Why don’t auditors find fraud?

May 6, 2024

Regulators have put forward a series of proposals to clarify and extend responsibilities to spot wrongdoing

For decades, investors have lamented how rarely external auditors uncover corporate fraud. From Enron to Wirecard, the cry after each scandal is, where were the auditors? The Association of Certified Fraud Examiners’ biennial report on how workplace fraud gets detected has typically shown auditors are the ones uncovering the wrongdoing only 4 per cent of the time.

Bad news. The latest report out a few weeks ago said the number is down to 3 per cent. Whistleblower hotlines and other internal controls may have helped some companies themselves discover some malfeasance earlier, but what about when management is the perpetrator or a corporate culture is rotten? A survey of investors by the Center for Audit Quality, a trade group for large accounting firms, found that 57 per cent thought the current system “frequently” failed to detect illegal acts.

Regulators fear auditors are failing in their role as a last line of defence for investors against corporate shenanigans. Audit firms argue that company executives are responsible for the accuracy of financial statements and that the role of an auditor role is only to provide reasonable assurance — not a guarantee — that a financial statement is free from material misstatement.

It is an argument that has prompted the US Securities and Exchange Commission’s chief accountant, Paul Munter, to exclaim to me on more than one occasion that he is fed up hearing from auditors what they do not do.

But a series of proposals to clarify and extend auditors’ responsibilities has now been made. In the US, the Public Company Accounting Oversight Board is revamping rules on how auditors must look for and deal with evidence of a client’s non-compliance with laws and regulations (Noclar, in the jargon). The intent is to force auditors to cast a wider net for matters that could have a material effect on a company’s financials, even indirectly by leading to big fines or regulatory action that threatens the business.

Audit firms have responded that they cannot be expected to make legal judgments, and that the huge amount of extra work implied by the Noclar proposal as currently drafted probably will not uncover anything significant that current procedures do not already.

A narrower proposal in the UK — which says auditors do not have to probe every minor law or regulation, and can use management’s own compliance programmes as a starting point — has elicited almost as thunderous a set of comment letters in opposition.

The latest move is by the International Auditing and Assurance Standards Board, which sets rules that are used as a template by scores of countries around the world. It has proposed strengthening standards on fraud detection to emphasise that auditors must look for financial misstatements that might not be “quantitatively material” but which might be “qualitatively material”, depending on who instigated the fraud and why it was perpetrated.

The emergence of all these proposals is no coincidence, and it is not as if audit firms themselves do not see room for improvement. PwC last year promised it would overhaul its fraud detection procedures and probe its clients’ whistleblower programmes more closely, among other reforms to boost audit quality. PwC boss Tim Ryan tried and failed to get all the Big Four firms to make a common pledge on these issues.

Other leaders still talk of an “expectations gap” between what investors want an audit to be and what it really is, as if it is the investors that need to be educated instead of the profession that needs to change.

An alternative response to some of the current proposals would embrace them to strengthen the hand of auditors. They provide new justification to pry open clients’ businesses, push back on hostile finance chiefs and chief executives, and flag more matters of concern to directors, to investors or to the authorities — to follow through on the professional scepticism that is supposed to be at the heart of the auditors’ creed. There is room for agreement, even on the contentious Noclar proposal.

Better still for auditors, there is evidence investors are willing to pay for a more robust service. The CAQ survey showed a majority would support auditors charging an additional 20 per cent or more to cover the extra work of rooting out non-compliance.

A high-quality audit is sometimes called a “credence good”, because its value is difficult to calculate. But, as the shareholders of Enron, Wirecard and countless others will tell you, the cost of a bad audit can be so much more.

[The Financial Times]