Top of Mind: Is a Forensic Audit in Your Future?

During its regularly scheduled meetings throughout this year, the Standing Advisory Group (SAG) of the Public Company Accounting Oversight Board (PCAOB) will continue a discussion that it began in February, exploring ways to conduct forensic audit procedures either as a part of or in addition to the audit of financial statements.

In January, the PCAOB issued a report on fraud detection, which stated that auditors were taking shortcuts in their attempt to find client fraud and chastised audit firms for failing to respond to risky circumstances and being lax when management wanted to circumvent controls.

In response to the tone at the PCAOB, the six largest accounting firms released a paper titled "Global Capital Markets and the Global Economy," which stated that "there is a significant 'expectations gap' between what various stakeholders believe auditors do or should do in detecting fraud, and what audit networks are actually capable of doing, at the prices that companies or investors are willing to pay for audits." The paper went on to recommend launching a dialogue among investors, other company stakeholders, policy makers, and accounting and audit professionals about what should be done to close or at least narrow that gap.

The Big Six's motivation in addressing the issue is, of course, understandable due to potential liability issues in the event of fraudulent activities among their clients. To mitigate such risks, the firms suggested the following ideas, which the PCAOB is considering, for improving fraud detection at public companies:

• Regular forensic audits: The most aggressive and costly way of rooting out fraud, requiring that all public companies undergo a forensic audit on a regular or periodic basis.

• Random forensic audits: A less onerous and less expensive version of the forensic audit proposal.

• Choice-based options: Relying on boards or audit committees to decide on the appropriate level of fraud detection scrutiny; another possible model would have shareholders decide on the level of detection effort they want auditors to perform.