Why do auditors concern themselves so much with fraud when fraud is not the objective of their audit? Generally Accepted Government Auditing Standards (GAGAS) require them to do so. It is "baked" into the auditing standards (a.k.a Yellow Book). In fact, the word "fraud" shows up 117 times in the GAO Yellow Book. GAGAS requires the following:
when performing a GAGAS examination engagement, auditors should design the engagement to detect instances of fraud and noncompliance with provisions of laws, regulations, contracts, and grant agreements that may have a material effect on the subject matter or the assertion thereon of the examination engagement. Auditors should assess the risk and possible effects of fraud and noncompliance with provisions of laws, regulations, contracts, and grant agreements that could have a material effect on the subject matter or an assertion about the subject matter of the examination engagement. When risk factors are identified, auditors should document the risk factors identified, the auditors’ response to those risk factors individually or in combination, and the auditors' conclusion.In other words, auditors cannot perform an audit that is compliant with Generally Accepted Government Auditing Standards without considering the potential for fraud and the impact of fraud on the audit subject.. To assist contract auditors in fulfilling its responsibilities, the DoD Inspector General's Office (DoD-IG) has published a listing of fraud indicators to help auditors understand the risks. According to the DoD-IG,
Auditors should familiarize themselves with the basic knowledge provided by the scenarios and creatively use it while performing any audit or review. ... auditors should review the full scenarios at least initially as they provide other valuable information such as examples of analytical procedures, management inquiries, and audit procedures and/or expanded audit procedures to address potential fraud indicators.Built into every one of DCAA's standard audit programs is a requirement for the auditor to affirmatively consider and document the potential or existence of fraud. For example, the standard audit program for audits of incurred costs, states:
Based on the team's understanding of the criteria, subject matter, and the contractor and its environment, hold a planning meeting with the audit team (at a minimum, Supervisor and Auditor) to discuss and identify potential noncompliances, due to error or fraud, that could materially affect the subject matter. The discussion should include:Back in the day, auditors did not specifically look for or consider fraud. If they stumbled across fraud during the course of their work, they were encouraged to report it as a suspected irregularity. Now however, they must affirmatively design audit procedures to detect fraud.
- relevant prior audit experience (e.g., questioned cost, relevant reported estimating or accounting system deficiencies)
- relevant aspects of the contractor and its environment
- risk of material noncompliance due to fraud (e.g., the extent of incentives, pressures and opportunities to commit and conceal fraud, and the propensity to rationalize misstatements)
- other known risk factors
Document fraud risk factors/indicators that are present and could materially affect the subject matter. If fraud risk factors are present, document specific audit procedures designed to address the increased risk of material noncompliance due to fraud. Communication among audit team members about the risk of material misstatement due to error or fraud should continue as needed throughout the audit.
- the audit team’s understanding of relevant internal controls.
Contractors should be aware that every time an auditor steps through the door of their facility, they are actively engaged in considering whether fraud is occurring or has occurred.