Fighting financial fraud takes a village
The tools to fight fraud have strengthened substantially over the past 20 years. Increased regulation of public company audits and the auditing profession through the Sarbanes-Oxley Act, stronger and more independent audit committees, and investments by audit firms in human capital and technology all contribute to better fraud deterrence and detection.
Even with these advancements, however, COVID-19 has created new challenges and a remote work environment that heightens the risk of fraud at public companies. Many employees and management are working remotely while experiencing technology challenges. Some are juggling caregiving responsibility, and many are carrying the additional work of former colleagues who have been laid off. All of these factors can pressure an otherwise honest employee or executive to commit fraud.
Moving to a remote environment also may result in the absence of the appropriate management controls, or ineffective controls. Employees or management might find themselves employing “workarounds,” often for well-intentioned reasons, to be able to get their work done in a remote environment. These workarounds provide avenues for those with bad intentions to take advantage of the situation.
When fraud occurs, the natural reaction is to look to some responsible party on which to pin the blame. Because fraud will invariably affect the financial statements, some observers immediately ask, “Where were the auditors?” After all, they say, aren’t the auditors responsible for ensuring the accuracy and integrity of the financial statements? Surely, they must have missed something.
Auditors do play an important role in detecting fraud. They do this by performing audit procedures that provide reasonable assurance that the financial statements of a public company are free of material misstatement, whether caused by error or fraud. Reasonable assurance, however, is not absolute assurance.
Fraud, under both the common law and U.S. auditing standards, involves an intentional act — to deceive or conceal. Indeed, the Public Company Accounting Oversight Board fraud standards specifically state: “Typically, management and employees engaged in fraud will take steps to conceal the fraud from the auditors and others within and outside the organization.” Accounting records or supporting documents may be altered or falsified. Transactions may be intentionally omitted or misrepresented. The PCAOB standards acknowledge that a material misstatement of the financial statements due to fraud may go undetected by the auditor because of the nature of the audit evidence or the characteristics of the fraud may cause the auditor to rely upon information that appears to be valid, but is, in fact, false and fraudulent.
Just as management is charged with preparing the financial statements of a public company, management is also responsible for assessing fraud risk, implementing the controls to deter and detect fraud, and certifying financial reports. But management’s role goes beyond these technical requirements. Corporate culture can play an important role in determining how well a company deters and detects fraud, particularly during times of crisis. A culture of integrity should be foundational to a public company’s strategy, and companies should continue to focus on how they will keep their employees engaged with their core values and behaviors. An anti-fraud culture begins with an ethical tone at the top. Management is responsible for setting the tone, but just as important, they need to communicate the company’s culture and ethical values to all levels of the organization.
The strongest approach to deterring and detecting fraud involves collective action from multiple financial stakeholders. Public company management, audit committees, internal auditors, external audit firms and regulators all play a role in reducing fraud risk.
Sadly, we have already seen instances of fraud during the COVID-19 crisis, and we will likely see more. There is no way to prevent all fraud, everywhere, all the time. But together, public companies and their independent auditors can reduce the risk and scale of fraud to foster the trust in the capital markets that underpins the American economy at this critical time.