FRAUD RISK ASSESSMENT Implementing SAS No 99 and

FRAUD RISK ASSESSMENT Implementing SAS No. 99 and Related Guidance 1

Major Provisions of SAS No. 99 l l l Auditor responsibility for fraud detection unchanged. Increased focus on professional skepticism. Additional information gathered to identify fraud risks. Focus on fraud risks and responses. Responses to identified fraud risks: – Overall responses. – Specific responses. – Management override of controls. 2

An Introduction to Fraud l What is fraud? – An intentional act that results in material misstatement of the financial statements. l Who commits fraud? – Usually older than other criminals. – Often married with stable family situations. – Above average education. l Types of misstatements caused by fraud: – Misstatements resulting from fraudulent financial reporting. – Misstatements resulting from misappropriation of assets. 3

Fraudulent Financial Reporting l Stages: – Misstatement. – Concealment. l Financial statements misstated as a result of: – Misapplication of GAAP involving measurement and resulting in misstatement of amounts. – Omission or misrepresentation about transactions or events. – Recording fictitious transactions. – Recording sham transactions. 4

Misappropriation of Assets l Stages: – Misstatement. – Concealment. – Conversion. l Opportunity to commit and conceal exist only when: – Assets are susceptible to misappropriation. – There is a lack of antifraud programs and controls to prevent or detect it. 5

Other Fraud Considerations l Off-the-books versus on-the-books fraud. – Off-the-books schemes, such as kickbacks or skimming cash sales, do not involve a documentary trail or manipulation of the company’s books. – On-the-books schemes may relate to either misappropriation of assets or fraudulent financial reporting. l Information technology and fraud. – Automated systems are used to generate false documents or manipulate accounting records to affect or conceal the fraud. 6

Other Fraud Considerations (cont. ) l Fraud conditions: – Incentives/pressures to commit fraud. – Opportunities to commit fraud. – Attitudes/rationalizations. l Other characteristics of fraud: – – Management override of controls. Concealment. Collusion. Falsifying documents or records. 7

Responsibility for Fraud Detection l Auditor’s responsibility for fraud detection. – To obtain reasonable assurance that the financial statements are free of material misstatement, whether caused by error or fraud. l Management’s responsibility for fraud detection. – Management is responsible for designing and implementing company programs and controls to prevent, deter, and detect fraud. l Immaterial misstatements caused by fraud. – The expectation gap. l Exercising professional skepticism. 8

SAS No. 99 Fraud Risk Assessment Process l l l Hold a discussion among engagement team members to consider the susceptibility of the client’s financial statements to material misstatement due to fraud. Obtain other information needed to identify risks of material misstatement due to fraud. Identify risks that may result in material misstatement of the financial statements due to fraud. Assess the identified risks after taking into account the company’s antifraud programs and internal controls. Respond to the results of the risk assessment. 9

Other Considerations l Implementing SAS No. 99: ─ ─ ─ l Form an implementation team. Provide training to audit staff. Plan when to implement. Form a best practices team. Make client presentations. Other SAS No. 99 requirements: ─ ─ Evaluate audit evidence. Make certain communications. 10

Fraud Risk Factors l What are fraud risk factors? l l l Incentives/pressures. Opportunities. Attitudes/rationalizations. 11

Incentives/Pressures l Fraudulent financial reporting: ─ ─ l Adverse economic, industry, or operating conditions. Pressures to meet third-party expectations. Conditions that threaten management’s personal net worth. Pressures to meet financial targets set by management. Misappropriation of assets: ─ ─ Personal financial obligations that create pressure on individuals with access to assets. Adverse relationship between company and employees with access to assets. 12

Opportunities l Fraudulent financial reporting: ─ ─ ─ l Nature of industry or operations. Complex or unstable organizational structure. Internal control deficiencies. Misappropriation of assets: ─ ─ Assets susceptible to theft. Internal control deficiencies. 13

Selection and Application of Accounting Principles Create Opportunity to Commit Fraud l Characteristics of accounting principles: – – l l Representational faithfulness. Verifiability. Neutrality. Consistency. Identify significant accounting policies. Consider client selection and application of accounting principles. 14

Attitudes/Rationalizations l Common rationalizations for both types of fraud: ─ ─ ─ I am only borrowing the money. Nobody will get hurt. The company treats me unfairly. It’s for a good purpose. It’s only temporary. Employees are depending on us to protect their jobs. 15

Incorporating an Element of Unpredictability l l l Alter the timing of tests. Change the sampling methods. Perform procedures at different locations or on an unannounced basis. Perform a different combination of analytical procedures and substantive tests of details. Test account balances and assertions otherwise considered immaterial or low risk. 16

Communications Related to Fraud l Communications about possible fraud. – Communicate with appropriate level of management. – Ordinarily precluded from reporting to outside parties. – Required to document the nature of any communications about fraud. l Communications of reportable conditions. – SAS No. 60 communications. – Communications may be oral or written. 17

Communications Related to Fraud (cont. ) l Management representations. – Management’s acknowledgement of its responsibility for the design and implementation of programs and controls to prevent and detect fraud. – Management’s acknowledgement that they have no knowledge of fraud or suspected fraud affecting the entity. – Whether management has any knowledge of any allegations of fraud or suspected fraud affecting the entity received in communications. 18

What Are Antifraud Programs and Controls? l l l Policies and procedures put in place to help ensure that management directives are carried out. Fraud deterrence. Fraud detection. Core values. Creating a system of antifraud program and control activities. 19

Creating an Ethical Company Culture l l l Setting the tone at the top. Establishing a code of conduct. Creating a positive workplace environment. Hiring and promoting ethical employees. Providing ethics training. Disciplining and prosecuting violators. 20

Implementing Antifraud Controls l l Identifying and assessing fraud risks. Implementing controls to mitigate fraud risks. General controls. Specific internal controls. 21

Developing an Effective Oversight Process l l Management. Audit Committee or Board of Directors. Internal audit. External auditors. 22