OVER A DECADE AGO, THE AUDITING STANDARDS BOARD OF THE American Institute of Certified Public Accountants issued Statement on Auditing Standards No. 99: “Consideration of Fraud in a Financial Statement Audit.” One of the new provisions of the standard for financial statement auditors is the requirement to ask employees, many employees, if they are aware of any fraud or suspicions of fraud that is occurring in their company.

As a financial statement auditor, I was encouraged by the fact that my profession recognized the importance of including this type of provision in the auditing literature. With my obvious love of fraud detection and investigation, I looked forward with great anticipation to this new method of soliciting information about potential fraud.

To say that I was unprepared for the answers I would receive is an understatement. It’s a simple question that can be answered yes or no. If yes, then please expand. It didn’t quite turn out to be that simple. The following is a list, not all-inclusive, of some of the answers I would get:

• “No, I don’t think so. We don’t even have a website.”
• “No, our cyber-security is second to none.”
• “Yes, but I can’t tell you what or who it is.”
• “Our company doesn’t allow pets.” (Author’s note: Let that one sink in for a minute.)

and finally,

• “Huh? What?”

Without even a close second, this last answer was the predominant response I received when asking the question. It became ...