Inadequate Auditing and Internal Control: Lessons from Equity Funding

The collapse of Equity Funding had a significant impact on business practices and institutions, with its lessons remaining relevant even after 30 years. Auditors at Equity Funding did not gather enough evidence, assess internal control, or verify the computer system, which ultimately led to its downfall.

The audit premise----- understanding internal control system AUS 402.41 requires the auditor to gain an understanding of internal control relevant to the audit. Effective internal control can provide “protection against human errors and reduce errors or irregularities’ (Leung et al, 2007), as well as give auditors reasonable assurance for relying on internal control to audit under limit of economic fee.

To support an opinion on the financial statement, auditors must have sufficient knowledge of internal control, including the design of policies and procedures of internal control, and then determine whether they are in operation in assessing audit risk and making audit plans. (Leung et al, 2007).

Internal control procedures can be compromised by management override and collusion, as seen in EFCA where a significant number of personnel were involved in collusion.

Get quality help now
checked Verified writer

Proficient in: Business

star star star star 5 (339)

“ KarrieWrites did such a phenomenal job on this assignment! He completed it prior to its deadline and was thorough and informative. ”

avatar avatar avatar
+84 relevant experts are online
Hire writer

Auditors should have been able to detect this by evaluating the company's control environment, including the ethics and integrity of management and employees, as well as ensuring proper segregation of duties.

Unfortunately, the auditors of EFCA did not have a thorough understanding of the organization's internal control procedures, particularly the computerized accounting system (Lee and Marc, 2002). This lack of comprehension resulted in noticeable inconsistencies and irregularities in the inter-company accounts of EFCA and its subsidiaries. If the auditors had properly reconciled the parent company's account with its subsidiaries, they would have likely detected the internal control deficiencies.

Get to Know The Price Estimate For Your Paper
Number of pages
Email Invalid email

By clicking “Check Writers’ Offers”, you agree to our terms of service and privacy policy. We’ll occasionally send you promo and account related email

"You must agree to out terms of services and privacy policy"
Write my paper

You won’t be charged yet!

Additionally, if they had regularly updated their technological skills and closely monitored the data processing procedures for reliability, instances of computer fraud would have been less likely to go unnoticed for an extended period.

When there is a lack of full understanding of the internal control system, it becomes difficult to assess control risk accurately. This made it impractical for auditors to determine control risk and develop a suitable audit strategy. Incorrect judgments regarding the control system and audit strategy could directly lead to auditing failures in EFCA. In one instance, Haskins and Sells, the auditors of EFLIC, placed excessive trust in the effectiveness of the control systems and relied heavily on management, such as relying solely on print-outs and similar data generated by EFLIC's computer (Lee et al, 2002).

Moreover, the auditors neglected to assess the effectiveness of internal control design and operations based on their evaluation of control risk. The testing procedures primarily rely on gathering audit evidence. ASA 330 stipulates that as the assessment of control risk decreases, the auditor should gather more evidence to support their judgment. Regrettably, the auditors did not acquire enough credible evidence to substantiate their assessment, a topic that will be further explored in the following section.

Collecting audit evidence is the basis of an audit.

According to ASA 500.5 (ISA 500.2), auditors must gather and assess "sufficient and competent evidential matter" when forming an opinion on financial statements.

When auditors encounter questionable or significant issues, they must gather additional audit evidence. While cash-flow numbers are difficult to manipulate since auditors can verify them by comparing with bank statements, the concentration should shift to areas with numerous items under assets. For example, in the case of EF, a "25 million increase in California subsidiary's account receivable" was fabricated to address cash shortages. By reconciling financial reports with ledgers and original documents, as well as re-performing calculations like totaling subsidiaries' accounts receivable, auditors can easily uncover inconsistencies between parent and subsidiary accounts.

External evidence from independent sources is typically considered more reliable than internally generated evidence. In the case of Equity Funding, this external evidence could have been obtained from affiliated companies and third parties like policyholders (Dean and Wolnizer, 1978). However, critics argue that auditors of EFCA did not collect enough external evidence and instead heavily relied on management representations. For example, auditors attempted to confirm policies with policyholders, but the letters were sent by EFCA officers and filled out for fictitious policyholders (Dean and Wolnizer, 1978). If auditors had gathered sufficient external evidence, the fraud could have been detected early on.

If the audit evidence is insufficient to support the judgment on internal control and assessment on audit risks, the audit procedures and audit strategy based on them would be invalid and problematic. As a result, the auditors would be unable to form a accurate opinion on the truth and fairness of the financial statements.

The biggest characteristic of EFCA fraud is the erosion of computerized systems. One of the most common forms of computer crime is data diddling, as seen in the classic fraud case of Equity Funding (M. E. Kabay, 2002). EFCA lacked the assertion of inherent risk and internal control over its computerized systems. Effective controls for a computerized system should encompass both general controls and application controls (Gay and Simnett, 2005).

In EFCA, the lack of internal controls was evident in the collusive frauds committed by management and employees, either actively or passively. This was exemplified by the director instructing a programmer to create fictitious policies, which were then eliminated without raising suspicions from reinsurers. This merging of incompatible functions within the IT department allowed for an easier path for fraud to occur (Lee et al, 2002).

When it comes to application controls, there are user controls and IT controls. IT personnel should establish input controls by implementing control totals, key verification, and key entry validation. It appears that EFCA may not have adequately implemented these input controls, as real and fictitious data were mixed together. In addition, output controls ensure that outputs are appropriate, reasonable, and only accessible to authorized users. Since EFCA utilized a computer program, auditors may have lacked sufficient expertise in this complex and rapidly evolving area. It is recommended that specialists assist auditors in obtaining evidence rather than relying solely on evidence provided by EFCA. Otherwise, auditors should consider declining the engagement if they do not possess the necessary skills to perform the job effectively.

Auditors must ensure they obtain a sufficient understanding of internal controls relevant to the audit, as per AUS 402.41. While management is responsible for enforcing adequate internal controls, auditors should fulfill their duties with professional skills and care. It is important for auditors to identify any questionable areas that could indicate the risk of fraud, as was the case with the prolonged fraud at Equity Funding.

Therefore, in conclusion,

Auditors lacked a proper understanding of internal control and failed to obtain adequate evidence to support their judgment, leading to fraud in EFCA. The computerized system was a crucial component of the control systems, but the lack of knowledge and technology skills hindered auditors in fulfilling their duties.


1. Leung, Coram and Cooper (2007) Modern Auditing & Assurance Services, 3rd Edition

2. Lee, J S. Fredrick, A. Marc, J E. 2002, [Book Chapter] The Equity Funding Papers. DOI 10.glsnp736/5028

3. Robert M. Loeffler, 1974, Trustee Report of the Trustee of Equity Funding Corporation of America Pursuant to Section 167(3) of the Bankruptcy Act (11 U.S. C. §567(3))

4., “Equity Funding: Could it happen again” (accessed 29/09/2007)

5. G. Gay and R. Simnett, 2005, Auditing and Assurance Services in Australia, McGraw Hill

6. G W Dean, P W Wolnizer March 1978, The Securities Fraud of the Century ,The Chartered Accountant, The Chartered Accountant ,DOI 10.glsnp763/5003

7. U.S. Securities and Exchange Commission 2002, Study Pursuant to Section 108(d) of the Sarbanes-Oxley Act of 2002 on the Adoption by the United States Financial Reporting System of a Principles-Based Accounting System, DOI 10.glsnp266/2584

8. AUS210

Source: AUS 210 (accessed 29/09/2007) 9. Ray Dirks and the Equity Funding Scandal
10. (accessed 29/09/2007)
11. The Woman CPA, July 1976, Page 11, "Equity Funding: The Profession Reacts"

Updated: Feb 21, 2024
Cite this page

Inadequate Auditing and Internal Control: Lessons from Equity Funding. (2016, Nov 10). Retrieved from

Inadequate Auditing and Internal Control: Lessons from Equity Funding essay
Live chat  with support 24/7

👋 Hi! I’m your smart assistant Amy!

Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.

get help with your assignment