Understanding terms of reference in forensic audit in Zimbabwe

PHILLIMON MHLANGA

In the pursuit of truth and accountability, forensic audits play a vital role in uncovering fraud, corruption, and financial mismanagement.

However, the success of these audits relies heavily on a clear and well-defined scope of work, as outlined in the Terms of Reference (ToR).

A comprehensive ToR, multiple experts told Business Times, a market leader in financial, business and economic reportage, is the foundation of a forensic audit, ensuring that the audit is focused, efficient, and effective in achieving its objectives.

It serves as a roadmap for the audit process, guiding the auditor’s approach, procedures, and conclusions.

In Zimbabwe, where forensic audits are increasingly crucial for promoting transparency and accountability, understanding the principles and best practices for developing and managing ToR is essential, especially considering that no forensic audit can be conducted without a ToR.

1. Definition and purpose of Forensic Audits

Section 2 of the Public Accountants and Auditors Act [Chapter 27:12] defines an “audit” as “the verification or certification of financial statements, financial transactions, books, accounts, or records.”

The term ‘Forensic Audit’ is not defined by statute in Zimbabwe, and reference is made to Investopedia, which defines it as an examination and evaluation of a firm’s or individual’s financial information for use as evidence in court to prosecute a party for fraud, embezzlement, or other financial claims.

Forensic auditing is further defined as “a type of specialized audit, aimed at discovering, disclosing, and following up on frauds and crimes” [Certified Information Systems Auditor (CISA)].

A forensic audit’s main goal is to gather evidence for law enforcement officials and the judiciary, to review and determine if a financial crime was committed.

The goal of the audit is the main distinction between forensic and financial audits.

Investors and creditors can feel confident in the financial information when a financial audit verifies the fair statement of a company’s financial statements.

Accounting and auditing expertise is used in forensic auditing to prove fraud, corruption, and other irregularities.

A forensic report can be used in court to help settle disputes and has legal ramifications.

As guided by the ToR,” forensic audits are related to a problem that the requesting party defines”.

2. What are Terms of Reference (ToR)?

ToR serve as the foundation for any audit, including forensic audits.

They outline the scope, objectives, and boundaries of the audit engagement as discussed below: –

1.      Objective and Purpose: The audit’s objective is specified in the scope. It defines the aims, purposes, and anticipated results clear.
2.      Inclusions and exclusions: This section outlines which elements, activities, or parts fall inside and outside the project’s purview. Forensic audits, for instance, may include financial transactions, contracts, and compliance, but they may also exclude unrelated matters from their scope. It is usually these exclusions that form the basis of contestation of audit findings by unscrupulous individuals implicated in the findings.

iii.     Timeframe: The scope describes the amount of time that the audit is expected to take. It guarantees that the task stays targeted and doable within the allotted time.

1. Geographical Boundaries: If relevant, the scope may specify the region in which the audit will be conducted.
2.      Stakeholders: This lists the pertinent parties—individuals, groups, or departments—that are impacted by the project.
3. Constraints: Any limitations, restrictions, or difficulties that might affect the audit are acknowledged in scope.

3. Why are ToR important?

ToR are important for the following reasons: –

1. Clarity and focus: The audit’s scope is made clear by the ToR. Through scope definition, they keep the forensic auditors from wandering off into irrelevant territory, and this relevance is defined by the client. This accuracy is necessary for a forensic audit to pinpoint specific anomalies or fraudulent activity.
2. Risk Assessment: ToR assist auditors in evaluating risks. They can modify their processes to address high-risk areas if they are aware of the objectives and limitations of the audit. This risk assessment is essential for spotting possible fraud schemes in forensic audits.

iii.  Legal Admissibility: Forensic audits usually result in court cases, either through the civil (where the implicated individuals are challenging the forensic audit report, or the affected company seeks to recover the loss identified in the audit findings) or criminal procedure (findings in Air Zimbabwe & Navistar Insurance Brokers, led to criminal prosecution of individuals implicated in the forensic audit findings). To ensure that the evidence gathered during the audit is admissible in court, well-defined ToR are necessary. The evidence’s validity could be contested for a variety of reasons, including the use of unclear language, bias, lack of clarity and accuracy. There are however instances where findings are contested for the sake of it, to exonerate oneself and yet there was commission of an offence.

1. Efficiency: Time and resources are saved by a well-organized audit. ToR direct auditors to pertinent records, exchanges, and interviews.
2. Stakeholder expectations: ToR harmonise the audit process with the expectations of stakeholders, including shareholders, regulators, and management. Improved transparency results from everyone knowing what to expect.

4. Crafting Effective Terms of Reference

When developing TOR for a forensic audit, there is need to consider the following:

1. Specificity: Give clear details regarding the goal of the audit, any suspected irregularities, and pertinent time frames.
2. Inclusion Criteria: Specify the documents, contracts, and emails that fall under the purview of the audit.

iii.  Exclusion Criteria: Define what is excluded in the scope (for example, unrelated business units).

1. Legal Considerations: Make sure that all laws and restrictions on confidentiality are followed.
2. Reporting Expectations: Specify the final report’s format and content.

Well-crafted terms of reference empower auditors to conduct thorough audits, uncover fraud, and contribute to justice. Ill-crafted ToR could leave out essential areas leading to the Forensic Audit Report being challenged by unscrupulous individuals implicated in it. Because an auditor cannot delve into exclusions, it is essential that the requesting party ensures that the ToR are very effective for the desired purpose.

5. Misses/Misunderstandings by the Market
6. Failure to distinguish between a forensic audit and a forensic investigation:- The terms of reference for a forensic investigation are broader in scope and may involve criminal matters beyond financial records, such as physical evidence, digital evidence, and witness statements, whereas a forensic audit  specifically targets the examination and evaluation of financial records.(Forensic investigations are not the focus of this article and will not be discussed further)
7. Adherence to the ToR: Most people think a Forensic Auditor has an open-ended mandate and can consider ‘all and sundry’ during the audit, whilst in fact they must conduct their audits within the boundaries as set out in the ToR, which define the scope, objectives, and methodology of the audit. Oftentimes when people challenge a forensic audit, the allegation could be that they did not interview a certain person whereas that ‘certain person’ fell outside the scope of the audit. They are therefore bound to stay within the scope of the audit, and cannot perform the forensic audit without ToR.

iii.  Crafting the ToR: There is a misconception that the Forensic Auditor is the crafter of ToR yet these are produced by the requesting party. Some organizations, however, consult the Forensic Auditor for an opinion on the proposed scope but most of them would rather the auditor adhere to the set scope. This normally leads to some aspects essential to the audit being left out.

1. Qualifications of a Forensic Auditor: The moment some people hear the term ‘forensic’ they quickly think of general forensic investigations and in their mind there are qualifications they are expecting and these include forensic science or criminal investigation. However, a bachelor’s degree in accounting, forensic accounting, forensic auditing, auditing, or finance, or a professional qualification recognized by the Public Accountants & Auditors Act [Chapter 27:12], with the same rating as a bachelor’s degree, are the minimum requirements for becoming a Forensic Auditor in Zimbabwe. For specialization, there are certifications such as Certified Forensic Auditor (CFA), that help with development of skills such as expert witnessing. Ongoing professional development, remaining up to date in the field and adhering to international best practices are also critical for a forensic auditor.
2. Publishing of Findings: The public expects the findings to be made public but they are considered confidential, and usually contain sensitive information.

5.5.                 When ToRs are either ill-crafted or misunderstood, the following happens:-

1.      Loss of Credibility: If the scope and objectives of an audit are not clear, it can lead to a loss of credibility for both the Forensic Auditors and the organization involved, as stakeholders may question the integrity and thoroughness of the audit.
2.      Financial Losses: Ill-crafted ToR may give rise to insufficient or imprecise findings, which may result in monetary losses because of undiscovered fraud or persistent financial misconduct. Financial losses may also result from defending litigation when findings are challenged.

   iii.     Legal and Regulatory Risks: Ill-crafted ToR may overlook legal and regulatory requirements, increasing the risk of non-compliance and subsequent legal penalties. Moreover, litigation may occur resulting not only in legal costs, but unnecessary public and regulatory attention on the activities of both the Forensic Auditor and the audited organization.

1.      Operational Disruption: Unclear ToR can cause operational disruptions, as resources may be misallocated, and the audit may unnecessarily interfere with regular business activities.
2.      Reputational Damage: Both the Auditor and the audited organizations’ reputation can be damaged if the audit is perceived as ineffective or biased, which can affect investor confidence and market position.

As no forensic audit can be conducted without a ToR, it is essential that it be well-defined and understood by all parties involved to ensure that the audit is effective and enhances the trust of stakeholders and the market at large.