As a Certified Public Accountant (CPA) who began his career as an auditor, I thought at the time that I stepped into the world of financial forensics I was prepared to embark on a career as a financial fraud auditor and expert. After all, numbers are numbers; they don’t lie or misrepresent themselves. Or so I thought.
It’s easy to define a financial audit and the role of an auditor. That is not so for a fraud or forensic accountant. While they overlap in function, they diverge in objectives. The objective of a financial audit is to provide reasonable assurance that financial statements are free from material misstatement and to design procedures that will detect any that might be present. Conversely, the role of a forensic (or fraud) auditor is generally to develop factual information from testimony, documents, connections, etc. that enable the forensic investigator to assess causation and loss or damage based on the examination of that evidence and to provide recommendations for future deterrence. A financial auditor’s relationship with his/her client is not adversarial. This is not so for the forensic or fraud auditor.
Financial Auditor
Since a financial auditor’s role is to provide reasonable assurance that financial statements are free of material misstatements, auditors only concern themselves with deterrence to the extent it entails the possibility of fraud. Generally Accepted Auditing Standards (GAAS) are codified and express the principles that create the framework and roadmap for achieving this goal. Only a CPA can issue an audit opinion.
While most users of financial statements look to the audit opinion as validation of the numbers contained in those statements, this does require the auditors’ assurance that that the financial statements are free of material misstatement, whether or not caused by fraud. The obvious implication is that the auditor has a duty to look for fraud by designing appropriate audit procedures that would detect fraud if any exists, after study and evaluation of fraud risk factors and internal control environment and processes.[1] The auditor uses his/her best judgment to accomplish the objective of ascertaining that the financial statements are free of material misstatements due to fraud both during the planning stages of the audit (in the design of audit procedures) and throughout the course of the audit through inquiry and analysis of available and appropriate audit evidence. The audit opinion is not based on specific findings (with certain exceptions such as departures from Generally Accepted Accounting Principles (GAAP) and the ability of the subject entity to continue as a going concern), but rather on the financial statements taken as a whole.
Thus, it should be clear that the objective of a financial statement audit is not focused on the detection of fraud specifically, but on obtaining reasonable comfort that, if fraud exists, it will be detected through planning, assessment and testing. GAAS does not place an absolute obligation on the auditor to find fraud; rather, it requires a framework that would detect fraud in the design of audit procedures and overall conduct of the audit. In fact, in outlining the responsibilities of the auditor, GAAS acknowledges the inherent limitations of auditor detection (AU-C 240.05). Unfortunately, ambiguity persists on this point. Many hotly disputed lawsuits against auditors have addressed this conceptual framework, which underscores the lack of clearly defined rule-based guidance in this area.
Forensic Accounting Investigators
In contrast to a financial auditor, a forensic accountant’s role is generally targeted and specific as to a suspected or known impropriety. As noted, financial auditors generally concern themselves with deterrence only to the extent that the lack of such deterrence indicates the possibility of fraud. While the basic toolkit of the financial and forensic accountant may look the same, its deployment is often different. A forensic or fraud accountant’s investigation is triggered not by the desire for overall assurance that financial reporting is accurate, but rather by a distinct suspicion of a fraud, or the description and quantification of the cause and impact of an identified fraud. This can be necessitated by numerous triggers (sometimes related, but often not) to fairness of presentation of an entity’s financial statements.
In some cases, the activities of the financial accountant and the forensic accountant can overlap. For example, this can occur in conjunction with claims alleged against the financial auditor for not discovering a fraud or error that resulted in material misstatements of the financial statements. In those cases, the forensic accountant would be tasked with investigating and identifying whether the auditor failed to properly plan and execute the audit of those financial statements as specified by GAAS standards and quantify the resulting damages.
A plethora of strategic and practical considerations affect the course of conduct of the forensic accountant, including maintenance of confidentiality of work product,[2] protecting sources, preserving evidence and guarding against despoliation of evidence, avoiding rabbit holes that lead nowhere, recognition of likely sources of evidence supporting the investigation, and the intended ultimate disposition of the forensic accountant’s work product.
The fraud accountant’s approach is necessarily distinct from that of the financial auditor. Most significant is that fraud audits are typically reactive to a situation, which is inconsistent with the collaborative approach that a financial auditor has with a client and management. This creates a tension where the fraud accountant generally must conduct an investigation that avoids alerting those that may be complicit in the fraud itself. Further complicating the task is that those persons or entities in the position of ownership or management are often central to the events and issues under investigation, which are often the very same persons or entities that have the most influence or capacity to conceal any irregularities in the first place. Consequently, in those situations where a suspected fraud is ongoing, the forensic accountant must design procedures that avoid alerting a known or unknown “bad actor,” but that can, at the same time, obtain information and evidence from the same sources with the greatest incentive to conceal it.
The forensic accountant must also consider the ultimate disposition of the matter(s) being investigated and how his or her work product, communications and potential testimony will affect the case. In such matters, he or she generally takes direction from legal counsel. The structure of the forensic accountant’s work and its documentation generally cannot be predicted with the same degree of confidence as that of a financial auditor. Moreover, a forensic accountant should assume that his or her work will be scrutinized and challenged during the investigation or trial, in contrast to that of a financial auditor.
The planning, investigation and reporting phases of an engagement for a forensic accountant are not guided by the same standards applicable to an auditor’s conduct of the examination of a financial statement. Although some overlap exists in the ethical and other standards of the forensic accountant’s certification obligations, the principles of GAAS generally do not apply other than to provide guidance where appropriate. This leaves the forensic accountant with broader discretion to determine the scope, process and methodology of the engagement. While these elements can be targeted, they do not address the overall limitations of a forensic investigation — because acts of fraud are normally designed to avoid detection. What they do provide is the ability to focus on the actual dispute by applying the forensic accountant’s investigative and analytical skills for resolving financial issues that meet standards required by courts of law. These include skills and experience in accounting, auditing, finance, quantitative methods, pertinent areas of the law, and research and investigative expertise as needed to collect, analyze and evaluate relevant evidence and to interpret and communicate findings.[3]
Conclusion
The notion that a “clean opinion” on audited financial statements issued by a CPA provides assurance that fraud, defalcations or criminal acts did not occur is not something one can take to the bank. As noted, even if GAAS has been properly applied, the possibility of fraudulent activity is always present and may go undetected, even in the face of a hypothetical “perfect audit.” The role of a financial auditor in uncovering fraud does not provide absolute assurance that it doesn’t exist, nor are there prescribed procedures that the financial auditor is required to apply or that are applied in practice. The nature, timing and extent of such audit procedures, as well as the evaluation of the effectiveness of control systems designed (or circumvented), is left to the judgment of the auditor and are therefore necessarily imperfect. The role of the forensic accountant generally comes into play after the fact. The determination of the cause of the fraud, defalcation or criminal act and its consequences triggers a broad and quite distinct array of techniques, processes and objectives.
[1] U.S. Auditing Standards – AICPA (Clarified) – (AU-C) Section 240.
[2] This protection is not available to the financial auditor.
[3] Wikipedia.org.