The Role of the Auditor and the Board of Directors in the Prevention of Fraud - Report Example

The Role of the Auditor and the Board of Directors In the Prevention of Fraud Introduction: The nature of fraud in financial reporting The purpose ofthis study is to examine the role of auditors and directors in preventing financial statement fraud. Fraud is defined as “an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage” (ISA, UK & Ireland 240, 2010:5). In relation to auditing, fraud refers to a material misstatement in the financial statements. Such misstatement must be intentional, thus if the misstatement resulted from mere error, it is void of intention and thus does not constitute fraud. Fraudulent reporting involves (1) an incentive or pressure to commit fraud, (2) a perceived opportunity to do so, and (3) some rationalisation of the act (ISA, UK & Ireland 240, 2010). The incentives to commit fraud include financial motives, character flaws or personality weaknesses, work-related and other pressures (Kostova, 2013). The opportunity to commit fraud consists of several factors which are of interest to regulators or persons accountable for oversight, because they are mostly systemic. They include the following (Kostova, 2013:361): 1) Lack of or bypassing controls preventing and/or detecting fraudulent behaviour 2) Lack of access to information 3) Negligent behaviour, apathy or lack of capacity 4) Inability to assess performance quality 5) Failure to discipline fraudsters 6) Lack of audit trail It is incumbent upon (1) the board of directors to institute internal controls and mechanisms that eliminate risks of fraud; (2) internal auditors to ensure that the controls and mechanisms are followed; and (3) external auditors to diligently search for evidence of fraud and report these to the board with recommendations for improving internal controls (Doinea, O, & Lăpădat, 2012). Board of Directors Appointment of Directors The board of directors of a public company are appointed according to the company’s Articles of Association, although the first directors are chosen by the subscribers to the company’s Memorandum of Association. The succeeding directors, pursuant to the Articles, may be elected by the company members in a general meeting or by written resolution. In an election for board members in a public company, each director must be voted on by the individual members, except when the members have first agreed, without opposition, in a meeting that a single resolution will be sufficient (Companies Act 2006, in ICAEW, 2014). Roles and responsibilities in relation to auditors/auditing The board of directors have numerous responsibilities, including corporate oversight, accountability, and governance duties. What shall be focused on in this discussion are the roles and responsibilities of the directors with respect to and in support of the auditing function, as the concern here is the detection and prevention of fraud in the misstatement of financial statements. According to the Companies Act 2006, the board of private companies have the duty to appoint their auditors; for public companies, the auditors must be appointed in general meeting, but the directors may appoint the first auditor any time before the first general meeting (CA 2006, sec 489), and in order to fill a casual vacancy. The statutory rights of auditors, to be described in the following section below, cannot be restricted by the board in any way. The directors must at all times allow auditors to have access to sufficient relevant information for the audit to be conducted (CA 2006, sec 499). Any person who knowingly or recklessly makes a misleading, false or deceptive statement to the auditors during their audit shall be guilty of a criminal offence; so is any person who shall delay in complying with requests by auditors for information (CA 2006 secs 499-501). Auditors may likewise compel the production of information concerning overseas subsidiary undertakings from the directors, officers, internal auditors and employees (CA 2006, sec 500). The directors may likewise be requested by the auditors to make written representations to confirm information that may later be used as audit evidence. The directors may also ask to issue written acknowledgements of their responsibility for internal controls, and a statement to their belief that misstatements and uncorrected accounts that may be identified by the auditor are immaterial. Directors are also required to receive the report from the auditor at the conclusion of the audit that identifies weaknesses in internal controls identified. Directors should consider these reports carefully, since they may contain information that puts the directors on notice that inadequacies in personnel or systems, and they may be requested by auditors to respond to the points raised in the report. In certain cases, the auditors may request that the directors’ discussion of the report be recorded in the board minutes. Directors, through its audit committee, should conduct an annual review of effectiveness of internal controls, and report the results to the shareholders (Combined Code on Corporate Governance, 2008). Auditors Auditor’s roles and responsibilities Auditors do not make legal determinations as to whether the misstatement is fraudulent or not (ISA UK & Ireland 240, 2010). What auditors are responsible for is the detection of material misstatements due to fraud. When auditors conduct an audit according to ISAs (UK & Ireland), they obtains reasonable assurance that the financial statements are generally free from material misstatement, either as a result of fraud or error. However, they cannot obtain absolute assurance that material misstatements will be detected due to: (1) the use of judgment; (2) the use of testing; (3) the limitations that are inherent in internal control; and (4) the fact that the auditor has access mostly to evidence that is persuasive rather than conclusive in nature (ISA UK and Ireland 240, 2010:11). Auditors are generally responsible for detecting material misstatements due to fraud, and why they are not required to make legal determinations, they have in the past been able to perceive clear distinctions of fraud (Chandler, et al., 1993; Fraser & Lin, 2004). They are required by the ISA (UK & Ireland) 200 to conduct their audit with an attitude of professional scepticism in recognising circumstances that may lead to material misstatements in the financial statements. By professional scepticism is meant the attitude of a questioning mind that critically assesses the evidence unearthed in the audit. The attitude must be ongoing and constantly inquiring through the audit to assess the possibility of material misstatement due to fraud, whether or not the auditor has had any past experience with the management/ board of the entity, or any knowledge of their honesty and integrity (ISA UK & Ireland 240, 2010:12). The auditor is also required to perform the following procedures (ISA, UK & Ireland 240, 2010): 1) Risk assessment, by making inquiries of parties within the entity, and by considering if there are any unusual or unexpected relationships or any other fraud risk factors present. 2) Inquiries of management, internal audit, and others within the industry to obtain any knowledge of any actual, suspected or alleged fraud involving the entity. 3) Investigation of management’s processes to identify and respond to risks of fraud, and what internal control is exercised by management to mitigate these risks. 4) Design and perform the appropriate audit procedures to respond to those risks at the assertion level, and to management override of controls. These include: a) Testing the appropriateness of journal entries recorded in the general ledger, and other adjustments made in the course of preparing financial statements; b) Review accounting estimates to detect biases resulting in material misstatement due to fraud; c) Understanding the business rationale of significant transactions that occur outside the normal course of business or that appear to be unusual. 5) Obtain written representations from management that they (management) acknowledge their responsibility for the internal control to prevent and detect the fraud, and that they had disclosed to the auditor the results of their past assessment, or of any knowledge or allegation of fraud. 6) Communication with management and disclosure to them of any information discovered in the course of the audit that may point to existence of a fraud. 7) Immediate communication to the board of the discovery of fraud involving the management, employees with significant roles in internal control or others. 8) Inform the board of material weaknesses in internal control which should have prevented or detected fraud. 9) Communication to regulatory and enforcement authorities of the results of the audit The foregoing provisions specified under the ISA 240 enable auditors to be better supported by the audit committee, with the power to compel management to perform certain actions to enhance access to information and thereby improve audit quality (Kleinman, et al., 2014). Auditor’s independence and auditor’s rotation Some of the controversies that exacerbated the last global banking crisis were questionable scope and quality of the external audit, market concentration, and auditor independence. Among the remedies being considered by the European Commission and European Parliament are mandatory audit firm independence and rotation. The principal rationale for this consideration is that mandatory audit firm rotation ensures de factor auditor independence which should lead to higher audit quality. Additionally, the imposition of mandatory rotation may also create the perception of greater auditor independence, and finally, that the smaller audit firms may be afforded the opportunity to participate due to increasing market competition (Ewelt-Knauer, et al., 2012). There are, however, a number of arguments against mandatory audit firm rotation. Firstly, the relatively short tenure between management and auditor may inhibit the development of a more effective working relationship between them. This also prevents the audit firm from recouping substantial start-up costs, and compels them to exercise greater leniency towards management. Secondly, the short engagement period prevents auditors from developing a more in-depth client-specific knowledge, possibly causing audit failure. Finally, the mandatory rotation may create the situation where the market could no longer distinguish when a change of audit firm is voluntary, and when it is compulsory (Ewelt-Knauer, et al., 2012). ICAS, the professional body of Chartered Accountants (CAs), conducted a study to determine the efficacy of these suggested remedies, by analysing data from major international markets and jurisdictions where mandatory rotation is being implemented. The evidence thus gathered concerning audit quality and audit independence enforced by mandatory rotation was inconclusive (Ewelt-Knauer, et al., 2012). Government Intervention Description of UK Companies Act 2006 The UK Companies Act 2006 was promulgated by the UK Parliament in 2006, and supersedes the Companies Act 1985. The Act “reforms and/or restates substantially the whole of the existing legislation for the UK and codifies significant areas of case law, including fiduciary duties and derivative actions” (Davies & Rickford, 2008:48). It is the second longest legal code in UK legislation, after the Corporation Tax Act 2009; it has 1,300 sections, is contained in almost 700 pages, and includes 16 schedules. Enforcement of the Act is staggered, with some provisions being effective by 2007, and others by 2009 (Davies & Rickford, 2008a). Critique of the usefulness of UK Companies Act 2006 There are several changes to CA 2006, of which the more controversial provisions have to do with the directors in their responsibilities regarding corporate governance. On the matter of financial reporting, the Act while it was in its preparation was overtaken by the new International Accounting Standard (IAS) regime which EC Regulation of 2002 made directly applicable in member states. As a result, CA 2006 provides for the parallel regimes, namely Companies Act accounts and IAS accounts, although normally directors apply the same framework (i.e., either Companies Act or IAS) to all the companies within their group. Two other changes are a reduction in the deadline for publication of annual accounts, and a new requirement for website publication of accounts and reports of public companies (Davies & Rickford, 2008b). Concerning auditing and relationship with auditors, the revisions are mostly codification of existing case law and procedural rather than substantial matters. One substantial change, however, is that CA 2006 now permits auditors to limit their liability for claims in negligence, breach of trust or breach of duty, provided that (1) shareholders have earlier approved the limitation, and (2) that the limitation of liability is considered to be fair and reasonable, according to the court of law (Hapgood, 2014; ICAEW, 2014). While this is beneficial in that auditors are given greater freedom in exercising their judgment in auditing, it is at best a passive provision, and does little to compel the improvement in audit quality. It should be noted that there are a number of proposals arrived at by the Company Law Review that preceded CA 2006 which were considered in the final codification, but declined. One was the addition of an Operating and Financial Review, an annual reporting requirement which would have reduced deficiencies in the present financial reports, by providing the best picture concerning the judgement of directors on matters concerning the performance and prospects of the business. The abandonment of the proposal for an OFR and other regulatory measures was met with disappointment and strong criticism by companies already spending to prepare their reviews, and the investing public who felt that the OFR would serve wider purposes as a balance of government reforms and a complement to the duty of fidelity of directors (Davies & Rickford, 2008b). Conclusion In order to deter the occurrence of fraud in financial reporting, measures to be adopted must set standards to police auditors, strengthen auditors’ independence, and place auditors under the management of the audit committee, not management (Boury & Spruce, 2005). On these points, it appears that the ISA (UK & Ireland) 240 provisions are directed towards these ends, ensuring as far as possible that auditors shall be able to compel management and other actors to provide the necessary information for as close to possible achieving a quality audit. However, there is little contributed by the Companies Act 2006, in so far as introducing substantial changes that eliminate the opportunities for fraud. The new legislations have left much leeway for courts to determine the acts that fall within the standards of diligence and duty of care, rather than statutorily specifying them, and apparently wisely so, in order to enable the case by case determination at which point liability is incurred. Thus, while auditors are responsible for the discovery of the misstatements in financial reports that may constitute fraud, they are not responsible for the legal determination of the existence of fraud. They are, however, required to report such misstatements to those persons who are responsible for ensuring internal controls are strengthened, and that the fraud is legally resolved. References Boury, P, & Spruce, C 2005, Auditors at the gate: Section 404 of the Sarbanes-Oxley Act and the increased role of auditors in corporate governance, International Journal Of Disclosure & Governance, 2, 1, pp. 27-51, Business Source Complete, EBSCOhost, viewed 18 February 2014. Chandler, R, Edwards, J, & Anderson, M 1993, Changing Perceptions of the Role of the Company Auditor, 1840-1940, Accounting & Business Research (Wolters Kluwer UK), 23, 92, pp. 443-459, Business Source Complete, EBSCOhost, viewed 18 February 2014. Davies, P & Rickford, J 2008 ‘An Introduction to the New UK Companies Act.’ European Company and Financial Law Review, 1, 48-71 Davies, P & Rickford, J 2008 ‘An Introduction to the New UK Companies Act, Part II’ European Company and Financial Law Review, 3, 240-279 Doinea, O, & Lăpădat, G 2012, Deterring Financial Reporting Fraud, Economics, Management & Financial Markets, 7, 1, pp. 132-137, Business Source Complete, EBSCOhost, viewed 18 February 2014. Ewelt-Knauer, C; Gold, A; & Pott, C 2012 “What do we know about mandatory audit firm rotation?” Edinburgh: Institute of Chartered Accountants of Scotland (ICAS). Fraser, I, & Lin, K 2004, Auditors’ Perceptions of Responsibilities to Detect and Report Client Illegal Acts in Canada and the UK: A Comparative Experiment, International Journal Of Auditing, 8, 2, pp. 165-184, Business Source Complete, EBSCOhost, viewed 18 February 2014. Hapgood, M 2014 “Liability Limitation Agreements Under the Companies Act 2006: Opinion.” Retrieved 18 February 2014 from http://www.icaew.com/~/media/archive/files/technical/audit-and-assurance/auditor-liability/liability_agreements_under_company_act_2006_opinion.pdf Institute of Certified Accountants in England and Wales (ICAEW) 2014a “Financial and Accounting duties and responsibilities of directors.” ICAEW. Retrieved 18 February 2014 from http://www.icaew.com/en/members/regulations-standards-and-guidance/members-in-business/financial-and-accounting-duties-of-directors#ICAEW149 Institute of Certified Accountants in England and Wales (ICAEW) 2014b “Guidance on limited liability agreements” ICAEW. Retrieved 18 February 2014 from http://www.icaew.com/en/technical/audit-and-assurance/working-in-the-regulated-area-of-audit/audit-liability/guidance-on-limited-liability-agreements International Standard on Auditing (UK and Ireland) 240 (ISA) 2008 “The Auditor’s Responsibility to Consider Fraud in an Audit of Financial Statements.” Retrieved 18 February 2014 from https://www.frc.org.uk/Our-Work/Publications/APB/240-The-auditor-s-responsibility-to-consider-fraud.aspx Kleinman, G, Lin, B, & Palmon, D 2014, Audit Quality: A Cross-National Comparison of Audit Regulatory Regimes, Journal Of Accounting, Auditing & Finance, 29, 1, pp. 61-87, Business Source Complete, EBSCOhost, viewed 18 February 2014. Kostova, S 2013, Audit Procedures For Disclosure Of Errors And Fraud In Financial Statements, Economic Themes, 51, 2, pp. 355-375, Business Source Complete, EBSCOhost, viewed 18 February 2014. Read More