STANDING ADVISORY GROUP MEETING
PANEL DISCUSSION – FORENSIC AUDIT PROCEDURES
FEBRUARY 22, 2007
Introduction At the February 2007 meeting of the Standing Advisory Group (“SAG”), a panel will discuss issues relating to the performance of forensic audit procedures as a part of or in addition to an audit of financial statements. The panelists will provide brief remarks which will be followed by an opportunity for questions and additional discussion with SAG members. This paper provides SAG members with background information about the use of forensic audit procedures in financial statement audits. The Board’s standards require auditors to consider the risk of fraud in planning a financial statement audit. The Board recently issued a report that discusses observations derived from its inspections program concerning the procedures auditors apply to meet this requirement.1/ The SAG first discussed financial fraud on September 8-9, 2004.2/ Then, during its October 5-6, 2005 meeting, the SAG discussed the concept
1/ See PCAOB Release No. 2007-001 (January 22, 2007), Observations on
Auditors’ Implementation of PCAOB Standards Relating to Auditors’ Responsibilities
with Respect to Fraud.
2/ The Briefing Paper is located at www.pcaobus.org/News/Events/Documents/09082004_SAGMeeting/Fraud.pdf. Panel Discussion – Forensic Audit Procedures February 22, 2007 Page 2 of reasonable assurance,3/ a topic that bears upon the auditor’s responsibility to detect material misstatements due to fraud.
Objective of a Financial Statement Audit Versus a Forensic Audit The objective of a financial statement audit is described by PCAOB standards. Specifically, AU section (“AU sec.”) 110, Responsibilities and Functions of the
Independent Auditor, states that the objective of an audit of financial statements “is the expression of an opinion on the fairness with which they present, in all material respects, financial position, results of operations, and its cash flows in conformity with generally accepted accounting principles.”4/ A financial-statement audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. Additionally, it includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. Although forensic audits may examine financial reporting and internal control matters, the objective of a forensic audit is not expressly articulated in an established set of standards. Rather, users of forensic audits (e.g., audit or special investigative committees, management, and regulators) establish their objectives on a case-by-case basis. For example, an audit committee may engage an accountant or other person with specialized expertise to determine whether an accounting error was intentional and, if so, to then determine the participants in the fraud and how it was orchestrated.
3/ The Briefing Paper is located at http://www.pcaobus.org/News/Events/ Documents/09082004_SAGMeeting/Fraud.pdf
4/ Additionally, in an integrated audit of financial statements and internal control over financial reporting, paragraph 4 of PCAOB Auditing Standard No. 2, An
Audit of Internal Control Over Financial Reporting Performed in Conjunction with An
Audit of Financial Statements, states that “the auditor must plan and perform the audit to obtain reasonable assurance about whether the company maintained, in all material respects, effective internal control over financial reporting as of the date specified in management’s assessment. Maintaining effective internal control over financial reporting means that no material weaknesses exist; therefore, the objective of the audit of internal control over financial reporting is to obtain reasonable assurance that no material weaknesses exist as of the date specified in management’s assessment.” Panel Discussion – Forensic Audit Procedures February 22, 2007 Page 3
Consideration of Forensic Audit Procedures for Public Companies In November 2006, the Global Public Policy Symposium, comprising the CEOs of the six largest accounting firms, released a paper titled Global Capital Markets and the
Global Economy: A Vision From the CEOs of the International Audit Networks (“November 2006 Paper”).5/ The paper states that “…there is a significant ‘expectations gap’ between what various stakeholders believe auditors do or should do in detecting fraud, and what audit networks are actually capable of doing, at the prices that companies or investors are willing to pay for audits.” Additionally, the paper states that “[w]hat is sorely needed is a constructive dialogue among investors, other company stakeholders, policy makers and our own professionals about what should be done to close or at least narrow the ‘expectations gap’ relating to fraud.”6/ The November 2006 Paper outlines the following ideas for improving fraud detection at public companies:7/
• A forensic audit on a regular basis – The most aggressive, but also most costly and intrusive, way of rooting out fraud would be to require all public companies to undergo a forensic audit on a regular or periodic basis (e.g., every three or five years); • A forensic audit on a random basis – A less onerous and less costly version of the forensic audit proposal would be to subject public companies to a forensic audit on a random basis; and
• Other “choice-based” options – For example, one possibility would be to let shareholders decide on the intensity of the fraud detection effort they want auditors to perform. Shareholders could be assisted in making this decision by disclosure in the proxy materials of the costs of the different levels of audits, as well as the historical experience of the company with
5/ The paper is located at www.globalpublicpolicysymposium.com.
6/ Global Capital Markets and the Global Economy: A Vision From the CEOs
of the International Audit Networks (November 2006), p. 12.
7/ Ibid, p. 13. Panel Discussion – Forensic Audit Procedures February 22, 2007 Page 4 fraud. A different choice model would be to rely upon boards, or audit committees, to decide on the level of fraud detection intensity. Forensic audits can be performed to achieve various objectives and can include a variety of different procedures. The ability of a forensic audit to provide better fraud detection than a financial statement audit would, of course, depend on the nature and extent of procedures performed. As discussed below, auditors currently perform some procedures in the financial statement audit that could be considered forensic in nature.
Current Forensic Audit Procedures in an Audit of Financial Statements In 1998, the then Chief Accountant of the SEC asked the Public Oversight Board (“POB”) to examine recent changes in the audit process, and suggested the creation of a panel to perform this review.8/ On August 31, 2000, the POB’s Panel on Audit Effectiveness (“PAE”) issued its report and recommendations. Included in the report was the introduction of a “forensic-type fieldwork phase.” The report stated: Not unlike the traditional planning, interim, final and review phases of audits, this new forensic-type phase should become an integral part of the audit, with careful thought given to how and when it is to be carried out. A forensic-type fieldwork phase does not mean converting a generally accepted auditing standards (“GAAS”) audit to a “fraud audit.” Rather, the characterization of this phase of a GAAS audit as a forensic-type phase seeks to convey an attitudinal shift in the auditor’s degree of skepticism. Furthermore, use of the word phase does not mean that the work cannot be integrated throughout the audit.9/ The PAE recommended that during this forensic-type phase auditors should modify the otherwise neutral concept of professional skepticism and presume the possibility of dishonesty at various levels of management, including collusion, override of internal control, and falsification of documents.10/
8/ Public Oversight Board, The Panel on Audit Effectiveness (“PAE”), Report
and Recommendations (2000), Exhibit 1.
9/ Ibid, paragraph 3.51.
10/ Ibid. Panel Discussion – Forensic Audit Procedures February 22, 2007 Page 5 In 2002, the AICPA’s Auditing Standards Board considered the PAE’s recommendation and developed the standard on financial fraud, Statement on Auditing Standards No. 99, Consideration of Fraud in a Financial Statement Audit, codified as AU sec. 316. This standard, included in the PCAOB’s interim auditing standards, provides, among other things, that “the auditor may respond to an identified risk of material misstatement due to fraud by assigning additional persons with specialized skill and knowledge, such as forensic specialists to the engagement.”11/ Furthermore, many procedures described in AU sec. 316 are considered investigative, or forensic in nature, such as procedures that involve performing substantive tests or applying methods of collecting evidence that presume the possibility of dishonesty, including override of internal controls, falsification of documents, and collusion. For example, under AU sec. 316, to further address the risk of management override of controls, the auditor should examine journal entries and other adjustments for evidence of possible material misstatement due to fraud, review accounting estimates for biases that could result in material misstatement due to fraud, and evaluate the business rationale for significant unusual transactions. While AU sec. 316 states that persons with specialized forensic skills may be assigned to the audit in response to an identified risk of material misstatement due to fraud, it does not mandate that forensic accountants participate in audits. As the auditor becomes aware of indications of the possibility of fraud, and as the existence of fraud becomes more likely, the quality of the audit might be enhanced by requiring forensic accountants to participate in the audit process. However, the PAE did not recommend that auditors be required to use forensic accountants, and the Board’s interim standards do not include such a requirement. In 2004, the International Auditing and Assurance Standards Board issued an International Standard on Auditing (“ISA”), The Auditor’s Responsibilities Relating to
Fraud in an Audit of Financial Statements.12/ This standard contains forensic-type procedures similar to those in AU sec. 316, the PCAOB’s interim auditing standard. For instance, this standard states the auditor should have a discussion among the engagement team regarding the susceptibility of the entity’s financial statements to material misstatement due to fraud, as well as make inquiries of management, internal audit, those charged with governance, and others within the entity to determine whether
11/ See paragraph 50 of AU sec. 316, Consideration of Fraud in a Financial
Statement Audit.
12/ ISA 240 is located at www.ifac.org/Members/DownLoads/IAASB-RDISAS-RedraftedISAs.pdf. Panel Discussion – Forensic Audit Procedures February 22, 2007 Page 6 they have knowledge of fraud. Additionally, in order to respond to the risk of management override of controls, the auditor should design and perform audit procedures to test journal entries, review accounting estimates for bias, and obtain an understanding of the business rationale of significant transactions the auditor is aware of that are outside the entity’s normal course of business.13/
Discussion Topics – Presentations and discussion may address the following topics – • Characteristics that distinguish an audit of financial statements from a forensic audit. • Lessons or best practices from the field of forensic auditing that could improve the quality of financial statement audits. • The potential objectives of the forensic audits envisioned by the November 2006 Paper. * * * The PCAOB is a private-sector, non-profit corporation, created by the SarbanesOxley Act of 2002, to oversee the auditors of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports.
13/ See paragraphs 27, 38, 46 and 76 of ISA 240, The Auditor’s
Responsibilities Relating to Fraud in an Audit of Financial Statements.
