When embezzlement occurs, management often asks, "Where were the auditors?" Many company owners believe that any involvement by an outside CPA ensures the detection of embezzlement. This myth is not true. A compilation, review, or audit cannot be relied upon by management to disclose embezzlement or other illegal acts.
There are three levels of independent financial reporting that auditors provide on financial statements.
Level one: Compilation
Compilation is when the CPA assists the client to present financial information in the form of financial statements. This may be done without the preparation of a cash flow statement or footnote disclosures. In a compilation, a CPA does not examine documentary evidence, perform any inquiry or analytical procedures, test any underlying financial records, or perform any sort of fraud risk assessment. Accordingly, the CPA firm does not express an opinion or provides any assurance regarding the financial statements. With minimal involvement, the chance of identifying any embezzlement would be extremely rare.
Level two: Financial Statement Review
Financial statement reporting is a review that is more costly and time consuming than a compilation because the CPA will perform analytical procedures and makes inquiries with company personnel in order to provide limited assurance that there are no material errors with the financial statement presentation. This scope is substantially less than an audit and does not involve obtaining an understanding of the Company's internal control or assessing fraud risk.
In a financial statement review, there is no testing of underlying accounting records or the process of obtaining outside evidence or independent confirmations. However, because of the additional procedures performed during the course of a review, there is a chance that those efforts might lead to the discovery of a financial impropriety. The chance of detecting an internal embezzlement is marginally better than in a compilation, but still very low.
Level three: Audit
The highest and most costly level of independent financial reporting is the audit. An audit is not performed to detect fraud or embezzlement but to objectively present the financial statements in accordance with GAAP. Prior to fieldwork, the audit engagement team will meet to design audit tests and discuss internal controls in order to identify fraud risk areas. During the audit, auditors will sample internal supporting documents and other accounting records such as journal entries. Auditors will also make inquiries of selected company personnel. An audit does not involve examining all transactions. An audit is performed to render an opinion on the financial statements taken as a whole. It is possible that an audit is performed and fraudulent transactions are not identified. Such a finding after the fact does not necessarily render the auditor negligent.
Regardless of the level of financial statement reporting, CPAs clearly communicate in the engagement letter and in the management representation letter that management, not the CPA, has the responsibility to design, implement and maintain the internal controls in order to prevent and detect fraud and that the engagement with the CPA cannot be relied upon to disclose errors, fraud or other illegal acts.
The CPA has a responsibility to ask management about any known instances of fraud and to bring to management's attention any matters or concerns that come to the CPA's attention.
Do you know the steps you can take now to reduce your risk of fraud and embezzlement? Download our FREE E-book: A Corporate Executive's Roadmap to Fraud Prevention.
We invite you to stay up-to-date with the latest business trends, tips and revenue-generating ideas affecting you and your business today by subscribing to the Skoda Minotti Blog or by following us on LinkedIn, Twitter @skodaminotti, and Facebook or simply contact us at any one of our four office locations: Cleveland, Akron, Westlake or Tampa