Before the Enron fiasco in year 2002, not too many people knew what certified public accountants (CPAs) do. Many would just dismiss them as the boring accountants who deal with uninteresting numbers, period. Unforgivably, they are seen as lowly species of bean counters who can’t sing the right tune or who would have too much difficulty following the simple steps of cha-cha. It was a big struggle explaining to people who are not in the know what a CPA does. Ironically, the CPA is the only profession regulated by the Professional Regulatory Commission (PRC) to have been mentioned in our Philippine Constitution. Sometimes accountants are depicted as heroes in movies — but rarely. It was an accountant who was instrumental in bringing the well-known Al Capone to the wheels of justice as depicted in a not so recent movie starred by Kevin Costner, but those kinds of movies come in once in a blue moon.
CPAs seek employment with private companies — finance officers, accountants, bookkeepers, etc. some join the government service, others would just simply forget they are CPAs and would rather pursue other interests. Few would go into public practice either by joining accounting firms or set up their own small practice. This article deals with the roles of external auditors and specifically underscores their responsibilities with respect to fraud in audit.
After 2002, the CPAs’ importance to the business community and its role to society have become more pronounced and the public has finally awaken to the fact that the CPAs are valuable partners of the community and the businessmen alike. The realization that a CPA is a valuable partner in business and an important ally of the investing public undoubtedly erased the typical outlook of who a CPA is, and this notion was not only confined within the Philippines but on a worldwide scale at that. All of a sudden, first world countries began importing our own experienced CPAs. But that is another story to be taken up in our forthcoming issues.
With the recognition, questions on the level of an external auditor’s responsibility comes to mind. Are external auditors who are charged with the duty of doing statutory audits fully accountable for materially misstated financial statements as a result of fraud or error? More often than not, to many people, the answer to the question is yes. A lot of people would always argue that the auditor’s reason for being is to audit and the word audit to them is synonymous to looking for misstatements, misappropriations, manipulations, falsifications, omissions, etc., etc. So that in the final analysis, any undetected fraud or errors, more often than not are blamed on external auditors.
It should be emphasized that establishment of policies for effective antifraud programs and controls are the primordial responsibility of the Board and the Management of companies. They must manage the risk of fraud and take appropriate actions/measures to deter and detect it. They should always be on their toes and be cognizant of the fact that risks abound and may cause misstatements of the financial statements arising from fraudulent financial reporting and misstatements of the financial statements arising from misappropriation of assets, or both.
The public has become much more aware of these fraudulent transactions and has in fact looked at the external auditors as the right individuals who possess the inquisitive mind and would normally subject audit evidence to a deeper critical assessment or professional skepticism. The external auditor is assumed to posses this attitude.
It should be clearly stressed, however, that the external auditor’s responsibility is to conduct an audit to obtain reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. When an external auditor signs a report on the results of his audit, it doesn’t mean that his audit achieved absolute assurance that he was able to detect material misstatements in the financial statements. In fact, the statutory audit cannot be expected to discover every instance of fraud as there will always be inherent limitations of an audit. Philippine Standards of Auditing (PSA) 210, Terms of Audit Engagements, paragraph 6, suggests that the auditors in their contracts with the auditees include reference to the fact that “because of the test nature and other inherent limitations of an audit, together with the inherent limitations of any accounting and internal control system, there is an unavoidable risk that even some material misstatements may remain undiscovered.” Clearly, at the outset, the contracting parties acknowledge that there could be an unavoidable risk that some material misstatement(s) go undetected owing to the inherent limitations of an audit.
If in the course of his audit, the auditor stumbles upon indications of fraudulent activities or would note that there are material weaknesses in the design or implementation of internal controls that would have detected or prevented fraud, the auditor should report this at once to management. PSA 240, The Auditor’s Responsibility to Consider Fraud in an Audit Financial Statement, paragraph 94 in part reads, “When the auditor has obtained evidence that fraud exists or may exist, it is important that the matter be brought to the attention of the appropriate level of management as soon as practicable. This is so even if the matter might be considered inconsequential.” Also, in certain circumstances the auditor may need to communicate to regulatory authorities on matters relating to fraud, overriding the duty of confidentiality. Paragraph 100 of PSA 240 highlights this matter. Further, under the BSP rules (BSP Circular No. 410, Series of 2003 as amended by Circular No. 415, series of 2004), the auditor of a financial institution has the statutory duty to report the occurrence of fraud to the BSP. Also, under SEC Memorandum Circular No. 13, Series of 2006 (SEC Accreditation Rules for External Auditors), the auditor has a duty to report material audit findings, such as those involving fraud or error, in those cases where management and those charges with governance fail to report those findings to the SEC within the prescribed period.
This brief commentary about the roles of management and the external auditor in matters relating to fraud in audit hopes to enlighten the public. In conclusion, fraud prevention and deterrence is a management function and is achieved by having a good oversight and clearly defined governance functions. These in turn are a good base to achieving sufficient audit evidence. In short, it takes two to tango.
(Wilfredo Z. Palad is a Partner for Audit Services of Manabat & Sanagustin & Co., CPAs, a member firm of KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. This article is for general information only and is not intended to be, nor is it a substitute for, informed professional advice. While due care was exercised to ensure the quality of the information contained in this article, readers should carefully evaluate its accuracy, completeness and relevance for their purposes, and should obtain any appropriate professional advice relevant to their particular circumstances. For comments or inquiries, please email manila@kpmg.com.ph or wpalad@kpmg.com).