SEC Alert! Paul Munter Acting Chief Accountant: 'We have also recently observed shortcomings related to responsibilities over the detection of material misstatements due to fraud that auditors should keep in mind'
SEC Alert! Paul Munter Acting Chief Accountant: 'We have also recently observed shortcomings related to responsibilities over the detection of material misstatements due to fraud that auditors should keep in mind as they perform their vital role for the public trust.'
Other comments of note from Munter:
The Association of Certified Fraud Examiners (“ACFE”) estimates that organizations lose 5% of revenue to fraud each year, an estimated loss of $4.7 trillion on a global scale
We have also recently observed shortcomings related to responsibilities over the detection of material misstatements due to fraud that auditors should keep in mind as they perform their vital role for the public trust.
PCAOB inspections consistently identify areas of concern involving auditors’ application of due professional care and professional skepticism when considering fraud or where the audit response to fraud risks and red flags was insufficient. PCAOB inspection examples of auditor’s deficiencies include auditors not performing substantive procedures that were specifically responsive to fraud risks (e.g., not performing tests of details, or only performing inquiries, performing insufficient journal entry testing, failing to assess and/or identify revenue recognition as a potential fraud risk, and not communicating fraud risks to audit committees.
Recent Commission enforcement actions against audit firms and their personnel continue to highlight instances of improper professional conduct by auditors with respect to fraud risks. In these enforcement actions, the Commission alleged that auditors failed to comply with PCAOB standards by, among other things, ignoring red flags and contradictory information and failing to obtain sufficient and appropriate audit evidence.
Through OCA’s discussions with stakeholders we have heard particularly troubling feedback that auditors many times frame the discussion of their responsibilities related to fraud by describing what is beyond the auditor’s responsibilities and what auditors are not required to do. We find this attitude of focusing on the limits of the auditor’s responsibilities at the outset as opposed to the affirmative requirements with respect to the responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement, whether caused by error or fraud, deeply concerning, as it could impact an auditor’s mindset or their degree of professional skepticism, and may thereby reduce the likelihood of fraud detection and potentially result in dereliction of professional responsibilities to the public trust.
Auditors may face pressures from various sources, both internal and external, during the audit. External pressures by the audit client may include management insisting on tight deadlines or applying audit fee pressures. Internal audit firm or engagement team pressures may include resource constraints, time pressures, budgeting and firm operational metrics, evaluation systems that may inadvertently discourage skepticism among staff auditors, and achieving strong client satisfaction ratings. These pressures can distract an auditor from appropriately identifying and responding to fraud risks thereby reducing the likelihood that the auditor will detect material misstatements in the financial statements resulting from fraud.
A key point of distinction between a material misstatement that arises from fraud or error is whether the underlying action was intentional or unintentional. As such, auditors should be aware of biases that may impede their ability to gather and objectively evaluate audit evidence. For instance, the mindset of “trust but verify” may represent potential bias if it is anchored in the belief that management is honest and has integrity. Such a mindset may interfere with an auditor’s ability to effectively evaluate signs of fraud when evaluating misstatements or to objectively challenge evidence provided by management. Professional standards have long held that due professional care requires the auditor to exercise professional skepticism. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence.
Auditors should not default to merely increasing sample sizes, but rather should exercise their professional skepticism when determining which types and amount of audit procedures to apply in response to the assessed fraud risk.
Auditors should also apply their professional skepticism when considering whether the involvement of specialists is necessary when identifying or responding to fraud risks. An auditor should consider whether the involvement of a forensic specialist is necessary to assist in identifying fraud risks and responding to those fraud risks, or, when fraud risks are identified related to management estimates, whether the involvement of a specialist is necessary to challenge and evaluate the reasonableness of management’s assumptions.
Management is in a unique position to perpetrate fraud, and instances of fraud often involve management override of controls, including concealment of evidence or misrepresentation of information. Auditors must remain diligent when considering and responding to this risk and remain aware of techniques used by management to circumvent existing controls. Additionally, if an auditor believes that an identified misstatement might be indicative of fraud, they should perform procedures to obtain additional audit evidence and evaluate the related implications. This includes fulfilling their responsibilities to communicate such matters to management, the audit committee, and the SEC, as required.
In addition, auditors should consider publicly-available information (including from new sources available during the course of the audit) and objectively evaluate how such information impacts risk assessment and the audit response.
Conclusion
Auditors serve an important gatekeeping and investor protection function by helping to verify that issues are promptly identified and addressed so that the auditor has obtained reasonable assurance about whether financial statements are free of material misstatement, whether due to error or fraud. The value of the audit and the related benefits to investors, including investor protections, are diminished if the audit is conducted without the appropriate levels of due professional care and professional skepticism. Therefore, we remind auditors to fulfill their professional responsibilities by applying an appropriate fraud lens throughout the audit, including understanding the relationship between PCAOB AS 2401 and other auditing standards as it relates to identifying and responding to the risk of fraud in the audit so that the auditor has obtained reasonable assurance that there is not a material misstatement to the financial statements caused either by fraud or error.
