Thursday, 4 April 2019 By John Temple-Cole and Luke Deakin With a bright light now shining on corporate misconduct, it has become increasingly common to hear public cries for a ‘forensic audit’ to get to the bottom of the allegations. Whether these allegations relate to alleged bribery, conflict and misuse of public funds at a local government, sporting rule breaches, mis-selling of financial products, misuse of personal data by social media companies, or white-collar fraud, such calls are often a result of an internal whistleblower airing their concerns in public. Isn’t a forensic audit just ‘an audit’? First, to clear up any misconception, put simply a forensic audit is not ‘an audit’ in the sense commonly understood. In fact, there is no standard definition of a ‘forensic audit’ and essentially it should be read as a reference to ‘forensic investigation’. A forensic audit, when done correctly and with the right resources and experts, offers a thorough investigation into an allegation or area of concern within an organisation. But first and foremost, you need the right people for the job, and, contrary to what may be implied by the title, your own auditor may not be the most suitable person to conduct a forensic audit. A key feature, after all, of any investigation is independence, and, therefore, consideration of who is best placed to conduct a forensic audit is fundamentally important. An audit firm that has previously been engaged to carry out a statutory (or standard) audit of the organisation’s financial report may not be the most suitable choice to conduct a forensic audit. There is a great deal to be said for having a fresh pair of expert and objective eyes investigate serious allegations of misconduct, which have the potential to undermine the organisation’s values, reputation and commercial success. Given the serious nature of allegations that lead to a forensic audit, independence is crucial. Features of a forensic audit It helps to understand the fundamental differences between a forensic and standard audit, and what they will and will not tell you. What you will not get from a forensic audit is the expression of an auditor’s opinion as to whether a particular set of financial statements presents a true and fair view of a company’s financial performance, or whether those financial statements were prepared in accordance with accounting standards. That does not infer however, that a forensic audit is of lesser value than a statutory audit. Quite the opposite. The scope of a forensic audit engagement is directed at specific allegations or areas of concern, and in this way it differs greatly from a statutory audit. This results in an investigation plan and scope of work that is typically far more detailed than a statutory audit, which traditionally applies audit-sampling or analytical methodologies to obtain reasonable assurance over a set of financial statements. The scope of a forensic audit is also not limited to a particular financial period, but is designed to focus on specific transaction categories of concern, regardless of the period in which they occurred. An added benefit of a forensic audit is that the concept of materiality that applies in a statutory audit – under which an auditor may accept relatively substantial transactions to be of no material relevance – does not apply in a forensic audit. Those transactions may be critical from an investigative perspective so typically all transactions, and associated evidence, will be subject to detailed examination by the forensic audit’s investigation team, which gives the forensic auditing process more teeth. A payment for a false $5,000 invoice, for example, may rightly have been considered immaterial in a standard auditing context. However, if forensic investigation implicates senior personnel and reveals further fraudulent activity, the $5,000 payment becomes a crucial piece in the puzzle. Furthermore, unlike statutory audits, the investigation team in a forensic audit is multi-disciplinary. Such engagements are often targeted at conduct that may have breached workplace policies, community standards and/or civil and criminal legislation, and requires experts with skillsets drawn from audit and accounting, as well as law enforcement, digital evidence collection and management, and data analytics. It is the team’s ability to effectively combine these skills with those of the organisation’s legal and internal investigative team that will ensure that the findings of the forensic audit are not only comprehensive but communicated in the appropriate manner. Crucially, the forensic reports must also be prepared to the required standard as they may be used in testimony in court where required. It’s worth noting too, that while a statutory audit must adhere to the requirements set by the Auditing and Assurance Standards Board (AUASB), there are currently no specific professional standards relating to the conduct of a ‘forensic audit’. That said, the various professionals within a forensic team often refer to a number of other relevant standards and professional bodies when planning and undertaking an engagement to ensure their reports are law-abiding and admissible in court. For example, the requirement to comply with independence requirements when providing any ‘Forensic Accounting Service’ which ‘requires independence’ – which arguably must be all such engagements. So while there are a number of key differences between a forensic and a statutory audit, the end result is that a forensic audit is far more likely to be directed at the specific conduct or issues of concern and will certainly delve into far greater transactional detail than its distant cousin. The findings of a well-executed forensic audit have the capacity to support the organisation’s wider investigation and locate a problem that may be harming the company’s culture and impacting its reputation and commercial standing.