Auditors are increasingly taking responsibility for fraud detection and cybersecurity at companies, whether they like it or not.
“The bottom line is that if there’s fraud and the auditor did not discover the fraud, there’s a 99 percent chance that the auditor will be sued,” said Ralph Summerford, president of Forensic Strategic Solutions, a financial investigation firm that specializes in fraud examination. “It’s not just the large firms, but also the small firms.”
Summerford will be speaking this week at the Association of Certified Fraud Examiners’ annual fraud conference in Nashville. His topic this year is the auditor’s responsibility to detect fraud. “I’m not just talking about CPAs,” he said. “I’m talking about internal auditors, governmental auditors, any auditor that does auditing work, and people like Certified Fraud Examiners who do investigations. It will be all of those people whose responsibility is to detect fraud.”
He believes auditors need to be especially aware of the differences between the legal standards and the professional standards. “The standard of care in the legal world is my responsibility to you and to everybody to do what a reasonable person would do under the circumstances,” said Summerford. “What is a reasonable person? That is a slippery slope.” Auditors, accountants and CPA consultants need to look at both the legal standards and the professional standards, as set by the Public Company Accounting Oversight Board, or else they could face lawsuits, he noted.
“When anybody loses any money, they want to get their money back,” said Summerford. “They will sue anybody and everybody.”
Auditors also need to be aware of potential cybersecurity issues. Summerford said he recently attended a conference in Atlanta hosted by the law firm Carlock Copeland where that was a topic of discussion. “The AICPA has come out with some proposed standards,” he noted. “It’s really scary because of all the hacks.” One of the speakers said there had been 26 hacks of accounting firms up through 2016, potentially exposing the personal and professional information of clients to cybercriminals.
One of the major areas of fraud detection is risk management, which ties in with cybersecurity and the need to have the proper controls in place over financial reporting. “Internal and external auditors should be looking to make sure those controls are in place,” said Summerford.
Keeping employees happy with their company and workplace can also help deter fraud. “Any time you encounter an operation that has a low morale factor, you’ve got a high fraud environment,” said ACFE president Jim Ratley at a recent conference at Pace University in New York. “In order to keep that fraud environment low, you’ve got to have people who can see a future.”