Clarified Auditing Standards: Fraud in a Financial Statement Auditby
While fraud issues have been considered by auditors for many decades, and while this statement is a redraft of SAS No. 99 (see AU-C 240, Consideration of Fraud in a Financial Statement Audit), opportunities for perpetrating fraud using technology and other means still abound. In this first part of two articles, we’ll discuss key requirements of the statement. The second part will discuss application issues pertinent to today’s world of audits.
Considered along with material misstatement due to error, fraud can cause misstatements from fraudulent financial reporting and from misappropriation of assets. Management and those charged with governance have the primary responsibility for the prevention and detection of these frauds.
Normally, the risk of not detecting material misstatements due to fraud is higher than not detecting misstatements due to error. This may occur because perpetrators of fraud may use carefully designed methods of forgery, transactions recording, and misstatements. In addition, several persons may collude to conceal the fraud. The risk of management fraud not being detected is usually greater than employee fraud because management has a greater opportunity to override internal controls and manipulate accounting information.
Defined in the basic objectives of the Clarified Auditing Standards, professional skepticism is:
“An attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and a critical assessment of audit evidence.”
Risk of material misstatement at the financial statement and assertion levels will affect the degree of the auditor’s professional skepticism. While an auditor will always maintain professional skepticism, higher assessed levels of risk of material misstatement should result in higher levels of professional skepticism. For example, when risk of material misstatement is high, an auditor should request supporting documentation to corroborate management’s responses to inquiries.
Engagement Team Discussion
In the engagement team’s planning and brainstorming meeting, the engagement leader (e.g., partner, sole practitioner) should facilitate a discussion about possible misrepresentation of financial information and misappropriation of assets. The engagement team should hold this discussion by disregarding beliefs and knowledge of the honesty and integrity of entity management and employees. Particularly for recurring audits, familiarity with the honesty and integrity of reporting entity personnel may inadvertently lead to a decrease in an auditor’s professional skepticism. Compliance with the specific requirements of this statement, paired with a CPA firm’s quality control system, will provide safeguards to prevent this possibility.
Some of the matters the engagement team should discuss at meetings include:
- All internal and external factors that could be part of the “fraud triangle”:
- Incentives and pressures to commit fraud.
- Opportunities to perpetrate fraud.
- Rationalizations for committing fraud.
- Possibilities and risk of management override of controls.
- Circumstances that might cause management to manage, manipulate, or misstate financial information.
- How professional skepticism should be maintained during the audit and how team members should respond to assessed levels of risk of material misstatement.
Fraud Risk Assessment Procedures
Discussions with management and others included in the auditor’s risk assessment procedures may include:
- Management’s internal control risk assessment and monitoring processes.
- Management’s communication with persons charged with governance regarding risk assessment, monitoring, and any planned corrective actions.
- Management’s communication of business practices and ethical behavior to employees.
- Management’s and persons-charged-with-governance's knowledge of alleged, suspected or actual fraud.
- Persons-charged-with-governance's oversight of management’s processes and internal controls for identifying and responding the risks of fraud.
- Results of the auditor’s analytical procedures and any unusual or unexpected relationships that may be indicative of fraud.
Part 2 of this article will discuss further the identification and assessment of risks of material misstatement due to fraud, auditor’s responses, the evaluation of evidence, communications with management and persons charged with governance and audit documentation of these issues.
My exclusive presentation of webcasts on CPE Credit.com and self-study courses covering various applications of auditing standards can be accessed by clicking the appropriate box on the left side of my home page, www.cpafirmsupport.com. Registered users on my website receive a 20 percent discount on CPE materials presented by myself and numerous other authors on a variety of professional topics. My assistance in CPA firm quality control consulting, audit planning and peer review preparation can be obtained by sending an email using the “Contact Us” tab on my home page.