Strengthening the lines of defense
As one of the three lines, we agree and believe that the solution is to strengthen all three of them and make them more mutually reinforcing. That is why we are introducing key innovations to the audit. These include the mandating of the use of data analytics for fraud testing and enhancing risk assessments and audit scoping by using more external data and information. Also, we are mandating annual fraud training for all audit professionals.
We are also advocating for specific changes to strengthen the entire ecosystem.
- Strong corporate governance and standards for maintaining effective internal control over financial reporting should be a precondition for listing on a major stock market index, as it already is in many countries. This would raise standards quickly and lower risk for investors. As part of their system of internal control over financial reporting, companies should also be required to address the risk of fraud and set out clear and specific roles for each stakeholder, including management, the board, the audit committee and internal audit. We support the practice of management sign-off on internal control over financial reporting.
- Supervising regulators should also be strong and equipped with powers and technology. There is clear-cut evidence on the efficacy of strong regulators in combating corporate fraud in many parts of the world. Whether fighting fraud or financial crime, European supervisory authorities could consider pooling their resources in the pursuit of international fraudsters and initiate joint or harmonized supervision across national markets.
- Auditing standards need to be fit for purpose when it comes to detecting increasingly complex corporate frauds. In Europe, rules should be harmonized to the strongest existing standards relating to fraud. We welcome the consultations recently launched by the International Auditing and Assurance Standards Board (IAASB) and the UK’s Financial Reporting Council.
Working together to detect fraud
There is also an opportunity for all involved – company management and boards, auditors and regulators – to focus more on corporate culture and behaviors to support fraud detection. The fraud triangle, a model used to consider fraud risk, holds that three factors – opportunity, pressure and rationalization – are typically present when frauds occur. We believe that developments in technology and research could now make it possible to better evaluate pressure and rationalization, and to feed the results into the fraud risk assessment process. For example, consideration of the fraud triangle could be a part of a company’s system of internal control over financial reporting in addressing the risk of fraud and the audit profession could deploy people with different skills to look at all three factors to enhance our ability to detect fraud. We welcome dialogue with all stakeholders to explore opportunities in this area.
We know the audit needs to change and we want to play an active role. However, this will be futile unless the other two lines of defense against corporate fraud are strengthened as well. Ultimately, to combat frauds, all stakeholders must seize the opportunity to work together to strengthen the entire financial reporting ecosystem.
EY has set out a call to action based on the three lines of defense in its report titled Preventing and detecting fraud: how to strengthen the roles of companies, auditors and regulators.