The effort begins with a tone at the top that promotes an ethical culture, a tone set by the CEO and management, reinforced by boards, audit committees, and internal auditors, and enhanced with the knowledge and presence of external auditors.
The effort requires the exercise of healthy skepticism up and down the financial reporting supply chain. Ultimately, it is the responsibility of all the players in an organization to know their roles in delivering high-quality financial reporting, to be part of the financial reporting supply chain’s “deep defense” in deterring and detecting financial reporting fraud, and to perform those roles to the best of their abilities.
To effectively conduct an audit of an organization’s financial statements, an external auditor should have a thorough understanding of an organization and its industry to evaluate whether the results suggest that a fraud risk exists. The external auditor should know how to assess fraud risk, including the risk of management override of controls, and how to respond to identified risks. In accounts or assertions with lower risk of material misstatement, less evidence and documentation may be required, while accounts or assertions where higher risk factors are present demand more rigorous examination of evidence.
What is most helpful to aid the external audit is to train staff to use characteristics of skepticism. While some individuals are more naturally disposed toward skepticism, research shows that individuals can be trained to employ professional skepticism.
What is skepticism?
Throughout the audit process, auditing standards call for external auditors to exercise professional skepticism, defined by the auditing standards as “an attitude that includes a questioning mind and a critical assessment of audit evidence.” External auditors are required by professional standards to be alert for information that suggests material errors in the financial misstatements, and must exercise skepticism when considering the possibility that there may be a material misstatement of the financials due to fraud. External auditors must also apply professional skepticism when they consider the risk that management may override internal controls, and take that risk into account when formulating judgments about the nature and extent of audit testing.
PCAOB’s Practice Alert No. 10 Maintaining and Applying Professional Skepticism in Audits, reminds auditors of their obligation to exercise professional skepticism throughout the audit, and suggests skepticism is “particularly important” in the following circumstances:
- Significant management judgments
- Transactions outside the normal course of business, such as nonrecurring reserves, financing transactions, and related-party transactions that might be motivated solely, or in large measure, by an expected or desired accounting outcome
- The auditor’s consideration of fraud
To properly exercise skepticism, in addition to diligently pursuing sufficient appropriate audit evidence, an external auditor can employ effective interview and inquiry techniques, including how to evaluate nonverbal communications.
External auditors also should be familiar with judgment biases and other threats to skepticism.
Cognitive biases have their place. Without them, decisions can fall victim to the inefficiency of “analysis paralysis.” However, when not kept in check, judgment biases can lead to bad decisions and to overlooking possible indications of fraud. A delicate balance is required. The first step in striking that balance is awareness.
What are some common threats to skepticism?
There is research that identifies threats to professional skepticism and ways in which such threats can be mitigated. One threat is a lack of vigilance about possible sources of bias in judgment. While everyone uses shortcuts to facilitate forming judgments or making decisions, it is important to be aware of the potential for cognitive shortcuts that can lead to poor decisions. When an individual fails to notice financial reporting irregularities, it could be because he or she fell into one of the several common judgment traps. Following is a list of 4 most common judgment tendencies with strategies suggested to help avoid these and mitigate bias:
- Confirmation: The tendency to put more weight on information that is consistent with initial beliefs or preferences.
Solution: *Make the opposing case and consider alternative explanations. *Consider potentially disconfirming or conflicting information. - Overconfidence: The tendency to overestimate one’s own ability to perform tasks or to make accurate assessments of risks or other judgments and decisions.
Solution: *Challenge opinions and experts. *Challenge underlying assumptions. - Anchoring: The tendency to make assessments by starting from an initial value and then adjusting insufficiently away from that initial value.
Solution: *Solicit input from others. *Consider management bias, including the potential for fraud or material misstatements. - Availability: The tendency to consider information that is easily retrievable or what’s easily accessible as being more likely or more relevant.
Solution: *Consider why something comes to mind. *Obtain and consider objective data. *Consult with others and make the opposing case.
Judgment biases are not the only threat to the exercise of skepticism. Threats exist at every level of the financial reporting supply chain. For example, the individual might face deadline pressure, pressure to please one’s boss or client, or lack of experience in significant accounting estimates. These threats can be mitigated, but the first step is clear-eyed acknowledgment that the threats exist. Understanding the importance of skepticism is a vital part of ensure the success of both the internal and external audits.
The role and responsibility of the external auditor defined:
The primary responsibility of the independent external auditor is to provide an opinion on an organization’s annual financial statements. The opinion is intended to provide reasonable assurance that the financial statements are presented fairly in all material respects. Most large companies (i.e., those with over $75 million in public float), are also required to have their external auditor report on the effectiveness of the company’s internal control over financial reporting. External auditors are engaged by, and report directly to, the audit committee, but they often have contact across many parts of an organization’s operations, and can garner valuable insights not only about controls, but also about an organization’s culture. In addition, their work across multiple companies endows external auditors with useful perspectives.
Professional standards require the external auditor in a financial statement audit to understand the company’s system of internal control as part of the audit planning process. This understanding includes consideration of the tone at the top and overall corporate culture, and incentives or pressures that may impel fraudulent financial reporting. The auditor considers factors such as management’s philosophy and operating style (including the integrity and ethical values practiced by management), the company’s commitment to competence, the effectiveness of the board and audit committee’s oversight, and the company’s human resource policies and practices (including compensation arrangements). All of these factors contribute to the auditor’s risk assessment of the company.
Communications
The more an external auditor engages, and engages effectively, with various members of management throughout an organization, the better the audit design and results. In obtaining information, face-to-face meetings encourage open discussion and the opportunity to assess nonverbal communications. Early in the engagement, auditing standards require the external auditor to brainstorm about possible fraud risks. Topics for brainstorming include:
- How and where the engagement team believes a company’s financial statements could be susceptible to material misstatement due to fraud
- How management could perpetrate and conceal fraudulent financial reporting
- How assets of the company could be misappropriated
- The importance of maintaining the proper state of mind throughout the audit regarding the potential for material misstatement due to fraud
Other factors that the external auditor may consider as part of its risk assessment include the following:
- Communications and training programs, including the tools that help each level of management reinforce the desired messages with its direct reports
- Incentives or pressures that may exist for management to engage in fraudulent financial reporting
- Management’s fraud risk assessment and results of testing of internal controls
The board and audit committee can leverage the external auditor’s fraud risk assessment to ask questions of management.
Transparent, open, two-way communications between the external auditor and the audit committee are vital, and is it is necessary for all parties involved to employ an attitude of skepticism.
Transparent, open, two-way communications between the external auditor and the audit committee are vital, and is it is necessary for all parties involved to employ an attitude of skepticism.
--------------------
READ MORE>> thecaq.org: The Fraud-Resistant Organization
Call GBC Income Tax Services today at 678-366-9232 for all your tax and IRS needs!
--------------------------------------------------
READ MORE--------------------------------------------------