Hmm, you actually made me thinking and I think you pointed great points. There are many errors such as overstatements, understatements of assets and liabilities. Even If there were no errors do not mean the audit is pointless. Thank you
>hinking and I think you pointed great points. There are many errors such as overstatements,
The amount of mistakes is endless even where we have great tech solution like the payroll process.
Everyone understands that auditors disclaim themselves from responsibility for finding fraud. Whether they’re *meant* to is a more philosophical debate.
Yes I taught numerous loan officers and most believed it was to detect fraud. Don’t get me started on what they thought was done on review level statements.
Audits may not be meant to find fraud, but per the AICPA guidance we're supposed to look for fraud. We just add the caveat that since people are actively trying to cover up fraud, we may not detect it. But you can be sure the firm will get it's balls sued off If it is found under a clean opinion.
You making me second guess myself made me look back to my CPA books from the past year lol. Its also part of the auditors opinion letter as part of managements responsibility. But I would imagine its also part of the engagement letter & planning as well.
It does not need to conclude that, it needs reasonable assurance of that.
That’s a major difference. You basically can’t conclude anything in an audit.
In the U.S. at least, audits provide *positive* / reasonable assurance ("**In our opinion**, the financial statements present fairly ...").
Reviews provide *negative* / limited assurance ("**We are not aware** of any material modifications that should be made ...").
why are big four companies getting regularly fined for not detecting fraudulent activity in the companies they audit? (genuine question; this is at least how i understand media reports on these fines)
I have a few general answers to that; but will disclaim I'm not in the audit field.
1. When two or more parties collude (work together to hide their actions), fraudulent activities can be basically undetectable. That's one of the reasons why audits are not specifically engaged into detect fraud - you just can't find it when a handful of key players are in on the fraud. However, if fraud is being perpetrated by a single actor, the fraud *should* be detectible, unless the firm is failing to segregate duties properly - which the audit should detect and fail the firm for. So if an audit fails to find overt fraud (committed by a single actor) which is or should be easily detectible, that can be negligence and a fine is appropriate. If the firm fails to detect a multi-actor scheme, especially if some of those actors are key players in the company, then that's understandable, it is likely no one could detect that fraud.
So the fines are likely issued to cases where the fraud was readily apparent and not found (negligence) rather than the audit was properly conducted, and the fraudulent actions were conducted with such sophistication that they could avoid detection entirely.
2. It could be a case of optics. If the fraud was bad enough (harmful enough to a sufficiently large group of people), the regulatory body may issue penalties because public opinion may demand that "someone pay for this." and the people attesting to the accuracy of the firm's condition are an easy target, even if they did not do anything wrong.
Also how many instances of "fraud" are even material to the financial statements? I'm curious if misappropriation of assets is part of this "fraud" umbrella quoted above too because most employees can do so but it's not likely to be material.
Remember an accountant is a watchdog, not a bloodhound. There have been situations where the most senior management of a corporation was sending falsified documents to the accountants which either misstated or overinflated various areas of the balance sheet. Forensic audits are the most meticulous in detail, but are the most costly so unless something has gone wrong, who knows what secrets are in the subledger?
Audit exists to provide some level of basic assurance that financial statements aren’t complete bullshit. Financial audits are not at all built to detect fraud.
Where is this statistic coming from, also?
Probably the misconception is a regular audit vs a forensic audit. A forensic audit would be to catch fraud.. but you don't usually see a regular forensic audit as part of a yearly engagement
Another thing that hasn't been said here yet, is that audits act as a deterrent from wannabe fraudsters.
Who's to say that a company that currently has no material amounts of fraud would still be like that, if they had no risk of detection in a world where audits do not exist?
So even if no fraud is found, they still do their job by leaving the threat of fraud being found down the line and dissuading people from committing fraud in the first place.
Provide reasonable assurance the financials are fairly stated. If a company with $30M in revenues had $50k stolen, it’s immaterial. Financials are fine.
Like you said, it depends. Usually fraud is specific, so the rest of the controls should be fine. Because if you're trying to overstate revenue for example through booking lots of accrued rev, then chances of AP controls being out of whack, or PPE contols, are not huge
I have had a situation where a medical company I was auditing was infected with randsomware and had to pay a “fee.” It was recorded, documented, and disclosed, so therefore there was *literally fraud* on the books, but it was disclosed so the financial statements were presented fairly.
Read that back to me…
>It’s not fraud, they were the ones defrauded.
Yea, so, there was an instance of fraud that occurred that was recorded on the books… a company can be the victim and often is the victim.
It’s not a financial statement fraud, correct, that was the entire point of the comment. The OP was discussing the fact that only 3% of frauds are found by audits. That’s any type of fraud.
The total point being that fraud is fully irrelevant to the audit itself. We are discussing material misstatements, and even in the instance of literal fraud occurring at the company, if it’s properly recorded, the audit doesn’t care.
Fraud is a crime. So let's say you do find Bob stealing from the cash box. You tell management about it, and they're like, "We like Bob, we're going to let it go." Now you have an employee that's know to steal from the company working at the company and management isn't going to do anything about it. As an audior, is that material?
Statistically, when you find fraud, you didn't luck out and catch someone on their very first attempt. And likely you didn't find the only theft. Fraud statistics show the average fraud has been perpetrated for over 5 years or more by the time it is detected. You have to unravel the string. That's why fraud is never immaterial.
Well yay and nay. If Bob is a low level employee and has no access to say accounts or anything, and the cashbox never carries more than 100 quid, and then management say - Bob will now not have access to the cashbox. Then you move on as an auditor, if the company say turns over more than 3m in a year then its not material. Same with stock theft of immaterial items by employees. If there is a chance that employees might steal a pack of sweets in a sweet producing factory, that can never be in of itself material to the company. Now, if there was an organised effort to steal stock over time, then yes. But one packet of sweets? Immaterial.
What if it's a $30M limited risk treasury center receiving a 12bps spread on a $250M (subprime) principal for a grand total $300k EBIT? $50k starts to look a lot more material then.
In the UK it is legally not the auditor's job to find fraud. This is becoming a contentious issue and may change after a few high profile cases, but for now it is management's job to prevent and detect fraud.
It will never change, auditors can't always detect low level fraud. We can only learn from mistakes - see Patisserie Valerie cash issues in audit, and how tight audit worl over cash has become, because partners focus on it
Incompetence, negligence, misapplication of GAAP. Can’t remember my Blaw shit that well, but I think those Don’t necessarily amount to fraud. In fraud there is an intentional misrepresentation.
Thanks for explaining. I think the phrase, "pulling numbers out of a hat" made it sound to me like they would be intentionally making up numbers rather than just simple errors or omissions, which is why it sounded like fraud to me.
More often then not, it's just the client doing something wrong or not doing something.
For big companies, they tend to have an accounting department doing their financial statements which often leads to better results, but that doesn't prevent math errors or not applying new accounting standards correctly.
And for small organizations, they might just not have an accounting department, and just have a bookkeeper that doesn't post accounting adjustments and relies on the auditor to calculate things like depreciation for them.
Audits keep generally honest people honest. They are not supposed to discover large scale operations to defraud. The point is to ensure that people acting in good faith are reporting everything properly. Audits aren't supposed to catch people committing crimes and such.
That’s what one of the partners always said.
It’s not “oh, I got hired on and was always a criminal.” It’s “oh, I’m a good honest person, but some shit went on in my life that I need money. I’m in a position of power and the money that could change my life is *immaterial* and I could get away with it because of my position.”
It’s that they were tempted probably *every day* with a risk that existed in their position and one day the coin came up heads.
The reality of an auditor coming into their department every year to ask them questions about their area, selecting samples that they have to pull etc. is likely to be a big deterrent.
Frankly, I’m at a small business that I am *the only finance person.* When I walked in the door, the first thing I did was set up checks on myself for other people to do because at the end of the day, I don’t want that kind of temptation in my life. I was offered the ability to sign checks, I said “nope, no thanks.” I hired an assistant to do things behind me (not literally) so that someone else was looking over my shoulder, and honestly, I’m not perfect and I’d like someone to check me in case I, *God Forbid,* make a mistake…
As per the engagement letter, auditor's primary objective isn't to detect frauds, but rather to be alert of circumstances which may indicate fraud. Also, deep laid fraud isn't expected to be uncovered by the auditor, due to inherent limitations of audit, and also that audit isn't the same as an investigation and an auditor isn't vested with the same powers as an investigating authority is.
Something I feel people aren’t saying - from a practical standpoint
- Audits force companies to a baseline of financial maturity to get them to access financial markets. Almost all significant debt requires an audit and every deal is using GAAP numbers, which are much cleaner when audited consistently.
Audits absolutely act as a deterrent to crappy accounting in general. Auditors themselves don’t do a bunch - but the person on the other side, often an ex auditor, is cleaning tons of shit up to get through an audit.
I hate when even my own PE partners say they don’t really care about the audit. I often point out it’s the thing that really kinda forces everyone to get their shit together. Nobody would do things correctly otherwise.
Absolutely agree. If I’m an LP in a PE fund, you bet your ass I care about the audit. I want to make sure my investments actually exist and actually are fairly valued, that the fund manager isn’t just running a Ponzi scheme, since often those private investments aren’t certificated and therefore cannot be held with a qualified custodian.
>I hate when even my own PE partners say they don’t really care about the audit. I often point out it’s the thing that really kinda forces everyone to get their shit together. Nobody would do things correctly otherwise.
Having been in companies that are audited and not audited, I can attest to this.
Taking us through a first time audit from cash basis. The books are a nightmare.
That said, I started the audit early, which is painful for all, but it’s also forcing us to do things
[A History Lesson](https://www.cpajournal.com/2020/11/25/history-of-the-auditing-world-part-1/)
Auditing does one thing: It *standardizes reporting*. That's what it does. While everyone hit on the purposes of auditing practically the theoretical framework of auditing is no different than any other framework of quality control; much like you wouldn't want to go to the grocery store and have [ambiguous packaging](https://www.thinkkaleidoscope.com/blog/history-packaging-regulations/) everywhere so it is that when you look at a company you want to actually know what you're looking at.
The reason auditing is so important is primarily because it allows someone to go in and make certain not only that investors are protected but also, especially for private companies, the regulations and standard code are being upheld so that there is a method of acquiring information. This is actually really important for things no one has brought up which is [government programs like HUD](https://us.aicpa.org/interestareas/governmentalauditquality/resources/hudinformation) which, for *all* HUD housing, the chart of accounts is the same and standardized. In governmental accounting the value of auditing is far more influential because it keeps embezzlement to a minimum and maximizes outcomes for tax acquisition since auditing can be informally considered as a means to gather taxes from the highest sources of income. The presence of the audit and the evolution of accounting rules is what allows us to even have this conversation today because knowing that 3% of anything exists requires you to have a system to detect even that 3% which, prior to modern (1930) auditing, didn't really exist since in order to audit you had to have a stake and if you had a stake ... Well... You know.
It turns out that auditing isn't the only place where this kind of thing is required, a la *Moody's* and their business models being greatly constrained for the same purposes.
as an auditor , i find a rudiculous amount of errors , which are not fraud, just errors made by the clients accountant. in most audit clients dont depreciate their assets well , they dont calculate their workers vacation pay etc etc . these mistakes/errors could techically be considered fraud if they were made on purpose, but they are not , so often auditors will just fix it and keep going. so even though theres no fraud , there's still a huge amount of errors that were found and fixed. the amount depends on your materiality.
It is not an auditors job to "find fraud"
I ensure the financial statements are reasonably stated in accordance with the applicable framework. Usually so my companies can get bank funding (I audit private companies). The bank is more likely to offer my client a $10 million loan I'd an auditor says their Financials are reasonably stated and there is not a Going Concern for the company to maintain open for the next year and not go bankrupt (which would cause them to default on their bank loan)
A benefit to the company might be that the auditors deter fraudsters or the audit might uncover material fraud. But it isn't the auditors job to find it, just report it to management if we do.
Financial statement audits are not designed to detect fraud but the procedures used in said audit *may uncover* fraudulent activity. We’re really signing off on whether the financial statements represent economic reality for the company. Most of the issues we uncover as auditors are accounting errors that can be corrected.
Working in industry I can fairly say that the only reason we maintain any resemblance of truth in our financial statements is the threat from external auditors
It's partly ticking a box, partly to have some reasonable assurance that there isn't anything massively obvious going on with the company. As near as I can figure the only people who actually ask for audit financial statements happen to be lenders.
True enough, the Large Business and Individual (LB&I) unit is the only one that asks with any expectation of receiving them, otherwise it's just another item on a list a few spaces before the kitchen sink when they issue their initial information requests.
They always ask for a copy of the return (which is fair since the IRS system is somewhat incomplete in what is actually retained and available for them to review, more complete than they let on, but still), the preparers workpapers\*, return worksheets & statements, shareholder/partner loans (to & from), fixed asset "schedules\*\*" and reconciliations, current list of officers, the general ledger, adjusting journal entries, tax journal entries, God help you if the company has a solely owned captive insurance company, for some reason they're on a tear about captives regardless of the circumstances, and for reasons I can't really explain - they want a reconciliation between book, tax, and the audited financials (even when the numbers tie and are provided elsewhere).
\* Not happening, you want something specific you get something specific, you're not getting everything
\*\* Doesn't matter that it's part of the return and you're providing it anyway.
They want the reconciliation probably because with good books it should be done already so no reason to do it again on the taxpayers dime. If someone can't/won't provide it it sends red flags. I'm surprised they don't ask for minutes and backup of the acc software (raw database).
Maybe we don‘t hire enough interns? Everybody knows 99% of fraud gets detected by interns.
Our intern literally just found fraud yesterday, when he found out that the balance of bank account itself was off by USD 10.99.
Case closed, thanks nicolas!
Other than fraud prevention and creating an environment that discourages fraud, it's also to ensure that financial statements are prepared in accordance with GAAP or IFRS so that people who read and rely on them can understand and compare different companies.
It’s only meant to catch obvious or previously attempted methods. A similar example is the TSA at the airport. They are meant to catch the previous methods and obvious methods used to attack planes.
As to your 3% figure, there is going to be some bias there. A lot of accounting professionals in management come from audit and learn how audit works. If they are going to perpetuate fraud, they are going to learn how audit professionals look at the data. Instead of doing something that the audit team will catch, the do something that they won’t catch.
EEEEERT. Wrong. You just failed advanced auditing.
Isa 200: “As the basis for the auditor’s opinion, ISAs require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance is a high level of assurance.” Ergo, finding fraud is partially the purpose of the audit.
>Ergo, finding fraud is partially the purpose of the audit
The purpose is to identify material misstatements as you quoted yourself to give investors et al reasonably assured information about the company, not whether it has fraud or not because every company size >x has fraud somewhere.
If the fraud is not material it means nothing and it wont be tested. Fraud is not the goal, it is a part of audit to complete the goal of assuring f/s are free of material misstatement.
If fraud detection was the idea behind audit, controls would be implemented very differently but nobody cares if pens and paperclips get stolen because they dont matter to the idea of audit.
To say “finding fraud is not the purpose of the audit” is just perpetually wrong: especially given new reporting requirements on auditors processes to identify/mitigate risks of fraud. Yes, we don’t care about a stolen paperclip, but if you don’t perform procedures related to fraud (both management override of controls as well as misappropriation of assets): you’re not auditing right.
You raise a very good point. As an auditor I find myself having trouble justifying this without it sounding like as a profession we just put an asterisk at the bottom of the report.
The truth is an audit is designed to ensure the financials are free of material mistatement due to fraud or error. In our audit procedures we do have guidance that dictates we are to address fraud risk especially in relation to revenue. Now to say you do not have a point that many audit firms work with untrained/overworked staff it's not to say that is prolific through the Industry.
Now the reason why fraud is so difficult to catch is because it so often involves collision. Let's say someone in the warehouse falsifies receiving docs then someone in AP falsifies an invoice..if those invoices were small enough in a multi billion dollar company then these could easily be overlooked and even if pulled as a sample selection could be passed off as a real vendor invoice.
It's a highly complex situation because if auditors wet we calling or verifying every vendor etc, and audit would cost hundreds of thousands of dollars and more often than not they would not find something in relation to fraud.
Fraud honestly is better reported from within because those within are best positioned to report it. Either to external auditors or regulators.
It's also worth noting that collusion is often the only good method available if the company has a combination of solid internal control and regular audits both internal and external.
I’m surprised that you’re in a Big 4 accounting firm, and an auditor. Even if you’re a first year or fresh out of college, the point of an audit never has been to detect fraud.
As others have said, the point is to ensure the financial statements are free of material errors or omissions and in compliance with the GAAP or IFRS.
“Can investors trust financial data that [was] audited by CPAs?” - more than if they were not audited. Yes, they care.
Internal controls and testing those controls does not prevent fraud outright.
Again, amazing that you’re at a big 4.
I think the problem is that. Companies assume that it is the auditors' job to find the fraud and they don't take the correct measures/technologies to identify mistakes and fraud in time.
The purpose of an audit is not to uncover fraud. It's to make sure listed amounts aren't out by a certain amount. It's to catch accounting errors. Even if a fraud isn't uncovered by the auditor and is later found. The auditor isn't in trouble unless they should have reasonable spotted it.
It’s the responsibility of management and board of directors to put in practices that prevent fraud.
The auditors are just supposed to report fraud if it has been found. (Sorry for my bad english)
There’s also the fear of being caught and consequences. Just like someone putting up a fake camera outside of the liquor cabinet. It might not actually work, but it does prevent some people from stealing.
In my opinion, just because no fraud was found, it doesn't mean the audit isn't/wasn't worth it. Until the audit was completed correctly and in its entirety, the potential for fraud is always present until it is 100% certain no fraud was committed.
Just keep fraud in mind when doing your audit. I actually caught a guy embezzling once. Forensic accounting is so cool. Me and my junior wanted to join the FBI afterwards, lol
In my opinion, if you want to catch fraud you cant count on your auditors for the reasons you listed above.
In order to catch fraud you need to have two things:
1. proper internal controls that are effective and that are applicable to your company
2. a stand alone system that reviews all the company's financial data (ERP, AP, AR, Payroll. inventory etc,) and does independent checks all the time (not like audit which is done at the end of a period). the system does not record any new JE, just reviews and compares the data and provides different alerts.
[удалено]
Hmm, you actually made me thinking and I think you pointed great points. There are many errors such as overstatements, understatements of assets and liabilities. Even If there were no errors do not mean the audit is pointless. Thank you
>hinking and I think you pointed great points. There are many errors such as overstatements, The amount of mistakes is endless even where we have great tech solution like the payroll process.
Because the tech is only good if it’s used correctly.
I couldnt agree more :)
Don’t forget revenues and expenses.
1. Are you really gonna sit here and act like assurance practice isn’t a scam?
What is assurance?
Audits and the like
Audits aren't meant to find fraud. It's literally part of the letter given to the client at the beginning/end\* of an audit lol.
It's amazing how many people don't understand this
Yet many people expect it (see audit expectation gap)
Everyone understands that auditors disclaim themselves from responsibility for finding fraud. Whether they’re *meant* to is a more philosophical debate.
Yes I taught numerous loan officers and most believed it was to detect fraud. Don’t get me started on what they thought was done on review level statements.
*cough* Compiled *cough*. Fuck compiled statements. I wouldn't wipe my ass with them.
Audits may not be meant to find fraud, but per the AICPA guidance we're supposed to look for fraud. We just add the caveat that since people are actively trying to cover up fraud, we may not detect it. But you can be sure the firm will get it's balls sued off If it is found under a clean opinion.
[удалено]
To provide reasonable assurance that the financial statements are free from material misstatements
Straight out of the ISAs
At the beginning of the audit
You making me second guess myself made me look back to my CPA books from the past year lol. Its also part of the auditors opinion letter as part of managements responsibility. But I would imagine its also part of the engagement letter & planning as well.
Yeah it’s definitely a disclaimer in the engagement contract + the public auditor’s report
Thanks for the correction.
[удалено]
It does not need to conclude that, it needs reasonable assurance of that. That’s a major difference. You basically can’t conclude anything in an audit.
95% sure +/- a couple, lol
[удалено]
I thought we weren't allowed to issue positive opinions, only neutral and negative
In the U.S. at least, audits provide *positive* / reasonable assurance ("**In our opinion**, the financial statements present fairly ..."). Reviews provide *negative* / limited assurance ("**We are not aware** of any material modifications that should be made ...").
why are big four companies getting regularly fined for not detecting fraudulent activity in the companies they audit? (genuine question; this is at least how i understand media reports on these fines)
I have a few general answers to that; but will disclaim I'm not in the audit field. 1. When two or more parties collude (work together to hide their actions), fraudulent activities can be basically undetectable. That's one of the reasons why audits are not specifically engaged into detect fraud - you just can't find it when a handful of key players are in on the fraud. However, if fraud is being perpetrated by a single actor, the fraud *should* be detectible, unless the firm is failing to segregate duties properly - which the audit should detect and fail the firm for. So if an audit fails to find overt fraud (committed by a single actor) which is or should be easily detectible, that can be negligence and a fine is appropriate. If the firm fails to detect a multi-actor scheme, especially if some of those actors are key players in the company, then that's understandable, it is likely no one could detect that fraud. So the fines are likely issued to cases where the fraud was readily apparent and not found (negligence) rather than the audit was properly conducted, and the fraudulent actions were conducted with such sophistication that they could avoid detection entirely. 2. It could be a case of optics. If the fraud was bad enough (harmful enough to a sufficiently large group of people), the regulatory body may issue penalties because public opinion may demand that "someone pay for this." and the people attesting to the accuracy of the firm's condition are an easy target, even if they did not do anything wrong.
thanks to both of you! that was insightful
Also how many instances of "fraud" are even material to the financial statements? I'm curious if misappropriation of assets is part of this "fraud" umbrella quoted above too because most employees can do so but it's not likely to be material.
Remember an accountant is a watchdog, not a bloodhound. There have been situations where the most senior management of a corporation was sending falsified documents to the accountants which either misstated or overinflated various areas of the balance sheet. Forensic audits are the most meticulous in detail, but are the most costly so unless something has gone wrong, who knows what secrets are in the subledger?
Well.. Who is the bloodhound then? Just curious.
Generally the beginning in the USA. Generally the end in Europe. Elsewhere I dont know.
Audit exists to provide some level of basic assurance that financial statements aren’t complete bullshit. Financial audits are not at all built to detect fraud. Where is this statistic coming from, also?
This is correct... That they are presented "fairly"
I feel like using “they are presented as being materially free from bullshit” just sounds so much less dry
I would hope all financial statements are free from physical bull poop, fraud or not :)
Well, maybe a pinch of fraud, just to spice it up. Materially free of fraud, make people think a little in how to better commit their fraud
If you Google this the article comes up.
From the book I read. True, thanks for your opinion. Really appreciated
Probably the misconception is a regular audit vs a forensic audit. A forensic audit would be to catch fraud.. but you don't usually see a regular forensic audit as part of a yearly engagement
What book?
Rich Dad Poor Dad
[удалено]
He dumped all his toxic assets in a SPV
No, it's just really hated on this sub
Another thing that hasn't been said here yet, is that audits act as a deterrent from wannabe fraudsters. Who's to say that a company that currently has no material amounts of fraud would still be like that, if they had no risk of detection in a world where audits do not exist? So even if no fraud is found, they still do their job by leaving the threat of fraud being found down the line and dissuading people from committing fraud in the first place.
Provide reasonable assurance the financials are fairly stated. If a company with $30M in revenues had $50k stolen, it’s immaterial. Financials are fine.
Depends, if it’s management fraud, one can no longer rely on entity level controls and by extend, no longer audit
Like you said, it depends. Usually fraud is specific, so the rest of the controls should be fine. Because if you're trying to overstate revenue for example through booking lots of accrued rev, then chances of AP controls being out of whack, or PPE contols, are not huge
So what you’re trying to say is: “yes, u/henkie-t, you’re right. It depends”
Ah makes sense! That’s good point! If companies make 30M and finding 50k fraud should be immaterial
I have had a situation where a medical company I was auditing was infected with randsomware and had to pay a “fee.” It was recorded, documented, and disclosed, so therefore there was *literally fraud* on the books, but it was disclosed so the financial statements were presented fairly.
It’s not fraud if they were the ones defrauded.
Read that back to me… >It’s not fraud, they were the ones defrauded. Yea, so, there was an instance of fraud that occurred that was recorded on the books… a company can be the victim and often is the victim.
[удалено]
It’s not a financial statement fraud, correct, that was the entire point of the comment. The OP was discussing the fact that only 3% of frauds are found by audits. That’s any type of fraud. The total point being that fraud is fully irrelevant to the audit itself. We are discussing material misstatements, and even in the instance of literal fraud occurring at the company, if it’s properly recorded, the audit doesn’t care.
Why is it fraud
Ransomware still keeps me up at night. Do you know how much they had to pay?
Fraud is never immaterial!
Is that so? So if you find out personnel stole a sandwich from the sandwich stand you give out a qualified opinion?
Sandwiches aren't covered by the audit.
So you’re saying they’re immaterial?
Yes, it can be. Low level employees stealing 100 quid from the cash box is still fraud. Highly immaterial though to most companies
Fraud is a crime. So let's say you do find Bob stealing from the cash box. You tell management about it, and they're like, "We like Bob, we're going to let it go." Now you have an employee that's know to steal from the company working at the company and management isn't going to do anything about it. As an audior, is that material?
Statistically, when you find fraud, you didn't luck out and catch someone on their very first attempt. And likely you didn't find the only theft. Fraud statistics show the average fraud has been perpetrated for over 5 years or more by the time it is detected. You have to unravel the string. That's why fraud is never immaterial.
Well yay and nay. If Bob is a low level employee and has no access to say accounts or anything, and the cashbox never carries more than 100 quid, and then management say - Bob will now not have access to the cashbox. Then you move on as an auditor, if the company say turns over more than 3m in a year then its not material. Same with stock theft of immaterial items by employees. If there is a chance that employees might steal a pack of sweets in a sweet producing factory, that can never be in of itself material to the company. Now, if there was an organised effort to steal stock over time, then yes. But one packet of sweets? Immaterial.
What if it's a $30M limited risk treasury center receiving a 12bps spread on a $250M (subprime) principal for a grand total $300k EBIT? $50k starts to look a lot more material then.
The audit isn’t necessarily there to find fraud. It’s also to make sure a company isn’t pulling numbers from out of a hat.
In the UK it is legally not the auditor's job to find fraud. This is becoming a contentious issue and may change after a few high profile cases, but for now it is management's job to prevent and detect fraud.
If auditor is to take responsibility for fraud, may as well double the fees lol.
It will never change, auditors can't always detect low level fraud. We can only learn from mistakes - see Patisserie Valerie cash issues in audit, and how tight audit worl over cash has become, because partners focus on it
I'm not an accountant or a lawyer, but if your client is just making up numbers isn't that... fraud?
Incompetence, negligence, misapplication of GAAP. Can’t remember my Blaw shit that well, but I think those Don’t necessarily amount to fraud. In fraud there is an intentional misrepresentation.
Thanks for explaining. I think the phrase, "pulling numbers out of a hat" made it sound to me like they would be intentionally making up numbers rather than just simple errors or omissions, which is why it sounded like fraud to me.
I think gross negligence also counts as fraud, and making up numbers is certainly gross negligence.
More often then not, it's just the client doing something wrong or not doing something. For big companies, they tend to have an accounting department doing their financial statements which often leads to better results, but that doesn't prevent math errors or not applying new accounting standards correctly. And for small organizations, they might just not have an accounting department, and just have a bookkeeper that doesn't post accounting adjustments and relies on the auditor to calculate things like depreciation for them.
Sorry, if your not an accountant or a lawyer are you just browsing this sub for fun then?
Yup! What can I say, I love a good excel meme every now and then.
IFRS wants to know your location
Better question: how much fraud would there be without audits?
Meanwhile, back at Enron’s HQ…
Audits keep generally honest people honest. They are not supposed to discover large scale operations to defraud. The point is to ensure that people acting in good faith are reporting everything properly. Audits aren't supposed to catch people committing crimes and such.
That’s what one of the partners always said. It’s not “oh, I got hired on and was always a criminal.” It’s “oh, I’m a good honest person, but some shit went on in my life that I need money. I’m in a position of power and the money that could change my life is *immaterial* and I could get away with it because of my position.” It’s that they were tempted probably *every day* with a risk that existed in their position and one day the coin came up heads. The reality of an auditor coming into their department every year to ask them questions about their area, selecting samples that they have to pull etc. is likely to be a big deterrent. Frankly, I’m at a small business that I am *the only finance person.* When I walked in the door, the first thing I did was set up checks on myself for other people to do because at the end of the day, I don’t want that kind of temptation in my life. I was offered the ability to sign checks, I said “nope, no thanks.” I hired an assistant to do things behind me (not literally) so that someone else was looking over my shoulder, and honestly, I’m not perfect and I’d like someone to check me in case I, *God Forbid,* make a mistake…
As per the engagement letter, auditor's primary objective isn't to detect frauds, but rather to be alert of circumstances which may indicate fraud. Also, deep laid fraud isn't expected to be uncovered by the auditor, due to inherent limitations of audit, and also that audit isn't the same as an investigation and an auditor isn't vested with the same powers as an investigating authority is.
Something I feel people aren’t saying - from a practical standpoint - Audits force companies to a baseline of financial maturity to get them to access financial markets. Almost all significant debt requires an audit and every deal is using GAAP numbers, which are much cleaner when audited consistently. Audits absolutely act as a deterrent to crappy accounting in general. Auditors themselves don’t do a bunch - but the person on the other side, often an ex auditor, is cleaning tons of shit up to get through an audit. I hate when even my own PE partners say they don’t really care about the audit. I often point out it’s the thing that really kinda forces everyone to get their shit together. Nobody would do things correctly otherwise.
Absolutely agree. If I’m an LP in a PE fund, you bet your ass I care about the audit. I want to make sure my investments actually exist and actually are fairly valued, that the fund manager isn’t just running a Ponzi scheme, since often those private investments aren’t certificated and therefore cannot be held with a qualified custodian.
>I hate when even my own PE partners say they don’t really care about the audit. I often point out it’s the thing that really kinda forces everyone to get their shit together. Nobody would do things correctly otherwise. Having been in companies that are audited and not audited, I can attest to this.
Taking us through a first time audit from cash basis. The books are a nightmare. That said, I started the audit early, which is painful for all, but it’s also forcing us to do things
[A History Lesson](https://www.cpajournal.com/2020/11/25/history-of-the-auditing-world-part-1/) Auditing does one thing: It *standardizes reporting*. That's what it does. While everyone hit on the purposes of auditing practically the theoretical framework of auditing is no different than any other framework of quality control; much like you wouldn't want to go to the grocery store and have [ambiguous packaging](https://www.thinkkaleidoscope.com/blog/history-packaging-regulations/) everywhere so it is that when you look at a company you want to actually know what you're looking at. The reason auditing is so important is primarily because it allows someone to go in and make certain not only that investors are protected but also, especially for private companies, the regulations and standard code are being upheld so that there is a method of acquiring information. This is actually really important for things no one has brought up which is [government programs like HUD](https://us.aicpa.org/interestareas/governmentalauditquality/resources/hudinformation) which, for *all* HUD housing, the chart of accounts is the same and standardized. In governmental accounting the value of auditing is far more influential because it keeps embezzlement to a minimum and maximizes outcomes for tax acquisition since auditing can be informally considered as a means to gather taxes from the highest sources of income. The presence of the audit and the evolution of accounting rules is what allows us to even have this conversation today because knowing that 3% of anything exists requires you to have a system to detect even that 3% which, prior to modern (1930) auditing, didn't really exist since in order to audit you had to have a stake and if you had a stake ... Well... You know. It turns out that auditing isn't the only place where this kind of thing is required, a la *Moody's* and their business models being greatly constrained for the same purposes.
as an auditor , i find a rudiculous amount of errors , which are not fraud, just errors made by the clients accountant. in most audit clients dont depreciate their assets well , they dont calculate their workers vacation pay etc etc . these mistakes/errors could techically be considered fraud if they were made on purpose, but they are not , so often auditors will just fix it and keep going. so even though theres no fraud , there's still a huge amount of errors that were found and fixed. the amount depends on your materiality.
It is not an auditors job to "find fraud" I ensure the financial statements are reasonably stated in accordance with the applicable framework. Usually so my companies can get bank funding (I audit private companies). The bank is more likely to offer my client a $10 million loan I'd an auditor says their Financials are reasonably stated and there is not a Going Concern for the company to maintain open for the next year and not go bankrupt (which would cause them to default on their bank loan) A benefit to the company might be that the auditors deter fraudsters or the audit might uncover material fraud. But it isn't the auditors job to find it, just report it to management if we do.
Financial statement audits are not designed to detect fraud but the procedures used in said audit *may uncover* fraudulent activity. We’re really signing off on whether the financial statements represent economic reality for the company. Most of the issues we uncover as auditors are accounting errors that can be corrected.
Working in industry I can fairly say that the only reason we maintain any resemblance of truth in our financial statements is the threat from external auditors
It's partly ticking a box, partly to have some reasonable assurance that there isn't anything massively obvious going on with the company. As near as I can figure the only people who actually ask for audit financial statements happen to be lenders.
Sometimes owners as well
And potential owners
I imagine the IRS might ask for them as well in some cases, but the auditors probably aren't involved at this stage.
True enough, the Large Business and Individual (LB&I) unit is the only one that asks with any expectation of receiving them, otherwise it's just another item on a list a few spaces before the kitchen sink when they issue their initial information requests.
Just curious what kind of other kitchen sink items have you seen?
They always ask for a copy of the return (which is fair since the IRS system is somewhat incomplete in what is actually retained and available for them to review, more complete than they let on, but still), the preparers workpapers\*, return worksheets & statements, shareholder/partner loans (to & from), fixed asset "schedules\*\*" and reconciliations, current list of officers, the general ledger, adjusting journal entries, tax journal entries, God help you if the company has a solely owned captive insurance company, for some reason they're on a tear about captives regardless of the circumstances, and for reasons I can't really explain - they want a reconciliation between book, tax, and the audited financials (even when the numbers tie and are provided elsewhere). \* Not happening, you want something specific you get something specific, you're not getting everything \*\* Doesn't matter that it's part of the return and you're providing it anyway.
They want the reconciliation probably because with good books it should be done already so no reason to do it again on the taxpayers dime. If someone can't/won't provide it it sends red flags. I'm surprised they don't ask for minutes and backup of the acc software (raw database).
I forgot to add the minutes in my list but that's usually on their as well. That and asking for everything in excel.
Audit would always ask me to show them what i do…i can just say 2+2 = 5..And say just look at the procedures…it says there 🤷🏻♂️
If a company is actively trying to hide fraude, its allmost impossible to detect fraude.
Auditing finds errors more than fraud
Maybe we don‘t hire enough interns? Everybody knows 99% of fraud gets detected by interns. Our intern literally just found fraud yesterday, when he found out that the balance of bank account itself was off by USD 10.99. Case closed, thanks nicolas!
1. You guys get paid to perform audits?
Yes because just knowing that you will be audited will lead to cleaner financials before the audit.
Yes because just knowing that you will be audited will lead to cleaner financials before the audit.
Can you imagine the amount of fraud if there weren’t audits?
Other than fraud prevention and creating an environment that discourages fraud, it's also to ensure that financial statements are prepared in accordance with GAAP or IFRS so that people who read and rely on them can understand and compare different companies.
If you loaned a company $100mm, would you be okay with there being no external validation of the results management is sending you?
How is it know that it's 3% if the other fraud is never found.
Probably looking at past companies where fraud was found which passed audits.
How do I up vote twice? Thank you.
This sounds like your fishing for blackboard discuss points. let's discuss
Auditors are not here to find fraud … go back to your textbook :)
It’s only meant to catch obvious or previously attempted methods. A similar example is the TSA at the airport. They are meant to catch the previous methods and obvious methods used to attack planes. As to your 3% figure, there is going to be some bias there. A lot of accounting professionals in management come from audit and learn how audit works. If they are going to perpetuate fraud, they are going to learn how audit professionals look at the data. Instead of doing something that the audit team will catch, the do something that they won’t catch.
Because finding fraud is not the purpose of audit
EEEEERT. Wrong. You just failed advanced auditing. Isa 200: “As the basis for the auditor’s opinion, ISAs require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance is a high level of assurance.” Ergo, finding fraud is partially the purpose of the audit.
>Ergo, finding fraud is partially the purpose of the audit The purpose is to identify material misstatements as you quoted yourself to give investors et al reasonably assured information about the company, not whether it has fraud or not because every company size >x has fraud somewhere. If the fraud is not material it means nothing and it wont be tested. Fraud is not the goal, it is a part of audit to complete the goal of assuring f/s are free of material misstatement. If fraud detection was the idea behind audit, controls would be implemented very differently but nobody cares if pens and paperclips get stolen because they dont matter to the idea of audit.
To say “finding fraud is not the purpose of the audit” is just perpetually wrong: especially given new reporting requirements on auditors processes to identify/mitigate risks of fraud. Yes, we don’t care about a stolen paperclip, but if you don’t perform procedures related to fraud (both management override of controls as well as misappropriation of assets): you’re not auditing right.
This is the answer
You raise a very good point. As an auditor I find myself having trouble justifying this without it sounding like as a profession we just put an asterisk at the bottom of the report. The truth is an audit is designed to ensure the financials are free of material mistatement due to fraud or error. In our audit procedures we do have guidance that dictates we are to address fraud risk especially in relation to revenue. Now to say you do not have a point that many audit firms work with untrained/overworked staff it's not to say that is prolific through the Industry. Now the reason why fraud is so difficult to catch is because it so often involves collision. Let's say someone in the warehouse falsifies receiving docs then someone in AP falsifies an invoice..if those invoices were small enough in a multi billion dollar company then these could easily be overlooked and even if pulled as a sample selection could be passed off as a real vendor invoice. It's a highly complex situation because if auditors wet we calling or verifying every vendor etc, and audit would cost hundreds of thousands of dollars and more often than not they would not find something in relation to fraud. Fraud honestly is better reported from within because those within are best positioned to report it. Either to external auditors or regulators.
It's also worth noting that collusion is often the only good method available if the company has a combination of solid internal control and regular audits both internal and external.
I’m surprised that you’re in a Big 4 accounting firm, and an auditor. Even if you’re a first year or fresh out of college, the point of an audit never has been to detect fraud. As others have said, the point is to ensure the financial statements are free of material errors or omissions and in compliance with the GAAP or IFRS. “Can investors trust financial data that [was] audited by CPAs?” - more than if they were not audited. Yes, they care. Internal controls and testing those controls does not prevent fraud outright. Again, amazing that you’re at a big 4.
Go play ps4 you poor student
Incredible comeback, shouldn’t have expected less. Good luck with your future rejections!
Yo mama
To make sure that your accountant is doing his job properly
I think the problem is that. Companies assume that it is the auditors' job to find the fraud and they don't take the correct measures/technologies to identify mistakes and fraud in time.
I think the problem is fraudsters going to commit fraud.
It’s just a checking process.
The correct answer is ‘billable time’
To double check my accountant's entries and work. But also, to find fraud.
Maybe it’s written into a loan covenant by the bank?
The purpose of an audit is not to uncover fraud. It's to make sure listed amounts aren't out by a certain amount. It's to catch accounting errors. Even if a fraud isn't uncovered by the auditor and is later found. The auditor isn't in trouble unless they should have reasonable spotted it.
I'm thankful for the protection the audit provided me. Without the audit, the fraud would have been so much worse.
Don’t the forensic people find fraud?
If there's already a suspicion that something is going on, then yes, they may be brought in for that purpose.
Read isa 200
I’m pretty sure the accounting department isn’t committing fraud. They’re just full blown IDIOTS.
Audits to me aren't about the fraud at all, it's about companies being required to have an audit and the B4/regional firms offer this service.
It’s the responsibility of management and board of directors to put in practices that prevent fraud. The auditors are just supposed to report fraud if it has been found. (Sorry for my bad english)
So 97% of frauds get through clean ?
Nope 97% of frauds found by whistle blowers and other stuffs
Mistakes can always happen.
As others have said, it’s not designed to detect fraud. I’d also argue that the existence of an external audit acts as a deterrent though.
It's all theater
There’s also the fear of being caught and consequences. Just like someone putting up a fake camera outside of the liquor cabinet. It might not actually work, but it does prevent some people from stealing.
Companies have better accounting because they’re audited. Sure it’s perfunctory, but you don’t want the alternative.
Audit is just a Ponzi scheme
In my opinion, just because no fraud was found, it doesn't mean the audit isn't/wasn't worth it. Until the audit was completed correctly and in its entirety, the potential for fraud is always present until it is 100% certain no fraud was committed.
It’s to scare companies from committing fraud. Or to make sure company’s financial statements look decent enough.
Imagine how much more fraud there’d be…banks literally wouldn’t want to lend money
[удалено]
Better than a person who is addicted to stupid game heh?
Our auditors have caught millions of dollars worth of errors and I do think they provide confidence as to materially accurate information.
Only million? U sure? Lol for some companies, million dollar is immaterial
Nah it was millions plural. 10M here, 10M there.
Ah I see
Just keep fraud in mind when doing your audit. I actually caught a guy embezzling once. Forensic accounting is so cool. Me and my junior wanted to join the FBI afterwards, lol
To deter the other 97%
In my opinion, if you want to catch fraud you cant count on your auditors for the reasons you listed above. In order to catch fraud you need to have two things: 1. proper internal controls that are effective and that are applicable to your company 2. a stand alone system that reviews all the company's financial data (ERP, AP, AR, Payroll. inventory etc,) and does independent checks all the time (not like audit which is done at the end of a period). the system does not record any new JE, just reviews and compares the data and provides different alerts.