Forensic Accounting Report

Materiality
The work external auditors might carry out is primarily concerned with two types of fraud:
 Misappropriation of assets and consequent misstatements arising from that, i.e. a ‘cover’
involving the alteration of the accounting records to disguise the theft, and
 Misstatements arising from fraudulent financial reporting.

Audit procedures, even when adopting a risk-based approach, are more likely to detect frauds
by the organization, the fraudulent manipulation of the accounts themselves rather than the
underlying records, than they are to detect employee frauds within the organization. Auditors
rely on the organization’s own internal control system to detect or prevent material
misstatements, which include fraud, as, of course, do the directors.

One of the key issues which probably affects the external audit approach more than that of
internal audit is the issue of materiality.

ISA 320, Materiality in Planning and Performing an Audit states:

Misstatements, including omissions, are considered to be material if they, individually or in the
aggregate, could reasonably be expected to influence the economic decisions of users taken
on the basis of the financial statements. The auditor’s determination of materiality is a matter
of professional judgement.

In other words, materiality equates to the significance of a transaction or group of transactions.

It is perfectly possible for a fraud to be a material item in the context of the financial statements.
Materiality has a direct relationship with the assessment of audit risk, that is the risk that the
auditors will give an incorrect report, and auditors will take some care in setting materiality
levels, revising them as the audit proceeds as necessary.

Over time auditors have derived some ‘rule of thumb’ quantitative indicators of materiality,
defining it as a percentage of some aspect of the accounts such as gross profit or net assets or,
in some cases, as an absolute amount. ISA 320 outlines how this can be done. The reason for
this is easily apparent insofar as the auditor’s primary task is to report on the truth and fairness,
or otherwise of the financial statements so that items which are immaterial are unlikely to be of
much interest. The increasing use of risk-based audit techniques and the new requirements of
ISA 320 regarding what is known as ‘performance materiality’, which we don’t need to consider
here, has perhaps sharpened the overall consideration of materiality but has served to reduce
the amount of actual testing carried out by the auditors as they rely on the strength of the
organization’s own internal control environment to keep them out of court.

Let’s look at an example of how materiality works. Suppose there is an internal fraud to say
$100,000, one of which has been going on at this rate for three years so, overall, some
$300,000 of company assets has been stolen over that time.

If the company concerned is, say, Huge PLC with turnover and profits in hundreds of millions of
dollars, $100,000 may be well below the external auditor’s materiality level. Their procedures
would be most unlikely to detect such a fraud unless they stumbled across it by accident or
were told about it by a whistle-blower. They would be looking at the risks around considerably
larger transactions as only these would have the potential to adversely affect the results of the
entity on a significant way.

Clearly however a similar-sized fraud in Small Ltd, with turnover of millions and profits in
hundreds of thousands, would be material to the financial statements so one might have a
greater expectation that, even if the internal control system had missed it or been bypassed in
some way, the auditor’s procedures would detect the possibility of an anomaly or an indication
which might indicate fraudulent behavior or the need for further investigation.

Auditors, in their texting procedures, particularly of balance sheet items, can give away
indications of materiality levels to organization staff with statements such as ‘Please provide us
with an analysis of every payables balance over $5,000.’

This can give the fraudster an indicator of the levels of materiality the audit might be utilizing, an
indication which they might seek to confirm by close observation of the audit testing procedures.
If they survive the first year’s audit, unless they do something foolish, they have a good chance
of surviving subsequent years. Errors uncovered by the audit can often be ignored because they
appear to be trivial or not material, unless the cumulative value becomes material, when, in fact,
they may be signifiers of a deeper malaise.

The External Auditor and the Forensic Accountant

The forensic investigator will be likely to ask for input from the external auditor early in the
investigation. The external auditors should have carried out extensive client assessment
procedures, following the precepts of ISA 315 and ISA 330 outlined above, including:
 Gaining an understanding of the client and its operating environment, including its
internal control system, sufficient to identify and assess the risks of a material
misstatements due to fraud or error.
 An assessment of the risks of a material misstatement due to fraud or error by
considering:
 The nature of the business, its services and its products which may be
susceptible to misappropriation. For example, business which involve cash
takings (for example, retailers) or easily portable and valuable assets (for
example, jewellers) are particularly vulnerable as are organizations where assets
are held in a fiduciary capacity (for example, solicitors who hold client’s monies
before handing them on to the appropriate persons). Also vulnerable are areas
where payment is made on the basis of an opinion, i.e. the value of work certified
in the construction industry or the value of extras to contract. Thus may involve
corrupt practices such as bribery of a quantity surveyor.
 Pressures on the business including circumstances which may induce
management to overstate profits (or understate) losses) in order to:
- Retain the confidence of investors, bankers or creditors
- Meet profit forecasts
- Increase profit-related remuneration
- Stave off the threat of insolvency proceedings, and
- Maintain the share price where management have shares or share
options.
- The known strength, quality and effectiveness of management.
- The internal control environment including the degree of management
involvement and supervision and the degree of segregation of duties, and
where there is excessive authority vested in a senior manager.
- The ability of the management to override otherwise effective controls.
 - The existence and effectiveness of internal audit.

Discussions with the external auditors and examination of audit files and audit risk assessments
can give the forensic investigator a flying start.

Clearly this will require a formal access letter from the client as the external auditors are bound
by the rules of client confidentiality but this should be a mere formality.

Should a forensic accounting investigation be evaluating the extent of a financial statement

fraud, then clearly co-operation with external auditors is going to be difficult. There may be the
possibility of legal action hanging over the auditors as well as potential investigations by the
regulatory body so they will be extremely conscious of the need to be seen to co-operate whilst,
at the same time, trying to avoid making any statements or giving away any information, over
and above that required and any statements or giving away any information, over and above
that required and obtainable by the investigators, which may be prejudicial to any future legal
case.

Forensic investigators should therefore proceed accompanied by sound legal advice.

It may be that the forensic accounting team will come from within the external audit firm, which
has some advantages to the client not least in terms of access to information and audit
experience and expertise, but also has some clear disadvantages centring around issues of
independence and conflict of interest within the audit firm.

In any case, even where no blame attaches to the auditors, or even where some does, they
have a right to know the nature and extent of what has been uncovered by the investigation.
The outcome may well have a bearing on their audit of the financial statements and any
adjustment which may be required in respect of prior year figures.

If the investigation has arisen during the course of an audit additional time may be needed for
the audit partner to fully evaluate the results of the investigation and the effect it may have on
the auditors’ report.

Again there are likely to be questions of confidentiality so disclosures should only be made with
the benefit of legal advice. External auditors may, for example, wish to know if any information is
being withheld form them concerning a fraud investigation and they may seek assurance that
such information will not be likely to be prejudicial to any audit opinion they may issue. External
auditors have statutory rights to information granted to them under S499 Companies Act, 2006
in connection with their audit of the organization’s financial statements, so it could place the
organization in a difficult position should they refuse to disclose information which may be
pertinent to the audit.

Forensic investigators from an independent firm would require their client’s permission to
disclose information to the external auditors, and even an investigation team from the same firm
as the auditors would be well advised to take legal advice before they disclosed confidential
information concerning an investigation to their audit colleagues without the specific permission
of their client.

Each case has to be considered on its own merits and it is outside the scope of this book to
discuss the legal technicalities of this situation any further.
The role of Internal Audit
The role and function of internal audit is defined by their trade body, the Institute of Internal
Auditors (IIA) as:
An independent, objective assurance and consulting activity designed to add value and
For internal
improve an auditors the IIAoperations.
organization’s bases its Itprofessional standards accomplish
helps an organization on the Code its of Ethics and
objectives by
International Standards for the Professional Practice of Internal Auditing. This sets
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of out therisks
key
requirements
management,forcontrol,
the effective functioning
and governance of an internal audit role and the standards which
processes.
individual members of the institute must abide by. In carrying out their day-to-day work internal
auditors will also, of course, pay due attention to the ISAs issued by the Auditing Practices
Board as these set a benchmark of good practice in many areas.

Internal audit’s role is thus primarily managerial. The IIA speaks of internal audit as having its
primary purpose as being the organization’s critical friend’ to:
 Challenge current practice
 Champion best practice, and
 Be a catalyst for improvement.

In Order to assist the organization to achieve its strategic objectives. Internal audit is likely to
cover issues in some detail which the external auditors would not necessarily review such as:
 Risk management
 Review of procedures
 Monitoring risk-assessment processes, and
 Reviewing risk exposure.
 Operational Issues
 Quality systems
 Tendering and procurement procedures
 Supplier selection and performance
 Cost recording and budget monitoring
 Control and monitoring of expenditure
 Asset usage
 Achievement against internal key performance indicators, and
 Control of outsourced operations.
 Sales and marketing
 Customer complaints
 Credit control procedures
 Pricing and sales volumes, and
 Control of sales staff.
 Human resources
 Recruitment and selection procedures, and
 Training.
 Computer systems
 System controls
 Use of computer-assisted auditing techniques (CAATs), and
 System development
 Compliance with legal and regulatory requirements.
 Value for money issues – economy, efficiency, effectiveness.

The definition of internal audit places it firmly in the risk-management role. They are there to
‘improve operations’ and ‘improve the effectiveness of risk management control and governance
processes’. Thus then would lead one to assume that fraud prevention and detection was a risk
they would gladly seek to engage with.
Internal Auditors and Fraud
In April 2003 the IIA issued its Fraud Position Statement, which made it quite clear where
responsibility lay:
The primary responsibility for prevention, detection and investigation of fraud rests with
management which also has the responsibility to manage the risk of fraud. Many
organizations now have a dedicated in-house ‘security’ function with responsibility to manage
fraud investigations. This function may be assisted by internal audit.

This is as expected. Within the organization management is primarily responsible for everything
and cannot delegate that responsibility to anyone else. The IIA goes on to say reinforcing this
point, that ‘it is not a primary role of internal audit to detect fraud’.

They recognize that most people, and perhaps that includes the management of their
organization, probably think that fraud detection is, at least, one of their primary roles. There is
another expectation gap her that has to be managed.

Consequently internal audit’s official role in connection with fraud is defined by the IIA as being:
 Investigating the causes of fraud – (presumably post-detection)
 Reviewing fraud prevention controls and detection processes put in place by
management
 Making recommendations to improve those processes
 Advising the audit committee on what, if any, legal advice should be sought if a criminal
investigation is to proceed
 Bringing in any specialist knowledge and skills to assist in fraud investigations, or
leading investigations where appropriate and as requested by management
 Liaising with the investigation team
 Responding to whistle-blowers
 Considering fraud risk in every audit
 Having sufficient knowledge to identify the indicators of fraud, and
 Facilitating corporate learning about fraud

What this means in reality is that the internal audit function should be well placed to uncover
fraudulent behavior, far better placed, then external auditors. The reason for this is simple
enough – they know the business and they are not confined to simply testing the accounting
entries sufficiently well so as to gather evidence to validate a set of accounts

Internal audit is well placed to consider the possibility of money laundering and following up
reports from whistle-blowers.

Internal Audit and the Forensic Accountant

The forensic accountant therefore should have an ally in the internal audit function, but before
placing any reliance upon that person three things must be considered:
1.) Is the internal audit function in the organization a proper function or does it carry out a
box-ticking exercise to satisfy the audit committee? What this boils down to is:
 Is the head of internal audit a senior figure in the management team?
 Does internal audit report to the audit committee or in a way which divorces them
from the CFO or the CEO?
 Is internal audit truly independent of line management?
  Do they have a budget and resources sufficient to enable them to carry out their
work effectively?
 Can they set their own schedule of work or is this devised for them by
management?
2.) Are the members of the internal audit team qualified and experienced auditors who can
be relied on to carry out their work effectively and efficiently? Do they have enquiring
minds and a willingness to implement new procedures or are they simply going through
the motions in a fairly dispirited way?
3.) Does the executive management actively encourage internal audit by responding to its
reports and recommendations and by allowing it access to all areas of the business
without let or hindrance?

If a forensic accountant is called in to carry out an investigation it is likely to be in

circumstances:
 Where internal audit has uncovered a fraud or the preliminary indications of one and is
bringing in a specialist
 Where internal audit have found nothing but the management is not satisfied, or
 Where a whistle-blower or other unsubstantiated report has indicated the possibility of
fraud or other malfeasance.

In each case the forensic accountant will have to work with internal audit at some level. If the
assessment of internal audit is that their direct involvement may be less than helpful because of,
say, a lack of skills or some form of bias the decision is a simple one. However, if internal audit
is likely to be a useful adjunct to the investigation team the forensic accountant can use them for
their:
 Knowledge of the company and systems – in particular how anomalies are likely to
evidence themselves.
 Assessments of individuals and departments, systems and procedures. In addition to
their official reports they will have, or should have, gathered a mass of unofficial
information, unsubstantiated rumour and gossip. They will have their personal opinions
of managers and staff, which they certainly could not broadcast but could reveal to a
forensic investigator. Whilst much of this may be discounted, the thoughts of
experienced local auditors should never be entirely ignored.

They can assist in the actual investigation work by:

 Collecting and collating information and documentation, using core audit skills to carry
out tests and analysing data under supervision.
 Using their skills in project management such as planning, scheduling, document
management, looking at issue resolution and follow-up and recording and
communication of results.

The internal auditors can bring their knowledge of the organization to bear in terms of providing
background information. They can also be a useful resource in collecting data, advising the
forensic investigators on their approach and in helping them avoid traps and pitfalls.

Working with a good team of internal auditors saves a lot of time and effort. However, care must
be taken not to jump to conclusions or to make false assumptions based on unproven
‘knowledge’ or supposition – or by reacting inappropriately to malicious rumour or gossip.

There are of course two provisions:

  Internal audit must realize that what they are taking part in is an investigation which may
result in legal proceedings. They therefore have to recognize the forensic accountant’s
responsibility to preserve evidence and the ‘chain of evidence’ to avoid inadvertently
compromising any possible criminal case.
 Normal audit rules don’t apply – announcing visits or submitting requires for
documentation is simply inappropriate during the course of an investigation. It is the
forensic accountant who makes the rules and they have to agree to abide by them.

The ultimate responsibility for the investigation will lie with the organization – possibly embodied
in the form of the audit committee. It may well decide that it is inappropriate for the internal
auditors to be involved, in which case they become simply a passive resource, a source of
information for the forensic accountant but no more than that.

-- Report --
Materiality (1)
External Auditors are primarily involved in identifying and preventing two types of fraud:
1.) Misappropriation of assets. Misappropriation of assets occur when an individual steals
from the organization.
Ex.
 Embezzlement, manipulation of accounts and the creation of false invoices.
 False expense claims.
 Payroll fraud, where payments have been diverted or fictitious, ‘ghost’ employees
have been created.
 Data theft or intellectual property theft.

2.) Misstatements arising from fraudulent financial reporting.

Ex.
 The falsification, manipulation, and tampering of accounting records and
supporting documentation used to produce financial statements.
 Intentional misrepresentation of transactions or other material information in the
financial statements.
 Intentional misapplication of accounting principles in relation to balances,
classifications, or disclosures.

Auditors depend on the organizations internal control system to identify and prevent frauds,
such as manipulation of accounts and records and intentional misstatement. Materiality is one of
the main issues that have the potential to affect the external audit procedure.

The significance of a transaction or a group of transactions. Judgments regarding

materiality are based on surrounding circumstances, including the extent and nature of
the misstatement.

Materiality is the significance of an omission or misstatement in the accounting information that

can change or influence the decision of the person (users of financial information) relying on
said information. ISA 200 discusses how misstatements and omissions can be considered
material. Decisions regarding materiality can be affected by the perception of the auditors about
the needs of the users of the financial statements. Judgments are created based on different
circumstances and the size or nature of the misstatement.
Materiality is essential to the audit. When conducting an audit, Auditors often apply the concept
of materiality during the planning stage by assessing the materiality of each transaction or
account to determine which items require significant attention in their audit. Materiality is also
applied when auditors evaluate the different effects of uncorrected misstatements.

Importance of Materiality
According to the ISA, the primary purpose of an independent audit is to improve the degree of
confidence of users in the financial statement of the organization. To achieve the said objective,
auditors provide opinions about how the financial statements are created, taking into account all
aspects of materiality. Because the financial statements as a whole serve as the foundation for
the auditor's judgment, ISAs mandate that auditors acquire reasonable assurance about
whether there are no major misstatements, whether due to fraud or error.

(ISA 200) The goal of an audit is to increase the confidence of users in the financial
statements. ISA mandate that auditors have reasonable assurance regarding if the
financial statements are free from material misstatement, whether as a result of fraud or
error.

The External Auditor and the Forensic Accountant (2)

During an investigation the Forensic Accountant will seek advice from the external
auditor regarding examination of audit files and audit risk assessments.

The forensic investigator will be usually seek advice from the external auditor when conducting
an investigation since they have conducted detailed client evaluation procedures, which
includes:
 Acquiring sufficient knowledge of the client and its operations, especially its internal
control system, to recognize and evaluate the risks of major misstatements brought on
by fraud or error.
 An evaluation of the risks of a significant misrepresentation resulting from fraud or error.

Collaborating with external auditors and conducting a comprehensive analysis of audit files and
audit risk assessments will help Forensic Accountants to perform their investigations effectively
and efficiently.

The role of Internal Audit (3)

The Internal Audit Department provides different information, assessments, and
recommendations to the management regarding activities and procedures in an organization, as
well as issues that have been identified. They exist to improve not only the operations of the
organization but also the effectiveness of risk management control and governance processes.

The Institute of Internal Auditors (IIA) defines Internal Auditing as “An independent,
objective assurance and consulting activity designed to add value and improve an
organization’s operations”. By applying a structured, methodical approach to review and
enhance the effectiveness of risk management, control, and governance systems, the
internal audit activity enables an organization in achieving its goals.

The Audit department performs tasks that are within the approved audit plan such as:
 Verifying the existence of assets and proposing necessary measures for their security;
 Assess the effectiveness of the internal control system and recommend improvements;
 Assess if laws and contractual obligations are being followed;
  Evaluate adherence to policies, processes, and ethical corporate conduct;
 Evaluate operations and programs to determine whether they 're being carried out
according to plan and if results correlate with established objectives;
 Investigate any reported incidents of fraud or theft.

Unlike External Auditors, which only cover financial reporting risks, Internal Auditors look into
every risk category, their management, and reporting. Internal auditors handle different issues
that are crucial to the growth and survival of an organization. They deal with organizational
reputation, development, environmental impact, and how the business treats its employees.

Internal auditors assist organizations to achieve their strategic objectives. Internal auditors
utilize assurance and consulting to improve systems and processes and resolve issues in some
detail such as:
 Risk management
 Monitoring risk-assessment processes, and
 Evaluating the risk exposure
 Operational Issues
 Expense tracking and spending management
 Monitoring and controlling spending
 Asset management
 Success in relation to internal key performance metrics, and
 Management of outsourced operations.
 Sales and marketing
 Credit control procedures
 Price and sales data, as well as
 Management of sales personnel.
 Human resources
 Recruitment, selection, and training procedures.
 Computer systems
 System controls
 System development
 Compliance with legal and regulatory requirements.

The difference between Internal and External Audit

External Internal
Objective Providing feedback on the Identify areas for
report to help increase the improvement in the
organization's credibility to its
governance, risk
stakeholders in themanagement, and control
organization's financial procedures. This provides top
reporting. management and board
members the assurance they
need to carry out their
responsibilities to the
organization and its
stakeholders.
Coverage Financial reports and All risk categories, their
financial reporting risks management, and reporting
 associated with them.
Reporting Any Shareholders or Members of the
members who are not a part organization's governance
of the organizations structure, such as the board
governance structure. and senior management.
Responsibility for None, The external Auditors The goal of internal auditing
improvement responsibility is to report is improvement. To avoid
problems that have been undermining management's
identified. responsibilities, it is carried
out through counselling,
coaching, and facilitation.

Internal Auditors and Fraud (4)

The IIA released a Fraud Position Statement regarding the responsibility of internal auditors
when it comes to fraud. The management is responsible for identifying, preventing, and
investigating the different frauds that have been detected in the organization. The function of the
internal audit is to assist the management in preventing fraud from occurring within the
organization.

The role of internal audit involves assisting the management in identifying, avoiding, and
monitoring fraud risks, and resolving such risks through audits and investigations.

Internal Auditors must take into account the different areas of the organization where fraud is
more likely to occur. They must have the skill to respond appropriately by conducting
evaluations and auditing different controls in those areas where there is a high risk of fraud.

The IIA defines internal audit’s function concerning fraud as:

 Examining the fraud detection and prevention measures.
 Providing recommendations to strengthen those procedures
 Communicating with the investigative team
 Possessing the information necessary to recognize the signs of fraud, and
 Promoting corporate training on fraud

As mentioned earlier Internal Auditors must be familiar with different areas within the
organization that are more susceptible to fraud to be effective. However, internal auditors should
not be expected to have the same level of skill as someone whose main duty is to investigate
fraud. Those with the necessary experience should carry out such investigations.

The management must keep in mind that the management is accountable for all activities within
the company and has no capacity to assign this accountability to anyone. The IIA continues … It
is not the primary function of internal audit to identify fraud.

One of the expectation gaps that have to be managed is that most people, including the
management of the organization, probably think that fraud detection is, at least, one of their
primary roles the Internal Auditor.

Relationship between Internal Audit and the Forensic Accountant (5)

Forensic Accountants are often employed by an organization to conduct an investigation when
situations such as:
 An Internal Auditor has identified a fraud or discovered preliminary indications of one, or
  In cases when fraud or other misconduct may have been identified by a whistle-blower
or other unconfirmed information.

Forensic Accountant can work with Internal Auditors. They can assist in the actual investigation
work by:
 Gathering and organizing data and documentation, performing tests utilizing
fundamental auditing skills, and conducting data analysis under supervision.
 Using their project management skills, such as scheduling, planning, managing
documents, examining issue resolution and follow-up, and documenting and
communicating results.

The internal auditors could contribute background information by relying on their understanding
of the company. They can also be a valuable source for gathering information, giving forensic
investigators advice on how to proceed, and assisting them in avoiding mistakes.

The forensic accountant will need to collaborate with an internal auditor in different situations to
some extent. The internal audit is likely to be a valuable addition to the investigation team since
the forensic accountant can employ them for their:
o Understanding of the business and its processes, including how irregularities are likely to
present themselves
o Evaluations of people, departments, systems, and processes.

A forensic accountant is employed to investigate circumstances where an internal

auditor has discovered fraud. Internal Auditors can assist forensic accountants during
the investigation by gathering and collating information and documentation and
analyzing data