Some might argue that auditors are not in the business of fraud detection. It appears that Paul Munter, the SEC’s Acting Chief Accountant, seems to have a different opinion. Munter recently shared the following:

• “PCAOB inspections consistently identify areas of concern involving auditors’ application of due professional care and professional skepticism when considering fraud or where the audit response to fraud risks and red flags was insufficient. PCAOB inspection examples of auditor’s deficiencies include auditors not performing substantive procedures that were specifically responsive to fraud risks (e.g., not performing tests of details or only performing inquiries), performing insufficient journal entry testing, failing to assess and/or identifying revenue recognition as a potential fraud risk, and not communicating fraud risks to audit committees.

• Recent Commission enforcement actions against audit firms and their personnel continue to highlight instances of auditors’ improper professional conduct concerning fraud risks. In these enforcement actions, the Commission alleged that auditors failed to comply with PCAOB standards by, among other things, ignoring red flags and contradictory information and failing to obtain sufficient and appropriate audit evidence.

• Through OCA’s discussions with stakeholders, we have heard particularly troubling feedback that auditors often frame the discussion of their responsibilities related to fraud by describing what is beyond the auditor’s responsibilities and what auditors are not required to do. We find this attitude of focusing on the limits of the auditor’s duties at the outset as opposed to the affirmative requirements with respect to the responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement, whether caused by error or fraud, deeply concerning, as it could impact an auditor’s mindset or their degree of professional skepticism, and may thereby reduce the likelihood of fraud detection and potentially result in dereliction of professional responsibilities to the public trust.”

Simply stated – auditors, in his opinion, are not focusing on fraud as an issue or responsibility. They aren’t using the “fraud lens” when reviewing financial transactions and data. He shared that it’s extremely important to consider “how fraud could be perpetrated or concealed by management.”

This raises a question – as an auditor – what should be done? Per Munter, here are some practical considerations regarding the scope and effectiveness of the auditor’s role.

• Establish effective controls that can prevent an auditor from, as he put it, “distract an auditor from appropriately identifying and responding to fraud risks.”

• Require auditors to “set aside any prior beliefs about management’s honesty and integrity.”

• Munter further advises, “when considering materiality, auditors should not assume that even small intentional misstatements in the financial statements are immaterial.”

• Professional skepticism, per Munter, reflects “an attitude that includes a questioning mind and a critical assessment of audit evidence.”

• Munter goes further, “when performing analytical procedures, auditors should assess whether there are unusual or unexpected transactions or relationships that are identified that may be indicative of a previously unidentified fraud risk.”

What does this all mean? The global pandemic has created an environment where the three most practical reasons fraud will exist have come together in a trifecta in modern times. Financial strain, relationship issues, and health issues are the primary reasons that fraud starts when traced back. A global pandemic combines all three.

As a result, two areas of focus seem obvious: (a) one might assume that auditors will be more sensitive to fraud as part of their audit function (whether they want it to be or not), and (2) board of directors and C-Suite executives should expect more scrutiny anticipating that with heightened triggers for fraud, there’s a greater likelihood that fraud may exist.

One thing is true: the US Guidelines provide to have an effective compliance and ethics program; for purposes of subsection (f) of §8C2.5 and subsection (b)(1) of §8D1.4 an organization shall—

(1) exercise due diligence to prevent and detect criminal conduct; and

(2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

Call it self-serving, but an effective ethics training program is key to avoiding criminal prosecution in the event of fraud within an organization. If you think your ethics program falls short…then an ethics program update and intervention might be in order.