Considerations

for Fraud in the Financial

Statement Audit
Misappropriation of Assets

n Generally referred to as theft or defalcation

n Responsibility extends to acts that result in a
material misstatement of the financial
statements
n Smaller companies are generally more
susceptible to material misstatements due to
defalcations
n Not likely to observe the actual theft, but more
likely to observe attempts
4 to conceal the theft
4
Fraud vs. Error

n Fraud is a legal concept

n Primary distinguishing factor is intent
n Fraud is intentional
n Fraud usually involves concealment
n Two types of misstatements are relevant:
¨ FraudulentFinancial Reporting
¨ Misappropriation of Assets
2
2
Fraudulent Financial Reporting
n Intentional misstatements or omissions of amounts or
disclosures
¨ Intended to deceive financial statement users
¨ Material effect on the financial statements
n Accomplished by
¨ Manipulating, falsifying, or altering accounting
records or supporting documents
¨ Missing, incomplete, or misleading disclosures
¨ Intentional misapplication of accounting principles

3
3
The “
Fraud Triangle”
Incentive /
Pressure

Opportunity Attitude /
Rationalization
Adapted from Occupational Fraud and Abuse,
Joseph T. Wells, Obsidian Publishing Company,
1997
5
5
Examples of Fraud
n Fraudulent Financial Reporting
¨ Use of undisclosed side agreements
¨ Inappropriate deferral of expenses
n Misappropriation of Assets
¨ Embezzling receipts
¨ Stealing assets
¨ Fictitious vendors
¨ Reprocessed invoices
n Management Override of Controls
¨ Fictitious journal entries
¨ Intentional bias of assumptions and judgments
used to estimate account balances
¨ Alter records and terms6 related to significant
unusual transactions 6
Who Commits Fraud?

n Insiders on payroll,
including members
of management
n External people

7
7
Consideration of Fraud: An
Ongoing Process
n Consideration of fraud is an ongoing
process throughout the audit
¨ Planning
¨ Execution
¨ Wrap up
n May want to arrange another team
discussion about the risks of material
misstatement due to8 fraud at the
8
conclusion of the audit
Professional Skepticism
n Stronger emphasis on consideration of
how and where material financial
statement fraud could occur
n Don’ t rely on past experience or prior
beliefs about management honesty and
integrity
n“ Questioning mind”
9
9
Identifying Fraud Risks

n Consider multiple sources of information

¨ Engagement team discussion
¨ Inquiries
¨ Planning analytics
¨ Fraud risk factors
¨ Other information (client continuance,
interim reviews)
n Output is a list of fraud
10 risks
10
Engagement Team Discussion

n Required as part of planning

n Key objectives
¨ Interactive exchange of ideas/information
¨ Emphasize importance of proper mindset
¨ Consider how and where material fraud could occur
¨ Identify and document known risks of fraud
¨ Team decision on game plan

11
11
Inquiries
n Specific inquiries required of:
¨ Management
¨ Audit Committee (or its chairman)
¨ Internal Auditors
¨ Others within the entity

n Inquiries of senior management (CEO,

COO, CFO and audit committee are
made by the partner, principal, or senior
manager
12
12
Inquiries of Others

n Others that we come into contact with

during the course of the audit
¨ Personnel responsible for recording
complex transactions
¨ Lower level financial or operating personnel

n Other key client personnel

¨ Divisionor location management
¨ In-house legal counsel
13
13
Analytical Procedures

n Analytical procedures performed in

planning the audit
¨ Broad indicator
¨ Consider results along with other
procedures
¨ Revenue analytical procedures

14
14
Other Information

n Information from the results of our

procedures relating to the acceptance
and continuance
of clients
n Reviews of interim financial statements
n Inherent risk considerations

15
15
Assessing the Risks of Fraud

n Use the information gathered to

consider:
¨ Type
¨ Significance
¨ Likelihood
¨ Pervasiveness

n Presumption is that we will identify one

or more fraud risks 16relating to revenue
16
recognition
Client’
s Response to Fraud
Risks
n How effective is management’ s process for identifying,
assessing, and responding to risks?
n What programs and controls has management
implemented to prevent, deter, and detect fraud?
n What is senior management’ s attitude toward building
a corporate culture with a “
zero tolerance” for unethical
behavior?
n To what extent does the board of directors or audit
committee provide oversight in this area?
17
17
Evaluating the Client’
s
Response to Fraud Risks
n Be certain that controls identified relate
to the specific fraud risk
n Consider whether programs and controls
mitigate or exacerbate identified risks
¨ Specificcontrols
¨ Broader programs
n Evaluate whether the programs and
controls are suitably designed and have
been placed in operation
18
18
Audit Response
n Response required for each identified fraud
risk (or related risks)
n In developing our procedures that respond to
our assessment of inherent and control
risks… .
¨ Do we need to modify the nature, timing, and extent
of our procedures (tests of controls or substantive
tests) in view of the risk(s) of fraud?
¨ Do we need an overall response to the risk(s) of
fraud?
¨ Do we need both of the 19 above?
19
Examples of Responses
n Nature
¨ Additional third-party evidence about key
customers
¨ Observe inventory on unexpected dates
n Timing
¨ Test at or near year end, with a greater focus on
cutoff
n Extent
¨ Perform analytical procedures at a more detailed
level
¨ Expand sample sizes (controls
20 or substantive tests)
20
Mandatory Procedures to Address
the Risk of Management Override

n Procedures designed to address management

override of controls
n Specific procedures required on all audits
¨ Review and test journal entries & other adjustments
¨ Retrospective review of significant estimates for
evidence of management bias
¨ Understand business rationale for significant
unusual transactions
n Performed by a member21
of the engagement
team who has sufficient knowledge/experience21
Journal Entries &
Other Adjustments
n More than just “nonstandard” journal entries
n Understand the financial reporting process (SAS 94)
n Scope of testing based on professional judgment
¨ Assessment of fraud risk
¨ Characteristics of fraudulent entries/adjustments
¨ Effectiveness of controls
¨ Nature of process and available documentation
¨ Nature and complexity of accounts
¨ Entries processed outside the normal course of
22
business 22
Financial Reporting Process

n Understanding helps to identify the type,

number, and size of journal entries and other
adjustments
n Need to determine:
¨ Who can initiate entries to the general ledger
¨ What approvals are required
¨ How journal entries are recorded

23
23
Significant Unusual
Transactions
nConsider underlying business rationale
n“
Unusual” transactions
¨ Outside the ordinary course of business
¨ Appear unusual based on our
understanding
of the business

24
24
Communication Requirements

n Reach an understanding with the audit

committee regarding the nature and
extent of communications
n Evidence that fraud may exist must be
brought to the attention of the
appropriate level of management and/or
the audit committee
25
25
Fraud in Internal Control
Audits
n Sarbanes-Oxley Act (SOA) requires:
¨ External auditors attestation on internal controls
¨ Management to document and evaluate internal
controls and procedures for financial reporting
n Consider results of management’ s
documentation and evaluation of:
¨ Fraud programs and controls
¨ Controls over estimation processes
n Consider effect of control testing and
exceptions
n Consider any disclosures
26 of instances of fraud
by management 26
Thank You

27
27