Doing an audit the same way year in and year out may make things easier on the CPA, but it also makes things easier on fraudsters, who can very quickly pick up on weaknesses in audit methodology in order to better hide their illicit activities. With this in mind, a recent paper, written by Deniz Okat from the Aalto University School of Business, has suggested that randomizing audit methodologies, and the technologies through which they are implemented, or at the very least switching things up every so often, can make fraud more difficult and easier to detect. Conversely, using the same technology and methodology all the time means that fraudsters might detect areas that the audit consistently misses, and use that as a jumping off point for further fraud. For example, "once a medical provider discovers a loophole in the Department of Health and Human Services' screening technology by cheating the system successfully, he can file multiple bogus claims." 

By changing things up, however, "the principal can hinder such learning by varying her practices. For example, when the audit technology is changed in each period, the agent does not gain anything by avoiding detection other than his stage payoff. Therefore he has less incentive to cheat when he anticipates that a different audit technology will be employed in the next period." 

The paper suggests that even switching to a weaker technology could be useful, or possibly even by not having an audit at all, as "when the actions of the principal are unobservable, stochastic audits (i.e. randomizing the decision to audit) reduce fraud by preventing the agent from learning how to game the technology." 

Switching things up also increases the effort required to successfully and consistently pull off frauds, as the fraudster will need to adapt to an entirely new process multiple times, which "decreases the agent's return." 

The author of the study, in the discussion, talk about how this principle applies in the wider business world. For example, it says, consider a CEO who is monitored by the same board of directors over several years: by being able to anticipate how the board will react, the CEO can learn how to design and present proposals with a greater chance of being approved, even if they're not in line with shareholder objectives. Rotating board members, however, limits such learning. 

Similarly, says the study, companies audited by the same firm over and over again might also learn how to manipulate financial statements without being caught, as the firm has figured out the auditors' methodology and found its weaknesses. The paper argues that audit firm rotation would limit this from being able to happen.