By Jason Bramwell
A recent report from the Anti-Fraud Collaboration
revealed that financial executives, internal auditors, external auditors, and board/audit committee members differ as to who is responsible for detecting and preventing financial statement fraud.
- Who has the primary responsibility for deterring financial reporting fraud.
- How confident each group is in its ability to detect material misstatements.
- Whether each party appropriately strikes the balance between trust and skepticism.
The results of a recent survey, which provided the basis for an in-depth roundtable discussion between Anti-Fraud Collaboration board members that was held April 24, 2013, is included in the report, which concluded that each group in the financial reporting chain has an important role to play.
"It's everyone's role to be part of deterring and detecting financial reporting fraud, and how you carry that out depends on where you sit and your experience," FEI President and CEO Marie Hollein said during the roundtable discussion.
While the vast majority of survey respondents (87 percent) indicated that financial executives had primary responsibility for deterring financial reporting fraud, external auditors (20 percent) were most likely than the other financial reporting supply chain members to suggest that board/audit committee members are primarily responsible.
When it came to detecting fraud, respondents were more likely to identify financial management (52 percent) as having the primary role. Thirty-one percent of respondents cited internal auditors as having primary responsibility, 6 percent believe the board/audit committee members are responsible, and 12 percent place primary responsibility for fraud detection on external auditors.
The vast majority of board members (96 percent) are confident that the other three groups are able to identify a potential material misstatement due to fraud. Most board members (75 percent) are also confident in their own ability to identify material misstatements, although that belief is shared significantly less so by the other groups. For example, only 36 percent of internal auditors are confident in the board's ability.
Although both external and internal auditors identified skepticism as key to performing their functions, less than half of internal auditors (46 percent) said they strike the right balance between trust and skepticism. By contrast, the majority of external auditors (70 percent) reported having an appropriate balance.
"The roundtable discussions provided a unique opportunity to get all of the players of the financial reporting chain together in one room. To have the best chance of reducing the occurrence of financial statement fraud, everyone must understand their respective roles," IIA President and CEO Richard Chambers said in a written statement. "I think the big takeaway here is that communication is key."
Separate breakout discussions at the April roundtable voiced communication as a common theme. Audit committee representatives conveyed that an open and honest dialogue with both external and internal auditors is essential to help them determine whether management is doing the right thing. Both audit committee representatives and internal and external auditors emphasized the importance of candid conversation outside of formal meetings. Through this dialogue, audit committees can seek information from internal and external auditors about their true areas of concern.
According to the report, what remains a challenge is closing the gap between what the audit committee expects and what is realistic in terms of internal and external auditors' ability to deter and detect fraud. In many cases, this topic is not a primary focus of boards and senior management; however, participants believed that it would be beneficial to have more frequent and robust conversations with the audit committee on fraud deterrence and detection. Through clear communication about their various roles, the players in the financial reporting supply chain can operate well together to achieve their common objective: to deter and detect fraud in financial statement reporting.
Defining Their Respective Roles
The report also highlighted the roles each of the four groups play in detecting and deterring financial statement fraud.
Financial executives: Roundtable participants agreed that financial executives are responsible for designing processes and procedures and monitoring their effectiveness. Although financial executives are perceived as having the primary responsibility in deterring and detecting financial reporting fraud, concern was raised that when material fraud occurs, management is often involved. This concern highlighted the need for an effective oversight function and active communication by which the audit committee (through internal audit) can be made aware of concerns around fraud and management's potential involvement.
Internal auditors: The role of the internal audit depends on how the organization utilizes it. The function can have a broad scope in an organization that extends beyond financial reporting controls. Participants emphasized the importance of objectivity for both internal and external audits to provide unbiased information to the audit committee, but some also acknowledged potential or perceived conflicts of interest in this area.
External auditors: Expectations for external auditors varied widely. The external audit's approach may vary from one organization to the next, depending on the auditor's assessment of the risk of fraud in the organization. Some participants believed external auditors are best equipped to identify material financial statement fraud because of their financial reporting audit procedures.
Board/audit committee members: When looking at how board/audit committee members affect the deterrence and detection of financial statement reporting fraud, there was a consensus that the governance role they play makes all groups aware of expectations and sets the "tone at the top." The following were the three most frequently stated expectations of audit committee members:
- Have knowledge of the industry.
- Be financially literate.
- Ask challenging questions of management when reviewing financial statements.
Some participants believed the audit committee should engage management several layers down to help determine whether internal auditors, external auditors, and the financial reporting team are qualified.