THE ROLE OF AUDITING PROFESSION IN DETECTING FRAUDS IN FINANCIAL STATEMENTS

Bearing in mind the increasingly complex economic environment and the emergence of new types of fraud, it is important to see what role the audit profession plays in detecting fraud and providing reasonable persuasion about fraud. The aim of this paper is to explain how the process of auditing financial statements works. The paper distinguishes between an auditor, a fraud auditor and a forensic accountant. The similarities and differences between these professions and their interrelationships are specified. The methodology used in the paper is content analysis. The results of the analysis revealed that audit and forensic accounting are inextricably linked in detection of fraudulent actions.


1M
any users of auditor's reports are of the opinion that auditors are responsible for detecting frauds. However, an opinion that auditing profession is designated to detect frauds in financial statements is a wrong approach. Company management is the body which is responsible for accuracy and regularity of financial statements, and therefore they are responsible to prevent and detect frauds or mistakes. 1 snezana.knezevic@fon.bg.ac.rs Auditors are primarily responsible to offer reasonable assurance to users regarding all materially important matters which might be related to detection of frauds or mistakes which are significant for company's financial reporting.
The primary aim of an auditor is not to detect fraud, unlike the professions of fraud auditor and forensic accountanant. There are certain similarities but also the differences between these two professi-ons. The relationship between auditing, fraud auditing and forensic accounting is dynamic and changes in relation to political, legal, social and cultural events (Atağan & Kavak 2017: 201). Depending on the objectives, it is pointed out that (external) auditors are focused on expressing professional, independent and expert opinion on the veracity and accuracy of financial statements, while the fraud auditor's objectives are directed at prevention, investigation and detection of frauds (Vukadinović et al., 2015: 204). According to the regulations, it is emphasized that the auditor's activity lies within legal and professional regulations, while the fraud auditor's activity is within professional regulations only. These are not the only differences, there are several more segments where these differences can be identified, as pointed out by Vukadinović et al. (2015). An auditor is responsible for planning and performing audit in order to achieve reasonable assurance on whether the financial statements contain the material data which are presented in a wrong manner, regardless of whether this was the result of a mistake or fraud. The motive or intention of an individual who made accounting entries are not the main focus of auditing procedures.
A forensic accountanant is hired in order to investigate suspicions that the fraud exists as well as to provide evidence of it, and therefore his task is to assess carefully the transactions in order to determine (in)existence of indications of fraud. If the existence of fraud has been established, it should certainly be investigated in more depth and a corresponding report made, the so called forensic report. According to the American Institute of Certified Public Accountants (AICPA) (White Paper, AICPA, 1993), "forensic accounting is application of accounting principles, theory and discipli-nes on facts or hypotheses on issues in legal dispute and includes all branches of accounting knowledge".
A financial statement auditor is responsible for detecting frauds due to the nature of audit evidence and characteristics of fraud, the auditor can have reasonable but not absolute certainty that considerable wrongful claims have been detected. The auditor's scope is a complete set of financial statements, while the fraud auditor is led by specific allegations of fraud which are directed at certain accounts included in predicting and its goal is to solve these allegations by finding evidence either to prove or to refute false activities. The auditor's work is affected considerably by the concept of material quality, but the scope of fraud auditor is not that limited. The fraud auditor is hired by an organization which is a potential fraud victim and the primary responsibility lies with the party which hired him, although external parties can see and use the report under certain circumstances, unlike the auditor who is usually hired by the party who was the subject of auditing but his main commitment is to the public investment.
Another significant difference between these professions is their relation towards material accuracy of data. Professions such as a fraud auditor and a forensic accountant are not limited by materiality (Singleton & Singleton, 2010: 14). "Materiality represents a threshold of significance for decision making about which matters are important enough to be included in the report" (Beke-Trivunac, 2015: 41). According to the Ministry of Finance, The Conceptual Framework for Financial Reporting (2010: 12), "information is material if omitting it or misstating it could influence decisions that users make on the basis of financial information about a specific reporting entity". However, materiality is of great significance for auditors in financial statement auditing since omission or wrong presentation can influence the decisions of financial statement users. From historical aspect, many auditors focused on standard of 5% profit before taxing (loss) or profit after taxing (loss) in continuous business as benchmark for materiality (Mitrović & Radovanović, 2018). Based on the nature and circumstances of the company which is audited other elements of financial statement can be of great significance to financial statement users: business profit, gross profit, working capital, net working capital, total assets, total income, total capital, as well as money flows from business activities. The auditors are not expected not to put emphasis exclusively on some amounts, since wrong financial items are not irrelevant because they are below a numerical threshold.
It is already clear now that there are significant differences between these pro-fessions and further in the paper these differences will become even clearer through explanations of all important elements of auditing profession. After introduction, the first part of the paper will deal with actions and procedures which constitute the auditing process. After that, the second part of the paper will explain the types of frauds in companies and the auditor' role in their clearing. Namely, in recent years concerns about frauds and false financial reporting have increased and continue to rise. This is why standards of fraud have been defined which expanded the concept of fraud in comparison with what used to be meant by the term so far. However, this is not enough, and academic research studies suggest that additional efforts are required by audit regulators and external auditors (Kassem & Higson, 2012) to precisely define the concept of fraud. The situation with auditing profession in Serbia will be the subject of the third part of the paper. The conclusion will sum up the main results.

AUDITING PROCESS: ACTIONS AND PROCEDURES
In the beginning it is necessary to explain the types of auditors in relation to the activity they do so that later on we could get a better picture on the objectives of certain types of auditing. First of all, it should differentiate between internal and external audit. "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes" ("Global IIA International Professional Practices Framework"). Internal auditors perform a wide spectrum of activities in the name of an organization, including financial statement auditing, inquiry of whether the activities are in conformity with organization's policies, examination of whether an organization meets its legal obligations, evaluation of operational efficiency, detecting frauds inside a company and performing IT auditing. Mechanisms of detecting and preventing frauds are various, and we will mention some of them: improving internal control and auditing, cash examination, policy of reporting a fraud and policy of rotation of employees, whi-ch suggests the fact that internal auditors and accountants play a significant role in fraud prevention.
The tasks of external audit are very similar to the tasks of internal audit, the difference being only in their constituency. Namely, external auditors represent third-party outsiders, while internal auditors represent the interests of the management (Hall, 2011: 33). The process of external auditing of financial statements includes four stages: accepting to perform auditing, planning, executing and reporting. Commercial or external auditors mainly audit financial reports but they could also audit comformity and performance and they are at the first 'front line' of corporate management, since they are crucial for checking financial information which are offered to share holders by the CEO, CFO and board of directors. They are usually called independent or authorized auditors.
State auditors come from state auditing agencies or ministries of finance. They deal with financial statement auditing, auditing of regularity of operations and auditing of operational expediency. The objective of financial statment auditing is to express opinion on whether the financial statements of the subject of auditing are true and objectively present their financial condition, the results of business operations and money flows in accordance with the accepted accounting principles and standards; auditing of regularity of business operations means examination of financial transactions and decisions regarding earnings and costs in order to see if the said transactions have been completed according to the law, other regulations, authorisations, as well as for planned purposes; auditing of business operations expediency means examining how the assets coming from the budget and other public funds have been spent, in order to check if the subject of auditing has spent these assest according to the principles of economy, efficiency and effectiveness, as well as in accordance with the planned objectives.
When auditing financial statements the auditor checks the veracity and objectiveness of financial statements of a company. The quality of auditing improves the quality of financial reporting, which then increases the credibility of financial statements (DeFond & Zhang, 2014).
The objective of audit is to ensure to the user that the information contained in these financial statements represents an organization fairly and accurately. In order to form an opinion, an auditor collects appropriate and sufficient evidence and observes, tests, compares and confirms until he gets reasonable assurance. An auditor then forms an opinion on whether the financial statements contain materially significant faults, either because of fraud or mistake. The role of auditing is not only to protect the interest of the capital owner, but it is important from the aspect of protection of the interest of the state for identifying irregularities in calculation and payment of taxes, fees, and similar, as well as from the aspect of protection of the interest of banks and investors for monitoring their claims (based on crediting or investments).
"Legal persons which have a duty to audit the financial statements in accordance with the law governing audit, shall submit to the Business Registers Agency the original of the audit report, drawn up in accordance with the law and international audit standards, with the attached financial statements that were audited" (Article 34 of the Law on Accounting, Official Gazette of the Republic of Serbia, No. 62/2013 and 30/2018).
In the procedure of commercial auditing, the auditor gets a letter/statement of the management which gives credibility to financial statements made up by the management in terms of veracity and legality of presenting the financial standing, the business operations results, changes of capital and financial flows, as well as in terms of providing true accounting records based on which the financial statements were made (Knežević & Mitrović, 2017). The management of the company is responsible for drawing up and presenting annual reports on business operations in accordance with the requirements of the Law on Acco Considering that the company management is responsible for efficient functioning of the company, internal control and financial reporting, it implicitly takes dominant position within the company structure and has a unique capability to make or approve fraud, since it is often in a position, either directly or indirectly, to manipulate the accounting entries and present false information, an auditor must be very interested in behavior of the management and business operating per-formance. In this context, the particularly important role of internal auditing and control is emphasized. Internal control in organizations of private and public sectors are particularly important for detecting the warning signs and protection from inefficient use of assets. The assessment of internal control system of an organization and formation of corresponding suggestions are within competence of internal auditing. Through monitoring of internal control system internal audit leads to more successful accomplishment of organizational objectives.
The main purpose of internal control is support to the entity in their risk management in order to achieve the objectives set by the entity and maintain the performance at the adqueate level. According to the Committee of Sponsoring Organizations (COSO, 2013) the system of internal control consists of five components which may be adopted by various types of companies, and they are: control environment, risk assessment, control activities, informing and communication and monitoring of activities. What is particularly important in order to prevent frauds in business transactions is that companies provide such a system of internal control which would lead to increase of work efficiency and responsibility in managing a company.

FRAUDULENT ACTIVITIES IN COMPANIES AND THEIR DETECTION
When it comes to fraud, or fraudulent activity, there are several various definitions in literature. One of them is that "a fraud, or a fraudulent activity in business environment is an intentional deception, misappropriation of a company's assets or manipulation of its financial data to the advantage of the perpetrator" (Hall, 2011: 116). Another definition is that fraud is "intentional act which results in material wrong presentation" or "a false representation of a material fact made by one party to another party with the intent to deceive and induce the ot-her party to justifiably rely on the fact to his or her detriment" (Hall, 2011: 117).
Auditors face frauds at two levels: there are employee frauds and management frauds. Since every form of fraud has various implications for auditors, it is necessary to differentiate between these two types. It is particularly important to take this into account when creating system for identification, prevention and monitoring of frauds in an organization. "Fradulent activities in their nature carry the element of hiding and connection among several employees, the managerial and administrative structure should have systematic knowledge on the existence of specifically conceived control procedures aimed against manipulations" (Petković & Cvetković, 2018: 43).
"Red flags" or fraud indicators are not unavoidably or universally connected to frauds. Instead, their presence indicates the degree of risk of fraud (Duffield & Grabosky, 2001). Unlike this point of view, Singleton and Singleton (2010) emphasize that "red flags" are used as a synonym for fraud fingerprints. When a fraud is committed, there are traces of a person who committed a crime and the crime itself which were left at the crime scene, or in the life of a person who committed a fraud, just like the fingerprints which may be left on the crime scene. "Red flags" include the elelements such as accounting anomaly, an inexplicable transaction or event, unusual transaction elements, changes in behavior or characteristics of a person or just the characteristics which are normally linked to the known frauds, particularly certain individual schemes or groups of schemes.
According to Singleton and Singleton (2010: 99), "red flags" connected with frauds in financial statements can be: • Accounting anomalies; • Rapid growth; • Unusual profits; • Weaknesses of internal control; • Various unusual activities of management. Fraud characteristics include: (a) hiding through the pact between the management, the employees or a third party, (b) witheld, wrongfully presented or forged documentation, and (c) capability of the management to bypass effective controls. Because of fraud characteristics, a properly planned and carried out audit cannot always identify materially wrong presentation.
According to the Association of Certified Fraud Examiners (ACFE), frauds can be classified as: financial statement frauds, corruption and asset misappropriation frauds. Financial statement frauds can occur by decreasing property/ income or increasing property/income. Decreasing of property/income in terms of fraud can occur based on timing difference, underestimating of income, overestimating of obligations and costs and incorrect evaluation of property. Increasing of property/income in terms of fraud can occur based on timing difference, fictitious (overestimated) income, underestimated obligations and costs, incorrect evaluation of property and incorrect disclosure (Mitrić, Stanković & Lakićević, 2012).
The ACFE research conducted by the analysis of 2,690 cases of occupational fraud in the period from January 2016 to October 2017 in 125 countries worldwide was published in 2018. This research, among other things, showed which departments within companies pose the greatest risk of fraud. In Figure 1, accounting department is at the first place as well as operations with 14%, while the smallest risk of fraud exists in human resources (1%). Since the accounting department has been assessed as the highest risk department in terms of fraud in companies, it was further examined what the most common occupational fraud schemes in high-risk departments are. Figure 2 shows that the largest number of frauds, 30% even, in the accounting department occur during check and payment (which includes all e-payments), and this is followed immediately by billing with 29%, while the smallest possibility of fraud is with register disbursements -about 2%. The same research analysed what the most common forms of anti-fraud control are. The majority of examinees said it was the external audit of financial statements.
Fraudulent financial reporting means wrongful reporting in that financial statements contain materially and significantly wrong statements and are not in accord with generally accepted accounting principles. According to Soltani (2007:534), fraudulent financial reporting can manifest as follows: • Manipulations, counterfeiting or changes of accounting records or accompanying documentation based on which the financial statements were prepared; • False representation or intentional omissions in financial reports; • Missing data on certain transactions; • Intentional wrong application of accounting principles referring to the amount, classification, manner, presentation or disclosure of financial data. • According to Singleton & Singleton (2010) financial statement frauds include: • Timing difference (irregular sale treatment); • Fictitious income; • Hidden obligations (incorrect obligation entries); • Incorrect disclosure; • Incorrect asset evaluation.
Although the existence of the efficient accounting and internal control systems reduce the possibility of wrong representation of financial statements because of fraud and mistake, there is always a risk that internal control system would not recognize fraudulent financial reporting. In addition to this, every system of accounting and internal control can be inefficient in activities related to fraud detection if there is a permanent agreement among the employees or if the fraud was committed by the management. The managers of certain levels can "pressure" the control which should prevent other employees to commit a fraud, for instance by indications given by their subordinates on manipulation wtih accounting records, counterfeiting of accounting documents or hiding information on economic transactions. According to the Law on Auditing (Article 45) "the Chamber of Authorised Auditors is an independent professional organization of Licensed Certified Auditors employed in Audit Firms, Audit Firms and Independent Auditors that have a status of the legal person with rights, duties and responsibilities set forth in this law and the statute of the Chamber". It was founded by the Law on Accounting and Auditing (Official Gazette No. 46/2006). This institutions is in charge, among other things, of licensing of authorized auditors.
The Association of Internal Auditors of Serbia is an organization whose goal is to promote the profession of internal auditing in Serbia, to strengthen its capacities from the aspect of professional development of its members as well as to strengthen their influence in the environment. It was founded in Belgrade in 2008. This organization is the member of the Institute of Internal Auditors Global -IIA, as well as of the European Confederation of Institutes of Internal Auditing -ECIIA.
In the Republic of Serbia there are 64 audit companes which deal with auditing (Chamber of Commerce of Serbia, 2018). It is often said that audit companies in Serbia are divided into the so called 'big four' and other audit firms (according to their market share and financial power). Further in the text the audit firms which make the 'big four' are presented.
PricewaterhouseCoopers -PwC Audit Company is seated in Great Britain in London. PwC is the second largest world consulting-auditing company, right behind Deloitte. PwC offers services in various business domains: auditing, tax, In the field of professional education in accounting, in the Republic of Serbia there is a particularly active organization -the Association of Accountants and Auditors of Serbia -which represents a non-government, non-profit association of professional accountants of Serbia. It was founded in 1955, and since then it has actively worked on the development of accounting profession, education of its members and harmonization of national professional regulations with the best experiences of the developled countries.
When it comes to legal regulations referring to auditing in Serbia, it is important to mention two laws: Law on Accounting ( It is prescribed by the Law on Accounting (Article 28) that "an audit of annual and consolidated annual financial statements shall be performed in accordance with the regulations governing the audit, and further (Article 34) that "legal persons which have a duty to audit the financial statements in accordance with the law governing audit, shall submit to the Agency the original of the audit report, drawn up in accordance with the law and international audit standards, with the attached financial statements that were audited".
Law on Audit (Article 1, Official Gazette of RS, No. 62/2013 and 30/2018) has regulated several segments impor-tant for the profession: the conditions and manner of conducting audit of financial statements, mandatory nature of audit, qualifications and licenses of persons required to perform audit, issuance and revoking the operating permits from audit firms and independent auditors, supervision over performance of audit, and other important matters. Audit is performed by Licensed Certified Auditors, employees of the Audit Firm, or by an Independent Auditor, provided that they are the members of the Chamber. According to the manner of audit, as said in Article 23 of the Law, audit can be statutory and voluntary. "Statutory audit shall be performed in accordance with this law, other laws that govern the mandatory audit of the financial statements in certain legal entities, ISA and the Code of Professional Ethics of Auditors. Voluntary audit of financial statements shall be performed by mutatis mutandis application of laws and regulations referred to in paragraph 1 of this Article. " In our country audit is mandatory for large and medium-sized legal entities whose business activities are performed in order to gain profit, as well as micro and small legal entities and entrepreneurs whose business income earned in 2016 business year exceeds EUR 4.4 million, insurance companies, banks, public companies, political parties and other tax payers included in the Law on Audit (Article 21).
Audit report is a report on the conducted audit that is issued by an audit firm or an independent auditor in accordance with this law and International Standards on Auditing.
The Audit Report shall contain at least the following (Official Gazette of RS, No. 62/2013 and 30/2018): • Introduction listing the financial statements being audited, together with accounting policies used for their making; • Description of the purpose and scope of the audit, stating the auditing standards in accordance with which the Audit was performed; • Opinion of a Licensed Certified Auditor that clearly expresses whether the financial statements give a true and fair view of the financial position of the legal entity in accordance with the relevant legal framework, as well as whether the annual financial statements are in accordance with special regulations governing the operations of the legal person, if that is provided in these regulations. The Auditor's opinion may be positive, reserved, negative, or the Certified Auditor may refrain from expressing an opinion if he is not able to express it; • Special warnings and problems on which the Licensed Certified Auditor wishes to draw attention, but without expressing a reserved opinion; • Opinion on the conformity of the business report with the financial statements for the same financial year.
With his report auditor increases the credibility of information contained in financial statements. Positive auditor's opinion is issued when auditors are assured that they truly and correctly present real condition of business and operations of a company and in accordance with accounting standards (Hodžić & Gregović, 2016). Reserved opinion refers to the situation when auditor concludes that it was not possible to collect sufficiently adequate audit evidence so that the opinion on financial statements of a company cannot be made. Opinion with reserve means that financial statements present real and objective condition of a company with the exception of concrete facts mentioned in the auditor's report. If the auditor gives negative opinion, meaning that the financial statements do not present real and objective condition of the company, this could be very harmful for reputation and financial standing of the company. The consequence of all this can be that a bad image of the company is created with investors, creditors and other interested parties.
In his reports the auditor increases the credibility of information contained in financial statements.

CONCLUDING REMARKS
Many corporate scandals and frauds initiated an important social question on the responsibility of auditor's profession and the role of auditors. Namely, there is a difference between what auditor does and what the public expectations from them are. Audit offers a reasonable guarantee and not the absolute insurance that financial statements do not have materially significant mistakes.
It is pointed out in this paper that the literature differentiates between an auditor, a fraud auditor and a forensic accountant. The audit which is performed by a fraud auditor has important preventive role in identifying potential frauds, but its possibilities are limited since auditors are not responsible for planning and carrying out audit in order to detect mistakes which are not of material significance for presenting financial statements independent of whether the mistake was caused unintentionally or it represents a financial fraud or malversation. A forensic accountant's profession is also important for timely prevention and detection of fraudlent activities or irregularities in companies, and the set of knowledge and skills he must have is in any case multidisciplinary with the elements of expert and moral reliability.
The paper has presented only a part of possible frauds, the financial statement frauds and the role of fraud auditor in their prevention and detection.
This does not mean that the number and types of examples are final, since from day to day with the increased use of sophisticated methods and with the development of information-communication technology there are new kinds of malversations, frauds or irregularities, and it should be pointed out once more that the management is responsible for the accuracy of financial statements and the role of external auditor in their prevention or detection. This is a crucial issue for further development of both accounting and auditing professions respectively.