This is the archive of CPA Now blogs posted on the PICPA website through April 30, 2025. Want more recent blogs?
The primary responsibility for the prevention and detection of fraud resides with an entity’s management and those charged with its governance, but that truth does not exempt auditors from significant obligations related to fraud.
By Dan Cornell, CPA, CFE
There is consistent pressure on auditors to bear increased responsibility for detecting fraud –particularly in response to high-profile accounting scandals. The auditing standards’ well-known statement – that the primary responsibility for the prevention and detection of fraud resides with an entity’s management and those charged with its governance – does not exempt auditors from significant obligations relating to fraud.
To discuss fraud, it is important first to understand how it is defined within the context of auditing standards. While acknowledging that fraud is a broad legal concept, auditing standards define fraud as an intentional act that results in a material misstatement in financial statements. Determining the materiality of misstatements includes consideration of qualitative factors; where fraud is involved, even quantitatively small misstatements can be material, such as when members of the company’s management are complicit in a fraud.
Fraud, with respect to a company’s financial statements, isn’t always the result of a malicious conspiracy. The auditing standards indicate that fraud also includes misstatements that may be rationalized by company management, such as aggressive applications of complex accounting rules.
Although, as stated above, the auditing standards say the prevention and detection of fraud resides with management, those same standards also establish that auditors have a responsibility to obtain reasonable assurance that financial statements are free from material misstatement, whether due to error or fraud. The requirement to obtain reasonable assurance that financial statements are not materially misstated due to fraud creates an implicit obligation that, for practical purposes, may seem functionally indistinguishable from an obligation to detect fraud as defined by the auditing standards. The responsibilities of the auditor, relating to fraud, are to appropriately identify, assess, and respond to fraud risks with due care and professional skepticism, as required by the standards.
Audits rely on documents produced by, and discussions with, the employees and management of the entity whose financial statements are under audit. The auditing standards acknowledge that in the case of fraud, documents may be manipulated or forged and collusion amongst perpetrators can make audit evidence more persuasive to auditors. This is a fundamental limitation to the audit as a means of detecting fraud.
Auditing standards allow auditors to accept as genuine the records and documents provided to them, unless they have cause to believe otherwise. When statements made by management are inconsistent, vague, or don’t make sense, however, auditors should continue investigating until clearly resolved. Professional skepticism provides the lens through which audit evidence and responses to inquiries from management should be judged by the auditor.
While proper audit procedures increase the odds of detecting fraud, the inherent limitations of an audit mean that there is unavoidable risk that a material misstatement due to fraud will not be detected, even in a properly planned and executed audit.
Auditing standards provide a mixture of specific steps that must be taken by auditors as well as broad guidance and examples of procedures to implement in an audit that sufficiently considers the risk of fraud. While too lengthy to describe in detail here, these steps generally fall into the following categories:
Professional judgement on the part of the auditor plays a significant role in the determination of whether fraud risks are present and his/her response in designing and/or modifying audit procedures to address those risks. This discretionary aspect in an audit is tied to the requirement that the auditor maintain an attitude of professional skepticism in the performance of the audit.
Professional skepticism is defined as an “attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and a critical assessment of audit evidence.” No action or task is more critical to the detection of fraud than the exercise of professional skepticism. By continually considering evidence and explanations through this critical and questioning lens, auditors can best identify potential fraud indicators.
Maintaining a skeptical mindset is not always easy for auditors. Auditors work closely with a company’s management and employees in the course of the audit, often year after year, building relationships that can erode appropriate professional skepticism. For less experienced auditors, an obstacle to professional skepticism can be a lack of sufficient experience and knowledge of the client or industry necessary to properly identify when something is amiss. For experienced auditors, complacency can obstruct appropriate professional skepticism. Workpapers or audit steps that require critical judgement to assess fraud related risks or conditions can become check-the-box exercises, disconnected from their intent, and performed without the necessary questioning and critical mindset.
While the main objective of an auditor is to provide reasonable assurance that financial statements are free from material misstatement, necessarily embedded in that obligation are significant responsibilities to consider fraud.
Dan Cornell, CPA, CFE, is a manager in the forensic accounting, litigation support, and valuation services group at the Philadelphia office of Friedman LLP. He can be reached at DCornell@friedmanllp.com.
For more on fighting fraud, don’t miss PICPA’s Transaction Advisory Services Conference webcast on Nov. 18.
Sign up for weekly professional and technical updates in PICPA's blogs, podcasts, and discussion board topics by completing this form.