Cindy Fornelli
Cindy Fornelli
Michele Hooper
Michele Hooper
Knowledge Sharing to Deter and Detect Fraud

Tips for improving communications among the financial reporting supply chain.

November 4, 2010
by Cindy Fornelli and Michele Hooper

Each of the participants in the financial reporting supply chain — company management, boards of directors and audit committees, internal auditors and external auditors — has a separate but interconnected role in the shared responsibility to deter and detect fraud. Fulfilling this responsibility successfully requires leveraging each party’s complementary activities by sharing information and concerns and identifying any gaps in the collective efforts to mitigate the risk of financial reporting fraud. To this end, participants in a series of fraud deterrence and detection discussions held by the Center for Audit Quality (CAQ) emphasized the importance of regular, open and robust communications across the financial reporting supply chain. They also encouraged collaboration to stimulate continuous improvement in efforts to deter and detect financial reporting fraud. Effective communications are a self-reinforcing cycle. Frequent, high quality communications enhance the knowledge and understanding of all parties, resulting in better questions and a constantly improving communications process.

The audit committee is a hub for coordinating many financial reporting communications because it has primary reporting lines from management, the internal auditor and the external auditor. It is the responsibility of the audit committee to see that these communications work well.

Effective communications require both time and commitment. Adequate time on the board and audit committee agendas for all priority matters promotes open, two-way discussion and critical challenge rather than a superficial or minimalist approach. CAQ discussion participants noted that it is important to foster a culture of inquiry so that board and audit committee members are not intimidated or discouraged from asking questions or challenging management or other board or committee members. In particular, executive sessions of the board and audit committee with the chief financial officer and key employees, the internal auditors and the external auditors are invaluable in providing all parties with a broad perspective on the company’s financial reporting environment and the reporting culture, including whether controls are respected and complied with faithfully. The KPMG Audit Committee Institute’s The Audit Committee Journey reports that “the audit committee’s executive sessions with the external audit partner are viewed (by 75% of respondents) as most productive, followed closely by internal audit and the CFO.” The report goes on to state “The external auditor continues to be the best source of suggestions for improving the audit committee’s organization and activities.”

Executive sessions provide the opportunity for the audit committee to go beyond the review of financial reports and have frank dialogue on “soft” topics such as corporate values, management style and the potential for financial reporting fraud. For example, when the audit committee is discussing the financial statements with management or the results of internal audit engagements with the chief audit executive, committee members may want to consider specifically asking about and probing the controls over financial reporting, including controls over management override.

Audit committees should also consider expanding their communications beyond senior management. Conversations with operating personnel and with financial management below the top level can provide valuable insights into the company’s culture and the risks it is facing. Audit committees should consider asking questions such as “Were you pressured to do anything?” and “What are you uncomfortable with?” If the person knows that his or her response will be held in confidence, they will be more inclined to share concerns.

Point to Ponder

There is almost never enough time on board and audit committee agendas and yet time constraints should not curtail critical discussions. What are the best techniques to ensure that all issues of concern to the board and audit committee are adequately discussed? One approach is to minimize opening remarks and formal presentations. What else works well?


Most participants in the CAQ discussions and interviews agreed that the Sarbanes-Oxley Act requirement that the audit committee engage the external auditor has facilitated the discussion of difficult issues and allowed for more effective oversight of the financial reporting process. External auditors are required to report annually to the audit committee on a variety of matters and audit committees are one source of input into an auditor’s assessment of the risk of material misstatement in a company’s financial statements and the related audit response. Discussion participants emphasized that these communications should not be viewed as a routine compliance exercise, but rather as the starting point for an in-depth discussion of any matters that concern either the audit committee or the external auditors.

Of course, not all communications run through the audit committee; communications also regularly occur between management and the internal auditor, management and the external auditor and the internal auditor and the external auditor. In most organizations, the internal audit function reports administratively to a member of senior management and internal audit’s activities serve a key role in helping management assess the effectiveness of the control environment and the risk of financial reporting fraud. Internal audit should consider management’s risk assessment and other input in developing its audit plan, although management should not limit the scope of internal audit’s work.

Internal audit’s findings and recommendations can provide management with important insights in assessing whether the intended tone at the top and ethical messages have permeated throughout the organization’s culture.

CAQ discussion participants noted that the objectives and professional standards of internal and external auditors with respect to the risk of financial reporting fraud are similar and complementary. Internal audit’s evaluation of management’s fraud risk assessment, as well as the results of internal audit’s testing of internal controls, are important to the external auditor’s assessment of fraud risk and its planning of the external audit. Similarly, the results of the external audit may also inform the ongoing internal audit plan. Continuous communication about these matters is mutually beneficial to both parties and is essential to avoiding gaps in the effort to mitigate the risks of financial reporting fraud.

Participants in the financial reporting supply chain should work diligently to establish and maintain an environment of open and ongoing communication. As the discussion participants underscored, the goal is to share knowledge, insights and concerns to enhance the collective efforts of all supply chain participants and make the whole greater than the sum of its parts. Communications also foster collaboration among all stakeholders and stimulate continuous improvement in efforts to deter and detect financial reporting fraud.

Required External Auditor Communications to Audit Committees

PCAOB auditing standards require the external auditor to communicate various matters to the audit committee, including, but not limited to, the following:
➤ Significant accounting policies, management judgments and accounting estimates
➤ The auditor’s judgments about the quality, not just the acceptability, of the company’s accounting principles
➤ Significant difficulties, if any, encountered during the audit
➤ Uncorrected misstatements that were determined by management to be immaterial, individually and in the aggregate
➤ Audit adjustments arising from the audit, either individually or in the aggregate, that in the auditor’s judgment could have a significant effect on the entity’s financial reporting process
➤ Significant internal control deficiencies or material weaknesses and disagreements with management


Summary of Considerations Related to Communications

For Management

  1. Encourage two-way communication between managers and employees at all levels in the organization.
  2. Work proactively to make sure that boards, audit committees, internal auditors and external auditors are well informed on a timely basis about the company’s operations, strategies and risks, including the latest developments.

For Internal Auditors

  1. Establish a regular schedule of face-to-face meetings with senior management, the audit committee and the external auditor to exchange insights and perspectives.

    Explore opportunities for the external auditor to leverage the work of internal audit.

For Boards and Audit Committees

  1. Routinely ask questions of management, internal auditors and external auditors to elicit indications of potential concerns related to incentives or opportunities for financial reporting fraud.
  2. Work to connect with the organization outside the boardroom. Seek opportunities to interact with managers, employees, vendors and customers to enhance knowledge of the company and possible risks of financial reporting fraud.


For External Auditors

  1. Proactively promote opportunities for robust conversations between the external auditors and the audit committee on relevant matters, including the factors considered in the auditor’s assessment of fraud risk and the company’s approach to developing significant accounting estimates. Seek an executive session with the audit committee at all meetings to encourage candid conversation, even when there are no special concerns or significant issues to discuss.
  2. Work with boards and audit committees to vary the nature and focus of their questions to management, internal auditors and others such as key employees in order to extend the breadth and depth of the discussion and obtain an enhanced understanding of the business and the potential risks of financial reporting fraud.


This article has been excerpted from CAQ’s new report, Deterring and Detecting Financial Reporting Fraud — A Platform for Action (PDF).

Rate this article 5 (excellent) to 1 (poor). Send your responses here.

Cindy Fornelli is the executive director for the Center for Audit Quality. She has been recognized by Directorship magazine as one of the most influential people on corporate governance and Accounting Today as one of the most influential people in accounting. Fornelli previously served as the regulatory and conflicts management executive at Bank of America and deputy director of the Division of Investment Management of the U.S. Securities and Exchange Commission. Michele Hooper is co-vice chair of the CAQ’s Governing Board and president and CEO at The Directors’ Council, a firm that specializes in corporate board of director recruitment and board advisory services. Hooper currently serves on the boards of directors of three corporations and chairs the audit committees for two. She is on the board of the National Association of Corporate Directors (NACD) and is president of NACD, Chicago Chapter.