What Is the Auditor’s Role in Finding Fraud?

The PCAOB is trying to figure out how to explain the answer to the public.

By Sarah Johnson of CFO Magazine In the standard audit reports that accompany corporate financial statements, the auditor’s responsibility for detecting fraud is not discussed. Indeed, the word fraud isn’t mentioned at all. Yet whenever an accounting deception is uncovered, one of the first questions investors ask is, “Where were the auditors?”

 The auditing profession calls the discrepancy between what investors expect and what auditors do an “expectations gap.” In recent years, audit firms have attempted to close the gap by educating the public on their role. Last May, for instance, the Center for Audit Quality, the trade group for audit firms, issued a brochure on public-company accounting that said auditors consider potential areas of misconduct for a particular company when deciding what areas of a business to review. However, the CAQ cautioned, “because auditors do not examine every transaction and event, there is no guarantee that all ma-terial misstatements, whether caused by error or fraud, will be detected.”

Now, the Public Company Accounting Oversight Board (PCAOB) is also trying to close the expectations gap, based on a recommendation made more than a year ago by a Treasury Department–appointed advisory group that studied the auditing industry. The advisory group suggested that the audit report — which is the sole communication between auditors and investors on a particular company — explain the auditors’ role and their limitations in finding fraud.

Such a clarification had been demanded by observers of the advisory group. “If the discovery of material errors and fraud is not a major part of what the audit is about, it is not clear what value-added service the auditor offers the investor and capital markets,” wrote Andrew Bailey, University of Illinois accountancy professor emeritus.

Officially, the PCAOB’s rules require auditors to provide “reasonable assurance” that the financial statements they’ve reviewed “are free of material misstatement whether caused by error or fraud.” However, the language auditors use in their reports doesn’t match the text of the rules. In a meeting last week, the PCAOB’s own advisory group suggested that auditor reports be revised to add the phrase “whether caused by error or fraud” to indicate that auditors do have some responsibility for noticing fraud.

On their own, audit reports don’t tell investors how auditors reached their conclusions beyond stating the general scope they worked under and that they followed generally accepted auditing standards. Written in boilerplate language, the reports are instead 2 short summaries expressing that the financial statements under review fairly present the company’s operations and cash flows.

Many years ago, auditor reports included the term certify as if to guarantee the reviewed financial statements with an external stamp of approval. But that wording stopped being used in the 1930s, according to the PCAOB. Since then, the reports have been considered to be opinions. However, the reports do “not adequately reflect the amount of audit work and judgment” that go into drawing those opinions, the Treasury advisory group concluded.

Some investors, such as those who responded to a 2008 CFA Institute survey, would like auditors to identify their clients’ key risks as well as highlight areas that could possibly have questionable estimates made by management. “Investors want to know where the high risks are,” said Mary Hartman Morris, a California Public Employees’ Retirement System investment officer, at the PCAOB meeting.

However, except for its investor members, the PCAOB’s advisory group — which also includes finance executives, accounting-firm representatives, and accounting professors — generally refrained from recommending that audit reports move in a more detailed direction. The group cited the complexity of amending existing auditing standards, the possibility of increased liability, and the uncertainty over whether doing so would provide true value to investors. The group also largely passed over the idea of going beyond the current “pass/fail” model for the audit report, such as by instituting a grading system.

For the most part, the advisory group discouraged the regulator from changing auditors’ responsibilities or adding new procedures to their workloads. However, they seemed to agree that the public needs a more realistic view of an auditor’s job. For example, “some people seem to confuse falsified documents, which the auditor can’t authenticate, and falsified accounting records, which auditors should authenticate,” said Douglas Carmichael, an accountancy professor at Ziklin School of Business at Baruch College.

As the PCAOB contemplates a solution, the board may need to think more about investors’ wants rather than their expectations, suggested PCAOB board member Charles Niemeier. “Investors are not satisfied with the status quo,” he said, “and I think that is justified, considering the disclosure of financial problems tends to come after the fact.”

In the meantime, the PCAOB is working on establishing a financial-reporting fraud center for collecting information on preventing and detecting fraud. The regulator published a job posting for a director last month.