Accounting industry leaders' proposed policy changes are not likely to improve auditors' detection of fraud in high-risk settings like Enron, but will instead lead to more efficient use of audit resources in low-risk settings, according to a study by professors of Brigham Young University's Marriott School of Management.
"One problem the proposed standards are trying to address is how to get auditors to be sufficiently wary of managers who appear to have solid character traits but are facing significant pressures and opportunities to commit fraud," says Mark F. Zimbelman, a BYU assistant professor of accounting. "Auditors, seeing that a client is active in community and church activities, may unconsciously neglect to seriously consider other risk factors for fraud. They say to themselves, 'This seems like a good person,' and as a result, high-risk incentives like million-dollar sales bonuses and opportunity cues - how easy is it to steal money from the till - aren't being considered effectively."
The study's findings, based on information gathered from more than 60 audit managers from two Big Four accounting firms, will be presented Oct. 19 to auditing policy makers and accounting academics at the KPMG-sponsored 15th Symposium on Auditing Research at the University of Illinois. Joining Zimbelman in the study is co-author T. Jeffrey Wilks, BYU assistant professor of accounting.
The accounting industry is considering proposals by the Auditing Standards Board of the American Institute of Certified Public Accountants that aim to tighten audits. Previous changes to auditing procedures intended to reduce fraud fell short. Most recently, the AICPA issued the Statement on Auditing Standards No. 82 in 1997, which required auditors to plan their audits based on an initial assessment of fraud risk.
As a result of the change, auditors devised long checklists that look for suspicious behavior. The checklists tend to focus auditors too heavily on executives' attitudes or personal characters, while neglecting other factors, Zimbelman says.
"The 1997 standard helped outline many fraud-risk factors, but didn't take advantage of what is known in auditing research as the 'fraud-risk triangle,' which our study suggests would change an auditor's sensitivity to a company's overall fraud risk," says Wilks.
The fraud-risk triangle looks at the three motivations for fraud - incentive or pressure to commit fraud, opportunity to commit fraud and attitude allowing one to rationalize fraud.
Although current policy proposals recommend that auditors begin using the fraud-risk triangle to plan audits, the BYU study suggests that increased sensitivity to incentive and opportunity risks will only result in improved cost effectiveness in low-risk situations, says Zimbelman.
"Let's say auditors adopt the proposed changes and begin to use the fraud-risk triangle. This will begin to key them into the two areas of risk they haven't been sufficiently sensitive to - incentive and opportunity to commit fraud," says Zimbelman. "But now it's possible that their previous focus on executives' character is heightened right along with the other two risk areas. The CEO they saw as a good person is now seen as an even better person, and the heightened sensitivity to the other two areas of risk - incentive and opportunity to commit fraud - are counteracted by this increased sense that the CEO's character is such that he wouldn't commit the fraud."
Wilks explains that standard setters would like to see auditors increase their scrutiny in situations where the CEO appears honest but has extreme incentives and opportunities for fraud.
"In that setting, our study shows that auditors who adopt the fraud-risk triangle approach will become more sensitive to the high incentive and opportunity risks and, as a result, increase their scrutiny," says Wilks. "Unfortunately, that benefit is offset by an increased sense that management is trustworthy."
In the world where management has low incentive and low opportunity for fraud, the effect of the fraud-risk triangle is to point out to auditors that this is an extremely low-risk situation and they can reduce their vigilance as a result. This leads to the cost-effectiveness in a low-risk situation, says Zimbelman.
"Overall, this change alone is not what audit policymakers are hoping for," adds Zimbelman. "But if in the future auditors take the money they save because of effectiveness in the low-risk world and spread it to all audits, there should be an improvement in fraud detection among businesses like Enron and WorldCom."