Reducing the Expectation Gap Forensic Audit Procedures

By Paul E. Zikmund

JUNE 2008 – Auditing is increasingly difficult and challenging, with new rules and regulations encouraging, if not requiring, auditors to enhance their efforts to detect fraud during an audit. Unfortunately, these rules and regulations contain terms like “reasonable,” “material,” “professional skepticism,” and “brainstorming,” whose meanings vary in the minds of different auditors.

The “expectation gap” reflects a perceived difference between what one is expected to accomplish by others and what one personally believes he must accomplish. For example, the airline industry now expects a significant portion of flights to be delayed during the busy summer months. Passengers do not subscribe to this same belief, so when their flights are delayed, this exposes an expectation gap.

Auditors face similar challenges when it comes to detecting fraud in an audit. In many instances, they are not sure how much effort must be made to uncover red flags for fraud. More important, they do not always take the appropriate steps to uncover fraud once a red flag surfaces during an audit. Clients, judges, shareholders, and other parties, however, expect auditors to take steps to detect fraud during the audit. They are often displeased when fraud goes undetected and is later uncovered by a tip or accident. The resulting investigation or financial statement restatement creates negative consequences for the company and its employees.

The reasons an auditor may fail to identify red flags during an audit include the following:

  • Overreliance on client representations;
  • Lack of awareness or recognition of an observable condition indicating fraud;
  • Lack of experience;
  • Personal relationships with clients;
  • Failure to brainstorm potential fraud schemes and scenarios; and
  • A desire “not to know.”

The expectation gap is driven by two variables: the auditor’s ability to detect fraud, and the auditor’s efforts to detect fraud. An auditor may possess the skills to detect fraud, but might choose to take shortcuts or disregard obvious signs of potential fraud. Or, an auditor might use a variety of techniques, but lack the experience to effectively uncover red flags. Both scenarios will broaden the expectation gap.

An auditor must develop the requisite skills to detect fraud and obtain sufficient knowledge of the rules and regulations in order to better understand what is required during an audit. Statement on Auditing Standards (SAS) 99, Consideration of Fraud in a Financial Statement Audit, requires auditors to obtain “reasonable” assurance that material fraud is not present. The Institute of Internal Auditors (IIA) standard 1210.A2 requires auditors to possess “sufficient knowledge” to identify indicators of fraud. Whatever the words “reasonable” and “sufficient” mean to auditors will not matter if they fail to detect fraud. The definitions of “reasonable” and “sufficient” will be determined by their manager, client, senior management, or the judge or jury in a lawsuit.

Developing Fraud Detection Skills

Fraud examiners rely on the following tools:

  • Knowledge of specific fraud schemes and scenarios;
  • Knowledge of applicable laws and
  • Excellent communication skills; and
  • Strong interviewing skills.

While auditors cannot be expected to develop these skills to the level of a fraud examiner, they should try to become more proficient through training, hands-on experience, reading the professional literature, brainstorming, and using fraud detection skills during the audit.

Training and awareness. All auditors should possess basic knowledge of fraud schemes in order to better position themselves to detect red flags during an audit. Auditors can start by developing a basic understanding of fraud schemes and scenarios, as well as the reasons why people commit fraud. Organizations such as the IIA (, the National Association of Certified Valuation Analysts (NACVA;, and the Association of Certified Fraud Examiners (ACFE; offer training that provides a basic understanding of the various schemes relating to financial statement fraud, asset misappropriation, and bribery and corruption schemes. Auditors who develop significant fraud-detection skills can choose to pursue certifications such as the ACFE’s Certified Fraud Examiner (CFE) and the NACVA’s Certified Forensic Financial Analyst (CFFA). In addition, many colleges and universities now offer fraud detection and examination courses as part of their business, accounting, or audit programs. Some schools even offer more advanced degrees in the field of forensic studies. This training typically ranges from a basic one-to-four-hour overview of fraud detection to a three-day comprehensive course, where auditors look for fraud by reviewing case studies, participating in group sessions, and reviewing actual data.

Brainstorming. Brainstorming fraud risks is critical to a successful audit and identifying red flags for fraud. If nothing else, brainstorming will create a mindset for auditors to think like a fraudster, supporting the adage, “to catch a crook, learn to think like one.”

In this writer’s experience, approximately 50% of all auditors brainstorm fraud risks prior to the start of an audit. Of auditors who use brainstorming as a fraud detection tool, only about half make it a formal process where they document the schemes and identify techniques aimed at uncovering red flags. The other auditors conduct brainstorming on a more informal basis and admit to considering the risk for fraud without formally documenting this consideration.

A more formal brainstorming process is necessary to fully benefit from this exercise. For example, auditors could use a spreadsheet and involve a team of at least three auditors. Preferably, the team should consist of a fraud examiner or an auditor experienced in fraud detection. Following these guidelines will make brainstorming more effective:

  • Make it fun and interactive, with everyone participating.
  • Present a fraud case study to stimulate responses.
  • Involve an experienced fraud examiner.
  • Identify previous company frauds in the discussion.
  • Use a facilitator.

After the brainstorming session, it is imperative to plan and perform the audit in accordance with the schemes and scenarios identified during the discussion. For example, if procurement fraud was identified as a high-risk area, the audit should include steps to identify red flags. These steps could include the following:

  • Using data analytics to identify suspicious vendors;
  • Reviewing vendor spending for the previous 12 months to identify suspicious patterns, including duplicate payments;
  • Analyzing vendors with post office box addresses to find “ghost vendor” schemes;
  • Comparing employee addresses to vendor addresses for possible matches;
  • Contacting vendors that bid unsuccessfully for contracts, to inquire about the bidding process; and
  • Running a Benford’s Law (which predicts the occurrence of digits in data) analysis on vendor invoices to identify suspicious patterns of invoice amounts.

Interviewing skills. Auditors should consider effective interviewing as a basic forensic tool to use during an audit. Auditors can benefit from developing a basic awareness of deception and when someone may be lying.

Generally, people are cooperative, energetic, receptive, and supportive of an auditor’s efforts. The auditor should spend the first 15 minutes or so of any discussion with an interviewee building rapport. It is important to watch the person’s mannerisms, body language, and overall demeanor. It is also important to listen to an individual’s tone of voice, willingness to volunteer information, and style of answering questions. Once an auditor establishes a rapport with the interviewee, she can proceed to the line of questioning associated with the audit. It is at this point that an auditor needs to be aware of any change in verbal or nonverbal behavior.

Example: Mary was in charge of accounts payable. During the audit, she participated in a discussion with Justin, who reviewed vendor payments. Mary sat upright and freely volunteered information about her daughter who played soccer and her son who started as the high school quarterback. Justin was interested because he had played high school football in the same town. After they exchanged pleasantries, Justin moved to questioning Mary about the vendor database and how payments were processed. Mary quickly became a different person. She sat back in her chair and crossed her arms. She presented a defensive posture and answered questions in short sentences. Justin felt awkward but continued to press on because he was under a time restraint to complete his review. He completed his questions, took a sample of payments, and wrote his report. He felt a little unsure, but was happy to complete the audit.

One year later, Mary was discovered to have created four fictitious vendors and improperly billed her employer more than $400,000 for services never provided. Revisiting the interview, it is quite obvious why Mary became defensive when Justin began asking about her job responsibilities. Had Justin trusted his evaluation of Mary and believed she might be lying, he could have taken a larger sample or conducted additional analytical procedures to uncover potential red flags for fraud. Auditors who take an active role in interviewing and learn to analyze the interviewee and not just take notes are in a much better position to uncover potential signs of deception and possibly fraudulent activity.

Discussions with management. Less than 30% of auditors this author has surveyed engage management in conversations during the audit about their suspicions of fraud or employee misconduct. But people do not usually volunteer information; they wait until they are asked. This writer recommends engaging individuals in conversations about fraud, code of conduct violations, or employee misconduct.

Consider the Fraud Triangle

Donald Cressey, a criminologist, developed the fraud triangle concept (see the Exhibit) by studying people who had committed embezzlement, and identified them as “trust violators.” He found that people develop a nonshareable financial need—a pressure—that drives them to look for illegitimate methods to solve their problem. This pressure may arise from a gambling addiction, family problems, work-related issues, or other personal or professional problems. The interesting component of Cressey’s theory is that individuals are unable to share this pressure with others. Although every employee faces pressures at home and work, not everyone commits fraud. Examples of nonshareable pressures include the following:

  • A corporate vice president develops a new business plan. Unfortunately, the plan fails miserably, and his business experiences a loss. He recently suffered through two previous bad quarters, and he believes the CEO may consider dismissing him. Unable to tell the shareholders and the board of directors the bad news, he persuades the CFO to help him create fictitious sales to mask the losses and avoid losing his job.
  • A senior financial officer experiences significant losses in her personal investments. She feels unable to discuss her personal financial failures because they may hurt her status as a highly trusted employee in charge of the company’s finances. She attempts to resolve her personal financial problem in secret by writing company checks to a shell company she created in the company vendor database.

The second leg of the fraud triangle is opportunity. Opportunity defines the method by which the crime can be committed and is generally provided through weaknesses in the internal controls. The opportunity does not have to be real, so long as it is perceived by an individual. For example, a driver can choose to exceed the posted speed limit on the highway because he doesn’t believe that a police officer is working radar in the area. This opportunity may be real (a police officer is nowhere to be found) or perceived (a police officer is hiding, but the driver cannot see him). Either way, the driver may elect to speed. In the first scenario, the driver would enjoy driving faster than permitted by law. In the second scenario, he would receive a ticket.

A fraudster will undergo the same type of reasoning and may elect to take advantage of weak or nonexistent controls to defraud an employer. Examples include inadequate or nonexistent—

  • supervision and review;
  • separation of duties;
  • management approval; and
  • system controls.

The third part of the fraud triangle relates to a person’s ability to rationalize behavior when committing an unlawful or unethical act. Returning to the example of speeding, a driver who exceeds the speed limit, whether consciously or unconsciously, knows that he is violating the traffic laws, even if he speeds all the time. However, many drivers justify their behavior with one or more rationalizations:

  • I’m only keeping up with traffic.
  • I’m a good driver.
  • Everyone speeds.
  • My car is built to drive fast.

People do not ordinarily label themselves as criminals or bad people, and they often rationalize their actions to justify their behavior. For example, an employee embezzling cash might use the following rationalizations to justify his actions:

  • I’m only borrowing the money.
  • The company can afford a few thousand dollars.
  • I deserved a bonus or raise but didn’t get one.

Once all three parts of the triangle—pressure, opportunity, and rationalization—are present at the same time, the likelihood exists that a person will commit fraud. Auditors spend considerable time focusing on reducing the opportunity for fraud by assessing the existence and effectiveness of internal controls. Auditors must consider the other two parts of the triangle during their audit. Pressure is increased when profitability is decreasing, when downsizing is announced, when employee turnover is rising, or when employees experience personal financial pressures. Auditors should consider these factors during the audit. For example, if a company misses its earnings estimates for two or three consecutive quarters, there could be extra pressure to commit financial statement fraud. Auditors can learn of potential personal pressures during their conversations with employees. An auditor may learn that one employee is constantly late, experiencing personal financial difficulties, worried about his segment’s performance, or displaying poor morale.

An auditor must also consider an individual’s ability to rationalize. Because auditors cannot read employees’ minds, they are never absolutely sure of what is happening in a person’s life. However; a recent downsizing, bankruptcy, or management turnover may contribute to an individual’s ability to rationalize fraudulent behavior. Whenever a company reduces its workforce, some individuals will become bitter and develop a sense of entitlement. These employees may rationalize theft or other misconduct.

But while auditors must consider reducing opportunities through internal controls assessments, they cannot ignore the other sides of the fraud triangle. Consideration of these factors will enhance the auditor’s ability to detect potential red flags.

Reducing the Gap

The above prescriptions for increasing an auditor’s ability to detect fraud are undeniably arduous. Fraud detection requires effort and the ability to work hand in hand. Ability is enhanced through experience, training, and effort. Effort is enhanced through solid audit plans, brainstorming, and ability. The challenge to reduce the expectation gap stands before all auditors, internal and external. While the profession has made great strides through legislation, regulation, and audit standards, it must apply this guidance within its own ranks, expending the effort and developing the ability to reduce this gap.

Auditors cannot be held responsible for uncovering all types of fraud. Collusive frauds and other intricate schemes are very difficult to uncover. This does not, however, give auditors a blanket excuse to refrain from looking for fraud. Developing the right mindset, embedding forensic procedures, and asking about fraud all increase auditors’ chances of finding it.

Paul Zikmund, CFE, CFFA, serves as principal, litigation support services, at Goldenberg Rosenthal in Philadelphia, Pa. He can be reached at