SOX brought fraud detection into auditors' responsibilities. Specifically, auditors are to look for indications of fraud on the financial statements. We all know that the financial statements are the responsibility of the company's management (see any audit report for proof), so, essentially, auditors are looking for fraud on the part of management. Both management and the auditor are hired by the Board of Directors, and the auditor's payment is authorized by management (if there are good internal controls). So here is the conundrum. If the auditor is looking for fraud by management, aren't they 'biting the hand that feeds them'? Isn't there a conflict in looking for fraud on the part of the folks who pay you? If there is a conflict, how could we resolve it (be imaginative)? If there is not a conflict, why not?