Auditors' responsibility for fraud detection: SAS no. 99 introduces a new era in auditors' requirements.

Auditors will enter a much expanded arena of procedures to detect fraud as they implement SAS (1) (SAS Institute Inc., Cary, NC, www.sas.com) A software company that specializes in data warehousing and decision support software based on the SAS System. Founded in 1976, SAS is one of the world's largest privately held software companies. See SAS System. no. 99. The new standard aims to have the auditor's consideration of fraud seamlessly blended into the audit process and continually updated until the audit's completion. SAS no. 99 describes a process in which the auditor (1) gathers information needed to identify risks of material misstatement mis·state
tr.v. mis·stat·ed, mis·stat·ing, mis·states
To state wrongly or falsely.

mis·statement n. due to fraud, (2) assesses these risks after taking into account an evaluation of the entity's programs and controls and (3) responds to the results. Under SAS no. 99, you will gather and consider much more information to assess fraud risks than you have in the past. (For the text of the new standard, see Official Releases, page 105.)

PROFESSIONAL SKEPTICISM skepticism (skĕp`tĭsĭzəm) [Gr.,=to reflect], philosophic position holding that the possibility of knowledge is limited either because of the limitations of the mind or because of the inaccessibility of its object.

SAS no. 99 reminds auditors they need to overcome some natural tendencies--such as overreliance on client representations--and biases and approach the audit with a skeptical attitude and questioning mind. Also essential: The auditor must set aside past relationships and not assume that all clients are honest. The new standard provides suggestions on how auditors can learn how to adopt a more critical, skeptical mind-set on their engagements, particularly during audit planning and the evaluation of audit evidence.

NEW REQUIREMENT: DISCUSSION AMONG ENGAGEMENT PERSONNEL

SAS no. 99 requires the audit team to discuss the potential for a material misstatement in the financial statements due to fraud before and during the information-gathering process. This required "brainstorming" is a new concept in auditing literature, and early in the adoption process firms will need to decide how best to implement this requirement in practice. Keep in mind that brainstorming is a required procedure and should be applied with the same degree of due care as any other audit procedure.

There are two primary objectives of the brainstorming session. The first is strategic in nature, so the engagement team will have a good understanding of information that seasoned team members have about their experiences with the client and how a fraud might be perpetrated and concealed con·ceal
tr.v. con·cealed, con·ceal·ing, con·ceals
To keep from being seen, found, observed, or discovered; hide. See Synonyms at hide¹. .

The second objective of the session is to set the proper "tone at the top" for conducting the engagement. The requirement that brainstorming be conducted with an attitude that "includes a questioning mind" is an attempt to model the proper degree of professional skepticism and "set" the culture for the engagement. The belief is that such an audit engagement culture will infuse in·fuse
v.
1. To steep or soak without boiling in order to extract soluble elements or active principles.

2. To introduce a solution into the body through a vein for therapeutic purposes. the entire engagement, making all audit procedures that much more effective.

The mere fact the engagement team has a serious discussion about the entity's susceptibility susceptibility

the state of being susceptible. Refers usually to infectious disease but may be to physical factors such as wetting or to psychological factors such as harassment. to fraud also serves to remind auditors that the possibility does exist in every engagement--in spite of any history or preconceived pre·con·ceive
tr.v. pre·con·ceived, pre·con·ceiv·ing, pre·con·ceives
To form (an opinion, for example) before possessing full or adequate knowledge or experience. biases about management's honesty and integrity.

You should note that SAS no. 99 does not restrict brainstorming to the planning phase In amphibious operations, the phase normally denoted by the period extending from the issuance of the order initiating the amphibious operation up to the embarkation phase. The planning phase may occur during movement or at any other time upon receipt of a new mission or change in the of the audit process. Brainstorming can be used in conjunction with any part of the information-gathering process. Auditors gather data continuously throughout the engagement, so look for opportunities to brainstorm all the way through. Some auditors may choose to meet for discussions again near the conclusion of the audit to consider the findings and experiences of all team members and whether the team's assessment about and response to the risk of material misstatement due to fraud were appropriate.

In addition to brainstorming, SAS no. 99 requires audit team members to communicate with each other throughout the engagement about the risks of material misstatement due to fraud. In fact, the standard requires the auditor with final responsibility for the audit to determine whether there has been appropriate communication among team members throughout the engagement.

STRUCTURING AN EFFECTIVE BRAINSTORMING SESSION

Split it into two parts. The main objective of brainstorming is to generate ideas about how fraud might be committed and concealed at the entity. That is all that SAS no. 99 requires. As a practical matter, some engagement teams may choose to discuss how they might respond to the identified risks.

Determine a reasonable time limit. Consultants and business owners who participate regularly in business brainstorming sessions suggest that a good session lasts about an hour. After that, the energy begins to fade and the law of diminishing returns law of diminishing returns
n.
The tendency for a continuing application of effort or skill toward a particular project or goal to decline in effectiveness after a certain level of result has been achieved.

Noun 1. sets in.

Consider assigning "homework." The session will be much more productive if all members have a similar level of understanding about the client, the nature of its business and its current financial performance. For auditors brainstorming about fraud matters, it may be beneficial to perform analytical, fact-based research before the session. In structuring your session, it will help to consider the characteristics of the fraud triangle. For example, you might discuss the incentives/pressures that may exist at the entity or the opportunities management or employees have to commit fraud. You also might discuss observations about attitude/rationalization that may indicate the presence of risk at the company.

Describe the objective of the session in language people can relate to. To help generate creative, practical ideas, pose questions people can more easily understand, such as the following:

* If you were the bookkeeper for the entity, how could you embezzle embezzle

To take illegally something of value being held in custody for someone else. funds and not get caught?

* If you worked on the loading dock, how could you steal inventory?

* If you owned this company, how might you manipulate the financial statements to impress bankers?

SOME BRAINSTORMING RULES

You might consider setting ground rules to help you achieve your objective. Here are some examples.

* No ideas or questions are dumb DEAF, DUMB, AND BLIND. A man born deaf, dumb, and blind, is considered an idiot. (q.v.) 1 Bl. Com. 304; F. N. B. 233; 2 Bouv. Inst. n. 2111.

DUMB. One who cannot speak; a person who is mute. See Deaf and dumb, Deaf, dumb, and blind; Mute, standing mute. . Prejudging questions by labeling them "dumb" is one sure way to stifle the contribution of ideas.

* No one "owns" ideas. When individuals become personally invested in an idea, they tend to "fight" for it as long as possible. There may be a time and a place for battling over the validity of an idea, but a brainstorming session is not one of them.

* There is no hierarchy. The world of ideas does not recognize rank, experience or compensation level. Create an environment in which senior team members share information without dominating the discussion and junior members feel "safe" contributing their own ideas.

* Excessive note-taking is not allowed. A brainstorming session is an intuitive, spontaneous process A spontaneous process is a chemical reaction in which a system releases free energy (most often as heat) and moves to a lower, more thermodynamically stable, energy state.^[1]^[2] . Excessive note taking is a barrier to this process.

OBTAIN INFORMATION TO IDENTIFY THE RISKS OF FRAUD

SAS no. 99 significantly expands the number of information sources for identifying risks of fraud. It provides guidance on obtaining information from

* Management and others within the organization.

* Analytical procedures Analytical Procedures is one of financial audit skill which help an auditor understand the client's business and changes in the business, to identify potential risk areas and to plan other audit procedures. .

* Consideration of fraud risk factors.

* Other sources.

Management. The new standard lists several items you should ask about that relate to management's awareness and understanding of fraud, fraud risks and the steps taken to mitigate mit·i·gate
v.
To moderate in force or intensity.

miti·gation n. risks. Several of these inquiries were not required under previous standards. Some inquiries are relatively straightforward, but others may require you to "educate" management about the characteristics of fraud, the nature of fraud risks and the types of programs and controls that will deter and detect fraud. The guidance contained in SAS no. 99 provides you with the background necessary to discuss these matters.

Others. The SAS requires you to make inquiries of the audit committee (even if it is not active), internal audit personnel (if applicable) and others about the existence or suspicion of fraud and to inquire in·quire   also en·quire
v. in·quired, in·quir·ing, in·quires

v.intr.
1. To seek information by asking a question: inquired about prices.

2. as to each individual's views about the risks of fraud. "Others" can include those employees who are outside the financial reporting process.

For the most part, auditors tend to restrict their client inquiries to personnel directly involved in the financial-reporting process. This approach is appropriate for matters of which accounting personnel have direct knowledge--for example, how transactions are processed or controlled. However, it is less effective to ask accounting personnel about matters of which they do not have first-hand knowledge (for example, the procedures used to examine, count and receive items into inventory). Critics of the audit process frequently cite the auditor's reluctance to make inquiries outside of the accounting department as a reason for the lack of the in-depth understanding necessary to plan and perform an effective and efficient audit. SAS no. 99 is the first standard that requires auditors to make inquiries of "others within the entity" such as

* Operating personnel not directly involved in the financial-reporting process.

* People with knowledge of complex or unusual transactions.

* In-house legal counsel.

Further, you should not restrict your inquiries to senior management. The standard suggests making inquiries of personnel at various levels within the organization. These are two primary objectives in making such inquiries.

* To obtain first-hand knowledge of fraud. Fraud can happen in any department and at any level within the organization. Someone in the entity may have observed a person committing or concealing con·ceal
tr.v. con·cealed, con·ceal·ing, con·ceals
To keep from being seen, found, observed, or discovered; hide. See Synonyms at hide¹. a fraud. Often, those with knowledge of a fraud have stated, after the fact, that they would have told someone, "but nobody asked." SAS no. 99 increases the likelihood that the auditor will now be that "someone" who asks.

* To corroborate To support or enhance the believability of a fact or assertion by the presentation of additional information that confirms the truthfulness of the item.

The testimony of a witness is corroborated if subsequent evidence, such as a coroner's report or the testimony of other or lend perspective to representations of others. Operating personnel can corroborate representations made by others or provide a different perspective on how things "really work." For example, accounting department personnel may be able to provide you with the recommended control procedures relating to relating to relate prep → concernant

relating to relate prep → bezüglich +gen, mit Bezug auf +acc  the safeguarding of inventory, but operational personnel can tell you how the control procedures are applied in practice and when, if ever, those controls are overridden or circumvented.

The standard allows you to use considerable judgment in determining to which employees within the organization you should direct your inquiries and what questions you should ask.

EVEN MORE INQUIRIES

The new standard obligates you to inquire of management and others in the entity. However, it does not restrict you to making only those inquiries. In fact, it encourages you to make additional inquiries in order to gather or corroborate a wide variety of information that can help you identify or assess risks of material misstatement due to fraud. Many of the queries related to these matters should be submitted to personnel outside of management or the accounting department. For example, you may wish to use inquiries to

* Identify the presence of the fraud triangle characteristics.

* Understand the policies, procedures and controls for recording journal entries or other adjustments.

* Identify circumstances under which management has or may override An arrangement whereby commissions are made by sales managers based upon the sales made by their subordinate sales representatives. A term found in an agreement between a real estate agent and a property owner whereby the agent keeps the right to receive a commission for the sale of internal controls.

* Understand policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental related to revenue recognition.

* Understand the business rationale for significant unusual transactions.

Asking the same question of different people can increase the effectiveness of your inquiries, as you can compare answers to identify consistencies or anomalies in the responses.

PLANNING ANALYTICAL PROCEDURES

One of the reasons auditors fail to detect material misstatements caused by fraud is that they tend to look at current numbers in isolation from the past or other relevant information. For that reason, SAS no. 99 says the auditor should consider the results of analytical procedures in identifying the risks of material misstatement caused by fraud, and the standard provides a list of procedures auditors can employ that may indicate the presence of such risks.

FRAUD RISK FACTORS

A fraud risk factor is an event or condition that tracks the three conditions of the fraud triangle. Although fraud risk factors do not necessarily indicate that fraud exists, they often are warning signs where it does. Like SAS no. 82, this standard lists numerous illustrative il·lus·tra·tive
adj.
Acting or serving as an illustration.

il·lustra·tive·ly adv.

Adj. 1. fraud risk factors to help the auditor in considering whether fraud risks are present. However, in SAS no. 99, these illustrative fraud risk factors have been reorganized re·or·gan·ize
v. re·or·gan·ized, re·or·gan·iz·ing, re·or·gan·iz·es

v.tr.
To organize again or anew.

v.intr.
To undergo or effect changes in organization. to track the fraud triangle.

Auditors are cautioned not to think that these fraud risk factors are all-inclusive. In fact, research has found that auditors who used open-ended questions A closed-ended question is a form of question, which normally can be answered with a simple "yes/no" dichotomous question, a specific simple piece of information, or a selection from multiple choices (multiple-choice question), if one excludes such non-answer responses as dodging a that encouraged them to develop their own fraud risk factors outperformed those who relied on a checklist based on looking only for the illustrated fraud risk factors.

DESIGNING AUDIT PROCEDURES TO IDENTIFY FRAUD RISKS

SAS no. 99 says, "When obtaining information about the entity and its environment, the auditor should consider whether the information indicates that one or more fraud risk factors are present." As a practical matter, the application of SAS no. 22, Planning and Supervision, relating to audit planning, and SAS no. 55, Consideration of Internal Control in a Financial Statement Audit, as amended, relating to internal controls and the other sections of SAS no. 99, should allow you to identify the broad categories of fraud risks related to incentive/pressure and opportunity.

Regarding fraud risk factors relating to attitude/rationalization, you cannot possibly know with certainty a person's ethical standards and beliefs. However, during the course of your engagement, you may become aware of circumstances that indicate the possible presence of an attitude or ability to rationalize ra·tion·al·ize
v.
1. To make rational.

2. To devise self-satisfying but false or inconsistent reasons for one's behavior, especially as an unconscious defense mechanism through which irrational acts or feelings are made to appear that you consider to be a fraud risk. For example, a recurring re·cur
intr.v. re·curred, re·cur·ring, re·curs
1. To happen, come up, or show up again or repeatedly.

2. To return to one's attention or memory.

3. To return in thought or discourse. attempt by management to justify marginal, inappropriate accounting on the basis of materiality MATERIALITY. That which is important; that which is not merely of form but of substance.
     2. When a bill for discovery has been filed, for example, the defendant must answer every material fact which is charged in the bill, and the test in these cases seems to and a strained relationship between management and the current or predecessor auditor are fraud risks relating to fraudulent The description of a willful act commenced with the Specific Intent to deceive or cheat, in order to cause some financial detriment to another and to engender personal financial gain. financial reporting.

SAS no. 99 requires you to consider other information that may be helpful in identifying the risks of material misstatement due to fraud. This other data can be gleaned during

* The engagement team's brainstorming session.

* Client acceptance and continuance The adjournment or postponement of an action pending in a court to a later date of the same or another session of the court, granted by a court in response to a motion made by a party to a lawsuit. procedures.

* Reviews of interim financial information.

* Consideration of inherent risks at the account or transaction level.

IDENTIFY AND ASSESS FRAUD RISKS

The key to designing effective audit tests is to perform an effective synthesis of the identified risks. Synthesis is defined as "the assembling of a complex whole from originally separate parts." That is what you must do after you identify risks. SAS no. 99 requires auditors to assess fraud risks, but one of the problems practitioners have had with the previous standard on fraud is that they mistakenly believed "assessment" to mean they should describe the risk as high, medium or low. That is not how "assessment" is meant to be interpreted in SAS no. 99. The following illustration maps the audit process from risk identification to audit test design. "Synthesis" is the element that links the two ends of the process.

Eliminate risk synthesis from the process step, and the chain is broken--there is no link to risk identification.

Once that link between risk identification and audit test design is eliminated, it is not surprising that the design of audit tests is not effective in helping auditors identify risks

Your goal is to "assess" or to synthesize To create a whole or complete unit from parts or components. See synthesis. the identified risks to determine where the entity is most vulnerable to material misstatement due to fraud, the types of frauds that are most likely to occur and how those material misstatements are likely to be concealed.

LINKING AUDIT PROCEDURES TO IDENTIFIED RISKS OF MATERIAL MISSTATEMENT DUE TO FRAUD

To help you do a more effective job combining identified risks and providing that necessary link, SAS no. 99 offers this guidance. Remember the three elements of the fraud triangle; the risk of material misstatement due to fraud generally is greater when all three are present. As an auditor, use your intuition intuition, in philosophy, way of knowing directly; immediate apprehension. The Greeks understood intuition to be the grasp of universal principles by the intelligence (nous), as distinguished from the fleeting impressions of the senses. , judgment and experience to look for patterns in the identified fraud risks. The new standard reminds you that failure to observe one of the elements of the triangle does not guarantee an absence of fraud. Stated another way, it has been observed that auditors have a tendency to identify incentive and opportunity but mistakenly fail to pursue the issue because they have not seen an attitude/rationalization that is conducive con·du·cive
adj.
Tending to cause or bring about; contributive: working conditions not conducive to productivity. See Synonyms at favorable. to fraud.

It also helps to consider whether the identified risks are related to either specific accounts or transactions or to the financial statements as a whole. Once you can link the identified risks to a specific account (or the financial statements taken as a whole), you then can design and perform more effective procedures. When assessing information about potential fraud risks, consider the type, significance, likelihood and pervasiveness of the risk.

REQUIRED RISK ASSESSMENTS

When assessing risks, the new SAS has two additional requirements. As the auditor, you should

* Presume pre·sume
v. pre·sumed, pre·sum·ing, pre·sumes

v.tr.
1. To take for granted as being true in the absence of proof to the contrary: We presumed she was innocent. improper revenue recognition is a fraud risk. The vast majority of fraudulent financial reporting schemes involved improper revenue recognition. SAS no. 99 states that you "should ordinarily or·di·nar·i·ly
adv.
1. As a general rule; usually: ordinarily home by six.

2. In the commonplace or usual manner: ordinarily dressed pedestrians on the street. " presume there is risk of material misstatement due to fraud relating to revenue recognition. If you do not identify improper revenue recognition as a risk of material misstatement due to fraud, you should document the reasons supporting this conclusion.

* Always identify the risks of management override of controls as a fraud risk. Those who have studied fraudulent financial reporting have noted that risk of management override is unpredictable, and, therefore, it is difficult for auditors to design procedures to identify and assess it. For that reason, management override always should be addressed in the design of audit procedures.

CONSIDERING THE ENTITY'S ANTIFRAUD PROGRAMS AND CONTROLS

Once you have identified specific risks of fraud, you should consider the entity's programs and controls that mitigate or exacerbate your identified risks of material misstatement due to fraud. SAS no. 99 provides examples of programs and controls in large and small businesses. A new document, entitled en·ti·tle
tr.v. en·ti·tled, en·ti·tling, en·ti·tles
1. To give a name or title to.

2. To furnish with a right or claim to something: Management Antifraud Programs and Controls, is included as an exhibit to SAS no. 99; it also is posted online at www.aicpa.org/antifraud/management. This document, issued by the AICPA and other organizations, provides examples of programs and controls management can implement to help deter, prevent and detect fraud.

RESPONDING TO THE ASSESSED RISKS

You should address the risks of material misstatement due to fraud with a response that

* Has an overall effect on how the audit is conducted.

* Identifies risks involving the nature, timing and extent of audit procedures.

* Addresses management override of controls.

Judgments about the risks of material misstatement due to fraud have an overall effect on how the audit is conducted in the following ways.

Assignment of personnel and supervision. SAS no. 99 provides relatively straightforward guidance on this matter, which is easy to understand and implement. The guidance says the greater the risk of material misstatement, the more experienced personnel and the greater amount of supervision required on the engagement.

Accounting principles. The standard audit report expresses an opinion as to whether the financial statements "present fairly ... in accordance Accordance is Bible Study Software for Macintosh developed by OakTree Software, Inc.^[]

As well as a standalone program, it is the base software packaged by Zondervan in their Bible Study suites for Macintosh. with GAAP GAAP

See: Generally Accepted Accounting Principles

GAAP

See generally accepted accounting principles (GAAP). ." Some auditors and others involved in the financial reporting process have questioned whether the "present fairly" criterion has become subordinate to "in accordance with GAAP." That is, the issue may be whether some entities make a case that "since GAAP does not explicitly prohibit pro·hib·it
tr.v. pro·hib·it·ed, pro·hib·it·ing, pro·hib·its
1. To forbid by authority: Smoking is prohibited in most theaters. See Synonyms at forbid.

2. a particular accounting treatment, it must be acceptable" without considering whether the accounting will result in a "fair presentation" of the financial position, results of operations and cash flows.

Thus, the choice of accounting principles, in addition to their application, becomes crucial for auditors to consider. SAS no. 99 requires you to consider management's selection and application of significant accounting principles as part of your overall response to the risks of material misstatement.

The new standard focuses your attention on accounting principles related to subjective measurements and complex transactions. In addition, given the presumption A conclusion made as to the existence or nonexistence of a fact that must be drawn from other evidence that is admitted and proven to be true. A Rule of Law.

If certain facts are established, a judge or jury must assume another fact that the law recognizes as a logical of revenue recognition as a fraud risk, you should consider the integrity of the entity's policies on revenue recognition and whether these policies are consistent with key revenue-recognition concepts such as the completion of the earnings process, the realization of sales proceeds and the delivery of the product or service.

Predictability of auditing procedures. Successful perpetrators of fraud are familiar with the audit procedures external auditors The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. normally perform. With this knowledge they can conceal conceal,
v to hide; secrete; withhold from the knowledge of others. the fraud in accounts where auditors are least likely to look. SAS no. 99 requires you to incorporate an element of unpredictability into your procedures from year to year, and it provides tips for implementing this requirement.

ADDRESS SPECIFIC ACCOUNTS OR CLASSES OF TRANSACTIONS

SAS no. 99 provides general guidance on modifying the nature, timing and extent of the audit procedures you will perform to address identified risks of material misstatement due to fraud. Three other audit areas merit special mention: revenue recognition, inventory quantities and accounting estimates, which can go hand in hand with fraud and therefore can be interrelated in·ter·re·late
tr. & intr.v. in·ter·re·lat·ed, in·ter·re·lat·ing, in·ter·re·lates
To place in or come into mutual relationship.

in .

RISK OF MANAGEMENT OVERRIDE OF INTERNAL CONTROL

SAS no. 99 requires you to perform certain tasks to address the risk of management override of internal control. Executives can perpetrate per·pe·trate
tr.v. per·pe·trat·ed, per·pe·trat·ing, per·pe·trates
To be responsible for; commit: perpetrate a crime; perpetrate a practical joke. financial reporting frauds by overriding (programming) overriding - Redefining in a child class a method or function member defined in a parent class.

Not to be confused with "overloading". established control procedures and recording unauthorized or inappropriate journal entries or other postclosing modifications (for example, consolidating adjustments or reclassifications). To address such situations, SAS no. 99 requires you to test the appropriateness of journal entries recorded in the general ledger General Ledger

A company's accounting records. This formal ledger contains all the financial accounts and statements of a business.

Notes:
The ledger uses two columns: one records debits, the other has offsetting credits. and other adjustments.

Understanding the financial reporting process. To effectively identify and test nonstandard non·stan·dard
adj.
1. Varying from or not adhering to the standard: nonstandard lengths of board.

2. journal entries, you will need to obtain a good understanding of the entity's financial reporting process. This knowledge is important because it allows you to be aware of what should happen in a "normal" situation so you then can identify anomalies. You also should know how journal entries are recorded (for example, directly online or in batch mode from physical documents), be familiar with the design of any controls over journal entries and other adjustments and learn whether those controls have been placed in operation. This information will help you design suitable tests.

Testing journal entries and other adjustments. Your assessment of the risk of material misstatement due to fraud, together with your evaluation of the effectiveness of controls, will determine the extent of your tests. SAS no. 99 requires that you inspect the general ledger to identify journal entries to be tested and examine the support for those items.

The new standard provides extensive guidance on what to consider when selecting items for testing. Computer-assisted audit techniques may be required to identify entries that exist only electronically.

RETROSPECTIVE REVIEW retrospective review,
a posttreatment assessment of services on a case-by-case or aggregate basis after the services have been performed. OF ACCOUNTING ESTIMATES

Accounting estimates are particularly vulnerable to manipulation because they depend heavily on judgment and the quality of the underlying assumptions. SAS no. 99 requires you to perform a retrospective review of prior-year accounting estimates for the purpose of identifying bias in management's assumptions underlying the estimates. This review is not intended to call into question your professional judgments made in prior years that were based on information available only at that time. Rather, it should be considered within the context of its implications for the current-year audit and the facts and circumstances that currently exist.

BUSINESS RATIONALE FOR SIGNIFICANT UNUSUAL TRANSACTIONS

Many financial reporting frauds have been perpetrated or concealed by using unusual transactions that are outside the normal course of business. SAS no. 99 obligates auditors to understand the business rationale for these types of transactions and provides an excellent list of items you should consider when attempting to understand the business rationale for unusual transactions. As a prerequisite pre·req·ui·site
adj.
Required or necessary as a prior condition: Competence is prerequisite to promotion.

n. for performing this required procedure, the engagement team's understanding of the entity and its environment must be sufficient to allow it to recognize an unusual transaction.

EVALUATING AUDIT EVIDENCE

SAS no. 99 provides comprehensive examples of conditions you may identify during fieldwork field·work
n.
1. A temporary military fortification erected in the field.

2. Work done or firsthand observations made in the field as opposed to that done or observed in a controlled environment.

3. that might indicate fraud. SAS no. 99 reminds auditors that analytical procedures conducted as substantive procedures or as part of the overall review stage of the audit also may uncover previously unrecognized risks of material misstatement due to fraud. The standard provides several examples of unusual or unexpected analytical relationships that may indicate a risk of material misstatement due to fraud.

MISSTATEMENTS THAT MAY BE THE RESULT OF FRAUD

SAS no. 99 describes how you should respond when you determine that a misstatement is, or may be, the result of fraud. If you believe such a misstatement exists, but its effect is not material to the financial statements, you still are required to evaluate the implications of your belief, especially those dealing with the organizational person(s) involved. For example, if you discover that a member of senior management has fraudulently fraud·u·lent
adj.
1. Engaging in fraud; deceitful.

2. Characterized by, constituting, or gained by fraud: fraudulent business practices. overstated o·ver·state
tr.v. o·ver·stat·ed, o·ver·stat·ing, o·ver·states
To state in exaggerated terms. See Synonyms at exaggerate.

o his or her expenses for reimbursement Reimbursement

Payment made to someone for out-of-pocket expenses has incurred. , you will want to reevaluate the integrity of that individual and the impact an untrustworthy person in that position could have on the financial statements and your engagement.

In those instances where the misstatement is or may be the result of fraud, and the effect either is material or cannot be determined, you are required to take the following steps:

* Attempt to obtain additional evidence.

* Consider the implications for other aspects of the audit.

* Discuss the matter and the approach for further investigation with an appropriate level of management that is at least one level above those involved and with senior management and the audit committee.

* If appropriate, suggest the client consult with legal counsel.

SAS no. 99 provides guidance on the auditor's course of action when the risk of material misstatement due to fraud is such that he or she is considering withdrawing from the engagement. It is impossible to definitively describe when withdrawal is appropriate, but in any event you probably will want to consult with your legal counsel.

COMMUNICATIONS

SAS no. 99 says, "Whenever you have determined that there is evidence that a fraud may exist, that matter should be brought to the attention of the proper level of management. This is appropriate even if the matter might be considered inconsequential in·con·se·quen·tial
adj.
1. Lacking importance.

2. Not following from premises or evidence; illogical.

n.
A triviality. , such as a minor defalcation The misappropriation or Embezzlement of money.

Defalcation implies that funds have in some way been mishandled, particularly where an officer or agent has breached his or her fiduciary duty. by an employee at a low level in the entity's organization." Thus, the threshold for communication is "evidence that a fraud may exist." The mere presence of a fraud risk factor or some other condition that has been observed when fraud is present generally does not meet this threshold.

DOCUMENTATION

The documentation requirements of SAS no. 99 significantly extend those of the previous standard, requiring documentation supporting compliance with substantially all the major requirements of the standard. SAS no. 99 provides a complete, easy-to-understand list of documentation requirements.

According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3. the standard, you are required to document

* The discussion among engagement personnel in planning the audit regarding the susceptibility of the entity's financial statements to material misstatement due to fraud, including how and when the discussion occurred, the audit team members who participated and the subjects discussed.

* The procedures performed to obtain information necessary to identify and assess the risks of material misstatement due to fraud.

* Specific risks of material misstatement due to fraud that were identified and a description of the auditor's response to those risks.

* If the auditor has not identified improper revenue recognition as a risk of material misstatement due to fraud in a particular circumstance, the reasons supporting that conclusion.

* The results of the procedures performed to further address the risk of management override of controls.

* Conditions and analytical relationships that caused the auditor to believe additional auditing procedures or other responses were required and any further responses the auditor concluded were appropriate to address such risks or other conditions.

* The nature of the communications about fraud made to management, the audit committee and others.

SAS no. 99 has the potential to significantly advance the profession--to help auditors do their jobs more effectively, to audit smarter. It is a standard that reaches into all areas of the audit process and it moves auditors in a different direction, away from the "checklist mentality men·tal·i·ty
n.
The sum of a person's intellectual capabilities or endowment. " and more into a thinking person's audit. It puts professional skepticism front and center--exactly where it should be. Depending on how the standard is implemented, it has the potential to be a watershed watershed, elevation or divide separating the catchment area, or drainage basin, of one river system or group of river systems from another system or group of systems. The term is also often used synonymously with drainage basin. for how auditors think about and perform an audit.

The new fraud standard, while a significant step forward in expanding the functions of an engagement team in planning and performing an audit, is just one component of the AICPA's comprehensive antifraud and corporate responsibility program. Other fraud-related initiatives first were described in the September 4 speech AICPA President and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. Barry C. Melancon delivered to the Yale Club The Yale Club may be:

Yale Club of New York City
Yale Glee Club
Yale Club of Philadelphia
Yale Corinthian Yacht Club

in New York New York, state, United States
New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of . In the speech he underscored the AICPA's commitment to strengthen investor confidence by enhancing the quality of audits and reinforcing the profession's core values. When taken together, the initiatives establish a culture in which preventing and detecting fraud is everyone's business--auditors, corporate America and the financial reporting community. The program includes

* Establishing an Institute for Fraud Studies with the University of Texas at Austin “University of Texas” redirects here. For other system schools, see University of Texas System.
The University of Texas at Austin (often referred to as The University of Texas, UT Austin, UT, or Texas and the Association of Certified Fraud Examiners Established in 1988 the Association of Certified Fraud Examiners is the professional organization that governs professional fraud examiners. Its activities include producing fraud information, tools and training. to explore the origin of and circumstances surrounding fraud.

* Launching an Antifraud and Corporate Responsibility Resource Center, to be located on the AICPA Web site, featuring news, tools, information and resources in fraud prevention, detection and deterrence deterrence

Military strategy whereby one power uses the threat of reprisal to preclude an attack from an adversary. The term largely refers to the basic strategy of the nuclear powers and the major alliance systems. .

* Designing antifraud criteria and controls for public entities.

* Calling on CPAs to dedicate ded·i·cate
tr.v. ded·i·cat·ed, ded·i·cat·ing, ded·i·cates
1. To set apart for a deity or for religious purposes; consecrate.

2. 10% of their CPE (Customer Premises Equipment) Communications equipment that resides on the customer's premises.

CPE - Customer Premises Equipment credits to fraud.

* Sponsoring a fraud summit to bring together corporate leaders, the CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. profession and the financial reporting community to identify new ways to reduce the incidence of fraud.

* Developing free corporate governance Corporate Governance

The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. training programs focused on the roles and responsibilities of management and corporate officials.

* Working to ensure academic institutions and college textbook textbook Informatics A treatise on a particular subject. See Bible. authors incorporate antifraud education in training materials, courses and textbooks.

Many of these initiatives will be rolled out in the coming months. For more information about SAS no. 99, to read the appendix to it entitled, "Examples of Fraud Risk Factors," and to learn about the antifraud and corporate responsibility program, visit the AICPA Web site at www.aicpa.org/antifraud/risk.

The Fraud Triangle

Three conditioned are present when fraud occurs

Incentive/Pressure

Management or other employees may have an incentive or be under pressure, which provides a motivation to commit fraud.

Opportunity

Circumstances exist--for example, the absence of controls, ineffective controls, or the ability of management to override controls--that provide an opportunity for fraud to be perpetrated.

Rationalization/Attitude

Those involved in a fraud are able to rationalize a fraudulent act as being consistent with their personal code of ethics Code of Ethics can refer to:

Ethical code, a code of professional responsibility, noting what behaviors are "ethical".
Code of Ethics (band), a 90's Christian New Wave/Pop band

. Some individuals possess an attitude, character or set of ethical values that allows them to knowingly and intentionally in·ten·tion·al
adj.
1. Done deliberately; intended: an intentional slight. See Synonyms at voluntary.

2. Having to do with intention. commit a dishonest act.

The new fraud standard, Statement on Auditing Standards no. 99, Consideration of Fraud in a Financial Statement Audit, is the cornerstone cornerstone

Ceremonial building block, dated or otherwise inscribed, usually placed in an outer wall of a building to commemorate its dedication. Often the stone is hollowed out to contain newspapers, photographs, or other documents reflecting current customs, with a view to of the AICPA's comprehensive antifraud and corporate responsibility program. The goal of the program is to rebuild the confidence of investors in our capital markets and reestablish audited financial statements as a clear picture window into corporate America. From providing CPAs with clarified and focused auditing guidance to establishing a new institute for fraud studies, the AICPA is determined to help reduce the incidence of financial fraud.

This article is adapted from chapter 2 of Fraud Detection in a GAAS See gallium arsenide. Audit--SAS No. 99 Implementation Guide by Michael Ramos, which was published by the AICPA concurrent with the issuance of the new fraud standard. This nonauthoritative practice aid provides an in-depth, section-by-section explanation as well as implementation guidance and practice tips for the standard. To order the book (product no. 006613) by telephone, call the AICPA at 888-777-7077; to order online go to www.CPA2biz biz
n. Informal
Business.

biz
Noun

Informal business

Noun 1. .com.

COPYRIGHT 2003 American Institute of CPA's
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Author:	Ramos, Michael J.
Publication:	Journal of Accountancy
Date:	Jan 1, 2003
Words:	5082
Previous Article:	Fine-tune your marketing know-how.(certified public accountants)
Next Article:	Audit redux: practice considerations in accepting and performing reaudits.
Topics:	Auditing Standards Auditors Ethical aspects Fraud Laws, regulations and rules

Related Articles
Illegal acts: what are the auditor's responsibilities?
Financial fraud detection act introduced. (Financial Fraud Detection and Disclosure Act)
Senate bill to crack down on fraud would change the way CPAs do pension plan audits.
Auditing standards board addresses fraud. (American Institute of CPAs auditing standards board)
The truth about audits. (includes related article on the key factors of the auditing standard proposed by the American Institute of Certified Public...
Heralded fraud SAS released. (SAS no. 82 "Consideration of Fraud in a Financial Statement Audit")(Brief Article)
The auditor and fraud. (includes related article on the effect on business and industry of Statement on Auditing Standards no. 82)
AICPA launches assault on fraud. .
AICPA issues new audit standard for detecting fraud. (New Fraud Standards).(American Institute of Certified Public Accountants)(Brief Article)
Taking a bite outta fraud. (Fraud Standards).(Statement on Auditing Standards 99: Consideration of Fraud in a Financial Statement Audit)