Auditors are increasingly taking responsibility for fraud detection and cybersecurity at companies, whether they like it or not.
“The bottom line is that if there’s fraud and the auditor did not discover the fraud, there’s a 99 percent chance that the auditor will be sued,” said Ralph Summerford, president of Forensic Strategic Solutions, a financial investigation firm that specializes in fraud examination. “It’s not just the large firms, but also the small firms.”
Summerford will be speaking this week at the Association of Certified Fraud Examiners’ annual fraud conference in Nashville. His topic this year is the auditor’s responsibility to detect fraud. “I’m not just talking about CPAs,” he said. “I’m talking about internal auditors, governmental auditors, any auditor that does auditing work, and people like Certified Fraud Examiners who do investigations. It will be all of those people whose responsibility is to detect fraud.”
He believes auditors need to be especially aware of the differences between the legal standards and the professional standards. “The standard of care in the legal world is my responsibility to you and to everybody to do what a reasonable person would do under the circumstances,” said Summerford. “What is a reasonable person? That is a slippery slope.” Auditors, accountants and CPA consultants need to look at both the legal standards and the professional standards, as set by the Public Company Accounting Oversight Board, or else they could face lawsuits, he noted.
“When anybody loses any money, they want to get their money back,” said Summerford. “They will sue anybody and everybody.”
Auditors also need to be aware of potential cybersecurity issues. Summerford said he recently attended a conference in Atlanta hosted by the law firm Carlock Copeland where that was a topic of discussion. “The AICPA has come out with some proposed standards,” he noted. “It’s really scary because of all the hacks.” One of the speakers said there had been 26 hacks of accounting firms up through 2016, potentially exposing the personal and professional information of clients to cybercriminals.
One of the major areas of fraud detection is risk management, which ties in with cybersecurity and the need to have the proper controls in place over financial reporting. “Internal and external auditors should be looking to make sure those controls are in place,” said Summerford.
Keeping employees happy with their company and workplace can also help deter fraud. “Any time you encounter an operation that has a low morale factor, you’ve got a high fraud environment,” said ACFE president Jim Ratley at a recent conference at Pace University in New York. “In order to keep that fraud environment low, you’ve got to have people who can see a future.”
Adam Strayer, a BDO Consulting director who also leads technology-assisted review for BDO’s Forensic Technology Services practice, is closely involved in forensic examinations. “We’re looking at crimes, reviewing or looking for conflicts of interest or double-dealing in foreign subsidiaries—whether or not a manager is an independent operator or whether he or she has an interest in something else, or in an affiliated business.”
His group also assists in audit evaluations of asset managers for purposes of SEC filings. “We’re looking to see whether or not the process that was implemented for asset valuation was followed correctly, providing details on who, what, when, where and how of the valuation process,” said Strayer. “This is all going to unstructured data to help with, say, large email analyses. A second part of what we do is handling more structured data, which is reviewing accounting records looking for data irregularities, looking for outliers and anomalies, identifying strange trends. This can be as simple as looking for invoices that all end in 00. That could be a sign of fraud or laziness, or we’re looking for typos and misspellings on invoices. You’d be amazed how often someone committing fraud or embezzlement, or creating false invoices, misspells words on invoices. There’s a whole bunch of analytics to identify those patterns.”
Increasingly fraud examiners and forensic accountants are using technologies such as artificial intelligence and machine learning to help them uncover wrongdoing.
“In large volumes of data, computers are really good at picking out irregularities,” said Strayer. “We are really good at distinguishing the lion tail above the grass on the savanna, but we’re less good at seeing patterns. Computers are extremely good at seeing patterns and finding patterns. When we’re dealing with these huge volumes and you’re looking for ongoing fraud and ongoing inconsistencies and irregularities, the current technology is really great at identifying those trends. There are a number of tools that utilize artificial intelligence where the system is looking at the data points and identifying additional data points. It’s seeking out additional information to help it understand exactly what’s going on, and identifying any red flags it comes up with. We’ve also been very focused on developing a strong data visualization program. That’s a useful way for people to understand and comprehend large volumes of data quickly.”
BDO has been using this type of technology for international cross-border investigations. “These new tools are able to handle multiple languages,” said Strayer. “You can quickly de-duplicate redundant or repetitive data to isolate the unique values.”
Register or login for access to this item and much more
All Accounting Today content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access