Auditors have access to all the financials, but they only audit a statistically significant sample, because it would be incredibly expensive to audit every transaction.
Fraud can be easily detected if one employee is committing it. Fraud is substantially harder to find if two employees are involved, specifically 2 employees involved in internal controls.
For instance, if you have a policy that all checks paid over $10k require 2 signatures from corporate officers, it’s easy to catch a check with one officer forging the name of a second in order to siphon money to his 3rd party shell company.
But if both officers make a shell company, they can post the check as usual, and the check would pass auditor checks unless they looked into the specific corporation being paid, which may be out of scope if it’s a relatively small transaction.
Ultimately, you don’t need assurance that the financials don’t have fraud, you want assurance that they’re materially correct. Whether the company lost 10k to fraud or waste or incompetence is almost irrelevant for the investor, because the company has 10k less money. Obviously they’d prefer it not be due to fraud, but the impact on the financials is more or less the same.
Your comment was the first in this comment section where everything was coherent and on point. While everyone else is spitballing, you hit the nail on the head. I was not surprised at all that you revealed you’re a CPA because the accuracy of your comment perfectly conveys your credentials. Funny how things like that can come through.
Curious, this seems like a good place to deploy AI tooling. If I’m involved in internal controls, I’ll know what the auditors look for.
If an AI can augment the auditors to find more suspicious transactions such as to companies with no employees, or conflicts of interest - I could probably find more fraud.
Ex-IT Auditor and I agree. I was screaming for automation in the audit process for years and nobody would listen. Many of the employees are burnt-out and hate their jobs. My prediction is that governments will decide to audit companies using some kind of AI and report back any findings to shareholders, while ensuring correct taxes are paid. Big 4 has 5 years max to pivot their business or they're going to die.
> Ex-IT Auditor and I agree. I was screaming for automation in the audit process for years and nobody would listen.
Honestly, this seems like a lose-lose for decision makers:
- automation reduces billable hours, a net loss to the auditor
- automation finds more fraud, a net loss to the person who hired the good auditor
Of course, shareholders would appreciate less fraud, but have no seat at this particular table.
I’m very excited to see how technology impacts financial reporting in the future. We’re rapidly approaching a point where every single transaction could be audited in real time with software, and the details of each transaction automatically scrutinized.
"Excited" is one way of putting it. If we had any chance of this working or ending well, we wouldn't get daily or weekly posts here on HN of people having their Stripe/AWS/PayPal/Google accounts banned. Look forward to "Your company has been locked, please contact your auditor AI to get no help whatsoever"...
But that's the exact opposite to the economics of consulting esp at these big companies. The goal is to get as many low cost employees doing the most amount of high bill work as possible to make the most profit. Automation or ai would just lower what you can charge by removing 1000 hours per year of a college grad making 50-90k while charging at 500k a year for them. And you need these rates to cover for the highly paid sales leads and project leads as well as profits. You'd have no good way to pay your high bill rate applied scientist.
But why does cost not matter on the contract? A few reasons, one being is these are hourly contracts and the consultants know the customer has to finish the project. there will be more money. Second the customers are picking one of these companies on rep. If they fire the consultants they just rotate through the rest of the big five. There's no real incentive for the big five to change their model with customers who are making decisions based on who sponsors the golfer they like. Just like how every VC used svb, go with who you know.
This is why I left consulting. Every good shop gets wooed by the siren song of butts in seats economics. After consulting I've moved to where I sonetimes have to damage control projects from the big 5 and other high end large tech consultants on code. They're all doing the same thing if they get that big.
We had 2 recently with nationally renowned consultants where the provided heads couldn't use basic shell scripts or basic cloud cli, all at a senior DevOps bill rate. I ended up interviewing several of them and the only one of them id trust was their senior principal architect (5% time) who I'd put as a Jr/sr sysde/sde at our co. We fired the consultants. Luckily we only wasted money, our pm, and a few hours of my time.
Beware any company that competes with beer and insurance companies for commercial slots.
As a subject of some of those audots, and as being responsible for a subset of relevant processes, I can confirm. I'd just add that, at least under SOX audits, also the internal controls are audited. And if those controls are laclong, that is a, potentially major, audit finding as well.
Fraud can be easily detected if one employee is committing it. Fraud is substantially harder to find if two employees are involved, specifically 2 employees involved in internal controls.
For instance, if you have a policy that all checks paid over $10k require 2 signatures from corporate officers, it’s easy to catch a check with one officer forging the name of a second in order to siphon money to his 3rd party shell company.
But if both officers make a shell company, they can post the check as usual, and the check would pass auditor checks unless they looked into the specific corporation being paid, which may be out of scope if it’s a relatively small transaction.
Ultimately, you don’t need assurance that the financials don’t have fraud, you want assurance that they’re materially correct. Whether the company lost 10k to fraud or waste or incompetence is almost irrelevant for the investor, because the company has 10k less money. Obviously they’d prefer it not be due to fraud, but the impact on the financials is more or less the same.
Source: am a CPA