For customers· 4 min read

Fraud Detection: What Audit & Assurance Should Include

Can auditors detect fraud? Understand what audit and assurance services include for fraud risk and detection.

Fraud detection isn't an afterthought in audit—it's a core mandate that separates competent assurance from window dressing. Your audit firm needs to embed anti-fraud procedures into every phase of testing, not just respond when red flags appear. Here's what you should expect and demand from your Audit & Assurance provider.

Why Fraud Detection Matters in Audit & Assurance

Auditors have a professional duty under standards like AICPA AU-C Section 240 (Consideration of Fraud in a Financial Audit) to assess fraud risk and design procedures to detect material misstatement, whether intentional or unintentional. A cursory approach leaves you exposed to the kinds of frauds that slip through weak controls—employee theft, vendor kickbacks, revenue manipulation, and asset concealment.

The cost of undetected fraud is brutal. Studies show the median loss from occupational fraud is around $145,000 per incident, with detection taking months or even years. Your audit firm should be your first line of defense, not a compliance checkbox.

What Fraud Detection Should Include in Your Audit

Risk Assessment and Fraud Brainstorming

A capable auditor begins with a structured fraud risk assessment before fieldwork. This means:

  • Interviewing management and the audit committee specifically about fraud vulnerabilities
  • Analyzing your industry and company size against known fraud patterns
  • Identifying high-risk accounts (revenue, inventory, cash disbursements, payroll)
  • Documenting the "tone at the top"—whether leadership demonstrates ethical commitment or corners-cutting mentality

This assessment should produce a written fraud risk narrative in your audit plan, not vague language like "we'll remain alert."

Substantive Procedures Designed for Fraud

Standard audit sampling won't catch sophisticated fraud. Your auditor should employ targeted techniques such as:

  • Data analytics and continuous auditing tools: Software that flags duplicate vendors, round-dollar transactions, unusual payment patterns, or after-hours journal entries. Tools like IDEA, ACL, or Alteryx allow auditors to test entire populations, not just samples.
  • Detailed testing of high-risk transactions: For accounts flagged in risk assessment, expect 100% review of transactions above a threshold or all entries in a specific date range or approval pattern.
  • Revenue and inventory observation: Direct confirmation with customers and suppliers, not just reliance on internal records.
  • Management override testing: Searching for unauthorized or unusual journal entries, particularly near period-end.

Professional Skepticism, Not Auditor Trust

Professional skepticism means questioning management's explanations, even when relationships are good. Your auditor should be trained to spot and probe red flags such as:

  • Pressure to meet revenue targets or budgets
  • Complex or unusual transactions management can't easily explain
  • Inconsistencies between accounting records and supporting documentation
  • Weak or absent compensating controls

If your auditor accepts management's word at face value without independent verification, they're not practicing adequate skepticism.

What to Look for in a Fraud-Capable Audit Firm

Size and specialization matter. Mid-sized and larger firms ($1M–$50M+ annual revenue) typically have dedicated forensic or fraud specialists who can be called in for high-risk audits or when red flags emerge. Sole practitioners and small firms may lack the tools and depth.

Ask about their fraud detection track record. How many material weaknesses in fraud controls have they identified in similar-sized companies? Have they uncovered fraud in past audits? A firm that never identifies control weaknesses or suspected fraud may not be digging deep enough.

Check their technology stack. Do they use data analytics and continuous auditing tools, or are they running manual procedures? Modern auditing should leverage automation to test larger populations more efficiently.

Expect a fraud discussion meeting. Post-audit, your audit committee should receive a detailed discussion—not a single sentence—about fraud risks identified, procedures performed, and any suspected issues.

Timeline and Cost Implications

Fraud-focused audit procedures add 10–25% to audit hours depending on risk complexity. For a business with $5M–$20M in revenue, expect audit fees of $15,000–$40,000; fraud-enhanced procedures might add $2,000–$8,000. Smaller entities ($1M–$5M) typically see fees in the $8,000–$18,000 range with fraud procedures adding 20% on top.

Finding the right auditor is easier when you can compare and evaluate firms side-by-side. Mercoly helps you find and compare trusted Audit & Assurance providers in one place, so you can assess their fraud detection capabilities and experience before you hire.

Frequently Asked Questions

Q: What's the difference between an audit and a forensic audit? A standard audit looks for material misstatement (accidental or intentional); a forensic audit is a criminal investigation focused on proving fraud occurred. You typically don't need forensic audit unless fraud is suspected.

Q: Will my auditor report suspected fraud to the authorities? Auditors have a responsibility to report identified or suspected fraud to the audit committee; reporting to authorities depends on regulatory requirements, but auditors cannot remain silent with the board.

Q: How often should we update our fraud risk assessment? At least annually as part of audit planning, and immediately when significant business changes occur (new systems, personnel turnover, acquisitions, or control changes).

Compare audit firms today and ensure your next engagement includes rigorous fraud detection.

Looking for Audit & Assurance?

Compare trusted Audit & Assurance providers on Mercoly — browse profiles, products, and services and reach out in one place.

Related articles

More in Accounting, Tax & Bookkeeping · Audit & Assurance