In the detection and reporting of potential fraud and illegal acts, DoD auditors should: [1]

A. Maintain sufficient knowledge of the characteristics and indicators of fraud, techniques used to commit fraud, and the types of fraud associated with the activities being audited. Such knowledge is necessary for the auditor to be reasonably effective in determining the adequacy of controls to deter opportunities to commit fraud or illegal acts, and in evaluating evidence that these acts might have been committed. The DoD audit organizations should work closely with investigative organizations to develop additional information on the characteristics or indicators of fraud and share it with other DoD audit organizations.

B. Plan audits (except for review-level and agreed upon procedures-level attestations) to provide reasonable assurance of detecting fraud in accordance with generally accepted Government auditing standards (GAGAS). Fraud risks should be taken into consideration throughout the audit, including during audit planning and evidence evaluation.

C. Consult with investigative organizations when auditors identify fraud risk or when indications of fraud come to the auditor’s attention. Auditors should document the situation and promptly notify the appropriate DoD investigative organization according to DoD Instruction 5505.2 “Criminal Investigation of Fraud Offenses” (Reference (v)). Following notification of investigators, the auditors should notify the top official of the entity under audit of the situation unless advised otherwise by investigators or it is obviously inappropriate (e.g., the top official is involved).

D. Recognize fraud indicators and refer and consult as early as possible with investigators to determine the approach and additional audit work needed if fraud or illegal acts have occurred or are likely to have occurred. When consultation with the investigative organization determines that additional procedures are needed, auditors should design procedures to provide reasonable assurance of detecting such fraud. When necessary, and in consultation with the investigative organization, auditors should perform additional audit work to determine whether fraud likely occurred and the effect on the audit findings.

E. Provide reasonable assurance to detect fraud (except for review-level and agreed-upon procedures-level attestations) in accordance with GAGAS. Auditors are not expected to provide absolute assurance of detecting fraud, illegal acts, or abuse. Absolute assurance is not attainable and thus even a properly planned and performed audit may not detect a material misstatement resulting from fraud.

F. Determine the best way to report the results. The method of reporting the audit results will vary depending upon individual circumstances. Audit matters dealing with fraud or illegal acts shall be covered in a separate written audit report if this would facilitate the timely issuance of an overall report on other aspects of the audit. The opinion of legal counsel should be obtained on the reporting method chosen. Auditors should limit their public reporting to matters that would not compromise investigative or legal proceedings.

AcqLinks and References:

• DoD Manual 7600.01-M “DoD Audit Manual” – 13 Feb 09
• DoD Instruction 7600.02 “Audit Policies” – 27 April 2007
• DoD Instruction 7650.02 “GAO Reviews and Reports,” – 20 Nov 2006
• Comptroller General of the United States Guidance, “Government Auditing Standard Guidance on GAGAS Requirements for Continuing Professional Education” – April 2005
• DFARS Subpart 237.2 “Advisory and Assistance Services”
• DCAA 7641.90 “Auditing Contractor Information” – Jan 2005
• Example: Purdue University “Internal Office Audit Plan” – 2005
• Template: Internal Audit Plan, U.S. Department of Housing and Urban Development
• Website: DoD Office of Deputy Inspector General of Auditing
• Website: Defense Contract Audit Agency (DCAA)
• Website: DCAA 7640.1 “Contract Audit Manual”
• Website: FAR Part 42 “Contract Administration and Audit Services”