The words ‘corporate fraud’ generate an emotional reaction, with good reason. Corporate fraud affects everyone directly or indirectly, and the cost of fraud to society is enormous. The presentation of fraud in the media is often hostile to both companies and their auditors, but no audit committee nor any auditor sets out to miss, ignore or perpetrate a fraud.
The primary responsibility for the prevention and detection of fraud lies with companies. This has always been the case. Many directors resent the assumption that they cannot really be trusted, and that the focus of policy makers seeking to prevent fraud must therefore always be on auditors. This became clear in a series of interviews we conducted with audit committee members and chairs for our just-published report on fraud, Sharpening the focus on corporate fraud: an audit committee perspective.
We sought to understand more clearly audit committee perspectives on the nature and extent of the fraud risk, and what the corporate sector is doing to improve the chances of deterring and detecting it. We interviewed 14 members of audit committees about fraud for this new report. Most of them are audit committee chairs and most also serve on the board of the UK’s Audit Committee Chairs Independent Forum (ACCIF). They represent a wide range of large UK, North American, European and Asian businesses, and their collective knowledge and experience is immense.
The interviews were lively. An overwhelming majority of interviewees emphasised the importance of not underestimating the fraud risk, particularly cyber fraud, which is what keeps many awake at night. They noted that fraud is the responsibility of the entire board. Interestingly, a number emphasised that fraud is not the only risk boards and audit committees must address, and that it is not necessarily the most important. All stakeholders need to hear this important message coming, as it does, straight from those charged with governance.
Auditors and audit committees share a belief that the reputational damage arising from fraud, which may be greater than the cost of the fraud itself, spreads far and wide. Financial reporting fraud rarely hides in plain sight and is not obvious, because it involves dishonesty and deception. Fraud is deliberately hidden from, or misrepresented to, both those charged with governance and auditors. Material financial reporting fraud is often complex.
Auditors and audit committees also agree that the regulatory framework for fraud should be focused on companies rather than auditors, and that culture plays a critically important role in the management of fraud risk, although promoting genuinely good corporate culture is not easy.
Auditors and audit committees both thought however that they should listen to each other more carefully. Auditors want audit committees to understand more clearly their concerns about the risk of fraud, and audit committees want auditors to better understand their responses to those concerns.
Internal control is another area in which views differ both among and across auditors and audit committees. Internal controls are not an end in themselves, and there is still little consensus about the costs and benefits of the different styles of internal controls reporting. The auditors we interviewed for previous publications on internal control generally viewed the US Sarbanes-Oxley (SOX) model more favourably than audit committee members, for example. And differing views were expressed in the current publication about the value of applying the controls model operating in the financial services sector to the wider corporate sector.
This report follows a first report issued in July 2022 based on interviews with senior representatives of large UK audit firms. Sharpening the focus on corporate fraud: an audit firm perspective provides a snapshot of recent and ongoing audit firm initiatives to better deal with fraud. Driven by those insights, the 2022 report also sets out recommendations for what more can be done, and what can be done differently, to deter and detect fraud, not just by audit firms, but by directors, government and audit regulators.
We hope that these two reports will contribute to a more balanced public discussion of corporate fraud, and to the progress of the ongoing reform of audit and corporate governance. They are perhaps especially relevant following publication of the government’s fraud strategy on 3 May and, in particular, to the proposed introduction of a new corporate offence of failure to prevent fraud.
Sharpening the focus on corporate fraud
This report from the Audit and Assurance Faculty considers audit committee perspectives on the nature and extent of corporate fraud and what the corporate sector is doing to improve the chances of preventing and detecting it.