Fraud Auditing


Fraud in the accounting and auditing areas 

Fraudulent financial reporting is an intentional misstatement or omission of amounts or disclosures with the intent to deceive users. Two examples of fraudulent financial reporting are accelerating the timing of recording sales revenue to increased reported sales and earnings, and recording expenses as fixed assets to increase earnings. Misappropriation of assets is fraud that involves theft of an entity’s assets. Two examples are an accounts payable clerk issuing payments to a fictitious company controlled by the clerk, and a sales clerk failing to record a sale and pocketing the cash receipts.


 Conditions for Fraud

The three conditions of fraud referred to as the “fraud triangle” are (1) Incentives/Pressures; (2) Opportunities; and (3) Attitudes/Rationalization. Incentives/Pressures are incentives of management or other employees to commit fraud. Opportunities are circumstances that allow management or employees to commit fraud. Attitudes/Rationalization are indications that an attitude, character, or set of ethical values exist that allow management or employees to commit a dishonest act or they are in an environment that imposes sufficient pressure that causes them to rationalize committing a dishonest act.


The following are example of risk factors for fraudulent financial reporting for each of the three fraud conditions:


<       Incentives/Pressures - The company is under pressure to meet debt covenants or obtain additional financing.

<       Opportunities – Ineffective oversight of financial reporting by the board of directors allows management to exercise discretion over reporting.

<       Attitudes/Rationalization – Management is overly aggressive. For example, the company may issue aggressive earnings forecasts, or make extensive acquisitions using company stock.


The following are example of risk factors for misappropriation of assets for each of the three fraud conditions:


<       Incentives/Pressures - The individual is unable to meet personal financial obligations.

<       Opportunities – There is insufficient segregation of duties that allows the individual to handle cash receipts and related accounting records.

<       Attitudes/Rationalization – Management has disregarded the inadequate separation of duties that allows the potential theft of cash receipts.




Auditors and Fraud


 Auditors use several sources to gather information about fraud risks, including:


<       Information obtained from communications among audit team members about their knowledge of the company and its industry, including how and where the company might be susceptible to material misstatements due to fraud.

<       Responses to auditor inquiries of management about their views of the risks of fraud and about existing programs and controls to address specific identified fraud risks.

<       Specific risk factors for fraudulent financial reporting and misappropriations of assets.

<       Analytical procedures results obtained during planning that indicate possible implausible or unexpected analytical relationships.

<       Knowledge obtained through other procedures such as client acceptance and retention decisions, interim review of financial statements, and consideration of inherent or control risks.


SAS 99 requires the audit team to conduct discussions to share insights from more experienced audit team members and to “brainstorm” ideas that address the following:


1.            How and where they believe the entity’s financial statements might be susceptible to material misstatement due to fraud. This should include consideration of known external and internal factors affecting the entity that might

<       create an incentive or pressure for management to commit fraud.

<       provide the opportunity for fraud to be perpetrated.

<       indicate a culture or environment that enables management to rationalize fraudulent acts.

2.            How management could perpetrate and conceal fraudulent financial reporting.

3.            How assets of the entity could be misappropriated.

4.            How the auditor might respond to the susceptibility of material misstatements due to fraud.


Auditors must inquire whether management has knowledge of any fraud or suspected fraud within the company. SAS 99 also requires auditors to inquire of the audit committee about its views of the risks of fraud and whether the audit committee has knowledge of any fraud or suspected fraud. If the entity has an internal audit function, the auditor should inquire about internal audit’s views of fraud risks and whether they have performed any procedures to identify or detect fraud during the year. SAS 99 further requires the auditor to make inquiries of others within the entity whose duties lie outside the normal financial reporting lines of responsibility about the existence or suspicion of fraud. 


The three auditor responses to fraud are: (1) change the overall conduct of the audit to respond to identified fraud risks; (2) design and perform audit procedures to address identified risks; and (3) perform procedures to address the risk of management override of controls.


Auditors are required to take three actions to address potential management override of controls: (1) examine journal entries and other adjustments for evidence of possible misstatements due to fraud; (2) review accounting estimates for biases; and (3) evaluate the business rationale for significant unusual transactions.


Auditors' Methods of obtaining Information about Fraud

The three types of inquiry are informational, assessment, and interrogative. Auditors use informational inquiry to obtain information about facts and details that the auditor does not have. For example, if the auditor suspects financial statement fraud involving improper revenue recognition, the auditor may inquire of management as to revenue recognition policies. The auditor uses assessment inquiry to corroborate or contradict prior information. In the previous example, the auditor may attempt to corroborate the information obtained from management by making assessment inquiries of individuals in accounts receivable and shipping. Interrogative inquiry is used to determine if the interviewee is being deceptive or purposefully omitting disclosure of key knowledge of facts, events, or circumstances. For example, a senior member of the audit team might make interrogative inquiries of management or other personnel about key elements of the fraud where earlier responses were contradictory or evasive.


When making inquiries of a deceitful individual, three examples of verbal cues are frequent rephrasing of the question, filler terms such as “well” or “to tell the truth,” and forgetfulness or acknowledgements of nervousness. Three examples of nonverbal cues by the individual are creating physical barriers by blocking their mouth, leaning away from the auditor, and signs of stress such as sweating or fidgeting.


Auditor Responsibility in Reporting Suspected Fraud

When the auditor suspects that fraud may be present, SAS 99 requires the auditor to obtain additional evidence to determine whether material fraud has occurred. SAS 99 also requires the auditor to consider the implications for other aspects of the audit. When the auditor determines that fraud may be present, SAS 99 requires the auditor to discuss the matter and audit approach for further investigation with an appropriate level of management that is at least one level above those involved, and with senior management and the audit committee,  even if the matter might be considered inconsequential. For public company auditors, the discovery of fraud of any magnitude by senior management is at least a significant deficiency and may be a material weakness in internal control over financial reporting. This includes fraud by senior management that results in even immaterial misstatements. If the public company auditor decides the fraud is a material weakness, the auditor’s report on internal control over financial reporting will contain an adverse opinion. 

Company Management and Fraud

The corporate code of conduct establishes the “tone at the top” of the importance of honesty and integrity and can also provide more specific guidance about permitted and prohibited behavior. Examples of items typically addressed in a code of conduct include expectations of general employee conduct, restrictions on conflicts of interest, and limitations on relationships with clients and suppliers.


Management and the board of directors are responsible for setting the “tone at the top” for ethical behavior in the company. It is important for management to behave with honesty and integrity because this reinforces the importance of these values to employees throughout the organization.


Management has primary responsibility to design and implement antifraud programs and controls to prevent, deter, and detect fraud. The audit committee has primary responsibility to oversee the organization’s financial reporting and internal control processes and to provide oversight of management’s fraud risk assessment process and antifraud programs and controls.      


Examples of Areas of Fraud

Three main techniques use to manipulate revenue include: (1) recording of fictitious revenue; (2) premature revenue recognition including techniques such as bill-and-hold sales and channel stuffing; and (3) manipulation of adjustments to revenue such as sales returns and allowance and other contra accounts.      


Cash register receipts are particularly susceptible to theft. The notice “your meal is free if we fail to give you a receipt” is designed to ensure that every customer is given a receipt and all sales are entered into the register, establish accountability for the sale.