5 Reasons Why Auditors Fail to Detect Fraud

You are probably reading this as another huge financial scandal threatens to destroy the economy, and wondering why auditors fail to detect fraud. Especially in cases such as these!

First of all, we auditors don’t appreciate being told that we failed!

Secondly, it isn’t reasonable to lay the onus on auditors. Yes, I know you want someone to blame, but I just can’t let you scapegoat us anymore!

I guess auditors should be flattered you think we are so powerful and omnipresent that we can use our x-ray vision to uncover the dastardly deeds of every villainous fraudster. But the truth is we are just a tiny little battalion of professionals fighting an uphill battle. The Certified Fraud Examiners estimate that $5 trillion is lost to fraud every year. Yes, trillion with a T.

In the hopes for us not be blamed again, I share a few reasons why auditors fail to detect fraud:

1. Fraudsters purposely deceive us.
2. We don’t audit what you think we audit!
3. Management is responsible for preventing and detecting fraud, not us!
4. Auditors are seriously outnumbered.
5. Even though we perform all kinds of fancy procedures to uncover fraud, they don’t really work!

1. Fraudsters purposely deceive us.

Fraudsters are sneaky. They figure out the gaps in controls and then do everything they can to cover their trail. They want to keep the assets they stole and are adept at inventing creative ways to trick an unsuspecting auditor into believing that everything is okay.

Consider this story: An auditor visited an oil refinery every year to ensure the gallons of oil the company claimed existed actually existed. Every summer, the auditor climbed to the top of a four-story tank (yes, auditors put themselves in physical danger for you!) and stuck a broomstick into the tank as a dipstick. And every summer, the auditor concluded that since he found oil on the broomstick, the tank was full of oil.

That poor, deceived auditor. He failed to realize the auditee filled the tank with water and just enough oil to cover the broomstick. If only that auditor made Italian salad dressing just once, he would know that oil floats. But, the sad truth is that most auditors prefer ranch dressing. 🙂

2. We don’t audit what you think we audit!

I bet you think auditors work to uncover wrongdoing in every corner of your organization.

Hello! Come on! Auditors cannot – and do not – look at everything.

Auditors sample. At best, auditors visit, but infrequently. And on top of that, auditors don’t like their audit projects to have birthdays, so they limit the scope and objectives of each visit.

For instance, let’s say an auditor wants to know if a state sponsored nursing home in Tuscaloosa installed fire alarms. And let’s say that in order to verify those installed alarms, the auditor asks the accounting clerk at this nursing home to send the auditor a copy of the invoice and a picture of the fire alarm proving that the alarm was installed. The clerk sends the invoice and the picture, the auditor thanks them for helping, and that is the end of the audit.

But what if this same accounting clerk in Tuscaloosa has been writing checks to herself and selling the prescription drugs that she stole from the nursing home pharmacy out of the back of her car in a dark alley? The auditor is obviously not going to see that craziness because cash and drugs are not part of the auditor’s audit objective and scope, but someone working at the home should. And that gets me to my next point…

3. Management is responsible for preventing and detecting fraud, not us!

It is not the auditor’s job to uncover every whacky employee behavior. That is management’s job.

Management is responsible for establishing the controls that prevent fraud.

Here is what the GAO Green Book (Standards for Internal Control in the Federal Government) has to say about that:

OV2.14 Management is directly responsible for all activities of an entity, including the design, implementation, and operating effectiveness of an entity’s internal control system. 

4. Auditors are seriously outnumbered.

So on top of people lying to us, thinking we should look at things we don’t look at, and trying to lay their responsibility on us, we are seriously, seriously outnumbered.

Maybe you’ve heard of the student to teacher ratio? A private school might boast about one teacher for every 15 students so every precious, little student gets the personal attention they deserve.

Well, there is no way auditors can give every corner of an organization, or every employee the attention, they deserve. It isn’t uncommon for an auditor to be outnumbered 1,000 to one.

And don’t you think that somewhere in that 1,000, there is gonna be one bad kid – excuse me, fraudster – who stirs up some trouble and bypasses controls?

5. Even though we perform all kinds of fancy procedures to uncover fraud, they don’t really work!

But you know what? Even against all odds, we auditors still give it the old college try. The AICPA and the GAO mandate a number of due diligence steps in their auditing standards intended to help the auditor detect fraud within their limited audit scope.

In my experience, however, auditors very rarely uncover fraud with these procedures. Why? Refer to reasons 1-4.

Here is a summary of the procedures:

1. Define the audit objective.
2. Ask pointed questions of employees and organizational leaders: how could fraud occur in their organization and did fraud occur?
3. Consider factors moving someone to commit fraud.
4. Brainstorm fraud risk with the audit team.
5. Filter the fraud risks from the brainstorming session for magnitude and likelihood.
6. Apply existing internal controls and rate the strength of controls.
7. Test key controls.
8. Respond to risks not adequately controlled by performing audit tests to verify that no fraud occurred.

Per the Certified Fraud Examiner’s 2020 Report to the Nations, 49% of known frauds are uncovered from tips, accident and confessions. Internal and external audits – combined – find only 19% of known frauds.

And those five reasons are just some of the reasons why auditors fail to detect fraud.

So what good is an auditor, then?

At this point, you might say to yourself, “So, if an auditor isn’t working to uncover fraud, what are they doing? What good are they anyway?”

Thank you! Because if you are asking the question, my snarky little article has done its job. You now (hopefully) will stop blaming auditors for fraud that is not their fault or their responsibility.

What auditors ARE good at is giving leaders and the public independent, objective assurance that something is true. You don’t want to trust that crazy fraudster in the Tuscaloosa nursing home to tell the truth about installing fire alarms, do you?

Also, auditors are experts when it comes to controls you can put in place to make sure fraud doesn’t strike you or those you love. (Pause to notice that wording there: YOU can put in place.) If you are nice to them, and stop blaming them for things they can’t control, maybe your auditors will share their knowledge with you.

As always, thanks for reading!

Looking for high-quality and convenient CPE?

We have you covered! Our live webinars are a great choice if you want the learning to come to you. Just log on at the scheduled time and enjoy wherever you are! Here are a few of our upcoming courses:

• Apr 8: Introduction to Cybersecurity for Government Auditors (2 CPE Hours)
• Apr 15: Hands-on Excel for Auditors (3 CPE Hours)
• Apr 16: Auditing Government Contracts (4 CPE Hours)
• Apr 21: The Audit Balancing Act: Managing Time (4 CPE Hours)
• Apr 23: Detecting Conflicts of Interest, Kickbacks & Shadow Deals (2 CPE Hours)