For nearly 25 years now, I’ve been exhorting CPAs to take seriously their responsibility to detect fraud during an audit—or face the potentially ruinous financial and reputational consequences of accountant malpractice claims.
Sadly, many audit firms and CPAs have yet to absorb this message. And unfortunately for them detecting fraud isn’t getting any easier. In the last year alone, COVID19 has shaken up the workplace and created new vulnerabilities for companies, and the continuing rise of cryptocurrency has been redefining how money flows into corporate coffers. Meanwhile, technology is making it easier for fraudsters to hide their tracks, and regulators, judges and jurors are increasingly holding audit firms to account, with some major firms facing nine-figure accounting malpractice claims as a result.
The good news? CPAs are not powerless. The same tech revolution causing so many complications for their audits can be deployed to help ferret out suspected fraud in ways that would have been too costly and complex to imagine not long ago. They can partner with specialists in forensic accounting to assist them with this process if they don’t want or can’t afford to bring capabilities in house. They can educate themselves about issues like blockchain technology and stay ahead of the curve when it comes to the treatment of cryptocurrency. They can even use the growing mountain of case law and regulatory actions around accounting misconduct as evidence to convince clients who may be resistant to a fraud examination.
First, however, they should take a simple, yet critically important, step: waking up and facing reality. If a problem occurs, CPAs must understand that they will almost face accountant malpractice claims, no matter whether they have provided simple compilation services or more complex tax and consulting assistance to their clients.
FACING THE CONSEQUENCES
I began evangelizing for a more rigorous approach to detecting fraud back in 1997, when the “Consideration of Fraud in a Financial Statement Audit” was enacted. This was the first time I recall the word being used by the American Institute of Certified Public Accountants (AICPA). And for many CPAs trained before 1997, this was a fundamental change in practice. They had been taught that it was not their duty to look for fraud – only to let their clients know if they saw or suspected any defalcations.
Flash forward to 2021, and the inability of auditors to detect fraud is leading to some eye-popping judgments against some of the biggest names in the accounting industry. Large judgments are occurring at both the federal and state level, and international courts and regulators have been cracking down as well. Here are just a few recent, high-profile examples:
• Pricewaterhouse Coopers LLP was hit with a $625 million judgment—the largest-ever against an audit firm in the United States—for an allegedly negligent audit of Colonial BancGroup Inc. The Federal Deposit Insurance Corp. sued PwC to compensate its losses after Colonial’s bankruptcy, which came after a multi-billion mortgage fraud case.
• In 2019, a Washington state jury awarded $20.3 million in damages to an investment firm that accused Ernst & Young LLP of signing off on audits of funds related to the late fraudster Bernie Madoff. The investment firm—which brought suit under Washington’s investor-friendly state securities law—said E&Y’s alleged failure to conduct detect fraudulent behavior was responsible, in part, for its losses as a result of the Madoff affair.
• In Germany, the collapse of payment processing giant Wirecard AG has spurred criminal complaints against auditors for failing to uncover accounting irregularities. And in the Netherlands, a former Deloitte LLP partner faces disciplinary action improper audit of the European arm of one of South Africa’s largest retailers, which nearly collapsed three years ago in the wake of an accounting scandal.
Of course, I am not the only one to highlight the need for auditors to detect fraud. The AICPA and the Public Companies Accounting Oversight Board (PCAOB) have both underscored the importance of fraud detection for auditors. The PCAOB, as far back as 2007, said auditors should “assess risks and apply procedures directed specifically to the detection of a material, fraudulent misstatement of financial statements.” Detecting such a misstatement is an “essential element of an audit,” the PCAOB said.
The risks of material and fraudulent misstatements are only likely to grow as companies grapple with the ongoing impact of COVID-19. PwC’s Global Economic Crime and Fraud survey of 2020 found that most respondents expected incidents of fraud to increase dramatically as routine business processes, controls and working conditions have been disturbed by the pandemic.
From a fraud detection perspective, this means taking a broader view of how and where threats may occur. For instance, a remote workforce, especially one facing greater financial stresses because of the pandemic, may face greater temptation to commit fraud. Business partners—including some hired with little vetting to deal with pandemic-related emergencies—may also require additional scrutiny.
At the same time, disruptive technology, such as digital currencies, is also creating new complexities for auditors. Many auditors have little or no experience with cryptocurrencies — and they many not yet understand how to identify and evaluate potential risks related to cryptocurrency transactions and accounts.
A recent Canadian report highlighted several issues auditors should consider when “identifying and assessing risks of material misstatement in cryptocurrency transactions and balances,” such as whether the cryptocurrency exchange had effective controls over transactions and balances related to an entities accounts; whether an entity had a cryptocurrency wallet that had not been accounted for; what happens when an entity loses a private key and can longer access its cryptocurrency; whether all the parties in a transaction can be identified, among several others.
Expect pressure on CPAs to better account for cryptocurrency transactions to continue to rise. Members of Congress from both parties have been pressuring the Financial Accounting Standards Board (FASB) to establish clear accounting standards for Bitcoin and other cryptocurrencies, particularly in the wake of balance sheet losses related to digital currency assets.
In spite of the increased fraud risks that issues like COVID or cryptocurrency may pose, CPAs can take concrete action to prevent an accountant malpractice claim.
They can and should embrace technology. A roundtable of accounting technology experts convened by the Journal of Accountancy two years ago noted how artificial intelligence could be deployed to automate tasks and help deliver analytics that will allow new insights for auditors. In a fraud context, AI can help auditors comb large data sets to search for anomalies. Machine learning can be deployed to analyze transactions and assess them based upon their risk—reducing the need for less effective and more time-consuming manual samples of transactions.
CPAs and firms who fail to use technology simply increase their legal risks. A plaintiff’s attorney pursuing accountant malpractice claim is bound to ask an expert witness whether an auditor’s failure to use available technology in its audit violated the standard of care.
Firms that know they are lagging behind in their understanding and adoption of technology have options as well. They can engage a technology-savvy forensic specialist trained to spot fraud to assist in the audit process. A specialist can supplement the audit firm’s traditional expertise and give it greater comfort that it has done all it can to root out fraud. Not only is this good client service—but it’s a strong preventative measure in helping avoid later legal issues.
And audit firms and CPAs can take practical steps in their relations with clients to help avoid claims and improve their ability to root out fraud. They can:
• Research and investigate clients — both new and existing. Even a quick Google search can yield important details.
• Understand their clients’ businesses. If you don’t understand what the client does, you are less likely to spot trouble when it occurs.
• Get paid for their work. Clients tend to respect CPAs who command a reasonable price for their services and payment in a reasonable time frame.
• Avoid clients with financial issues. Fraud rises when businesses are in trouble.
• Make sure they have an executed engagement letter. This is your contract, and in it you can set the parameters of your work and how and where disputes with the client will be settled.
• Understand professional ethics and conflicts. Know where the lines are, and don’t cross them.
• Create checklists—and be sure to use them. A checklist program designed for the engagement can ensure that all steps are followed. However, failing to follow that checklist can help prompt an accounting malpractice claim.
Professional standards clearly state that CPAs have a responsibility to detect fraud. By going on the offense—learning about and adopting technology, engaging help from specialists, and taking practical steps in relations with their clients—CPAs can increase their chances of catching fraudsters and of reducing their exposure from malpractice lawsuits.
To learn more about FSS and our work involving accountant malpractice claims, contact us for a consultation.