The CPA as fraud-buster.

The fraud auditing standard hit the financial community in April 1997 with more fanfare than any of its 81 predecessors. Designed to give the auditor guidance in detecting material misstatements caused by fraud, SAS (1) (SAS Institute Inc., Cary, NC, www.sas.com) A software company that specializes in data warehousing and decision support software based on the SAS System. Founded in 1976, SAS is one of the world's largest privately held software companies. See SAS System. no. 82 also clarifies the auditor's responsibilities. It affects audits of multinational manufacturers in New York New York, state, United States
New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of and car dealerships This article is about car dealerships. For the indie pop band, see Dealership (band).

A car dealership or vehicle local distribution is a business that sells new cars and/or used cars at the retail level, based on a dealership contract with an automaker or in Montana. And its effective date--audits of financial statements for periods ending on or after December 15, 1997--means you have to know how to apply it now.

An earlier article, "The Auditor and Fraud" (JofA, Apr. 97, page 32), discussed the standard's major provisions. However, the auditor continues to need practical implementation guidance. Note the case study (pages 72-73) illustrates how the auditor may comply with the steps shown in the flowchart (page 71) in the audit of a small business. It should help clarify how practitioners might consider the presence of risk factors, assess the risk of material misstatement mis·state
tr.v. mis·stat·ed, mis·stat·ing, mis·states
To state wrongly or falsely.

mis·statement n. due to fraud, develop a response, document the performance of their assessment and meet their communication responsibilities.

The fraud SAS is upon us; it's time It's Time was a successful political campaign run by the Australian Labor Party (ALP) under Gough Whitlam at the 1972 election in Australia. Campaigning on the perceived need for change after 23 years of conservative (Liberal Party of Australia) government, Labor put forward a to know it and time to use it.

DETECTING AND DETERRING FRAUD RISK

SAS no. 82, Consideration of Fraud in a Financial Statement Audit, recognizes the auditor should be part of a broad, comprehensive effort that attempts to minimize fraud risk. Management is responsible for the prevention and detection of fraud and plays a significant role in deterring fraud by establishing a positive control environment and appropriate control activities. Essentially, the auditor and management are responsible for several areas, or methods, of fraud control:

Control environment. The control environment sets the tone of an organization, influencing the control consciousness of its people. The tone at the top is largely responsible for determining the attitude and performance expectations of others within the organization. A management that takes its responsibility seriously and establishes a positive control environment mitigates fraud risk. Conversely con·verse¹
intr.v. con·versed, con·vers·ing, con·vers·es
1. To engage in a spoken exchange of thoughts, ideas, or feelings; talk. See Synonyms at speak.

2. , fraud risk generally increases when management conveys the impression that internal control is unimportant un·im·por·tant
adj.
Not important; petty.

unim·portance n. or a necessary evil or that it provides only minimal benefits.

Control activities. Since financial statement fraud can occur even in a positive control environment, management needs control activities--the policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental that help ensure the entity addresses risks. For example, consider an entity with a large inventory of computer chips. Control activities--including periodic physical counting of this inventory and prompt reconciliation of the resulting count to perpetual inventory Perpetual Inventory

An accounting method of maintaining up-to-date property records that accurately reflect the level of goods on hand.

Notes:
The current balance of inventory is sustained daily by the addition of inventory to the account when goods are received and the records--reduce the potential for undetected material defalcation The misappropriation or Embezzlement of money.

Defalcation implies that funds have in some way been mishandled, particularly where an officer or agent has breached his or her fiduciary duty. . Entities that do not reconcile the count results to the perpetual inventory records face an increased likelihood of material defalcation.

Auditor skepticism. SAS no. 82 also is designed to make the auditor more skeptical. If a control environment is not positive or if management has not established relevant control activities, the potential for fraud may be high. The auditor needs to be more sensitive to the possible existence of fraud. He or she may have to probe deeper, challenge management's explanations of significant matters and extend audit procedures. This article largely addresses this third and final line of defense.

SAS 82's APPROACH

In clarifying the auditor's responsibility for detecting fraud, SAS no. 82 requires the auditor to perform certain steps throughout the audit. For example, it requires the auditor to consider the presence of fraud risk factors relating to relating to relate prep → concernant

relating to relate prep → bezüglich +gen, mit Bezug auf +acc  fraudulent The description of a willful act commenced with the Specific Intent to deceive or cheat, in order to cause some financial detriment to another and to engender personal financial gain. financial reporting and misappropriation misappropriation n. the intentional, illegal use of the property or funds of another person for one's own use or other unauthorized purpose, particularly by a public official, a trustee of a trust, an executor or administrator of a dead person's estate, or by any of assets, Paragraphs 16 and 18 of the statement describe specific categories under those two risk factors.

The standard also establishes specific auditor responsibilities for the assessment of fraud risk, documentation of performance and communication to management. The auditor must obtain management's understanding about the risk of fraud in the entity and determine whether it has knowledge of fraud perpetrated on or within the entity.

The flowchart illustrates the auditor's responsibilities under SAS no. 82 as well as some ideas on how the auditor can fulfill ful·fill also ful·fil
tr.v. ful·filled, ful·fill·ing, ful·fills also ful·fils
1. To bring into actuality; effect: fulfilled their promises.

2. those responsibilities. Note that the assessment of fraud risk is a continuous process throughout the course of the audit. The auditor has to keep an eye on to watch.
- Shak.

See also: Eye fraud risk during planning and throughout the engagement.

The previous standard, SAS no. 53, The Auditor's Responsibility to Detect and Report Errors and Irregularities, required the auditor to assess the risk of material misstatement due to errors or irregularities (fraud). The auditor also needed to design and perform audit procedures appropriate for the assessed risk. Under SAS no. 82, the auditor must specifically assess and respond to the risk of material misstatement due to fraud. While the auditor typically may assess fraud risk at the time of assessing control or inherent risk, there is no requirement to assess fraud risk in either quantitative (0% to 100%) or qualitative (high, medium or low) terms.

STATIC OR CONTINUOUS?

In the case study, the auditor identified the risk factors during both the planning and the performance of the audit. However, there is no one time to catch a fraud. The assessment of fraud risk has three steps that the auditor must repeat throughout the audit as relevant information comes to his or her attention:

* Consider the presence of risk factors.

* Assess risk.

* Develop a response.

In the case study, the audit partner recognized that one individual dominated the organization and probably could override An arrangement whereby commissions are made by sales managers based upon the sales made by their subordinate sales representatives. A term found in an agreement between a real estate agent and a property owner whereby the agent keeps the right to receive a commission for the sale of any controls. The partner also recognized other control weaknesses, including the low degree of management oversight of branch activity and the lack of independent approval before accounts were written off as uncollectible. SAS no. 82 requires the auditor to consider controls (as well as the susceptibility susceptibility

the state of being susceptible. Refers usually to infectious disease but may be to physical factors such as wetting or to psychological factors such as harassment. of assets to misappropriation) in the context of an assessment of risk of material misstatement due to fraud.

The example outlined in the case study could have occurred before the issuance of SAS no. 82. In the example, the auditor knew "something was wrong" and performed follow-up procedures until she had a satisfactory answer. In some respects, SAS no. 82 provides a structure or a more formal process for what a "good" auditor does instinctively in·stinc·tive
adj.
1. Of, relating to, or prompted by instinct.

2. Arising from impulse; spontaneous and unthinking: an instinctive mistrust of bureaucrats. .

WAS AN AUDIT FAILURE IN THE MAKING?

The case study also illustrates some reasons for an auditor's failure to detect material misstatements due to fraud. An auditor might not exercise the proper degree of profession al skepticism. For example, in the case study, the staff accountant relied exclusively on responses to inquiries and performed no procedures to corroborate To support or enhance the believability of a fact or assertion by the presentation of additional information that confirms the truthfulness of the item.

The testimony of a witness is corroborated if subsequent evidence, such as a coroner's report or the testimony of other the branch manager's explanations. The auditor who wishes to increase his or her chances of detecting fraud cannot be timid timid,
adj in Chinese medicine, pertaining to inadequate energy needed to face and overcome obstacles. about asking questions. Often, others in the organization know about or suspect fraud.

An auditor may simply be unaware that observed conditions can indicate a material fraud. The case study's staff accountant was too concerned with adjusting entries and not concerned enough about the apparent indication of fraud. Also, the staff accountant, who had not encountered fraud risk in the past, may simply not have known what to watch for. Did he look at the numbers in isolation, without developing an expectation about their reasonableness in view of other relevant information? The staff accountant failed to compare writeoff percentages and thus did not notice the variance from the main store.

The auditor cannot let budget pressures inordinately in·or·di·nate
adj.
1. Exceeding reasonable limits; immoderate. See Synonyms at excessive.

2. Not regulated; disorderly. influence audit procedures in the presence of fraud risk factors. In the case study, the audit partner exercised an appropriate level of supervision and review. As a result, she performed additional procedures to obtain sufficient audit evidence.

DOCUMENTATION REQUIREMENTS

As the flowchart shows, SAS no. 82 contains important documentation requirements. In planning for the audit, the auditor should document his or her performance of the fraud risk assessment and response to the factors identified. During field work, the auditor may identify risk factors or other conditions that lead to reassessing fraud risk. The auditor should document the factors or conditions identified and any further response deemed necessary.

Paragraph 37 of SAS no. 82 contains the specific requirement to document evidence of the performance of the assessment of the risk of material misstatement due to fraud. The auditor is allowed significant flexibility about the form of documentation. In the case study, the audit partner documented the risk factors and other conditions present, which were the noncash credits to accounts receivable accounts receivable n. the amounts of money due or owed to a business or professional by customers or clients. Generally, accounts receivable refers to the total amount due and is considered in calculating the value of a business or the business' problems in paying control and the contradictory explanations given by the manager. She also documented her response, which included contacting the store's customers about specific receipts on account. Additionally, she explained the rationale for her audit response, but such explanation is not required. The explanation of the partner's rationale would assist in the review of the circumstances at a later date. She also could explain the client's actions, if any, which would mitigate the risk in the future. Again, however, such explanation is not required.

Evidence of performing the fraud risk assessment could include the following:

* All of the risk factors identified as present during audit planning, regardless of whether they require a response.

* The response to those risk factors.

* Fraud risk factors or other conditions identified during the performance of field work that cause the auditor to believe an additional audit response is required and the auditor's additional response.

In identifying risk factors, the auditor may begin with a checklist of risk factors adapted from those in SAS no. 82 or a questionnaire. The auditor's considerations of internal control and inherent risk, past experience (if any) with the client and inquiries of management help identify the presence of fraud risk factors. The auditor has to document only the risk factors present.

Some auditors may wish to document other judgments. Optional documentation includes judgments such as

* The underlying rationale about why the risk factors identified are believed to possibly lead to misstatements.

* A conclusion that the auditor's planned response to the assessed level of fraud risk is adequate.

* Any existing control policies that mitigate the effect of risk factors.

* Specific inquiries related to fraud (performance of inquiries is required, but not documentation).

Of course, thorough and appropriate documentation may assist the auditor in subsequently reviewing, or even defending, judgments.

COMMUNICATIONS ABOUT FRAUD

According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3. SAS no. 82, when the auditor determines that evidence of a fraud may exist, he or she should discuss the issues with an appropriate level of management. The SAS distinguishes between the identification of fraud risk factors and the more serious identification of evidence that a fraud may exist. For example, in the case study, the partner subsequently determined that misrepresentations by the branch manager about liberalizing credit policies, along with the writeoffs, constituted evidence that a fraud may exist. At this point, the auditor should discuss the evidence with senior management even if the auditor does not believe the fraud is material. See paragraph 24(a) in SAS no. 53 and compare with paragraph 38 in SAS no. 82.

The auditor should report directly to the board of directors or its audit committee any evidence that senior management is involved in a possible fraud or that a fraud may cause a material financial statement misstatement. If the auditor believes senior management is involved, and there is no audit committee, the auditor should consider the guidance in paragraph 36 of SAS no. 82, which includes considering withdrawal from the engagement. When the risk factors identified constitute reportable conditions, the auditor should inform management and the audit committee,

The disclosure of fraud to parties other than the client's senior management and its audit committee usually is not part of the auditor's responsibility. Ordinarily or·di·nar·i·ly
adv.
1. As a general rule; usually: ordinarily home by six.

2. In the commonplace or usual manner: ordinarily dressed pedestrians on the street. , auditors' ethical or legal obligations of confidentiality prevent them from doing so anyway.

WHAT NEXT?

SAS no. 82 potentially represents a watershed watershed, elevation or divide separating the catchment area, or drainage basin, of one river system or group of river systems from another system or group of systems. The term is also often used synonymously with drainage basin. standard in the profession's effort to provide auditors with performance standards to assist them in discharging their responsibilities in detecting material misstatements. To assist auditors, the AICPA AICPA

See American Institute of Certified Public Accountants (AICPA). offers a variety of resources:

* Considering Fraud in a Financial Statement Audit: Practical Guidance for Applying SAS no. 82 (product no. 008883JA). This nonauthoritative practice aid includes three sections: implementation guidance; industry-specific risk factors and guidance; and examples including common fraud schemes. It provides documentation examples that meet the minimum requirements of the SAS and examples that go beyond them.

* CPE (Customer Premises Equipment) Communications equipment that resides on the customer's premises.

CPE - Customer Premises Equipment courses in various formats--computer-based, video and self-study. Call the AICPA at 800-862-4272.

* The AICPA Technical Information Hotline (800-862-4272).

As the case study shows, practitioners need to study the statement carefully. Only by becoming familiar with its provisions and requirements can auditors properly hone their skills in rooting out fraud.

RELATED ARTICLE: EXECUTIVE SUMMARY

* SAS NO, 82 PROVIDES GUIDANCE about auditors' responsibilities in detecting and reporting possible fraud. Practitioners need to examine the presence of risk factors, assess the risk of material misstatement due to fraud, develop a response, document the performance of their assessment and meet their communication responsibilities.

* MANAGEMENT HAS TO CREATE a proper control environment and establish control activities. The control environment sets the tone of an organization, influencing the control consciousness of its people.

* AUDITORS MUST INCREASE THEIR skepticism. They need to be more sensitive to the possible existence of fraud, challenging management's explanations of significant matters and extending audit procedures.

* FRAUD DETECTION IS NOT a one-time procedure. Auditors need to be wary throughout the entire engagement.

* AUDITORS ALSO NEED TO WATCH OUT for uncorroborated responses to inquiries; they should look at the big picture and speak up when confused.

* IF THE AUDITORS UNCOVER a possible problem, SAS no. 82 offers important guidance on documentation and reporting.

RELATED ARTICLE: CASE STUDY Misappropriation of Assets

Like many auditors, Julie Jones, CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. , never really expected that one of her clients would actually experience a material fraud. However, she refused to be lulled into a false sense of security or relax her professional skepticism. A recent audit engagement demonstrated the wisdom of her approach. Jones's description of, and observations about, her unexpected experience follow:

Last year, my firm audited a privately owned lumber lumber, term for timber that has been cut into boards for use as a building material. The major steps in producing lumber involve logging (the felling and preparation of timber for shipment to sawmills), sawing the logs into boards, grading the boards according to wholesaler with about $2.1 million in sales. The client had two locations in the state, one in town and a branch located in a city about 180 miles away. I stayed in town to do the audit at the main location and sent a staff assistant to the branch location for accounts receivable audit work. When the assistant returned after three days, I asked him if he had found anything. I was relieved when he replied he had not because we were under time pressure.

As I reviewed the customer accounts the assistant had selected for testing, I noticed an unusual one: a $90,000 credit to accounts receivable control, with an offset to the allowance for bad debts. The explanation read: "To adjust the general ledger General Ledger

A company's accounting records. This formal ledger contains all the financial accounts and statements of a business.

Notes:
The ledger uses two columns: one records debits, the other has offsetting credits. to the accounts receivable trial balance at the branch." I asked the assistant why an adjustment that significant was necessary. He repeated the branch manager's explanation that the branch office had some collection problems with several long-time customers and had eased credit terms Credit Terms

The conditions under which credit will be extended to a customer. The components of credit terms are: cash discount, credit period, net period. and criteria to increase sales.

When planning the audit, I recognized that the manager dominated at the branch and could probably override any controls. However, I did not worry when I first heard this since I was reasonably confident the company's remaining recorded receivables were collectible. Later that day, while reviewing the analytical procedures Analytical Procedures is one of financial audit skill which help an auditor understand the client's business and changes in the business, to identify potential risk areas and to plan other audit procedures. , I noticed that the accounts receivable writeoff percentages at the branch location were much higher than those of the main store. The workpapers carried this explanation: "Per store manager, writeoff and return policies were liberalized at the branch in order to attract customers in response to increased competition."

The next day I began to sense something was not right. While talking to Noun 1. talking to - a lengthy rebuke; "a good lecture was my father's idea of discipline"; "the teacher gave him a talking to"
lecture, speech

rebuke, reprehension, reprimand, reproof, reproval - an act or expression of criticism and censure; "he had to the controller at the main store, I referred to the problems at the out-of-town location and that they were working out. "It appears those credit policy changes you implemented earlier this year helped to attract new customers," I said.

"Credit policy changes?" she said. "What are you talking about? The company is a wholesale distributor-it doesn't have the kind of customers you find in a retail store. Most of our customers are construction contractors. We have been very sensitive to the economic indicators Economic indicators

The key statistics of the economy that reveal the direction the economy is heading in; for example, the unemployment rate and the inflation rate. in that industry and the financial health of our customers. If anything, we have tightened credit." The branch manager's explanation, I learned, had no basis in fact.

With that, I was convinced something was wrong, so the audit team confirmed selected sales and cash receipts activity in the customers' accounts that looked suspicious. We also traced payments back and forth from the subledger to the general ledger. We found delays between the date customers said payments had been made and when they were recorded. We also found an unusually large number of noncash credit entries to customer accounts.

It turned out the branch manager was stealing payments that customers had made on account. The manager was covering by writing off related accounts, but with occasional errors. The errors increased the number of entries necessary to cover the theft, which is why the subledger did not agree with the general ledger and why the writeoff rates were so much higher than the others. That $90,000 misstatement was definitely material, but it was not the only misstatement.

Going by the book. Julie Jones detected the material misappropriation of assets by following the approach described in SAS no. 82 and illustrated in the flowchart. First, she noted certain signs that she identified as fraud risk factors or other conditions affecting her risk assessment. Jones was aware that duties for processing large amounts of cash at the branch were not adequately divided among different individuals and that management was not providing adequate oversight of branch activities. She also knew that managers were no more or less honest than the employees--they just had more opportunity to commit fraud.

Once Jones identified these risk factors and other conditions, she made an assessment that "something was wrong. " The combination of risk factors and other conditions considered individually and together led the auditor to make that assessment. She determined the planned audit procedures were insufficient, so she extended her audit procedures until she was able to detect the material misstatement.

To complete the procedures required by the SAS, Jones would need to document certain items in the workpapers and make sure she complied with the communication requirements of the SAS. Specifically, she should document the risk factors and other conditions identified and her responses.

ANDREW H. BARNETT, CPA, PhD, is the director of the School of Accountancy, San Diego State University San Diego State University (SDSU), founded in 1897 as San Diego Normal School, is the largest and oldest higher education facility in the greater San Diego area (generally the City and County of San Diego), and is part of the California State University system. in California, and a former member of the AICPA accounting and review services committee. JAMES E. BROWN, CPA, is a partner of Baird, Kurtz & Dobson dob·son
n.
See hellgrammite.

[Probably from the name Dobson.]

Noun 1. dobson - large brown aquatic larva of the dobsonfly; used as fishing bait
hellgrammiate , Joplin, Missouri Joplin is a city located in parts of southern Jasper County and northern Newton County in the southwestern corner of Missouri. Joplin is the largest city in Jasper County, though it is not the county seat. , and a past member of the AICPA auditing standards board In the United States, the Auditing Standards Board (ASB) is the senior technical committee designated by the American Institute of Certified Public Accountants (AICPA) to issue auditing, attestation, and quality control statements, standards and guidance to certified public . ROBERT FLEMING Robert Fleming is the name of:

Robert Fleming (author), American writer of erotic fiction and horror fiction
Robert Fleming (composer) (1921–1976), Canadian composer

, CPA, is a shareholder of Urbach Kahn & Werlin, PC, Albany, New York For other uses, see Albany.
Albany is the capital of the State of New York and the county seat of Albany County. Albany lies 136 miles (219 km) north of New York City, and slightly to the south of the juncture of the Mohawk and Hudson Rivers. , and a former member of the ASB ASB Asbestos
ASB Arbeiter Samariter Bund (German medical help organisation)
ASB Anti-Social Behaviour
ASB Accounting Standards Board (UK FRC)
ASB Aarhus School of Business and its fraud task force. WILLIAM J. READ, CPA, PhD, is Gibbons Famous people named Gibbons include:

Beth Gibbons (born 1965), British singer
Billy Gibbons, guitarist for ZZ Top
Cedric Gibbons (1893–1960), American art director
Christopher Gibbons (1615 - 1676), English composer, son of Orlando

Research Professor of Accountancy, Bentley College Bentley College is located at 175 Forest Street in Waltham, Massachusetts, 10 miles west of Boston. Founded as a school of accounting and finance in Boston's Back Bay neighborhood, Bentley moved to Waltham in 1968 and today is ranked 31 on Business Week's top 100 undergrad , Waltham, Massachusetts One of the early centers of the Industrial Revolution in northern America, Waltham is a city in Middlesex County, Massachusetts, United States. The population was 59,226 at the 2000 census. .

COPYRIGHT 1998 American Institute of CPA's
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:	includes case study; fraud auditing standard
Author:	Read, William J.
Publication:	Journal of Accountancy
Date:	May 1, 1998
Words:	3117
Previous Article:	Measuring progress toward the vision. (AICPA Vision Process)
Next Article:	Single audit overhaul: easing the burden? (federal government audit rules for nonprofit organizations and state and local governments) (includes case...
Topics:	Auditing Standards Financial statements Standards Fraud investigation Standards

Related Articles
Auditing standards board addresses fraud. (American Institute of CPAs auditing standards board)
The warning signs of fraudulent financial reporting.
How to spot fraud. (includes related article on a scam developed by a construction project manager)
Heralded fraud SAS released. (SAS no. 82 "Consideration of Fraud in a Financial Statement Audit")(Brief Article)
The auditor and fraud. (includes related article on the effect on business and industry of Statement on Auditing Standards no. 82)
Major auditing iniatives coming to fruition; new risk model, standard on fraud among them.(Brief Article)
Exposure draft of new fraud standard released for comment. (accounting & auditing news).(Brief Article)
Auditors' new procedures for detecting fraud; ED's proposed changes address fraudulent financial statements.(AICPA auditing standards board exposure...
Taking a bite outta fraud. (Fraud Standards).(Statement on Auditing Standards 99: Consideration of Fraud in a Financial Statement Audit)
The first step in uncovering fraud in the auditor's bailiwick: analyzing financial information.(Sherlock Holmes, CPA, part 1)