In the wake of several company losses, it is becoming common for companies to appoint forensic auditors to investigate their operations. A forensic audit differs from a financial statement audit, and is not a substitute to the regular external audit. It would not be unusual for a forensic audit to be recommended by a financial statement auditor, also referred to as an external auditor. The two have separate objectives although they may overlap to some extent. However, while there may be a legal requirement to do a yearly financial statement audit, the forensic audit is mainly discretionary and on a need-to basis, when theft or fraud is suspected.
The main objective of external auditors is not to detect fraud. Yet whenever financial theft is uncovered, the first question is, “where were the auditors?” Auditors are hard pressed to explain where they were, and what value they add to investors and the capital markets if they cannot detect fraud. There is an expectations gap on what investors and other interested parties regard as the role of the auditors, and what auditors regard as their role. Good corporate governance requires that this expectation gap is narrowed as much as possible, and better still be closed.
The role of external auditors is to provide “reasonable assurance” that the financial statements they have reviewed are fress of material misstatement whether caused by error or fraud. The phrase “whether caused by error or fraud” remains contentious. A review of the role of auditors and directors in the financial statements of one of the large companies listed in the Nairobi Securities Exchange is interesting. The statements show that the directors' responsibility is the preparation and fair presentation of financial statements and for such internal controls, as the directors determine necessary, to enable the preparation of financial statements that are free from material misstatement, “whether due to fraud or error”.
The same statements show the auditors' responsibility is to express an opinion on the financial statement based on the audit. It also indicates the auditors plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatements. The magical phrase “whether due to fraud or error” is missing.
Granted, the external audit outcome is an “opinion” rather than a guarantee, or an approval of the financial statements. This reflects both the limitation of the external auditor based on the amount of audit work and judgement involved in drawing the audit opinion.
The primary responsibility to prevent and detect fraud is the responsibility of management that perfom day-to-day operations and the directors that provide oversight. That said, the auditors have the secondary responsibility to detect material misstatement caused by fraud or error. It is perhaps time the auditors are required to include this phrase in their opinion.