The chairman and chief executive of Big Four auditing firm EY says auditors should do more to uncover fraud while conducting external audits, a topic the industry has historically been reluctant to tackle.
Carmine Di Sibio, chairman and chief executive of EY Global, apologized in a letter to clients for the firm’s missteps in its audit of German payment processor Wirecard, which earlier this year acknowledged the likelihood that it fraudulently booked $2 billion in assets. He then outlined steps he believes EY—and the accounting and audit profession as a whole—should take to root out fraud in corporate finances.
“CPAs have ducked their responsibilities for far too long. It absolutely is our responsibility to find material misstatements. We’ve had our heads in the sand, pretending that finding fraud is too hard.”
Brian Fox, a former CPA with EY and PwC
“Whilst the primary responsibility for the prevention and detection of fraud is with the management and supervisory boards, audits should play more of a role in the future to detect material frauds,” Di Sibio wrote in the letter, the contents of which were reported on by The Financial Times and The Wall Street Journal.
While EY would not provide Compliance Week with a copy of Di Sibio’s letter, the firm issued a statement that contained many of Di Sibio’s pronouncements in the letter regarding steps EY plans to take to identify and prevent fraud while conducting external audits.
“A key part of our commitment to quality is a policy of continuous improvement. We are, therefore, acting across the organization to implement innovations in our risk and audit procedures regarding fraud,” the EY statement said. “These include leveraging the power of advanced technology and mandating annual forensics training for all audit professionals.”
The EY statement also said the firm has “developed a proprietary fraud risk assessment framework for use with audit committees and those charged with governance. All of these actions raise the bar significantly and go beyond currently accepted professional standards.”
External auditors have long held their job of checking the accuracy of a company’s financial statements does not extend to exposing wrongdoing. It is a position that has put the external audit community at odds with regulators and investors, who say auditors have a responsibility to find and report fraud uncovered while conducting audits.
“CPAs have ducked their responsibilities for far too long,” said Brian Fox, a former CPA with EY and PwC. “It absolutely is our responsibility to find material misstatements. We’ve had our heads in the sand, pretending that finding fraud is too hard.”
Twenty years ago, Fox founded the digital confirmation platform Confirmation, a division of Thomson Reuters, which provides electronic confirmation of banking information for audit firms, including EY (although not EY Germany). Fox said in a July opinion column for Fortune that auditors should receive more training on how to detect fraud, and that audit executives should make finding it a priority.
“At this point, accidents catch more frauds than external audits. We’ve been failing at the responsibility we have to the public,” he said.
As things stand, auditors catch a very low percentage of fraud, said Shon Ramey, general counsel at NAVEX Global, a risk and compliance software provider.
“The accounting profession desperately needs to start holding themselves more accountable, or the regulators and lawmakers will do it for them,” he said.
External audits capture about 4 percent of fraud, according to a 2020 global study on occupational fraud and abuse issued by the Association of Certified Fraud Examiners. Internal auditors capture about 15 percent of fraud, the report said.
Richard Chambers, CEO of the Institute of Internal Auditors, said internal auditors have long placed an emphasis on assessing fraud risk and identifying fraud. Even so, major frauds like the one at Wirecard represent failures of both internal and external auditors, he said.
As for EY’s chairman claiming the firm can do a better job finding fraud, Chambers said he couldn’t speak directly to that point.
“If EY’s leadership thinks there’s more to be done by external audit, far be it for me to disagree,” he said.
Wirecard filed for bankruptcy in June, three days after acknowledging that $2 billion in assets listed on its balance sheet likely did not exist. In the scandal’s aftermath, Wirecard investors are suing EY, while Germany’s financial regulator, BaFin, is investigating how Wirecard perpetuated the fraud for so long.
EY, which audited Wirecard for a decade, found the $2 billion discrepancy and refused to sign off on Wirecard’s 2019 financial report. The discovery, however, came after numerous media and investor reports about potential discrepancies at Wirecard, as well as issues raised by another firm, KPMG, during an audit conducted at Wirecard’s request.
Di Sibio told EY clients in his letter, “While we were successful in uncovering the fraud at Wirecard, we regret that it was not uncovered sooner.”