This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Recent corporate collapses have raised the question "where were the auditors?" Enron, WorldCom, Tyco and HIH are just a few companies that manipulated accounting rules to boost their earnings. In each of these corporate collapses the auditors failed to detect significant corporate fraud. To answer this question we must understand the different roles of internal auditors, external auditors and forensic accountants. It is also important to consider the expectation gap between auditors, the public, and management.
Following the introduction of the Sarbanes-Oxley Act in 2002 Australian regulators have also introduced new standards such as SAS 240 and CLERP 9 (The Corporate Law Economic Reform Program) which will significantly change the way auditors not only conduct audits, but also how they approach an audit. Consideration of fraud of financial statements is now a requirement auditors must consider. These reforms will also provide an increased need for forensic accounting services which will ultimately lead to an extension of traditional forensic accounting engagements.
2.0 Corporate Failures
Corporate failures occur almost on a daily basis and are caused by a variety of factors. Common factors are weakness of internal controls and corporate governance resulting from poor or ineffective management. These weaknesses provide opportunities for employees and other perpetrators to commit acts of fraud thus compounding the company's woes. The collapse of corporate giants such as Enron, WorldCom and HIH provide good examples of where corporate weaknesses lead to critical incidences of fraud.
The role of internal and external auditors in corporate failures has been mixed whilst their effectiveness could be described as diverse. One possible explanation is the link between audit and other common deficiencies such as the independence of auditors, both internal and external, corporate governance and the culture of the organisations. To illustrate this link the role of internal and external auditor's can be defined as follows:
The basic function of the internal auditor is the independent appraisal of a company's internal controls. It is about bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance within the organisation. Companies must have a strong internal audit function; one that reports directly to an audit committee and is supported by good corporate governance. In doing this, many frauds can be discovered by internal auditors. Unfortunately, management has significant influence over an internal auditor's commitment to detect fraud. By limiting available resources or the scope of the audit, top management can effectively conceal fraud. Therefore, the external fraud auditor has a key role to play in uncovering fraud and presenting evidence.
An external auditor's role is to conduct a financial statement audit to determine if a company's financial statements conform to generally accepted accounting principles and present fairly, in all material respects, the company's financial position at a certain point in time. Buckhoff (2008) In other words, the role of external auditors is to underwrite the credibility of the financial reports so that users can be assured that what they are reading reflects the company's true financial position.
Having defined the auditor's role their link to independence and governance can be established as follows:
Recognising the value of independence and actually being independent are two different matters. For auditors to be able to carry out their tasks fully, effectively and professionally, they must be, and be seen to be, independent.
The lack of audit independence provides one possible answer to the question of "where were the auditors" in the wake of unexpected corporate failures. One crucially important part of being seen to be independent is that audit firms may no longer offer other consulting services to the client like Enron did by outsourcing its internal audit function to the company's external auditors, Arthur Andersen. This created a massive conflict of interest for the auditors which put enormous pressure on Arthur Andersen to ensure a favourable audit report.
The Sarbanes-Oxley Act establishes the responsibility of the auditor to provide an independent assessment on the effectiveness of the internal controls over financial reporting to the investors and management. CLERP9 (Corporate Law Economic Reform Program) is generally seen as Australia's version of the Sarbanes-Oxley Act. In other words, companies must have effective internal control systems that can be easily and objectively presented and evaluated both by internal and external auditors.
The inadequacies of internal audit programs in collapsed organisations such as Enron and HIH is further illustrated by the restricted reporting regime internal auditors were confined to. The "management only" reporting system these companies adopted is deeply flawed and should have never been accepted by the company directors. (REFERENCE) The Institute of Internal Auditors Australia (IIA) believes that best practice requires the internal auditor to have a dual reporting relationship to the chief executive as well as to the audit committee of the board of directors. In fact, only through regulating best practices can the full, beneficial impact of internal auditing in managing risk and improving organisational performance be achieved.
Corporate governance is the system by which companies are directed and managed. It influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimised. One of the many lessons learnt from recent corporate collapses is a need to monitor management to prevent shirking and other opportunistic behaviour. Another failure of corporate governance demonstrated in most corporate collapses, is that internal control mechanisms are short-circuited by conflicts of interest that enriched certain managers at the expense of shareholders. (REFERENCE) All these issues can be addressed through a good corporate governance program. Unfortunately, a lack of attention from the board of directors, integrity of management and a corporate culture to protect earnings at all cost, were all common elements exposed under the carcases of these corporate failures.
Anecdotally it can be concluded that deficiencies within audit independence and/or corporate governance programs can impede an auditor's ability to react to indicators of fraud.
3.0 Audit Expectation Gap
With many recent failures of auditors to identify fraud the expectation gap continues to widen. An audit expectation gap can exist between external auditors and stakeholders and also between internal auditors and company management. The expectation gap may be separated into two components: the reasonableness gap and the performance gap. Koh and Woo (1998) The former appears when people expect more from an audit than it can give in practical terms, such as detecting all instances of fraud. The latter refers to the gap between what auditors can reasonably be expected to do and what they are perceived to do.
Auditors and the public hold different beliefs about the auditor's duties and responsibilities and the messages conveyed by audit reports. The audit expectation can therefore be described as the gap between the auditor's actual standard of performance and the various public expectations of auditors' performance, as opposed to their required standard of performance.
An expectations gap often exists between management's understanding of internal auditing responsibilities and the department's own views. Although internal auditors have a role to play in identifying fraud, the primary responsibility does fall on management. The challenge they face is getting managers to understand where internal audit responsibility for fraud ends and where management responsibility starts, and eliminating the disconnection in between.
Within a social context, the expectations gap will be difficult to eliminate due to social conflict and the fact that the meaning of social practices is always subject to challenges. This will also not be helped by the introduction of ASA 240 'The Auditors Responsibility to Consider Fraud in an Audit of a Financial Report'.
4.0 Lessons Learned
An audit failure takes place when an auditor indicates to the public that a client's financial statements are fairly presented in accordance with generally accepted accounting principles when in fact they are not. Pearson (1987)
There are a number of reasons why an auditor may fail to identify fraud during an audit. These include but are not limited to:
The auditor's ability;
lack of awareness or recognition of an observed condition indicating fraud.
lack of experience.
The auditor's effort;
personal relationships with clients.
overreliance on client representations.
A primary lesson learnt from the financial failure and subsequent corporate collapse of organisations is that good governance, risk management, and internal controls are essential to corporate success and longevity. Any weakness in these areas not only provides the opportunity to commit fraud but can also provide the incentive required.
Whilst an auditor's responsibility to detect fraud was limited until the introduction of the Sarbanes- Oxley Act of 2002 and more recently in Australia with the introduction of ASA 240, auditors have always had a responsibility to be independent. Unfortunately in most corporate collapses it is not uncommon to hear that auditors also provided other services to the organisation which weakened their independence, particular when fees from other services are substantial.
5.0 Forensic Accounting Engagement
What distinguishes forensic accounting from audits, are the engagements. Simply put, forensic accounting involves the identification of fraud which is suitable for legal review. In comparison, traditional auditing is a process of reviewing the work of others to determine if they have followed the prescribed policies, procedures and practice.
Forensic accounting can be defined as "the application of financial skills, and an investigative mentality to unresolved issues, conducted within the context of rules of evidence. As a discipline, it encompasses financial expertise, fraud knowledge and a sound knowledge and understanding of business reality and the working of the legal system" (Ramaswamy, 2005, p.69).
Although this implies that the forensic accountant and auditors have different roles, knowledge and skills, forensic accountants are viewed as a combination of an auditor and private investigator. Traditional auditing has a focus on error identification and prevention whilst forensic accounting is focused on fraud identification. Gray (2008).
When considering fraud, forensic accountants and auditors need to distinguish between asset-theft fraud and financial statement fraud. Buckhoff (2008) defines asset-theft fraud as the use of one's occupation for personal gain through the deliberate misuse or theft of the employer's resources or assets. Whereas, financial statement fraud can be described as the deliberate misrepresentation or omissions of amounts or disclosures in the financial statements in order to deceive financial statement users. As asset-theft usually falls outside the scope of a traditional financial statement audit it is highly unlikely that an auditor will discover any incidences of this type of fraud.
Ramaswamy (2007) suggested that the best way to control fraud is prevention and recommended two ways to achieve this;
1. Creating the right environment in an organization by making the right hiring choices, and disseminating a well-understood code of conduct
2. Eliminating opportunities for fraud by installing a good system of internal controls
The increasing levels of legal, regulatory and economic reporting companies are now faced with provides opportunities for forensic accountants to make a significant contribution outside of the traditional fraud investigation area. Forensic accounting engagements can be extended to complement the functions of both the internal audit and external audit. Forensic engagements can include;
Corporate governance - formulate and establish corporate governance policy that ensures an appropriate mix of management and independent directors on the board.
Fraud prevention - establish an efficient internal control system.
Creating a positive work environment - A good fraud prevention program also accompanies a positive work environment where highly motivated employees are not tempted to abuse their responsibilities. It is also necessary to have well-defined hiring policies that result in honest, well-qualified employees.
Vigilant oversight - Information gathered as a result of monitoring can be used to readjust and reformulate governance, ethics, and control policies.
Establishing consequences - Create policies that clearly state the company's intent to take action against any criminal activities, and that such action will apply to all levels of employees.
Auditors cannot be held responsible for uncovering all types of fraud. Collusive frauds and other intricate schemes are very difficult to uncover. This does not however give auditors an excuse to refrain from looking for fraud. Developing the right mindset, embedding forensic procedures, and asking about fraud all increase the auditor's chances of finding it. Unfortunately, auditors are not trained to do these things so will need to work more closely with forensic accountants to ensure future audits comply with new auditing standards. Unfortunately, the expectation gap between the public and auditors will widen thanks mainly to the introduction of new auditing standards such as SAS240.
Good corporate governance is also paramount to reducing fraud risk. One of the many lessons learnt from recent corporate collapses is a need to monitor management to prevent shirking and other opportunistic behaviour. Conflicts of interest short-circuited internal control mechanisms and the lack of audit independence all contributed to some of the worst corporate failures on record.