Auditor’s Duties on Discovering Fraud — History and Practices (1)
From the perspective of the public, auditors are responsible for identifying material misstatement and providing “reasonable assurance” on the financial reports issued by the company.
The public’s perception of auditors’ responsibility was already mentioned in a legal case more than one century ago. In ln re London and General Bank (No.2) 2 Ch.673, the judge stated that the auditors’ responsibility should include discovering and reporting the management fraud, implying that detecting the fraud is a part of auditors’ duties.
Until the issuance of nine new standards (SAS no.53–61), by the U.S. auditing standards board in 1987, the auditors’ responsibility was extended to detect and report errors and irregularities. These standards defined the extended scope of auditing, discussed the potential characteristics of fraud firms and provided some guidance for more effective audits.
After the Enron’s scandal, AICPA issued the SAS No.99 to require auditors to follow guidelines to brainstorm about the possibility of fraud in their clients, inquiry the management about the risk of fraud, extend testing areas to what the management might not test and examine whether the management could override the internal control.
After the tightened regulation on audit industry, the public’s increasing expectation leads auditors to have a greater concern for the potential reputation and litigation risk. This also changed the nature of professional skepticism from “neutrality towards presumptive doubt”.
In the large multinational audit firms, they changed their audit methodology to incorporate SAS No.99 and SOX into their practices. The auditors now are required to investigate the client’s external and internal business environments, such as industrial regulation, business process,
company policies, internal controls and MD&A.
This approach would help auditors to obtain a full picture of the audited target, so auditors could identify the business procedures and most particularly determine the potential threats of fraud in these business processes.
In the next part, fraud risk assessment and fraud detection in audit
practices would be discussed. For any comments, please feel free to leave it here or drop me an email at firstname.lastname@example.org .