This page covers fraud auditing including fraurd triangle, auditor’s responsibility for fraud and errors, assessing and documentation risk of fraud.
Assessing and Documenting Risk of Fraud
Corporate Governance and Other Factors that Reduce Fraud Risk
Responses to Identified Fraud Risk
Fraud Risk Area Sales and Accounts Receivable
Specific Fraud Risk Area Inventory Accounts Payable, Payroll, Fixed Assets
Fraud Discovery Auditor's Role Interviewing Techniques
The audit standards define fraud as ‘an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.’ Many aspects of being an auditor require a close look-out for fraud. Professional scepticism requires that the auditor be alert to conditions which may indicate possible misstatement due to fraud. The auditor employs risk assessment procedures to uncover material misstatement, whether due to fraud or error, at the financial statement and assertion levels. And, of course, one must be mindful of fraud when giving an opinion. As the basis for the auditor’s opinion, ISAs require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud (or error).
The Audit Standard on fraud, ISA 240 ‘The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements’, deals with the auditor’s responsibilities relating to fraud. Specifically, it expands on how risk assessment and response are to be applied in relation to risks of material misstatement due to fraud.
An auditor conducting an audit in accordance with ISAs is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. Because of the inherent limitations of an audit, material misstatements of the financial statements may not be detected. As described in ISA 200 the potential effects of inherent limitations are particularly significant if misstatement results from fraud. The risk of not detecting fraud is higher than the risk of not detecting error because fraud may involve sophisticated and carefully organised schemes designed to conceal it (such as forgery, deliberate failure to record transactions). Concealment of fraud as a result of collusion may be even more difficult to detect. Collusion may cause the auditor to believe that audit evidence is persuasive when it is, in fact, false. Furthermore, because management is frequently in a position to manipulate accounting records or override controls, the risk of the auditor not detecting management fraud is greater than for employee fraud.
With regards to fraud, the objectives of the auditor are:
■ toidentifyandassesstherisksofmaterialmisstatementofthefinancialstatementsdue to fraud;
■ to obtain sufficient appropriate audit evidence regarding the assessed risks of mate- rial misstatement due to fraud, through designing and implementing appropriate responses; and
■ to respond appropriately to fraud or suspected fraud identified during the audit.
In this book we have noted several times how misstatements in the financial statements can arise from either fraud or error. The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement is intentional or unintentional. Error is unintentional whereas fraud is intentional.
Fraudulent Financial reporting and Misappropriation of assets.
Two types of intentional misstatements are relevant to the auditor: misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets.
Fraudulent financial reporting involves intentional misstatements including omissions of amounts or disclosures in financial statements to deceive financial statement users. Fraudulent financial reporting may be accomplished by the following:
■ Manipulation, falsification (including forgery), or alteration of accounting records (e.g. recording fictitious journal entries, particularly close to the end of an accounting period) or the supporting documentation from which the financial statements are prepared.
■ Misrepresentation in, or intentional omission from,the financial statements of events, transactions or other significant information (e.g. engaging in complex transactions that are structured to misrepresent the financial position or financial performance of the entity). ■ Intentional misapplication of accounting principles relating to amounts,classification, manner of presentation or disclosure, such as inappropriately adjusting assumptions and changing judgement used to estimate account balances.
Fraudulent financial reporting can be caused by management’s effort to manage earnings in order to deceive financial statement users as to the company’s performance and profit- ability. Such earnings management may start with small actions such as inappropriate adjustment of assumptions or changes in judgement by management. Pressures to meet market expectations and the desire to maximize executive compensation may cause these actions to increase until they result in fraudulent financial reporting. On the other hand, management of some other entities may be motivated to reduce earnings by a material amount to minimize tax or to inflate earnings to secure bank financing.
Misappropriation of assets involves the theft of an entity’s assets and is often perpetrated by employees in relatively small and immaterial amounts. However, it can also involve management who are usually more able to disguise or conceal misappropriations in ways that are difficult to detect. Misappropriation of assets is often accompanied by false or misleading records or documents in order to conceal the fact that the assets are missing or have been pledged without proper authorization.
Misappropriation of assets can be accomplished in a variety of ways including:
■ Embezzling receipts(for example,misappropriating collections on accounts receivable or diverting receipts in respect of written-off accounts to personal bank accounts).
■ Stealing physical assets or intellectual property (for example, stealing inventory for personal use or for sale, stealing scrap for resale, colluding with a competitor by disclosing technological data in return for payment). ■ Causing an entity to pay for goods and services not received (for example, payments to fictitious vendors, kickbacks paid by vendors to the entity’s purchasing agents in return for inflating prices, payments to fictitious employees).
■ Using an entity’s assets for personal use (for example, using the entity’s assets as collateral for a personal loan or a loan to a related party).
Fraud triangle To understand the risk of fraud, auditors often refer to the ‘Fraud Triangle’, first identified by sociologist Donald Cressey Fraud involves incentive or pressure to commit fraud, a perceived opportunity to do so and some rationalization of the act. These three ‘points’ of the Fraud Triangle are factors which are present for fraud
■ Incentive/pressure. Pressure, such as a financial need, is the ‘motive’ for committing the fraud. Individuals may be under pressure to misappropriate assets because of a gambling problem or because the individuals are living beyond their means. Fraudulent financial reporting may be committed because management is under pressure, from sources outside or inside the entity, to achieve an expected (and perhaps unrealistic)earnings target – particularly since the consequences to management for failing to meet financial goals can be significant.
■ Opportunity. The person committing the fraud sees an internal control weakness and believes internal control can be overridden, for example, because the individual is in a position of trust or has knowledge of specific weaknesses in internal control. The individual, believing no one will notice if funds are taken, begins the fraud with a small amount of money. If no one notices, the amount will usually grow larger.
■ Rationalization. The person committing the fraud frequently rationalizes the fraud. Rationalizations may include, ‘I’ll pay the money back’, ‘They will never miss the funds’ or ‘They don’t pay me enough’.
procedures to Consider regarding Fraud
When considering fraud during an audit, the auditor should be mindful of the need for professional skepticism, discuss the possibility of fraud with the engagement team, perform certain risk assessment procedures, identify the risks of material misstatement due to fraud, respond to those assessed risks and evaluate the audit evidence gathered. We have discussed professional skepticism. The auditor must maintain professional skepticism throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor’s past experience of the honesty and integrity of the entity’s management and those charged with governance. If the auditor believes that a document may not be authentic or that terms in a document have been modified but not disclosed or where responses to inquiries of management are inconsistent, the auditor shall investigate the inconsistencies.