Webster's Dictionary defines skepticism as "an attitude of doubt or a disposition to incredulity either in general or toward a particular object." In the accounting profession, skepticism has long been recognized as a fundamental principle of auditing. The first codification of auditing standards, Statement of Auditing Standards No. 1 (SAS 1), "Codification of Auditing Standards and Procedures," promulgates the idea that auditors must use professional skepticism when engaged in an audit. Skepticism is defined in the auditing standards as an attitude that includes a questioning mind, a critical assessment and objective evaluation of audit evidence, and a willingness to suspend judgment about the honesty of client management. In 2002, the American Institute of Certified Public Accountants (AICPA) issued SAS 99, "Consideration of Fraud in a Financial Statement Audit," which addresses skepticism and emphasizes the auditor's responsibility to explicitly consider the possibility of fraud on every engagement. (1) The rationale behind these standards is that high levels of professional skepticism (i.e., assuming a more questioning attitude) enhance the ability to detect fraud.
Despite auditing standards that require professional skepticism, 60% of the Securities & Exchange Commission (SEC) cases against auditors cite a lack of professional skepticism as the cause for action. (2) In response to the SEC's concern about the quality of audits, the Public Oversight Board (POB) issued a recommendation that audit firms should teach the concept of professional skepticism more effectively. (3) The implications are that professional skepticism is a learned skill that can be enhanced with training rather than strictly an innate quality.
Lending support to the SEC's and POB's concerns about the skepticism among auditors, a 2004 fraud survey by the Association of Certified Fraud Examiners (ACFE) revealed that only 11% of the frauds committed were detected by external auditors. (4) The survey shows it is far more likely that fraud will be uncovered by employees of the organization rather than by the external auditors. While internal auditors faired significantly better, detecting 24% of fraud cases, nearly 40% were discovered through a tip. Of the tips that led to the discovery of fraud, 60% came from company employees. The importance of employees as a source of fraud detection may be understated in these findings. Another 16% of the tips came from anonymous hotlines, which are widely used by employees. The abundance of tips adds credibility to the Sarbanes-Oxley Act (SOX) mandate that audit committees establish internal reporting mechanisms such as hotlines.
TYPES OF FRAUD AND THEIR COSTS
There are three general categories of fraud: asset misappropriation, corruption, and fraudulent financial statements. The majority of frauds (90% of reported cases) are in asset misappropriations, which involve the theft or misuse of an organization's assets, such as skimming, stealing inventory, and payroll fraud. Fraudulent financial statements make up the smallest percentage of reported fraud cases (7.9%), but they represent the highest median losses per case ($1,000,000) and are more likely to be publicized. (5)
The cost of fraud to an organization is staggering. The ACFE 2004 survey shows that the typical U.S. organization loses 6% of its annual revenue to fraud. Applying this statistic to the U.S. Gross Domestic Product for 2003 translates to approximately $660 billion in total losses, up from $400 billion in 1996 and $600 billion in 2002. Furthermore, once an organization has been defrauded, it is unlikely to recover its losses. The survey shows that victim organizations recover an average of 20% of the original loss, and 40% of the companies recover nothing at all. Small organizations represent the greatest proportion of reported fraud cases (nearly 46%), but the cost per incident of fraud is often higher in large organizations. …