the Expectation Gap
Forensic Audit Procedures
Paul E. Zikmund
JUNE 2008 -
Auditing is increasingly difficult and challenging, with new rules
and regulations encouraging, if not requiring, auditors to enhance
their efforts to detect fraud during an audit. Unfortunately, these
rules and regulations contain terms like “reasonable,”
“material,” “professional skepticism,” and
“brainstorming,” whose meanings vary in the minds of
“expectation gap” reflects a perceived difference
between what one is expected to accomplish by others and what
one personally believes he must accomplish. For example, the airline
industry now expects a significant portion of flights to be delayed
during the busy summer months. Passengers do not subscribe to
this same belief, so when their flights are delayed, this exposes
an expectation gap.
face similar challenges when it comes to detecting fraud in an
audit. In many instances, they are not sure how much effort must
be made to uncover red flags for fraud. More important, they do
not always take the appropriate steps to uncover fraud once a
red flag surfaces during an audit. Clients, judges, shareholders,
and other parties, however, expect auditors to take steps to detect
fraud during the audit. They are often displeased when fraud goes
undetected and is later uncovered by a tip or accident. The resulting
investigation or financial statement restatement creates negative
consequences for the company and its employees.
an auditor may fail to identify red flags during an audit include
on client representations;
- Lack of
awareness or recognition of an observable condition indicating
relationships with clients;
to brainstorm potential fraud schemes and scenarios; and
- A desire
“not to know.”
gap is driven by two variables: the auditor’s ability to
detect fraud, and the auditor’s efforts to detect fraud.
An auditor may possess the skills to detect fraud, but might choose
to take shortcuts or disregard obvious signs of potential fraud.
Or, an auditor might use a variety of techniques, but lack the
experience to effectively uncover red flags. Both scenarios will
broaden the expectation gap.
must develop the requisite skills to detect fraud and obtain sufficient
knowledge of the rules and regulations in order to better understand
what is required during an audit. Statement on Auditing Standards
(SAS) 99, Consideration of Fraud in a Financial Statement
Audit, requires auditors to obtain “reasonable”
assurance that material fraud is not present. The Institute of
Internal Auditors (IIA) standard 1210.A2 requires auditors to
possess “sufficient knowledge” to identify indicators
of fraud. Whatever the words “reasonable” and “sufficient”
mean to auditors will not matter if they fail to detect fraud.
The definitions of “reasonable” and “sufficient”
will be determined by their manager, client, senior management,
or the judge or jury in a lawsuit.
Fraud Detection Skills
rely on the following tools:
of specific fraud schemes and scenarios;
of applicable laws and
communication skills; and
cannot be expected to develop these skills to the level of a fraud
examiner, they should try to become more proficient through training,
hands-on experience, reading the professional literature, brainstorming,
and using fraud detection skills during the audit.
and awareness. All auditors should possess basic
knowledge of fraud schemes in order to better position themselves
to detect red flags during an audit. Auditors can start by developing
a basic understanding of fraud schemes and scenarios, as well
as the reasons why people commit fraud. Organizations such as
the IIA (www.theiia.org),
the National Association of Certified Valuation Analysts (NACVA;
and the Association of Certified Fraud Examiners (ACFE; www.acfe.com)
offer training that provides a basic understanding of the various
schemes relating to financial statement fraud, asset misappropriation,
and bribery and corruption schemes. Auditors who develop significant
fraud-detection skills can choose to pursue certifications such
as the ACFE’s Certified Fraud Examiner (CFE) and the NACVA’s
Certified Forensic Financial Analyst (CFFA). In addition, many
colleges and universities now offer fraud detection and examination
courses as part of their business, accounting, or audit programs.
Some schools even offer more advanced degrees in the field of
forensic studies. This training typically ranges from a basic
one-to-four-hour overview of fraud detection to a three-day comprehensive
course, where auditors look for fraud by reviewing case studies,
participating in group sessions, and reviewing actual data.
Brainstorming fraud risks is critical to a successful audit and
identifying red flags for fraud. If nothing else, brainstorming
will create a mindset for auditors to think like a fraudster,
supporting the adage, “to catch a crook, learn to think
In this writer’s
experience, approximately 50% of all auditors brainstorm fraud
risks prior to the start of an audit. Of auditors who use brainstorming
as a fraud detection tool, only about half make it a formal process
where they document the schemes and identify techniques aimed
at uncovering red flags. The other auditors conduct brainstorming
on a more informal basis and admit to considering the risk for
fraud without formally documenting this consideration.
A more formal
brainstorming process is necessary to fully benefit from this
exercise. For example, auditors could use a spreadsheet and involve
a team of at least three auditors. Preferably, the team should
consist of a fraud examiner or an auditor experienced in fraud
detection. Following these guidelines will make brainstorming
it fun and interactive, with everyone participating.
a fraud case study to stimulate responses.
an experienced fraud examiner.
previous company frauds in the discussion.
- Use a
brainstorming session, it is imperative to plan and perform the
audit in accordance with the schemes and scenarios identified
during the discussion. For example, if procurement fraud was identified
as a high-risk area, the audit should include steps to identify
red flags. These steps could include the following:
data analytics to identify suspicious vendors;
vendor spending for the previous 12 months to identify suspicious
patterns, including duplicate payments;
vendors with post office box addresses to find “ghost
employee addresses to vendor addresses for possible matches;
vendors that bid unsuccessfully for contracts, to inquire about
the bidding process; and
a Benford’s Law (which predicts the occurrence of digits
in data) analysis on vendor invoices to identify suspicious
patterns of invoice amounts.
skills. Auditors should consider effective interviewing
as a basic forensic tool to use during an audit. Auditors can
benefit from developing a basic awareness of deception and when
someone may be lying.
people are cooperative, energetic, receptive, and supportive of
an auditor’s efforts. The auditor should spend the first
15 minutes or so of any discussion with an interviewee building
rapport. It is important to watch the person’s mannerisms,
body language, and overall demeanor. It is also important to listen
to an individual’s tone of voice, willingness to volunteer
information, and style of answering questions. Once an auditor
establishes a rapport with the interviewee, she can proceed to
the line of questioning associated with the audit. It is at this
point that an auditor needs to be aware of any change in verbal
or nonverbal behavior.
Mary was in charge of accounts payable. During the audit,
she participated in a discussion with Justin, who reviewed vendor
payments. Mary sat upright and freely volunteered information
about her daughter who played soccer and her son who started as
the high school quarterback. Justin was interested because he
had played high school football in the same town. After they exchanged
pleasantries, Justin moved to questioning Mary about the vendor
database and how payments were processed. Mary quickly became
a different person. She sat back in her chair and crossed her
arms. She presented a defensive posture and answered questions
in short sentences. Justin felt awkward but continued to press
on because he was under a time restraint to complete his review.
He completed his questions, took a sample of payments, and wrote
his report. He felt a little unsure, but was happy to complete
later, Mary was discovered to have created four fictitious vendors
and improperly billed her employer more than $400,000 for services
never provided. Revisiting the interview, it is quite obvious
why Mary became defensive when Justin began asking about her job
responsibilities. Had Justin trusted his evaluation of Mary and
believed she might be lying, he could have taken a larger sample
or conducted additional analytical procedures to uncover potential
red flags for fraud. Auditors who take an active role in interviewing
and learn to analyze the interviewee and not just take notes are
in a much better position to uncover potential signs of deception
and possibly fraudulent activity.
with management. Less than 30% of auditors this
author has surveyed engage management in conversations during
the audit about their suspicions of fraud or employee misconduct.
But people do not usually volunteer information; they wait until
they are asked. This writer recommends engaging individuals in
conversations about fraud, code of conduct violations, or employee
the Fraud Triangle
a criminologist, developed the fraud triangle concept (see the
by studying people who had committed embezzlement, and identified
them as “trust violators.” He found that people develop
a nonshareable financial need—a pressure—that drives
them to look for illegitimate methods to solve their problem.
This pressure may arise from a gambling addiction, family problems,
work-related issues, or other personal or professional problems.
The interesting component of Cressey’s theory is that individuals
are unable to share this pressure with others. Although every
employee faces pressures at home and work, not everyone commits
fraud. Examples of nonshareable pressures include the following:
- A corporate
vice president develops a new business plan. Unfortunately,
the plan fails miserably, and his business experiences a loss.
He recently suffered through two previous bad quarters, and
he believes the CEO may consider dismissing him. Unable to tell
the shareholders and the board of directors the bad news, he
persuades the CFO to help him create fictitious sales to mask
the losses and avoid losing his job.
- A senior
financial officer experiences significant losses in her personal
investments. She feels unable to discuss her personal financial
failures because they may hurt her status as a highly trusted
employee in charge of the company’s finances. She attempts
to resolve her personal financial problem in secret by writing
company checks to a shell company she created in the company
leg of the fraud triangle is opportunity. Opportunity
defines the method by which the crime can be committed and is
generally provided through weaknesses in the internal controls.
The opportunity does not have to be real, so long as it is perceived
by an individual. For example, a driver can choose to exceed the
posted speed limit on the highway because he doesn’t believe
that a police officer is working radar in the area. This opportunity
may be real (a police officer is nowhere to be found) or perceived
(a police officer is hiding, but the driver cannot see him). Either
way, the driver may elect to speed. In the first scenario, the
driver would enjoy driving faster than permitted by law. In the
second scenario, he would receive a ticket.
will undergo the same type of reasoning and may elect to take
advantage of weak or nonexistent controls to defraud an employer.
Examples include inadequate or nonexistent—
part of the fraud triangle relates to a person’s ability
to rationalize behavior when committing an unlawful or
unethical act. Returning
to the example of speeding, a driver who exceeds the speed limit,
whether consciously or unconsciously, knows that he is violating
the traffic laws, even if he speeds all the time. However, many
drivers justify their behavior with one or more rationalizations:
only keeping up with traffic.
a good driver.
- My car
is built to drive fast.
not ordinarily label themselves as criminals or bad people, and
they often rationalize their actions to justify their behavior.
For example, an employee embezzling cash might use the following
rationalizations to justify his actions:
only borrowing the money.
- The company
can afford a few thousand dollars.
- I deserved
a bonus or raise but didn’t get one.
three parts of the triangle—pressure, opportunity,
and rationalization—are present at the same time,
the likelihood exists that a person will commit fraud. Auditors
spend considerable time focusing on reducing the opportunity for
fraud by assessing the existence and effectiveness of internal
controls. Auditors must consider the other two parts of the triangle
during their audit. Pressure is increased when profitability is
decreasing, when downsizing is announced, when employee turnover
is rising, or when employees experience personal financial pressures.
Auditors should consider these factors during the audit. For example,
if a company misses its earnings estimates for two or three consecutive
quarters, there could be extra pressure to commit financial statement
fraud. Auditors can learn of potential personal pressures during
their conversations with employees. An auditor may learn that
one employee is constantly late, experiencing personal financial
difficulties, worried about his segment’s performance, or
displaying poor morale.
must also consider an individual’s ability to rationalize.
Because auditors cannot read employees’ minds, they are
never absolutely sure of what is happening in a person’s
life. However; a recent downsizing, bankruptcy, or management
turnover may contribute to an individual’s ability to rationalize
fraudulent behavior. Whenever a company reduces its workforce,
some individuals will become bitter and develop a sense of entitlement.
These employees may rationalize theft or other misconduct.
auditors must consider reducing opportunities through internal
controls assessments, they cannot ignore the other sides of the
fraud triangle. Consideration of these factors will enhance the
auditor’s ability to detect potential red flags.
prescriptions for increasing an auditor’s ability to detect
fraud are undeniably arduous. Fraud detection requires effort
and the ability to work hand in hand. Ability is enhanced through
experience, training, and effort. Effort is enhanced through solid
audit plans, brainstorming, and ability. The challenge to reduce
the expectation gap stands before all auditors, internal and external.
While the profession has made great strides through legislation,
regulation, and audit standards, it must apply this guidance within
its own ranks, expending the effort and developing the ability
to reduce this gap.
cannot be held responsible for uncovering all types of fraud.
Collusive frauds and other intricate schemes are very difficult
to uncover. This does not, however, give auditors a blanket excuse
to refrain from looking for fraud. Developing the right mindset,
embedding forensic procedures, and asking about fraud all increase
auditors’ chances of finding it.
Zikmund, CFE, CFFA, serves as principal, litigation support
services, at Goldenberg Rosenthal in Philadelphia, Pa. He can be
reached at firstname.lastname@example.org.