Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAS No. 99: Consideration of Fraud in a Financial Statement Audit

Published byNeil Norris Modified over 6 years ago

Similar presentations

Presentation on theme: "SAS No. 99: Consideration of Fraud in a Financial Statement Audit"— Presentation transcript:

1 SAS No. 99: Consideration of Fraud in a Financial Statement Audit
Dr. Donald K. McConnell Jr. 12/5/2018

2 Background Auditing Standards Board committed in 1997 to review impact of SAS no. 82 on practice Conclusions: Need to focus not only on auditor’s role in combating fraud, but also roles of management, audit committees, and regulators Focus should be on prevention and deterrence measures, as well as detection of fraud 12/5/2018

3 Result Was Issuance of SAS No. 99
Intended to affect substantial changes in auditor performance, improving likelihood fraud would be detected Does not change auditor’s fundamental fraud detection responsibilities Establishes significant additional audit requirements and enhanced fraud detection guidance 12/5/2018

4 Most Significant Changes from SAS 82
Required planning discussions among audit team members concerning fraud risks broader guidance concerning sufficient professional skepticism Expanded inquiries of management and others to identify fraud risks Added a third fraud condition: attitude/rationalization Broader guidance for assessing fraud risks Expanded revenue recognition fraud risk guidance Procedures to address risk of management override of controls 12/5/2018

5 The Auditor Has a Responsibility to Plan and Perform the Audit to Obtain Reasonable Assurance about Whether the Financial Statements Are Free of Material Misstatement, Whether Caused by Error or Fraud 12/5/2018

6 Description and Characteristics of Fraud
Fraud a broad legal concept Auditor’s focus should be on activities causing financial statements to be materially misstated, not all fraud Key elements in most fraud schemes: Incentives/pressures Opportunities Attitudes/rationalizations [new to SAS 99] Even fundamentally honest persons can rationalize committing fraud under intense pressures! 12/5/2018

7 Description and Characteristics of Fraud (con.)
Intent determines whether activities are fraudulent, or due to error Fraud can occur anywhere and anytime involving anyone, regardless of prior experience with a client Fraud schemes often difficult to detect due to: Concealment Possible collusive activities Falsified documentation 12/5/2018

8 Two Types of Fraudulent Misstatements
Misstatements arising from fraudulent financial reporting [fraud for the entity] Misstatements arising from misappropriation of assets [fraud against the entity] 12/5/2018

9 Professional Skepticism
Existing standards did not provide sufficient guidance for adequate professional skepticism Based on fundamental belief that management generally possesses integrity: Auditors don’t always adequately pursue audit conditions noted Fail to adequately corroborate management representations Auditors must set aside all previous beliefs about management honesty and integrity! 12/5/2018

10 Required Audit Team Discussions
Required interactive audit team “brainstorming” to exchange fraud risk ideas in planning phases Should ordinarily involve key members of the audit team, including engagement partner May involve specialists or IT professionals 12/5/2018

11 What Would Be Discussed?
Discussions should focus on: How and where financial statements might be susceptible to material fraudulent misstatement Ways management might be able to perpetrate and conceal such How assets could be misappropriated Risks of management override of controls Known internal and external factors creating fraud incentives or pressures Continued fraud risk communications throughout the audit 12/5/2018

12 The Overall Process: Consideration of Fraud in a Financial Statement Audit
Obtain information identifying risks of material fraudulent misstatement Assess identified fraud risks after considering entity programs and controls Respond to results of that fraud risk assessment Evaluate whether accumulated evidence adequately addresses those responsibilities 12/5/2018

13 Identifying Risks of Material Fraud:
Obtain a broader range of information as input, not just fraud risk factors from SAS No. 82 (fraud risk factors now in Appx. A) Inquiries of management to identify fraud risks Inquiries of audit committees, internal auditors, and others to identify fraud risks Consider results of planning stage analytical procedures Other information helpful in identifying risks of material fraudulent misstatement 12/5/2018

14 Inquiries of Management
Management’s awareness of fraud perpetrated, alleged, or suspected Management’s awareness of fraud allegations from former or current employees, analysts, or short sellers Management’s understanding about entity fraud risks, general and specific Programs and controls established for prevention, deterrence, and detection Nature and extent of fraud risk monitoring Whether and how ethical values are communicated 12/5/2018

15 Inquiries of Audit Committees, Internal Auditors, and Others
How is fraud oversight exercised? Knowledge of fraud risks Knowledge of actual or suspected fraud Internal auditors: All above, plus Procedures performed during the year to identify or detect fraud Adequacy of management responses 12/5/2018

16 Inquiries of Audit Committees, Internal Auditors, et. al. (con.)
Inquiries to individuals outside of financial reporting areas: To corroborate management responses Information regarding possible management override Evaluation of management’s policies regarding ethical behavior Obtain additional audit evidence if inconsistent responses Premise of inquiries: Individuals more likely to respond to direct questions than to voluntarily disclose information! 12/5/2018

17 Identifying Fraud Risks in Planning Stage Analytical Procedures
Usually involve aggregated data, thus only broadly suggestive of fraud risks SEC finding: 70% of recent AAER’s reveal alleged or actual fraudulent revenue overstatement Ordinarily presume high risk of fraudulent revenue recognition Should therefore perform analytical procedures relating to revenue accounts: Relate sales volume to production in comparison with prior periods (G.P. test) Comparative monthly revenues with sales returns shortly after year end 12/5/2018

18 Other Information Helpful in Identifying Fraud Risks
Audit engagement team discussions Reviewing interim financial statements: Unique opportunities for fraudulent reporting Many frauds initiated during interim periods Auditor scrutiny of interim F.S.’s less than for an annual audit 12/5/2018

19 Assessing Identified Fraud Risks
Has management established programs and controls addressing identified fraud risks? Are such suitably designed and operating effectively? [auditor must test operating effectiveness] Do such mitigate or actually exacerbate identified fraud risks? Auditor must develop an appropriate response to each identified material fraud risk not effectively addressed by entity programs and controls 12/5/2018

20 Responding to Results of Fraud Risk Assessment
Having considered entity fraud programs and controls, the auditor may undertake: A response involving more general considerations apart from specific procedures planned A response to identified risks involving nature timing and extent of auditing procedures A response involving performance of certain procedures to address possible management override Engagement withdrawal, where impracticable to design procedures adequately addressing risk 12/5/2018

21 Overall Responses to Risks of Material Misstatements
Consider assigning forensic or IT specialists, in addition to more experienced personnel Consider whether client accounting principles and policies collectively suggest possible bias Be sure to incorporate forensic elements into all audits, to disrupt predictability: Substantive tests of accounts or assertions not normally tested due to immateriality or low perceived risk Changing timing of testing Using different sampling methods Procedures at unexpected locations, or On unannounced basis 12/5/2018

22 Responses Involving Nature, Timing, and Extent of Procedures
Obtain more reliable evidence Additional corroborative evidence from external sources [public record information] about key customers, vendors, transaction counter-parties Consider using computer assisted audit techniques [CAATS] to gather more extensive evidence 12/5/2018

23 Responses Involving Nature, Timing, and Extent of Procedures
Fraud risks might preclude projecting interim assessment conclusions to year end Thus, substantive testing would need to be done at or near year end Extent: Consider increasing sample sizes Consider performing analytical procedures using disaggregated date [e.g. monthly vs. annual data] 12/5/2018

24 If Potential Improper Revenue Recognition Schemes Raise Risks
Perform analytics relating to revenue using disaggregated data Confirm with customers absence of “side agreements,” e.g.: Acceptance/delivery terms Continuing vendor obligations Rights of return by customers Cancellation provisions Inquiry of sales personnel or in house counsel of unusual terms or conditions relating to year end sales or shipments 12/5/2018

25 Where Revenue Recognition Schemes Raise Risks (con.)
Auditor presence at year end to observe shipments or returns awaiting processing Perform appropriate sales and inventory cut-off tests Test IT processed revenue transactions for assurance: Transactions occurred Properly recorded Consider CAATS to identify unusual or unexpected revenue issues 12/5/2018

26 Where Inventory Fraud Risks Exist
Examine inventory records to identify locations requiring attention Observe counts on unannounced basis and concurrently Rigorously examine boxed contents, manner in which inventories stacked, liquids quality Obtain copies of tags or count sheets to minimize alteration risk or inappropriate compilation Compare quantities to prior periods by category or location Consider CAATS to test for omissions or duplication 12/5/2018

27 Responses to Risks of Management Override
Management uniquely positioned to perpetrate fraud Management can direct or solicit employee help to manipulate Management override can occur in unpredictable ways, even when controls appear effective Auditors REQUIRED to perform substantive tests for override risks: Standard and non-standard J.E.’s Review estimates for possible bias Evaluate business rationale of unusual transactions 12/5/2018

28 How Can F.S.’s be Misstated Through Improper J.E.’s?
Inappropriate of unauthorized J.E.’s during or near period end Adjustments to F.S.’s not reflected in formal J.E.’s, e.g. Consolidating adjustments Report combinations Reclassifications Entries to unrelated, unusual, or seldom used accounts Made by persons who do not typically prepare J.E.’s 12/5/2018

29 Common Characteristics of Improper Journal Entries
Often made by persons who do not typically prepare J.E.’s Often occur at period end Often contain round numbers or consistent ending numbers Often involve accounts: Complex or unusual in nature Significant estimates Prone to errors in the past Containing unreconciled differences for intercompany transactions 12/5/2018

30 What Must Auditor Do? Obtain understanding of IC’s over J.E.’s and other adjustments: Type, number, and usual monetary amounts of J.E.’s Who can initiate What approvals are required How recorded Determine whether J.E. controls suitably designed and placed in operation Select J.E.’s and other adjustments for testing 12/5/2018

31 Considerations in Nature, Timing, and Extent of J.E. Testing
Identified fraud risks can suggest which J.E.’s to test Inspect general ledger to identify J.E.’s for testing and examination of support CAATS may be needed to identify J.E.’s for testing Realize that non-standard J.E.’s might not be subject to entity IC’s: Business combination entries Asset impairment entries Consolidating, report combinations, reclassifications Consider need to test interim J.E.’s, as many fraud initiated at interim 12/5/2018

32 Management Override Risk: Reviewing Estimates for Bias
F.S. fraud often arises when mgmt manipulates estimates! Consider whether audit determinations and estimates suggest possible bias, even if individually reasonable If so, consider such estimates in the aggregate Perform retrospective review of prior estimates for indication of bias in current estimates However, such not intended to question prior professional judgments 12/5/2018

33 Evaluating Business Rationale for Unusual Transactions
Might indicate transactions consummated for fraudulent purposes Are transactions overly complex? Has mgmt place more emphasis on accounting treatment need rather than underlying economics? Are unconsolidated related parties or SPE’s involved? Is board or audit comm. aware? Are transactions with parties without substance or financial ability to support transactions without entity help? 12/5/2018

34 Evaluating Audit Evidence
Auditor assessment of fraud risks an on-going process during audit Conditions identified (see examples in Appx. B of SAS 99) might change or support initial fraud risk assessment Auditor must perform analytical procedures relating to revenue recognition through end of reporting period 12/5/2018

35 Evaluating Audit Evidence (con.)
In performing analytics, the auditor should be particularly wary of: Uncharacteristically large amounts of income reported toward the end of the reporting period Income inconsistent with trends and cash flow from operations 12/5/2018

36 Evaluating Audit Evidence (con.)
Fraudulent activities might cause unexpected analytical relationships (perpetrators often unable to manipulate related variables), e.g.: Net income inconsistent with cash flows from operations, as management unable to manipulate cash flows Profitability or bad debt write-offs not comparable to industry data Management reported sales volume inconsistent with production statistics maintained by operating personnel 12/5/2018

37 Evaluating Audit Evidence (con.)
At end of fieldwork, auditor must qualitatively evaluate if accumulated evidence and observations affect earlier fraud risk assessment Insights might suggest need to perform additional or different audit tests 12/5/2018

38 Responding to Identified Misstatements Possibly Caused by Fraud
Audit tests might reveal misstatements that may have resulted from fraud [You heard the gunshot] Effects, if due to fraud, might be: Immaterial Material 12/5/2018

39 If Effects Likely Would Be Immaterial, And Committed by
Non-management employees: Simply refer to next higher level of management No need for auditor investigation Would not ordinarily be significant in assessing fraud risk Higher level management: Re-evaluate initial fraud risk assessment Raises pervasive questions about management integrity Auditor must assess impact of such on nature, timing, and extent of testing Does this effect control risk assessment , where CR assessed less than maximum? 12/5/2018

40 If Effects Likely Would Be Material, or Unable to Evaluate Materiality
Must investigate whether material fraud has occurred, or may have occurred Discuss investigative approach with senior management and audit committee If senior management involved, address directly with audit committee Auditor withdrawal possible if: Management integrity implications Poor client diligence and cooperation in taking meaningful action 12/5/2018

41 Where Investigation Reveals Evidence of Fraud
Bring to attention of appropriate management levels, even for minor embezzlements Reach understanding with audit committee concerning communication of lower-level employee misappropriations Report directly to audit committee: Fraud causing material misstatement of financial statements Fraud involving senior management 12/5/2018

42 Disclosure of Material Fraud to Outsiders
Auditor ordinarily precluded ethically from disclosing confidentially obtained information Confidentiality requirement waived: SEC Form 8-K requirements Compliance with Private Securities Litigation Reform Act of 1995 Communications between predecessor and successor auditors (Au 315) Responding to validly issued subpoena Funding or other agency requirements 12/5/2018

43 What is Auditor Required to Document?
Audit team planning discussions: Who participated Matters discussed How and when discussions occurred Procedures performed to identify and assess fraud risks Fraud risks identified, and description of auditor’s response Justification, if revenue recognition fraud risks were not considered significant 12/5/2018

44 What is Auditor Required to Document?
Results of procedures performed to address risk of management override of controls Conditions or analytics causing auditor to believe additional procedures or responses were required, and appropriate responses Nature of communications concerning fraud made to management or audit committee 12/5/2018

Download ppt "SAS No. 99: Consideration of Fraud in a Financial Statement Audit"

Similar presentations

Chapter 4 Risk Assessment McGraw-Hill/Irwin

Chapter 4 Risk Assessment McGraw-Hill/Irwin
SAS 99 – Consideration of Fraud in a Financial Statement Audit

SAS 99 – Consideration of Fraud in a Financial Statement Audit
© 2003 by the AICPA SAS 99: Consideration of Fraud in a Financial Statement Audit.

© 2003 by the AICPA SAS 99: Consideration of Fraud in a Financial Statement Audit.
Obtaining Clients Submit a proposal

Obtaining Clients Submit a proposal
Profession Under Pressure

Profession Under Pressure
Fraud Auditing Chapter 11.

Fraud Auditing Chapter 11.
Fraud Auditing Chapter 11 By arens et.al.,.

Fraud Auditing Chapter 11 By arens et.al.,.
1 Fraud Management’s Responsibility Auditor’s Consideration.

1 Fraud Management’s Responsibility Auditor’s Consideration.
McGraw-Hill/Irwin ©2007 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 3 Management Fraud and Audit Risk It takes 20 years to build a.

McGraw-Hill/Irwin ©2007 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 3 Management Fraud and Audit Risk "It takes 20 years to build a.
Planning the Audit; Linking Audit Procedures to Risk

Planning the Audit; Linking Audit Procedures to Risk
Review of Introduction to Auditing

Review of Introduction to Auditing
SAS 99: Consideration of Fraud in a Financial Statement Audit Based upon AICPA 2003 overview available at

SAS 99: Consideration of Fraud in a Financial Statement Audit Based upon AICPA 2003 overview available at
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Lecture 8 Understanding entity and its environment

Lecture 8 Understanding entity and its environment
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 11 - 1 Fraud Auditing Chapter 11.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Fraud Auditing Chapter 11.
Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session 1.8 1 Internal Control and Risk Assessment.

Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session Internal Control and Risk Assessment.
Auditing & Assurance Services, 6e

Auditing & Assurance Services, 6e
Risk Assessment and Materiality

Risk Assessment and Materiality
Chapter 4 Risk Assessment.

Chapter 4 Risk Assessment.
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting

Similar presentations

Ads by Google