Common Misconceptions About the Prevention of Occupational Fraud – Part 1BondBeebe
John Merchant, CPA
Occupational Fraud is defined as an employee using his or her occupation for personal gain through the deliberate theft or misuse of the assets of the employing organization (see Wells, Joseph T., Occupational Fraud and Abuse, Obsidian Publishing Company, 1997). Business owners, directors of not-for-profit organizations and trustees of employee benefit plans often have misconceptions about occupational fraud and its prevention and, consequently, leave their organization vulnerable to loss. Over the next few weeks we will look at some of these misconceptions and why organizations are not as well protected as they might think. Today’s Topic: Annual Financial Statement Audits.
False Assumptions About Your Yearly Audit
“We have an annual audit by a CPA firm. They will catch any fraud that’s occurring.” If you think your organization is fully protected because you have an annual audit of the financial statements, what percentage of frauds do you suppose are initially uncovered each year by independent auditors? Would you say at least 90%? How about 50%? Do you think it certainly must be at least 20%? According to a survey conducted by the Association of Certified Fraud Examiners (ACFE) in 2008, only about 9% of occupational frauds are initially detected by independent auditors.
When a firm of Certified Public Accountants (CPA) conducts an audit of an organization’s financial statements, they have a responsibility under professional standards to take steps to detect fraud. However, their main objective in an audit is not the detection and prevention of fraud. Their main objective is to determine whether the financial statements are fairly presented in accordance with stated accounting policies so that they will not be misleading to a reader. Steps to detect fraud are only one aspect of an independent financial statement audit. And, while the CPAs conducting the audit may be very good at conducting a financial statement audit, they may not be Certified Fraud Examiners (CFE) and may or may not have received training in the detection and prevention of fraud through forensic auditing.
Financial Statement vs. a Forensic Audit
The standard financial statement audit is far different than a forensic audit or an operational audit. When our CFEs conduct a forensic audit, it is normally designed specifically and primarily to detect the occurrence of fraud. When we conduct an operational audit, it is specifically designed to determine the potential for the occurrence of fraud and provide advice on steps for its prevention. Such audits are far more extensive in their use of anti-fraud procedures and are quite different than the standard financial statement audit.
Resolving the Problem
Does this mean that having an audit by a firm of independent accountants is not useful in deterring occupational fraud in an organization? No, it does not mean that at all. Having an annual audit is one factor in achieving that goal. But the annual audit must be supplemented by other fraud prevention policies and procedures such as strong internal controls, internal audit procedures, employee background checks, hotlines and, occasionally, a forensic audit or operational audit. In short, if your organization’s only protection against occupational fraud and abuse is an annual financial statement audit, your organization is probably far more vulnerable than you realize.