By Jeffrey Ong-Siong
The storms caused by the ongoing accounting scandals have left a wide path of damage in their wakes.
One of the largest casualties has been the accounting profession’s reputation — traditionally our largest asset. If you want to get us where it hurts, our reputation is a good place to start. Our national and professional organization, the American Institute of CPAs, knew it had a monumental problem that needed to be fixed. The unfavorable alternative would most likely be a “quick fix” of the problem by those who do not really understand our industry.
The Sarbanes-Oxley Act that was passed by Congress would merely be the camel’s nose pushing its way under the tent. More legislation would certainly follow as each new scandal (Enron, WorldCom, Parmalat — take your pick) unfolds. We could hear the war drums banging out a steady beat. The auditing industry critics claimed that the accounting profession lost track of its charter — ascertaining that financial statements are in compliance with generally accepted accounting principles.
It was also claimed that years of selling ancillary services to our clients had created an atmosphere where “professional skepticism” — the auditors’ best weapon in upholding generally accepted auditing standards — was too often lacking. And many steps that were common in audits of long ago had been cut in the name of efficiency.
The business media echoed this call and created a growing, concurrent buzz among the public. Something had to be done. Many auditors, such as those at our firm, complained that we were being unfairly painted with the same brush that should be used on a few. But, in reality, none of us could deny that something had to be done.
Enter the AICPA, which answered the call and issued Statement on Auditing Standards No. 99, Consideration of Fraud in a Financial Statement Audit. According to the AICPA, SAS No. 99 “has the potential to significantly improve audit quality, not just in detecting fraud, but also in detecting all material misstatements and improving the quality of the financial reporting process.”
In confronting the issues that needed to be addressed, the AICPA had to think beyond the typical frauds that middle-market companies experience (i.e., bookkeepers writing checks to themselves or dipping regularly into petty cash). The frauds that were the impetus to this accounting standard were at the top level. These were the chief executive officers and chief financial officers of billion-dollar Fortune 500 companies who were overriding controls that were in place — because they could.
But the AICPA found a commonality in all frauds, whether at a Fortune 500 company or a local temple. All frauds had three conditions present:
- There was an incentive and/or pressure (either internal or external) to commit fraud that motivated the act;
- There was opportunity for fraud; and,
- There was a rationalization to commit the fraud by those who participated in it.
SAS No. 99 recognizes these commonalities and requires auditors to go to lengths not previously required to see if these factors are present. And if these factors are present, it now requires auditors to take active steps to determine whether fraud does then exist.So where do we start the process? There are two default assumptions that the new standard requires of auditors going into audits. In every engagement, we must assume that there is fraud risk related to revenue recognition, and also as it relates to management override of established controls.
It is a fact that most financial reporting fraud schemes involved improper revenue recognition. However, management override of existing controls is an area too often unattended. Its existence is not as common, but when it is, watch out.
Remember WorldCom? Its accounting department very well may have been exemplary in performing its monthly closings and normal financial reporting, but all it allegedly took was a journal entry from the CFO to turn billions of dollars in expense into a capital asset.
In order to perform this step satisfactorily, we will have to gain an even better understanding of the normal accounting closing procedures, so that we have the ability to spot an anomaly when we come across one. As a result, we will spend more time digging into your general ledger than we have in the past. Unusual entries will be given more scrutiny and discussed within and outside of your accounting department to gain an understanding of the entry. Accounting estimates will be retrospectively viewed to determine their accuracy. But these are not the only frauds that need to be or will be considered.
The new standard has prescribed a number of methods in order to sniff out areas where fraud may be present. One method is called “brainstorming.” It requires the entire audit team to hold a meeting in which they are encouraged to think like crooks. We have to ask ourselves, “If we wanted to embezzle funds, misstate financial results or steal inventory from your company, how would we do it?” In determining the answers to these questions, we have to ask them from the perspective of various employees, ranging from warehouse workers to the CEO.
Another method requires auditors to speak directly to management regarding fraud in order to determine their awareness and understanding of fraud and the steps that they take to mitigate it. Interestingly enough, this issue was never previously required to be addressed heads-on with management.
And still another method requires auditors to venture out of the accounting department and make inquiries of personnel not directly involved in the financial reporting process. Instead of asking a company controller about an unasserted product liability lawsuit, a large consignment sale of goods or how items received are reconciled with items ordered, we will now direct our questions to the in-house legal counsel, sales manager and warehouse receiving clerks, respectively.
This should ensure that we get answers from those with first-hand knowledge of the topics. Often, those with knowledge of a fraud have stated, after the exposure of a fraud, that they would have told someone had they been asked. This step increases the possibility that the auditor is the person doing the asking.
Additionally, the new standard encourages auditors to make inquiries of a broad employee base to make a determination as to whether there is an area in which the three common conditions for fraud, addressed above, are present. This is also an opportune time to ask operating personnel whether the controls that are in place are actually applied in practice, and if they are ever overridden.
While the procedures noted above are the heart of SAS No. 99, the new standard also emphasizes how the results of the above are synthesized into our audit procedures. The standard prescribes how results are communicated if fraud is discovered, and describes how auditors should respond when a determination has been made that a misstatement is, or may be, the result of fraud.
The different steps enable the auditor to gather additional evidence and implications on other aspects of the audit, discuss the situation with the company’s management for further investigation and, if appropriate, suggest that the client consult with legal counsel. Communication and documentation requirements have also been greatly expanded.
SAS No. 99 was designed to help auditors do their jobs more effectively and advance their profession. And while the standard is not intended to provide a guarantee that all fraud will be detected, it should go a long way in highlighting areas where fraud could be present.
These additional steps and procedures will be included in every financial statement audited by my firm, RBZ, beginning with the calendar year ending Dec. 31, 2003. And they are significant in terms of time. We have found it may require up to 10 percent more effort on average. But, in addition to responding to the public’s demand, these additional steps can bring to management best practices, programs and controls.
But the final arbiter as to whether this standard is effective or whether there needs to be further standards will be clear to all of us on page one of our local business section every day.
