LECTURE 6 – AUDITING FOR FRAUD
Fraud and Auditor Responsibilities
‘The detection of material fraud is a reasonable expectation of users of audited financial statements. Society
needs and expects assurance that financial information has not been materially misstated because of fraud.
Unless an independent audit can provide this assurance, it has little if any value to society.’
o Auditors now must assume greater responsibility for detecting fraud.
Level of responsibility has increased
Auditors need to look at the validity of evidence collected
Intentional concealment or misrepresentation of material facts in order to deceive.
o Differentiate from errors.
Fraud is separated into broad categories:
o Misappropriation of assets
Theft or embezzlement
o Fraudulent financial reporting
Can happen at all levels of the organisation
o Executives = can override control procedures
o Employees = smaller amounts but over a prolonged period of time this is still important
Misappropriation of Assets
Asset misappropriation is the theft or misuse of an organisation’s assets, by employees or management for
personal gain, e.g. skimming revenues, cash schemes, fraudulent disbursement/suppliers, inventory theft.
Corruption occurs when someone uses their influence in a transaction to gain personal benefit, e.g. kickbacks,
conflict of interest, bribery, economic extortion.
Financial Reporting Fraud
Intentional manipulation of financial statements by management, overriding internal controls.
o Manipulation, falsification or alteration of accounting records or supporting documents
o Misrepresentation or omission of events, transactions or significant information
o Intentional misapplication of accounting standards, e.g.
Overstating assets & understating expenses
Overstating revenues & assets
Keeping debt off the balance sheet
o All of these factors result in increasing profit (which is the ‘desire’ of fraud)
o This also results in increases to share prices
The Second COSO Report
COSO is the Committee of Sponsoring Organizations of the Treadway Commission.
o Tries to improve the quality of reporting
Issued report on internal control that identified major characteristics of companies that had perpetrated fraud:
o Usually smaller companies: under $200M revenue
o Board of directors dominated by management
o Audit committees non-existent or inactive
o Overstated revenues and corresponding assets in more than half the frauds
o Most revenue frauds involved premature recognition or fictitious revenues.
o No internal audit department
o Perpetrated over relatively long terms (average period 2 years)
o Companies were in loss situations or near break-even prior to the fraud
o CEO and/or CFO involved in 83 per cent of the cases
If auditors identify signs of fraud they have to investigate these signs.
The audit must be planned or designed to find fraud Auditing Standards – More Responsibility
ASA 240 The Auditor’s Responsibility to Consider Fraud in an Audit of a Financial Report
o Requires auditors to search for risk factors related to fraud.
If present, auditor must modify audit to:
o Actively search for fraud
o Require more substantive audit evidence
o Assign forensic (fraud) auditors to engagement.
Emphasises the need for professional scepticism
A Proactive Approach to Fraud Detection: Planning the Audit
Plan audit to detect material misstatements, due to errors or fraud.
The auditor must understand:
o The business o Identify opportunities for employees to
o How changes in the economy affect misappropriate assets
business o Analyse changes in the company’s
o Management’s motivations for financial results for reasonableness
committing fraud o Identify areas that might suggest fraud.
Conducting the Financial Report Audit: Fraud Awareness
The process to integrate fraud risk assessment and fraud procedures into the audit includes ten major steps:
1 understand the nature of fraud, motivations to commit fraud and how fraud may be committed
2 develop and implement an approach based on professional scepticism
3 brainstorm and share knowledge within the audit team
4 obtain information useful in identifying and assessing fraud risk
5 identify specific fraud risks and areas likely to be affected by fraud
6 evaluate the quality and effectiveness of company controls in mitigating the risk of fraud
7 respond; adjust audit procedures to address the risk of fraud and gather evidence specifically related to
the possibility of fraud
8 evaluate findings; if evidence signals fraud might exist, consider whether specialists are needed for the
9 communicate the possibility of fraud to management and the audit committee
10 document the audit approach.
Incentives / Pressures to Commit Fraud
Pressures to commit fraud include:
o Management compensation schemes
o Personal wealth tied to financial results/survival of the company
o Other financial pressures to improve earnings or the balance sheet, e.g. Avoid violating debt covenant.
o Personal factors
Opportunities to Commit Fraud
o Weak internal controls o Industry dominance
o Complex or unstable organisational o Simple transactions made complex
structure o Complex or difficult-to-understand
o Ineffective monitoring of management transactions
o Significant accounting estimates made o Management overrides internal
by management controls
o Significant related party transactions
Attitude or Ability to Rationalise Fraud
Nature of rationalisation differs depending on type
For misappropriations - personal issues:
o Personal financial problems o Sense of entitlement
o Mistreatment by the company o ‘Everyone does it.’
Fraudulent financial reporting - personal or organisational issues:
o Compensation based on results o Necessary for survival
o Ego o Management doesn’t care Fraud Scepticism: Changing Audit Procedures
Auditor should consider that evidence might not be what it seems when fraud is suspected
ASA 240 suggests auditors should consider these factors:
o greater susceptibility of evidence manipulation
o journal entries are important
o scepticism of management responses
o new technology provides new ways to commit fraud
o recognition that collusion may be likely
o predictability of audit procedures
o analytical procedures should tie to operational or industry data
o suspicions should always be raised in areas where the standards allow for discretion is aasb138
o revenue recognition is a high risk area
Audit Team Brainstorming
ASA 240 requires members of the audit team to discuss the risk of material misstatement due to fraud.
This brainstorming is designed to:
o Allow experienced auditors to educate less experienced auditors
o Set the proper level of professional scepticism for the audit.
Topics covered during the brainstorming should include:
o How fraud can be perpetrated and concealed
o Presumption of fraud in revenue recognition
o Incentives, opportunities and rationalisation for fraud
o Industry conditions
o Operating characteristics and financial stability
Obtaining Information about Fraud Risk
The auditor should specify procedures that could signal the possibility of fraud, including:
o Making inquiries of management about fraud risk
o Performing analytical procedures and considering any unusual relationships
o Reviewing risk factors (fraud triangle)
o Reviewing management responses to recommendations for c