Documente Academic
Documente Profesional
Documente Cultură
* Source – BankruptcyData.com
Five of the Ten Largest U.S. Bankruptcies since 1980 had significant
financial and reporting frauds
Define Fraud
Intentional concealment or
misrepresentation of material facts in
order to deceive
Differentiated from errors by the intent to
deceive
Traditionally defined into broad
categories:
Defalcations (misappropriate of assets)
Fraudulent financial reporting
What is defalcation?
Employee takes assets from the organization for
personal gain
Examples: theft, embezzlement
ACFE divides into frauds due to
Corruption
Fraudsters use their influence in a transaction to gain
personal benefit
Examples: kickbacks, conflict of interest, bribery, economic
extortion
Asset misappropriation
Theft or misuse of organization's assets
Common schemes: skimming revenues, cash schemes,
fraudulent disbursement, inventory theft, payroll fraud
Defalcation may create misleading financial statements
if stolen assets are reported on the statements
Define Fraudulent Financial
Reporting
Intentional manipulation of financial statements
Typically committed by management
Has opportunity to override internal controls
Often evaluated and compensated based on financial results
Usually involves:
Manipulation, falsification, or alteration of accounting
records or supporting documents
Misrepresentation or omission of events, transactions, or
significant information
Intentional misapplication of accounting principles
The most common types are
Overstate assets and understate expenses
Overstate revenues and assets
Understate liabilities
Review Lessons Learned From
Fraud Cases
Auditors take risk whenever they do not audit the
entire company
Auditors need to look at economic assumptions
underlying a company’s growth
Auditors need to assess risk factors and when the
risk of fraud is high, they must demand stronger
evidence
Computer errors should be viewed as a risk factor
Dominant clients can be a problem
Auditors need to know what motivates management
Auditors should not assume all people are honest
When fraud risk indicators are discovered, they must
be thoroughly investigated
Discuss the Second COSO
Report
Report of the Committee of Sponsoring
Organizations of the Treadway Commission
(COSO) identified major characteristics of
companies that had perpetrated fraud:
Involved smaller companies - under $200
million in revenues
Board of directors dominated by
management
Audit committees non-existent or inactive
Overstated revenues and corresponding
assets in over half the frauds
Most revenue frauds involved premature
recognition or fictitious revenues
Discuss the Second COSO
Report (Continued)
No internal audit department
Perpetrated over relatively long-terms
(average period 2 years)
Companies were in loss situations or near
break-even prior to the fraud
CEO and /or CFO involved in 83% of the
cases
Auditors realized there are signs that fraud
might be taking place and that auditors
would have to identify and investigate these
signs
Review Auditing Standards on
Fraud
SAS 99, "Fraud Detection in a Financial
Statement Audit" issued in 2002
Requires auditors to search for risk factors
related to fraud
If these risk factors are present, auditor
needs to modify audit to
Actively search for fraud
Require more substantive audit evidence
In some cases, assign forensic (fraud) auditors to
the engagement
Emphasizes the need for professional
skepticism
Review a Proactive Approach to
Fraud Detection - Planning the Audit
The audit must be planned to detect material
misstatements - whether the misstatements are due
to errors or fraud
The auditor must
Understand the business
Understand how changes in the economy might
affect the business
Understand management's motivations for
committing a fraud
Identify opportunities for other employees to commit
defalcation
Analyze changes in company's financial results for
reasonableness
Identify areas that might suggest fraud
Discuss Proactive Approach to Fraud
Detection - Conducting the Audit
Overview of the process to integrate fraud risk
assessment and fraud procedures into the audit
includes ten major steps:
Understand the nature of fraud, motivations to
commit fraud, and how fraud may be committed
Develop and implement an approach based on
professional skepticism
Brainstorm and share knowledge within the audit
team
Obtain information useful in identifying and
assessing fraud risk
Identify specific fraud risks and areas likely to be
affected by fraud
Discuss Proactive Approach to Fraud
Detection - Conducting the Audit
Evaluate the quality and effectiveness of
company controls in mitigating the risk of
fraud
Adjust audit procedures to address the risk
of fraud and gather evidence specifically
related to the possibility of fraud
Evaluate findings; if evidence signals fraud
might exist, consider whether specialists are
needed for the audit team
Communicate possibility of fraud to
management and audit committee
Document all steps related to fraud
What are the motivations to
commit fraud?
Research consistently shows three
factors associated with fraud
These factors are referred to as the fraud
triangle
Incentives or pressures to commit
fraud
Opportunities to commit fraud
Rationalization of the fraud as
acceptable
Review Motivations to Commit
Fraud – Incentives or Pressures
The pressures to commit fraud include:
Management compensation schemes
Personal wealth ties to financial results
or survival of the company
Other financial pressures to improve
earnings or the balance sheet
Example: to avoid violating debt covenant
Personal factors, including personal
financial needs
Discuss Motivations to Commit
Fraud – Opportunities
Warning signs indicating opportunities for fraud:
Weak or non-existent internal controls (no segregation of
duties)
Complex or unstable organizational structure
Ineffective monitoring of management, either because board of
directors is not effective, or management is dominant
Significant accounting estimates made by management
Significant related party transactions
Industry dominance, including ability to dictate terms to
suppliers or customers
Simple transactions made complex through disjointed
recording process
Complex or difficult to understand transactions
Management controlled by small number of individuals or a
single member of management/owner
Comment on Motivations to
Commit Fraud – Rationalizations
The nature of fraud rationalization often differs
depending on the type of fraud
For defalcations, rationalizations often revolve around
personal issues:
Personal financial problems
Mistreatment by the company
Sense of entitlement
Everyone does it
For fraudulent financial reporting, the rationalizations
may involve personal or organizational issues:
Compensation based on financial results (personal)
Ego (personal)
Necessary for organization to survive
What is the purpose of audit
team brainstorming?
SAS 99 requires members of the audit team to discuss the risk
of material misstatement due to fraud
This brainstorming is designed to:
Allow experienced auditors to educate less experienced
auditors
Set the proper level of professional skepticism for the audit
Topics covered during the brainstorming should include:
Consider how fraud can be perpetrated and concealed
Presume fraud in revenue recognition
Consider incentives, opportunities, and rationalization for
fraud
Consider industry conditions
Consider operating characteristics and financial stability
Audit Procedures
When there is a possibility of fraud, the auditor should
consider that evidence might not be what it seems
SAS 99 suggests the auditor consider the following:
Greater susceptibility of evidence manipulation
Greater skepticism of management responses
Journal entries are important
New technology provides new ways to commit fraud
Recognition that collusion may be likely
Predictability of audit procedures
Analytical procedures should tie to operational or
industry data
Obtaining Information about
Fraud Risk
The auditor should specify procedures that
could signal the possibility of fraud including
Making inquires of management and others
to obtain their views about the risk and fraud
and controls set up to address those risks
Perform analytical procedures and consider
any unusual relationships
Review risk factors identified earlier
(pressure, opportunity, rationalization)
Review management responses to
recommendations for control improvements
and internal audit reports
What are some analytical
indicators of fraud risk?
Some of the key analytical factors the auditor should
develop include:
Large revenue increase at the end of the period
Sales increasing faster than industry sales which
don't seem justified
Unusually large increase in gross margin
Large number of sales returns after year-end
Increase in number of day's sales in receivables
Increase in number of day's sales in inventory
Significant increase in debt/equity ratio
Cash flow or liquidity problems
Significant changes in non-financial performance
measures
Identifying Risks of Fraud
The auditor should examine each of the fraud risk
conditions - pressure, opportunity, rationalization
During this examination, the auditor should consider
The type of fraud that might occur
The potential significance of the fraud in both
quantitative and qualitative terms
The likelihood of fraud occurring
The pervasiveness of the risk that fraud might occur
SAS 99 requires the auditor presume there are risks
with revenue recognition and management override
of internal controls
Relate Internal Control and Fraud
Risk
Internal control weaknesses are a strong indicator of
fraud risk
The auditor will examine a variety of control areas
including:
Corporate governance
Management control and influence
Audit committee
Corporate culture
Internal auditing
Monitoring controls
Whistle blowing
Codes of ethics
Related party transactions
Developing a Revised Audit Plan
Auditor should develop hypotheses about how fraud
could be committed and concealed
The audit team should then develop and implement
audit procedures that are directly responsive to the
fraud risks
Depending on the hypothesized fraud risks the auditor
may change the
Audit procedures in order to gather additional
corroborative and/or direct evidence
Timing of audit procedures
Staffing of the engagement to include more
experience auditors or specialists
Developing a Revised Audit Plan
(Continued)
Extent of audit procedures; examples include:
Performing procedures on a surprise or
unannounced basis
Requiring inventories be counted and observed at
year-end (instead of at an interim date)
Making oral inquiries of major customers and
suppliers
Performing analytics using disaggregated data
Examining details of major sales contracts
Examining financial viability of customers
Examining, in detail, reciprocal or similar
transactions between two entities
Detailed examination of journal entries,
particularly those at year-end
Discuss Evaluating Audit
Evidence
The auditor's skepticism should be
heightened whenever
There are discrepancies in the
accounting records
The auditor finds conflicting or missing
evidential matter
The relationship with management is
strained
There are significant or unusual
transactions around year-end
Review Communicating the
Existence of Fraud
Fraud should be communicated to a level at
which effective action can be taken
The auditor must communicate the existence
of fraud to management, the Board (or its
equivalent), and the audit committee
If fraud involves top management, the
auditor must assess the actions taken by the
Board
If sufficient actions are not taken, the auditor
must consider the control environment and
the possible need to resign the engagement
Review Communicating the
Existence of Fraud
The auditor must determine that the financial
statements have been corrected and the
fraud adequately disclosed
If the statements are not corrected, the
auditor should issue a qualified or adverse
opinion
In some cases, the auditor may be required to
report the fraud to outside parties, such as to
meet regulatory requirements
For public companies, material fraud reflects a
weakness in internal controls and may need
be reported
Comment on Audit
Documentation
The audit team should document the full extent
of the process described
That documentation should include:
Discussion among audit team members
including the assessment of fraud risk and
how such frauds might take place
Discussion of the factors that affected the
risk assessment
Audit procedures performed
Need for corroborating evidence
Evaluation of audit evidence and
communication to required parties
Discuss Characteristics of
Financial Reporting Frauds
Historically, there are patterns in financial reporting frauds:
Complex revenue recognition schemes
Incorrect billings to the government
Holding the books open (accelerated revenue
recognition)
Capitalizing expenses
The implications for audit procedures is clear:
The auditor must understand complex transactions to
determine their economic substance
The auditor cannot be pressured to complete the audit
early; there must be sufficient time to examine year-end
transactions
The auditor must use necessary procedures to gather
sufficient reliable evidence including
What are the characteristics of
defalcations?
ACFE reports 90% of defalcations involve thefts of
cash; remaining 10% were thefts of inventory and
other assets
Cash misappropriation schemes include:
Larceny: stealing cash after it has been recorded on
the books
Skimming: stealing cash before it is recorded on the
books
Fraudulent disbursements
Most common: 70% of defalcation schemes
Billing: set up false vendors and pay for fictitious goods
Payroll: add fictitious employees to payroll
Expense reimbursement: submit overstated reimbursement
requests
Check tampering: alter check, e.g. change payee or amount
Audit Procedures & Evidence
Considerations
The procedures used by the auditor should reflect the internal
control weaknesses and fraud risk indicators found with the
client
Linking Audit Procedures to Control Deficiencies
Audit procedures used are based on specific control
deficiencies
Linkage process from control deficiencies to audit procedures:
What errors or fraud could occur because of the control
deficiencies
What account balances would be affected and how
What audit procedures would provide evidence on whether the
account balance is misstated
Do the audit procedures provide objective evidence independent
of the parties who have access to the assets
Examples listed in Exhibit 8.11
Review Linking Audit Procedures to
Fraud Risk Indicators
As with control deficiencies, audit procedures will
depend on the fraud risk indicators and auditor's
preliminary analytical review of account balances
Existence of fraud risk indicators should cause the
auditor to
Expand audit testing to more detailed sampling
Review all major sales and other transactions
Place more emphasis on independent outside
evidence
Perform more procedures at year-end (instead of
interim testing)
Examples listed in Exhibits 8.12 and 8.13
Discuss Using Computers to
Analyze the Possibility of Fraud
Audit software can read a file and perform a number of
procedures to analyze the possibility of fraud:
Test mechanical accuracy: footing, mathematical
extensions, and logical relationships
Statistical selection
Search for duplicate entries
Analyze unusual patterns in data
Analysis of logical relationships among data sets
Identify unusual sources of entries to an account
Search for missing data
Responsibilities for Detecting
and Reporting Illegal Acts
Illegal acts are violations of laws or
governmental regulations...by management
or employees acting on behalf of the entity
(AU 317.02)
Illegal acts often have a direct impact on
financial statements
Audit must be designed to identify illegal acts
that have a direct, material effect on the
financial statements; audit procedures
include:
Reading corporate minutes
Inquiries of management and legal counsel
Responsibilities for Detecting and
Reporting Illegal Acts (continued)
Tests of details to support transactions or account
balances
Large payments to consultants or employees for
unspecified services
Excessively large sales commissions
Unexplained governmental payments
Unauthorized or unnecessarily complex transactions
If illegal acts are discovered, the auditor should
Consult with the client's legal counsel
Report the acts to management and the audit
committee
Make the financial statements present fairly
including proper disclosure
Define Forensic Accounting
Forensic accounting is an extension of auditing, but
with a number of differences:
Detailed investigation where fraud has been
identified or is suspected
Focuses on identifying perpetrators and getting a
confession
Builds support for legal action against the
perpetrator
May provide litigation support such as expert
testimony
Extensive use of interviews
100% examination of fraud-related documents
Reconstruction of account balances
Broader scope than auditing