What is wanted is not the will to believe, but the will to find out, which is the exact opposite.” – Bertrand Russell, “Skeptical Essays,” 1928
Questions about professional skepticism – how to define it, how much is enough, what policies support it, and what practices diminish it – are perennial topics of concern among auditors and accountants. These topics also should be of concern to all stakeholders, including a company’s management, board of directors, and audit committee.
In any discussion of fraud detection and prevention, the phrase “trust but verify” is almost certain to come up. Regardless of how apt that concept might have been in the context of Cold War diplomacy, it could be argued that “trust but verify” is actually bad advice when it comes to deterring fraud in general.
In fact, “trust but verify” could be a downright dangerous approach when applied to audit procedures in particular. A much better slogan for fraud deterrence would be, “Trust is a professional hazard.”
It is not just auditors who must be concerned with maintaining appropriate professional skepticism. This point was stressed during a roundtable convened in April 2013 by the Anti-Fraud Collaboration, which comprises the Center for Audit Quality (CAQ), Financial Executives International (FEI), The Institute of Internal Auditors (IIA), and the National Association of Corporate Directors (NACD). The author participated in this program, which had the objective of bringing together some key players – corporate directors, financial executives, external auditors, and internal auditors – from all along the financial reporting supply chain to discuss each group’s expectations and understanding of the various players’ roles in deterring and detecting financial reporting fraud.
A portion of the discussion focused on an initial survey of the four organizations’ members, which produced a number of surprising findings about the attitudes and opinions of the various stakeholders. The roundtable’s summary concluded, “A large majority of survey respondents believe that financial management has primary responsibility in deterring financial reporting fraud, with a smaller majority believing financial management is responsible for detecting financial statement reporting fraud.” The implication is that because financial management plays a leading role in detecting financial fraud, it is incumbent on executives – not just auditors – to exercise appropriate levels of professional skepticism. Board members and particularly audit committee members also must take care to exercise a skeptical approach to financial reports and supporting information.
The Anti-Fraud Collaboration’s survey also revealed that the various stakeholders’ expectations and opinions about their organizations’ effectiveness in deterring and detecting fraud vary widely. When asked to rate his or her organization’s overall performance, an internal auditor was much less likely to say that his or her organization exhibits the appropriate balance between trust and skepticism.
As shown in Exhibit 1, only 46 percent of those affiliated with the IIA said that their organization exhibits the appropriate balance of trust versus skepticism, compared to 58 percent of the financial executives (members of FEI), 70 percent of the external auditors (CAQ members), and 79 percent of the board members (affiliates of NACD) who responded.
Tellingly, 42 percent of the internal auditors said that their organization exhibits more trust than skepticism. This is a particularly troubling admission considering the paramount role that professional skepticism – not trust – must play in auditors’ performance of duties.
Read more by downloading the complete thought leadership piece here.
Thank you and have a safe holiday season!