Should auditors also be investigators?

Marie Pupecki Date published: Aug 22, 23

On June 6, the Public Company Accounting Oversight Board (PCAOB) proposed sweeping new auditing standards ( PCAOB Release No. 2023-003) that would require auditors to consider a company's non compliance with laws and regulations (NOCLAR), including fraud, in the performance of an audit. 

It mandates auditors to proactively pinpoint, using inquiry and other methodologies, the relevant laws and regulations applicable to a company and bolsters requirements to assess and respond to the risk of significant miss-statements due to non compliance. Most significantly, the proposal necessitates auditors to uncover instances suggesting potential non compliance.

The Center for Audit Quality (CAQ) has expressed strong concerns about this proposed standard categorizing it as a “fundamental shift in the objectives of an audit,” stating “auditors are not lawyers or forensic specialists.”

A real-life example

This proposed standard recalls an attestation engagement that I participated in years ago, even before Sarbanes Oxley Act and the creation of the PCAOB. We were operating under the fraud standard at that time, which primarily required inquiries of management and establishing the tone at the top.

I was the audit manager on the engagement for an overseas company with a subsidiary located in the US. This was my first year on the engagement. As we performed our attestation procedures upon inventory, we started to run into unusual issues. The underlying detail records did not agree to the company’s financial statement balances, and we were unable to obtain the necessary audit evidence that inventory was not misstated. Inventory, as one could expect, was a pervasive issue, so we were not going to be able to issue even a limited amount of assurance to the parent company.

The partner and I met with the CFO to discuss the inability to reconcile or roll forward inventory balances. I don’t remember his exact excuses and had no evidence (as the audit partner reminded me), but I remember being convinced that the CFO was lying.  We never received adequate audit evidence, so couldn’t complete the engagement.   We did present the parent company with a report of the control and process weaknesses that documented the reasons we were unable to give assurance.

Several years later, I felt totally vindicated, as the CFO along with seven other executives and management in the Company were convicted of various forms of illegal conduct, including mail fraud, violating the Virus Serum Toxin Act, conspiracy, to name a few. After illegally importing a virus, they had been shipping vaccines to Syria and Saudi Arabia in violation of the Export Administration Act. Other than my belief the client was lying, I had no evidence that these illegal shipments had occurred and had never even heard of the Virus Serum Toxin Act. All I knew was that we did not have audit evidence to support the inventory balance.

If the new rule proposed by the PCAOB had been in place, we would have had a responsibility to ferret out these illegal acts. The joint investigation that led to these arrests was conducted by the U.S. Department of Commerce, the U.S. Department of Agriculture, and U.S. Immigration and Customs Enforcement, and was prompted by an internal whistleblower. 

Should there really be an expectation that our audit team of four people were going to discover this conspiracy to commit fraud? We did our job, as it relates to financial statement assertions, not investigating a potential crime.

Given how may deficiencies the PCAOB has been documenting in their audit reviews, it appears that auditors have their hands full already, is it right therefore to expect them to also be lawyers and fraud investigators too?

Ideagen External Audit

Find out how Ideagen’s External Audit solutions help to provide an accurate and trustworthy service to your clients.

Find out more