The world of the ‘whys’



Children have a phase when they question just about everything. For my son, it started as soon as he was able to articulate complete sentences, when he was about two years old. His questions elicit a wide range of reactions from us, his parents – from amusement to endearment to panic. When we made him eat food that seemed new to him, he asked, “Did I eat this before?” And when we convinced him that he already did, he asked further, “Did I like it?” – much to our amusement. When he became aware of the reason we left the house every morning, he probed, “Why do you have to go to work every day?”

His curiosity spikes when he sees something new, something out of the ordinary; and he will not stop until such curiosity has been satisfied. I remember the time when we panicked when he raised the question, “Why was Ate (big sister) born ahead of me?”

Curiosity is the fuel for learning. The more curious a child is, the more he learns. Surprisingly, it is not very different from how we do our audits, particularly when we deal with the risk of fraud.

When considering fraud in our audits, auditing standards require us to ask the client’s appropriate levels of management, the personnel charged with governance, and the personnel outside the Finance and Accounting department. The more we ask, the more we understand the client’s susceptibility to fraud risk. The more we understand that, the more we are able to tailor our audit approach, which should increase the likelihood of detecting fraud if and when it exists. So the key is in asking the right persons the right questions.

Given the recent fraud cases that have rocked the corporate world, both locally and abroad, and the severity of their financial impact, it is paramount for top executives to revisit the effectiveness of internal controls of their respective companies. Such cases also prompt us, auditors, to look back into the effectiveness of the procedures in all of our audits. Could an audit conducted in accordance with the Philippine Standards on Auditing (PSAs) have detected such fraudulent schemes? Well, yes and no.

PSA 240, The Auditor’s Responsibilities relating to Fraud in an Audit of Financial Statements, states that the primary responsibility for preventing and detecting fraud rests with both those charged with governance of the entity and management. The auditor’s responsibility is to develop an audit approach that is responsive to assessed risks of material misstatement due to possible fraud. Fraud in this context may involve fraudulent financial reporting and/or misappropriation of assets.

The likelihood of detecting fraud depends on a number of factors such as the level of management involved, the skillfulness of the perpetrator, the relative size of individual amounts manipulated, and the degree of collusion involved. Any or some or all of these factors would make it less likely for the auditor to detect the fraudulent act. The auditor may talk to the right people, ask them the right questions, and design detailed audit procedures, and yet may still not detect the fraud. The higher the level of management involved, the more skillful the perpetrator, the smaller the amounts of the individual transactions, or the more employees who colluded, the more difficult it would be for the auditor to spot the fraud, no matter how carefully and intelligently the audit was planned and executed.

Central to the auditor’s responsibilities when it comes to fraud risk in the financial statements is maintaining an attitude of professional skepticism. Professional skepticism is nothing but the auditor’s version of curiosity.

Curiosity is something that we are all born with, while professional skepticism is a state of mind that has to be developed. Professional skepticism is not just taking the management’s word when asked about fraud, but asking a lot of “whys” and “hows,” and validating whether their answers make sense. Why are particular transactions processed in certain ways? Why did management use a particular assumption in developing an accounting estimate and not another? How does management ensure that internal controls are designed as planned and are operating as designed?

To address the risk of fraud in an audit of financial statements, the auditor’s responsibilities must include asking the right people, designing a responsive audit approach, and maintaining professional skepticism. Welcome to the auditor’s world—the world of the “whys” and “hows.” In our world, the saying “curiosity killed the cat” may not always be true because our kind of curiosity, called professional skepticism, is what will actually save us, auditors, from giving a wrong opinion on financial statements.

Maritess Buted is a director for assurance and accounting consulting services of Isla Lipana & Co./PwC Philippines. Email your comments and questions to This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.



Please follow our commenting guidelines.

Comments are closed.