requiring improvement often relate to problems arising during the audit closedown, according to regulators’ inspection reports, and firms are addressing this. Approaches include:

• maximising use of project management and workflow tools to monitor audit status;
• communicating expectations to clients on what is required before audit sign off;
• informally encouraging behaviours to push back on clients; and
• formal ‘end of audit’ processes using pre-sign off documents to inform team discussion or central challenge on matters such as significant risks, readiness for sign off and the application of professional scepticism.

Many of these tips come from some of the largest audit firms, but they offer opportunities for firms of all shapes and sizes to up their game when it comes to the apprehension of fraud. As new types of fraud, new ways of committing them and new tools to help the auditor spot them become apparent, frequent and up-to-date research and training are essential. Fraudsters innovate and so must auditors.

Treasure trove

ICAEW Quality Assurance (QAD) has created a series of short webinars, including one on fraud, providing insights from QAD audit monitoring activities.

The Audit and Assurance Faculty has also created fraud-related resources to assist audit firms. They include Focusing on fraud. This Audit & Beyond article considers recent regulatory developments, how auditors are affected and what they can expect going forward.

It also points readers towards these fraud-related resources from the faculty: How to report on irregularities, including fraud, in the auditor’s report – a guide for auditors and a version for first-time reporters; and Fraud and government support – a guide for auditors.

Fraudulent financial reporting: fresh thinking will also be of interest ). This thought leadership essay from the faculty focuses on ways in which the skills and insights of auditors can be brought to bear to maximise the likelihood of identifying fraudulent financial reporting.

The essay notes, among many other things, that auditors may find clues to the likelihood of fraud in the audited entity, paying attention to the following:

• Organisational culture – how do people behave and communicate in the business?
• Management style – what tone is set at the top?
• Motivations and pressures – what factors might drive relevant individuals to manipulate the numbers?
• Behavioural controls – how does the organisation promote a culture of honesty and openness?

At 15 pages long, it puts flesh on these bones and offers insights on matters ranging from reviewing and updating the audit approach, to spotting outliers and odd behaviour with the assistance of technology.
The Financial Reporting Council (FRC) issued its revised fraud auditing standard in May 2021. Do not overlook ISA (UK) 240 as a support tool. The appendices include examples of:

• fraud risk factors;
• possible audit procedures to address the assessed risks of material misstatement due to fraud; and
• circumstances that indicate the possibility of fraud.

ISA (UK) 240 The auditor’s responsibilities relating to fraud in an audit of financial statements is available from the FRC.

‘Challenge of management’ was the subject of a letter (in 2020) from the FRC – to heads of audit in the firms it regulates – which even the smallest firms may find useful in their fight against fraud. It identifies ‘ineffective challenge of management’ as a key driver of audit quality and, based on its inspections and firms’ root cause analysis, it highlights processes and attributes that are key features of effective challenge of management.

A pdf of the letter is on the FRC website.

The theme of a virtual FRC event during 2021 was Audit Firm Culture: Challenge. Trust. Transformation. A summary is available . Recordings of the sessions can be accessed.

The International Auditing and Assurance Standards Board facilitated three virtual round tables with experts, leaders and practitioners exploring issues and challenges around fraud and going concern. They focused on:

• the impact of technology advances on fraud perpetration and detection;
• differences between public perceptions and the auditor’s responsibilities for fraud and going concern; and
• fraud and going concern in audits of less complex entities.

A publication on this is available along with recordings of the round tables and breakout sessions.