The Internal Auditor, Management, and the Forensic Accountant - Literature review Example

The Internal Auditor, Management and the Forensic Accountant ID 19714 Order No. 265724 08 January 2009 Acknowledgements Table of Contents: Introduction: In the modern era of Globalization, businesses are facing stringent competition with a constant risk of loosing customers & market shares if their strategic management do not take timely proactive measures to align with the market dynamics and get the best out of their competitive advantages. The attributes that are essential to be measured by every organization are customer satisfaction index, SWOT Analysis (Strengths, Weaknesses, Opportunities and Threats), known & emerging market potentials, performance of business processes, legal & statutory compliance, enhancement in strengths of competition, risks, internal/external fraud and traces of social engineering. These measurements are carried out by continuous auditing mechanisms practiced by Internal Auditors such that timely alerts can be raised against negative trends or non-compliances within the system. Such auditing can continuously evolve quick fixes in the form of corrective actions that can be taken on a fly and also evolve long term effective preventive actions. Moreover, if data integration is carried out effectively by applying effective integrated frameworks like Balanced Score cards and using corporate governance tools like Business Activity Monitoring or Business Performance Monitoring, then continuous monitoring of risks and fraud become a reality. In this paper, we review literature pertaining to roles and responsibilities of Internal Auditors and their responsibilities to consider Fraud in audit of Financial Reports. Literature Review: First Literature: Understanding Internal Audit by Rickard, Peter, pages 30 to 34; Journal published by Australian Accountant, Melbourne in April 1994. This Journal has been included herewith because it presents a comprehensive discussion on role of Internal Auditors and the expectations from them from a legacy perspective and Peter Rickard is an Accountant specialized in Audit and Fraud Control along with being the member of Performance Management International. As per Peter, the management of an organization expects that the Internal Auditor would keep a close watch on the actual implementation of their instructions & policies in the organization and provide feedback on who is not performing in the organization. In addition, he argues that the Internal Auditors are expected to ensure compliance with Government Policies, Legislations and Regulations. He explained the management expectations from an Internal Auditor under three categories - Functional, Personal and Other. Under functional, it is argued that an Internal Auditor is expected to serve as the eyes & ears of the management and under personal, it is argued that the internal auditors should be well qualified, trained, certified & possesses high ethics & integrity. Under the category other, it is argued that the audit findings & fraud detection should be timely & proactive such that effective corrective actions can be taken without delay. The author argues that Internal Auditors cannot be made scapegoats for everything going wrong in the organization because they primarily work on audits based on samples which may not be the true representation of the actual problems. As per the Author, the primary tasks of internal auditors are - Audit Planning, Audit Reporting, Measuring Audit Performance, and bridging the gaps by taking corrective & preventive actions. They should not be taken as "negative informers" who always report "bad news". The perspective of this author is to save an Internal Auditor from over expectations of a Management. However, in the modern world the businesses drive what the processes should deliver not that the processes drive what the business should expect. An internal auditor is paid to remove non-compliances/non-performances within the organization and hence needs to carry out continuous auditing and not just discrete auditing as explained by the legacy auditing principles. Second Literature: Auditors as Leaders by Oliverio, Mary Ellen, pages 1 to 4; Journal published by New York State Society of Certified Public Accountants in Jan 2004. This journal has been included herewith because it presents the arguments on the Leadership qualities that an Internal Auditor is supposed to possess and also looking into the credibility of Mary Ellen Oliverio as a Professor of accounting in Pace University, New York City. The author states that an Auditor has a large accountability to serve the public interest and is committed to ensure credibility to the financial statements of an organization. To deliver this responsibility, an auditor needs to act with strong leadership & communication skills in order to ensure ethical auditing, sharing information, concluding audit findings, and convincing management about the gaps & actions even if there are differences between expectations and audit results. All judgments should be carried out very professionally and timely actions taken such that the gaps are bridged effectively much before they are re-discovered during external audits. We tend to agree that the auditors need to be strong to protect the ethical aspects such that they can timely detect and report discrepancies/risks/frauds in their actual form without fearing loss of their jobs. However, they cannot do away with the accountability that IF a discrepancy/risk/fraud exists, it is their accountability to report whatever be the method of detection. The legacy excuses given by auditors pertaining to limitations of the auditing process is not acceptable in the modern era. Third Literature: Reducing the Expectation gap by Zikmund, Paul E, pages 20 to 25; The CPA Journal, New York published in Jun 2008. This journal has been included herewith because it deals with the reasons and circumstances of fraud which an auditor needs to assess in the audit planning. Paul Zikmund, CFE, CFFA, is the principal of litigation support services at Goldenberg Rosenthal in Philadelphia and hence his thought process on detecting fraud during auditing would be quite useful for this dissertation. Paul presented the scenarios of trust violation by employees whereby the most common ones are - to prevent a potential job loss/litigation against an irreversible goof up, to benefit out of an opportunity to conduct fraud, to conduct fraud as everyone is into it due to weak (or non-existent) management controls, to cover up against a personal financial crisis, etc. In this context the internal auditors should play the role of smart investigators by thinking out of the box and not just carrying out paper based auditing. Paul argues that the audit team should carry out brainstorming exercises on various conducts inside the organization and external fraud case studies to prepare themselves for the audit. Thereafter, the auditors should conduct congenial opening meetings with all stake holders and study their body language, tone, reluctance to disclose, offensive mood etc. to smell something fishy such that larger (and deeper) sample sizes can be selected. Thereafter, the auditors should try following the Fraud Triangle concept by Donald Cressey that states that the likelihood of fraudulent activity increases if three factors are present at the same time - Pressure, Opportunity and the person's ability to rationalize behavior when conducting unlawful or unethical act. Overall, Paul tried to emphasize that the responsibility of detecting the frauds in an organization lies with the internal auditors whatever be the methodology/specialization/experience, etc. be followed. Fourth and Fifth Literatures: Changing Role of Internal Auditing by Ruin, Joseph Eby, page 58; New Straits Times, Kuala Lumpur published in September 2007 AND The relationship between internal audit and corporate management by Arnold Schneider, pages 12 to 19; Internal Auditing published in Sept/Oct 2008. Both these literatures have been selected and clubbed because they present similar arguments about the consultancy role of Internal Auditors within an organization in addition to being corporate compliance watchdogs. Joseph Eby Ruin is the Principal of Risk First Consultancy & Training Services and hence his credibility as a Risk Consultant is expected to value add to this dissertation. Arnold Schneider is a Phd, CPA and professor of accounting and the accounting area coordinator at Georgia Institute of Technology. He was formally an auditor with the US Govt. Accountability Office. His reputation as an established auditor and a professor of accounting has encouraged us to include his thesis in our Literature review as the subject is matching the purpose of our dissertation. Both the authors argue that in the changing world, the internal auditors need to proactively judge the gaps in performance of people & processes and recommend improvements with action plans. At times, internal auditors may have to take accountability of the improvements and deliver them to the satisfaction of the management. Joseph argues that Internal Auditors should not depend only on their own experience and auditing skills but should use modern smart tools like the Audit Command Language (ACL) and the Computer Aided audit techniques. These tools should have appropriate probes (facilitated by the IT department) plugged into the larger IT systems of the organization such that the most relevant data is automatically fetched and stored in a separate database meant for audit purposes. Such system at a reasonable level of maturity can ensure continuous & proactive auditing. Arnold argues that while the internal auditors should be involved in consultancy pertaining to organization wide improvements, their independence & objectivity should be balanced very effectively. The management should ensure that minimal interference is caused in their operations but should also keep a strong eye on conflict of interest scenarios that might be building. The auditors should be allowed to discuss all their disagreements on audit findings and especially residual risks with the management to arrive at agreements. If no agreements are established then they should have the freedom to directly escalate to the board. In our view, independence of the auditors and avoidance of conflict of interest are two major factors that empower internal auditors to arrive at accurate judgments and bring to surface fraudulent activities much before the actual damage. Moreover, the forensics capability of internal auditors would improve drastically if their auditing framework is empowered by specialized IT tools like ACL or BPM. More than the auditing skills, the accurate data managed with various bindings (like strong access control) shall reveal the truth and expose frauds if any. In such a scenario, all auditing results are based on facts that can be trusted heavily such that no room is left for perception based conclusions. Critical Discussion: Audit of Financial accounts is a routine task that every internal auditor carries out regularly. However, given the burst of financial frauds occurring as a result of more fraud opportunities due to globalization of economy it is mandatory that the internal auditors should keep a close watch on possible frauds during the auditing process and should publish their conclusions only when they are doubly sure that no fraud has occurred within the organization. Gone are the days when Internal Auditors used to escape from the aftermaths of major scams stating the limitations of the audit process that they used to follow. In the modern era, an internal auditor is held equally accountable if not able to detect a fraud on time. Doing away from legacy auditing mindsets, believing more on automated IT enabled auditing rather than human skills, applying organized common sense, think beyond paper based auditing, acquire enhanced skills like face reading or body language reading, smart sampling, etc. are the modern challenges that every internal auditor will have to accept to ensure that they take full ownership of taking corrective & preventive actions against frauds & risks within an organization and report them to the management in every financial audit report. Moreover, the auditors are not expected to be advocates of bad news delivery but also are expected to provide active consultancy pertaining to improving the corporate governance model such that risks are better mitigated and frauds are better controlled. The management of the organization should: (a) Hire trained, experienced and certified auditors (b) Provide Senior Management Representation for the Internal Auditors (like creation of a role of Chief Audit Officer) (c) Ensure adequate independence and empowerment of the internal auditors (d) Monitor and control the possibility of conflict of interest - like cross functional auditing should be avoided fearing an internal tie up between the two functional heads to hide each other's gaps (e) Invest in modern advanced IT enabled auditing tools - like ACL, Business Activity Monitoring (BAM), Business Performance Management (BPM) (f) Encourage adoption of continuous auditing, risk based auditing and advanced forensics (g) Establish and enforce anti-fraud policies and create a culture that Internal Auditors take fraud detection as their Key Result Area [Sobel, Paul, 2008; Courtenay M. Jr, Thompson, 1991] Conclusion on the impact of the above factors on Forensic Accounting Investigations: Forensics by its very definition is the science (and art) of discovering hidden evidences that can potentially change perceptions/theories into facts which can help in joining broken links in an investigation process. Crime Scene Investigations use advanced forensic tools and psychological techniques to bring to surface hidden facts that can help in reaching the culprits. In this process, the investigator keeps all options on the table till most of them are eliminated after getting adequate evidence. The same theory applies to Internal Auditors as well. Before a financial audit begins, the internal auditors should plan their forensics strategy very carefully without even knowing whether a fraud has occurred or not. As presented above, mechanisms like putting options on table after healthy brainstorming, reading faces, body language & tone of responses during discussions, following the fraud triangle, keeping a close eye on trend analysis & questioning unwarranted (rather unanswered) deviations, questioning internal & external parties (like a vendor who lost an order against a bid), using advanced IT enabled probes in the overall IT databases/applications, doubt even the power centers (like a CFO), using advanced IT enabled auditing tools like ACL, etc. can ensure effective forensics during the Internal Auditing process thus increasing the chance of detecting a fraud. As mentioned above, the Internal auditors should be given adequate independence, kept away from conflict of interests, empowered to question anyone & everyone, empowered by IT tools and provide adequate senior management representation such that advanced forensics can be effectively carried out within the organization. Moreover, they should be allowed to disagree with management and put their point forward effectively even if the powers of the board need to be used. Off-course, if the board members themselves are involved in a fraud, then the Internal Auditors are trapped in a tough situation. However, in such cases they should plan an exit from the organization and inform the Bank and statutory bodies about the financial frauds conducted by the board members to justify their accountability to protect the interests of the public. Appendix: Examples of Fraud Risk factors: (a) A senior employee took a wrong decision and lost company money such that the only option left for the employee is to tie up with the CFO and show inflated accounts (b) Showing work in progress revenues as revenues earned (c) A senior employee trying to steal company's money to cover up personal financial crisis (d) A disgruntled employee unhappy with increments or bonus paid (e) Easy opportunities perceived by fraudsters to steal money (f) The board members trying to inflate accounts in order to push stock prices up or to cover up unaccounted money withdrawals by the stake holders or to save the face of the company making losses in the background (g) An internal employee social engineered by competition or a disgruntled ex-employee (h) Weak or non-existent management control within the organization resulting in extremely poor governance. Reference List: Courtenay M. Jr, Thompson. Fraud - The Challenge facing Internal Auditors. The Internal Auditor. ABI/INFORM Global. Vol.48. Iss.3. 1991. Oliverio, Mary Ellen. Auditors as Leaders. The New York State Society of Certified Public Accountants. ProQuest Information and Learning. 2004. Rickard, Peter. Understanding Internal Audit. Australian Accountant. Melbourne. Vol.64. Iss.3. 1994. Ruin, Joseph Eby. Changing Role of Internal Auditing. New Straits Times. Kuala Lumpur. 2007. Sobel, Paul. Risk Management Based Auditing - A new guidance framework can help enhance auditor's contributions to organizational governance. Institute of Internal Auditors Inc. and The Gale Group Inc. 2008. Schneider, Arnold. The Relationship between Internal Audit and Corporate Management. Internal Auditing. ABI/INFORM Global. 2008. Zikmund, Paul E. Reducing the expectation gap. The CPA Journal. New York. Vol. 78. Iss.6. 2008. Read More