Professional skepticism is closely interrelated with professional judgment as both are essential to the proper conduct of the audit and are key inputs to audit quality.
Professional scepticism is a key element in the CA(SA) Competency Framework and ISA240 contains three pages on the topic, so there is no getting away from the fact that auditors are required to be professionally sceptical.
Even so, many auditors do not feel ‘professional’ when applying professional skepticism, as there tends to be discomfort felt from both sides when making inquiries of management and others. The client may feel offended with these seemingly ‘rude’ questions and the auditors don’t enjoy asking these questions, unless they like seeing people squirm!
We have found there are a few potential reasons why auditors are not asking fraud-related questions during their audits and one of the key reasons is that auditors don’t know what questions to ask and/or they don’t know how to ask these direct questions so that they do not upset the client.
Joseph Wells, the founder of the ACFE (Association of Certified Fraud Examiners) has this advice:
“There are 3 questions that I recommend all auditors ask every client they interview during an audit. If they start out by saying, "Part of my job as an auditor is to deter fraud," it will give them license to ask some direct, but polite questions:
- "Do you think this organization has any problems with fraud? Why or why not?"
- "Has anyone ever asked you to do something you thought was illegal or unethical?"
- "What would you do if someone asked you to do something like that?"
With these 3 questions, auditors will be fulfilling their audit responsibilities much more, because the great majority of frauds are uncovered by someone who works at the organization.
Auditors need to understand that many well-meaning people will not come forward and volunteer information, so it's their job to ask the questions.
Asking these questions also helps send the right message to the people being audited: We're actively looking for frauds, so be careful.”
And keep in mind that what managements tells us does not equate to audit evidence, so it’s critical to triangulate audit evidence, i.e., verify what management tells us to other sources of information. For example, if we are provided with an invoice, then we should match it to the purchase order and actual payment.
Finally, we need to realise that people do lie, cheat and steal, so while asking these questions, the auditor should be applying basic forensic interviewing skills to see if there are signs of deception.
Pamela Meyers in her book Liespotting, provides an excellent BASIC framework to try and detect lies:
- Baseline – what does the person look and sound like when they are telling the truth. This would be determined by the ice-breaking chit-chat.
- Ask open-ended & closed questions.
- See any red flags - clusters of red flags?
- Intuit - what you see & hear - trust your gut and identify gaps if any.
- Confirm – double-check some facts, hypothesize, re-ask some questions if needed.
Sam Antar, the former CFO of Crazy Eddie, a former CPA, and a convicted felon, made the following comment:
“We never feared the auditors. Since the white-collar criminal uses persuasion & deceit to commit their crimes it follows that such felons are artful liars. Unless the accounting profession learns the skill of questioning, the criminal will continue to have the upper hand.”
In conclusion, if auditors apply professional skepticism in their audits, by asking the right questions, by triangulating audit evidence and applying deception detection skills, they should be feared by the criminals while honest management should have a healthier respect for them.