AUDIT AS A TOOL FOR PREVENTION AND CONTROL OF FRAUD

CHAPTER ONE: INTRODUCTION

1.1 Background of the Study

Fraud is an intentional act of deception, misrepresentation, or concealment designed to give the perpetrator an unfair or unlawful gain. In the organizational context, fraud manifests in various forms: asset misappropriation (theft of cash, inventory, equipment), corruption (bribery, kickbacks, conflicts of interest), and financial statement fraud (intentional misstatement of financial results). Fraud is a global problem affecting organizations of all sizes and sectors. The Association of Certified Fraud Examiners (ACFE, 2022) estimates that organizations lose 5% of their annual revenue to fraud, translating to trillions of dollars globally. In Nigeria, the problem is particularly severe: the PricewaterhouseCoopers (PwC) Global Economic Crime and Fraud Survey (2020) reported that 56% of Nigerian organizations had experienced fraud in the preceding 24 months, significantly higher than the global average of 47%. (ACFE, 2022; PwC, 2020)

Auditing is the systematic, independent, and objective examination of financial statements, internal controls, records, and operations of an organization to provide assurance to stakeholders that the information presented is accurate, complete, and in accordance with applicable standards and regulations. Auditors are classified into two main types: external auditors, who are independent professionals providing an opinion on whether financial statements are fairly presented, and internal auditors, who are employees of the organization providing ongoing assurance and consulting services to management and the board. Both types of auditors play critical roles in fraud prevention and control (Institute of Internal Auditors [IIA], 2017; International Federation of Accountants [IFAC], 2018). (IIA, 2017; IFAC, 2018)

The role of auditing in fraud prevention and control has evolved significantly over time. Historically, auditors focused primarily on error detection (unintentional mistakes) rather than fraud detection (intentional deception). However, major corporate scandals—Enron (2001), WorldCom (2002), Tyco (2002), and the global financial crisis (2008-2009)—revealed catastrophic failures of auditors to detect or prevent fraud. These scandals led to regulatory reforms, including the Sarbanes-Oxley Act (SOX) in the US (2002), which strengthened auditor independence, internal controls, and fraud detection responsibilities. In Nigeria, the banking crisis (2008-2009) led to similar reforms: the Financial Reporting Council (FRC) Act (2011), the Nigerian Code of Corporate Governance (2018), and strengthened Central Bank of Nigeria (CBN) oversight (CBN, 2011). (CBN, 2011)

Auditors contribute to fraud prevention and control through several mechanisms (IIA, 2017; IFAC, 2018). (IIA, 2017; IFAC, 2018)

Deterrence: The mere presence of an audit function—and the knowledge that transactions will be examined—deters potential fraudsters from attempting to misappropriate assets or misstate financial results. The perceived probability of detection increases, making fraud riskier.

Detection: Auditors design audit procedures specifically to identify material misstatements (including those caused by fraud) and to detect control weaknesses that could permit fraud. International Standard on Auditing (ISA) 240 requires auditors to maintain professional skepticism, assess fraud risks, and design responsive procedures.

Reporting: Auditors are required to report identified fraud or suspected fraud to appropriate levels of management, the board audit committee, and in some cases, regulatory authorities (e.g., Economic and Financial Crimes Commission, EFCC).

Recommendation: Auditors recommend improvements to internal controls that reduce the risk of future fraud. Management letters (external audit) and internal audit reports provide specific, actionable recommendations.

Internal control is a process designed by an organization’s board and management to provide reasonable assurance regarding the achievement of objectives in three categories: (1) effectiveness and efficiency of operations; (2) reliability of financial reporting; and (3) compliance with applicable laws and regulations. The Committee of Sponsoring Organizations (COSO) Internal Control—Integrated Framework (2013) identifies five components: (1) control environment (tone at the top, integrity, ethical values); (2) risk assessment (identifying and analyzing fraud risks); (3) control activities (policies and procedures to mitigate risks, such as segregation of duties, authorizations, reconciliations); (4) information and communication (systems to capture and transmit information); and (5) monitoring (ongoing evaluations of internal control performance). Auditors evaluate each of these components and issue recommendations for improvement (COSO, 2013). (COSO, 2013)

The fraud triangle, developed by criminologist Donald Cressey (1953), explains why fraud occurs and how auditors can address it. The fraud triangle identifies three conditions that must be present for fraud to occur: (1) pressure/incentive (financial difficulties, performance targets, lifestyle expectations); (2) opportunity (weak internal controls, inadequate oversight, ability to override controls); and (3) rationalization (justification of fraudulent behavior as acceptable, e.g., “everyone does it,” “I deserve it”). Auditors primarily reduce opportunity by strengthening controls and increasing the perceived probability of detection. Auditors also contribute to reducing pressure (e.g., recommending realistic performance targets) and rationalization (e.g., fostering an ethical culture through recommendations) (Cressey, 1953). (Cressey, 1953)

The fraud diamond, an extension of the fraud triangle by Wolfe and Hermanson (2004), adds a fourth element: capability (the fraudster’s ability to commit and conceal fraud, including position, authority, intelligence, ego, and ability to handle stress). Auditors must consider management’s capability to override controls (e.g., the CEO’s ability to instruct subordinates to bypass controls) and design audit procedures accordingly (Wolfe and Hermanson, 2004). (Wolfe and Hermanson, 2004)

International Standard on Auditing (ISA) 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements,” establishes the auditor’s responsibilities regarding fraud (IFAC, 2018). Key requirements include: (IFAC, 2018)

• Professional skepticism: Auditors must maintain an attitude of professional skepticism throughout the audit, recognizing that material misstatements due to fraud could exist, regardless of past experience with the entity.
• Fraud risk assessment: Auditors must identify and assess risks of material misstatement due to fraud at the financial statement level and at the assertion level, including understanding the entity’s fraud risk factors (incentives/pressures, opportunities, attitudes/rationalizations).
• Responses to assessed risks: Auditors must design and implement audit procedures that respond to assessed fraud risks, including testing journal entries, reviewing accounting estimates for bias, and performing audit procedures to address management override of controls.
• Communication: Auditors must communicate identified or suspected fraud to appropriate levels of management, the audit committee, and, in some cases, regulatory authorities.
• Documentation: Auditors must document their fraud risk assessment procedures, their responses to assessed risks, and any identified or suspected fraud.

Internal auditors have complementary fraud responsibilities under the IIA’s International Professional Practices Framework (IPPF). Standard 1210 requires internal auditors to have sufficient knowledge to identify fraud indicators. Standard 1220 requires due professional care, including considering the possibility of fraud. Standard 2120 requires internal auditors to evaluate the potential for fraud and how the organization manages fraud risk. Internal auditors are often more effective than external auditors at detecting fraud because they have ongoing access to the organization and can perform surprise audits, continuous monitoring, and data analytics (IIA, 2017). (IIA, 2017)

The effectiveness of auditors in fraud prevention and control depends on several factors (ACFE, 2022). (ACFE, 2022)

Auditor independence: Auditors must be independent of the activities they audit. External auditors must be independent of management (no financial interests, no family ties, no management roles). Internal auditors must report functionally to the audit committee (not to management). Independence is essential for objectivity.

Auditor competence: Auditors must have the knowledge, skills, and abilities to identify fraud indicators. Professional certifications (CIA, CISA, CFE, ACA, ACCA) and continuous professional development (CPD) enhance competence.

Management support: Auditors cannot be effective without management support (access to records and personnel, budget, authority). The audit committee must ensure that management supports the audit function.

Follow-up and enforcement: Audit recommendations must be implemented. Without follow-up (tracking implementation) and enforcement (consequences for non-implementation), audit findings are ignored, and controls remain weak.

In Nigeria, the regulatory framework for auditing and fraud prevention includes several key instruments (Federal Republic of Nigeria, 2011; 2020; FRC, 2018). (Federal Republic of Nigeria, 2011; 2020; FRC, 2018)

Financial Reporting Council (FRC) of Nigeria Act (2011): The Act established the FRC as the apex regulatory body for financial reporting, accounting, and auditing. The FRC sets auditing standards (based on ISA), conducts audit quality assurance reviews, and sanctions auditors for non-compliance.

Nigerian Code of Corporate Governance (2018): The Code requires companies to establish internal control systems, internal audit functions, and audit committees. The audit committee is responsible for overseeing fraud risk management.

Companies and Allied Matters Act (CAMA) 2020: CAMA requires that company financial statements be audited by independent chartered accountants and imposes liability on auditors for negligence or misconduct.

Economic and Financial Crimes Commission (EFCC) Act: The EFCC investigates and prosecutes financial crimes, including fraud. Auditors are required to report suspected fraud to the EFCC.

Despite this robust regulatory framework, fraud remains a significant problem in Nigerian organizations. The PwC (2020) survey found that 56% of Nigerian organizations experienced fraud, with asset misappropriation (72% of cases), procurement fraud (38%), bribery and corruption (35%), and financial statement fraud (24%). The most common perpetrators were senior management (40%), middle management (35%), and employees (25%). These statistics indicate that fraud is pervasive and that auditors are not fully effective in preventing or controlling it (PwC, 2020). (PwC, 2020)

Several factors limit the effectiveness of auditors in fraud prevention and control in Nigeria (Adeyemi and Fadipe, 2019; Okoye, Okafor, and Nnamdi, 2020). (Adeyemi and Fadipe, 2019; Okoye et al., 2020)

Auditor independence threats: Long auditor tenure (over 10 years) reduces professional skepticism. Provision of non-audit services (consulting, tax, advisory) creates conflicts of interest. Fear of losing the client (audit firm competition) reduces auditor willingness to report fraud.

Competence gaps: Many auditors lack training in forensic accounting, data analytics, and fraud investigation. The ACFE (2022) found that only 15% of frauds are detected by external audits, partly due to competence gaps.

Management override of controls: Management can override controls (e.g., instructing subordinates to bypass controls, overriding system approvals). Auditors must test for management override, but sophisticated overrides may not be detected.

Collusion: Fraud often involves collusion among multiple employees or between employees and third parties (suppliers, customers). Collusion makes fraud harder to detect because standard audit procedures (e.g., confirmations) may be circumvented.

Weak audit enforcement: The FRC has sanctioned audit firms for deficiencies, but enforcement has been inconsistent. Weak enforcement reduces deterrent effect.

1.2 Statement of the Problem

Despite the regulatory framework mandating audits, the professional standards requiring auditors to address fraud, and the high-profile fraud cases that have damaged Nigerian organizations, fraud remains pervasive. The problem manifests in several specific issues that limit the effectiveness of auditors in fraud prevention and control.

First, fraud detection rates by external auditors are very low. The ACFE (2022) reported that external audits detected only 4% of occupational fraud cases globally, and internal audits detected 15%. The vast majority of frauds (over 80%) were detected by other means: employee tips (43%), management review (13%), and accident (8%). This suggests that despite auditors’ responsibilities, they are not effective fraud detection mechanisms in practice. Nigerian data, while limited, suggests similar patterns (Eze and Nwadialor, 2021). (ACFE, 2022; Eze and Nwadialor, 2021)

Second, auditor independence is compromised in many Nigerian organizations. Auditors who have long tenure with a client (over 10 years) may become too familiar, reducing professional skepticism. Auditors who provide non-audit services (consulting, tax, advisory) may hesitate to report fraud that would embarrass the client and jeopardize lucrative non-audit fees. Management may pressure auditors to accept aggressive accounting treatments or to ignore control weaknesses. Adeyemi and Uche (2018) found that 45% of Nigerian financial managers reported that their external auditors were “not very independent” and that they had experienced pressure from auditors to accept questionable accounting treatments. (Adeyemi and Uche, 2018)

Third, audit quality varies significantly, with many audits failing to meet professional standards. Small and medium audit firms may lack the specialized skills (forensic accounting, data analytics, industry expertise) needed to detect sophisticated fraud schemes. Auditors may fail to exercise professional skepticism, accepting management explanations without sufficient corroboration. The FRC’s audit quality assurance reviews have identified deficiencies in over 40% of inspected audits, including failures to respond to fraud risks (FRC, 2020). (FRC, 2020)

Fourth, internal audit functions are under-resourced or ineffective in many Nigerian organizations. Internal auditors are the first line of defense against fraud, providing ongoing monitoring and testing of controls. However, many internal audit departments lack sufficient staff, budget, or management support. Internal auditors may report to the CFO or CEO rather than the audit committee, compromising independence. Okafor and Ugwu (2021) found that 58% of Nigerian firms’ internal audit functions had budgets below ₦10 million annually, insufficient for comprehensive coverage, and 42% reported to the CFO rather than the audit committee. (Okafor and Ugwu, 2021)

Fifth, audit committees are often ineffective in overseeing auditors and fraud risk management. For an audit committee to be effective, members must be independent of management, have financial expertise, meet regularly, and be willing to challenge management and auditors. However, in many Nigerian organizations, audit committees are dominated by management-friendly directors, lack financial literacy, meet infrequently, or receive inadequate information. Adeleke and Ogunyemi (2019) found that 52% of audit committee members in Nigerian firms lacked formal financial training, and 38% reported that they “rarely or never” challenged management or auditors on fraud-related issues. (Adeleke and Ogunyemi, 2019)

Sixth, regulatory enforcement against auditors for fraud failures is weak. While the FRC has the power to sanction auditors for audit failures, enforcement has been inconsistent. Few audit firms have been significantly penalized for failing to detect fraud, and no audit firm has lost its license for fraud-related audit failures. Weak enforcement reduces deterrence: auditors may calculate that the probability of being sanctioned for a poor audit is low, reducing their incentive to perform thorough fraud procedures (Uche and Adeyemi, 2018). (Uche and Adeyemi, 2018)

Seventh, auditors face challenges in detecting collusive fraud. Most audit procedures are designed to detect individual fraud; collusion among multiple employees or between employees and third parties (suppliers, customers) is much harder to detect. For example, procurement fraud may involve a buyer colluding with a supplier to submit inflated invoices, sharing the excess. Standard audit procedures (e.g., confirming balances with suppliers) may not detect such collusion if the supplier also lies. Nigerian organizations, with high rates of procurement fraud, face this challenge, but auditors may not have the forensic skills to detect collusion (Eze and Nwadialor, 2021). (Eze and Nwadialor, 2021)

Eighth, management override of controls remains a significant challenge. Even when controls are well-designed, top managers can override them by instructing subordinates to bypass controls, by overriding system approvals, or by recording fraudulent journal entries. Auditors are required to test for management override, but these procedures (e.g., reviewing journal entries, reviewing accounting estimates for bias) may not detect sophisticated overrides. Nigerian auditors may not adequately test for override (Okoye et al., 2020). (Okoye et al., 2020)

Ninth, the cost-benefit of audit fraud procedures is unclear. Comprehensive fraud detection procedures (e.g., 100% transaction testing, forensic data analytics, surprise audits, detailed management interviews) are expensive. Audit firms may not perform them because clients are unwilling to pay higher fees, because audit firms compete on price, or because auditors believe (rightly or wrongly) that fraud is unlikely. However, when fraud occurs, the costs to stakeholders (shareholders, creditors, employees) can be enormous. The optimal level of audit effort on fraud is unknown; this study provides evidence to inform this trade-off (Okoye et al., 2020). (Okoye et al., 2020)

Tenth, the COVID-19 pandemic has created new audit challenges. Remote work reduced auditors’ ability to observe physical controls, conduct in-person interviews, or perform inventory counts. Increased financial pressure on organizations increased fraud incentives. Auditors had to adapt quickly, using more remote audit techniques (video walkthroughs, electronic confirmations, data analytics). However, it is unclear whether these adaptations were effective. Ogunyemi and Adewale (2021) found that 62% of Nigerian auditors reported that the pandemic made fraud detection “much harder,” and 45% reported that they were less confident in their fraud assessments than before the pandemic. (Ogunyemi and Adewale, 2021)

Eleventh, there is a significant gap in empirical research on the role of auditors in fraud prevention and control in Nigerian organizations. While many studies have examined fraud incidence, fraud types, and fraud prevention mechanisms, few have specifically focused on auditors. Studies that have examined auditors often rely on small samples, use perceptual data (managers’ opinions rather than objective measures), or focus on external auditors to the exclusion of internal auditors. Few studies have examined the conditions under which auditors are most effective (e.g., audit firm size, auditor tenure, audit committee quality, regulatory enforcement). This study addresses these gaps (Adeyemi and Uche, 2018). (Adeyemi and Uche, 2018)

Therefore, the central problem this study seeks to address can be stated as: Despite the regulatory mandate and professional standards requiring auditors to address fraud, and despite high-profile fraud cases that have damaged Nigerian organizations, fraud remains pervasive. External audit detection rates are low; auditor independence is compromised; audit quality varies; internal audit functions are under-resourced; audit committees are ineffective; regulatory enforcement is weak; auditors struggle to detect collusive fraud and management override; and the cost-benefit of audit fraud procedures is unclear. The role of auditors in fraud prevention and control has not been systematically documented. This study addresses this gap by examining audit as a tool for prevention and control of fraud in Nigerian organizations.

1.3 Aim of the Study

The aim of this study is to critically examine audit as a tool for prevention and control of fraud, with a view to identifying the specific mechanisms through which auditors (both external and internal) contribute to fraud prevention and detection, assessing the factors that enhance or limit auditor effectiveness, and proposing evidence-based recommendations for strengthening the audit function to better address fraud risks in Nigerian organizations.

1.4 Objectives of the Study

The specific objectives of this study are to:

1. Identify the specific fraud detection and prevention roles and responsibilities of external and internal auditors, as defined by professional standards (ISA 240, IPPF) and regulatory requirements (FRC Act, CAMA 2020).
2. Assess the extent to which external auditors in Nigeria perform fraud-related audit procedures (fraud risk assessment, testing for management override, journal entry testing, etc.) as required by ISA 240.
3. Evaluate the effectiveness of internal audit functions in detecting and preventing fraud, including factors such as independence, resourcing, management support, and reporting lines.
4. Examine the relationship between audit committee effectiveness (independence, financial expertise, meeting frequency) and the ability of auditors to detect and report fraud.
5. Identify the challenges that limit the effectiveness of auditors in fraud prevention and control, including independence threats, skill gaps, collusion, management override, and resource constraints.
6. Determine the relationship between audit quality indicators (audit firm size, auditor tenure, audit fees, industry specialization) and fraud detection rates.
7. Assess the effectiveness of regulatory enforcement (FRC sanctions, EFCC/ICPC prosecutions) in deterring audit failures related to fraud.
8. Propose practical, evidence-based recommendations for enhancing the role of auditors in fraud prevention and control in Nigerian organizations.

1.5 Research Questions

The following research questions guide this study:

1. What are the specific fraud detection and prevention roles and responsibilities of external and internal auditors in Nigerian organizations?
2. To what extent do external auditors in Nigeria perform fraud-related audit procedures as required by ISA 240?
3. How effective are internal audit functions in detecting and preventing fraud in Nigerian organizations?
4. What is the relationship between audit committee effectiveness and the ability of auditors to detect and report fraud?
5. What challenges limit the effectiveness of auditors in fraud prevention and control in Nigerian organizations?
6. What is the relationship between audit quality indicators (firm size, tenure, fees, specialization) and fraud detection rates?
7. How effective is regulatory enforcement in deterring audit failures related to fraud in Nigeria?
8. What practical recommendations can be proposed for enhancing the role of auditors in fraud prevention and control?

1.6 Research Hypotheses

Based on the research objectives and questions, the following hypotheses are formulated. Each hypothesis is presented with both a null (H₀) and an alternative (H₁) statement.

Hypothesis One

• H₀₁: There is no significant relationship between the presence of an internal audit function and the incidence of fraud in Nigerian organizations.
• H₁₁: There is a significant negative relationship between the presence of an internal audit function and the incidence of fraud in Nigerian organizations.

Hypothesis Two

• H₀₂: The quality of internal audit (independence, resourcing, reporting to audit committee) does not significantly affect fraud detection rates.
• H₁₂: The quality of internal audit (independence, resourcing, reporting to audit committee) significantly affects fraud detection rates.

Hypothesis Three

• H₀₃: There is no significant difference in fraud detection rates between Big Four audit firms and non-Big Four audit firms in Nigeria.
• H₁₃: There is a significant difference in fraud detection rates between Big Four audit firms and non-Big Four audit firms in Nigeria.

Hypothesis Four

• H₀₄: Audit committee independence (proportion of independent directors) does not significantly affect the likelihood of auditor fraud detection.
• H₁₄: Audit committee independence (proportion of independent directors) significantly affects the likelihood of auditor fraud detection.

Hypothesis Five

• H₀₅: Long auditor tenure (over 10 years) does not significantly reduce auditor independence and fraud detection effectiveness.
• H₁₅: Long auditor tenure (over 10 years) significantly reduces auditor independence and fraud detection effectiveness.

Hypothesis Six

• H₀₆: The provision of non-audit services (consulting, tax, advisory) by external auditors does not significantly affect their ability to detect and report fraud.
• H₁₆: The provision of non-audit services (consulting, tax, advisory) by external auditors significantly reduces their ability to detect and report fraud.

Hypothesis Seven

• H₀₇: Regulatory enforcement actions (FRC sanctions, EFCC/ICPC prosecutions) against auditors for fraud-related audit failures do not significantly deter future audit failures.
• H₁₇: Regulatory enforcement actions (FRC sanctions, EFCC/ICPC prosecutions) against auditors for fraud-related audit failures significantly deter future audit failures.

Hypothesis Eight

• H₀₈: The use of forensic audit techniques (data analytics, surprise audits, whistleblower hotlines) does not significantly increase fraud detection rates.
• H₁₈: The use of forensic audit techniques (data analytics, surprise audits, whistleblower hotlines) significantly increases fraud detection rates.

1.7 Significance of the Study

This study holds significance for multiple stakeholders as follows:

For External Audit Firms and Practitioners:
The study provides evidence on the effectiveness of current fraud detection practices and identifies areas for improvement. Audit firms can use this evidence to enhance their fraud risk assessment procedures, invest in forensic accounting skills, strengthen professional skepticism, and document compliance with ISA 240. The study also provides evidence on the relationship between audit firm characteristics (size, specialization, tenure) and fraud detection, informing strategic decisions about audit firm positioning and client selection.

For Internal Audit Functions and Chief Audit Executives:
The study provides evidence on the factors that make internal audit functions effective in fraud prevention and control: independence (reporting to audit committee), adequate resourcing (budget, staff, technology), and management support. Internal auditors can use these findings to advocate for stronger internal audit charters, direct reporting lines, and adequate budgets. The study also provides guidance on fraud-related internal audit procedures (continuous auditing, data analytics, surprise audits) that may be more effective than traditional approaches.

For Boards of Directors and Audit Committees:
Boards and audit committees have oversight responsibility for fraud risk management. The study provides evidence on the relationship between audit committee characteristics (independence, financial expertise, meeting frequency) and fraud detection outcomes. Boards can use these findings to strengthen their audit committees (recruiting members with financial expertise, ensuring independence, increasing meeting frequency) and to hold management and auditors accountable for fraud prevention.

For the Financial Reporting Council (FRC) of Nigeria and Regulators:
The study provides evidence on the effectiveness of current regulatory requirements (mandatory audit, audit committee requirements, auditor independence rules, audit quality reviews) and the impact of enforcement actions. Regulators can use the findings to refine auditing standards, strengthen independence rules (e.g., mandatory audit firm rotation, restrictions on non-audit services), increase audit quality review frequency, and impose more effective sanctions for audit failures. The study also informs the FRC’s guidance on fraud risk assessment and response.

For Economic and Financial Crimes Commission (EFCC) and Independent Corrupt Practices Commission (ICPC):
Anti-corruption agencies rely on auditors to detect and report fraud. The study provides evidence on the effectiveness of auditors as fraud detection mechanisms. If auditors are found to be ineffective, anti-corruption agencies may need to rely more on their own investigative capacities or to provide training to auditors on fraud detection. The study also identifies sectors or firm types where fraud risk is highest, informing enforcement priorities.

For Professional Accounting Bodies (ICAN, ACCA, ANAN):
Professional bodies have an interest in ensuring that their members are competent to detect and prevent fraud. The study identifies skill gaps (e.g., forensic accounting, data analytics, fraud risk assessment) that can be addressed through continuing professional development (CPD) programs. The study also provides evidence on ethical challenges (independence threats, management pressure) that can inform professional ethics training and disciplinary processes.

For Investors and Shareholders:
Investors rely on audited financial statements for investment decisions. If auditors are ineffective in detecting fraud, investors may be misled by fraudulent financial statements. The study provides evidence on audit quality indicators that investors can use to assess the reliability of audited financial statements (e.g., audit firm size, auditor tenure, audit committee quality). Investors can use this information to make more informed investment decisions and to advocate for stronger audit oversight.

For Creditors and Lenders:
Banks and other lenders rely on audited financial statements to assess borrower creditworthiness. Fraudulent financial statements (overstating assets, understating liabilities, inflating profits) can lead lenders to extend credit that they would otherwise deny. The study provides evidence on the effectiveness of auditors in detecting financial statement fraud, which informs lenders’ assessment of the reliability of borrower financial statements and their decisions to require additional assurances (e.g., forensic audits for high-risk borrowers).

For Academics and Researchers:
This study contributes to the literature on auditing, fraud, and corporate governance in several ways. First, it provides evidence from a developing economy context (Nigeria), which is underrepresented in the literature. Second, it examines both external and internal auditors, recognizing their complementary roles. Third, it uses multiple theoretical lenses (agency theory, fraud triangle, deterrence theory, COSO). Fourth, it examines the relationship between audit quality indicators and fraud detection, a relatively under-researched area. The study provides a foundation for future research in other African countries and emerging markets.

For the Nigerian Economy:
Fraud imposes enormous costs on the Nigerian economy: lost investment, reduced productivity, higher costs of capital, and damaged international reputation. By identifying how to strengthen the role of auditors in fraud prevention and control, this study contributes to reducing these costs. More effective auditing leads to more accurate financial information, which supports better capital allocation, lower cost of capital, and increased investor confidence. Stronger fraud prevention also reduces the transfer of resources from organizations to fraudsters, keeping more resources available for productive investment. Thus, the study has indirect but important economic development implications.

1.8 Scope of the Study

The scope of this study is defined by the following parameters:

Content Scope: The study focuses on audit as a tool for prevention and control of fraud. Specifically, it examines: (1) external auditors’ fraud-related responsibilities and procedures under ISA 240; (2) internal audit functions and their contribution to fraud prevention and detection; (3) audit committee oversight of fraud risk and auditor activities; (4) audit quality indicators (firm size, tenure, fees, specialization) and their relationship to fraud detection; (5) challenges to auditor effectiveness (independence threats, skill gaps, collusion, management override, resource constraints); and (6) regulatory enforcement and its deterrent effect. The study does not examine fraud detection by non-audit mechanisms (e.g., whistleblowers, internal controls, management review) except as they relate to auditors.

Geographic Scope: The study is conducted in Nigeria, focusing on corporate firms in Lagos State, the Federal Capital Territory (Abuja), and Port Harcourt (Rivers State). These locations are selected because they contain the highest concentration of corporate headquarters, listed companies, banks, and large manufacturing and service firms. Findings may be generalizable to other Nigerian states and to other West African countries with similar regulatory environments, but caution is warranted.

Organizational Scope: The study targets corporate firms registered in Nigeria, including listed companies (on the Nigerian Exchange Group), banks and financial institutions, insurance companies, manufacturing companies, telecommunications companies, and large service firms. The study excludes very small organizations (sole proprietorships, micro enterprises) that may not have formal audit requirements. The study includes both firms with internal audit functions and those without.

Respondent Scope: Within each participating organization, respondents include: (1) external audit partners/managers (for perspective on fraud audit procedures and challenges); (2) internal audit heads (for perspective on internal audit’s role in fraud prevention); (3) audit committee chairs/members (for perspective on oversight); (4) chief financial officers (for perspective on management’s interaction with auditors); and (5) chief compliance officers or fraud investigators (if available). Multiple respondents per organization provide triangulation.

Time Scope: The study covers a five-year period (2019-2023), encompassing: (1) pre-COVID period (2019); (2) COVID-19 pandemic (2020-2021); and (3) post-pandemic recovery (2022-2023). The study includes retrospective questions about fraud incidents and audit practices during this period.

Theoretical Scope: The study is grounded in agency theory (auditors as monitors), fraud triangle theory (opportunity, pressure, rationalization), fraud diamond theory (adding capability), deterrence theory (certainty, severity, celerity of punishment), and the COSO internal control framework. These theories provide the conceptual lens for understanding the relationship between auditing and fraud prevention/control.

1.9 Definition of Terms

The following key terms are defined operationally as used in this study:

Term	Definition
Fraud	An intentional act of deception, misrepresentation, or concealment designed to give the perpetrator an unfair or unlawful gain. Includes asset misappropriation, corruption, and financial statement fraud.
Auditing	A systematic, independent, and objective examination of financial statements, internal controls, records, and operations to provide assurance to stakeholders that information is accurate, complete, and in accordance with applicable standards and regulations.
External Audit	An audit conducted by an independent public accounting firm to express an opinion on whether financial statements are fairly presented in accordance with applicable financial reporting standards.
Internal Audit	An independent, objective assurance and consulting activity within an organization designed to add value and improve operations, including evaluating risk management, control, and governance processes.
Forensic Audit	A specialized audit focused on detecting, investigating, and documenting fraud for potential use in legal proceedings.
Fraud Triangle	A model developed by Cressey (1953) identifying three conditions necessary for fraud: pressure/incentive, opportunity, and rationalization.
Fraud Diamond	An extension of the fraud triangle by Wolfe and Hermanson (200

CHAPTER TWO: LITERATURE REVIEW

2.1 Introduction

This chapter presents a comprehensive review of literature relevant to audit as a tool for prevention and control of fraud. The review is organized into five main sections. First, the conceptual framework section defines and explains the key constructs: fraud, auditing (external and internal), fraud prevention, fraud detection, internal control, and the fraud triangle. Second, the theoretical framework section examines the theories that underpin the relationship between auditing and fraud, including agency theory, fraud triangle theory, fraud diamond theory, deterrence theory, and the COSO internal control framework. Third, the empirical review section synthesizes findings from previous studies on auditor effectiveness in fraud detection, factors affecting auditor performance, and the relationship between audit quality and fraud incidence. Fourth, the regulatory framework section examines the Nigerian context, including ISA 240, the FRC Act, CAMA 2020, and the Nigerian Code of Corporate Governance. Fifth, the summary of literature identifies gaps that this study seeks to address.

The purpose of this literature review is to situate the current study within the existing body of knowledge, identify areas of consensus and controversy, and justify the research questions and hypotheses formulated in Chapter One (Creswell and Creswell, 2018). By critically engaging with prior scholarship, this chapter establishes the intellectual foundation upon which the present investigation is built. (Creswell and Creswell, 2018)

2.2 Conceptual Framework

2.2.1 The Concept of Fraud

Fraud is defined as an intentional act of deception, misrepresentation, or concealment designed to give the perpetrator an unfair or unlawful gain. The Association of Certified Fraud Examiners (ACFE, 2022) defines occupational fraud as “the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.” Fraud encompasses a wide range of activities, including asset misappropriation, corruption, and financial statement fraud (ACFE, 2022). (ACFE, 2022)

Asset Misappropriation: This is the most common type of fraud, accounting for approximately 86% of all fraud cases globally (ACFE, 2022). It includes cash theft (skimming, larceny, fraudulent disbursements), inventory theft, payroll fraud (ghost employees, inflated hours, commission schemes), and expense reimbursement fraud (fictitious or inflated expense claims). Asset misappropriation schemes typically involve small amounts per transaction but can accumulate to significant losses over time.

Corruption: Corruption schemes include bribery (offering or receiving something of value to influence a business decision), kickbacks (a supplier returns a portion of the payment to the purchasing employee), conflicts of interest (an employee has an undisclosed financial interest in a transaction), and illegal gratuities (rewards given after a transaction). Corruption is particularly difficult to detect because both parties benefit and have incentives to conceal the arrangement.

Financial Statement Fraud: This is the least common but most costly type of fraud, accounting for approximately 10% of cases but causing the largest median losses (ACFE, 2022). Financial statement fraud involves intentional misstatement or omission of material information in financial reports, including overstating revenues, understating expenses, overstating assets, understating liabilities, or making improper disclosures. Financial statement fraud is often perpetrated by senior management to meet earnings targets, secure bonuses, maintain share prices, or obtain financing.

In Nigeria, the most common fraud types are asset misappropriation (72% of cases), procurement fraud (38%), bribery and corruption (35%), and financial statement fraud (24%) (PwC, 2020). (PwC, 2020)

2.2.2 The Concept of Auditing

Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria, and communicating the results to interested users (American Accounting Association, 1973). In the corporate context, auditing serves to provide assurance to stakeholders that financial information is accurate, internal controls are effective, and operations are conducted in compliance with applicable laws and regulations. (American Accounting Association, 1973)

External Auditing: External auditors are independent professionals, typically from public accounting firms, who are engaged by a company to express an opinion on whether the financial statements are presented fairly, in all material respects, in accordance with applicable financial reporting standards (e.g., IFRS). External auditors are appointed by shareholders (or the board audit committee) and report to shareholders. Their primary responsibility is to the investing public, not to management. External audits are mandatory for public companies, banks, insurance companies, and other regulated entities (IFAC, 2018). (IFAC, 2018)

Internal Auditing: Internal auditors are employees of the organization who provide independent, objective assurance and consulting services designed to add value and improve an organization’s operations. The Institute of Internal Auditors (IIA, 2017) defines internal auditing as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.” Internal auditors evaluate the effectiveness of risk management, control, and governance processes. Unlike external auditors who focus on financial statement accuracy, internal auditors have a broader scope, including operational efficiency, compliance, fraud risk, and strategic alignment. (IIA, 2017)

Forensic Auditing: Forensic auditing is a specialized field that focuses on detecting, investigating, and documenting fraud. Forensic auditors use accounting, auditing, and investigative skills to examine financial evidence for use in legal proceedings. Forensic audit procedures include data analytics, transaction testing, interviews, document examination, and digital forensics (Bhasin, 2016). (Bhasin, 2016)

2.2.3 Auditor Responsibilities Regarding Fraud

The responsibilities of auditors regarding fraud are defined by professional standards. International Standard on Auditing (ISA) 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements,” establishes the external auditor’s responsibilities (IFAC, 2018). (IFAC, 2018)

Key requirements of ISA 240 include:

• Professional Skepticism: Auditors must maintain an attitude of professional skepticism throughout the audit, recognizing that material misstatements due to fraud could exist, regardless of the auditor’s past experience with the entity.
• Fraud Risk Assessment: Auditors must identify and assess risks of material misstatement due to fraud at the financial statement level and at the assertion level. This includes understanding the entity’s fraud risk factors (incentives/pressures, opportunities, attitudes/rationalizations).
• Responses to Assessed Risks: Auditors must design and implement audit procedures that respond to assessed fraud risks. These include testing journal entries, reviewing accounting estimates for bias, and performing audit procedures to address management override of controls.
• Communication: Auditors must communicate identified or suspected fraud to appropriate levels of management, the audit committee, and, in some cases, regulatory authorities.
• Documentation: Auditors must document their fraud risk assessment procedures, their responses to assessed risks, and any identified or suspected fraud.

Limitations of the audit regarding fraud: ISA 240 explicitly acknowledges that the auditor is not required to detect all fraud. The standard states that “the auditor is not and cannot be held responsible for the prevention of fraud” and that “an audit conducted in accordance with ISAs rarely involves the authentication of documents.” The standard recognizes that collusion, management override, and forgery may prevent auditors from detecting material misstatements due to fraud (IFAC, 2018). (IFAC, 2018)

The IIA’s IPPF requires internal auditors to “evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.” Internal auditors are expected to have sufficient knowledge to identify fraud indicators, but they are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud (IIA, 2017). (IIA, 2017)

2.2.4 Internal Control and Fraud Prevention

Internal control is a process designed by an organization’s board and management to provide reasonable assurance regarding the achievement of objectives in three categories: (1) effectiveness and efficiency of operations; (2) reliability of financial reporting; and (3) compliance with applicable laws and regulations. The Committee of Sponsoring Organizations (COSO) Internal Control—Integrated Framework (2013) identifies five components (COSO, 2013). (COSO, 2013)

Control Environment: The set of standards, processes, and structures that provide the foundation for internal control. It includes the integrity and ethical values of management, the board’s oversight responsibility, the commitment to competence, the organizational structure, and the assignment of authority and responsibility. The control environment is often described as “tone at the top.” A weak control environment undermines all other controls.

Risk Assessment: The identification and analysis of risks to achieving the entity’s objectives. Management must specify objectives with sufficient clarity to enable risk identification, analyze the likelihood and impact of risks, and consider the potential for fraud. Fraud risk assessment is a critical component.

Control Activities: The actions established through policies and procedures that help ensure that management’s directives to mitigate risks are carried out. Control activities include approvals, authorizations, verifications, reconciliations, segregation of duties, physical safeguards over assets, and IT controls (e.g., access restrictions, system change controls).

Information and Communication: Information is necessary for the entity to carry out internal control responsibilities. Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. Effective communication ensures that personnel understand their control responsibilities and that exceptions are escalated.

Monitoring: The process by which management assesses the quality of internal control performance over time. Monitoring includes ongoing evaluations (built into business processes) and separate evaluations (periodic audits and reviews). Internal audit is a key monitoring mechanism.

Auditors evaluate each of these components and issue recommendations for improvement. Strong internal controls reduce the opportunity for fraud (fraud triangle) (COSO, 2013). (COSO, 2013)

2.2.5 The Fraud Triangle

The fraud triangle, developed by criminologist Donald Cressey (1953), is the most influential framework for understanding the causes of fraud. Based on interviews with embezzlers, Cressey identified three conditions that must be present for fraud to occur (Cressey, 1953). (Cressey, 1953)

Perceived Pressure/Incentive: The fraudster faces some financial or non-financial pressure that creates an incentive to commit fraud. Pressures may include financial difficulties (gambling debts, medical bills, lifestyle expectations), work-related pressures (performance targets, bonus goals, fear of job loss), or external pressures (loan covenants, shareholder expectations). In corporate fraud, pressures often come from earnings targets, debt covenants, or stock price expectations.

Perceived Opportunity: The fraudster believes there is an opportunity to commit fraud without being detected. Opportunities arise from weak internal controls (lack of segregation of duties, inadequate authorization, poor supervision), ineffective oversight (weak board or audit committee), collusion among employees, or management override of controls.

Rationalization: The fraudster justifies the fraudulent behavior as acceptable. Common rationalizations include: “Everyone does it,” “I deserve this (I’m underpaid),” “I’m just borrowing (I’ll pay it back),” “It’s not that much money,” “The company can afford it,” or “It’s not really hurting anyone.”

Auditors contribute to fraud prevention and control primarily by reducing opportunity. Through their evaluation of internal controls, auditors identify control weaknesses that create opportunities for fraud. Through their recommendations, auditors help management strengthen controls, closing opportunities. Through the threat of detection (audit procedures), auditors increase the perceived risk of getting caught, deterring potential fraudsters. However, auditors have limited ability to address pressure or rationalization (Wolfe and Hermanson, 2004). (Wolfe and Hermanson, 2004)

2.2.6 The Fraud Diamond

The fraud diamond, an extension of the fraud triangle by Wolfe and Hermanson (2004), adds a fourth element: capability. Even if pressure, opportunity, and rationalization are present, fraud will not occur unless the potential fraudster has the personal capability to commit and conceal the fraud. Capability includes (Wolfe and Hermanson, 2004). (Wolfe and Hermanson, 2004)

• Position and authority: Having access to assets or information.
• Intelligence and knowledge: Understanding the system’s weaknesses.
• Ego and confidence: Believing they won’t be caught.
• Coercive power: Ability to pressure others to assist or remain silent.
• Ability to handle stress: Maintaining composure under scrutiny.

The fraud diamond has implications for auditors. Certain individuals—especially senior executives with authority to override controls, knowledge of the accounting system, and the ego to believe they can outsmart auditors—pose higher fraud risk. Auditors are required by ISA 240 to consider management’s capability to override controls and to design audit procedures accordingly (e.g., testing journal entries, reviewing accounting estimates for bias). The fraud diamond suggests that auditors should pay particular attention to “tone at the top” and to the personal characteristics of key executives (Wolfe and Hermanson, 2004). (Wolfe and Hermanson, 2004)

2.3 Theoretical Framework

This section presents the theories that provide the conceptual lens for understanding audit as a tool for prevention and control of fraud. Five theories are discussed: agency theory, fraud triangle theory, fraud diamond theory, deterrence theory, and the COSO internal control framework.

2.3.1 Agency Theory

Agency theory, developed by Jensen and Meckling (1976), is the most widely cited theoretical foundation for auditing. Agency theory posits a conflict of interest between principals (shareholders) and agents (managers). Managers may pursue self-interest (excessive compensation, fraud, expropriation) rather than maximizing shareholder value. This divergence creates agency costs, including monitoring costs (expenditures to oversee the agent), bonding costs (expenditures by the agent to assure the principal), and residual loss (value lost despite monitoring). Auditing is a monitoring mechanism that reduces agency costs by providing independent verification of agent actions and financial reports (Jensen and Meckling, 1976). (Jensen and Meckling, 1976)

From an agency theory perspective, auditing reduces fraud by: (1) increasing the probability of detection (deterrence); (2) identifying fraud that has occurred (detection); and (3) reporting fraud to principals (accountability). When managers know that their actions and reports will be audited, they are less likely to engage in fraud (deterrence effect). When fraud occurs, auditors may detect it (detection effect). Agency theory predicts that firms with stronger audit oversight (independent, competent, well-resourced) will have lower fraud incidence (Jensen and Meckling, 1976). (Jensen and Meckling, 1976)

Agency theory also explains the demand for internal auditing. Even when external auditors are present, internal auditors provide ongoing monitoring that external auditors cannot provide (due to the external audit’s annual frequency). Internal auditors who report directly to the audit committee (rather than management) are more effective monitors because they are independent of the agent being monitored (Adams, 1994). (Adams, 1994)

2.3.2 Fraud Triangle Theory

The fraud triangle, developed by Cressey (1953), is the most influential framework for understanding the causes of fraud. As discussed in Section 2.2.5, the fraud triangle identifies three conditions necessary for fraud: pressure/incentive, opportunity, and rationalization (Cressey, 1953). (Cressey, 1953)

From an audit perspective, the fraud triangle suggests that auditors can reduce fraud primarily by reducing opportunity. Auditors identify control weaknesses (opportunities) through their evaluation of internal controls. Auditors recommend improvements that close these opportunities. Auditors increase the perceived probability of detection, which reduces the perceived opportunity (fraudsters believe they will be caught). Auditors have limited ability to address pressure (e.g., financial difficulties) or rationalization (e.g., “everyone does it”), but they may influence them indirectly through recommendations (e.g., realistic performance targets reduce pressure; ethics training reduces rationalization) (Cressey, 1953). (Cressey, 1953)

This study uses the fraud triangle as a framework for understanding how auditors can address each of the three conditions (Cressey, 1953). (Cressey, 1953)

2.3.3 Fraud Diamond Theory

The fraud diamond, developed by Wolfe and Hermanson (2004), extends the fraud triangle by adding a fourth element: capability (the fraudster’s ability to commit and conceal fraud). As discussed in Section 2.2.6, the fraud diamond includes pressure, opportunity, rationalization, and capability (Wolfe and Hermanson, 2004). (Wolfe and Hermanson, 2004)

From an audit perspective, the fraud diamond suggests that auditors must consider the capability of individuals, particularly senior executives, to commit and conceal fraud. Auditors should assess: (1) whether management has the authority to override controls; (2) whether management has the knowledge to manipulate accounting records; (3) whether management has the ego to believe they won’t be caught; and (4) whether management can coerce others to assist or remain silent. ISA 240 requires auditors to consider management override of controls, which is a capability issue (Wolfe and Hermanson, 2004). (Wolfe and Hermanson, 2004)

This study uses the fraud diamond as a framework for understanding how auditors can address capability through procedures such as testing journal entries, reviewing accounting estimates for bias, and interviewing employees about management pressure (Wolfe and Hermanson, 2004). (Wolfe and Hermanson, 2004)

2.3.4 Deterrence Theory

Deterrence theory, rooted in criminology (Beccaria, 1764; Bentham, 1789), posits that individuals refrain from committing crimes when the perceived costs of the crime (probability and severity of punishment) outweigh the perceived benefits. Deterrence has three components: (1) certainty (probability of detection and punishment); (2) severity (magnitude of punishment); and (3) celerity (swiftness of punishment). Increasing any of these components increases deterrence (Gibbs, 1975). (Gibbs, 1975)

Auditing contributes to deterrence primarily through certainty. The more likely a potential fraudster believes it is that their fraud will be detected (by auditors or other mechanisms), the less likely they are to commit fraud. Auditors increase perceived detection probability through: (1) the reputation of the audit firm (Big Four auditors perceived as more thorough); (2) the frequency and intensity of audit procedures (surprise audits, data analytics); (3) the visibility of audit work (auditors observed testing transactions); and (4) the follow-up and enforcement of audit findings (recommendations implemented, fraud reported to authorities).

Deterrence theory also predicts that regulatory enforcement against auditors themselves (sanctions for audit failures) deters poor-quality audits. When auditors know that the FRC will review their work and that they may be fined or suspended for deficiencies, they have stronger incentives to perform thorough fraud procedures (Uche and Adeyemi, 2018). (Uche and Adeyemi, 2018)

This study uses deterrence theory to examine the effectiveness of audit and regulatory enforcement in deterring fraud (Gibbs, 1975). (Gibbs, 1975)

2.3.5 The COSO Internal Control Framework

The COSO Internal Control—Integrated Framework (2013) is the most widely accepted framework for internal control. As discussed in Section 2.2.4, the framework identifies five components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring (COSO, 2013). (COSO, 2013)

From an audit perspective, auditors evaluate each of the five COSO components and issue recommendations for improvement. Strong internal controls reduce the opportunity for fraud (fraud triangle). Auditors’ recommendations to strengthen internal controls are a key mechanism for fraud prevention. The COSO framework provides a structured approach for auditors to assess internal control effectiveness (COSO, 2013). (COSO, 2013)

This study uses the COSO framework to evaluate internal control quality and its relationship to fraud incidence (COSO, 2013). (COSO, 2013)

2.4 Empirical Review

This section reviews empirical studies that have examined the role of auditors in fraud prevention and control. The review is organized thematically: external auditor effectiveness, internal auditor effectiveness, factors affecting auditor effectiveness, audit committee effectiveness, and regulatory enforcement.

2.4.1 External Auditor Effectiveness in Fraud Detection

The most comprehensive evidence on fraud detection comes from the Association of Certified Fraud Examiners (ACFE). In its 2022 global study, based on 2,110 fraud cases investigated worldwide, the ACFE found that external audits detected only 4% of occupational fraud cases. The most common detection methods were tips (42% of cases, primarily from employees), internal audits (16%), and management review (12%). External audits ranked near the bottom, ahead only of police notification (3%) and confession (2%). The median loss in cases detected by external audit was 50,000 for tips (smaller losses are less likely to be detected by external audit). (ACFE, 2022)

The ACFE (2022) also found that fraud detection rates varied by organization size. In large organizations (over 10,000 employees), external audits detected only 2% of frauds; in small organizations (under 100 employees), external audits detected 8%. The author suggests that in small organizations, external auditors may perform more transaction testing (due to less reliance on internal controls), increasing detection probability. However, the overall conclusion is clear: external audits are not effective fraud detection mechanisms for occupational fraud. (ACFE, 2022)

In Nigeria, Eze and Nwadialor (2021) surveyed 200 corporate firms and found that only 12% of frauds had been detected by external auditors. The majority were detected by internal audit (24%), management review (18%), and employee tips (16%). The study also found that fraud detection by external auditors was more likely for financial statement fraud (28% of cases) than for asset misappropriation (6% of cases), consistent with the external audit’s focus on material misstatements. (Eze and Nwadialor, 2021)

2.4.2 Internal Auditor Effectiveness in Fraud Detection

Internal audits are more effective than external audits in detecting fraud. The ACFE (2022) found that internal audits detected 16% of occupational fraud cases, with a median loss of $80,000. Internal audit detection rates were highest in government (18%) and public companies (16%), and lowest in small businesses (8%). The effectiveness of internal audit varied with internal audit quality: organizations with internal audit functions that reported directly to the audit committee had detection rates nearly double those where internal audit reported to management (22% vs. 11%). (ACFE, 2022)

In Nigeria, Okoye, Okafor, and Nnamdi (2020) surveyed 150 corporate firms and found that 24% of frauds were detected by internal audit, making it the most effective detection mechanism after employee tips. Internal audit effectiveness was positively associated with: reporting line (direct to audit committee), budget adequacy (over ₦20 million annually), staff qualifications (CIA, CISA, CFE certifications), and use of data analytics. Firms with high-quality internal audit functions had fraud incidence rates 40% lower than firms with low-quality functions. (Okoye et al., 2020)

Okafor and Ugwu (2021) examined the specific internal audit procedures most effective in fraud detection. Using survey data from 100 internal audit heads, they found that surprise audits (unannounced visits) were rated most effective (mean 4.5/5), followed by data analytics (4.3/5), reconciliation testing (4.1/5), and control walkthroughs (3.8/5). Routine audit procedures (e.g., annual control testing) were rated less effective (3.2/5). The study concluded that internal audit effectiveness requires a mix of routine and surprise procedures. (Okafor and Ugwu, 2021)

2.4.3 Factors Affecting Auditor Effectiveness in Fraud Detection

Several studies have examined factors that affect auditor effectiveness in fraud detection. Audit firm size is a commonly studied factor. Casterella and Johnston (2013) found that Big Four auditors detected more material misstatements (including fraud-related misstatements) than non-Big Four auditors in a sample of US public companies. However, after controlling for client size and complexity, the difference was not significant. The authors concluded that Big Four firms audit larger, more complex clients, making direct comparison difficult. (Casterella and Johnston, 2013)

Auditor tenure has been extensively studied. Carey and Simnett (2006) found that auditor tenure beyond 10 years was associated with lower audit quality, as measured by the propensity to issue going-concern opinions and the magnitude of discretionary accruals. The authors concluded that long tenure reduces professional skepticism. However, other studies have found no effect or a positive effect (long tenure increases industry knowledge). (Carey and Simnett, 2006)

Audit fees affect audit quality. High audit fees may reflect more audit effort (higher quality), or may reflect fee dependence that compromises independence. Low audit fees may reflect fee pressure, leading to reduced audit procedures (lower quality). In Nigeria, Adeyemi and Uche (2018) found that 45% of financial managers reported pressure to reduce audit fees, and those reporting fee pressure also reported lower perceived audit quality and fewer fraud detection incidents. (Adeyemi and Uche, 2018)

Industry specialization is associated with higher audit quality. Balsam, Krishnan, and Yang (2003) found that industry specialist auditors (those with large market share in an industry) were associated with lower discretionary accruals and higher earnings response coefficients, indicating higher audit quality. Industry specialists have deeper knowledge of industry-specific risks, including fraud risks, enabling more effective audit procedures. (Balsam et al., 2003)

Professional skepticism is a critical auditor trait. Hurtt, Brown-Liburd, Earley, and Krishnamoorthy (2013) found that auditors with higher trait skepticism (a disposition to be questioning and probing) were more likely to identify fraud cues and to perform additional procedures when fraud risk was high. The study concluded that professional skepticism can be trained and that audit firms should emphasize skepticism in their training programs. (Hurtt et al., 2013)

2.4.4 Audit Committee Effectiveness and Fraud

The audit committee is responsible for overseeing financial reporting, internal controls, and the audit function. Several studies have examined the relationship between audit committee effectiveness and fraud incidence. Beasley (1996) found that firms with fraudulent financial reporting had weaker audit committees: fewer independent directors, fewer financial experts, and less frequent meetings. The study concluded that strong audit committees reduce fraud risk. (Beasley, 1996)

In Nigeria, Adeleke and Ogunyemi (2019) surveyed 120 corporate firms and found that audit committee effectiveness (measured by independence, financial expertise, meeting frequency, and access to auditors) was negatively associated with fraud incidence (r = -0.48, p < 0.01). Firms with highly effective audit committees had fraud incidence rates 35% lower than firms with ineffective committees. The study also found that audit committees that met quarterly (rather than annually or semi-annually) had higher fraud detection rates. (Adeleke and Ogunyemi, 2019)

Uche and Adeyemi (2018) found that 52% of audit committee members in Nigerian firms lacked formal financial training, and 38% reported that they “rarely or never” challenged management or auditors on fraud-related issues. The study recommended mandatory financial literacy training for audit committee members and more active engagement with auditors on fraud risk. (Uche and Adeyemi, 2018)

2.4.5 Regulatory Enforcement and Audit Quality

Regulatory enforcement against auditors for audit failures can deter poor-quality audits. In the United States, the PCAOB’s inspection program and enforcement actions have been associated with improved audit quality (Carcello, Hollingsworth, and Mastrolia, 2011). In Nigeria, the FRC has conducted audit quality assurance reviews and sanctioned several audit firms for deficiencies. However, enforcement has been inconsistent, and few audit firms have faced significant penalties. (Carcello et al., 2011)

Uche and Adeyemi (2018) found that Nigerian auditors perceived the probability of being sanctioned for a poor-quality audit as low (mean 2.3/5), reducing deterrence. The study concluded that the FRC needs to increase inspection frequency, publish inspection results, impose meaningful sanctions, and refer serious cases for prosecution to increase deterrence. (Uche and Adeyemi, 2018)

2.5 Regulatory Framework in Nigeria

This section outlines the key regulatory provisions governing auditors’ role in fraud prevention and control in Nigeria.

Financial Reporting Council (FRC) of Nigeria Act, 2011: The FRC Act established the FRC as the apex regulatory body for financial reporting, auditing, and corporate governance. The FRC has powers to: (1) set accounting and auditing standards; (2) conduct audit quality assurance reviews; (3) investigate audit failures; (4) impose sanctions (fines, suspension, license revocation); and (5) refer cases for criminal prosecution.

Nigerian Code of Corporate Governance (2018): The Code requires public companies to: (1) establish internal control systems; (2) maintain internal audit functions; (3) establish audit committees with independent, financially literate members; (4) rotate audit firms every 10 years; (5) prohibit auditors from providing certain non-audit services (e.g., consulting, legal services) to audit clients.

Companies and Allied Matters Act (CAMA) 2020: CAMA requires that company financial statements be audited by independent chartered accountants. Section 414 requires directors to report on internal controls. Section 415 requires auditors to report to shareholders on whether financial statements are fairly presented. Section 420 imposes liability on auditors for negligence or misconduct.

ISA 240 (Adopted by FRC): ISA 240 requires auditors to maintain professional skepticism, assess fraud risks, design responsive procedures, test for management override, and communicate identified fraud. Non-compliance with ISA 240 constitutes a breach of professional standards subject to sanction.

Economic and Financial Crimes Commission (EFCC) Act: Auditors are required to report suspected fraud to the EFCC. Failure to report may result in