Did the Auditors Fail? – Analytical Techniques to Determine Due Diligence

foster-HeartbleedFraud examiners are increasingly finding themselves in situations where they are asked to investigate financial frauds identified subsequent to the performance of single or even multiple external and internal audits.  In such situations fraud examiners and forensic accountants do well to consider the application of a number of analytical techniques to identify exactly which organizational control assertions (and/or the auditor’s examination of them), broke down; such assertions as existence, rights and obligations, valuation, completeness, occurrence, measurement and presentation, either alone or in combination.   One particularly powerful analytical technique, among several,  available to the fraud examiner in analyzing the performance of the parties to such a situation is Benford’s Law.

Benford’s Law is named after Frank Benford, a research physicist at the General Electric Research Laboratories in Schenectady, New York who, in 1938 and the years immediately following, performed a detailed study of numbers and found that certain numbers and number combinations appeared more frequently than others; Benford’s law predicts the digit patterns in naturally occurring sets of data.  He then tested the assumption that numbers ordered from smallest to largest would form a geometric sequence by using integral calculus to formulate the expected digit frequencies in lists of such numbers.   The significance of this for fraud examiners is that, after analyzing more than 20,000 pieces of data, he found that the chance of the first digit in the data (say,  a list of the dollar amount of invoiced transactions, for example) being “1” is not one in nine, but rather one in three, or 30 percent.  The chance of the first number in the string being “2” is only 17 percent, and the probabilities of successive numbers being the first digit decline until reaching “9”, which has only a five percent chance of appearance.  Benford found that in arrays of numbers, the digit “1” occurred more than any other number did.  The same type of predictable patterns were found to hold for the predicted frequencies of digits in the second, third and fourth positions, given the occurrence of all the differing initial digits (1 through 9).  Over the intervening years, further investigation and extension of Benford’s original work has made it possible to detect potentially fraudulent numbers in large data files by comparing the frequency of occurrence of initial digits in a list of financially related numbers to those anticipated by Benford’s findings.  For example, when a fraudster invents numbers in connection with the perpetration of a fraudulent scheme, s/he will tend to fake data containing too many instances of the initial digits 7, 8, and 9 and too few of 1, 2, and 3.

As a case in point, let’s say you have been engaged to determine whether or not external auditors performed due diligence in evaluating the client’s control assertions in a case where the existence of an existing fraud, contemporaneous with the auditor’s examination, was clearly not identified.  If the auditor was lacking diligence, damages are due to the plaintiff; on the other side, it may be the case that the auditor actually performed due diligence.  In the center portion of the spectrum is a grey area where due diligence is questionable.  Clearly, in this case, the plaintiff organization has an obvious monetary incentive to claim a lack of due diligence, while the defendants (the auditors) have a clear motive to claim the opposite.

The advantage the fraud examiner has in applying analytical tests to the facts of this particular hypothetical case is that both the auditor’s work papers and the client’s financial records as they were at the time of the audit are available for her analysis.  Analytical manipulations  like those represented by the most successful Benford’s Law tests (like the coincidence of same invoice number, same dollar amount and different vendor numbers) can identify clearly abnormal patterns in the  defendant’s analysis of the   plaintiff’s assertions that can either confirm or disprove the plaintiff’s claim for damages as a consequence of the defendant’s non-performance of due diligence.  This type of testing by the fraud examiner of the plaintiff’s data and auditor’s related work papers tends to reduce the grey area of doubt in either the plaintiff’s or defendant’s favor by applying techniques that juries will find relatively easy to understand while representing a credible source of evidence based on the relevant actual data available from both litigants.  Use of even the most basic digital tests of these available data can impress a jury and influence an appropriate due diligence decision one way or the other.   Thus, if the engaged fraud examiner acting for the plaintiffs can demonstrate that tests exist that, if applied, could have detected the fraud but that the tests were not applied, the auditors can expect to lose the case and face damage awards.   The point is that fraud examiners can run digital tests on all sorts of permutations, combinations, and subsets of the relevant data until the fraudulent transactions stand out as clearly significant deviations and in this way either support or refute the plaintiff’s claim of a lack of auditor due diligence.

To summarize, a jury might be more likely to accept the fraud examiner’s arguments for or refutation of the claims for due diligence, if those arguments are supported by concrete examples drawn from the actual data at play by her application of Benford and other related analytical tools to analyze the relevant data and organize her findings.

Comments are closed.