A primer for brainstorming fraud risks: there are good and bad ways to conduct brainstorming sessions.
Auditors are required by SAS (1) (SAS Institute Inc., Cary, NC, www.sas.com) A software company that specializes in data warehousing and decision support software based on the SAS System. Founded in 1976, SAS is one of the world's largest privately held software companies. See SAS System. no. 99, Consideration of Fraud in a Financial Statement Audit, to conduct a "brainstorming" session in every audit. Its purpose is twofold: to consider fraud risks that may be present and to emphasize the importance of professional skepticism throughout the entire audit process. Key members of the audit team--from the lead partner or manager in charge of the engagement all the way down to new staff--meet during the planning stages and during the course of the audit to exchange ideas about how and where they believe the entity's financial statements may be susceptible to material misstatements due to fraud and to discuss how management could perpetrate per·pe·trate
tr.v. per·pe·trat·ed, per·pe·trat·ing, per·pe·trates
To be responsible for; commit: perpetrate a crime; perpetrate a practical joke. and conceal conceal,
v to hide; secrete; withhold from the knowledge of others. fraudulent financial reporting or misappropriate mis·ap·pro·pri·ate
tr.v. mis·ap·pro·pri·at·ed, mis·ap·pro·pri·at·ing, mis·ap·pro·pri·ates
a. To appropriate wrongly: misappropriating the theories of social science. assets. This article will discuss how audit team leaders can avoid the pitfalls inherent in brainstorming sessions and employ the best practices for maximizing the benefits.
When carefully planned and managed, brainstorming can lead to many high-quality ideas about possible fraud risks audit team members wouldn't likely generate individually. A brainstorming session that ignores best practices, however, might quickly give way to inefficiencies and distractions that ultimately could muddy the audit team's ability to focus on relevant fraud risks. That kind of deterioration de·te·ri·o·ra·tion
The process or condition of becoming worse. can hinder hin·der 1
v. hin·dered, hin·der·ing, hin·ders
1. To be or get in the way of.
2. To obstruct or delay the progress of.
v.intr. key audit decisions, leading the team down dangerous paths--for example, to incorrect conclusions concerning which fraud risks are present, confusion on how to respond to a disjointed list of identified risk issues or lack of "buy-in" to the brainstorming process.
VALUE OF BRAINSTORMING SESSIONS
Research has shown that auditors are much more likely to correctly identify fraud risk conditions if the audit team engages in open-ended, nontraditional considerations of them. Responses from numerous stakeholders Stakeholders
All parties that have an interest, financial or otherwise, in a firm-stockholders, creditors, bondholders, employees, customers, management, the community, and the government. , such as forensic accountants, internal auditors Internal auditor
An employee of a company who analyzes the company's accounting records to that the company is following and complying with all regulations. , external auditors The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. and other fraud experts, have reaffirmed the benefits of auditors engaging in such discussions.
The difficulty auditors face in assessing fraud risks partially stems from the fact that most of them have never encountered a material fraud during their careers; thus, they may be less effective when assessing fraud risks on their own, which makes group exploration all the more valuable in identifying them. A barrier to disseminating dis·sem·i·nate
v. dis·sem·i·nat·ed, dis·sem·i·nat·ing, dis·sem·i·nates
1. To scatter widely, as in sowing seed.
2. critical information can be the engagement partner's or manager's failure to share information about a client's honesty and integrity with the engagement team. So, in part, brainstorming sessions prompt the more experienced auditors to share their insights with less experienced team members and, in turn, encourage those who are less experienced but have recent firsthand first·hand
Received from the original source: firsthand information.
first knowledge of client processes to provide their insights to the senior members.
Even though brand-new team members may not have information specific to the client to contribute, these sessions provide an excellent opportunity for dram dram: see English units of measurement.
See dynamic RAM.
DRAM - dynamic random-access memory to become familiar with pertinent information that could affect their professional skepticism during their first year on the engagement. And, new team members bring a fresh perspective to the process by sharing insights from other client experiences. In any case, the brainstorming requirement mandates that all key audit team members must engage in dialogue. (See "Auditors' Responsibility for Fraud Detection," JofA, Jan. 03, page 28, for a discussion of the brainstorming requirement of SAS no. 99.)
Four common pitfalls can hinder an audit team's brainstorming effectiveness: group domination, "social loafing An editor has expressed concern that this article or section is .
Please help improve the article by adding information and sources on neglected viewpoints, or by summarizing and ," "groupthink group·think
The act or practice of reasoning or decision-making by a group, especially when characterized by uncritical acceptance or conformity to prevailing points of view.
Noun 1. " and "groupshift."
Group domination is one of the most corrosive corrosive /cor·ro·sive/ (kor-o´siv) producing gradual destruction, as of a metal by electrochemical reaction or of the tissues by the action of a strong acid or alkali; an agent that so acts. problems. Because the goal of a brainstorming session is to have audit team members share thoughts and ideas, one or two participants dominating the process can quickly squelch squelch
v. squelched, squelch·ing, squelch·es
1. To crush by or as if by trampling; squash.
2. the creative energies of the group as a whole, reducing the likelihood the team will identify any actual fraud risks.
Audit teams are especially susceptible to this pitfall pit·fall
1. An unapparent source of trouble or danger; a hidden hazard: "potential pitfalls stemming from their optimistic inflation assumptions" New York Times. because of their traditional hierarchical structure See hierarchical. . Senior team members may intimidate in·tim·i·date
tr.v. in·tim·i·dat·ed, in·tim·i·dat·ing, in·tim·i·dates
1. To make timid; fill with fear.
2. To coerce or inhibit by or as if by threats. less experienced staff who look to them to lead the discussion. Other team members may defer de·fer 1
v. de·ferred, de·fer·ring, de·fers
1. To put off; postpone.
2. To postpone the induction of (one eligible for the military draft).
v.intr. to those assigned to lead the audit planning, believing they have had an opportunity to think in more detail about potential fraud risks. Furthermore, as in any group setting, there may be one or two vocal individuals with great confidence in their own ability and a determination to present their views. If any of these conditions are present, the intended benefits of fraud risk brainstorming--an exchange of ideas among the entire team--may never materialize ma·te·ri·al·ize
v. ma·te·ri·al·ized, ma·te·ri·al·iz·ing, ma·te·ri·al·iz·es
1. To cause to become real or actual: By building the house, we materialized a dream. .
Social loafing, also called free-riding, is another potential pitfall of brainstorming activities. It occurs when participants disengage dis·en·gage
v. dis·en·gaged, dis·en·gag·ing, dis·en·gag·es
1. To release from something that holds fast, connects, or entangles. See Synonyms at extricate.
2. from the process, expecting that other team members will pick up the slack 1. (operating system) slack - Internal fragmentation. Space allocated to a disk file but not actually used to store useful information.
2. (jargon) slack . Given their size and geographic dispersion dispersion, in chemistry
dispersion, in chemistry, mixture in which fine particles of one substance are scattered throughout another substance. A dispersion is classed as a suspension, colloid, or solution. , large audit teams may be particularly susceptible. Other reasons for such "loafing" may include the "why bother" feelings that stem from group domination, the absence of compelling incentives to actively participate in the discussion and an individual's failure to make a sufficient personal investment in the group's task. It may be that members of the engagement team are juggling numerous client engagements or some team members may be working on a specific aspect of the engagement, such as IT or tax specialty work and thus may "check out" when the discussion does not directly address their specific aspect of the engagement.
Fear of losing credibility also may prevent individuals from participating. If individuals feel they need to protect their standing, they will be less likely to voice an unpopular idea or opinion. This may be a problem for less experienced audit staff members or others recently assigned to the client engagement. They may feel unqualified to speak openly about engagement-specific risks or be reluctant to do so in front of more experienced engagement team members, who eventually will play a role in their performance evaluations Performance evaluation
The assessment of a manager's results, which involves, first, determining whether the money manager added value by outperforming the established benchmark (performance measurement) and, second, determining how the money manager achieved the calculated return . Such self-censuring behavior can hinder a group's ability to handle the complex nature of the fraud-risk-assessment process--the very type of problem for which "outside the box" thinking is critical.
Groupthink is another pitfall to avoid. This phenomenon occurs when team members become so concerned with reaching consensus that they fail to realistically evaluate all ideas or suggestions. Audit teams can be particularly susceptible to this as auditors generally are very sensitive to time/budget pressures. Thus, they quickly may align with the group's view of fraud risks in an effort to complete the task efficiently. Also, because the brainstorming requirement is new, there may be a lack of "buy in" that prompts team members to embrace the group's views quickly in order to move to other tasks perceived as being more critical.
Groupshift is the fourth pitfall. While a purpose of brainstorming sessions is to help the audit team collectively arrive at conclusions about fraud risks, team leaders must exercise caution to avoid allowing the team to take an extreme position on fraud risk. For example, a group whose members generally are conservative might shift toward a more conservative position while a group of risk-takers might lean toward even riskier positions. With the recent emphasis on fraud detection, there is some cause for concern audit teams will assume the risks are high in all engagements.
There are costs of such overreacting. For example, if there is an overrated Overrated was a Horde World of Warcraft guild, based on the US Black Dragonflight Realm. On November 2 2006, the majority of the guild members were indefinitely banned from the game for use of (or directly benefiting from) a third-party "wall-hack", used to bypass content risk of fraudulent activity within inventory, an auditor may expand audit procedures related to inventory observation, inventory pricing, and cutoff, leading to excessive and unnecessary audit work. Worse yet, an auditor may rush to judgment and accuse ac·cuse
v. ac·cused, ac·cus·ing, ac·cus·es
1. To charge with a shortcoming or error.
2. To charge formally with a wrongdoing.
v.intr. client personnel of wrongdoing wrong·do·er
One who does wrong, especially morally or ethically.
wrongdo without the proper basis for doing so. Given groupshift's potential impact on audit effectiveness and efficiency, all audit teams should be concerned about it.
Brainstorming team leaders can avoid the pitfalls described above by following these guidelines guidelines,
n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. .
Assign homework. The discussion leader should inform participants well in advance of a scheduled meeting that they will discuss fraud risks so each team member can focus on coming up with ideas about how and where the entity is susceptible. Distributing the meeting's agenda (see the example on page 36) will also provide greater context for participants to think about possible fraud risks and will further inform them about what to expect during the brainstorming session. Circulating cir·cu·late
v. cir·cu·lat·ed, cir·cu·lat·ing, cir·cu·lates
1. To move in or flow through a circle or circuit: blood circulating through the body.
2. meeting agendas in advance can be particularly helpful in larger audit engagements with several team members. In contrast, a small firm with only four audit personnel might not need to circulate cir·cu·late
v. cir·cu·lat·ed, cir·cu·lat·ing, cir·cu·lates
1. To move in or flow through a circle or circuit: blood circulating through the body.
2. an agenda before a brainstorming session because it has agreed upon Adj. 1. agreed upon - constituted or contracted by stipulation or agreement; "stipulatory obligations"
noncontroversial, uncontroversial - not likely to arouse controversy a common agenda to be used across all engagements.
The leader should encourage team members to use the experiences and knowledge obtained during previous audits and recent interactions with the client. Also, he or she should stress that the assignment should not be overly time-consuming; members can be formulating ideas as they perform their day-to-day tasks. Leaders should ask individuals to come to the meeting with a list of their ideas. If leaders believe it would help members who are shy about speaking at meetings, the lists prepared in advance can be discussed or distributed without identifying the preparer.
Both large and small firms use various forms of fraud checklists and other assessment tools for accumulating and assessing fraud risk indicators. Some firms complete those checklists as part of the client acceptance or continuance The adjournment or postponement of an action pending in a court to a later date of the same or another session of the court, granted by a court in response to a motion made by a party to a lawsuit. procedures or just prior to the brainstorming session. Thus, part of the assigned homework may include completion of the checklists or other tools in advance of the meeting. Checklist topics may provide a useful framework for beginning the brainstorming discussion. And, the brainstorming discussion may lead to other useful insights that help update initial checklist responses.
Establish ground rules. The leader should establish a strong foundation for brainstorming sessions by communicating fundamental ground rules before a session begins: Do not criticize crit·i·cize
v. crit·i·cized, crit·i·ciz·ing, crit·i·ciz·es
1. To find fault with: criticized the decision as unrealistic. See Usage Note at critique. others' ideas, let each person speak, and try to build on others' ideas. Audit team members should know what to expect of themselves and others. It is particularly important that all participants feel their input is valued and their voice will be heard. The leader also should make certain that participants understand how the session will proceed and how ideas generated during the meeting impact the audit.
Some firms schedule stand-alone meetings to conduct the brainstorming sessions. This is most common for large or complex engagements. Other firms allow the brainstorming discussions to be part of a larger initial planning meeting, particularly when the audit engagement is relatively straightforward. When the sessions are part of a larger meeting, the engagement leader should ensure that sufficient time is allocated to this component of the meeting agenda.
Set the tone. At the beginning of a meeting, the leader should genuinely encourage all audit team members, including less experienced staff, to express any idea no matter how unusual it may seem. Because not everyone enters the brainstorming activity with a similar level of knowledge or experience with the client or willingness to share ideas about fraud risk in an open-ended fashion, it is important to establish a comfortable environment. There is no substitute for having the engagement leader stress to the audit team the importance of the brainstorming session, emphasizing that every idea is valued and everyone has something to contribute to the discussion. Demonstrated genuine involvement by the engagement leader will go a long way towards setting the stage for all team members to engage in the activity.
Take a "zero tolerance The policy of applying laws or penalties to even minor infringements of a code in order to reinforce its overall importance and enhance deterrence.
Since the 1980s the phrase zero tolerance has signified a philosophy toward illegal conduct that favors strict imposition of " stance on criticism. The leader must make it clear that no criticism about any issue presented will be allowed while the group is generating ideas about fraud risks. Imagine the reaction of a new staff person whose manager laughs or rolls her eyes at that individual's suggestion. Any perception of criticism can quickly shut down a team member's willingness to participate. Criticism also may negatively affect the efficiency of the brainstorming activity by diverting attention from the risk assessment process to other subjects. With a "zero tolerance for criticism" expectation, the team is less likely to fall prey to the pitfalls noted. Open-mindedness, not conformity, should be the meeting's goal.
Encourage more not less. Participants should make every effort to generate as many ideas as possible about how and where the entity may be susceptible to fraud and how management might conceal its actions. The greater the number of ideas about potential fraud risks, the more likely the group will accurately identify and assess relevant fraud risks and develop appropriate audit responses to them. If idea generation about fraud risks within a particular business process (for example, inventory management) or account (investments) begins to wane, the leader should shift the discussion to another business process (purchasing) or account (receivables) or rephrase re·phrase
tr.v. re·phrased, re·phras·ing, re·phras·es
To phrase again, especially to state in a new, clearer, or different way. the current question to get the group thinking differently. So, if the group is discussing how receiving personnel might steal inventory and the brainstorming process begins to slow, the session leader might ask participants to think about how purchasing personnel could misappropriate inventory (for example, redirecting inventory orders to unauthorized locations). Reframing reframing (rē·frāˑ·ming),
n the revisiting and reconstruction of a patient's view of an experience to imbue it with a different usually more positive meaning in the issues from different perspectives can be a valuable technique for increasing the number of ideas generated about a particular fraud risk.
Credit the group, not individuals. It is important for the leader to assign credit for ideas generated to the group as a whole rather than to a contributing member. Recognizing group ownership of ideas is more likely to increase the team's interest and its commitment to its goals than when individuals are rewarded personally.
Manage group size and composition. When determining which members to include in individual brainstorming Individual brainstorming, a problem-solving method, stimulates creative thought through various techniques and exercises.
Many people associate brainstorming with the fields of advertising, marketing, and creative writing, but many other professional and academic fields make sessions, team leaders must not only include the ones who will be key to the discussion at hand, but also understand how group size might affect the outcomes. Thus, the number of people participating in sessions may vary across an engagement.
The size of the group affects the structure of the session: Smaller groups (seven or fewer individuals) tend to complete tasks more quickly and reduce the potential for group domination or social loafing; larger groups (twelve or more individuals), on the other hand, are better problem solvers and idea generators because there are more individuals thinking about fraud risks. However, large groups tend to deter certain individuals from participating. Therefore, for some very large engagements, the leader may find it advisable ad·vis·a·ble
Worthy of being recommended or suggested; prudent.
ad·visa·bil to divide the engagement team into subgroups, perhaps along the client's business segments, for detailed brainstorming about fraud risks in those segments. Later, representatives from each subgroup sub·group
1. A distinct group within a group; a subdivision of a group.
2. A subordinate group.
3. Mathematics A group that is a subset of a group.
tr.v. can convene CONVENE, civil law. This is a technical term, signifying to bring an action. to discuss the risks identified at the segment level and to brainstorm about consolidated risks.
For example, when engagement personnel are located in multiple offices, one national firm conducts an initial brainstorming conference call with engagement leaders in various locations working on the client engagement. Subsequent to that conference call, each local engagement leader then conducts brainstorming sessions with his or her engagement personnel. Fraud risk issues identified in local office sessions are discussed in a follow-up conference call involving key engagement leaders from all offices serving the client.
There are a number of well-defined brainstorming techniques. Here are three that team leaders might find appropriate for auditors.
Open brainstorming is an unstructured technique auditors can use in which discussions follow very few rules and procedures. In this type of brainstorming, individuals share ideas as they come to mind in a kind of free-for all. Although this approach often is used, it is erroneous erroneous adj. 1) in error, wrong. 2) not according to established law, particularly in a legal decision or court ruling. to assume that merely forming a group to share ideas is all one needs to generate a large number of high-quality ideas about fraud risks. In fact, if the brainstorming basics discussed above are ignored, open brainstorming's unstructured environment can result in a degenerating process in which only one or a few individuals participate.
If audit teams decide to use this approach, it is best to have someone not participating in the brainstorming session record ideas. This might be a new staff person on the engagement who has little knowledge about the client's business and environment and who will benefit by better understanding.
Round-robin brainstorming is a structured technique characterized by a session that begins with a period of no talking during which team members engage in silent "self-brainstorming," or "brainwriting," to form their ideas. The team, informed of the issues, assigned homework well in advance of the meeting and knowing they have to make a list of their ideas in priority order, will be more responsive to sharing with the group. After the brainwriting phase, each individual presents his or her ideas. One way to do this is to have members post their lists on a wall or bulletin board for all to see. This can be particularly useful if people are reluctant to speak up. And, it is efficient since all participants share in the process.
Round-robin brainstorming eliminates the problem of group domination because each team member has a turn, participation is equal and otherwise quiet individuals have a chance to speak. Of course, the structure this method imposes has a downside--a possible loss in creativity and spontaneity spon·ta·ne·i·ty
n. pl. spon·ta·ne·i·ties
1. The quality or condition of being spontaneous.
2. Spontaneous behavior, impulse, or movement.
Noun 1. . Generally, round-robin brainstorming results in fewer ideas, and group members may feel less connected to the group's mission if there is little time for "freewheeling free·wheel·ing
a. Free of restraints or rules in organization, methods, or procedure.
b. Heedless of consequences; carefree.
2. Relating to or equipped with a free wheel. ." Consequently, a leader can increase idea generation and encourage a higher level of interaction if members are allowed to express additional ideas after the last individual has been heard.
Electronic brainstorming is an increasingly popular technique that combines open brainstorming with software technology. Team members are told well before they gather, either in one room or from remote locations via an electronic link, to think about potential fraud risks. Electronic brainstorming begins when a participant or session leader presents an idea about a potential fraud risk to the group. In contrast to round-robin brainstorming, team members can share ideas as they come to mind. There is no need to wait for a turn to "speak" because the technology eliminates the problem of "talking over one another." Specifically, participants silently share ideas by typing them into a computer, which quickly displays them on everyone's monitor or a projection screen. Some technologies also provide participants with periodic feedback about the number and types of ideas to help reduce the likelihood of social loafing due to the anonymous and silent nature of this technique. Idea generation continues until the group has exhausted all of its ideas. Then the brainstorming software assists the team with the discussion and consolidation of its ideas.
Electronic brainstorming generally shortens meeting times, increases idea generation and reduces the possibility of personalizing ideas because an idea's author remains anonymous. Group size ceases to be a limiting factor A factor or condition that, either temporarily or permanently, impedes mission accomplishment. Illustrative examples are transportation network deficiencies, lack of in-place facilities, malpositioned forces or materiel, extreme climatic conditions, distance, transit or overflight rights, as well. Current technology eliminates many coordination and communication problems, allowing reasonably large groups to have virtual meetings in which participants may or may not be in the same location as long as there is access to the appropriate software. So, this technique may be a tool for large, multinational client engagements where audit team members are globally dispersed dis·perse
v. dis·persed, dis·pers·ing, dis·pers·es
a. To drive off or scatter in different directions: The police dispersed the crowd.
Of course, there are disadvantages to electronic brain storming. One of the most obvious is the loss of social interaction; while face-to-face teams are often less efficient, the nonverbal non·ver·bal
1. Being other than verbal; not involving words: nonverbal communication.
2. Involving little use of language: a nonverbal intelligence test. cues present in such settings help build trust and collegiality col·le·gi·al·i·ty
1. Shared power and authority vested among colleagues.
2. Roman Catholic Church The doctrine that bishops collectively share collegiate power. among team members. Because electronic brainstorming allows for idea generation and sharing in an anonymous setting, individuals may not receive the credit they feel they are due. Consequently, some group members will feel that there is no incentive to participate and will coast on the ideas of others.
Ultimately, the information gathered during the brainstorming session should be combined with that obtained through other planning activities to identify the risks of material misstatements due to fraud. Thus, before leaving the brainstorming session, team members need to clarify, refine and achieve consensus on conclusions about initial fraud risk ideas.
Some firms have the team classify clas·si·fy
tr.v. clas·si·fied, clas·si·fy·ing, clas·si·fies
1. To arrange or organize according to class or category.
2. To designate (a document, for example) as confidential, secret, or top secret. fraud risks in one of two categories: risks affecting the overall engagement and risks affecting a specific account or class of transactions. Other methods of summarizing fraud risks involve classifying them along the three conditions of the fraud triangle of incentive/pressure, opportunity, and rationalization/attitude. By grouping ideas related to these three concepts, the team will be focusing on conditions that ultimately may indicate high fraud risk. That is, the team may be more likely to identify areas in which incentives are excessive and opportunities exist for individuals whose attitudes enable them to rationalize ra·tion·al·ize
1. To make rational.
2. To devise self-satisfying but false or inconsistent reasons for one's behavior, especially as an unconscious defense mechanism through which irrational acts or feelings are made to appear fraud.
The engagement leader should assign someone responsibility for documenting the results of this discussion and any necessary follow-up procedures. For example, if the audit team believes there is all increased risk of fraud related to the client's revenue recognition, it will document that additional targeted procedures will be performed, which might include specific analytical procedures Analytical Procedures is one of financial audit skill which help an auditor understand the client's business and changes in the business, to identify potential risk areas and to plan other audit procedures. for revenue accounts by product line, inquiries of sales and operations personnel about side agreements, or specific revenue cut-off cut-off Anesthesiology The point at which elongation of the carbon chain of the 1-alkanol family of anesthetics results in a precipitous drop in the anesthetic potential of these agents–eg, at > 12 carbons in length, there is little anesthetic activity, procedures at year-end.
The risks identified and the related responses must be documented in the audit files along with information about how and when the brainstorming discussion occurred, the audit team members who participated and the subject matter discussed. The sample meeting agenda on page 36 provides a nice starting point Noun 1. starting point - earliest limiting point
terminus a quo
commencement, get-go, offset, outset, showtime, starting time, beginning, start, kickoff, first - the time at which something is supposed to begin; "they got an early start"; "she knew from the for documenting this information in the audit files. An audit file memo or spreadsheet-based summary from the brainstorming meeting that categorizes information along the three components of the fraud triangle can be updated and modified as further fraud risk information is gathered through other SAS no. 99 information-gathering activities (for example, inquiries of management, consideration of fraud risk factors and performance of analytical procedures). A spreadsheet that contains columns of auditor responses alongside the columns for each of the fraud conditions identified can easily organize the key conclusions drawn from the brainstorming session.
A word of caution is appropriate. While certain aspects of the team's planned audit responses will be evident to management, the session leader should emphasize to team members that there is a need to avoid disclosing information about such responses to preserve the confidentiality of the auditor's procedures. For example, a surprise inventory count would lose much of its value if management were to know in advance of its timing and location.
Audit teams should also make certain their consideration of fraud uses a closed loop. One firm that we spoke with completes the loop this way: A brainstorming session is held during planning to identify fraud risks and develop procedures to address them. Then, during the wrap-up phase of the audit, a fraud checklist is completed to ensure no risks were overlooked and that appropriate procedures were performed. Of course, the loop is not complete unless everyone on the audit team is aware of the brainstorming session and its outcome. So, be sure to provide the results of the session to any team members who do not attend the session. Written memos can be circulated among team members or links to electronic audit files can provide easy sharing of key fraud risk information among engagement team personnel.
WHICHEVER TECHNIQUE WORKS
Auditors no longer have a choice of whether to brainstorm about the possibility of fraud; SAS no. 99 requires them to do it. Brainstorming sessions can generate ideas about how and where fraud can occur, but they must be carefully planned and managed to ensure their effectiveness. Several easy-to-use brainstorming basics and implementation techniques can go a long way to avoid potential pitfalls. Regardless of the approach taken, it is vitally important that the audit team engage in all open and free exchange of ideas about where fraud may be present and how the audit team can respond.
The Fraud Triangle
Three conditions are present when fraud occurs.
Management or other employees may have an incentive or be Under pressure, which provides a motivation to commit fraud.
Circumstances exist-for example, the absence of controls ineffective controls, or the ability of management to override An arrangement whereby commissions are made by sales managers based upon the sales made by their subordinate sales representatives. A term found in an agreement between a real estate agent and a property owner whereby the agent keeps the right to receive a commission for the sale of controls--that provide an opportunity for fraud to be perpetrated.
Those involved in a fraud are able to rationalize a fraudulent act as being consistent with their personal code of ethics Code of Ethics can refer to:
1. Done deliberately; intended: an intentional slight. See Synonyms at voluntary.
2. Having to do with intention. commit a dishonest act.
* AUDITORS MUST INCORPORATE BRAINSTORMING sessions to identify fraud risks in the planning stages of their audits, as mandated by SAS no. 99, and use them periodically throughout the process.
* INNOVATIVE THOUGHTS ARE CRITICAL to the generation of high-quality ideas. Consequently, leaders should tell team members to assume there are no constraints to addressing the issue. Participants will generate more nontraditional ideas if they are freed of the mental baggage that comes with real-world constraints (for example, time pressures or other assignments).
* IN ADVANCE OF A GROUP'S MEETING, team members can be assigned homework that starts their creative juices Creative Juice is a daily craft show hosted by Emmy-nominated hosts Cathie Filian and Steve Piacenza on the HGTV and DIY Network. Nominated for an Emmy in the Best Lifestyle Host category in 2007. They are up against Paula Dean, Martha Stewart, and Emeril Lagasse. flowing. The session will proceed more smoothly and be more productive if everyone already has given thought to possible fraud risks.
* LEADERS SHOULD ENCOURAGE team members to share all ideas no matter how unusual they seem. Participants must feel free to speak openly without fearing a Loss of standing or credibility. Thus, setting a "zero tolerance" for criticism is essential.
* AGREEING ON KEY CONCLUSIONS ABOUT fraud risks will increase the likelihood of successful application of the group's ideas. Leaders should encourage participants to constructively discuss and evaluate all of the shared ideas to arrive at a consensus.
* LEADERS SHOULD USE RECOMMENDED brainstorming basics and techniques to get the best results, especially when guiding engagement team members who are new to such sessions. All are geared to encourage participants to generate as many ideas as possible.
MARK S. BEASLEY, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. , PhD, is associate professor of accounting at North Carolina State University History
See American Institute of Certified Public Accountants (AICPA). antifraud committee and education subcommittee sub·com·mit·tee
A subordinate committee composed of members appointed from a main committee.
Noun , as well as the Association of Certified Fraud Examiners Established in 1988 the Association of Certified Fraud Examiners is the professional organization that governs professional fraud examiners. Its activities include producing fraud information, tools and training. . His articles are widely published in accounting literature. His e-mail address See Internet address.
e-mail address - electronic mail address is email@example.com. J. GREGORY JENKINS, CPA, PhD, is assistant professor of accounting at North Carolina State University, Raleigh. His articles on accounting subjects are published in various academic and professional journals. His e-mail address is firstname.lastname@example.org.
To learn more about effective brainstorming and electronic brainstorming software, see these resources available on the Internet:
* "Brainstorming Prior to the Audit," www.aicpa.org/antifraud/ detection/identifying_vulnerability/incorporating_brainstorming_into_ planning/09.htm.
* "Brainstorming--Generating Many Radical Ideas," www. mindtools.com/brainstm.html.
* "Electronic Brainstorming and Collaboration," www.wirthlin. com/approach/electronic.phtml.
* GroupSystems.com, www.groupsystems.com/products.htm.
* "Preparing for a Successful Brainstorming Session," www. brainstorming.co.uk/tutorials/preparingforbrainstorming.html.
* "Process Guide #1: Brainstorming," http://projects.edtech. sandi.net/staffdev/tpss99/processguides/brainstorming.html.
* "The Step by Step Guide to Brainstorming," www.jpb.com/ creative/brainstorming.php.
Fraud Risk Brainstorming Meeting Sample Agenda
Purpose of meeting: To highlight the importance of professional skepticism and brainstorm about the susceptibility susceptibility
the state of being susceptible. Refers usually to infectious disease but may be to physical factors such as wetting or to psychological factors such as harassment. of the entity's financial statements to material misstatements due to fraud.
A. Emphasize importance of professional skepticism:
1. Fraud is possible in every client.
2. Critical evaluation of evidence is necessary.
B. Review conditions of fraud:
C. Exchange implications obtained from
1. Client acceptance/continuance procedures.
2. Other client-service work, including reviews of interim financial statements.
3. Prior-year experiences (for example, known misstatement mis·state
tr.v. mis·stat·ed, mis·stat·ing, mis·states
To state wrongly or falsely.
mis·statement n. areas).
4. Industry and economic changes.
D. Brainstorm current-year fraud risks:
1. Incentives or pressures for client personnel to perpetrate fraud.
2. Opportunities for client personnel to perpetrate fraud (for example, consolidation and closing entries):
(a) How and where the financial statements may be susceptible (for example, weak internal controls, accounts based on estimates/judgment).
(b) How management could perpetrate and conceal fraud.
3. Attitudes of client personnel that suggest an environment in which fraud may be rationalized.
E. Brainstorm possible audit responses to fraud risks identified:
1. Responses modifying the overall approach to the audit.
2. Expanded procedures related to high-risk accounts.
3. Surprise testing in high-risk areas.
F. Discuss procedures for bringing matters to the audit team's attention through completion of the audit.
G. Conclusion--documentation of fraud risks identified:
1. Method for communicating fraud risk information throughout the evidence-gathering process.
2. Method of documenting fraud risks identified.
* Antifraud and Corporate Responsibility Resource Center, www.aicpa.org/antifraud.
* Practice Aid: Fraud Detection in a GAAS See gallium arsenide. Audit--SAS No. 99 Implementation Guide by Michael J. Ramos, AICPA, 2002 (# 006613JA).
* Audit Risk Alerts: Most provide guidance about fraud-related risk in specific industries.
* Audit and Accounting Guides: Most provide industry-specific guidance on SAS no. 99 compliance.
* CPE (Customer Premises Equipment) Communications equipment that resides on the customer's premises.
CPE - Customer Premises Equipment : Fraud and the Financial Statement: Auditor Responsibilities Under the New SAS (available in text, video or DVD DVD: see digital versatile disc.
in full digital video disc or digital versatile disc
Type of optical disc. The DVD represents the second generation of compact-disc (CD) technology. ).
For information about these products or to place an order, go to www.cpa2biz biz
Noun 1. .com or call 1-888-777-7077.
PRACTICAL TIPS TO REMEMBER
* Keep in mind that many auditors have never encountered a fraud in their clients' businesses and may need encouragement to explore the subject.
* As with any group dynamic, there will be people who want to take over and others who will let them do it. The team leader has to strike a balance between them.
* The leader should be prepared to try different techniques to elicit e·lic·it
tr.v. e·lic·it·ed, e·lic·it·ing, e·lic·its
a. To bring or draw out (something latent); educe.
b. To arrive at (a truth, for example) by logic.
2. ideas from a group.
* Leaders should set clear ground rules and the tone for the group. Participants are more likely to generate high-quality ideas if they know what is expected of them and understand the rules of the activity.