Near the end of a client engagement, Sally, the auditor, realizes she needs clarifying information about certain customer sales made on contract. She emails the client's CFO, James, for additional details about the contract terms and underlying transactions. After two days, James has not responded, so Sally follows up with another email asking for the information. Shortly after, she receives a vague response laden with lots of doublespeak and technical jargon with which Sally is not familiar.
What Sally doesn't realize is that James spent hours drafting and redrafting the reply to carefully word his response to answer enough of Sally's questions while also not arousing her suspicions. In reality, the company had made verbal side agreements with the customer to modify the contractual terms, and the transactions were recognized prematurely on the books. However, in his response, James was able to obscure this fact and still provide enough information to appease Sally. By taking his time to reply, he also left Sally with less time to consider additional follow-up questions. James's ploy worked; Sally documented James's email response as a sufficient explanation and concluded the engagement with an unqualified opinion.
TECHNOLOGY'S EFFECT ON THE PACE OF CHANGE
Modern languages continually evolve. Some evolution comes from necessity. For example, we create words to describe new technology, such as texting or Wi-Fi. Other changes reflect evolving social or cultural norms. New generations devise new slang, and old phrasing fades away. Over time, these types of changes percolate into business communications. In many ways, the rise of technology has hastened this linguistic evolution, particularly in the business environment.
Evolutions in language and communication have several ramifications that affect the way auditors should approach their engagements and their consideration of fraud risk. While some research on related topics has been performed by academic scholars, much of how this evolution will affect fraud is still being examined. This article is informed by academic research conducted through the Institute for Fraud Prevention (jointly founded by the Association of Certified Fraud Examiners and the AICPA) and other organizations. Research insights from these and future studies can help inform the business community's and auditing profession's responses to change.
IT'S BOTH WHAT YOU SAY ...
One linguistic trend in recent years involves the shortening of words and the use of more acronyms and other abbreviations, likely stemming at least partially from the collective increase in text messages, tweets, and short comments on various social media platforms. These communication channels lend themselves to quick, abbreviated messages. As people become more comfortable with these methods, the resulting social and technological communication styles spill over into other communications — including those in the professional context. For example, many people now send or receive business emails that contain btw, LOL, u (for you), and other modern shorthand. Add to the mix new jargon specific to industries and geographic regions, the evolving "business-speak" employed in many offices (e.g., dashboard, sprint, and evangelist are all now used in different contexts than they were a few decades ago), the advent of image-based communication such as emojis, and the continually changing slang that employees bring to the office, and the result is the dynamic — and sometimes confusing — language of modern business.
A large part of uncovering fraud involves picking up on clues during interviews, in routine discussions with clients, and in written communications and documents. Gaps in the professional's knowledge of current or relevant language can diminish his or her ability to draw context and meaning from these communications. Additionally, words that sound innocent based on prior use can become new words to obscure illicit activity, so accountants need to know what to watch for.
... AND HOW YOU SAY IT
Another dramatic change that affects the ability to detect fraud is the move to electronic channels as the dominant modes of business communication. The shift to emails, instant messages, and app-based communications has corresponded with fewer in-person conversations. Even the methods used for formal interviews have broadened. Interviews are increasingly conducted via video calls and apps or over the phone, especially when geographical or logistical barriers make it difficult to meet in person. According to "Learning the 'Craft' of Auditing: A Dynamic View of Auditors' On-the-Job Learning," by Kimberly Westermann, Jean Bedard, and Christine Earley, Contemporary Accounting Research, Vol. 32, Issue 3, page 864 (Fall 2015), there is some concern that auditors' use of technology decreases the desired attitudes and behaviors, such as critical thinking, and increases distraction during engagements.
Additionally, many people — including many auditors — are less experienced and even more uncomfortable communicating face-to-face or voice-to-voice than in the past. This can present huge challenges for auditors, especially when trying to discern the veracity of the information they're being given. As new generations enter the workforce, this evolution becomes even more pronounced. The youngest workers today have been raised using digital communications as the norm, so they might not even be aware of this shift or understand its potential impact. Thus, auditors who are more comfortable generally with electronic communications might default to that mode when seeking information as part of an audit. Doing so, however, can result in missing valuable nonverbal clues in other individuals' speed, tone, and inflection, as well as losing opportunities to ask immediate follow-up questions, as was illustrated in the introduction to this article. Further, even many individuals who are comfortable with face-to-face interaction have adapted to "quick hit" communication experiences, so longer, formal conversations can be difficult or undesirable.
Interestingly, research also shows there may be some benefit to this shift in communication. During an audit, younger auditors often must interact with very experienced practitioners to obtain needed evidence. In "The Effect of the Social Mismatch Between Staff Auditors and Client Management on the Collection of Audit Evidence," by G. Bradley Bennett and Richard Hatfield, The Accounting Review, Vol. 88, Issue 1, page 31 (January 2013), the authors note that, because young auditors are uncomfortable in face-to-face conversations, in such a setting, they might not ask for needed information from individuals who are much more senior than they are. However, young auditors may be more comfortable asking the tough questions via email, which may be a benefit of technology.
On the other side, if client employees are uncomfortable with in-person conversations, they might seem particularly stressed during audit interviews. The auditor should be able to establish rapport enough to help calm the person, as well as a baseline to discern whether someone is just uncomfortable generally or is under stress because he or she is being deceptive. Auditors might also encounter individuals who insist on checking their phones every few minutes, which can be a disruption to the conversation; in the extreme, such a diversion might be an intentional ploy to distract the auditor or attempt to end a conversation early. To address this concern, when conducting formal or sensitive interviews, auditors might request that the interviewee turn off his or her phone during the meeting; the auditor should do likewise to avoid interruptions and show reciprocal respect.
In addition, the social cues and body language displayed during an interview give vital context to the words being said. Seasoned auditors have long known that both how something is said and what is not said are often as important as what is said, especially in situations where there is reason to doubt the accuracy of the information being provided. And important signs of stress in verbal conversations — voice modulations, pauses before answering, stammering, or starting answers over — are absent in many forms of electronic communication. Thus, as noted in "Detecting Deception in Client Inquiries: A Review and Implications for Further Research," by D. Kip Holderness Jr., Journal of Forensic & Investigative Accounting, Vol. 6, Issue 2, page 81 (July—December 2014), it may be more difficult for auditors to uncover fraud if they rely too heavily on electronic communications.
The evolution of digital communications might also complicate auditing work when it comes to document retention and an organization's ability to comply with investigations. Employees' business use of text messaging and other non-email technologies is a particular concern for organizations facing requests for such content during an investigation. According to Smarsh's 2017 Electronic Communications Compliance Survey Report, 52% of survey respondents cited text/SMS messaging as the type of non-email content that is the greatest compliance risk to their organization. Compounding the challenge, almost half of organizations that allow their employees to use texting for business communications do not have retention mechanisms in place regarding these communications.
AN EMOJI IS WORTH A THOUSAND WORDS
The digital age has ushered in a new form of nonverbal communication that provides additional challenges and opportunities for auditors and investigators alike. Emojis, memes, bitmojis, digital stickers, and other image-based digital communications provide users quick, and often amusing, means of interacting with one another in emails, text messages, instant messages, and on social media. They also bring several specific considerations when it comes to detecting fraud.
Emojis are starting to appear as evidence in legal cases and have been strongly considered in making a determination in some cases, Gabriella E. Ziccarelli, an intellectual property attorney in New York, said in an interview for this article. In some situations, emojis might be used to indicate intent, such as whether someone agreed to enter into a contract. However, the legal issues related to these nonverbal messages are not only evolving but also potentially nebulous. For example, if one individual asks another to collude in a fraud scheme, and the second person responds with a smiley-face emoji, is that considered agreement? The person analyzing the message — whether an investigator, a judge, or a juror — must interpret both the sender's and receiver's intention with, and perception of, these messages.
Further, Ziccarelli said, we may see cases in the future in which fraudsters use emojis to conceal their actions. For example, she explained, a group of co-conspirators might agree that, in lieu of sending one another incriminating words, they will create an obscure code language using unrelated emojis, such as a unicorn and a football, to refer to their scheme. If the scheme were discovered and the fraudsters prosecuted, would a jury believe that a unicorn and a football are sufficient to find fraudulent intent? The unique challenge for counsel in building a case would be to gather additional sufficient evidence to provide the full context of those emoji messages.
Organizations and investigators who perform sentiment analysis and keyword searches should also consider including emojis and other nonverbal messages in their analyses. But in an interview, Joe Sremack, the director of Berkeley Research Group, noted additional hurdles in this area: These nonverbal digital communications are not addressed by standard e-discovery rules, and no existing off-the-shelf tools are designed to handle this type of data. So professionals are developing customized tools to assist with sorting through and analyzing this form of evidence. For example, coding can be used to translate nonverbal messages into readable text data; some programs note a text description of the emoji (e.g., "smile," "anger," or "thumbs-up") in place of the relevant image in the back-end data. The challenges are also somewhat platform dependent, according to Sremack. Organizations need to know all of the various programs and platforms their employees use to communicate with both internal and external parties, as well as the specific types of nonverbal mechanisms supported within those programs, in order to harvest and mine these data for warning signs of fraud.
Emojis and other nonverbal messages provide not only challenges but also some opportunity for advancing fraud detection initiatives. According to Ziccarelli, many individuals feel much more comfortable — and thus are more likely to overshare or speak freely — using emojis via certain platforms, particularly text or IM, compared to more formal communication methods like email. Ziccarelli explained that if management, auditors, or investigators are looking for quality evidence related to suspected fraud in employee communications, they should consider which platforms or programs employees might be most likely to use for these conversations, and review those communications along with emails and other traditional sources of unstructured data.
WHERE DO WE GO FROM HERE?
Language and communication will likely continue to evolve. To address these communication challenges while effectively fighting fraud, we need new approaches. As a foundational step, auditing firms and organizations should become familiar with and consider supporting research organizations such as the Institute for Fraud Prevention (theIFP.org) to ensure the profession stays ahead of the trend and has the knowledge needed to implement effective initiatives.
The following are some practical steps these parties can take based on what we already know about the changing landscape of language and communication:
- Audit leaders should encourage their staff members to have in-person conversations, especially when seeking important or potentially sensitive information from clients. Auditors should be reminded not to rely on emails or other electronic communications when they could walk down the hall, and that picking up the phone or doing a video call is preferable if distance is a factor. To facilitate this, firms can include some coaching in asking in-person questions as part of the staff's annual audit training. Having staff auditors practice formulating and posing to each other questions can help them boost their skills and their comfort level in conducting these interactions. Additionally, the training should include instruction to help staff learn to recognize which question types can be effectively posed electronically, and when face-to-face discussion is preferred.
- Auditors and anti-fraud staff also need to take proactive steps to keep up with language and communication changes so that they can effectively communicate with all parties during their engagements. The goal is to correctly understand — and use — the wording the interviewee uses to establish rapport and maintain the flow of information. However, this is not always possible. According to Don Rabon, owner and president of Successful Interviewing Techniques, if an auditor receives an answer that is unclear or contains language he or she is not familiar with, the worst thing he or she can do is continue the interview without knowing what the other person is saying or assuming he or she understands what is being communicated. If the interviewee uses an unfamiliar word, the auditor should ask for clarification, rather than assuming its meaning or skipping over the response. As noted in both the fictional example of Sally above and the real-life example of Enron — in which company management mocked reporters who asked for clarification about the company's operations as being stupid in order to cover their own fraudulent tracks — confusing language can be used intentionally to conceal misdeeds. Thus, audit leaders should emphasize that auditors need to ask clients for additional explanations when they don't understand the information they have received, and that they will be supported when they do so.
- To further ensure companies are harnessing the evolution of language in their fraud-detection programs, managers and auditors should continually update any textual analytics and sentiment analysis initiatives for slang, jargon, and other language changes used by staff. Reviewing and revising keyword lists and incorporating the evolving best practices for nonverbal messages, such as emojis, helps ensure those charged with detecting fraud are using the changes in the communication landscape to their benefit.
- Management at all organizations should encourage face-to-face communication at work. Keeping communication lines open is critical to effectively fighting fraud. While companies need to meet the evolving communications needs of their staff, they must also take steps to build a culture where people are, and remain, comfortable talking to each other in person. Team-building activities, in-person meetings, and open-door policies can all help foster such an environment.
- Companies should also ensure that their training and internal communications use language that is accessible to the audience. In some situations, this might even require using different wording for different groups. For example, the formality of the messaging might be adjusted for executives or junior-level staff. Similarly, management might choose to use certain jargon in communications to technical professionals but avoid it for employees in other business roles.
- Finally, organizations must ensure their policies keep up with the demands of the digital age. As legally permissible, companies need to update their policies to provide for management's ability to access employee communications conducted through apps and texts on company devices. They should also ensure the organization's document-retention policy addresses the retention of business communications through text messaging and other non-email technologies.
DON'T BE LEFT BEHIND
Staying one step ahead of fraudsters has always been a challenge, and the continuous changes in the way humans communicate have compounded, and will likely continue to compound, this task. Being aware of how this evolution affects fraud risk is the first step in ensuring that auditors and other anti-fraud professionals can effectively keep up. And by integrating the shifts in language and communication into fraud prevention and detection initiatives, as well as taking proactive steps to keep communication lines open and transparent, fraud fighters can make sure they're not left behind.
About the authors
D. Kip Holderness Jr., CPA, CFE, CMA, Ph.D., is an assistant professor of accounting at West Virginia University. Andi McNeal, CPA, CFE, (firstname.lastname@example.org) is director of research for the Association of Certified Fraud Examiners (ACFE), where she oversees the development and production of educational materials related to the prevention, detection, and investigation of fraud. Richard Riley, CPA/CFF, CFE, Ph.D., is the Louis F. Tanner Distinguished Professor of Public Accounting at West Virginia University and the director of research for the Institute for Fraud Prevention. Joseph T. Wells, CPA, CFE, is founder and chairman of the board of the ACFE and a two-time winner of the Lawler Award for best JofA article of the year. Wells is a member of the AICPA Business and Industry Hall of Fame.
To comment on this article or to suggest an idea for another article, contact Jeff Drew, a JofA senior editor, at Jeff.Drew@aicpa-cima.com or 919-402-4056.
- "What's Your Fraud IQ?" JofA, Sept. 2017
- "What's Your Fraud IQ?" JofA, June 2017
- "Forensic Interviews: Plan to Succeed," JofA, Aug. 2015
- Fundamentals of Forensic Accounting Certificate Program (#159950, online access; #GT-FACERT1BUNDLE.EL, group pricing)
For more information or to make a purchase, go to aicpastore.com or call the Institute at 888-777-7077.