Archive for August, 2011

“Mandatory Brainstorming” and the Detection of Fraud

Friday, August 19th, 2011

An oxymoron is a figure of speech in which noun and adjective contradict each other. A “white raven” is such a contradiction, or a “quadratic sphere”, but also “negative growth”, “open secrets” or “intentional errors”. Newspapers are full of such contradictory terms. In short, oxymorons are terms that cannot exist.

The financial scandals of the first decade of the current millennium have changed a lot for auditors. SAS 99 introduced mandatory procedures for auditors when considering fraud in financial statement audits. AU 316 § 14 requires auditors to have a mandatory brainstorming session. What is this, a mandatory brainstorming session?

“Prior to or in conjunction with the information-gathering procedures described in paragraphs .19 through .34 of this section, members of the audit team should discuss the potential for material misstatement due to fraud. The discussion should include:

• An exchange of ideas or “brainstorming” among the audit team members, including the auditor with final responsibility for the audit, about how and where they believe the entity’s financial statements might be susceptible to material misstatement due to fraud, how management could perpetrate and conceal fraudulent financial reporting, and how assets of the entity could be misappropriated. (See paragraph .15.)

• An emphasis on the importance of maintaining the proper state of mind throughout the audit regarding the potential for material misstatement due to fraud.”

I am a fan of mandatory brainstorming sessions. I have already found them very worthwile. Immediately, after the standard was issued, I tried the required techniques in practice. In our next engagement, in the evening, we discussed together with the other team members what section in the financial affairs of our client would be the most “illicit”. While having dinner, in a very relaxed atmosphere, we exchanged ideas. I do not remember who first had the idea to take a closer look at entrusted property. The next day, we started with special procedures for this topic. And it immediately became clear that entrusted property was not correctly handled. The effect was close to magic. The explanation, however, is simple and rational: most fraud schemes are visible. It is only our habitual blindness to organizational deficiencies that makes them invisible.

Of course, it is useful to be also sceptical (if not critical) also in relation to SAS 99. Is mandatory brainstorming not an oxymoron? Brainstorming is a creative process. How such a process could be regulated by a paragraph? Is freedom of thought available on demand?

Let’s imagine the following internal dialog between myself and my brain.

I will say to my brain: “Be free”, and my brain will answer “Ok, but not today. Today I am lazy!”. I will tell my brain: “Hey, this was an order! How you can say: not today?” “Well, because I am free, that’s why”, my brain says, “and by the way, I was already free before you told me about AU 316/SAS 99.”

In my opinion “mandatory brainstorming” only sounds like an oxymoron – in fact, it is more a getting together of antagonists on a higher level. Of course, freedom and duty are contradictions, on a very basic level. However, all of us are used to combine both aspects for mutual benefit: an agreed duty would be better executed than an imposed duty, for instance. Or: Liberty exists only in the framework of law, and so on. How do we call the process of combining antagonists on a higher level? – Dialectical thinking. In short: A free exchange of ideas in the audit team – regardless of hierarchies – is a precondition of effective fraud detection. Nothing is contradictory here.

The standard setters made a very courageous step when issuing SAS 99. Indeed, it is close to standardizing something that cannot be standardized. Historically, you can say that the audit profession moved away from patterns of standard fraud risk factors (which were still prominent in SAS 82) to a more deeper approach of perception of reality (in SAS 99). The requirements are, in a sense, quite radical: an auditor is required to think independently, also in a team. However, this requirement is not something you can comply with by ticking off the right column in your work papers. You cannot comply with the requirement “in form”, you have to comply with it “in substance”.

Michael Ramos, CPA, writes in “Fraud and the Financial Statement Audit: Auditor Responsibilities under SAS 99” (AICPA 2004): “This new standard was four years in the making. It is the product of a thoughtful thorough, and open standards-setting process that constantly sees to improve audit quality. The standard incorporates results of academic research …, recommendations of the Public Oversight Board´s Panel on Audit Effectiveness …, and comments from over 50 groups … representing a wide variety of stakeholders.” In other words, Michael Ramos justified SAS 99 by the process of its adoption and by the authority of the standard setters. This argumentation is useful in order to show that SAS 99 was not a “hot fix”. However, reading the lines of Mr. Ramos, I had the fear that SAS 99 would not be enforceable in the profession – it sounds as if it is necessary to defend SAS 99 with these auxiliary arguments.

This may well be the case. In his text, Mr. Ramos compares SAS 99 with Robert Pirsig´s “Zen and the Art of Motorcycle Maintenance”, a book about bringing together the apparently contradictory philosophies of the East and the West. I must confess that I was shocked by this comparison: How could a white collar profession use this non-conformist book as a description of our basic work approach? On the other hand, I must confess that I was very pleased by the comparison.  Indeed, SAS 99 “will require auditors to change their mindset”, as Mr. Ramos writes.

Using a further oxymoron, I would like to ask: Is there a fraction of “strict non-conformists” among the standard setters? If I am not mistaken, it seems that SAS 99 also reflects part of a fight between different cultures of perception in our profession – formalists and non-conformists. To make brainstorming mandatory in the standards could have been a kind of a big joke of the non-conformists. Could it be that these standard setters want us to laugh?

First I thought that this side effect of SAS 99 was not intentional. But the longer I think about this, the more I get the impression that this side effect is probably the main aim of this standard. It is this constant refreshing of the intellect that makes the audit profession so pleasurable. For a moment, I could feel this very big solidarity in the audit community: you can only hear the grass grow if you take away our habitual perception filters. This attitude is not a sideline of the audit profession. It is more or less the core.

Frank Fabel, CPA

P.S. The second point of SAS 99 para 14 – requiring a “proper state of mind” – would be also a nice theme for a blog text. Readers are invited to leave a comment (with the button below).

P.P.S. We would like to invite you to our seminar “Fraud Detection and Fraud Prevention” on 5 and 6 October 2011 in Berlin. The seminar is designed for directors, controllers, project managers of international charities. Information requests should be sent to mallek@fws-audit.com.