Raymond Santos. Auditor, Aspiring Programmer, All-around Good Guy
It's difficult to give an accurate answer to this question without knowing the full context of the statement. Nonetheless, I 'll try to answer based on how I understood it.
Audit work composes of validating if what transpired (condition) is aligned with what should happen (criteria). To prevent this from happening, or to detect if this already happened, internal controls are established.
In a non-fraud scenario with effectively designed internal controls, auditors simply need to follow what happened in the transaction and determine variances from the criteria.
In a fraud scenario, internal controls, however effectively designed, are overriden by the fraudster (there is a conscious effort on the part of the fraudster to conceal the fraud). This means that using the normal audit approach of comparing the condition vs the criteria would not be enough anymore. Additional fraud analytics should
be prepared and performed depending on the fraud risk profile of the audit area.
Identifying the fraud risk profile, designing the test procedures, and performing these fraud audit procedures require special skills and training.
With the increasing complications in public accounting rules and principles (e.g. derivatives) it also becomes harder to trace unusual transactions and easier to hide fraudulent ones, especially for those who have no accounting/audit background. The public therefore increases their reliance with external auditors to detect fraud for them.
- Public has increased their reliance on auditors to detect fraud due to increasingly complicated accounting principles.
- The fact that fraud involves override of internal controls make it very difficult to prevent or detect it without special knowledge and training.
- This gap between public's expectations and special skills requirements causes great difficulty for the public accounting/auditing practice nowadays.