|← Wal-Mart: External/Internal Factors||Leadership →|
Buy custom Auditor Responsibilities to Investors and Client essay
In the recent past, the number of law suits against the auditor has increased substantially. Investors have relied on auditor’s opinion to make their investment decisions. Big public owned companies have collapsed and the investors have blamed their losses on the auditor. There is an increase in the rate of management related frauds. In all these situations where does the auditor stand? Does the auditor owe a responsibility to the management who pay him, or to the shareholder, who is the real owner of the business? These are the issues that will be addressed in this research.
Context of the Problem
American Institute of Certified Public Accountants (AICPA) promulgated the Statement on Auditing Standards (SAS) No. 99 to provide auditors guidance in planning and performing their audits in order to obtain reasonable assurance about whether a financial statement is free of material misstatement caused by error or fraud (AICPA 2002).
There is an expectation gap between accounting profession’s perception of its attestation responsibilities and the general public view that auditors are responsible for detecting management fraud (McEnroe & Martens, 2001, USDA 2008). Knapp, (2008) asserted that “SAS No. 99 (AICPA 2002) and Public Company Accounting Oversight Board (PCAOB) Auditing Standard 2, has brought more attention to the auditor's responsibility to uncover the warning signs of fraud, but there is still some ambiguity about where the auditor's responsibility ends and the fraud examiner's begins.”
“The accounting profession was under fire. Throughout the long, hot summer, newspapers were filled with new details of a corporate accounting scandal. One of the largest, most respected companies in the United States had been caught inflating earnings and assets through blatant manipulation of the accounting rules. Thousands of investors and employees had suffered. Congressional hearings were called to examine and understand the fraud, and everyone asked, “Where were the auditors?” The accounting profession was under immense political pressure from reform-minded lawmakers, and the negative publicity surrounding the perceived audit failure cast all CPAs in the most unfavorable light. Sound familiar? The year was 1938 (AICPA 2009)”.
Public perception remain that auditors are neither protecting investors nor doing enough to detect fraud in client financial statements. The perception has led to litigations against public accounting firms for audit failures and their client fraudulent financial statements. In many instances where public accounting firms agreed to pay $335 million for failing to detect a half-billion-dollar revenue overstatement during an audit and an instance where another company sued its auditors for allegedly “failing to detect a $9 million embezzlement committed by the lender’s own president and chief executive officer (Knapp, 2008)”.
(Bostick, & Luehlfing, 2004) suggests that perhaps audits should be viewed as “weakness in auditing practices or failures by auditing profession” rather than viewing the audit itself as a failure. They argue that “When should audits described as failed be interpreted to imply the roles and responsibilities of auditors should be redefined?” (Bostick, & Luehlfing, 2004).
McEnroe & Martens (2001) suggest that SAS No. 99 has the potential to significantly improve audit quality, not just in detecting fraud, but also in detecting all material misstatements and improving the quality of the financial reporting process.
Statement of the problem
Examination of the Responsibility of Accountants/Auditors to their Clients and Third Parties: Field Evaluation of the Statement on Auditing Standard No. 82. While case studies and legal decisions suggest auditor responsibility to third parties is limited to parties in privity, public opinion remain that auditors be held responsible for audit failures. In Ultramares v. Touche et al. (1930), (as cited by Knapp, 2008 in the book Contemporary Auditing: Real Issues and Cases, p.374) a 3 to 2 precedent setting decision, justices of the New York appellate court affirming the decision stated: "One cannot issue an unqualified audit opinion and then disclaim responsibility." Dissenting justices however, inferred that auditors could not be held accountable for the failure of a public company based on an audit opinion. Justice Cardozo, New York Supreme Court, invoked the privity rule in rendering the final decision. Justice Cardozo decided auditor firm Touche was negligent but owed no duty to Ultramares as a third party to the audited financial statement (1930) (Knapp, 2008).
McEnroe and Martens (2001, p349) asserts that there exist an expectation gap on the perception of auditor responsibility to their client and investors. Auditor responsibility expectation gap arise from investors’ perception that an unqualified opinion represented that a financial statement is free of fraud or that the audited company, as a going concern, is financially sound. According to McEnroe and Martens (2001, p349), “users expect auditors to perform the following audit procedures in the attest function: penetrate into company affairs, engage in management surveillance, and detect illegal acts and/or fraud on the part of management.”
The study is meant to address the question; should investors full rely on auditor’s opinion in their investment decisions, and if not to what extent should they? It will address the extent to which a potential investor should rely on the external auditor’s opinion in decision making.
This main question will be addressed in the literature review on the role and responsibilities of auditors to their client and third parties in general.
What responsibility do auditors owe their client and third parties?
What role do management deceptions play in the ability of the auditor to detect fraud?
Who is the liable party for fraud in a financial statement?
What are the reasons behind the widening in the expectation gap?
What can be done to narrow down the expectation gap?
What has been the effect of the Sarbanes Oxley rules implementation in preventing fraud, for the management and also for the auditors?
Significance of the study
The accounting profession has always had trouble explaining to critics why an audit conducted in accordance with generally accepted auditing standards (GAAS) might fail to detect a material misstatement of financial statements caused by fraud (USDA, 2008).
The significance of this study is to assess why there is an expectation gap between what auditors perceive their role to be for an attestation and the public perception that auditors represent a watchdog that should be held liable for audit failures and fraudulent financial statements (McEnroe & Martens, 2001). The study will also explore case laws that addressed auditor liabilities. The precedent case law, Ultramares v. Touche et al. affirmed a lower court decision that there was no negligence on the part of the accounting firm although the audit quality was lacking. The case also established the rule of privity, and third parties not in privity may not commence litigation against a public accounting company for its audit opinion.
This study will also assess the effect and effectiveness of the Statement on Auditing Standards No. 99, Consideration of Fraud in a Financial Statement (AICPA 2002). SAS 99 requires the auditor to assess the risk of fraud in a financial statement by employing various analyses and engage in a brainstorming with other audit members to determine the existence of fraud. SAS 99 also requires auditor to utilize inquiries as a fraud detection tool. This study would also assess how management deceptions stymie auditor efforts in uncovering and reporting fraud.
Research design and methodology
This study will use qualitative approach using case studies, case laws, accounting profession pronouncements and secondary research from peer review literatures and journals to provide an understanding of how improved auditing skills could help the audit and auditor in detecting fraud. This study is predicated upon the Statement on Auditing Standards (SAS) No. 99, Consideration for Detecting Fraud in a Financial Statement and auditor responsibility to clients and third parties. The methodology would focus on review of auditor professional code of conduct and effect of client confidentiality and the ability of the auditor to disclose client-management malfeasance to third parties.
The research used primary and secondary data in gathering the required information that would lead to a successful and conclusive result. Quantitative research method was used in identifying the numerical figures, and in analyzing the effect of the changes in the rates of fraud after the recommended changes on the auditors and on the management’s responsibility were implemented. The data on the rates of fraud was also collected using quantitative research method. Qualitative research method was used in analyzing the fraudulent methods that are used, and in getting the information on the regulations that exist. Qualitative data was also used in finding out how the management kept away information from the auditor.
The research was based on examining the responsibilities of the accountant/ auditor to their client and third parties. The research will further examine the auditor responsibilities the auditor has to the investors and to the client. Quantitative and qualitative methods were used. This was to make sure that the research achieved the best results. Integrating the two methods has been recommended as the research will benefit from the advantages of both methods (Duval, 2005). The research used both primary and secondary collection methods to gather the information on the responsibilities of the auditor to the client and to the third parties.
Data collection methods
The results of the research will highly depend on the data collected. The collection of data will depend on the data collection methods. The data should be valid, relevant to the research, as well as accurate. The method selected should be economical but without affecting the quality of the research. The selection will highly depend on the type of research, the availability of resources monetary and in terms of personnel and time.
The researcher chose to use secondary data as it is data that is already available. It is therefore easier to use. If collected by the government and major regulatory boards, it becomes very reliable. It is cheaper to collect than the primary data. The research relied heavily on the data collected from several accounting bodies, the government and other professionals who have written and have had their articles published. However secondary data has several disadvantages. The data may not be suitability for the particular research. The data may not be valid and cannot be relied on and especially when the information’s source was from the internet.
After ascertaining that there were some unanswered questions for the research, the research decided to add data colleted from primary source. The primary source was to be used to confirm the findings from the secondary source.
In this case the research used primary method in collecting information from senior partners in the selected audit firms. Primary data collection method is preferred when there is no other information that can be gathered from existing research, or when the researcher wants to get the information first hand and that is specific for the purpose of the research. It however is expensive both in time and finances. Primary research methods include interview, observation focus group, questionnaires, direct interviews as well as telephone and email interviews (Duval, 2005). The researcher in this case preferred direct oral interviews, questionnaires, focus groups.
This was followed up with telephone and email correspondences. The interviewer chose on semi structured qualitative data during the interviewing process. The semi structured interviewing method is friendlier both for the interviewer and interviewee. The interviewer has a set of planned questions but with the flexibility to move away from following the plan, to allow for a smooth flow of communication. This creates and easy atmosphere for the interviewee. The interviewing process was directed on the audit personnel at various managerial levels. The interview was recorded and the transcripts properly stored to be used later in data analysis. Questionnaires were used to gather the opinion of the public and what their expectations were in relation to the auditors. The questionnaires were sent by post and others by email. This was necessary to save on cost and human resources. However there was a follow up through the phone, both on emails and by post.
The sampling methods used were both purposeful and random. Purposeful method which is used when the researcher has an idea of who would give the best results was used to sample on the senior partners in the big audit firms. Random sampling is used when there is a large population the researcher has to choose from. In this case it was used to sample members of the public to be interviewed.
The researcher used content data analysis method as well as thematic analysis methods. Content analysis is preferably used in analyzing trends and patterns in documents from articles. In thematic analysis, the research will first identify the main themes from the data collected. The researcher will assign codes to these themes and the interviewees responses are classified from these themes. The advantage with thematic analysis is the ease with which one can compare responses from the interviewees.
Perception of auditors and investors
A number of sources were used to conduct the literature review where the subject of auditor responsibilities to investors and clients was thoroughly addressed. The responsibility of the Auditors is at most times misinterpreted by the investors and shareholders (McEnroe & Martens, 2001) and this creates the main gap between the perception of auditors and investors. The gap can be viewed in two ways; in that the way public and investors know the responsibility of auditors, and what auditors carry out as their responsibility. The auditor’s opinion report is used by most stakeholders, investors included, who at one point will need to use the accounting information for an organization (Rezzaee, 2010).
Most of these stakeholders will rely on the auditor’s opinion report as they expect his report to be more reliable as he is expected and required by laws and regulations to be objective. This is what the stakeholders and the generl public will expect, an independent, reliable and accurate reporting on the organization’s financial statements (Dey, & Thomas, 2005).
The public and the investors will believe that the auditors report to be a clean bill of health. To what extent should the investors and the stakeholders rely on this report? Several financial scandals have led to various calls for at review of the auditor’s independence which affects the reliability of the auditor’s opinion report and to make it more reliable (Bronson et.al, 2010). The stakeholders have always believed that the auditors report should be totally relied on and this makes them have a total trust in it.
However, the auditor may fall short of this expectation by the public, as has been experienced in the past where external auditor’s independence was comprised. This difference in expectations between the public expectations and what the auditor actually delivers is what is known as the expectation gap (Jennings, Et al., 2003). The existence of the expectation gap was first highlighted by Liggio in 1974 as cited by (Martens, 2001 in the “Auditors' and Investors' Perceptions of the "Expectation Gap".) and various reports have supported that this gap still exists. In a survey on the several sides of the financial statements indicated that investors expect high levels of assurance from the auditor’s opinion on the financial statements. The gap is wider in the auditors’ responsibilities on detection and prevention of fraud and the maintenance of accounting records.
The proposed method for audit and financial checking of firms is given by Ayala, & Ibárgüen, (2006) who also give the performance expectations; the author defined the expectation gap as the difference between the performance expectation by the society and the performance expectation by the auditors. He highlighted two components that comprise the expectation gap, the reasonableness gap and the performance gap. The gap results from the public’s lack of understanding of the auditors limitations (Frank Et al. 2001).
What the public does not understand is that the auditor can perform an audit using the generally accepted auditing standards and without detecting an existing fraud. The public expectation of the auditors’ reports is taken like a guarantee in stability and that the audited organization has been given a 100 percent clean bill of health (Norris, & Liptak, 2010).
The debate on the expectations gap has recently been on the limelight and has increased in intensity after the accounting scandals (Enron, Tyco, Worldcom, etc.) in the last twenty years (Bassett, & Storrie, 2003). The expectations gap has contributed to the increase in the number of law suits against auditing firms.
To narrow down on the expectation gap, the auditor’s independence becomes fundamental. Proper ethics and integrity in whatever the auditors undertake will be crucial to narrow the gap (Bierstaker, 2010). Bierstaker, (2010) outlines the responsibilities that auditors are expected to perform by the Litigation Reform Act (1995). The report also takes in to account information which the investors and general public should be equipped with in order to handle the auditors reports with caution. Bierstaker, (2010) argues that educating the potential users on the nature and the limitations of the auditor’s report then risks of collapse are avoided in future. The auditor’s independence becomes foundation from which the audit is based on. Auditor’s independence refers to the auditor being independent from the influence of the management. The auditor’s independence and impartiality will determine the credibility of the auditors report (Clikeman, 2009). An independent report will be easily relied on by the investors, and this means that the public and the users of the financial statements will have confidence in the reports. This way, the auditor can independently safeguard the interests of several parties, and especially that of the investor (Bostick, & Luehlfing, 2004).
Clikeman, (2009) in the book “Called to Account” proposes that responsible audits on the part of the auditor will go along way in reducing the gap and building a mutual trust in the area. The auditors have stricter policies that they use before accepting a potential client, which at times lead to refusing to take high risk potential clients. Other audit firms have concentrated in emphasizing on more effective internal clients for the clients (McEnroe & Martens, 2001. In the USA the Public Company Accounting Oversight Board (PCAOB) was introduced to end the self regulation of auditing in the USA.
Is it the auditor’s responsibility to detect fraud? SAS no. 99 Consideration of Fraud in Financial Statement Audit provides guidance to the auditor on the responsibility of the auditor, relating to fraud and in accordance with the generally accepted auditing standards. “An auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement whether caused by error or fraud” AU section 110 of PCAOB’s SAS.
The International Auditing and Assurance Standards Board (IAASB) have International Auditing Standards 240 (ISA 240), the auditor’s responsibility to consider fraud in audit of financial statements (International Federation of Accountants, 2010). According to Bierstaker, (2010) auditing standards (including ISA240) have been changed in order to emphasize the auditor’s responsibility in detecting fraud. Does this mean that it is the auditor’s responsibility to detect fraud? Various studies e.g. Leung & Chau, 2001 have indicated that the public and most users believe that one of the reasons for an audit activity is to detect fraud.
The public says yes but the auditors differ on this view. A review on American auditing indicated that the audit is an activity whose intention is in part expected to detect financial misconduct (Frank, K.E., et. al. (2001). A report by PCAOB released in 2007 had some advice for the auditors on fraud detection. The PCAOB guideline on emphasizes on reasonable assurance but not total assurance. Auditors should however be responsible in that they must give clear information to the investors who are willing to risk their hard earned money in unforeseen circumstances (Byrnes, 2002).
The SOX Act of 2002 was implemented as a way to enhance more accountability by the management and more responsibility auditing (Murcia et.al, 2008). What has been its effect on preventing and detection of fraud? The SOX 404 requires that the management report on internal controls and the auditor to give an opinion of the controls. This has led to an establishment of continuous audit which has been regarded as an important tool in detecting fraud (Flowerday and Solms, 2005). Continuous auditing will also mean timely information for the users of the audit opinion (Pushkin, 2003).
SAS no.99 emphasizes on the auditors using skepticism when carrying out an audit. The auditor is required to be more vigorous during the brainstorming sessions. A combination of SAS no. 99 and SAS no. 104-111 (the risk assessment standards) would assist in a deeper analysis in the process of detecting fraud. The auditor should improve the quality of documentation; this help bring out transparency and accountability in their profession (Apostolou, & Crumbley, 2008). The auditor needs to develop effective approaches of assessing risk ad how to respond to the risks encountered (Leuz, et al. 2003). There should be ways to respond to these specific assessed risks.
Fraud is differentiated from error, in that error is unintended mistake while fraud is intentional, though both may lead to material finance misstatements (Bostick, & Luehlfing, 2004). The financial statements maybe misrepresented fraudulently either through manipulation and giving false information about the accounting records, through omission of a material transaction, or an intentional misapplication of the accounting standards. Fraud can also be through the wrong use of assets also known as defalcation (Byrnes, 2002). It is with no doubt that the issue of Auditor Responsibilities to Investors and Client is sensitive and the gap that exists should be legally, professionally, and socially addressed in order to protect the interest of all persons in business.
What responsibility do auditors owe their client and third parties?
In the last 25 years the auditors and the accounting profession has been faced with an enormous legal risks that are associated with third parties who use the auditor’s reports in their decision making (Pacini, Et al., 2000). Litigation has increased not only in USA but also in other countries such as Australia, Canada, UK and New Zealand. There is a flow towards checking on reducing third party liability to the accounting profession. The USA big six, (now big four), spent $1.1 billion on defense lawsuits in 1993 alone. This trend has continued with Pricewaterhouse and Ernst & Young spending $1255m on a lawsuit with the collapsed Bank of Credit and Commerce International and Ernst & Young paying $335m to the shareholders of CUC International (Pacini Et al. 2000).
The increase in litigations has led to, first, the auditor firms refusing to audit firms that have high-litigation risk, secondly an increase in professional liability insurance and thirdly a departure by experienced accountants from the accounting profession.
There are legal standards in USA that are used to judge if a client can sue the accountant. These are the strict privity rule, the near privity standard, the restatement standard and the reasonable foreseeable standard. The strict privity is applied in a few states in USA. The strict privity rule which has more restrictions than the rest, was established in 1919 in the case of Lyndell v. Lybrand ((107 A. 783 [Pa. 1919]). In privity rule the third party has to have a direct relationship or must be in a contract with the auditor in order to be able to sue him. The near privity standard was first established in the ruling of Ultramares Corp. v. Touche (174 N.E. 441 [N.Y. 1931]). This rule was clarified later in 1985 in the case of Credit Alliance v. Arthur Andersen & Co. (483 N.E.2d 110 [N.Y. 1985] as cited in (Kuschnik, 2008).
The clarification identified three elements that must be met for a third party to be in the scope of an auditors’ negligent representation. The three elements include that the accountant must have known that the third party was going to use the reports for that purpose, that the third part must be a known party and had had the intention to rely on these reports and that there was a link between the auditor and the accountant to the extent of the relying part (Pacini Et al. 2000). In 2004, the New Jersey Supreme Court relieved Ernest & Young of any reliability in a case between them and Dikerson & Sons, Inc. (E. Dickerson & Son, Inc. v. Ernst & Young L.L.P. 2004, 1239) (Kuschnik, 2008). Applying the near privity standard, the Court ruled that there was no direct transaction between the wholesaler company, Twin County Grocers, the corporate shareholders and Ernest & Young that the claimants’ reliance on the auditor’s reports was not evidence enough to qualify as a specified transaction. The reasonable foreseeable standard was started in 1983 in the case Rosenblum v. Adler (461 A.2d 138 [N.J. 1983]) (Kuschnik, 2008).
This broadens the auditors responsibility in that the auditor is liable to all the third parties that the auditor may have foreseen as would affect this third party, but only to the extent that the third party had made a decision based on the reports by the auditor (Pacini Et al., 2000). The restatement standard is currently the most commonly used and was first applied in 1968 in the case Rusch Factors v. Levin (284 F.Supp. 85 [D.R.I. 1968]). The rule stipulates that the auditor has a duty both to the client plus to a third party that the auditor or the client had intended to benefit from the report and the third party or parties made a decision based on the report by the auditor and which resulted to the third party or parties incurring losses. The restatement standard is only used when the auditor had knowledge that the third party was to rely on the reports (AICPA 2003).
In general, the accounting profession has reacted to litigation by trying to reduce the reduce exposure to third party liability. One of the ways they have done is by shifting from general partnership where each partner is liable for his actions, those of the partners and the partnership in general, to limited liability partnership (LLP), (Pacini Et al., 2000).
What happens if an independent auditor discovers an illegal act in the process of performing an audit according to GAAS? Does the law provide to cater for any illegalities that the auditor may come across while undertaking his procedures? This is an important question for the investor. To the investor, the auditor is allowed by law to deeply understand the client’s transactions and in the process he might come across an illegal act. With this knowledge the investor and other third parties will be more confident of the auditors report, if they know that there is a provision in law that guides the auditor to discloses or act otherwise incase he comes across an illegal act. This assurance and guidance is provided in SAS No.54, Illegal Acts by Clients.
The independent auditor might discover some irregularities, either from the minutes, or comes across some suspicious transactions. The independent auditor will enquire if there are policies to prevent any illegal acts and get directives by the client concerning laws and regulation. The auditor should receive a written representation from the client assuring him that there are no violations which may affect the financial statements. If the management is involved in the illegal act, the auditor should inform more senior management, or get legal guidance from the client firm’s legal representative. He should try and find out how the illegal act will affect the financial statements. The auditor should also inform those who are responsible with the governance.
If the auditor discovers an illegal act, for which there is substantial evidence, and the act affects the financial statements materially, and there is no proper accountability, the auditor should express a qualified or adverse opinion report on the financial statements. If there is lack of cooperation from the client, after the auditor has evidence of an illegal act, the auditor can have a disclaimer on the opinion of the financial statements, in accordance with the statements of auditing standards no. 105. When the client refuses to act accept the qualified report, or the disclaimed opinion, the auditor can withdraw and give reasons for the withdrawal which should be in writing.
According to Goelzer, (2005), the auditor is supposed to act as the gatekeeper. It was evidently observed that most investors will base their investment decisions based on the auditors’ opinion of the financial statements the investor wants to invest in. The public expectation has always been that the auditor has an obligation to the investor and other relevant third parties. The auditor relegated himself from this obligation.
The effect after Sarbane-Oxley Act
The accounting profession was blamed for the collapse oof Enron, Tyco and Worldcom. The investors have relied on the auditors reports in making their investment decisions. As a result the Sarbanes Oxley Act (SOX) Act of 2002 was introduced, the PCAOB was created resulting to emphasize on the independence of the external auditor (Goelzerl, 2005). This Act was meant to retain that ‘gatekeepers’ obligation. The Act intended to restore this role by; restricting the auditor from offering non audit services; recommending an audit committee with independent members and who are outside the management; recommending and requiring that the auditor gives an opinion on the financial statements, as well as on the internal controls, in accordance with SOX 404; and introducing a regulatory board (PCAOB) to regulate and overseeing the auditors activities, through inspecting the audit firms, registering, investigating, as well as creating the standards. PCAOB has the duty and responsibility to safeguard public companies’ investors by ensuring that the audits for these companies are accurate, and independently conducted. These rules have resulted to a change in the auditor’s role from consulting to what they were supposed to be right from the beginning, being auditors and rendering their services to their true clients, the shareholders.
SOX 302 Corporate responsibility for financial reports, requires the chief executive officer and the chief finance officer to accept responsibility for the financial statements, as well as ensuring that there are proper and effective internal controls in their entities. They should have taken an evaluation of the effectiveness of the internal controls, 90 days prior to signing the financial reports. They are also required to promptly disclose any insider dealings within their entities. The act provides that where the financial statements were misstated, the senior management should payback any incentives that had been paid to out of the misstated reports. The act also banned loans to the senior management and board members. This was meant to make sure that the senior management is accountable and that they take responsibility for the accuracy and reliability of the financial statements. The COSO report for the period indicated a decrease in the external auditor being implicated in the fraud cases, to 23 percent from 29 percent for the period 1987-1998.
This shows that the auditors may be more serious in implementing the new rules and regulations by SOX as compared to the CEOs and CFOs whose involvement had increased.
Management Unethical Behaviour
What role do management deceptions play in the ability of the auditor to detect fraud?
In 2006 Association of Certified Fraud Examiners (ACFE) estimated that each company loses its 5 percent of annual revenues to fraudulent acts (Apostolou & Crumbley, 2008). A survey by Pricewaterhouse- Coopers reported an increase in reported frauds by companies in 2003 as compared to the same report in 2003. In most cases where fraud has been discovered the public will put the blame on the auditor.
It is the responsibility of the management to prepare the financial statements. The auditor only has a duty to assure that the financial statements are correct and offer a fair and true opinion. It is this assurance that investors and creditors have relied on to make investment decisions. Thus the blame on the auditors on not doing their job properly has led to the loss of faith on the accounting profession. The auditor is aware that his opinion on the financial statements will be relied on in decision making. Thus the auditor should be more thorough in his work. He should learn and understand the client’s nature of business which will assist in conducting the audit risk.
According to SAS 1 Responsibilities and Functions of the Independent Auditor, the role of the auditor is to give an opinion on the fairness of the financial position, the operations, cash flow and to ensure that the audit was carried out in compliance with the Generally Accepted Auditing Standards (GAAS). It is the duty of the auditor to plan the audit in such a way that the financial statements are free of material statement. However SAS 1 clearly says that the preparation of the financial statement is the responsibility of the management of the organization. The auditor can only give reasonable assurance that the financial statements are free of material misstatements but not absolute assurance. An independent auditor will then make a fair and true opinion on the statements, regardless of what that truth is.
The management is responsible for the prevention of fraud and has the responsibility to ensure that there are reasonable measures to prevent and detect fraud. It is the responsibility of the management together with those charged with governance, to develop an honest culture within their entities. However the auditor is obligated to carry out an audit using the guidelines as stipulated in SAS no. 99 or ISA 240. The auditor should in the planning risk of material misstatement plan for a possibility of a fraudulent transaction. The auditor should undertake a risk assessment. The auditor can also enquire from the internal auditor if there is a possible and suspected risk. Fraud occurs in the presence of three conditions. First, the management is under pressure to perform or there is an incentive that would be received after providing ‘positive’ results. Secondly there are poor controls or the controls are there but are rarely practiced, and lastly there is an available chance to rationalize being fraudulent. The last condition applies mostly to dishonest employees.
In most cases the management will hide the fraudulent action from the auditors or from anyone else who may come into contact with the financial statements. This can be done through misrepresentation of the transactions, or withholding evidence documents. Misrepresentation may be inform of transactions which are properly presented and according to the generally accepted accounting practices (GAAP) but on forged signatures and or false electronic authorizations of cash transfers. It thus becomes difficult for an auditor, who may not be trained in signature authentication to detect such a transaction. The management may collude in such a way that all the evidence the auditor requests for during the audit is tallied through collusion of employees and senior management or even external third parties, for example, a debtors confirmation of the debt owed to him.
However the auditor should use his discretion to ensure that any fraudulent material misstatement is detected by ensuring the entire sub ledgers are reconciled to the control accounts, lack of documents to evidence authorization of material expenditures, or any other way to get evidence and prove that the financial statements give a fair view. The auditor has an obligation to use professional skepticism and analytical and critical mind. The auditor should insist on evidence on material transactions, and not base an opinion on trusting the management. Where necessary the auditor can engage professional in areas of suspicion for example an expert in information and technology or a certified fraud examiner. The auditors should stop being so mechanical in undertaking the audit procedures, the auditor should be unpredictable in timing of the audit, as well as encouraging computer-based audit techniques (PCAOB, 2007).
In planning the audit, should have a discussion with the key audit team members, who may have an idea on the possible areas of fraud, establish from the members if there are any external pressures on the management to perform, if there are any employees or one in the management team who may take an existing opportunity to engage in fraud. The auditor, together with the audit team members, should have a discussion on the client’s organization culture and how serious they are in observing control measures. The auditor should also enquire from the senior management of any possible suspicions of fraud that the management is aware of and how the management has reacted to the suspicion of the possible fraud. The auditor should then document all the evidence, discussions with the audit team, and discussions with the management. He should document the reason that led to his believe that there was a possibility of a fraudulent misstatement.
How does the auditor respond after detecting a fraud?
Once the auditor has identified a probable fraud, he should communicate the same information to the management. If he suspects that the management is involved, he should communicate his suspicions to those who are in charge of governance. Where the auditor thinks that he may not gather enough evidence on the fraudulent material misstatement, the auditor has the choice to withdraw from the audit. The withdrawal should be communicated in writing to all the parties involved and relevant to the audit. The auditor can use his discretion on whether to report the fraud to the relevant authority. This action may however be limited by the confidentiality ruler and the regulations of the country. The best option is seek legal advice on what step to take. The auditor has the option of withdrawing from the audit, in which case there should be a discussion with the management and those in charge of governance, as well as consider the legal implication and his obligation to report the matter to the legal authority.
Withdrawal is advised if the management has failed to implement the recommendations to prevent the fraud, even if the fraud is not material, if the auditor thinks there is a considerable risk of fraud and if the auditor is in doubt of the management’s integrity.
The expectation gap is still present as the public believes that the auditor should be able to detect all fraud. In 2006, the representatives of the CEOs’ of the largest six international audit firms (KPMG, Pricewaterhouse-Coopers, Deloitte, Ernst & young, Grant Thornton, Deloitte, and BDO) suggested that there should be a dialogue to educate the public as a step to narrow down the expectation gap. They also suggested that the most effective way to detect fraud is through a forensic audit, which should be done annually, and randomly. They also suggested that the shareholders could be given an option of how much anti-fraudulent audit should be done, given that the more thorough, the more costly, but the more reliable.
Audit Fraud Responsibility
Who Is Liable For The Fraud In A Financial Statement?
The management is the owners of the financial statement. The auditors role is to ensure, as much as it is reasonably possible that there no erroneous or fraudulent material misstatements in the financial statements. Where the auditor has used all skepticism and discretion to detect possible chances of fraud and has reported the same to the relevant people then he should not be liable.
The management is involved in the day to day running of the business. In most cases they are aware of any material transactions that occur on a day to day basis. A survey, “COSO Report on Fraudulent Financial Report” for the period 1998 to 2007, revealed that in 89 percent fraudulent cases, the CEO, the CFO and other senior management, the executives and even the members of the board were aware and were active participants in the fraudulent acts in their entities. The report also indicated that 20 percent of this had been prosecuted and 60 percent of the prosecuted had been found guilty. This has led to believe that the senior management are responsible and should be liable for fraud.
There are five interactive factors that have been used to explain the frauds in the last few years (Rezae & Riley, 2009). These are cooks, recipes, incentives, monitoring and end-results, popularly abbreviated as CRIME. Cooks will normally include employees in collusion with senior management. Recipes are the methods that are used to defraud the entity, mainly manipulation, falsification and alteration of figures, assets misappropriations. The first three contributed to 90 percent of all the fraudulent cases, while assets misappropriation contributed to 10 percent of the fraudulent cases (COSO, 2010). The 1998-2007 report indicated that misrepresentation of revenue was the highest means of fraud totaling to 60 percent of the fraud cases. Incentives represent the motives that lead to anyone engaging in fraudulent actions and these are mainly monetary. Pressure to perform in the security market is considered a high incentive as is the attempt to hide poor performance by the entity COSO, 2008. Monitoring refers to the existence of control measures to prevent or deter or detect fraud. The end results are the consequences suffered after an entity has been defrauded. This may mean loss of investors in the stock exchange market which may lead to bankruptcy.
Summary and Conclusion
Should investors totally rely on the auditor’s opinion?
The auditor’s responsibility is to provide a reasonable assurance on the true and fair view on the financial statements and the internal controls. The auditor’s mandate is limited to the fact that he has to perform an audit based on whole year’s transactions in a short duration of time. It is therefore unreasonable to expect that all errors and frauds would be detected. However, the auditor has the professional duty to try all ways possible to try and detect the errors. After the SOX Act, the audit profession is gaining its credibility back (Leuz, et al., 2003). Therefore the investor should respect the auditor’s opinion, but only as the primary source of opinion as he looks for more details on the company he wants to invest in.
The research was meant to analyze the responsibility of the auditor to the client and to the third party. The findings indicate that though the auditor has a responsibility to the investors and other third parties, the public’s expectations is high as the auditor can only give reasonable assurance. There is a wide expectation gap. The law is clear on the issue; the management is responsible for the preparation of financial statements. The management will try and in most cases successfully to hide the fraudulent activities from the auditor. The auditor should however be more vigilant in detecting fraud. The public on the other hand should demand more accountability from the management.
Limitations and future research
There were a few challenges that the researcher encountered. There was time constraint. For the research to be more effective, the use of questionnaires could have been an effective tool especially with potential investors and third party opinions on the expectations from the audit. Another limitation was lack of cooperation from the senior managers of the companies that had been sampled. The managers were to give their opinion on the actions they had taken to reduce fraud and if the actions had been effective. They claimed that the information the researcher required was confidential. Time was a challenge and especially with the senior audit personnel who had been engaged for a long time before the interview happened.
The research addressed the auditor’s responsibility to the client and third parties. It however did not respond to the effects after the implementation of the SOX acts recommendations both to the auditor and to the management. Future research should address this effect. Future research should try and determine the reasons why management participation in fraudulent activity continues on the rise.