Related Posts

Fraud Risk, Staffing Reductions, and OJ Logic at CFO.com

orangejuice_Full.jpgEditor’s Note: Robert Stewart is a former Big 4 auditor and ex-Marine who has since served in several executive management roles in both Internal Audit and Corporate Finance. He is also the founder and chief contributor to the online accounting and audit community, The Accounting Nation. Outside of work, he is a husband, father, brother, writer,uate aspiring triathlete.
You can always count on CFO.com for logic flaws and surface reporting. It’s like drinking that concentrated orange juice in a can when you add three parts too much water and then put ice cubes in it because it’s warm, which makes it even more watery which… Where was I going with this?
Oh yeah. In one of their latest articles, entitled “As Internal Audit Staffs Shrink, Will Fraud Rise?“, the author portends — based on a Deloitte survey and subsequent interview — that the decrease in internal audit personnel somehow increases the risk of organizational exposure to fraud. What? Ever hear the phrase “Correlation is not Causation”? Symptom or cause.


Here’s my $0.02: such staffing reductions may increase the risk that fraud will go undetected (though only nominally given that IA only uncovers about 12% percent of frauds according to the ACFE’s Report to the Nation), but the risk to the organization more than likely remains constant, right? Am I missing something here?
After all, Internal Audit is a downstream event unless you make the argument that the organizational perception of being “watched” has diminished with the reductions in internal audit/compliance staffing, thus emboldening would-be fraudsters (i.e. strengthening the “opportunity” leg of Cressey’s Fraud Triangle). But this article doesn’t make that argument.
The article further states that:

Despite the reduction in compliance personnel, 50% of respondents to the Deloitte survey, who included CFOs, CEOs, board members, and middle managers in finance and risk management, said their compliance and ethics programs are strong. Another 36% said they are adequate. Many public companies and some private companies invested significantly in their compliance programs after the passage of Sarbox in 2002, notes Francis, and they may now feel confident that those programs are effective even with a reduced staff. But that confidence may not always be justified.

Confidence? I would hardly call the above percentages “confidence” on the part of the respondents. If I told you that 50% of the airline pilots felt that their pre-flight checklist procedures were strong, how would you feel about flying? No F*#$ing way I’m getting on that plane.
The words wrapped around the survey results and subsequent interview quotes don’t at all support the conclusion that this article is trying to draw. Perhaps it’s because the survey was designed and administered by a firm (Deloitte) that has a vested interest in drumming up some business through fear tactics? After all, you’re never going to hear a burglar alarm company extolling the improvements in public safety.
And you’re never going to hear a company that sells risk-related services conducting and publicly releasing results that don’t support their strategic objectives. Or perhaps it’s just bad writing at CFO.com in order to satisfy a quota? The World may never know (I think the World will be fine with this). Either way, I’ve wasted double the amount of time that I should have on this topic (i.e. read it and wrote about it). And so with that…I bid you adieu.

Auditors, The PCAOB Still Doesn’t Think Too Highly of the Job You’re Doing

Thumbnail image for Thumbnail image for Chuck_Liddell_001.jpgThe PCAOB is considering telling auditors how to do their jobs issuing guidance on communication with audit committees and a new auditing standard on related parties, according to Compliance Week. Not to worry though, they’re going to ask the bigwigs on the Standing Advisory Group for their $0.02:

The PCAOB also plans to bounce some ideas off the advisory group for a new standard to govern how auditor should communicate with audit committees, in part to establish some new guidance regarding communication about management judgments and estimates. According to a briefing paper provided to SAG members, PCAOB is looking for ideas on how to get past boilerplate dialogue to achieve more effective, robust communications between auditors and audit committees.

Auditors? Boilerplate dialogue? Is the PCAOB questioning your ability to ask substantive questions? For shame. Obviously Peekatboobs will be able to develop much better, non-boilerplate questions than you and then you’ll be required to ask those questions of the audit committee. That’ll get the job done.
Likewise, auditors, you’ve simply dropped the ball on related parties since, “financial relationships with related parties have proved important in recent corporate scandals, and the board’s inspection and enforcement actions suggest some auditors aren’t skeptical enough when evaluating such relationships and transactions.”
The infinite wisdom of the PCAOB is clearly on display here. Auditors, it’s going to become necessary that your skepticism is going to reach a physical level or at least the threat of such. Your skepticism in words and on paper is simply not getting the job done.
You’ll have to get Chuck Liddell to beat some people down or simply laying heat out on the conference table during discussions to get your point across, otherwise, clients are going to just keep taking advantage of you.
This will be the plan until the next financial crisis of course when the PCAOB will assess that the questions and methods developed now turn out to be boilerplate and ineffective and it’ll be back to the drawing board again. Don’t get too comfortable.
PCAOB Considers Rules on Communication, Related Parties [Compliance Week]