By L. Erik Ringoen, CPA, CFF, CIRA
This is the third and final part of a three-part blog a series where I discuss the difference between an audit and a forensic investigation. In the previous two blogs, I compared the auditor’s and forensic accountant’s objectives, responsibilities, professional standards, and engagements (Part 1), as well as the roles of the auditor and the forensic accountant related to risk assessment, the concept of materiality, and building the right team (Part 2). In this blog, I discuss the gathering of evidence and reporting.
The auditor and forensic accountant should never rely on circumstantial evidence; they must obtain sufficient, appropriate evidence to support the objective. They both must maintain professional skepticism throughout their respective engagement. Professional skepticism is an attitude that includes a questioning mind, being alert to conditions that may indicate a fraud or error, and a critical assessment of evidence.
The quality of all audit evidence is affected by the relevance and reliability of the information upon which it is based. An objective of an auditor is to design and perform audit procedures to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base an opinion.1
The audit procedures may include:
The forensic accountant should gather evidence with the assumption that the case may result in litigation and the professionals on the team may be asked to provide expert testimony in a court of law or similar forum. Before gathering evidence, the forensic accountant should discuss with in-house or outside counsel whether a document preservation notice should be circulated. The preservation notice may be distributed to relevant personnel, which will provide instructions to preserve all documents and electronic data until further notice. Evidence should be gathered in a manner suitable for scrutiny. For instance, only IT professionals with expertise in collecting data in an acceptable and forensically sound manner should gather electronically stored information (ESI) used in the forensic investigation. Sources of evidence may include business laptops, smartphones, removable storage devices, voicemail, instant messaging software, security systems, databases, and servers. Additional sources of evidence may include third-party records, such as from banks, vendors, customers, suppliers, government agencies, as well as public records. To avoid accusations of evidence tampering or spoliation,2 the investigating team should protect the integrity of original documents and preserve them in a manner to withstand a legal challenge.
Conducting interviews is an important means for the forensic accountant to gather evidence related to allegations of fraud. The forensic investigation team should include a member with appropriate experience in conducting interviews. They are typically conducted with counsel present – again, to maintain the privilege. The interviewees should include relevant parties, such as executives, employees, customers, vendors, suppliers, and alleged perpetrators. The interviews can help gather important information such as names of other potential interviewees and specific documents an interviewee can provide relevant to the forensic investigation.
The forensic accountant should maintain an inventory of documents and information gathered during the forensic investigation and document the investigative procedures they performed. The evidence gathered during the forensic investigation may be presented at court, and team members may be called to court to describe the evidence.
The objectives of the auditor are to form an opinion on financial statements based on an evaluation of the audit evidence obtained, and to express clearly that opinion on the financial statements through a written report that also describes the basis for that opinion.3 Auditing standards require the auditor’s report to be in writing, among other specific requirements. For example, the standards state that the report should be signed by the accounting firm, not an individual, because the firm stands behind the opinion on the financial statements.
There are no mandated formats for forensic investigative reports, except for matters in litigation. For example, the Federal Rules of Civil Procedure 26(a)2(B) require experts to prepare and sign a written report that counsel must disclose to other parties before the court will allow the expert to testify at trial. Expert reports need to contain the following six elements:
The forensic accountant should confirm with the client the form, timing, and format of communication as part of the initial planning of a forensic investigation. The reality is that the reporting process in a forensic investigation may never get to the final, total summary stage. Most cases require interim reporting, phase reporting, and oral reports of progress and findings, so important decisions can be made regarding the scope, depth, and findings of the investigation. Many times, the investigation may end if certain objectives are met or realizations are made at the interim level of reporting.
If the forensic accountant is asked to prepare a summary report it must include a summary of the documents reviewed, an opinion as to the amount of loss suffered, and other relevant findings. The report will also explain evidence that support how the fraud was perpetrated, and which controls, if any, were circumvented. It may include recommendations for improvements to controls within the organization to help prevent similar frauds from occurring in the future. In addition, as explained in my previous blogs, the forensic accountants should avoid opinions on whether “fraud” exists because a component of fraud is the intent to deceive. Only a trier of fact should be determining intent; the expert should stick to the facts and evidence. The forensic accountant should present evidence and findings objectively, clearly, concisely, and professionally. The forensic accountant should be able to simplify complex accounting and financial issues in a manner that nonaccountants can understand the evidence and its implications.
While there are many similarities between an audit and a forensic investigation, there are substantial differences. These three blogs are intended to highlight some of the differences associated with overall objective, standards, risk assessments, concept of materiality, the team, evidence, and reporting. The forensic investigation is a very specialized type of engagement, which requires highly skilled team members who understand the legal framework and have expertise in a variety of areas, not only in accounting and auditing techniques. But in either type of engagement, the CPA plays an essential role.
1 AICPA AU-C Section 500.04.
2 Spoliation of evidence happens when a document or information that is required for discovery is destroyed or altered significantly. If a person negligently or intentionally withholds or destroys relevant information, that person is liable for spoliation of evidence.
3 AICPA AU-C Section 700.10.
L. Erik Ringoen, CPA, CFF, CIRA, is a director with Forensic Resolutions Inc., which has offices in Westmont, N.J., and Philadelphia. He can be reached at eringoen@forensicresolutions.com.
Order by
Newest on top Oldest on top