Thursday, December 14, 2006

Why Sam E. Antar Doesn’t Fear Auditors

I’ve been reading through a very interesting blog (whitecollarfraud.blogspot.com) recently, on the subject of white collar crime. It is written by Sam E. Antar, previously a CPA and CFO of Crazy Eddie’s, and a perpetrator of one of the largest securities frauds in the 1980’s. Although it has clearly been eclipsed since then in terms of the size of the fraud, it is interesting for the length of time it went on, and the number of different types of financial fraud involved. I highly recommend reading this blog for anyone interested in determining why the audit profession is not as strong as might be expected.

Mr. Antar clearly had no fear of either external or internal auditors while he was committing fraud. He includes some reasons on his site, such as new audit staffers being young and inexperienced, following out of the box and checklist programs, and not receiving adequate supervision from more experienced managers and partners. Although there has been much hype recently about strengthening audits, I tend to think that these conditions still exist in many companies. These criticisms can, in my experience, pertain equally to both internal and external auditors.

Any experienced auditor will tell you that fraud by its nature cannot always be discovered, since the perpetrator is trying to cover it up, and auditors don’t audit 100% of transactions. However, management often has the expectation that we will uncover fraud, leading to an expectation gap. SAS 99 does require that external audit tests be designed to reasonably uncover fraud if it exists, and the internal auditors should be supporting this mission. The types of financial fraud committed at Crazy Eddie’s were textbook, and should have been caught at some point by auditors sophisticated enough to recognize the warning signs.

With management greed and corporate fraud seemingly still on the upswing, the challenge for auditors is clear. First of all, we need to be more skeptical and less trusting. People who become auditors tend by their nature to be very honest and very trusting. We want our clients to like us. People who become white collar criminals in my experience, tend to be extremely smart and charming. This is not a good combination for discovering fraud. I maintain that in the current business environment, we auditors need to dramatically increase our healthy skepticism.

A few other changes we need to make - we need to train all of our new auditors on the red flags of fraud, and ensure that they know how to design tests that will help identify fraud. Third, forget the rote audit programs, checklists and ICQ’s. While these can be valuable tools to ensure that we haven’t missed a step, they make it too easy to stop thinking. Both external and internal auditors must be very smart and we must be able to think independently! After all, we need to be smarter than the criminals. Fourth, we need to ensure that we are performing risk based audits that are tailored for the individual client situations. And, we must support our staff auditors with ongoing technical training and adequate oversight, and ensure that they know how to throughly investigate transactions that appear out of the norm. Lastly, we need to make better use of automated audit tools such as ACL that will allow us to test 100% of large populations and quickly identify the unusual items. While these steps won’t completely eliminate white collar crime, they may help scare the criminals.

Thursday, November 30, 2006

Promises, Promises

“I don’t think there’s a company, a management, an audit committee that hasn’t gone back and re-looked at what they’re doing…..People are really scrutinizing and want to really make sure that their houses are in order and clean.” William Esrey former CEO Sprint

Sounds good, right? After the collapse of Enron and WorldCom, many CEO’s rushed to assure their shareholders and the public that they were doing everything they possibly could to tighten internal controls and run their companies with the highest integrity. But now that a few years have passed, have they really delivered on those promises?

One critical step for the achievement of these goals is developing and maintaining an effective internal audit function. A well run audit function can help companies to maintain, validate, and improve internal controls, to identify opportunities to reduce costs and improve processes and internal controls, and to strengthen corporate governance. I maintain that this is an area where many CEO’s still need to implement change at their company in order to deliver on what they say.

During the course of my professional activities, I find that many companies still have either a weak internal audit function, or worse, none at all. I would like to explore why this issue is so critical to business and how the necessary improvements may be made.