SEC Chief Accountant Issues a Reminder on Fraud
Acting SEC Chief Accountant Paul Munter has released a statement emphasizing the auditor’s responsibilities for financial statement fraud. In The Auditor’s Responsibility for Fraud Detection, Mr. Munter notes that auditors are gatekeepers and that their responsibilities with respect to the identification of fraud risks and the detection of material misstatements due to fraud “should not be underestimated.” Auditor fraud responsibility is particularly important when “the macroeconomic and geopolitical environment in which companies operate may result in new pressures, opportunities, or rationalizations for fraud.”
Mr. Munter points out that, under PCAOB auditing standards, auditors have a responsibility to consider the possibility of fraud and to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by fraud or error. Regarding materiality, he notes that the SEC staff has long taken the position that qualitative factors may cause misstatements of quantitatively small amounts to be material and that “auditors should not assume that even small intentional misstatements in the financial statements are immaterial.”
Mr. Munter sees evidence of “shortcomings” in auditors’ discharge of their responsibility to detect material misstatements due to fraud. This evidence includes PCAOB inspections that identify concerns as to auditors’ professional care and skepticism when considering fraud; SEC enforcement actions that highlight improper auditor professional conduct with respect to fraud risk; and “troubling feedback that auditors many times frame the discussion of their responsibilities related to fraud by describing what is beyond the auditor’s responsibilities and what auditors are not required to do.”
The statement offers suggestions for auditors in discharging their fraud responsibilities, including –
Be skeptical of evidence provided by management when the timing or manner in which such evidence is produced is questionable (e.g., invoices for large amounts with vague descriptions, invoices with related parties with descriptions that are outside of the normal course of business, or new evidence provided by management in the late stages of the audit to address a potentially difficult audit matter).
Devote sufficient time and resources to assessment of the issuer’s entity-level controls. “An auditor is required to obtain an understanding of the issuer’s control environment. This would include assessing whether the organizaton demonstrated a commitment to integrity and ethical values."
Consider whether the involvement of a forensic specialist is necessary to assist in identifying and responding to fraud risks or to challenge and evaluate the reasonableness of management’s assumptions underlying particular estimates.
Avoid using examples of fraud risk considerations and related responses in the auditing standards as a checklist. “Audit responses should be tailored to the identified fraud risk and dynamic to changing business environments.”
Review the whistleblower hotline. Examine whether the issuer has “a culture that encourages whistleblowers who see something to actually say something.” The auditor may want to discuss with the audit committee the nature of the whistleblower hotline’s operation.
The Munter statement is a forceful reminder to auditors of their fraud risk responsibilities and a warning that the SEC will be aggressive when it believes there have been lapses in this key area. Audit committees can expect that their auditor will respond accordingly. Mr. Munter’s emphasis on the need for auditors to consider the possibility of frauds that are qualitatively (but not quantitatively) material and to assess the audit client’s commitment to integrity and ethical values do not break new ground. The fact that he highlights these points in a public statement may however lead auditors to devote a higher level of attention to such issues in their future work.