Auditors' Responsibility for Fraud Detection.
AUDITING/FRAUD
SAS no. 99 introduces a new era in auditors' requirements.
Auditors' Responsibility for
Fraud Detection
Adapted from Fmud Detection in a GAAS Audit—SAS No. 99 Implementation Guide
by Michael l ^
uditors will enter a much expanded arena of procedures to detect fraud
as they implement SAS no. 99. The new standard aims to have the auditor's consideration of fraud seamlessly blended into the audit process and
continually updated until the audit's com.pletion. SAS no. 99 describes a
process in which the auditor (1) gathers intormation needed to identify risks of material misstatement due to fraud,
(2) assesses these risks after taking into account an evaluation of the entity's programs and controls and (3) responds
to the results. Under SAS no, 99, you will gather and consider much more information to assess fraud risks than you
have in the past. (For the text of the new standard, see Official Releases, page 105.)
gagements, particularly during audit planning and the evaluation of audit evidence.
NEW REQUIREMENT: DISCUSSION AMONG ENGAGEMENT
PERSONNEL
SAS no. 99 requires the audit team to discuss the potential
for a material misstatement in the fmancial statements due
to traud hefore and during the intormation-gathering
process. This required "hrainstorming" is a new concept in
PROFESSIONAL SKEPTICISM
auditing literature, and early in the adoption process firms
SAS no. 99 reminds auditors they need to overcome some will need to decide how best to implement this requirement in practice. Keep in mind that
natural tendencies—such as overrebrainstorming is a required procedure
liance on client representations—
and biases and approach the audit
and should be applied with the same
The Fraud Triangle
with a skeptical attitude and quesdegree of due care as any other auThree conditions are present when fraud occurs.
tioning mind. Also essential: The
dit procedure.
auditor must set aside past relationThere are two primary objectives
ships and not assume that all clients
of the brainstorming session. The
are honest. The new standard profirst is strategic in nature, so the enIncentive/Pressure
vides suggestions on how auditors
gagement team will have a good
Management or other employees may have
can learn how to adopt a more critiunderstanding of information that
an incentive or be under pressure, which
seasoned team members have about
cal, skeptical mind-set on their enprovides a motivation to commit fraud.
Rationalization/Attitude
Circumstances exist—for example, the absence of controls,
ineffective controls, or the ability of management to override
controis—that provide an opportunity for fraud to be perpetrated.
\
I Those involved in a fraud are able to rationalize a fraudulent act as being consistent with
their personal code of ethics. Some individuals possess an attitude, character or set of I
ethical values that allows them to knowingly and intentionally commit a dishonest a c t , /
^
28
lOUIiNAL .)/" A C C O U N T A N C : Y
2 (.H) 3
AUDITING/FRAUD
hour. After that, the energy begins to
their experiences with the client and
The new fraud standard, Statement
fade and the law of diminishing rehow a fraud might be perpetrated
on Auditing Standards no. 99, Conttirns sets in.
and concealed.
sideration
of
Fraud
in
a
Financial
StateConsider assigning "homework."
The second objective of the sesment Audit, is the cornerstone of the
The session will be much more prosion is to set the proper "tone at the
AIC^PA's comprehensive antifraud
tluctive if all members have a similar
top" for conducting the engagement.
and corporate responsibility prolevel of understanding about the
The requirement that brainstorming
gram. The goal of the program is to
client, the nature of its business and
be conducted with an attitude that
rebuild the confidence of investors
its current financial performance. For
"includes a questioning mind" is an
in our capital markets and reestablish
auditors brainstorming about fraud
attempt to model the proper degree
audited
financial statements as a
matters, it may be beneficial to perof professional skepticism and "set"
clear picture window into corporate
form analytical, fact-based research
the culture for the engagement. The
America,
From providing CPAs with
before the session. In structuring
belief is that such an audit engageclarified and focused auditing guidyour session, it will help to consider
ment culture will infuse the entire
ance to establishing a new institute
the characteristics of the fraud trianengagement, making all audit procefor fraud studies, the AICPA is degle. For example, you might discuss
dures that much more effective.
termined to help reduce the incithe incentives/pressures that may exThe mere fact the engagement
dence of financial fraud.
ist at the entity or the opportunities
team has a serious discussion about
This article is adapted from chapmanagement or employees have to
the entity's susceptibility' to fraud also
ter 2 of Fraud Detection in a GAAS
commit fraud. You also might discuss
serves to remind auditors that the
Audit—SAS
No. 99 Implementation
observations about attitude/rationalpossibility does exist in every enCuide by Michael Ramos, which
ization that may indicate the presgagement—in spite of any history or
was
published
by
the
AICPA
conence
of risk at the company.
preconceived biases about managecurrent with the issuance of the new
Describe the objective of the sesment's honest)' and integrity'.
fraud standard. This noiiauthoritative
sion in language people can relate to.
You should note that SAS no. 99
practice aid provides an in-depth,
To help generate creative, practical
does not restrict brainstorming to the
section-by-section explanation as
ideas, pose questions people can
planning phase of the audit process.
well as implementation guidance and
more easily understand, such as the
Brainstorming can be used in conpractice tips for the standard. To orfollowing:
junction with any part of the inforder the book (product no. 006613)
mation-gathering process. Auditors
• If yoti were the bookkeeper for the
by
telephone, call the AICPA at
gather data continuously throughout
entity, how could you embezzle
888-777-7077; to order online go to
the engagement, so look for opporiunds and not get caught?
www.CPA2biz.com.
tunities to brainstorm all the way
• If you worked on the loading
through. Some auditors may choose
dock, how could you steal inventoto meet for discussions ag-ain near the
ry?
conclusion of the audit to consider the findings and experi- • If you owned this company, how might you manipulate
ences of all team members and whether the team's assess- the financial statements to impress bankers?
ment about and response to the risk of material misstatement due to fraud were appropriate.
SOME BRAINSTORMING RULES
In addition to brainstorming, SAS no. 99 requires audit You might consider setting ground rules to help yoti
team members to communicate with each other through- achieve your objective. Here are some examples.
out the engagement about the risks of material misstate• No ideas or questions are dumb. Prejudging questions by
ment due to fraud. In fact, the standard requires the auditor labeling them "dumb" is one sure way to stifle the contriwith final responsibility' for the audit to determine whether bution of ideas.
there has been appropriate communication among team
• No one "owns" ideas. When individuals become permembers throughout the engagement.
sonally invested in an idea, they tend to "fight" for it as
long as possible. There may be a time and a place for batSTRUCTURING AN EFFECTIVE BRAINSTORMING SESSION tling over the validity of an idea, but a brainstorming sesSplit it into two parts. The main objective of brainstorm- sion is not one of them.
ing is to generate ideas about howfiraudmight be conunit• There is no hierarchy. The world of ideas does not rected and concealed at the entity. That is all that SAS no. 99 ognize rank, experience or compensation level. Create an
requires. As a practical matter, some engagement teams environment in which senior team members share informamay choose to discuss how they might respond to the tion without dominating the discussion and junior memidentified risks.
bers feel "safe" contributing their own ideas.
• Excessive note-takinj^ is not allowed. A brainstorming sesDetermine a reasonable time limit. Consultants and business owners who participate regularly in business brain- sion is an intuitive, spontaneous process. Excessive note takstorming sessions suggest that a good session lasts about an ing IS a barrier to this process,
(romimwil on p
SAS no. 99 introduces a new era in auditors' requirements.
Auditors' Responsibility for
Fraud Detection
Adapted from Fmud Detection in a GAAS Audit—SAS No. 99 Implementation Guide
by Michael l ^
uditors will enter a much expanded arena of procedures to detect fraud
as they implement SAS no. 99. The new standard aims to have the auditor's consideration of fraud seamlessly blended into the audit process and
continually updated until the audit's com.pletion. SAS no. 99 describes a
process in which the auditor (1) gathers intormation needed to identify risks of material misstatement due to fraud,
(2) assesses these risks after taking into account an evaluation of the entity's programs and controls and (3) responds
to the results. Under SAS no, 99, you will gather and consider much more information to assess fraud risks than you
have in the past. (For the text of the new standard, see Official Releases, page 105.)
gagements, particularly during audit planning and the evaluation of audit evidence.
NEW REQUIREMENT: DISCUSSION AMONG ENGAGEMENT
PERSONNEL
SAS no. 99 requires the audit team to discuss the potential
for a material misstatement in the fmancial statements due
to traud hefore and during the intormation-gathering
process. This required "hrainstorming" is a new concept in
PROFESSIONAL SKEPTICISM
auditing literature, and early in the adoption process firms
SAS no. 99 reminds auditors they need to overcome some will need to decide how best to implement this requirement in practice. Keep in mind that
natural tendencies—such as overrebrainstorming is a required procedure
liance on client representations—
and biases and approach the audit
and should be applied with the same
The Fraud Triangle
with a skeptical attitude and quesdegree of due care as any other auThree conditions are present when fraud occurs.
tioning mind. Also essential: The
dit procedure.
auditor must set aside past relationThere are two primary objectives
ships and not assume that all clients
of the brainstorming session. The
are honest. The new standard profirst is strategic in nature, so the enIncentive/Pressure
vides suggestions on how auditors
gagement team will have a good
Management or other employees may have
can learn how to adopt a more critiunderstanding of information that
an incentive or be under pressure, which
seasoned team members have about
cal, skeptical mind-set on their enprovides a motivation to commit fraud.
Rationalization/Attitude
Circumstances exist—for example, the absence of controls,
ineffective controls, or the ability of management to override
controis—that provide an opportunity for fraud to be perpetrated.
\
I Those involved in a fraud are able to rationalize a fraudulent act as being consistent with
their personal code of ethics. Some individuals possess an attitude, character or set of I
ethical values that allows them to knowingly and intentionally commit a dishonest a c t , /
^
28
lOUIiNAL .)/" A C C O U N T A N C : Y
2 (.H) 3
AUDITING/FRAUD
hour. After that, the energy begins to
their experiences with the client and
The new fraud standard, Statement
fade and the law of diminishing rehow a fraud might be perpetrated
on Auditing Standards no. 99, Conttirns sets in.
and concealed.
sideration
of
Fraud
in
a
Financial
StateConsider assigning "homework."
The second objective of the sesment Audit, is the cornerstone of the
The session will be much more prosion is to set the proper "tone at the
AIC^PA's comprehensive antifraud
tluctive if all members have a similar
top" for conducting the engagement.
and corporate responsibility prolevel of understanding about the
The requirement that brainstorming
gram. The goal of the program is to
client, the nature of its business and
be conducted with an attitude that
rebuild the confidence of investors
its current financial performance. For
"includes a questioning mind" is an
in our capital markets and reestablish
auditors brainstorming about fraud
attempt to model the proper degree
audited
financial statements as a
matters, it may be beneficial to perof professional skepticism and "set"
clear picture window into corporate
form analytical, fact-based research
the culture for the engagement. The
America,
From providing CPAs with
before the session. In structuring
belief is that such an audit engageclarified and focused auditing guidyour session, it will help to consider
ment culture will infuse the entire
ance to establishing a new institute
the characteristics of the fraud trianengagement, making all audit procefor fraud studies, the AICPA is degle. For example, you might discuss
dures that much more effective.
termined to help reduce the incithe incentives/pressures that may exThe mere fact the engagement
dence of financial fraud.
ist at the entity or the opportunities
team has a serious discussion about
This article is adapted from chapmanagement or employees have to
the entity's susceptibility' to fraud also
ter 2 of Fraud Detection in a GAAS
commit fraud. You also might discuss
serves to remind auditors that the
Audit—SAS
No. 99 Implementation
observations about attitude/rationalpossibility does exist in every enCuide by Michael Ramos, which
ization that may indicate the presgagement—in spite of any history or
was
published
by
the
AICPA
conence
of risk at the company.
preconceived biases about managecurrent with the issuance of the new
Describe the objective of the sesment's honest)' and integrity'.
fraud standard. This noiiauthoritative
sion in language people can relate to.
You should note that SAS no. 99
practice aid provides an in-depth,
To help generate creative, practical
does not restrict brainstorming to the
section-by-section explanation as
ideas, pose questions people can
planning phase of the audit process.
well as implementation guidance and
more easily understand, such as the
Brainstorming can be used in conpractice tips for the standard. To orfollowing:
junction with any part of the inforder the book (product no. 006613)
mation-gathering process. Auditors
• If yoti were the bookkeeper for the
by
telephone, call the AICPA at
gather data continuously throughout
entity, how could you embezzle
888-777-7077; to order online go to
the engagement, so look for opporiunds and not get caught?
www.CPA2biz.com.
tunities to brainstorm all the way
• If you worked on the loading
through. Some auditors may choose
dock, how could you steal inventoto meet for discussions ag-ain near the
ry?
conclusion of the audit to consider the findings and experi- • If you owned this company, how might you manipulate
ences of all team members and whether the team's assess- the financial statements to impress bankers?
ment about and response to the risk of material misstatement due to fraud were appropriate.
SOME BRAINSTORMING RULES
In addition to brainstorming, SAS no. 99 requires audit You might consider setting ground rules to help yoti
team members to communicate with each other through- achieve your objective. Here are some examples.
out the engagement about the risks of material misstate• No ideas or questions are dumb. Prejudging questions by
ment due to fraud. In fact, the standard requires the auditor labeling them "dumb" is one sure way to stifle the contriwith final responsibility' for the audit to determine whether bution of ideas.
there has been appropriate communication among team
• No one "owns" ideas. When individuals become permembers throughout the engagement.
sonally invested in an idea, they tend to "fight" for it as
long as possible. There may be a time and a place for batSTRUCTURING AN EFFECTIVE BRAINSTORMING SESSION tling over the validity of an idea, but a brainstorming sesSplit it into two parts. The main objective of brainstorm- sion is not one of them.
ing is to generate ideas about howfiraudmight be conunit• There is no hierarchy. The world of ideas does not rected and concealed at the entity. That is all that SAS no. 99 ognize rank, experience or compensation level. Create an
requires. As a practical matter, some engagement teams environment in which senior team members share informamay choose to discuss how they might respond to the tion without dominating the discussion and junior memidentified risks.
bers feel "safe" contributing their own ideas.
• Excessive note-takinj^ is not allowed. A brainstorming sesDetermine a reasonable time limit. Consultants and business owners who participate regularly in business brain- sion is an intuitive, spontaneous process. Excessive note takstorming sessions suggest that a good session lasts about an ing IS a barrier to this process,
(romimwil on p