Auditors have trouble discovering fraud for several reasons. The most important reason is that those managers who are willing to commit fraud understand that they must do a good job of concealing it.
Managers bent on fraud are clever in devising schemes that look legitimate, and they are good at generating false evidence to hide the fraud. These managers think nothing of lying to their auditors. Also, they are aware of the standard audit procedures used by CPAs and design their fraud schemes to avoid audit scrutiny as much as possible.
Over the years, the auditing profession has taken somewhat of a wishy-washy position on the issue of whether auditors are responsible for discovering accounting and financial reporting fraud. The general public is confused because CPAs seem to want to have it both ways. CPAs don’t mind giving the impression to the general public that they catch fraud, or at least catch fraud in most situations.
However, when a CPA firm is sued because it didn’t catch fraud, the CPA pleads that an audit conducted according to generally accepted auditing standards does not necessarily discover fraud in all cases.
In the court of public opinion, it is clear that people think that auditors should discover material accounting fraud — and, for that matter, auditors should discover any other fraud against the business by its managers, employees, vendors, or customers.
CPAs refer to the difference between their responsibility for fraud detection (as they define it) and the responsibility of auditors perceived by the general public as the expectations gap. CPAs want to close the gap — not by taking on more responsibility for fraud detection, but by lowering the expectations of the public regarding their responsibility.
You’d have to be a lawyer to understand in detail the case law on auditors’ legal liability for fraud detection. But quite clearly, CPAs are liable for gross negligence in the conduct of an audit. If the judge or jury concludes that gross negligence was the reason the CPA failed to discover fraud, the CPA is held liable.
In a nutshell, standard audit procedures do not always uncover fraud, except when the perpetrators of the fraud are particularly inept at covering their tracks. Using tough-minded forensic audit procedures would put auditors in adversarial relationships with their clients, and CPA auditors want to maintain working relationships with clients that are cooperative and friendly.
A friendly auditor, some would argue, is an oxymoron. Also, there is the cost factor. Audit costs are already expensive. The CPA audit team spends many hours carrying out many different audit procedures. An audit would cost a lot more if extensive fraud detection procedures were used in addition to normal audit procedures.
To minimize their audit costs businesses assume the risk of not discovering fraud. They adopt internal controls that are designed to minimize the incidence of fraud. But, they know that clever fraudsters can circumvent the controls. They view fraud as a cost of doing business (as long as it doesn’t get out of hand).
One last point: In many accounting fraud cases that have been reported in the financial press, the auditor knew about the accounting methods of the client but did not object to the misleading accounting — you may call this an audit judgment failure. In these cases, the auditor was overly tolerant of questionable accounting methods used by the client.
Perhaps the auditor may have had serious objections to the accounting methods, but the client persuaded the CPA to go along with the methods. In many respects, the failure to object to bad accounting is more serious than the failure to discover accounting fraud, because it strikes at the integrity and backbone of the auditor.
CPA ethical standards demand that a CPA resign from an audit if the CPA judges that the accounting or financial reporting by the client is seriously misleading. The CPA may have a tough time collecting a fee from the client for the hours worked up to the point of resigning. But the CPA must resign according to professional audit standards.