Counteracting the Fraud Triangle
Publication Date: October 25, 2016

Cindy Fornelli—Executive Director at the Center for Audit Quality—shares with Nasdaq the elements of a fraud-resistant organization, tools for improving disclosure and audit reports, and recommendations for assessing the performance of outside auditors.

Q: The Center for Audit Quality (CAQ) partnered with a number of organizations to research and prepare a report on detecting and deterring financial reporting fraud. Can you summarize your findings?

A: The Anti-Fraud Collaboration’s report, The Fraud Resistant Organization, provides information about the conditions that might make an organization more susceptible to financial reporting fraud and describes how to mitigate those conditions. The report identifies three central themes that are critical to fraud deterrence and detection: (1) strong “tone at the top,” (2) skepticism, and (3) robust communications. These three elements help counteract each condition of the so-called "fraud triangle"—pressure, opportunity, and rationalization—that can lead someone to commit fraud.

A key theme of the report is that fighting fraud is truly an all-hands effort. Management, boards of directors, internal audit, and external audit all play a part in deterring and detecting fraud, and all need to have a solid understanding of their respective roles.

Additionally, these entities need to work hard to establish and maintain an environment of open and ongoing communication. Good communication enhances the knowledge of all parties and is vital for identifying any gaps in efforts to mitigate the risk of financial reporting fraud.

Q: Since the reforms of the Sarbanes-Oxley Act of 2002 were put into place, accounting restatements have decreased. Other than the change in the law, what other factors have contributed to this reduction?

A: One factor is enhanced communication and collaboration across the financial reporting supply chain. Since the passage of SOX, key stakeholders have worked together as never before to improve financial reporting. The Anti-Fraud Collaboration—formed in 2010 by the CAQ, Financial Executives InternationalThe Institute of Internal Auditors, and the National Association of Corporate Directors (NACD)—is one example of this kind of collaboration. Another example would be the robust dialogue we've seen among market participants around internal control over financial reporting.

A second factor is the ever-strengthening role of audit committees in our system of investor protection. The audit committee community is as energized and engaged as ever. Audit committees are also benefitting from new tools and resources from organizations like the NACD and the CAQ, as well as governance centers at auditing firms.

Last, but certainly not least, credit should be given to the public company profession's strong commitment to enhancing audit quality through the cycle of continuous improvement. Each year, the profession invests substantially in training and continuing education to enable its workforce to execute high quality audits in a constantly changing business and regulatory landscape.

Q: You’ve stated that more disclosure by companies is not necessarily better, but rather, we should be focusing on “effective disclosure.” How can disclosure by public companies be improved, and how can its effectiveness be measured?

A: One way to improve disclosure is to highlight best practices from leading companies. As an example, consider the Audit Committee Transparency Barometer, a joint project from Audit Analytics and the Center for Audit Quality. Each year, The Audit Committee Transparency Barometer measures the robustness of audit-related proxy disclosures among companies in the S&P Composite 1500. The publication not only provides robust data on year-over-year trends, it also features specific examples from companies that have provided meaningful information. Thus, the Barometer can serve as a resource to other companies looking to enhance their disclosure practices.

As the Barometer emphasizes, it is important for disclosure to be tailored to specific companies and industries. That way the disclosure is meaningful—not just more information or boilerplate text.

Q: In what ways can diversity – gender, viewpoint, and ethnicity – benefit public company boards of directors and audit committees?

A: There are substantial benefits to achieving diversity in the boardroom. Boards with diverse points of views—and members with different backgrounds—often make better decisions. And, in the words of Robert E. Moritz, Chairman of PricewaterhouseCoopers International, "diversity yields innovation."

The benefits of diversity are supported by empirical research. On gender diversity, for example, a 2012 study by from researchers at the University of Wisconsin-Milwaukee, Santa Clara University, and Kansas State University found that female presence on a company board reduced the chance of financial restatements by close to 40 percent.

I would also posit that diversity of all types is important to every organization and group, not just boards.

Q: There has been some criticism of the current “pass/fail” model of audit opinion. Do you think this paradigm still works? Where should the burden of disclosure fall for that which is beyond what’s included in an audit report?

A: Across the globe, investors, audit committees, and other key market participants have expressed their need and desire for more information regarding the work and views of public company auditors. This isn't surprising, given evidence of the robust confidence that investors place in independent auditors.

The auditing profession is responding actively to this need on a number of fronts, including rethinking the traditional "pass-fail" auditor's report. In the United Kingdom, audit reports now provide more information, including a discussion of the application of materiality, the scope of the audit, and an assessment of risks of material misstatement. In the United States, public company auditors have been deeply engaged on the issue of the auditor's report, providing extensive and constructive input on regulatory proposals.

A significant principle with respect to the auditor’s reporting model is that the auditor should not be the original source of information. It is the responsibility of the company’s management to consider such information for disclosure.

Q: What recommendations do you have for audit committees in assessing the performance of their auditor, and in considering whether an auditor should be replaced?

A: Audit committees can avail themselves of valuable resources that can help in the area of auditor assessment. One of those resources is the External Auditor Assessment Tool, a publication of the Audit Committee Collaboration. This tool can help inform the audit committee’s evaluation of the auditor, meaning the audit firm, as well as the lead audit partner, audit team, and engagement quality reviewer.

To that end, the External Auditor Assessment Tool contains sets of sample questions that highlight some of the more important areas for consideration in the assessment of the auditor. It also provides a sample form for obtaining input from company personnel.

Q: How should audit quality be measured?

A: The Center for Audit Quality believes that metrics regarding the audit—commonly referred to as audit quality indicators (AQIs)—could be used to better inform audit committees about key matters that may contribute to the quality of an audit.

In recent years, the public company auditing profession, audit committee members, and policymakers all have extensively explored AQIs. There has been progress on the issue, but challenges remain. One challenge is that views on audit quality vary quite widely among stakeholders. Much depends on the degree to which stakeholders have direct involvement in audits—and the lens through which they assess auditor responsibility and performance.

Another challenge revolves around striking the right balance between quantitative and qualitative information. In its engagement on AQIs, the CAQ has observed a strong desire among audit committee members for new ways to assess the more qualitative aspects of the audit, such as the engagement team having strong communications skills, as well as the right mindset to bring forth professional skepticism and auditor judgment.

To address these and other AQI challenges, further dialogue and continued collaboration among all stakeholders are needed.

Q: Let’s take the example of an audit committee that has historically only included the required elements in its audit committee reports. How could such an audit committee improve the transparency and usability of this report to keep up with the needs of investors and other proxy statement users?

A: As I’ve noted earlier, one of the things we like to suggest audit committees do, as they contemplate ways to improve the transparency and usability of their reports, is to look at some of examples from companies that are doing it well. Prudential Financial and General Electric have long been recognized for exemplary proxy statements. We’ve also seen recently notable improvements from Goldman Sachs and —and we’re not just saying this because we’re talking to you—Nasdaq.

Cindy Fornelli is Executive Director of the Center for Audit Quality (CAQ), a position she has held since the CAQ was established in 2007. In 2016, Fornelli was honored for the eighth time by Directorship magazine as one of the 100 most influential people on corporate governance and in the boardroom. Accounting Today has named her one of the 100 most influential people in accounting for 10 consecutive years.

Fornelli serves on the Advisory Board of the Ira M. Millstein Center for Global Markets and Corporate Ownership, the Securities and Exchange Commission Historical Society’s Board of Trustees, the Audit & Risk Oversight Committee Advisory Council of the National Association of Corporate Directors, and the Accounting and Auditing Committee of the International Corporate Governance Network. She previously served on the National Association of Corporate Directors’ 2010 Blue Ribbon Commission on the Audit Committee and 2009 Blue Ribbon Commission on Risk Governance. Prior to joining the CAQ, Fornelli was the Regulatory and Conflicts Management Executive at Bank of America and the Deputy Director of the U.S. Securities and Exchange Commission's Division of Investment Management. Fornelli is a graduate of Purdue University and received her JD at The George Washington University.

The views and opinions expressed herein are the views and opinions of the author at the time of publication and may not be updated. They do not necessarily reflect those of Nasdaq, Inc. The content does not attempt to examine all the facts and circumstances which may be relevant to any particular situation and nothing contained herein should be construed as legal advice.