white paper

Risk and fraud: What today’s audit firms need to know

The audit profession is at a critical juncture. Facing evolving regulatory changes and professional standards, vast amounts of available data, and now a global pandemic, the need to focus on innovation and greater collaboration between audit teams and clients has never been greater in combating risk and fraud.

In fact, according to a KPMG/Forbes Insights survey, clients expect more from the audit. More specifically, 78 percent of those CEOs, CFOs and other financial executives surveyed believe auditors should use more sophisticated technologies for data gathering and analysis. Furthermore, 60 percent want help in assessing risks and risk management practices, more than half (52 percent) are looking for a forward-trending view of risks, and 48 percent are looking for a forward-trending view of data (Audit 2025: The Future is Now, Rep 2017).

Embracing cloud-based solutions that unlock greater automation, real-time collaboration, and robust data analysis is essential for today’s growth-minded firms. The good news is that technology is advancing at an unprecedented pace, enabling firms to future-proof their audit capabilities, reduce risk, and drive increased compliance.

This white paper explores some of the risks and fraud-related challenges facing today’s auditors, and how firms can leverage advanced technologies to change the game.

The Role of the Auditor

In today’s business environment, risk and fraud prevention and detection are top of mind for many companies — and for good reason. Sift through the news and you’ll be hard-pressed not to find a story about economic fraud and corruption.

In fact, the amount of money lost to occupational fraud — asset misappropriation, corruption, and financial statement fraud — each year is staggering. The Association of Certified Fraud Examiners estimates that organizations lose 5 percent of revenues each year to fraud (Report to the Nations, Rep 2020).

And, while it’s the large corporations that tend to make news headlines, that doesn’t mean that small businesses are immune. According to ACFE, certain fraud risks (i.e., billing fraud, payroll and check/payment tampering) are more likely in small businesses than in large organizations (Report to the Nations, Rep 2020).

It’s important to note, however, that auditors rarely find fraud. According to the ACFE, an internal audit initially detects occupational fraud only 15 percent of the time, and an external audit 4 percent of the time. The most common way fraud is detected: A tip (43 percent) usually from an employee, but also from outside parties like customers, vendors, and competitors (Report to the Nations, Rep 2020).

Why? This is likely because audits are not designed to prevent or detect fraud. For years, audit firms have maintained that they are not responsible for detecting fraud or, to be more precise, detecting all fraud.

Both the AICPA and Public Company Accounting Oversight Board (PCAOB), however, have underscored the importance of the auditor’s fraud detection responsibility. The PCAOB has stated that, “The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.” It goes on to state that, “Due professional care requires the auditor to exercise professional skepticism. … The auditor should conduct the engagement with a mindset that recognizes the possibility that a material misstatement due to fraud could be present, regardless of any past experience with the entity and regardless of the auditor's belief about management's honesty and integrity.” (AS 2401: Consideration of Fraud in a Financial Statement Audit, As Amended for FYE 12/15/2020 and After)

In May 2019, it was announced that the AICPA’s Auditing Standards Board (ASB) had issued a suite of standards on auditor reporting, and also issued SAS No. 135, Omnibus Statement on Auditing Standards—2019, which is intended to more closely align ASB guidance with the PCAOB's standards (AICPA, May 8, 2019, AICPA’s Auditing Standards Board Issues Suite of Standards on Auditor Reporting, Press release).

SAS No. 135, Omnibus Statement on Auditing Standards—2019 addresses significant unusual transactions and states, among other things, that, “If the auditor identifies significant unusual transactions when performing the audit procedures … the auditor should inquire of management about the … nature of these transactions [and] whether related parties could be involved.”

It goes on to state that, “Obtaining further information on significant unusual transactions enables the auditor to evaluate whether fraud risk factors, if any, are present and to identify the risks of material misstatement due to fraud (Omnibus Statement on Auditing Standards, May 2019).”

As outlined by the ASB, examples of such unusual transactions include complex equity transactions, such as corporate restructurings or acquisitions; transactions with offshore entities in jurisdictions with less rigorous corporate governance structures, laws, or regulations; and sales transactions with unusually large discounts or returns.

Given the impact of the COVID-19 pandemic, the effective date of SAS No. 135 has been pushed one year to Dec. 15, 2021.

“The new Standard requires that you really get a good understanding of the business rationale for those types of things. Why is it with a related party versus a third party? What is the business purpose of the significant, unusual transaction, or lack thereof? Why did it happen? And it specifically calls out to look for bias and look for fraud, so definitely a heightened responsibility around that,” said Alison Parker, Audit and Assurance executive editor at Thomson Reuters Tax and Accounting (Parker, Alison, phone interview, Sept. 11, 2020).

COVID-19-Related Fraud

For auditors, COVID-19 has given rise to never-before-seen challenges in performing audits (which we’ll discuss in more detail later), and they are needing to remain on higher alert for fraud risks.

“For companies that have laid off key personnel and with work forces moving out of the typical office environment, there could be a breakdown in internal control. Auditors may need to adjust audit procedures as necessary to help reduce any potential fraud risks that could have a material effect on the financial statements,” stated the AICPA’s Center for Plain English Accounting (Consequences of COVID-19 Potential Auditing Challenges, Rep, April 1, 2020).

It’s undoubtedly a tough time for clients. Faced with stay-at-home orders and mandated shutdowns, many companies swiftly cut costs, furloughed staff, and sought new ways to serve customers and drive new revenue opportunities. While businesses are beginning to reopen and optimism is slowly on the rise, concerns remain.

According to a PwC US CFO Pulse Survey, which reflects the views of 330 U.S. finance leaders, worries about a new wave of COVID-19 infections topped the list of threats to business recoveries — a concern for 59 percent of U.S. finance leaders. Fifty-four percent said the impacts of global economic downturn is their top concern, followed by the financial impacts at 42 percent (PricewaterhouseCoopers, n.d., PwC US CFO Pulse Survey).

In addition, a MetLife and U.S. Chamber of Commerce Small Business Coronavirus Impact Poll found that, while many small businesses are cautiously optimistic, most are still concerned about financial hardship due to prolonged closures (70 percent) and more than half worry about having to permanently close (58 percent) (MetLife and U.S. Chamber of Commerce Small Business Coronavirus Impact Poll, Rep,  July 29, 2020).

And while the federal government’s Coronavirus Aid, Relief & Economic Security (CARES) Act and Main Street Lending Program enabled many companies to stay afloat and keep employees on their payrolls, rebuilding will take time and work.

It should be noted that, according to the MetLife and U.S. Chamber of Commerce Small Business Coronavirus Impact Poll, 19 percent of respondents reported applying for, and receiving, a Paycheck Protection Program (PPP) loan. Among loan recipients, nearly two-thirds (64 percent) are concerned about meeting the criteria necessary to receive loan forgiveness (MetLife and U.S. Chamber of Commerce Small Business Coronavirus Impact Poll, Rep,  July 29, 2020).

Given these uncertain times, auditors must remain on higher alert for fraud risks. Almost every crisis, whether it is a natural disaster like a hurricane or a global pandemic, brings out people who try to exploit the situation for their own financial gain.

In fact, instances of fraud are already playing out in the PPP loans to help small businesses. By the time the PPP closed to new applications in August, more than 5.2 million loans had been approved, for a total in excess of $525 billion (Acting Assistant Attorney General Brian Rabbitt Delivers Remarks at the PPP Criminal Fraud Enforcement Action Press Conference, September 10, 2020).

Early on, Justice Department officials had prepared for a rise in fraudulent activity and took proactive steps like setting up a team dedicated to PPP fraud, said Brian C. Rabbitt, the acting head of the department’s criminal division, at a news conference in September (Acting Assistant Attorney General Brian Rabbitt Delivers Remarks at the PPP Criminal Fraud Enforcement Action Press Conference, September 10, 2020).

At the time of this white paper, the Criminal Division had charged 57 defendants with PPP-related fraud, ranging from loan requests for $30,000 to approximately $24 million, Rabbitt announced in September. The cases involve attempts to steal more than $175 million from the PPP, and actual losses to the federal government of more than $70 million (Acting Assistant Attorney General Brian Rabbitt Delivers Remarks at the PPP Criminal Fraud Enforcement Action Press Conference, September 10, 2020).

Rabbitt said that, in many cases, defendants used the stolen PPP funds for entirely illegitimate purposes like luxury items for themselves, their families, and their friends such as cars, jewelry, travel, and other personal expenses (Acting Assistant Attorney General Brian Rabbitt Delivers Remarks at the PPP Criminal Fraud Enforcement Action Press Conference, September 10, 2020).

For example, in August the Criminal Division charged five defendants with fraudulently obtaining millions in PPP funds and using them, in part, to buy a luxury Mercedes, a Range Rover, and $125,000 in jewelry.

“Professional skepticism is just going to be of the utmost importance this year. … You really have to ratchet up that professional skepticism to an 11, and I think related parties and significant, unusual transactions are key areas to do that in,” said Parker (Parker, Alison, phone interview, Sept. 11, 2020). “… There are certain areas that are ripe for manipulation.”

Fuzzy Accounting Estimates

Over the years there has been a rise in the use of accounting estimates, including fair value measurements, in the preparation of financial statements. Accounting estimates, however, can present unique auditing challenges because they are based on so many assumptions and projections. This makes accounting estimates susceptible to management bias, and they are often some of the areas of greatest risk in an audit.

According to a report by the Center for Audit Quality (CAQ) and Financial Executives International (FEI), “Uncertainties and volatility in the economic environment may have a significant impact on the measurement uncertainty, complexity and subjectivity of accounting estimates, in particular those estimates that are dependent on management’s intent and ability to carry out certain actions or are based on cash flow forecasts or other forward-looking projections.” (Understanding the Auditing Requirements for Accounting Estimates and the Use of Specialists: Considerations for Auditors and Management, Rep, June 2020)

Furthermore, this is an area where management may be tempted to manipulate financial information, inflating their company's net worth and net income.

Examples of estimates that can be distorted by management include: (Understanding the Auditing Requirements for Accounting Estimates and the Use of Specialists: Considerations for Auditors and Management, Rep, June 2020)

  • The estimate of uncollectable accounts receivable
  • Estimates of expired or unusable inventory
  • The estimate of the completeness of a project on which the company is earning income

Those who prepare financial statements use methods (including models), data, and assumptions to determine an accounting estimate, and auditors are required to understand the methods, assumptions, data, and relevant controls used by management to develop those accounting estimates (Understanding the Auditing Requirements for Accounting Estimates and the Use of Specialists: Considerations for Auditors and Management, Rep, June 2020). Given the increased complexity of financial reporting, this is no small feat.

“If management hasn’t taken the time to reevaluate those projections that’s another red flag that maybe they’re not taking this seriously or maybe they’re trying to cover up something. … There are going to be a lot of impairment discussions and a lot of uncomfortable conversations around things like fair value,” Parker said (Parker, Alison, phone interview, Sept. 11, 2020). “So that’s definitely an area where auditors need to assign their more senior staff and engagement teams to really look at and really challenge management.”

Added Brian Fox, founder of Confirmation, VP of Strategic Partnerships at Thomson Reuters, “I would say it’s even more important to check with third-party experts to get their opinion on those types of things [e.g., inventory obsolescence, estimates and fair value]. … If you're not an expert as an auditor you need to bounce that information off of third-party experts that are at arm’s length [and] are your representatives, not necessarily the representatives of the company you are auditing (Fox, Brian, phone interview, Sept. 11, 2020).”

In 2018, the PCAOB adopted new requirements for auditing accounting estimates and the auditor’s use of the work of specialists that are effective for audits of fiscal years ending on or after Dec. 15, 2020. In July 2019, the Securities and Exchange Commission approved the new standard and related amendments.

According to the PCAOB, the new estimates standard replaces three standards with a single, uniform standard that sets forth an updated approach to auditing accounting estimates. It emphasizes that auditors need to apply professional skepticism, including addressing potential management bias, when auditing accounting estimates. Additionally, the new standard provides more specific direction on auditing fair values of financial instruments that are based on information from third-party pricing sources (PCAOB Adopts New Estimates Standard and Amendments Related to Using the Work of Specialists. Press release, December 20, 2020).

As noted by KPMG, the new standard differs from the prior requirements in several important ways. Among other things, the standard (Defining Issues: SEC approves new PCAOB auditing standards. Issue brief, August 1, 2019):

  • Better integrates the requirements for auditing accounting estimates with the PCAOB’s risk assessment standards, which should drive auditors to devote more attention to estimates with greater risk of material misstatement;
  • Extends certain key requirements in the current standard for auditing fair value measurements to all accounting estimates to reflect a more uniform approach to substantive testing;
  • Provides greater specificity about procedures expected to be performed by the auditor (e.g., when evaluating methods used by the company to develop an accounting estimate); and
  • Places greater emphasis on the auditor’s consideration of potential management bias in accounting estimates.

Risks of Remote Auditing

Remote auditing is not a new concept and, due to advancements in technology, has gained greater attention in recent years. However, never have auditors been faced with a situation where everything needed to be remote. Then COVID-19 hit.

In addition to creating a global public health emergency accompanied by a crushing economic blow, the pandemic and its related travel restrictions shifted into high gear the adoption of remote auditing.

Today, there’s a renewed focus on remote auditing procedures and firms are now taking a closer look at best practices and lessons learned.

While remote auditing has its advantages, it no doubt presents some challenges and, given the lack of on-site procedures like in-person interviews and inventory observations, it can open up more opportunities for fraud.

As outlined by accounting firm Yount, Hyde and Barbour (YHB), the AICPA has identified several aspects of audit work that may present challenges when done remotely (Overcoming the challenges of remote auditing during the COVID-19 crisis. Web log post, June 11, 2020):

Internal controls testing. Auditing standards require an understanding of how employees process transactions plus testing to determine whether controls are adequately designed and effective. If employees now work from home, a company’s control environment and risks may have changed from prior periods.

Inventory observations. Auditors usually visit the company’s facilities to observe physical inventory counting procedures and compare independent test counts to the company’s accounting records. Pandemic-related stay-at-home policies (whether government-imposed or company-imposed) could prevent both external auditors and company personnel from conducting physical counts.

Management inquiries. Auditors are trained to observe body language and judge the dynamics between co-workers as they interview company personnel to assess fraud risks.

“Videoconference is going to be key … just to watch people. You can’t get quite as strong of eye as you would in person but you can definitely still pick up on things — tone of voice, look on the face. You know it when you see it,” said Parker (Parker, Alison, phone interview, Sept. 11, 2020). “I would also say corroborate, corroborate.”

Added Fox (Fox, Brian, phone interview, Sept. 11, 2020), “One of the things that I would be very cautious about is too much insistence by the client to say that you can’t come to the office and do a walk through, or an inventory count, or to see source documents in person. That certainly is a potential for a red flag. I understand the [COVID-19] concerns and wanting to be safe, but I think a fraudster is absolutely going to use that to their advantage.”

In the end, if a firm finds they are unable to accomplish the requirements remotely they may need to issue a modified audit opinion.

Technology: A Game Changer

The good news is that advancements in technology — such as web-based solutions, machine learning, and robust data analytics — can help your firm successfully navigate today’s changing audit landscape, reduce risk, and drive increased compliance.

Consider this: The majority (94 percent) of finance leaders say that advanced technologies promote the quality of the audit (Next Generation Audit, Rep, 2018).

If your firm is using disparate applications that require laborious work like synchronization, data shuffling, using various applications in various environments, and redundant data entry, chances are your workflows are suffering from significant inefficiencies. This negatively impacts your firm’s profitability and its ability to effectively serve clients. It’s time to work smarter.

One of the most important steps you can take is to leverage an integrated, web-based platform that enables real-time digital collaboration between your audit team and your clients throughout the audit cycle. This enables firms to streamline operations and achieve a more profitable, productive practice with strengthened client ties.

For instance, consider an integrated solution that delivers the following:

  • Engagement and document management
  • An automated engagement process tailored for each audit
  • A secure digital confirmation process
  • Robust data analytics
  • Client collaboration capabilities
  • The ability to embed AI-powered audit and accounting research and professional standards

This enables your firm to deliver a modern audit experience and confidently perform higher quality audits for your clients.

As stated in a KPMG/Forbes Insights report, “The audit has become digitized over the past several years, as audit firms and their clients are able to share higher-quality data. The age of the smart audit is dawning with advanced technologies enabling auditors to deliver enhanced audit quality” (Next Generation Audit, Rep, 2018).

Take, for example, Thomson Reuters Cloud Audit Suite, which provides an end-to-end audit solution:

Engagement management: Power your audit workflow with AdvanceFlow, a comprehensive engagement management tool that offers full trial balance capabilities, workpaper management, financial statement reporting functionality, and real-time collaboration.

Audit methodology: Experience a guided engagement process, including detailed assistance at the point in time it’s needed with Checkpoint® Engage, an automated and risk-based methodology to perform audits, reviews, compilations, and preparation.

Secure confirmations: Easily send online confirmations to anyone, anywhere in the world, eliminating traditional methods that are prone to error, even fraud. Only Confirmation provides a global network of validated responders that guarantee you a response.

Specialized audit consulting: Rely on AuditWatch to provide leading experts to train and consult on everything from audit methodology and the audit process to audit technology services.

Document storage: Access your documents 24/7 with cloud-based storage. GoFileRoom combines document management, scanning, and workflow technologies into a single solution.

Research and guidance tool: Find answers quickly with embedded research and professional standards using Checkpoint Edge, available throughout your engagement process and powered by AI.


Given evolving regulatory changes and professional standards, vast amounts of available data, and now a global pandemic, auditors are facing unprecedented times. The need to focus on innovation and greater collaboration between audit teams and clients has never been greater in minimizing risk and detecting fraud.

The stakes are high but by partnering with the right solutions provider your firm can successfully implement the tools and resources necessary to future-proof your audit capabilities.

Firms that fail to evolve and leverage the benefits of advanced technologies risk losing their competitive edge, audit efficiencies, customer loyalty and, ultimately, profitability. Is that a risk your firm is willing to take?

Cloud Audit Suite

Audit technology enabling real-time digital collaboration between audit teams and clients