Welcome to Luca!globe
Proposal to Say the "F" Word in Auditing Standa Current Issue!    Navigation Tips!
Main Menu
CPA Journal
Professional Libary
Professional Forums
Member Services

A sea change in attitude is needed.

Proposal to Say the "F" Word in
Auditing Standards

By Douglas R. Carmichael and James L. Craig, Jr.

The ASB has decided it can no longer dance around fraud and the auditor's responsibility to detect it. Proposed new standards say the "F" word loudly and clearly.

The auditor's responsibility to plan an audit to uncover fraud has changed over the years. Those who entered the profession more than 20 years ago remember (and, apparently some have refused to forget) the guidance given by the committee on auditing procedures, which said "the issuance of an opinion respecting financial statements is not designed and cannot be relied upon to disclose defalcations and other similar irregularities, although their discovery frequently results." To drive the point home, many engagement letters contained that language. Those were the "good old days" when the auditor set his or her sights on catching unintentional errors only.

But the courts and the rest of the world didn't agree with this approach. The auditor's report made no mention about financial statements being free of only material unintentional errors. The world held the auditor to a higher standard. After the Equity Funding debacle, the SEC summoned leaders of the public accounting profession to Washington and demanded to know what they planned to do to ward off similar catastrophes in the future. Standard setters at the AICPA responded with SAS No. 16, The Independent Auditor's Responsibility for the Detection of Errors or Irregularities, which changed the standards to require the auditor to "plan the audit to search for errors or irregularities that would have a material effect on financial statements."

But problems continued to occur. Material fraud was being committed that misstated financial statements, and auditors in a number of well-publicized cases failed to detect frauds that audits in accordance with the standards should seemingly have detected.

The Auditing Standards Board (ASB) went back to the drawing board to see if standards needed to be changed to heighten the awareness and effectiveness of auditors in searching and detecting fraud. The result was SAS No. 53, The Auditor's Responsibility to Detect and Report Errors and Irregularities. SAS No. 53 requires auditors to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. The statement was one of a series of nine statements that, as a group, became known as the expectation-gap standards. The statement indicated that responsibility to detect material misstatements existed whether the misstatement was a result of errors or irregularities. But the "F" word, fraud, was still studiously avoided except for a brief mention that management fraud was one form of irregularity. It was the intention of the standard setters, however, that auditors understand and perform audits so as to provide reasonable assurance that financial statements were free of material misstatement regardless of the cause, whether that be inadvertent error, employee dishonesty and concealment, or management fraud.

But in the years following the issuance of SAS No. 53, incidences of material misstatements in financial statements, principally because of management fraud, continued to be made public. The savings-and-loan crisis, with stories of mismanagement and fraud resounding throughout the land, brought the whole issue of auditor performance once again to the front pages.

The AICPA held a conference in 1992 to review the effectiveness of all the expectation-gap standards. Had they achieved the objective of better communication to users and improved the effectiveness of auditors, especially in the detection of errors and irregularities? One of the papers presented at the conference raised the issue of the effectiveness of SAS 53.

In 1993, the Public Oversight Board of the AICPA--feeling the pressure and need to improve auditor performance--issued a publication, In the Public Interest, that gave more than 20 recommendations to various players in the financial reporting process to restore public confidence. While concluding that the guidance in SAS No. 53 was OK, the POB expressed concern that some practitioners were not living up to the standards. There was a performance gap. The POB recommended increased efforts by CPA firms to ensure the implementation of SAS No. 53. Soon thereafter the AICPA issued a response to the POB recommendations in the form of a white paper that restated the auditor's responsibility to detect material misstatement, including management fraud.

According to AICPA vice president Dan Guy, who heads the standards setting activities at the AICPA, shortly after the issuance of the POB report and the AICPA white paper, the AICPA began its own campaign to increase the knowledge of auditors about their responsibilities for fraud with material in The CPA Letter and coverage in the year-end Audit Risk Alerts, including suggested wording for engagement letters.

Ultimately, because of all the discussions about fraud, the issue of the auditor's performance in detecting material fraud was put back on the ASB's agenda. The work was assigned to a fraud task force under the leadership of first, Randy Noonan, current ASB chair, and later Arthur Andersen partner David Landsittel. After several years of grappling with the issue, its work has resulted in the development of proposed changes to a number of auditing standards that were released in the form of an exposure draft in May 1996.

The proposed SAS is to be called Consideration of Fraud in a Financial Statement Audit, which will replace SAS 53, and there will be proposed amendments to sections of SAS No. 1, Due Professional Care in the Performance of Work and Responsibilities and Functions of the Independent Auditor, and SAS No. 47, Audit Risk and Materiality in Conducting an Audit.

The CPA Journal spoke with David Landsittel, chair of the fraud task force Robert Fleming, a partner of Urbach Kahn & Werlin, a member of the task force and recent member of the ASB, and vice-president Dan Guy, to learn about the objectives of the proposed changes and how they are likely to affect practitioners, preparers of financial information, and users. The Journal also spoke with George Diacont, chief accountant of the enforcement division of the SEC, to learn about the SEC's perception of the pervasiveness of management fraud, auditor performance in detecting fraud, and whether the revised standard should improve auditor performance. Diacont's views are presented as a sidebar.

Do Auditors Need a
New Approach?

When asked whether, as a partner in a regional firm, he saw deficiencies in audits under existing standards, Bob Fleming responded that it is clear that many auditors do not understand their responsibility for misstatement arising from an act of fraud. He sees this misunderstanding at his own firm's staff training and in peer reviews. But he does not think finding fraud is viewed by the local practitioner as a major practice issue.

As the task force began to focus on the issues, it concluded, however, that a very important aspect of fraud for the local and smaller practitioner is employee defalcations or misappropriations. Many owners of smaller businesses look upon
their auditors as the watchdog against employee dishonesty. It is for that
reason, according to Fleming, that the task force broadened the scope of the project to include misappropriation
of assets.

Chair of the task force, David Landsittel, believes the ASB has a responsibility to continually try to strengthen and improve the audit process to address public expectations. His two areas of concern are fraud and early warning of financial distress--going concern issues. Clearly in Landsittel's mind there are many instances in which material financial statement fraud has occurred and gone undetected. In SAS No. 53, the profession clarified the responsibility to detect fraud. In this initiative, says Landsittel, "We don't want to increase responsibility but rather provide performance guidance to better fulfill the presently existing responsibility. We are trying to articulate in a way that the auditor understands how he or she should address that responsibility." Landsittel explained why it is not possible to increase that responsibility above what presently exists. He noted that the framework of fraud detection must consider the concept of materiality. The auditor is only responsible for detecting material misstatement due to fraud. And a proper audit approach must consider the long-established concept of "reasonable
assurance." Because of those very
pervasive underlying principles, Landsittel believes the responsibility for detecting fraud will not be increased by the

According to Dan Guy, as the task force began to focus on the issue it concluded that what was necessary was not greater responsibility, but rather a change in attitude that would drive performance so there would be no question as to what the auditor should be doing.

Guy went on to say that what we hear from investigations of alleged audit failures is a complacency or a willingness to accept what management represents. He says there is a need for healthy professional skepticism to kick in.

The Approach Taken

In the early discussions, according to Fleming, the task force concluded that if the task force did nothing but substitute the word fraud for irregularity, awareness and attitudes would no doubt change and the task force's objectives would be largely accomplished. As it spent more time with the subject, the task force decided to keep, but strengthen, the present risk-based approach to helping auditors discharge their responsibilities. It also decided that the sections of SAS No. 1 dealing with the auditors' responsibilities and due professional care should be amended to establish at the highest level of standards the auditors' responsibility for finding fraud and to exercise an appropriate level of professional skepticism.

The exposure draft, after defining what the two kinds of fraud are, directs the auditor to assess the extent to which there is a risk of material misstatement due to fraud. "It is an affirmative responsibility to assess this risk in every audit engagement," says Fleming. These risk factors are commonly called "red flags," but the proposed SAS avoids that more charged term. In making the required assessment, the auditor is directed to consider fraud risk factors related to defined categories. For example, the auditor would, under the category of management characteristics, assess the risk factor of management's attitude toward internal control and financial reporting. The auditor, in assessing the risk, might look toward the existence of a code of conduct or the timeliness or seriousness with which management deals with control deficiencies or findings of regulators.

Under the category of industry conditions, the risk factors suggested for consideration relate to the level of competition and market saturation with perhaps declining profit margins. Under the category of operating characteristics, the auditor might consider factors such as unrealistically aggressive sales or profit-based incentive programs.

The proposed statement also presents risk factors in three categories related to misappropriations of assets.

The statement proposes that the auditor be mindful of the various risks of fraud factors throughout the conduct of the audit, not just at the planning stages. The auditor is expected to continually evaluate audit findings as they might affect the assessment that fraud might be present.

Audit procedures, it is suggested, could be modified by changing the experience level of those performing the work or by changing the nature, timing, or extent of the procedures themselves. For example, if there were fraud risk factors in the area of inventory and sales cut-off, the auditor might decide to observe physical inventories at year-end, using very experienced staff, without informing management as to which specific locations were to be visited.

Guy indicated the statement will require documentation of the performance of the assessment of the risk of fraud that could materially misstate the financial statements and how the assessment affected the nature, timing, and extent of audit procedures. Any changes in that assessment as the audit is conducted will also require documentation.

He was quick to point out that a decision to assess control risk at the maximum and to use a substantive audit approach would not automatically lead the auditor to do the work needed to satisfy the standard. The reason for this is that the risk of fraud is both an element of control risk (the risk the client's internal control system might not prevent or detect the fraud) and inherent risk (the risk fraud exists independent of any control system). The point is that if the consideration of risk factors identifies concerns, the primarily substantive approach to the audit typically done may have to be revised to adjust for the concerns--either of management fraud or misappropriations of assets. "The one-size-fits-all substantive audit is not sufficient," says Dan Guy.

Fleming noted that giving proper consideration to the risk factors will take judgment. There is no formula that says if this one risk factor is present, you perform this step. And the factors will have to be considered individually and in combination. An auditor may find the presence to some degree of several factors that individually are not a concern, but that taken together lead to the conclusion the risk of fraud is present. Fleming stated that if properly considered, risk factors cannot be glossed over. Expansion of audit work may be necessary.

Landsittel clarified that the auditor does not seek to conclude whether the risk of fraud is low, medium, or high. What he or she does is conclude in a particular category of risk that a risk exists. The auditor responds by designing auditing procedures to directly deal with the risk of fraud as identified.

The proposed statement also advises auditors that the risk of fraud might be so high as to lead the auditor to resign from the engagement.

Have the Lawyers Looked at It?

SAS No. 16 started out to be a strong statement on fraud detection. So did SAS No. 53. What prevented both from being as strong as originally intended was the reaction to the proposals by legal advisors to the profession. They advised that the stronger wording as originally drafted would increase the risk of litigation against accounting firms. Fleming and Guy were asked to comment whether there was a risk this could happen with this proposal or whether the lawyers' input had already been reflected in the standard. Guy indicated the lawyers have been kept informed about the way the standard was being drafted from "day one." In fact, Richard Miller, AICPA legal counsel, was a member of the task force. The attorneys have raised a number of questions, in particular, to an earlier approach to the standard that would have called for the auditor to conclude whether there was a heightened risk of fraud being present. That concept is no longer in the proposal. Guy went on to express his view that, because of their ongoing awareness, there should not be any new objections from the legal side once the proposal is issued. Also, the key people on the project have a strong sense of the public interest and are very interested in a standard that will have teeth and be effective.

In Landsittel's view, this is a performance standard, not a change in responsibility standard. As a result, it should reduce the liability risk to those who properly apply it. The new SAS will give the auditor more ammunition to deal with existing responsibilities. Landsittel feels if a standard will improve performance, the benefits exceed the risk that it could be used against the profession.

The Effect on Audit Time

It is clear the statement as proposed will lead to increased audit time. Companies for which fraud is not present will not want to pay for the increased time. Auditors whose fees are under pressure from competition and client fiscal restraints will not like this expansion of work, especially if fraud has never been a problem.

"The effect of the proposals on audit time will vary," says Dan Guy. "Some organizations have very strong internal control, management that is concerned about fraud and its effects on the entity, and policies and procedures that are designed to prevent and detect fraud." For those organizations Guy thinks the impact on fees will not be significant. For organizations with fraud risks that are not effectively addressed by management, the costs will be greater. "But the bottom line," Guy continues, "will be that the public interest benefits--value added to the audit--will outweigh the additional costs."

Landsittel similarly feels that if management carefully considers the risk of fraud and establishes sound deterrent and detection controls addressing that risk, the ongoing increase in required audit effort should not be significant.

Fleming, in agreeing there is the potential for increased time, pointed out that the task force has attempted to make the risk factor analysis as discriminating as possible so that consideration of the factors will lead only to more or different work when justified. The idea is that, in entities where the risk of fraud is low, there will be no substantial increase in audit effort. It will be necessary, however, to document the consideration of the risk factors. Conceivably, an analysis of the factors might even lead to a better understanding of the client and the risk of error and therefore to less work. Fleming says the ASB and the task force will be interested in hearing from practitioners during the comment period as to how discriminating the factors seem to them. Fleming said, "If 90% of a firm's audit clients come up with concerns about the risk of material misstatement due to fraud, either it has the wrong practice or the proposed standard is wrong." Dan Guy added that when risk factors are employed, you would like to know if they are, in fact, predictive or at least a ranking of which are more predictive than others. "We don't have that now." said Guy. "That is well beyond any research that we have today."

Possible Field Testing

The question was raised as to the possibility of field testing the risk factors to see the extent to which they are in fact discriminating. Guy remarked that this is something that is usually not done, at least on a formal basis. Landsittel thought it would be a major benefit if firms did this on an abbreviated basis during the exposure period. In any case, it was concluded that it would be completely appropriate to revisit the standard after it has been in effect for a period of time. According to Guy, we can't wait for a field test to have a new fraud standard. The idea of revisiting the standard at a later date fits into Landsittel's notion of the whole standard setting process.

Fleming explained the process the task force used in developing risk factors. "An initial risk factor we listed was aggressive management. Well, some commented that describes all my clients. We must be more discriminating. Finally we settled on 'an excessive interest in maintaining or increasing the entity's stock price.'"

Big Firm/Small Firm

Some small firms may view the proposed standard as a potential penalty to them for the problems of big firms. In their roles as bookkeeper and financial statement preparer, they may feel there is no way management fraud could take place that would materially misstate the financial statements. Fleming felt that that point of view would be risky. He would advise CPA firms to be careful about assuming they are immune to management fraud in their practices.

Landsittel feels that there is no split on this issue by size of firm. "We feel all firms have struggled with the actual extent of their responsibility, which we are attempting to clarify." Standards overload is a concern of all firms. But, he pointed out, increasing the effectiveness of detecting fraud at clients, large and small, cannot be viewed as adding to standards overload.


The proposed standard has a documentation requirement. It will join the ranks of the selected few standards that require specific documentation. The task force, according to Landsittel, wanted to make the documentation requirement explicit to add to the understandability of the requirements embodied in the standard and the likelihood the auditor would substantively respond to the standard.

An Effective Pronouncement

It is well known that one of the common deficiencies in audits where management fraud has been revealed is the hesitancy of audit partners who become aware of conditions that might indicate a risk of fraud to drill deeper--to really start auditing aggressively. This is contrary to "good client service" and conflicts with selling additional services. Guy agreed that it will take a change in attitude. "We have got to have it."

A User Friendly Pronouncement

If past history is any guide, practitioners are sometimes reluctant, hesitant, or slow in implementing changes. There is some question as to the extent auditors have fully understood the notion of a risk-based approach to auditing. According to Guy, to speed up implementation and consistent with new AICPA president Barry Melancon's wishes, the final statement will be rolled out using a user-friendly approach. The AICPA is not going to launch the statement from its silos and then hope it will catch on with practitioners. Guy tells of the formation of a fraud team at the AICPA to produce a wrap-around bundle of materials to assist in implementation--videos, self-study material, CPE instruction courses, press briefings, road shows, checklists including engagement letter language, and questions and answers. He also says the document is being written in a way to make it easier to apply. "We plan to do a better job than we have ever done before," said Guy.

Landsittel pointed out the very premise of the new fraud standard should make it more user friendly. It is a one-note statement, talking about fraud, and not mixing fraud with unintentional errors that might have been made. Plus the definition of fraud is very straightforward.

Auditing Standards Are
Now a Matter of Law

Title III of the recently passed Securities Liability Reform Legislation now explicitly gives the authority to the SEC to establish selected auditing standards and requires auditors of public companies to follow AICPA audit requirements in the areas of related parties, going concern evaluation, and illegal acts. Fleming and Guy were asked to consider whether the legislation would change the consequences of faulty or deficient auditing in these areas for public companies, since such deficiencies would now become a matter of law and not simply substandard performance under GAAS. It was generally concluded that the legislation, in and of itself, would not change the playing field for auditor performance. It was agreed, however, that when the legislation talks about illegal acts, it is clearly focusing on the auditor's responsibility to blow the whistle on fraudulent behavior and practices. Practitioners will want to focus on this, and the proposed guidance in the fraud SAS will have to be given a prominent place in the audits of public companies.

Landsittel felt it disconcerting that it was necessary to legislate auditing standards. However, the end result--the reform legislation--is very consistent with the task force's thoughts of what
is important in the audit of public

Comments on the Exposure Draft

David Landsittel, as chair of the task force, will be looking forward to thoughtful comments on the proposal. He and his task force will not be looking for a "yea or nay" vote. They will be looking for explicit comments on specific aspects of the proposal. *

Douglas R. Carmichael, PhD, CPA, and James L. Craig, Jr., CPA, are editors of The CPA Journal

Chief Accountant, SEC Enforcement Division

I have been with the SEC since 1973. I started in the division of enforcement conducting investigations of financial statement fraud, including the work of independent public accountants. After five years I transferred to the office of chief accountant where I was primarily responsible for conducting independent reviews of enforcement recommendations, particularly those involving accountants. In 1992, I returned to the division of enforcement as its chief accountant. My current role is to oversee the investigation of alleged financial statement fraud. At any one point in time we have about 100 cases under investigation in Washington. The regional offices also investigate allegations of fraud, the number of which can run in the 300rds. I have a staff of 21 accountants, all of whom are fairly sophisticated and knowledgeable, most of whom have spent time in public accounting at large firms.

Whenever we investigate an allegation of financial statement fraud, invariably we investigate the work done by the independent public accountant. It is a high priority with us.

Soon after it was founded, the SEC decided to rely primarily on the private sector to develop accounting and auditing standards and to audit public companies. That decision made it especially important that the enforcement division maintain a close watch over what the profession was doing to ensure that private-sector responsibilities were met in a manner consistent with the public interest. The SEC always maintained that it had implicit authority to set auditing standards, and in the event the private sector fell down on the job, it could step in to fill in any gap. The SEC also has explicit authority to establish accounting principles, but it again decided, largely, to keep that process in the private sector.

It should be noted however, that Title III of the Securities Litigation Reform Act of 1995 explicitly gives the SEC the authority to establish generally accepted auditing standards for audits of public companies. But I don't see any change in policy forthcoming to exercise that authority as long as the private sector does a good job.

Our investigations often begin as a result of information provided by informants (sometimes at the registrant); through information provided by other Federal agencies such as the FBI, IRS, or Comptroller of the Currency; the financial press; or other divisions of the SEC, such as the Division of Corporation Finance.

Typically these actions are brought against accountants under rule 102 (e) of the Commission's Rules of Practice under which we allege the auditor engaged in improper and unprofessional conduct. The Commission interprets this to mean a failure to comply with generally accepted auditing standards.

The kinds of deficiencies we note are a lack of independence, professional skepticism, an overreliance on management representation, or a failure to obtain sufficient competent evidential matter. The new auditing standard should help, because the proposal says that if the risk of fraud is present, the auditor must become more aggressive and more focused in the application of audit procedures. By more aggressive, I mean the auditor must act in a more challenging way. For example, if there is a concern about the risk of fraud, the auditor should not tell management the inventory locations he or she plans to observe. And you can't send a staff person just out of school to do the observation without proper supervision and review. And you can't rely solely on written confirmations. Our experience shows that where fraud has been present, the confirmation process has been completely subverted by management. The auditor must act aggressively and anticipate and be prepared to deal with objections from the client. Our experience shows that auditors who get in trouble with us are often those who fail to react as required by auditing standards to the changing circumstances that face them.

Here is my view on how a typical fraud scenario should play out. The auditor begins the work expecting a routine situation and an honest client. Auditing standards say at this point the audit evidence required is at the persuasive level. Then the auditor begins to see "red flags" that perhaps management's integrity is not what was assumed, or journal entries that don't make sense, or transactions exist that don't economically add up. In my opinion, the auditor at that point must ratchet up the audit, become more aggressive and look for audit evidence that is convincing rather than just persuasive. If doubts continue, concerning, for example, the integrity of management, the audit evidence sought must move to the conclusive level. This is what is required under auditing standards to meet the sufficient competent evidence test needed to provide reasonable assurance. The new standard goes a long way toward making very clear how the auditor must apply the evidence standard on a sliding scale as I have indicated.

This is what we often find when we review the performance of an auditor in an investigation. The auditor often does what was done in prior audits and fails to adjust based on changing circumstances. Often the workpapers indicate that the auditor identified problems but resolved them based on management representations. Often the internal controls are poor; management is aggressively using accounting gimmicks to increase income or limit the scope of the audit. There are sometimes last minute, material outside of the ordinary course of business transactions, there may be an IPO, the industry may be in a recession, or there are other indications that this is not a routine audit situation. Frequently, the possibility of fraud becomes more and more apparent. Under these circumstances if the auditor fails to apply more aggressive audit procedures and adjust the level of evidence required from persuasive to convincing to sometimes conclusive, the audit will fail to comply with GAAS and will justify us proceeding with a Rule 102(e) action. Most auditors have no problem conducting a GAAS audit when the client is honest and forthcoming. The challenge comes in the small percentage of cases where management is intentionally engaging in some form of fraudulent conduct. The new standard should provide useful guidance in those

Have I seen improvement in the performance of auditors over the years? That's a good question. We don't see some of the blatant, glaring deficiencies we used to see in the early 1970s. I do think that the work of the Public Oversight Board and the AICPA SEC Practice Section has led to improvement in the quality control systems and the work of firms auditing public companies.

The nature of the problems as between big firms and small firms is different. We don't find large firms signing audit reports without doing any audit work. From time to time we find a small firm, a sole proprietor perhaps, without any workpapers or very few. What we usually find with regard to the large firms is a lack of professional skepticism and over-reliance on management's representations, or perhaps a disposition to keep the client at all costs.

A thing that amazes me is that the large firms with all their resources can't seem to develop effective analytical procedures. Or perhaps if they are effective, the people reviewing them are too inexperienced to use them properly. It seems to us that the existence of the fraud often shows up in the relationships of the numbers which I would think effective analytical procedures would reveal.

Also, it is difficult to understand why, 50 years after the infamous McKesson & Robbins case involving missing inventory and overstated receivables, we still see auditors missing material amounts of inventory and fictitious receivables.

Some critics of the proposed statement have said that going through the process of applying the standard will produce a road map for litigators and others, such as our enforcement division. In my opinion, that criticism is unfounded. I don't need this standard to provide a road map to audit deficiencies. The way is already clearly laid out.

We can readily identify audit deficiencies based on a review of the workpapers and the testimony of the auditors. I don't mean to say that failure to comply with the standard won't be a basis for a finding. But the requirements to find fraud already exist in the area of competent evidence required to reach an informed opinion, and the new standard will not expand that responsibility.

Looking at the other side of this, I would think if an auditor followed the guidance of the new standard and properly documented the work done, that auditor would be in a much better position to defend him-- or herself if it was later determined fraud existed and went undetected. We investigate many more situations than we end up suing. If we conclude an auditor has complied with GAAS, we do not proceed with any disciplinary action. There are mistakes made on most audits, but we look at the totality of the work done before determining whether an enforcement action is warranted.

I think, overall, auditors are doing a good job. I don't know of any other profession that would subject itself to what the accounting profession has done--with peer review, public oversight boards, continuing education, and the like. The lawyers and doctors haven't done anything like it. The problem is the whole profession is being judged by the outcome of a very small percentage of audits. The spotlight shines on the few problems. So my advice to the profession is to improve the work in the fraud area--the new standard should help--and improve the effectiveness of audit procedures. The credibility of the profession will depend on its ability to reduce the number of audits that fail to detect fraud.

Standard setters often seem unduly influenced by the lawyers' concerns about the potential for increased legal liability with the result that auditing standards are not as effective as they might otherwise be. The exposure draft on fraud is a step in the right direction to make auditors more sensitive to the possible existence of fraud and provide practical guidance on how to react to it. The new standard does not change one whit what we thought the auditor should have been doing in the first place. *

The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or of the author's colleagues on the staff of the Commission.

[Editor's note: For a further insight into the work of the enforcement division, see the article in this month's auditing department.]

The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices

Visit the new cpajournal.com.