Fraud, and in particular financial reporting fraud, costs investors huge sums each year.  The headline cases – Enron, WorldCom, Adelphia, Parmalat – are widely reported and become MBA class case studies, but fraud is far more pervasive than these isolated major events suggest.  The Association of Certified Fraud Examiners (ACFE) publishes its biennial study, Report to the Nations, which regularly reminds us that businesses, on average, lose as much as 6% of revenues to various forms of fraud, of which financial reporting fraud probably accounts for about half, impacting privately held companies as well as “issuers” having public investors.

Auditors have always been seen as providing assurances regarding the absence of material amounts of fraud, but the public accounting profession historically eschewed such responsibility, even scrupulously avoiding using the term “fraud” – instead employing the euphemism “irregularities” to differentiate intentional misrepresentations from truly accidental “errors.”  Auditing standards and frequent explanatory pronouncements instructed that fraud, particularly collusive fraud, could not dependably be unearthed by routine audits.

The public didn’t quite buy that self-serving attempt at clarification, even as a major effort at educating users of financial statement information occurred in the late 1980s, when the AICPA’s Auditing Standards Board issued a set of so-called “expectation gap standards” – a failed effort at convincing shareholders and others that high-priced audits of their investee companies couldn’t really be expected to do much.

In fairness, detecting fraud has never been a simple task.  Of course, once uncovered, even the marquee frauds that persisted for years, even decades, are obvious in hindsight, and in fact many should have been identified long before they eventually came to light – embarrassingly, almost never by virtue of external auditors’ discoveries, but rather either by actions of inside whistle-blowers, or when the targeted enterprises ultimately faced financial crises that could no longer be covered up.  On the other hand, it appears that the profession has spent far too much time and effort attempting (unsuccessfully) to educate the public to its lack of obligations regarding fraud, and far too little time attempting to improve auditors’ fraud-finding skills and tools.

SEC Increases Focus on Financial Reporting Fraud

Several projects provide a glimmer of hope that this may be remedied in the near to intermediate term, however.  The SEC’s Enforcement Division’s Financial Reporting and Audit Task Force (‘Task Force’), and the SEC’s Center for Risk and Quantitative Analytics (‘Center’), each formed in 2013, are attempting, inter alia, to develop tools that would more timely flag likely financial reporting frauds.

It is to be hoped that these tools, once developed, will be shared with the auditing profession, and equally to be hoped that, if that is done, these tools will be embraced enthusiastically by CPAs, which will serve the public interest by applying an ounce of prevention in lieu of the need for a pound of cure.

According to the SEC, the Task Force is to focus on identifying and exploring areas susceptible to fraudulent financial reporting, including on-going review of financial statement restatements and revisions, analysis of performance trends by industry, and use of technology-based tools such as the Accounting Quality Model (‘Model’).

The prospect for a Model is a tantalizing one; academics and some practitioners have long sought such a gauge of audit quality, both to flag audits that might have overlooked actual frauds, and to make public accounting firms better able to cite practices that will counter negligence claims when defending against private sector litigation and SEC complaints.  Although certain changes to commercial audit practice have been made over the past forty years, such as mandatory peer reviews, second partner reviews for public company audits, and firm quality control practices, these have seemingly not done enough to stem the tide of fraud.

The SEC’s Center will support and coordinate the Enforcement Division’s risk identification, risk assessment and data analytic activities by identifying risks and threats that could harm investors, and assist in conducting risk-based investigations and developing methods of monitoring for signs of possible malfeasance.  These undertakings will complement the work of the Task Force, and together these hold the promise of significant evolutionary advancements to the art of auditing, when and if disseminated to the profession.

Data Analytics as a Tool to Reduce Financial Reporting Fraud

These fraud prevention initiatives are to be applauded by both investors and the auditing profession.  In the author’s observation, the major area of audit practice that promises improvements in both audit efficiency and effectiveness, including regarding fraud detection, would be the development and application of sophisticated (and even simple!) analytical procedures.

Auditing standards have demanded the application of analytical procedures during the planning and final review phases of all audits since the late 1980s, and certain firms had long touted their proprietary analytical procedures for as long as thirty years before this profession-wide mandate was imposed.  Nonetheless, these have often been of the perfunctory “last year vs. this year” variety, which are of obviously limited value, since exogenous factors (economic recessions, new product and service offerings, et al.) can provide “false positives” regarding changes, and longstanding fraud schemes can result in consistent, but wrong, financial reporting analyticals.

Indeed, existing audit standards demand that simplistic analyticals be foregone, and that auditors first construct “expectations” based on knowledge about the client, its industry(ies), distribution channels, customer and vendor bases, and various externally imposed social, economic, regulatory, and other factors, to then compare to client-provided data, in an effort to find anomalies that could imply errors, if not actual fraud.  In the author’s experience, this has rarely, if ever, been operationalized in meaningful ways.

The Task Force and Center initiatives hopefully may also stimulate new research attention by the profession itself, including by academicians, to supplement what the SEC may accomplish.  Taken together, these may finally result in a complement of more effective auditing tools and techniques that will, at long last, permit the profession to demonstrate the fraud detection proficiency long demanded of it.

December, 2014

About the Author. Barry Jay Epstein is an international accounting expert and a principal with Epstein + Nach LLC, a consulting firm concentrating in forensic accounting, technical consultations, engagement quality control review (EQCR), internal inspections, and training for accountants and auditors. He has more than 40 years of experience as an accountant, auditor, lecturer, writer and financial executive. Dr. Epstein specializes in the areas of white-collar defense, financial reporting, fraud and securities litigation, accountant liability and accountant malpractice. He also advises preparers and auditors on technical matters involving U.S. GAAP, U.S. GAAS, and IFRS. He can be reached at barry.epstein@epsteinnach.com or 312-525-8367.

NOTE: Readers of this article may also be interested in related articles and white papers published by Dr. Epstein. Click on a link below to read more: