Financial reporting fraud can result in significant losses in shareholder value and have a devastating impact on a company’s ability to stay in business. It also can ruin the reputation of, and create liability for, members of the board and the audit committee.
How can boards and, in particular, audit committees fulfill their important duties to shareholders in deterring and detecting financial reporting fraud? An initiative of the Center for Audit Quality (CAQ) led by Michele Hooper, governing board co-vice chair and NACD board member, resulted in our recent report, Deterring and Detecting Financial Reporting Fraud—A Platform for Action. The report identifies three tools—tone at the top, skepticism and communications—for counteracting conditions that can lead to fraud. This article focuses on skepticism.
The CAQ’s report emphasizes that effective governance by the board and the audit committee requires skepticism in the form of vigorous and probing questioning of management, internal auditors and external auditors. It can be difficult for board members to overcome their natural bias to trust management, other company personnel and external auditors. After all, board members do their own diligence before accepting a board position. They do not accept board seats at companies if they think management and their auditors are not trustworthy.
Therefore, the application of skepticism—a questioning mindset and an attitude of informed objectivity— may be the audit committee member’s most important tool in discharging his or her responsibility for risk management and financial reporting.
Skepticism involves the validation of information through probing questions, critical assessment of evidence and attention to inconsistencies. Being skeptical is an effective way to assess the integrity of management and communicate the board’s expectation of ethical behavior. The application of skepticism may feel uncomfortable at times; it is important to create an atmosphere where hard questions can be asked without creating a hostile environment. Skepticism should be employed in discussions with management, internal auditors and independent auditors. It also should be used in reviewing information that could bear on the integrity of financial reports received from management, internal auditors and independent auditors. To be most effective in asking questions, audit committee members need a thorough knowledge of the company’s business (especially the drivers of its revenue and profitability), its industry, competitive environment and key risks.
Bringing skepticism into the boardroom may be as simple as changing how audit committee members communicate: the mere mention of the word “fraud” can be enough to stall a conversation or elicit a defensive response. Board and audit committee members may be able to better understand fraud risks within the company by broadening their focus a bit.
To that end, the CAQ’s report includes a list of 10 questions to help guide audit committee members. The list is not meant to be inclusive or used as a checklist. In fact, an audit committee may decide to use a different set of questions. The point is to provide ideas about how to encourage more open and effective conversations that elicit information from management, auditors and others about fraud risks, without asking about fraud directly. The questions focus on the most likely sources of fraud risk and potential weaknesses in the control environment that could influence accounting processes in a way that results in questionable practices or leads to fraud.
For example, in addition to asking directly about fraud risk, audit committees might ask about sources of influence on the company’s financial reporting processes. It also might ask questions aimed at identifying internal and external influences or pressures that could potentially affect objectivity or honesty, such as pressure to meet short-term earning goals. This could alert the audit committee to the presence of factors that might cause individuals to hide negative information or ignore fraud indicators.
Other questions identified in the CAQ report focus on the complexity of the company’s operations or transactions (including the presence of unusual transactions). In these situations, audit committees want to ask both financial management and auditors whether the relevant accounting standards are difficult to apply, or require management to apply its judgment or make assumptions about future financial scenarios. Related questions include asking what areas of the company’s accounting tend to take up the most time; what judgments or assumptions management or the auditors are most worried about; and, importantly, whether there are areas of recurring disagreement between management and auditors.
Another revealing question involves how the company’s financial accounting compares with its peers. Audit committees might ask: “If a Wall Street Journal article were to appear about the company’s accounting, what would it most likely talk about?” Questions along these lines could help audit committee members obtain a better understanding of the weaknesses or pressure points that might affect the objectivity of accounting judgments or determinations and whether there is potential for manipulation. The audit committee is then able to take steps to fortify the accounting system against them.
Similarly, asking about the operating environment can lead to a productive discussion about risk management within the company more generally. An audit committee member might first ask management about sources of concern or stress related to the company’s operation. The response could lead to other topics, such as pressures on a company’s sales force or research and development activities to deliver certain results.
The 10 questions also pertain to the control environment; they should be directed to management, internal auditors and external auditors. Questions in this area focus on the use of technology in the financial reporting process and whether there are automated controls in place that search for any unusual accounting activity. They also focus on how an insider might adjust financial results, i.e., who can input information, who can override controls and who monitors and reports on control overrides.
While it is important for audit committees to fine-tune these questions to fit their company, the 10 questions and other ideas presented in the CAQ’s report are intended to facilitate a more probing mindset by all those with responsibility for financial reporting. By promoting a culture of skepticism without creating a hostile environment, management, the board, the audit committee, internal audit and external audit can counteract the three forces of the fraud triangle—pressure or incentive, opportunity and rationalization—and mitigate the risk of financial reporting fraud.
Getting accustomed to asking probing questions, as part of a more skeptical attitude regarding companies’ financial reporting activities, can enhance our collective fraud deterrence and detection efforts. Be guided by the words of British poet Edward Hodnett, who wrote, “If you do not ask the right questions, you do not get the right answers.”
Cindy Fornelli is executive director and Angela Desmond is senior director of external relations of the Center for Audit Quality, a Washington-based public policy organization serving investors, public company auditors and the markets.