An audit is not necessarily a guarantee that fraud will be detected. There is an inherent risk that fraud causing harm to third parties or the client itself may not be detected, regardless of the fact that the audit was conducted with due care and in compliance with auditing standards. This is so because fraud frequently entails a sophisticated procedure aimed at concealment. In many of these cases the detection of the fraud does not necessarily depend on an auditor’s knowledge and experience but on other factors such as the expertise of the perpetrator, the frequency of commission and the influence of the persons involved. It is because of these limitations that the auditor’s actual legal position vis-á-vis fraud needs to be ascertained.
Does an auditor have a legal duty to detect fraud?
In terms section 44 (2) of the Auditing Profession Act 26 of 2005 (APA) an auditor’s principal duty is to express an opinion on the fairness of an entity’s financial statements and on whether they have been properly prepared. The Companies Act (CA) 61 of 1973 in section 301 (1) also states that an auditor’s primary duty is to audit and examine a company’s annual financial statements. All the other duties an auditor must perform, imposed in these Acts relate to the way in which this duty is to be performed. It is clear that an auditor has no statutory obligation to detect fraud. However, the requirements set in the two Acts on how the audit must be performed, if fully complied with, enhance the chances of detecting fraud.
On the common law front the position is that an auditor must comply with the standard of the so-called bonus paterfamilias or reasonable man. The test for this standard is this; if a reasonably competent and cautious auditor in the circumstances would have detected the fraud, then the duty to detect fraud exists. The converse is also true in that if the fraud could not have been detected by a reasonably careful and skilled auditor then the responsibility to detect cannot be established. A case to illustrate the point is International Laboratories Ltd v Dewar  DLR 665 where the court held that, “auditors should not be liable for not tracking down ingenious and carefully laid schemes of fraud where there is nothing to arouse their suspicion…” That is where it could be impossible for a reasonable auditor to detect the fraud. However, in reference to where a reasonable auditor would have detected the fraud, the court held that, “the greater the number of undiscovered frauds or misappropriations the more difficult it will be for auditors to resist a finding of negligence in failing to find them.”
Where the audit contract imposes an obligation on the auditor to detect fraud, it is submitted that the auditor will have a legal duty to detect fraud. If he fails to perform this duty it may be possible for him to plead impossibility of performance if he can prove that the obligation would unduly and cumbersomely burden him. It is advisable for the auditor to negotiate the inclusion of a clause that obliges his client to desist from deliberately misleading the auditor. In the USA the SOX in section 303 (a) Title III (Corporate Responsibility) makes it unlawful for any officer or director of a company or any person working under the direction of the company fraudulently to influence, coerce, manipulate or mislead any public accountant with the intention to render the financial statements misleading.
What therefore are the auditor’s duties vis-á-vis fraud.
The fact that there is no inherent duty on the auditor to detect fraud does not mean that auditors can be oblivious to the actual legal duties in relation to fraud. These duties are defined here as entailing:
1. The duty to duly consider the possibility of fraud – Pacific Acceptance Corporation v Forsyth (1970) 92 WN (NSW) 29 and Dairy Containers Ltd v NZI Bank Ltd  2 NZLR 30. These cases are also authority for the proposition that, in paying due regard to the possibility of fraud, an auditor must perform his audit in a manner that provides a reasonable assurance that fraud and other irregularities will be detected.
2. The duty to exercise professional skepticism and identify suspicious matters and fraud risk factors. Paragraphs 48 and 49 of SAAS 240R : “The Auditor’s Responsibility to Consider Fraud and Error in an Audit of Financial Statements” states that auditors should be worried by factors that provide an incentive to commit fraud. Such factors entail the desire to meet third party expectations and obtain extra revenue, to evade tax or the prospect of bonuses.
3. After identifying and assessing the risk of material misstatements due to fraud in the financial statements, a reasonably competent auditor must apply audit procedures that by their very nature address such risks adequately. This is in line with the dictates of ISA 330: “The Auditor’s Responses to Assessed Risks”, which provides that an auditor should perform procedures that are specific to the risks identified as significant. This has a direct relationship with the auditor’s professional skepticism. An auditor that has identified risks must display increased sensitivity in the selection of the types of records to be analysed and the depth of the analysis.
4. The duty to report fraud as a reportable irregularity to the IRBA. Section 45 of the APA deals with reportable irregularities and basically states that these irregularities must be investigated fully. The materiality of these irregularities is apparently to be disregarded. The position is the same in the USA, where section 78j-l (B) of the US Code states that auditors must investigate all suspicious matters whether they are material or not. In terms of paragraph 61 of SAAS 240R probing suspicious matters to the bottom entails the construction of audit procedures that address the identified risks adequately.
The responsibility for fair financial statements.
The law is quite clear on who has the primary responsibility to detect fraud and produce fair presentation in financial statements. As has been noted above, an auditor is required by statute to attest to the fairness of the annual financial statements he has audited. Company management on the other hand will be required by the new Companies Act to:
1. keep accurate and complete accounting records – s 28 (1);
2. refrain from intentionally deceiving or misleading any person by failing to keep accurate accounting records because that would be an offence – s 28 (3); and
3. present financial statements that fairly reflect the state of affairs and business of the company, and explain the transaction and financial position of the business of the company – s 29 (1) (c).
These requirements will be supported by the provision that any financial statements prepared by any company must not be false or misleading in any material respect – s 29 (2). The Act will also criminalise the willful preparation, approval, dissemination or publication of incompliant and materially false and misleading financial statements – s 29 (6). The word “approval” here may cover the auditor’s attestation, which will be an offence if it is done with the knowledge that the financial statements attested to favourably are materially false or misleading and incompliant with the provisions of the new Act.
These statutory provisions have a mirror image in the case law. In Tonkwane Sawmill Co Ltd v Filmalter 1975 (2) SA 453 (W) Boshoff J, in describing the auditor’s position vis-á-vis fair financial reporting and the detection of fraud, stated that:
An audit is not a substitute for management control and no guarantee is given or to be implied that an audit will necessarily disclose fraudulent misappropriation. Responsibility for the financial control and accounts of an undertaking rests upon those who are entrusted by the proporietors with its direction and management. It is for them to ensure that adequate records are maintained and that such accounts as may be required by statute or for other reasons are prepared so as to give a true and fair view and such information as may be required by law or is considered desirable or useful as the particular circumstances may suggest. Management is responsible for safeguarding the assets of the undertaking and is not entitled to rely upon the auditor for protection against defects in its administration or control.
In the Pacific Acceptance case it was held that auditors have no inherent duty to detect fraud or error, more so in circumstances that do not raise suspicion. The mere fact that fraud or error exists in the financial statements does not give rise to this duty either. It was stated in this case that care must be taken to prevent the auditor’s duty in relation to fraud from being too onerous. The court held that once fraud is revealed it becomes easy to connect it to its earlier manifestations and stated that the auditor’s conduct must be examined in a practical way on the matters as they came to him at the time when he had an unsuspicious mind. The court however stated that, if material irregularities appear, a careful auditor can normally be expected to remember and consider other irregularities, especially those occurring in a connected way. An auditor may then be reasonably expected to revisit past working papers to bring to mind irregularities.
Benjamin Tanyaradzwa Kujinga, LLB, LLM , PhD full time candidate at the University of Cape Town is also a candidate in the advanced programme in taxation at UNISA.