Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAS 99 – Consideration of Fraud in a Financial Statement Audit

Similar presentations


Presentation on theme: "SAS 99 – Consideration of Fraud in a Financial Statement Audit"— Presentation transcript:

1 SAS 99 – Consideration of Fraud in a Financial Statement Audit
The New Fraud Standard’s Impact on Auditors and Financial Managers

2 Why a New Standard? Part of the AICPA anti-fraud program developed in response to the recent high-profile business failures Provide CPAs with clarified and focused auditing guidance on fraud Re-emphasize the role of entity management and boards in preventing and detecting fraud

3 SAS 99 Impact on the Auditor
No change in the auditor’s responsibility to detect material fraud in financial statement audits No change in the auditor’s required communication of evidence of fraud Significant changes in required auditing procedures and documentation in a financial statement audit

4 Impact of SAS 99 on Management
No change in management’s responsibility to establish controls to prevent and detect fraud New guidance on management antifraud programs and controls Expect new auditor inquiries about the risks and presence of fraud

5 Focus of SAS 99 SAS 99 establishes standards and provides guidance to auditors in fulfilling their responsibility, as it relates to fraud, in an audit of financial statements, conducted in accordance with GAAS Technically only applies to financial statement audits However, concepts and guidance are appropriate for other types of audits

6 History of GAAS on Fraud
1973 1977 1989 1997 2002 SAS # 53 REASONABLE ASSURANCE SAS # 82 REASONABLE ASSURANCE SAS # 99 REASONABLE ASSURANCE SAS # 16 NO ASSURANCE SAS # 1 NO RESPONSIBILITY

7 The Auditor’s Responsibility
“the auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.” “even a properly planned and performed audit may not detect a material misstatement resulting from fraud.” Provide reasonable assurance not absolute assurance

8 Management’s Responsibility
“it is management’s responsibility to design and implement programs and controls to prevent, deter, and detect fraud” Responsibility includes: Setting the proper tone Creating and maintaining a culture of honesty and ethics Establishing appropriate controls

9 Inherent Conflicts in Auditing
Auditor is often paid directly by the audit client. Desire to keep a happy client versus the need to persistent Human nature to trust versus need for professional skepticism Natural assumption that misstatements are due to errors instead of fraud Pressures for profitability, productivity, timeliness versus the need for more evidence and documentation

10 Overriding Question A material misstatement in the financial statements is a material misstatement, regardless of the cause (errors or fraud). Question: Does it really matter to an auditor as to the cause of the misstatement?

11 Answer to Overriding Question
Answer: The cause does matter depending on the perspective of consideration. It doesn’t matter from the perspective of opining on fairly presented financial statements. It does matter from the perspective of audit planning, designing audit procedures, creating the auditor’s mindset, and communicating audit results.

12 Perspective of Audit Conduct
Errors are easier to identify (no intent to conceal) Fraud is harder to identify (intent to conceal) Therefore, auditing for misstatements caused by fraud dictates the need for a different audit response than the risk of misstatements caused by errors

13 Perspective of Audit Communication
Evidence of inconsequential errors requires no communication to management Evidence of inconsequential fraud does require communication to management Direct reporting required to an audit committee for evidence of fraud that involves senior management or results in a material misstatement Possible direct communication to others

14 Characteristics of SAS 99 Fraud
Intentional acts that result in a material misstatement of the financial statements Auditors do not make a legal determination of whether a fraud has occurred Intent is often very difficult to determine Auditors make a determination as to whether evidence indicates a fraud may exist

15 The Fraud Triangle Motive Opportunity Rationalization

16 Fraud Risk Factors Events or conditions that indicate an increased risk of fraud Motive/Incentive/Pressure (the reason to commit fraud) Opportunity (the ability to commit fraud) Rationalization (the justification to commit fraud)

17 Government Characteristics Affecting Motive/Pressures
Profit motive generally less applicable Political promises and favors may impact decisions and actions Limited competitive environment Budgetary and other legal compliance pressures Limited use of external financial statements Limited financial related incentives for management Generally less pay than comparable private sector position

18 Government Characteristics Affecting Opportunity
No direct ownership by decision makers Limited financial staff resources Limited internal monitoring Fewer complex transactions Inherent board turnover Frequent lack of duties segregation Lack of effective audit committee

19 Government Characteristics Affecting Rationalization
Perception of limited pressure to address identified weaknesses Difficulty in terminating employees Legal impediments to rewarding employees Generally less pay than comparable position in the private sector

20 The Two Types of SAS 99 Fraud
Misstatements arising from fraudulent financial reporting Intentional misrepresentation in or omission of material events, transactions or other information Intentional misapplication of GAAP Falsification or manipulation of accounting records or documents Misstatements arising from misappropriation of assets Theft that causes the financial statements to not be fairly presented in all material respects

21 Question Considering the characteristics of government that impact fraud risk factors, which type of SAS 99 fraud is generally more likely to occur in a typical governmental unit? Fraudulent Financial Reporting? OR Misappropriation of Assets?

22 Exercising Professional Skepticism
Part of “due professional care” standard in SAS 1 – re-emphasized in SAS 99 Defined as “an attitude that includes a questioning mind and a critical assessment of audit evidence” Mindset that recognizes that any material misstatement could be the result of fraud Requires “on-going” questioning of whether evidence suggests a possible fraud

23 Overview of the Fraud Audit Process
Brainstorming Obtaining Risk Info Documenting On-Going Process Throughout The Audit Communicating Identifying Risks Evaluating Evidence Assessing Risks Responding to Risks

24 Brainstorming Brainstorming Obtaining Risk Info Documenting
Communicating Identifying Risks Evaluating Evidence Assessing Risks Responding to Risks

25 Brainstorming (All New)
Initially during audit planning Interactive exchange of ideas Insights of more experienced team members How and where the financial statements might be susceptible to fraud Emphasize importance of proper state of mind (professional skepticism) during the audit Include risk of management override of controls Communication of fraud risks among team members should continue throughout the audit

26 Obtaining Risk Information
Brainstorming Obtaining Risk Info Documenting Communicating Identifying Risks Evaluating Evidence Assessing Risks Responding to Risks

27 Obtaining Risk Information
Inquiries of management and others about fraud risk and their response to the risk (Expanded) Consider unusual relationships that analytical procedures identify (New) Consider the presence of fraud risk factors Consider results of procedures over acceptance and continuance of clients (New) Consider any reviews of interim financials (New) Consider inherent risks at account balance/ transaction class level (New)

28 Obtaining Risk Information (Cont)
Evaluate the relationship between management and the audit committee or equivalent (New) Talk to the internal auditors (New) Inquire directly of the audit committee or equivalent (New) Entity employees may just waiting to be asked Be alert for inconsistent responses to inquiries and use professional judgment in deciding when corroboration is needed

29 Required Management Inquiries (Expanded)
Direct knowledge of any fraud or suspected fraud Aware of any allegations of fraud by others Management’s understanding of the risks of fraud and where it is most likely to exist Programs and controls established to mitigate the specific risks of fraud identified How management communicates ethics to employees How management reports to the audit committee on fraud and fraud controls

30 Possible Other Inquiries (New)
Employees with varying levels of authority Operating personnel not directly involved in financial reporting Employees involved with complex or unusual transactions In-house legal counsel

31 Identifying Fraud Risks
Brainstorming Obtaining Risk Info Documenting Communicating Identifying Risks Evaluating Evidence Assessing Risks Responding to Risks

32 Identifying Fraud Risks
Professional judgment required Risk attributes to consider: (New) Type of risk Significance of the risk Likelihood of the risk Pervasiveness of the risk Consider these in the context of the fraud triangle; but do not assume that if all three are not evident, there is no risk

33 Identifying Fraud Risks (Cont)
Consider the entity’s size, complexity, and ownership/governing attributes Consider assertions, accounts, and transaction classes that have high inherent risk due to a high degree of management judgment and subjectivity (New) Consider whether identified risks pertain to (A) individual account balances, transaction classes, or assertions or (B) the financial statements as a whole Should ordinarily presume there is a risk of material misstatement due to revenue recognition fraud (New) Always consider management’s ability to override controls apart from specifically identified risks (New)

34 Assessing Fraud Risks Brainstorming Obtaining Risk Info Documenting
Communicating Identifying Risks Evaluating Evidence Assessing Risks Responding to Risks

35 Assessing Fraud Risks Assessment should take into account an evaluation of the entity’s programs and controls that address fraud risks There may be specific programs/controls that address specific fraud risks Are they properly designed and been implemented? There may be broader programs designed to prevent, deter, or detect fraud risk (New) For example: programs that promote a culture of honesty and ethical behavior

36 Responding to Fraud Risks
Brainstorming Obtaining Risk Info Documenting Communicating Identifying Risks Evaluating Evidence Assessing Risks Responding to Risks

37 Responding to Fraud Risks
There are three ways to respond: General considerations related to the overall way the audit is conducted Change the nature, timing, or extent of audit procedures Performance of procedures to address the risks related to management’s ability to override controls (New)

38 General Considerations
Heightened professional skepticism and assessment of audit evidence Design different procedures Corroborate management explanations Assignment of personnel and supervision Additional or more experienced staff Use of specialists Greater supervision Reassess accounting principles application Add unpredictability to audit procedures (New)

39 Nature, Timing and Extent of Audit Procedures
Use more reliable or corroborative procedures More inspection or observation Expanded inquiries or independent confirmation Alter the timing of substantive tests Conduct more testing Larger sample sizes Analytical procedures at a more detailed level Use CAATs to test all transactions of a population

40 Responses to Management Override (All New)
Examine journal entries and other adjustments for evidence of material misstatement Review accounting estimates for evidence of biases that could result in material misstatements due to fraud Evaluate the business rationale for significant unusual transactions

41 Responses to Management Override (All New)
Appropriate for every audit absent a conclusion by the auditor that they are unnecessary—document such a conclusion For audits of public entities, these “should” be performed For audits of nonpublic entities, these “should generally” be performed Bottom line: if you decide not to perform these procedures, you better have good, well-documented reasons

42 Evaluating Audit Evidence for Fraud
Brainstorming Obtaining Risk Info Documenting Communicating Identifying Risks Evaluating Evidence Assessing Risks Responding to Risks

43 Evaluating Audit Evidence for Fraud
Assess and reassess risks of material misstatement due to fraud throughout the audit Audit test results may alter previous assessments of risk Audit test results may, in and of themselves, be indicative of fraud Be alert for: (New) Discrepancies in the accounting records Conflicting or missing evidential matter Problematic or unusual relationships between the auditor and client

44 Evaluating Audit Evidence for Fraud
Evaluate whether analytical procedures performed as substantive tests or in the overall review stage indicate a previously unrecognized fraud risk (New) Analytical revenue of revenue through end of period required, if not already performed (New) Evaluate the risks due to fraud at or near the completion of the audit Respond to possible misstatements that may be the result of fraud

45 Responding to Misstatements That May Be Result of Fraud
Consider the implications for other parts of the audit Discuss the matter and the approach for further investigation with an appropriate level of management; and with senior management: and the audit committee Attempt to obtain additional evidential matter to determine whether material fraud has occurred Consider the need for and timing of discussions with the audit committee or board of directors (New) If appropriate, suggest that the client consult with legal counsel When appropriate, consider withdrawing from the engagement (consult with auditor’s legal counsel)

46 Communicating Fraud Evidence
Brainstorming Obtaining Risk Info Documenting Communicating Identifying Risks Evaluating Evidence Assessing Risks Responding to Risks

47 Communicating Fraud Evidence
Whenever “evidence of fraud” is found, it should be brought to the attention of the appropriate level of management Even if the matter is inconsequential Report directly to the audit committee when: Fraud causes a material misstatement Fraud involves senior management Reach an advance understanding with the audit committee about fraud involving lower-level employees

48 Communicating Fraud Evidence
Communicating to parties other than management or audit committee may be required To comply with legal or regulatory requirements In response to successor auditor inquiries (per SAS 84) In response to a subpoena To meet Yellow Book standards “Consult your attorney”

49 Documenting Fraud Considerations
Brainstorming Obtaining Risk Info Documenting Communicating Identifying Risks Evaluating Evidence Assessing Risks Responding to Risks

50 Documenting Fraud Considerations
Discussion about fraud possibilities among engagement personnel in planning the audit (brainstorming) (New) How and when the discussion occurred Audit team members who participated Subject matter discussed Procedures performed to obtain information needed to identify and assess fraud risks (New) Specific fraud risks identified and descriptions of how the auditor responded to those risks

51 Documenting Fraud Considerations
If improper revenue recognition due to fraud NOT identified as a fraud risk, reasons supporting conclusion (New) Results of procedures to further address risk of management override of controls (New) Other conditions that caused the auditor to believe that additional procedures or other responses were required, and how the auditor responded Communications about fraud made to management, audit committee, and others (New)

52 Management Antifraud Programs and Controls
Creating a Culture of Honesty & High Ethics Developing an Appropriate Oversight Process Evaluating Antifraud Processes & Controls

53 Creating Culture of Honesty and High Ethics
Setting the tone at the top Creating a positive workplace environment Hiring and promoting appropriate employees Providing sufficient training Confirming accountability for code of conduct Implementing effective discipline

54 Evaluating Antifraud Processes and Controls
Identifying and measuring fraud risks Mitigating fraud risks Designing and implementing appropriate internal controls Monitoring compliance with internal controls

55 Developing and Appropriate Oversight Process
Oversight by the audit committee or equivalent Oversight by management Use of an effective internal audit function Open and candid dialogue with independent auditors Assistance from Certified Fraud Examiners

56 New Required Management Representations
“we acknowledge our responsibility for the design and implementation of programs and controls to prevent and detect fraud” “we have no knowledge of any fraud or suspected fraud affecting the entity involving management, employees who have significant roles in internal control, or others ….” “ we have no knowledge of any allegations of fraud or suspected fraud ….”

57 SAS 99 Effective Date For audits of financial statements for periods beginning on or after December 15, 2002 Early application is permissible


Download ppt "SAS 99 – Consideration of Fraud in a Financial Statement Audit"

Similar presentations


Ads by Google