Internal auditors, external auditors, board members and financial executives disagree over who has responsibility for deterring and detecting financial statement fraud, according to a new report.
The report, from the Anti-Fraud Collaboration, a coalition between the Center for Audit Quality, Financial Executives International, the National Association of Corporate Directors, and the Institute of Internal Auditors, found significant expectation gaps among the four groups in the financial reporting chain. The areas of greatest disparity appear to be who has the primary responsibility for deterring financial reporting fraud, how confident each group is in their ability to detect material misstatements, and whether each party appropriately strikes the balance between trust and skepticism.
The report, “Closing the Expectation Gap in Deterring and Detecting Financial Statement Fraud: A Roundtable Summary,” includes the results of a recent survey that provided the basis for in-depth roundtable discussions summarized in the report. The report concluded that each group in the financial reporting chain has an important role to play, and enhanced communication among all parties is needed to provide clarity on the respective roles in rooting out fraud.
“The roundtable discussions provided a unique opportunity to get all of the players of the financial reporting chain together in one room. To have the best chance of reducing the occurrence of financial statement fraud, everyone must understand their respective roles,” said IIA president and CEO Richard Chambers IN A STATEMENT. “I think the big takeaway here is that communication is key.”
The IIA led coordination of the project, the latest in a line of several resources developed by the collaboration since it was formed in 2010.
The survey also found that a large majority of respondents (87 percent) believe that financial executives have primary responsibility for deterring financial reporting fraud. The group that owns primary responsibility for detecting financial reporting fraud is less clear. While most of the survey respondents (52 percent) designate financial executives, a sizeable minority (31 percent) place the responsibility on internal auditors.
The vast majority of board members (96 percent) are confident that the other three groups are able to identify a potential material misstatement due to fraud. Most board members (75 percent) are also confident in their own ability to identify material misstatements, although that belief is shared significantly less so by the other groups. For example, only 36 percent of internal auditors are confident in the board’s ability.
While both external and internal auditors identify skepticism as key to performing their work, less than half of internal auditors (46 percent) said they strike the right balance between trust and skepticism. In contrast, the majority of external auditors (70 percent) said they strike an appropriate balance.
During roundtable discussions about the survey results, participants from all four groups did not attempt to define who should take primary responsibility for fraud deterrence and detection. Instead, they focused the conversation on a holistic approach, where each party works together to design, operate, and monitor controls that mitigate the risk of material misstatements related to financial reporting fraud.
The roundtable discussion highlighted each group’s role in detecting and deterring fraud. Financial executives are responsible for designing processes and procedures and monitoring their effectiveness, participants agreed. Although financial executives are perceived as having the primary responsibility in deterring and detecting financial reporting fraud, concern was raised that when material fraud occurs, management is often involved. This concern highlights the need for an effective oversight function and active communications by which the audit committee (through internal audit) can be made aware of concerns around fraud and management’s potential involvement. “[Internal audit] can be the eyes and ears the audit committee needs,” said one participant.
The role of internal audit depends on how the organization uses it. The function can have a broad scope in an organization that extends beyond financial reporting controls. Participants emphasized the importance of objectivity for both internal and external audit to provide unbiased information to the audit committee, but some also acknowledged potential or perceived conflicts of interest in this area.
Expectations for external auditors varied widely. As in the case with internal audit, external audit’s approach may vary from one organization to the next, depending on the auditor’s assessment of the risk of fraud in the organization. Some participants believe external auditors are best equipped to identify material financial statement fraud because of their financial reporting audit procedures.
When looking at how board and audit committee members affected the deterrence and detection of financial statement reporting fraud, there was a consensus that the governance role they play makes all groups aware of expectations and sets the “tone at the top.” The most frequently stated expectation for this role was that audit committee members should have knowledge of the industry, be financially literate, and ask challenging questions of management when reviewing financial statements. Some believe the audit committee should engage management several layers down to help determine whether internal auditors, external auditors, and the financial reporting team are qualified.
A common theme across the conversations was the need for effective communication among all parties to address expectation gaps across the financial reporting supply chain. Board members conveyed that an open and candid dialogue with external and internal auditors is essential to help them determine whether management is doing the right thing. Moreover, open communication among all parties enables them to perform their governance role with necessary transparency and realistic expectations that will help achieve effective risk management.
“Closing the Expectation Gap in Deterring and Detecting Financial Statement Fraud: A Roundtable Summary,” was released Monday at the National Association of Corporate Directors’ 2013 Board Leadership Conference in National Harbor, Md. For more information about the conference, visit www.NACDonline.org/Conference. The report is available as a free download at www.antifraudcollaboration.org.