sas 99: consideration of fraud in a financial statement audit

SAS 99: Consideration of Fraud in a Financial Statement Audit

Overall Requirement

An audit should be planned and performed to obtain reasonable assurance about whether the financial statements are free of material misstatements, whether caused by error or fraud.

An audit requires due professional care, which in turn requires that the auditor exercise professional skepticism.

Causes of Misstatements

Causes

Errors Fraud

Fraudulent Misappropriation

Financial of Assets

Reporting

Two Types of Fraud Considered in an Audit

• Fraudulent financial reporting (“cooking the books”)--examples– Falsification of accounting records– Omissions of transactions

• Misappropriation of assets--examples:– Theft of assets– Fraudulent expenditures

Professional Skepticism

• An attitude that includes a questioning mind and a critical assessment of audit evidence

• The engagement should be conducted recognizing possibility of material misstatement due to fraud

• An auditor should not be satisfied with less than persuasive evidence

Terminology Simplification

To simplify the display, we will abbreviate the term used in the standard “risk of material misstatement due to fraud” as follows:

Risk of material

misstatement = Risk of fraud

due to fraud

Fraud Conditions (“Fraud Triangle”)

Incentive(Pressure)

Opportunity Rationalization (Attitude)

Steps involved in Considering the Risk of Fraud

1. Staff discussion

2. Obtain information needed to identify risks

3. Identify risks

4. Assess identified risks

5. Respond to results of assessment

6. Evaluate audit evidence

7. Communicate about fraud

8. Document consideration of fraud

Step 1—Staff Discussion of theRisk of Fraud

• Brainstorm

• Consider how and where financial statements might be susceptible to fraud

• Exercise professional skepticism

Step 2—Obtain information needed to identify risk of fraud

• Inquiries of management, the audit committee, internal auditors and others

• Consider results of analytical procedures

• Consider fraud risk factors

• Consider other information

Step 3—Identify Risks that may Result in Fraud and Consider

• Type of risk

• Significance of risk (magnitude)

• Likelihood of Risk

• Pervasiveness of risk

Step 4—Assess the identified risks after considering programs and

controls

• Consider understanding of internal control

• Evaluate whether programs and controls address the identified risks

• Assess risks taking into account this evaluation

Step 5—Respond to Results of the Assessment

As risk increases• Overall responses

– More experienced staff– More attention to accounting policies– Less predictable procedures

• Specific responses– Consider need to increase evidence by

altering the nature, timing and extent of audit procedures

Step 5—Respond to Results of the Assessment (concluded)

• On all audits, the auditor should consider the possibility of management override of controls and examine:

– Adjusting journal entries

– Accounting estimates

– Unusual significant transactions

Step 6—Evaluate Audit Evidence

• Assess risk of fraud throughout the audit

• Evaluate analytical procedures performed as substantive tests and at overall review stage

• Evaluate risk of fraud near completion of fieldwork

• Respond to misstatements

Step 7—Communicate about Fraud

• Communicate– All fraud to an appropriate level of

management– All management fraud to audit committee– All material fraud to management and audit

committee

• Determine if reportable conditions related to internal control have been identified; communicate them to the audit committee

Document Consideration of Fraud

• Document steps 1 -7– Staff discussion– Information used to identify risk of fraud– Fraud risks identified– Assessed risks after considering programs and

controls– Results of assessment of fraud risk– Evaluation of audit evidence– Communications requirements

• If improper revenue recognition was not considered a risk, why it wasn’t

Question Number 1

What type of assurance is an audit planned and performed to obtain?

Question Number 2

What is professional skepticism?

Question Number 3

What are the two types of fraud addressed in an audit? Provide an example of each.

Question Number 4

What 3 conditions are ordinarily present when individuals commit fraud?

Question Number 5

In what area are analytical procedures required while planning the audit?

Question Number 6

What is “management override?”

Question Number 7

What are the required audit procedures in response to the possibility of management override?

Question Number 8

What responsibility does an auditor have for communicating fraud to management and the audit committee?