SEC’s Top Accountant Emphasizes Auditor’s Role in Detecting Corporate Fraud
June 5, 2023
At a financial reporting conference, SEC Chief Accountant Paul Munter reminded auditors about their responsibility regarding corporate fraud because, among other problems, the PCAOB audit inspection staff has observed some shortcomings.
He is especially worried that the accounting profession has a tendency to talk about it in terms of what the auditor is not responsible for instead of being more active in detecting fraud.
Auditors are responsible for planning and conducting an audit that provides reasonable assurance that the financial statements are free from material misstatement whether they are caused by error or fraud. And the evaluation of materiality involves both quantitative and qualitative considerations, Munter said at the 41st Annual SEC and Financial Reporting Institute Conference hosted by the University of Southern California on June 1, 2023.
This may mean that “relatively small quantitative misstatements that are caused by fraud might be material,” he said. “So, auditors must be grounded in that responsibility in the first instance. I think we have some instances where there have been some shortcomings that we see in PCAOB inspection reports and other anecdotal evidence about how auditors fulfilled their responsibly with respect to fraud.”
He had to be overseas at the time of the conference, and a recorded video was shown at the event.
The shortcomings Munter cited were:
- auditors are not performing substantive procedures that would be specifically responsive to fraud risks;
- auditors are performing insufficient journal entry testing;
- auditors are failing to assess or identify a revenue recognition as a potential fraud risk; and
- auditors are not adequately communicating and discussing with audit committees about a fraud risk.
Moreover, Munter said that enforcement actions were brought against audit firms and firm individuals because they failed to comply with PCAOB standards.
For example, he said that auditors ignored red flags or contradiction information that they obtained during the course of the audit. In other cases, he said auditors simply failed to obtain sufficient appropriate audit evidence.
“Perhaps more troubling is, we often hear feedback again, in terms of what the auditor’s responsibility is, in particular, what they are not responsible for, rather than being proactive,” Munter said. “And by starting the conversation by a discussion of ‘what we are not responsible for,’ that runs a risk of the auditor not maintaining an appropriate mindset, and an appropriate degree of professional skepticism.”
Further, he said that auditors, as they are planning their audit, should not look at some of the guidelines in PCAOB standards as an exhaustive checklist.
“Those are examples and are not intended to be exhaustive,” Munter explained.
In addition, Munter said that auditors should consider publicly available information and make objective evaluations of that information, and how that affects the risk assessment and the audit response.
Auditors should also devote sufficient time and resources to the assessment of the company-level controls.
“This includes assessing whether the organization demonstrates a commitment to integrity and ethical values, as well as whether the organization has a culture that encourages whistleblowers who see something and actually are willing and able to step up,” he said. “And of course, the auditor should also pay close attention to the issuer’s own approach to its risk assessments because that could provide important insights to the auditor about the issuers control environment. Now that’s by no means an exhaustive list, but hopefully it is helpful.”
In the meantime, the PCAOB has a project on fraud on its midterm standard-setting agenda, which is for projects that the board does not expect action in the next 12 months.
The objective of the fraud project is to consider “how AS 2401, Consideration of Fraud in a Financial Statement Audit, should be revised to better align an auditor’s responsibilities for addressing intentional acts that result in material misstatements in financial statements with the auditor’s risk assessment, including addressing matters that may arise from developments in the use of technology.”
[Thomson Reuters]