Detecting Material Fraud: What to Do and How Far to Go - PowerPoint PPT Presentation

1 / 60

About This Presentation

Title:

Detecting Material Fraud: What to Do and How Far to Go

Description:

Auditors should perform some 'forensic-type' procedures on every audit to ... Lessons from Psychology. We self-correct for information that does not fit our ... – PowerPoint PPT presentation

Number of Views:281

Avg rating:3.0/5.0

Slides: 61

Provided by: johnjh

Category:

more less

Transcript and Presenter's Notes

Title: Detecting Material Fraud: What to Do and How Far to Go

1
Detecting Material FraudWhat to Do andHow Far
to Go

MSNA
2008 Audit and Accounting Conference
October 3, 2008
John J. Hall, CPA
Hall Consulting, Inc.

2
Fraud Risk Management

Type
Misappropriation / Theft
Manipulated Results
Corruption (including Related Party Transactions)
Significance
Macro
Micro
Systemic
Readiness Levels
Prevention / Deterrence
Early Detection
Incident Handling

3
Fraud by Category 2006 ACFE Study of 1,134 Cases
Asset Misappropriation 150,000
Corruption 538,000
Fraudulent Statements 2,000,000
4
ErrorversusIntent to Deceive
Inherent Challenges
5
TrustedClients
Inherent Challenges
6
For Consideration

Beating
the System

Largest threat comes from inside the system
7
Management Override
Inherent Macro Risk ???
8
Who does the detail workfor the CPA?
Inherent Challenges
9
Fees Drive HoursHours Can Drive Quality
Inherent Challenges
10
Variables
HI
IV
III
ABILITY
II
I
HI
LOW
ENVIRONMENT
11
Fraud Detection Expectations
Government Auditing Standards IIA Practice
Advisory 1210.A2-1 Statement of Auditing
Standards 99
12
IIA Practice Advisory 1210.A2-1
Consider fraud risks in the assessment of control
design and determination of audit steps to
perform. While internal auditors are not
expected to detect fraud and irregularities,
internal auditors are expected to obtain
reasonable assurance that business objectives for
the process under review are being achieved and
material control deficiencies whether through
simple error or intentional effort are detected.
13
IIA Practice Advisory 1210.A2-1
Have sufficient knowledge of fraud to identify
red flags indicating fraud may have been
committed. This knowledge includes the
characteristics of fraud, the techniques used to
commit fraud, and the various fraud schemes and
scenarios associated with the activities reviewed.
14
IIA Practice Advisory 1210.A2-1
Be alert to opportunities that could allow fraud,
such as control weaknesses. If significant
control weaknesses are detected, additional tests
conducted by internal auditors should be directed
at identifying other fraud indicators.
15
IIA Practice Advisory 1210.A2-1

Evaluate the indicators of fraud and decide
whether any further action is necessary or
whether an investigation should be recommended.
Notify the appropriate authorities within the
organization if a determination is made that
fraud has occurred to recommend an investigation.

16
SAS 82Consideration of Fraud in aFinancial
Statement Audit
17
Public Oversight Board

Panel on Audit Effectiveness - Recommendations
Auditors should perform some forensic-type
procedures on every audit to enhance the prospect
of detecting material financial statement fraud
Attitudinal shift in the auditors degree of
skepticism
During this phase, auditors should modify the
otherwise neutral concept of professional
skepticism and presume the possibility of
dishonesty at various levels of management,
including
Collusion
Override of internal control
Falsification of documents

18
Public Oversight Board

Panel on Audit Effectiveness - Recommendations
The key question that auditors should ask is
Where is the entity vulnerable to financial
statement fraud if management were inclined to
perpetrate it?
Auditors should consider incorporating a surprise
or unpredictability element in their tests
Retrospective audit procedures

19
Public Oversight Board

Panel on Audit Effectiveness - Recommendations
Develop or expand training programs for auditors
at all levels oriented toward responsibilities
and procedures for fraud detection. These
programs should emphasize interviewing skills and
the exercise of professional skepticism, as well
as testing techniques
Using auditors with forensic audit backgrounds to
assist in this training would be beneficial.

Date of Report August 31, 2000
20
SAS 99 Consideration of Fraud in a Financial
Statement Audit

Auditor Responsibilities
The auditor has a responsibility to plan and
perform the audit to obtain reasonable assurance
about whether the financial statements are free
of material misstatement, whether caused by fraud
or error (AU sec. 110.02)

21
SAS 99 Consideration of Fraud in a Financial
Statement Audit

Auditor Responsibilities
This statement SAS 99 established standards
and provides guidance to auditors in fulfilling
that responsibility, as it related to fraud, in
an audit of financial statements conducted in
accordance with generally accepted auditing
standards (GAAS).

22
SAS 99 v SAS 82

SAS 99 significantly expands the information
gathering phase beyond the work traditionally
performed. Changes include
Required brainstorming session among the audit
team members to discuss the potential for
material misstatement due to fraud
An increased emphasis on inquiry as an audit
procedure that increases the likelihood of fraud
detection
Expanded use of analytical procedures to gather
information used to identify risks of the
material misstatements due to fraud

23
SAS 99 Consideration of Fraud
Required audit team brainstorming session
24
The Fraud Triangle
Pressure
Opportunity
Attitude
25

Brainstorming
What Can Go
Wrong?

26
Financial Results Examples

Overstatement of Earnings
Fictitious Earnings
Understatement of Expenses
Overstatement of Assets
Understatement of Allowances for Receivables
Overstatement of Inventory
Overstatement of Property Values
Creation of Fictitious Assets
Understatement of Liabilities

27
PCAOB Observations

Auditors Overall Approach
to the Detection of Financial Fraud
auditors often document their consideration of
fraud merely by checking off items on standard
audit programs and checklists
auditors failed to expand audit procedures when
addressing identified fraud risk factors

28
PCAOB Observations

Auditors Overall Approach
to the Detection of Financial Fraud
it appeared that auditors were performing the
proceduresmechanically, without using those
procedures to develop insights on the risk of
fraud with a view toward identifying ways to
modify the audit plan in order to address the
risk.

29
PCAOB Observations

Brainstorming Session and
Fraud-Related Inquiries
PCAOB inspectors have
Identified audits in which the audit team was
unable to demonstrate that brainstorming sessions
were held
Identified audits in which the audit teams
brainstorming sessions occurred after planning
and after substantial fieldwork had begun
Identified audits in which key members of the
audit team did not attend the brainstorming
sessions

30
SAS 99 Consideration of Fraud
Introduces Human Psychology into the audit
process
31
Professional Skepticism

Attitude involving two aspects
Questioning mind
recognize possibility of fraud
set aside past experience and beliefs
despite beliefs re integrity
Critical assessment of evidence
not satisfied with less than persuasive evidence

32
SAS 99is mostlya state of mind
Auditor Psychology
33

begin (plan) with the
PRESUMPTION
that a fraud incident
has occurred

34
Lessons from Psychology

We self-correct for information that does not fit
our assumptions
Sources of assumptions
Past history
Personal experience
Training and culture
Our perceptions about staff and volunteers
probably are incomplete
Categories allow us to quickly analyze data
sometimes incorrectly

35
SAS 99 Consideration of Fraud
Iterative Process
36
SAS 99 Consideration of Fraud
Commission Conversion Concealment
37
SAS 99 Consideration of Fraud
Required Skills Communication Technology Forensic
Accounting
38
Obtaining Information Needed to Identify Risks
The auditor should perform the following
procedures

Consider other information that may be helpful in
the identification of risks of material
misstatement due to fraud (para. 34)
Three pages of very specific suggested
inquiries
Paragraph 27 The auditor should be aware when
evaluating managements responses to the
inquiriesthat management is often in the best
position to perpetrate the fraud.

THEREFORE, THEY WILL LIE TO YOU
39
Required Skills
Develop or Acquire

Communication
Emphasis on brainstorming and expanded use of
inquiry

FRAUD-BASED INTERVIEWING
40
Interview versus Interrogation

Interview non-accusatory, structured,
dialog-based, question and answer, held for a
specific purpose
Interrogation accusatory, held when there is
sufficient evidence to accuse the suspect of
fraud and seek a confession

41
Required Skills
Develop or Acquire

Communication
Technology
The impact technology has on the risk of fraud
Certain required or suggested audit procedures
may benefit from the use of CAATs such as data
extraction

42
Required Skills
Develop or Acquire

Communication
Technology
Forensic Accounting
Assess the risk of material misstatement due to
fraud
Design audit procedures that respond to the
assessed risk of fraud
Determine when a separate fraud investigation
engagement is necessary

43
Preventing Fraud Assessing the Fraud
Risk Management Capabilities of Todays
Largest Organizations
www.protiviti.com
44
Protiviti Preventing Fraud Report

Organizations are at different maturity points in
their capabilities to evaluate, mitigate and
monitor fraud risk.
Organizations are struggling to understand what
Fraud Risk Management means in the context of
their daily operations.
Education and awareness are critical issues that
need greater attention in order to successfully
manage fraud risk.

45
Managing the Business Risk of Fraud A Practical
Guide July 7, 2008
46
Five PrinciplesManaging the Business Risk of
Fraud A Practical Guide
Principle 1

As part of an organizations governance
structure, a fraud risk management program
should be in place, including a written policy
(or policies) to convey the expectations of
the board of directors and senior management
regarding managing fraud risk.

47
Five PrinciplesManaging the Business Risk of
Fraud A Practical Guide
Principle 2

Fraud risk exposure should be
assessed periodically by the organization
to identify specific potential
schemes and events that the
organization needs to mitigate.

48
Five PrinciplesManaging the Business Risk of
Fraud A Practical Guide
Principle 3

Prevention techniques
to avoid potential key fraud risk events
should be established, where feasible,
to mitigate possible impacts
on the organization.

49
Five PrinciplesManaging the Business Risk of
Fraud A Practical Guide
Principle 4

Detection techniques
should be established
to uncover fraud events
when preventive measures fail
or unmitigated risks are realized.

50
Five PrinciplesManaging the Business Risk of
Fraud A Practical Guide
Principle 5

A reporting process should be in place
to solicit input on potential fraud,
and a coordinated approach to investigation
and corrective action should be used
to help ensure potential fraud is addressed
appropriately and timely.

51
Key Points

Suitable fraud risk management oversight and
expectations exist (governance) Principle 1
Fraud exposures are identified and evaluated
(risk assessment) Principle 2
Appropriate processes and procedures are in place
to manage these exposures (prevention and
detection) Principles 3 4
Fraud allegations are addressed, and appropriate
corrective action is taken in a timely manner
(investigation and corrective action) Principle
5

52
Fraud Risk AssessmentKey Elements