SAS 99

1
SAS 99Consideration of Fraud in a Financial
Statement Audit (October 2002)
2
Profession Under Pressure
Evening News
3
SAS 99

• Consideration of Fraud in a Financial Statement
  Audit (October 2002)
• Supersedes SAS 82 (AU 316) on Fraud.
• Modifies SAS 1 (AU 230) on Due Professional Care
  to Better Describe Fraud and Collusion.
• Modifies SAS 85 (AU 333) on Mgmt Representations
  to Require Inquiry of Mgmt as to Fraud and Fraud
  Risk.

4
Basic Responsibility

• The auditor has a responsibility to plan and
  perform the audit to obtain reasonable assurance
  about whether the financial statements are free
  of material misstatement, whether caused by error
  or fraud.
• No Change in Overall Responsibility.
• Same Detection Responsibilities for Misstatements
  Whether Errors/Mistakes or Fraudulent
  (Intentional).

5
Significant Changes

• Better Definition Increased Emphasis on
  Professional Skepticism.
• Re-categorizes Fraud Risk Indicators Under the 3
  Major Causes for Fraud.
• Requires Specific Inquiries with Mgmt Others on
  Fraud and the Risk of Fraud.
• Calls for Unpredictable Audit Tests.
• Includes Procedures to Specifically Test for Mgmt
  Override of Internal Controls.

6
Definition of Fraud

• An intentional act that results in a material
  misstatement in financial statements that are the
  subject of an audit.
• Two Types of Fraud
• Fraudulent Financial Reporting
• Misappropriation/Theft of Assets

7
What is a Misstatement?

• Amounts or Disclosures in F.S. are Misrepresented
  or Just Omitted.
• Could be Misapplication of GAAP.
• Effect Causes F.S. Not to Conform to GAAP.
• Generally Designed to Deceive F.S. Users When
  Caused by Financial Reporting Fraud.

8
Causes/Conditions for Fraud

• Motivation Incentives or Pressure
• Opportunity Weak, Ineffective Internal Controls
  or Ability for Mgmt Override
• Management Employee Attitudes or
  Rationalizations and Ethical Values
• All 3 Are Not Needed for Fraud to Occur and Each
  One Can Have Varying Values. But, The Higher the
  Value of All 3, the Higher the Risk For Fraud of
  Both Types.

9
SAS 99 Process

1. Developing Professional Skepticism
2. Identifying the Risk of Material Fraud
3. Assessing Impact of Risk on Audit
4. Responding to the Risks
5. Documentation

10
Professional Skepticism

• SAS 99 Says This is the Key to Fraud Detection.
• Defined as an Attitude or Mindset That Includes a
  Questioning Mind and a Critical Assessment of
  Audit Evidence Without any Beliefs About
  Managements Honesty or Integrity.

11
Identifying Fraud Risks

1. Inquiries of Management Others
2. Results of Analytical Procedures
3. SAS 99 List of Fraud Risk Factors
4. Other Information

12
Inquiries

• Inquiries of Management
• Inquiries of Others at the Client
• Audit Committee
• Internal Auditors
• Audit Contacts
• Operational Management
• In-house Legal
• Initiators of Complex/Unusual Transactions
• Objectives Identify Fraud Risk Indicators,
  Corroborate Management Answers Identify
  Inconsistencies.

13
Identifying Fraud Risks

• Ask Management About
• Knowledge of Fraud or Suspected Fraud
• Aware of Any Fraud Allegations
• Understanding of Fraud Risks for Entity

14
Identifying Fraud Risks

• Ask Management About
• Knowledge of Fraud or Suspected Fraud
• Aware of Any Fraud Allegations
• Understanding of Fraud Risks for Entity
• Programs Controls to Prevent, Deter or Detect
  Fraud Monitoring Thereof
• Methods Used to Communicate Views on Business
  Practices Ethical Behavior

15
Identifying Fraud Risks

• Ask Management About
• Knowledge of Fraud or Suspected Fraud
• Aware of Any Fraud Allegations
• Understanding of Fraud Risks for Entity
• Programs Controls to Prevent, Deter or Detect
  Fraud Monitoring Thereof.
• Methods Used to Communicate Views on Business
  Practices Ethical Behavior
• What Management Has Reported to the Audit
  Committee on Fraud and Related Programs
  Controls.
• And Share Results With Audit Committee

16
Identifying Fraud Risks

• Analytical Procedures
• GAAS-Required for Planning Final Overall Review
  of Audit Adjusted F.S.
• Looking for Unusual or Unexpected A/C Balances,
  Ratios or Trends.
• SAS 99 Highlights Use to Identify Risks for
  Improper Revenue Recognition.

17
Earnings Management
18
SAS 99 Fraud Risk Factors

• Now Categorized Under the 3 Causes or Conditions
  for Fraud
• Motivation (Incentives/Pressure)
• Opportunity
• Attitudes/Values/Rationalizations
• Basically, Conditions or Events Which Indicate
  Existence of the Above 3 Causes/Conditions.
• Risk Factors Included in an Appendix.

19
Identifying Fraud Risks

• SAS 99 - Other Information Sources
• Audit Team Discussions
• Client QC Procedures for Accepting or Continuing
  Clients
• Review of Interim F.S. and Information
• Inherent Risk Factors

20
Audit Team Discussions

• Include All Key Audit Team Members
• Emphasize Professional Skepticism
• Assess Clients Susceptibility to Fraud
• How Mgmt Could Perpetrate/Conceal Fraudulent
  Financial Reporting
• How Where F.S. Might Be Misstated
• How Assets Could be Misappropriated
• How to Respond to the Risks

21
Evaluating Fraud Risks

• Size Structure of Organization Matters as Some
  Risks Are Unavoidable in Small Entities or
  Entities With Many Locations.

22
Evaluating Fraud Risks

• Size Structure of Organization Matters as Some
  Risks Are Unavoidable in Small Entities or
  Entities With Many Locations.
• Identify A/Cs or Classes of Transactions With
  Increased Risk.

23
Evaluating Fraud Risks

• Size Structure of Organization Matters as Some
  Risks Are Unavoidable in Small Entities or
  Entities With Many Locations.
• Identify A/Cs or Classes of Transactions With
  Increased Risk.
• Consider Internal Controls Which Address the
  Increased Risks.

24
Evaluating Fraud Risks

• Size Structure of Organization Matters as Some
  Risks Are Unavoidable in Small Entities or
  Entities With Many Locations.
• Identify A/Cs or Classes of Transactions With
  Increased Risk.
• Consider Internal Controls Which Address the
  Increased Risks.
• But, MUST Consider Risks for Improper Revenue
  Recognition and Management Override of Internal
  Controls.

25
Responding to Fraud Risks

• Depends on
• Nature Significance of Fraud Risks Identified.
• Entitys Programs and Controls That Address These
  Risks.
• If Deemed Not Practical to Design Appropriate
  Audit Tests for High Risk, WITHDRAW.

26
Responding to Fraud Risks (cont)

• Assign Appropriate Personnel

27
Responding to Fraud Risks (cont)

• Assign Appropriate Personnel
• Assess GAAP Selection Bias

28
Responding to Fraud Risks (cont)

• Assign Appropriate Personnel
• Assess GAAP Selection Bias
• Design Additional or Different Audit Tests as
  Corroborating Evidence and Consider Optimal
  Timing Locations.
• Be Unpredictable (Changes from past to include
  types of audit tests, timing locations.)

29
Responding to Fraud Risks (cont)

• Assign Appropriate Personnel
• Assess GAAP Selection Bias
• Design Additional or Different Audit Tests as
  Corroborating Evidence and Consider Optimal
  Timing Locations.
• Be Unpredictable (Changes from past to include
  types of audit tests, timing locations.)
• Examples of Response for Various Types of Fraud
  Risks Included in SAS 99.

30
Responding to Fraud RisksManagement Override

• Because of Managements Ability to Override
  Internal Controls, It is Highly Unlikely
  Auditors Response to Fraud Risks Can be Solely
  Increased Tests of Controls.

31
Responding to Fraud RisksManagement Override
(cont)

• Consider Testing
• Adjusting Journal Entries

32
Responding to Fraud RisksManagement Override
(cont)

• Consider Testing
• Adjusting Journal Entries
• Other Adjustments to F.S.
• (Done during F.S. Preparation off books)
• Non-Standard Journal Entries

33
Responding to Fraud RisksManagement Override
(cont)

• Consider Testing
• Adjusting Journal Entries
• Other Adjustments to F.S. (off books)
• Non-Standard Journal Entries
• Accounting Estimates, Including Comparison to
  Reliability of Prior Years Estimates

34
Responding to Fraud RisksManagement Override
(cont)

• Consider Testing
• Adjusting Journal Entries
• Other Adjustments to F.S. (off books)
• Non-Standard Journal Entries
• Accounting Estimates, Including Comparison to
  Prior Years Reliability
• Significant Unusual Transactions
• (Form vs Substance, Business Rationale, Related
  Parties (incl. SPEs) and If Audit Committee
  Briefed)

35
Updating Fraud Risk Assessment

• Must Be Done Throughout the Audit, for
• Discrepancies in Accounting Records
• Missing Audit Evidence No Originals
• Altered Documents/Records
• Subsidiary/Control A/C Differences

36
Updating Fraud Risk Assessment (cont)

• Inconsistencies in Audit Evidence
• Uncooperative Mgmt or Employees
• Access to Records/Employees or Delays
• Time Constraints
• Objections to Audit Tests/Procedures
• Unwillingness to Make Proposed F.S. Adjustments

37
Updating Fraud Risk Assessment (cont)

• Results of Analytical Procedures
• Ones Done as Substantive Tests
• Ones Done as Part of Final Review of Audit
  Adjusted F.S., esp. Revenue

38
Updating Fraud Risk Assessment (cont)

• Results of Analytical Procedures (cont)
• Examples of Analytical Procedures Less Likely to
  be Manipulated (use of industry data,
  non-financial data) Included in SAS 99.

39
Updating Fraud Risk Assessment (cont)

• Final Overall Assessment
• Audit Team Discussion of Fraud Risks from
  Conducting Entire Audit

40
What If Fraud-Caused Misstatements Found?

• Auditor to Assess
• Materiality of Accounts Involved
• Level of Employee(s) Involved
• Implications on Other Aspects of the Audit and
• Effect of Misstatement on F.S.
• Suggest Client Seek Legal Counsel

41
What If Fraud-Caused Misstatements Found? (cont)

• Consider Withdrawing, If
• Managements Integrity in Question
• Lack of Diligence/Cooperation by Management or
  Board of Directors in the Investigation

42
Communicating Possible Fraud

• Discuss With Mgmt (1 Level Higher), Even If
  Immaterial.
• Discuss with Audit Committee If Senior Management
  Involved or Fraud Results in Material
  Misstatement to F.S.

43
Communicating Possible Fraud

• Discuss With Mgmt (1 Level Higher), Even If
  Immaterial.
• Discuss with Audit Committee If Senior Management
  Involved or Results in Material Misstatement to
  F.S.
• Reach Understanding with Audit Committee on
  Communicating Other Fraud.
• Consider Weaknesses in Internal Controls to
  Prevent, Deter or Detect Fraud as Reportable
  Conditions.

44
Communicating to Outsiders

• Generally, Not Required, Except
• Audits Under Govt Auditing Standards
• Response to Subpoena
• Successor Auditor, with Clients OK
• SEC Act of 1934 if Illegal Act
• Indirectly to SEC (Form 8-K) for Change in
  Auditors, If Auditors Fired/Withdraw

45
Required Documentation

• Audit Team Discussions
• (How, When , Who and What)
• Procedures Performed to Identify and Assess Fraud
  Risks
• Specific Fraud Risks Identified Auditors
  Response to the Risks

46
Required Documentation (cont)

• If No Risks Identified for Fraudulent Revenue,
  Basis for That Conclusion
• Results of Tests to Address Risks of Management
  Override of Internal Controls
• Audit Testing-Identified Fraud Risks
• Fraud-Related Communications

47
To Address Implementation Questions, AICPA
IssuedFraud Detection in a GAAS Audit - An
Auditors Field Guide

• Publication Date December 2002

48
Questions?