Audit Fraud: The Confirmation Angleby
Sponsored Content from Confirmation.com: AccountingWEB takes a look at confirmations in audit engagements, how they can serve as a doorway to fraud, and what you can do about it. Today, auditors have to fight fire with fire.
Auditing is more than complicated—it's always changing. That's probably truer now than it's ever been. Technologies that barely existed a quarter-century ago now can hide general mismanagement and outright fraud on a scale undreamed of by old-school auditors. Fortunately, technology has also put some new arrows in the auditor's quiver, and these can be of particular use with audit confirmations. Confirmations have always been a problematic and time-consuming issue for auditors, especially as their misuse can lead to fraud. But it doesn't have to be that way anymore.
On the surface, confirmations appear to be a straightforward: There are bank statements, receivable and payable statements, and insurance documents for example—any third-party validation required by the auditor. Traditionally, confirmations were mailed, but over the years electronic confirmations have become the norm. This is a more efficient way to perform audits, but electronic documents are more prone to fraud.
People can easily create fake emails and websites to trick auditors. "Those are more prevalent today and we see more every year", says Brian Fox, president and founder of Confirmation.com.
How to Prevent Confirmation Fraud
AU 505, the AICPA auditing standard that covers confirmations, states that auditors have to send receivables confirmations. "And it's best practice to send other types, such as legal representation letters and bank confirmations", Fox says. "How you do it is up to you, but the standards lay out the framework for controlling the process, validating that the entity is what it says it is and validating that the responder is authorized on behalf of that entity."
It's not unusual for relationship managers to receive audit confirmation requests asking them to respond. However, as Fox explains, this should be avoided. As he says",I define 'relationship manager' as someone who has a face-to-face relationship with the company being audited. They should never respond to an audit confirmation. When a confirmation is mailed to a valid address, we see 100 percent of the time that relationship managers are the ones who respond with fraudulent information because they have been bribed."
To prevent these problems, Fox advises that auditors keep three things in mind: controlling the process, validating the entity and verifying that the responder is authorized to respond. "If you miss one of those three, you will get caught in a fraud at some point."
Today, technology can not only create documents to look legitimate and accurate, but also fake emails and websites to fool auditors, However there are proactive measures that are available. Services like Confirmation.com validate all the parties involved in the process, providing a clearinghouse for secure electronic audit confirmations; they facilitate the process without actually being a participant in the confirmation process.
He compares the firm to online auction-site eBay, which brings buyers and sellers together rather than buying or selling its own products. "We are the cloud-based technology that both parties go to for the online service." The result is a more efficient process for auditors; electronic confirmations can be processed in a day or two, rather than weeks.
Another perk of the service is that much of technology won't be new to the audit staff who use it. Fox points out that it's typically interns and staffers just out of college who handle the confirmations. "These young professionals are so computer savvy that they don't understand why anyone ever mailed anything in the first place."
Eventually, it's not even going to be a choice anymore: There will always be audits, and these audits will require confirmations. Auditors will have to work with electronic confirmations because the paper trail is now an electronic trail. In the future, only more firms will jump on the electronic confirmation bandwagon for its efficiency and security aspects.
Terry Sheridan is an award-winning journalist who has covered real estate, mortgage finance, health care, insurance, personal finance, and accounting and taxation issues for newspapers, magazines, and websites. A Chicago native and former South Florida resident, she now lives in New England.