Dad and young son playing chess

To combat financial fraud in Europe, strengthen every line of defense

Reinforcing the roles of auditors, companies and regulators and, expanding the use of technology in the audit can minimize financial reporting fraud risk.

In brief

  • As one of the lines of defense, the introduction of key innovations to the audit process will help better detect fraud, but changes to the wider ecosystem are needed.
  • Strong corporate governance and strengthening the role of supervising regulators and enhanced auditing standards could also help strengthen the financial reporting ecosystem.

The audit profession serves a critical role in the financial reporting ecosystem and effective auditing contributes to the integrity of the capital markets. When there are high-profile corporate financial frauds, the work of auditors should be scrutinized. Recent events in Europe are a reminder that auditors can and must do more. But auditors cannot combat fraud alone.

European Commission Executive Vice-President Valdis Dombrovskis recently stated that the three lines of defense – strong corporate governance and the regulation that underpins it, statutory audits, and supervision and enforcement by regulators – create an ecosystem which must work together to detect and combat collusive financial fraud.

Strengthening the lines of defense

As one of the three lines, we agree and believe that the solution is to strengthen all three of them and make them more mutually reinforcing. That is why we are introducing key innovations to the audit. These include the mandating of the use of data analytics for fraud testing and enhancing risk assessments and audit scoping by using more external data and information. Also, we are mandating annual fraud training for all audit professionals.

We are also advocating for specific changes to strengthen the entire ecosystem.

  • Strong corporate governance and standards for maintaining effective internal control over financial reporting should be a precondition for listing on a major stock market index, as it already is in many countries. This would raise standards quickly and lower risk for investors. As part of their system of internal control over financial reporting, companies should also be required to address the risk of fraud and set out clear and specific roles for each stakeholder, including management, the board, the audit committee and internal audit. We support the practice of management sign-off on internal control over financial reporting.
  • Supervising regulators should also be strong and equipped with powers and technology. There is clear-cut evidence on the efficacy of strong regulators in combating corporate fraud in many parts of the world. Whether fighting fraud or financial crime, European supervisory authorities could consider pooling their resources in the pursuit of international fraudsters and initiate joint or harmonized supervision across national markets.
  • Auditing standards need to be fit for purpose when it comes to detecting increasingly complex corporate frauds. In Europe, rules should be harmonized to the strongest existing standards relating to fraud. We welcome the consultations recently launched by the International Auditing and Assurance Standards Board (IAASB) and the UK’s Financial Reporting Council.

Working together to detect fraud

There is also an opportunity for all involved – company management and boards, auditors and regulators – to focus more on corporate culture and behaviors to support fraud detection. The fraud triangle, a model used to consider fraud risk, holds that three factors – opportunity, pressure and rationalization – are typically present when frauds occur. We believe that developments in technology and research could now make it possible to better evaluate pressure and rationalization, and to feed the results into the fraud risk assessment process. For example, consideration of the fraud triangle could be a part of a company’s system of internal control over financial reporting in addressing the risk of fraud and the audit profession could deploy people with different skills to look at all three factors to enhance our ability to detect fraud. We welcome dialogue with all stakeholders to explore opportunities in this area.

We know the audit needs to change and we want to play an active role. However, this will be futile unless the other two lines of defense against corporate fraud are strengthened as well. Ultimately, to combat frauds, all stakeholders must seize the opportunity to work together to strengthen the entire financial reporting ecosystem.

EY has set out a call to action based on the three lines of defense in its report titled Preventing and detecting fraud: how to strengthen the roles of companies, auditors and regulators.


The financial reporting ecosystem is in an evolutionary phase where combatting fraud is a work in progress. Augmenting the audit framework through the use of technology, changes in auditing standards and stronger roles of companies, auditors and regulators will help better detect fraud.

About this article

Related articles

Preventing and detecting fraud: how to strengthen the roles of companies, auditors and regulators

Find out why a reexamination is needed of how traditional audit procedures approach the risk of fraud.

18 Nov 2020 Marie-Laure Delarue