Full Text

The recent failure of Enron-even though fraud charges have yet to be proven-has renewed the hue and cry from Congress, regulators and the investing public: Why can't auditors catch these problems?

The answers run the gamut: Auditors lack independence from their

clients, the audit process is not designed primarily to detect fraud, the number of audit failures is minuscule compared with the number of audits, it is not possible-because of collusion-to detect all material frauds.

While these explanations may be perfectly valid, the public isn't buying them. In a 1998 study, Bonner, Palmrose and Young determined that after a failed audit plaintiffs were more likely to sue auditors who didn't detect questionable transactions. And McEnroe and Martens' 2001 study found that only 41% of auditors-vs. 71% of investors-said auditors should serve as "public watchdogs." The message seems clear: The public wants independent auditors to detect and deter fraud.

Unfortunately, there is no foolproof method for uncovering fraud. Unlike visible crimes-such as robbery or assault-fraud's hallmarks are deception and stealth. The company insiders who might be tempted to commit financial statement fraud constantly attempt to cover their tracks. And many of them are good at it-so good, in fact, that investigators will never catch them all.

Historically, CPAs have counted on internal controls as the main defense against fraud. Although there is no question that controls are a vital part of any organization's risk management program, their preventive effect on fraud is questionable for two reasons. First, internal controls provide only reasonable assurance against fraud. Second, if upper management is hell-bent on showing stronger earnings, it can find ways to override controls. Therefore, to catch offenders in the act, CPAs must start thinking like them.

THE POWER OF FEAR

English philosopher Jeremy Bentham originated classic criminological theory in the 18th century. It holds that a person's propensity to commit a crime is determined by his or her perception of related risks and rewards-the greater the risk of detection and apprehension, the less likely a person is to violate the law.

So what potential fraudsters are concerned about-from the CEO to the average rank-and-file employee (see "Pam's Parable," page 109)-is getting caught;...