SEC Acting Chief Accountant (ACA) Paul Munter recently released a statement titled “The Auditor’s Responsibility for Fraud Detection.”
While directed at auditors, this statement and other recent statements from various regulators including the PCAOB’s 2022 Audit Committee Resource Spotlight,
indicate a heightened awareness and focus on fraud risk. Whether you are an auditor, work in management, or serve on a board, careful attention to these and future releases will help you meet and exceed the growing expectations related to mitigating fraud risk.
Munter emphasizes the auditor’s gatekeeper role and the importance of professional skepticism. He goes on to state that “the mindset of ‘trust but verify’ … may interfere with an auditor’s ability to effectively evaluate signs of fraud” because it is “anchored in the belief that management is honest and has integrity.” He goes on to state “Auditors should avoid any assumption of honesty.”
What should board members and management expect from their auditors?
First, Munter calls on auditors to exercise “professional skepticism when determining which types and amount of audit procedures to apply” and “not default to merely increasing sample sizes.” Further, he acknowledges the use of technology to detect fraud and fraud risks, but cautions “the use of technology is most effective when combined with sound professional judgment and other audit procedures that do not lend themselves to the use of technology.” Accordingly, companies should expect the unexpected, new approaches to high-risk areas, more focus on fraud risk, and bespoke audit procedures combining technology and traditional audit procedures. Most importantly, expect more robust discussions about fraud risk at your organization.
What can you do now?
Here are some important steps you can take now:
- Set the proper tone from the top. Starting at the board and running throughout the organization, talk about your organization’s values, lack of tolerance for fraud, and determination to address it when it occurs.
- Update your fraud risk assessment. Have you challenged assumptions regarding internal controls development before the shift to work-from-home or hybrid model your organization likely implemented over the past couple of years?
- Assess your tip hotline beyond making sure it exists. Are you communicating to your employees and external stakeholders how to report issues? The Association of Certified Fraud Examiners (ACFE) reports that approximately 42% of frauds are detected due to tips and that the median loss at organizations without a tip line is approximately twice as large as at those that have a tip line.
- Engage your auditor in a conversation on fraud risk rather than waiting for them to bring it up. Discuss your assessment of fraud risk and the steps you take to mitigate those risks.
Fraud risk management is a journey, not a destination. Whether you are a public company subject to SEC rules and regulations, a privately held business, a nonprofit organization, or a governmental agency, the risk is real. The first step to addressing the risk is to acknowledge it exists. Talk openly among your stakeholders and hold yourself accountable to mitigating the risk.
If you would like to discuss assessing and mitigating fraud risk at your organization, please reach out to a professional at FORVIS or submit the Contact Us form below.
The information contained in this article is general in nature and does not take into consideration your situation. You should consider whether the information is appropriate for your needs and seek professional advice where appropriate.