Auditing Firms' Fraud Risk Assessment Practices.
SYNOPSIS: The effectiveness of audits in detecting fraudulent misstatements in financial statements is of major concern to the auditing profession. This concern led to the issuance of Statement on Auditing Standards (SAS) No. 82, which made several changes in the manner in which auditors are
Key Words: Fraud, Risk of material misstatement, Audit planning, Audit methodology.
Data Availability: Because of the proprietary nature of the data obtained from the accounting firms, data are unavailable.
INTRODUCTION
Statement on Auditing Standards (SAS) No. 82 (AICPA 199Th) describes the current responsibilities of auditors in evaluating the risk of material misstatements in financial statements due to fraud and in planning the audit response to that risk. The auditor's assessment of the risk of material misstatement due to fraud and the related response is a major determinant of the effectiveness of any particular audit. An inadequate assessment or response can result in an ineffective audit, and an excessive assessment or response can result in an inefficient audit (McDaniel and Kinney 1995).
Concurrent with the issuance of SAS No.82 (effective for audits of periods beginning on or after December 15, 1997), the Auditing Standards Board (ASB) made a commitment to evaluate this standard and support research to assist in the evaluation process (AICPA 1997a, 13). This commitment along with the concerns expressed in the Public Oversight Board (POB) Panel on Audit Effectiveness Report and Recommendations has brought the fraud risk assessment process and the effectiveness of SAS No.82 back to the forefront of the ASB's agenda. Specifically, the FOB Panel on Audit Effectiveness Report (FOB 2000, 86) states:
The risk assessment and response process called for by SAS No. 82 falls short in effectively deterring fraud or significantly increasing the likelihood that the auditor will detect material fraud, largely because it fails to direct auditing procedures specifically toward fraud detection.
As a result, the ASB established a task force to reconsider the guidance contained in SAS No. 82. Therefore, relevant research on how SAS No. 82 has been implemented is of critical importance.
This paper describes the practice aids and guidance used by firms to assess fraud risk and raises SAS No. 82 implementation issues. It is designed to (1) stimulate and provide a basis for relevant research on the detection of fraud by describing and analyzing the current practices of auditing firms, (2) provide information for the ASB about current practices used to implement SAS No. 82, and (3) provide auditing educators with an understanding of how CPA firms approach this significant aspect of an audit in order to facilitate their classroom presentations of this important topic.
To obtain a comprehensive view of current practice, we compared and evaluated the audit manual sections and practice aids of all of the Big 5 accounting firms and two second-tier accounting firms. In addition, we interviewed national office partners/directors involved in developing practice materials for each firm. Results of this study indicate that audit firms differ as to whether their practice aids for fraud risk assessment are separate or integrated with other risk-assessment practice aids, the timing of the fraud risk assessment, and the method of assessing fraud risk. Furthermore, although all of the firms studied include all of the SAS No. 82 factors in their audit practice aids, certain other fraud risk factors identified in academic research are not included in firm practice aids.
SAS NO.82
Incidents of fraudulent financial reporting and the failures to detect it have increased the public's and regulators' concerns about auditors' responsibility and ability to detect fraud. SAS No. 82 represents the latest in the profession's attempt to provide guidance to auditors in meeting these obligations. Although this auditing standard does not fundamentally change auditors' responsibility for detecting material misstatements due to fraud, it was issued in order to (1) clarify and provide added visibility to that responsibility, (2) provide auditors with additional ground rules about the kind of audit work it takes to effectively meet the responsibility, and (3) drive audit performance by requiring documentation of auditors' assessments of fraud risk. Specifically, SAS No. 82 requires auditors to:
* Perform a "specific" assessment of the risk of material misstatement due to fraud when planning the audit.
* Consider "risk factors" when making the above risk assessment and respond in the planned audit approach to those risk factors identified. In this regard, SAS No. 82 provides over 40 examples of risk factors to consider.
* Inquire of management to obtain management's understanding of the risk of fraud and to determine if management has any knowledge of fraud perpetrated on or within the entity.
* Reassess the risk of material misstatement due to fraud at the conclusion of the audit, noting whether the accumulated results of audit procedures and other observations affect the risk assessment initially performed while planning the audit.
* Document in the working papers: (1) evidence of performance of the initial risk assessment, (2) those risk factors identified as being present, together with the auditor's response thereto, and (3) the identification of any additional risk factors or conditions coming into play during the completion of the work and the reassessment, together with any further response required.
* Communicate to management and/or others, as specified, when fraud is uncovered or suspected, and when risk factors are identified that give evidence of "reportable conditions" relating to an entity's internal control.
RESEARCH METHOD
We obtained audit manual sections and practice aids pertaining to fraud risk assessment from each of the Big 5 firms and two second-tier firms. After reviewing this material, we conducted conference-call interviews with one or two national office directors/partners in charge of auditing/assurance policy from each of the firms. At least two of the researchers participated in each interview and assured the firm representatives that their responses will be kept confidential.
To structure the interviews, we developed a questionnaire to be completed by each researcher in the course of each interview. The questionnaire was based on our review of SAS No. 82 and the firms' audit manual sections/practice aids. We began the interview by discussing the purpose of the project. We also verified the completeness of the firm materials we received and obtained additional practice aids/manual sections for analysis where deemed appropriate by a firm representative. These discussions preceded specific questions pertaining to each firm's approach and practice aids for the implementation of SAS No. 82. We questioned the rationale for the nature and format of the practice aids and guidance used to incorporate the requirements of SAS No. 82 into the audit methodology. Finally, the representatives were questioned about their perceptions of the effectiveness of SAS No. 82, problems encountered by field personnel in implementing it, firm-monitoring activities to assess its effects, and their general i mpressions about problems in detecting fraud. Each interview lasted approximately one hour.
After each interview, the questionnaires completed by the researchers involved were reconciled. Next, a composite summary was prepared describing the process of fraud risk assessment for each firm. We verified the accuracy of this composite by asking the partners/directors originally interviewed to review the summarized information for their respective firms. These summarized responses formed the basis for our analysis. Our analysis focuses more on how and where risk assessments are documented rather than on how they are actually made.
RESULTS
Review of the audit processes and firms' practice guidance resulted in the identification of the following factors that differentiate the firms studied:
1 The extent to which the fraud risk assessment is integrated with other aspects of the audit, such as the assessment of the control environment;
2 The timing of the fraud risk assessment;
3 The degree of consideration of fraud risk factors and the method of assessment at the engagement-acceptance/continuance stage of the audit;
4. The degree of consideration of fraud risk factors and the method of assessment during audit planning; and
5. The nature of the guidance regarding the auditor's responses to the fraud risk factors.
A comparison of these factors across accounting firms appears in Table 1.
Degree of Integration
As indicated in Panel A of Table 1, Big 5 firms A and B utilize separate fraud risk practice aids. The indicated rationale for a separate fraud assessment practice aid was the desire to focus the auditor's attention specifically on fraud risk. One firm representative stated that this separation allows the auditor to put a "fraud-risk hat on" for that assessment. Three of the Big 5 firms (C, D, and E) and second-tier firm B completely integrate the fraud risk assessment into the practice aid used to assess other aspects of audit risk (i.e., business risk, inherent risk, and/or control risk). There is no indication of which risk factors relate specifically to fraud. Although the practice aid of second-tier firm A also integrates the fraud risk assessment with other aspects of risk, the fraud risk factors are presented in a separate section of the practice aid. The partners/directors from firms that integrate the fraud risk assessment with other areas of audit risk believe that fraud risk is just one aspect of inherent and control risk and that the assessment is more appropriately integrated into other aspects of audit planning.
Timing of Fraud Risk Assessment
All firms consider aspects of fraud risk in making the client-acceptance/continuance decision (Table 1, Panel B). However, all but two firms postpone the required SAS No. 82 fraud risk assessment until the planning stage of the audit. The audit-planning practice aids of these five firms include all of the SAS No. 82 factors, even though some of the factors were previously considered during acceptance/continuance decisions. Only two firms, Big 5 firm C and second-tier firm A, perform the required SAS No. 82 fraud risk assessment as a part of the client-acceptance/continuance process. However, the representatives of Big 5 firm D indicated that their firm intends to move the fraud risk assessment to that stage of the audit. The representatives of these firms indicated that performing the fraud risk assessment at the acceptance/continuance stage of the audit reduces the redundancy created by considering certain fraud risk factors then and reconsidering them at the audit-planning stage. It also places the fraud r isk assessment process at the point where rejection/resignation decisions are more typically made, which is a potential response to a high fraud risk assessment.
On the other hand, performing the fraud risk assessment at the acceptance/continuance stage, vs. at the planning stage, may affect audit performance. Firm representatives expressed concern that after the auditor assesses management integrity, he/she develops an impression that is difficult to alter. If this concern is valid, the degree of professional skepticism for an engagement may be effectively set at the client-acceptance/continuance stage of the audit. Any subsequent consideration of management integrity that could arise, for example, when assessing fraud risk during audit planning, may not sufficiently adjust the auditor's mindset and, therefore, not affect the audit plan and professional skepticism. A similar concern about auditors' tendency to judge management as possessing integrity, and the related lack of skepticism, contributed to the recommendation in the POB Panel on Audit Effectiveness Report (POB 2000, 86-88) for a "forensic-type fieldwork phase" in every audit.
Method of Fraud Risk Assessment
As reported in Panel C of Table 1, the practice aids used by firms to assess fraud risk during the client-acceptance/continuance stage frequently involve check-off of fraud risk factors as being present or absent. Two firms, however, use scales to assess the degree to which a factor is present. Big 5 firm B requires the auditor to assess on an eight-point scale individual fraud risk factors pertaining to management-opportunities risk, pressures risk, integrity, and behavior. Big 5 firm C requires the auditor to assess some risk factors on five-point scales. This firm's expert system then combines these results with a scoring system based on components of business risk (Z-score equivalent, industry, company, and management) and financial-reporting risk (incentive, integrity/ethics, control, recent audit results) to develop a quantitative measure of overall engagement risk. Finally, Big 5 firm E requires the auditor to provide narrative responses to questions about fraud risk factors.
As noted in Panel D of Table 1, the practice aids of three firms that require fraud risk assessment at the audit-planning stage, involve check-off of fraud risk factors as being present or absent. Only Big 5 firm A and second-tier firm B take different approaches. Big 5 firm A provides a listing of the SAS No. 82 risk factors by category and requires the auditor to identify those that affect the audit plan. Prior to the issuance of SAS No. 82, second-tier firm B used an expert system that designed the audit approach for major accounts based on inherent and control risk as measured by responses to a questionnaire. The system contained most, but not all, of the risk factors in SAS No. 82. In transition to a new system, the firm added those SAS No. 82 risk factors not included in the system to a checklist addendum and requires its auditors to make an overall qualitative assessment of the level of risk of material misstatement due to fraud as "high," "medium," or "low."
SAS No. 82 does not require the auditor to make a specific quantitative or qualitative assessment of the level of fraud risk. The auditor is merely required to consider and document any and all fraud risk factors that require an audit response, along with the related response. Panels C and D of Table 1 report that most of the firms take this latter approach and do not require the auditor to document the level of fraud risk. Only second-tier firm B requires the auditor to make an overall assessment of fraud risk as "high," "medium," or "low." However, Big 5 firm C gets close to an overall fraud risk assessment with the quantitative assessment of financial-reporting risk generated by the firm's expert system at the acceptance/continuance stage of the audit.
The practice aids for the required inquiries of members of management about their assessment of fraud risk and incidents of fraud were found to be very similar across firms (not reported in Table 1). The practice aids list the specific inquiries, or the nature of the inquiries, and provide a place for documentation of management responses or require a memo describing the responses. Another important aspect of the risk assessment process is the experience level of individuals performing the assessment. All of the firm representatives indicated that their firms encourage or require the fraud risk assessment to be performed by a manager or a partner. However, representatives from several firms indicated that in practice it may be performed by the senior, with review and concurrence by the manager and the partner. All the firms appear to recognize the need to involve the engagement partner in the fraud risk assessment process.
Guidance Related to Audit Responses
Responses to the fraud risk assessment are influenced by the nature and significance of the fraud risk factors identified as being present. The auditor may decide to resign from the engagement if the identified fraud risk factors indicate very high risk and Panel E of Table 1 reports that three firms include guidance directing the auditor to consider resignation. Assuming the firm decides against resignation, the auditor should respond to the fraud risk factors in the overall audit plan or through specific audit procedures. SAS No. 82 provides some guidance on overall and specific responses to fraud risk factors (AU section 316.26-.32). Responses related to the overall audit plan include increased monitoring of the engagement, assignment of personnel with more or specialized experience, increased professional skepticism, increased scrutiny of accounting principles used by the entity, and reduced reliance on controls.
All of the firms studied offer some guidance to their auditors on the possible responses to fraud risk factors. However, only Big 5 firm B and second-tier firm B provide detailed guidance for modifying audit procedures that goes significantly beyond that given in SAS No. 82. Firm guidance also varies with respect to where it is located. Most of the firms' guidance related to possible responses to fraud risk factors is in their audit manuals. Only Big 5 firms B and C include the guidance in the practice aid. This difference in approach also may affect performance if an auditor is more likely to focus on information in a specific practice aid being addressed rather than referring to information contained in the related section of the overall audit manual.
Other Observations
All firms require that the reassessment of the risk of material misstatement due to fraud be documented at the conclusion of the engagement. However, the documentation often is only signing off on an audit program step. Second-tier firm A also requires the auditor to sign-off that audit adjustments made and passed do not suggest the presence of fraud.
Representatives from each firm stated that their firm made significant efforts to incorporate SAS No. 82 into its respective methodology. However, they also noted that many of the fraud risk factors were included in their firm materials used to assess inherent and control risk, prior to the issuance of SAS No. 82. In addition, each firm developed staff-training segments to support the implementation of SAS No. 82 and to instruct audit staff on fraud risk assessment. Table 1 reports that staff-training material of all of the firms includes cases that illustrate modifications of audit procedures for specific fraud risk factors.
Overall, the firm representatives believe SAS No. 82 adds prominence to fraud detection as an audit objective and increases client sensitivity to fraud by requiring management inquiries and formal client representations. However, representatives of each Big 5 firm and second-tier firm A stated that SAS No. 82 did not change their fundamental audit approach. They believe that in most cases auditors conclude that normal overall audit plans and procedures are sufficient to respond to the fraud risk factors identified. This observation is consistent with the findings of the POB Panel on Audit Effectiveness (P0B 2000, 86).
All firm representatives indicated that compliance with the standard will be monitored through their firms' normal quality control inspection processes. Only Big 5 firm B has a program specifically designed to assess the effectiveness of the changes resulting from implementing SAS No. 82. That firm established a group to assist engagement teams in implementing the new guidance and to reassess its audit effectiveness.
Additional Fraud Risk Factors
The firm representatives generally believe that the SAS No. 82 risk factors are legitimate, but that some are not very discriminating--that is, they are found in many audits in which fraud is not present. Most of the firms identified other fraud risk factors to supplement those in SAS No. 82. Some of these additional factors are related to instances of fraud in prior research, but many are not. Table 2 lists factors not included in SAS No. 82 that are identified by selected research studies. Several of these factors are included in the practice aids of one or more of the firms. Note that two of these studies (Bell and Carcello 1999; COSO 1999) were published after data were collected for this study.
Table 3 presents other factors not included in SAS No. 82, and not identified by prior research, that appear in the practice aids of one or more of the firms. Most of the additional factors used by audit firms relate to (1) management characteristics and influence over the control environment, and (2) operating characteristics and financial stability of the business. Several firm representatives stated that the assessment of fraud risk will be more effective once consensus is achieved on the distinguishing factors and their relative weights. Most of the representatives felt that extant research does not provide an adequate basis for this purpose.
PRACTICE IMPLICATIONS AND FUTURE RESEARCH
As noted previously, all of the firms surveyed made significant efforts to incorporate SAS No. 82 into their respective audit methodologies and each developed and provided training specifically addressing SAS No. 82 and fraud detection. Therefore, the new standard appears to achieve one important objective--further reinforcing to those within the auditing profession the nature and extent of the auditor's responsibilities to detect material misstatements due to fraud. Effective implementation of SAS No. 82 further depends upon appropriate assessments of the "right" fraud risk factors and then responding with the "right" procedures to address the identified risks. Our research results indicate that firms attack these two challenges somewhat differently.
Two firms utilize expert systems to assist the auditor in assessing fraud risk, while the other firms rely on unassisted auditor judgment in identifying the "right" risk factors. As Table 2 indicates, several of the risk factors found in empirical studies to be different across fraud and no-fraud firms are not included in SAS No. 82 or firm practice aids. Furthermore, the auditor's assessment of the "right" risk factors occurs during client-acceptance/continuance work in some firms and during audit planning in other firms. Firms may want to reevaluate their particular approaches in light of these variations in practice. The same can be said for auditors' responses to identified fraud risk factors. Following SAS No. 82 requirements does not assure that the auditor will select the "right" audit procedures to address identified risk factors. In fact, one firm representative stated that their own informal survey revealed that in most cases the identification of a fraud risk factor did not, in fact, cause a modifi cation to the otherwise planned audit approach.
Taken together, these findings raise important questions. Is the linkage between the risks and the planned procedures best assured when detailed guidance and instructions are embedded in the audit methodology? Is this linkage more assured when fraud risk factors are identified during the acceptance/continuance process or during audit planning? These are questions that firms should consider in developing guidance. Furthermore, only three firms' guidance encourages the auditor to consider resigning from the engagement.
Another interesting finding is that most firms rely on simple checklists when assessing fraud risk, while other firms use a more sophisticated scoring system. Prior academic studies provide some evidence that red-flag checklists do not significantly improve auditors' ability to assess fraud risk (Pincus 1989). Furthermore, auditors may have difficulty determining the effect of specific fraud risks factors on the risk of fraudulent financial reporting (Hackenbrack 1993). The profession and the individual firms should compare results of fraud risk assessments based on simple checklists and more sophisticated scoring systems. In fact, sharing these materials with the ASB may assist that body in evaluating the differences in approaches for policy-making purposes.
The various ways that SAS No. 82 is being implemented by the surveyed firms, raise a number of significant questions to be explored by future research. Prior studies examine auditors' risk assessments at the planning phase of the audit, yet the present study finds that in practice the initial fraud risk assessment occurs in varying degrees during the acceptance/continuance process. This difference in timing exists not only for first-year audits. Several firms assess continuance for all engagements at a specific time of the year that may not coincide with the timing of audit planning for particular engagements. Future studies could examine whether the timing of the fraud risk assessment affects audit performance. Moreover, recall that all firms studied require auditor sign-off for reassessment of fraud risk at the conclusion of the audit. One could explore what procedures, if any, are relied on for sign-offs and whether this requirement ever alters earlier assessments of fraud risk.
As indicated previously, some firms assess fraud risk when considering other aspects of audit risk, such as control risk and inherent risk, while others require a separate assessment. Zimbelman's (1997) study suggests that separately assessing fraud risk directs auditors' attention to fraud cues and leads to an overall increase in budgeted audit hours. Research could provide more conclusive evidence on the effects of the different approaches to fraud risk assessment on audit planning.
Behavioral experiments on audit-program planning generally either (1) require the subject to develop an assessment of the level of fraud or general risk on a continuum (e.g., from low to high) or (2) give the subject the assessment on a continuum and examine the resulting effects on judgments about audit planning. Recall that the fraud risk assessment protocol of most of the firms in this study calls for the auditor to identify the risk factors that affect the audit and to specify the effects on the audit plan. There is a need for behavioral experiments with a similar design, requiring the subject to make judgments about audit planning as each risk factor is identified. In addition, archival research performed after implementation of SAS No. 82 can provide further evidence about whether this standard leads auditors to effectively modify audit program steps to appropriately address fraud risk factors. Finally, given the use of various firm practice aids for the assessment of fraud risk, additional research is needed on the effectiveness of checklists and other types of practice aids in assisting auditor judgment about fraud risk and its effects on other aspects of the audit.
Sandra Wailer Shelton is an Assistant Professor and O. Ray Whittington is a Professor, both at DePaul University, and David Landsittel is retired from Arthur Andersen LLP.
REFERENCES
American Institute of Certified Public Accountants (AICPA). 1997a. Horizons for the Auditing Standards Board. New York, NY: AICPA.
_____. 1997b. Consideration of Fraud in a Financial Statement Audit. Statement on Auditing Standards No. 82. New York, NY: AICPA.
Beasley, M. S. 1996. An empirical analysis of the relation between the board of director composition and financial statement fraud. The Accounting Review 71 (October): 443-465.
Bell, T. B., and J. V. Carcello. 1999. A decision aid for assessing the likelihood of fraudulent financial reporting. Auditing: A Journal of Practice & Theory 19 (Spring): 169-184.
Committee of Sponsoring Organizations of the Treadway Commission (COSO). 1999. Fraudulent Financial Reporting: 198 7-1997: An Analysis of U.S. Public Companies. New York, NY:
COSO.
Dechow, P. A., R. G. Sloan, and A. P. Sweeney. 1996. Causes and consequences of earnings manipulation: An analysis of firms subject to enforcement actions by the SEC. Contemporary Accounting Research 13 (Spring): 1-36.
Hackenbrack, K. 1993. The effect of experience with different sized clients on auditor evaluations of fraudulent financial reporting indicators. Auditing: A Journal of Practice & Theory (Spring): 99-110.
Loebbecke, J. K., M. M. Eining, and J. J. Willingham. 1989. Auditors' experience with material irregularities: Frequency, nature, and detectability. Auditing: A Journal of Practice & Theory 9 (Fall): 1-28.
McDaniel, L. S., and W. R. Kinney. 1995. Expectation-formation guidance in the auditor's review of interim financial information. Journal of Accounting Research (Spring): 59-76.
McMullen, D. A., K. Raghunandan, and D. V. Rama. 1996. Internal control reports and financial reporting problems. Accounting Horizons 10 (December): 67-75.
Public Oversight Board (POB), Panel on Audit Effectiveness. 2000. Report and Recommendations. Stamford, CT: POB.
Persons, O. 1995. Using financial statement data to identify factors associated with fraudulent financial reporting. Journal of Applied Business Research (Summer): 38-46.
Pincus, K. 1989. The efficacy of a red flags questionnaire for assessing the possibility of fraud. Accounting, Organizations and Society 14: 153-163.
Summers, S. L., and J. T. Sweeney. 1998. Fraudulently misstated financial statements and insider trading: An empirical analysis. The Accounting Review (January): 131-146.
Zimbelman, M. F. 1997. The effects of SAS No. 82 on auditor's attention to fraud risk factors and audit planning decisions. Journal of Accounting Research (Supplement): 75-97.
Comparative Analysis of Fraud Risk
Assessment
Big 5 Big 5 Big 5 Big 5 Big 5
A B C D E
Panel A: Integration of Practice
Aids Used
Separate practice aid addressing * *
fraud risk
Fraud risk assessment integrated * * *
with other practice aids.
No indication of which factors
specifically relate to risk of
fraud.
Fraud risk assessment integrated
with other practice aids.
Fraud risk factors included in a
separate section of practice aid.
Panel B: Timing of Fraud Risk
Assessment
Fraud risk factors identified and * * * * *
documented during acceptance/-
continuance decision.
Audit-planning process. * * * *
Panel C: Method of Fraud Risk
Assessment during Client
Acceptance/Continuance
Questionnaire/checklist to * *
identify fraud risk factors
present/absent
Eight-point scale to assess
individual fraud risk factors
related to management risk and
integrity and behavior. *
Combination of questionnaire/- *
checklist and five-point scale to
identify and assess fraud risk
factors.
Short narrative responses to *
specific questions addressing
fraud risk factors.
Second- Second-
Tire-A Tire B
Panel A: Integration of Practice
Aids Used
Separate practice aid addressing
fraud risk
Fraud risk assessment integrated *
with other practice aids.
No indication of which factors
specifically relate to risk of
fraud.
Fraud risk assessment integrated *
with other practice aids.
Fraud risk factors included in a
separate section of practice aid.
Panel B: Timing of Fraud Risk
Assessment
Fraud risk factors identified and * *
documented during acceptance/-
continuance decision.
Audit-planning process. *
Panel C: Method of Fraud Risk
Assessment during Client
Acceptance/Continuance
Questionnaire/checklist to * *
identify fraud risk factors
present/absent
Eight-point scale to assess
individual fraud risk factors
related to management risk and
integrity and behavior.
Combination of questionnaire/-
checklist and five-point scale to
identify and assess fraud risk
factors.
Short narrative responses to
specific questions addressing
fraud risk factors.
Panel D: Method of Fraud Risk
Assessment during Audit Planning
Identified fraud risk factors and * *
planned responses are documented.
Factors are checked-off as being *
present/absent.
Auditor identifies fraud risk *
factors by SAS No. 82 categories
with examples of factors for each
category.
Overall assessment of risk of fraud
as "high," "medium," or "low."
SAS No. 82 factors included in
expert system that designs audit
program. A supplemental check-off
of additional factors.
Panel E: Guidance on Response to
Fraud Risk Factors
Consider resignation *
Adjust assignment and supervision * *
of personnel.
Consider consulting a fraud *
specialist.
Adjust professional skepticism. *
Increase scrutiny of according *
principles used.
Consider affect on assessment of *
control risk.
Modify nature, timing, and extent * *
of audit procedures.
Provides examples of modification * *
of the nature, timing, and extent
of audit procedures from
SAS No. 82.
Provides detailed guidance of *
modification of the nature, timing
and extent of audit procedures
significantly beyond that provided
by SAS No. 82.
Location of Guidance Audit Manual Practice Aid
Training materials include cases * *
illustrating modifications of
audit procedures for specific
fraud risk factors.
Panel D: Method of Fraud Risk Not assessed
Assessment during Audit Planning during audit
Identified fraud risk factors and planning *
planned responses are documented.
Factors are checked-off as being *
present/absent.
Auditor identifies fraud risk
factors by SAS No. 82 categories
with examples of factors for each
category.
Overall assessment of risk of fraud
as "high," "medium," or "low."
SAS No. 82 factors included in
expert system that designs audit
program. A supplemental check-off
of additional factors.
Panel E: Guidance on Response to
Fraud Risk Factors
Consider resignation *
Adjust assignment and supervision * *
of personnel.
Consider consulting a fraud
specialist.
Adjust professional skepticism. * *
Increase scrutiny of according * *
principles used.
Consider affect on assessment of * *
control risk.
Modify nature, timing, and extent * *
of audit procedures.
Provides examples of modification * *
of the nature, timing, and extent
of audit procedures from
SAS No. 82.
Provides detailed guidance of
modification of the nature, timing
and extent of audit procedures
significantly beyond that provided
by SAS No. 82.
Location of Guidance Practice Aid Audit Manual
Training materials include cases * *
illustrating modifications of
audit procedures for specific
fraud risk factors.
Panel D: Method of Fraud Risk Not assessed
Assessment during Audit Planning during audit
Identified fraud risk factors and * planning
planned responses are documented.
Factors are checked-off as being *
present/absent.
Auditor identifies fraud risk
factors by SAS No. 82 categories
with examples of factors for each
category.
Overall assessment of risk of fraud
as "high," "medium," or "low."
SAS No. 82 factors included in
expert system that designs audit
program. A supplemental check-off
of additional factors.
Panel E: Guidance on Response to
Fraud Risk Factors
Consider resignation *
Adjust assignment and supervision * *
of personnel.
Consider consulting a fraud
specialist.
Adjust professional skepticism. * *
Increase scrutiny of according * *
principles used.
Consider affect on assessment of * *
control risk.
Modify nature, timing, and extent * *
of audit procedures.
Provides examples of modification * *
of the nature, timing, and extent
of audit procedures from
SAS No. 82.
Provides detailed guidance of
modification of the nature, timing
and extent of audit procedures
significantly beyond that provided
by SAS No. 82.
Location of Guidance Audit Manual Audit Manual
Training materials include cases * *
illustrating modifications of
audit procedures for specific
fraud risk factors.
Panel D: Method of Fraud Risk
Assessment during Audit Planning
Identified fraud risk factors and
planned responses are documented.
Factors are checked-off as being
present/absent.
Auditor identifies fraud risk
factors by SAS No. 82 categories
with examples of factors for each
category.
Overall assessment of risk of fraud *
as "high," "medium," or "low."
SAS No. 82 factors included in *
expert system that designs audit
program. A supplemental check-off
of additional factors.
Panel E: Guidance on Response to
Fraud Risk Factors
Consider resignation
Adjust assignment and supervision *
of personnel.
Consider consulting a fraud
specialist.
Adjust professional skepticism. *
Increase scrutiny of according *
principles used.
Consider affect on assessment of *
control risk.
Modify nature, timing, and extent *
of audit procedures.
Provides examples of modification *
of the nature, timing, and extent
of audit procedures from
SAS No. 82.
Provides detailed guidance of
modification of the nature, timing
and extent of audit procedures
significantly beyond that provided
by SAS No. 82. *
Location of Guidance Audit Manual
Training materials include cases *
illustrating modifications of
audit procedures for specific
fraud risk factors.
Fraud Risk Factors from Selected
Studies Not Included in SAS No. 82
Loebbecke McMullen
et al. Persons et al.
Fraud Risk Factors (1989) (1995) (1996)
Corporate Governance
Smaller percentage of outside
members of the board of directors.
Greater insider trading activity.
Ownership status.
Management dominates the baord
of directors.
CEO serves as Chairman of the
Board.
CEO is firm's founder.
No outside stockholder with
significant equity ownership.
No audit committee.
Audit committee meets less than
twice/year.
Significant equity ownership by
insider or gray directors with
little experience serving as
directors of other companies.
Family relationship among
directors and/or officers.
Dechow Summers and
et al. Beasley Sweeney
Fraud Risk Factors (1996) (1996) (1998)
Corporate Governance
Smaller percentage of outside *
members of the board of directors.
Greater insider trading activity. *
Ownership status.
Management dominates the baord *
of directors.
CEO serves as Chairman of the *
Board.
CEO is firm's founder. *
No outside stockholder with *
significant equity ownership.
No audit committee. *
Audit committee meets less than
twice/year.
Significant equity ownership by
insider or gray directors with
little experience serving as
directors of other companies.
Family relationship among
directors and/or officers.
Bell and Number of
COSO Carcello practice aids
Fraud Risk Factors (1999) (1999) with factor
Corporate Governance
Smaller percentage of outside *
members of the board of directors.
Greater insider trading activity.
Ownership status. *
Management dominates the baord
of directors.
CEO serves as Chairman of the *
Board.
CEO is firm's founder. *
No outside stockholder with
significant equity ownership.
No audit committee.
Audit committee meets less than *
twice/year.
Significant equity ownership by *
insider or gray directors with
little experience serving as
directors of other companies.
Family relationship among *
directors and/or officers.
Loebbecke McMullen
et al. Persons et al.
Fraud Risk Factors (1989) (1995) (1996)
Audit committee's effecrtiveness
hindered by quality and extent
of information it receives.
Original CEO/President still
in place.
Internal Control
Management report on internal *
control as evidence of "tone
at the top."
Less rigorous processes and
controls related to interim
reporting
Financial Performance
Desire to attract external
financing at a low cost.
Asset composition (high *
receivables/total assets; high
inventory/total assets; high
current assets/total assets).
Lower capital turnover. *
Other
New client with no prior audit
history or insufficient
information from predecessor
auditor.
Management's characteristics and
influence over the control
environment
Inexperienced management. *
Dechow Summers and
et al. Beasley Sweeney
Fraud Risk Factors (1996) (1996) (1998)
Audit committee's effecrtiveness
hindered by quality and extent
of information it receives.
Original CEO/President still
in place.
Internal Control
Management report on internal
control as evidence of "tone
at the top."
Less rigorous processes and
controls related to interim
reporting
Financial Performance
Desire to attract external *
financing at a low cost.
Asset composition (high
receivables/total assets; high
inventory/total assets; high
current assets/total assets).
Lower capital turnover.
Other
New client with no prior audit *
history or insufficient
information from predecessor
auditor.
Management's characteristics and
influence over the control
environment
Inexperienced management.
Bell and Number of
COSO Carcello practice aids
Fraud Risk Factors (1999) (1999) with factor
Audit committee's effecrtiveness * 2
hindered by quality and extent
of information it receives.
Original CEO/President still *
in place.
Internal Control
Management report on internal
control as evidence of "tone
at the top."
Less rigorous processes and * 1
controls related to interim
reporting
Financial Performance
Desire to attract external
financing at a low cost.
Asset composition (high
receivables/total assets; high
inventory/total assets; high
current assets/total assets).
Lower capital turnover.
Other
New client with no prior audit
history or insufficient
information from predecessor
auditor.
Management's characteristics and
influence over the control
environment
Inexperienced management. 3
Loebbecke McMullen
et al. Persons et al.
Fraud Risk Factors (1989) (1995) (1996)
Conflict of interest within *
company and/or its personnel.
Client engaged in opinion *
shopping.
Management perceives their *
jobs are threatened by poor
performance.
Management displays a propensity *
to take undue risks.
Management personnel engaged in *
an inappropriate lifestyle.
Management reputation in business *
community is poor.
Significant contractual *
commitments.
Decentralized organization *
without adequate monitoring.
Dishonest management. *
Client personnel exhibit *
strong personality anomalies.
Dechow Summers and
et al. Beasley Sweeney
Fraud Risk Factors (1996) (1996) (1998)
Conflict of interest within
company and/or its personnel.
Client engaged in opinion
shopping.
Management perceives their
jobs are threatened by poor
performance.
Management displays a propensity
to take undue risks.
Management personnel engaged in
an inappropriate lifestyle.
Management reputation in business
community is poor.
Significant contractual
commitments.
Decentralized organization
without adequate monitoring.
Dishonest management.
Client personnel exhibit
strong personality anomalies.
Bell and Number of
COSO Carcello practice aids
Fraud Risk Factors (1999) (1999) with factor
Conflict of interest within
company and/or its personnel.
Client engaged in opinion 1
shopping.
Management perceives their
jobs are threatened by poor
performance.
Management displays a propensity 2
to take undue risks.
Management personnel engaged in 2
an inappropriate lifestyle.
Management reputation in business 1
community is poor.
Significant contractual
commitments.
Decentralized organization 1
without adequate monitoring.
Dishonest management. 1
Client personnel exhibit 1
strong personality anomalies.
Factors from Firm Practice Aids Not Included in SAS No. 82 or Selected Studies
(Number of Firm Practice Aids Including Factor)
Management's Characteristics and Influence over the Control Environment
1. Management failed to volunteer information regarding significant or unusual transactions. (1)
2. Awareness of associations or involvement with activities that, while not alleged to be illegal, are questionable or could lead to embarrassment to the firm. (1)
3. Lack of satisfactory explanation for a change in principal legal counsel, bankers, or other key advisors. (2)
4. Resources such as personal computers, access to information technology, temporary personnel to assist personnel to perform their duties often appear to be unavailable or inadequate. (1)
5. The client fails to meet internal and external closing schedules, report deadlines, etc. (2)
6. Inadequate oversight of treasury functions, particularly investment activities, such as those relating to derivative financial instruments. (1)
Industry Conditions
7. Entity operates in an industry frequently associated with questionable or illegal activities. (2)
Operating Characteristics and Financial Stability
8. High level of sales returns. (1)
9. Corporate restructuring. (1)
10. Entity has been in the development stage for a long period of time. (2)
11. The entity is planning to, or has within the past year, become public in a manner that circumvents normal regulatory or market processes and scrutiny; e.g., merging into an existing shell corporation to avoid registration requirements. (1)
12. The relationships between management and its customers/suppliers are of such a nature that they can be manipulated to a significant degree. (1)
13. The fact that an admitted, alleged or suspected criminal matter led to our engagement. (1)
14. There are significant nonmonetary transactions. (1)
15. Alumni of audit firm are members of management and they appear to be using their knowledge of firm guidelines or their firm relationship to the company's advantage in dealing with the firm. (1)
16. There is off-balance sheet financing or contingent liabilities. (1)
In addition, make sure to read these articles:
- Preservation risk management for Web resources: preserving Web content requires...
- Understanding Risk Management
- Understanding the Basic Elements of Accounting
- The unthinkable.
- Employee Fraud Ranks High.
- Employee fraud ranks high
- A test of changes in auditors' fraud-related planning judgments since the issuance of SAS...
- Auditing the purchasing function.
- HNC Introduces Card-Not-Present Fraud Risk ManagementService for Telecom Carriers.
- Fraud profiling.
- New BasePoint Study Finds Fraud Linked to Up to 70% of Early Payment Defaults.
- A group effort.
- A Group Effort
- Naughty business
- Hidden opportunities in credit fraud risk management. (Selected Topic).
Email
Digg It
del.icio.us
Related Resources
Business Resources
Sponsored Links
Site Map | Contact Us | FAQs | About Us | Media Kit | Reprints | RSS Directory | Sign Up for Free Newsletters | Disclosure Policy
Copyright © 1999 - 2008 AllBusiness.com, Inc. All rights reserved.
No part of this content or the data or information included therein may be reproduced,
republished or redistributed without the prior written consent of AllBusiness.com.
Use of this site is governed by our Copyright and Intellectual Property Policy, Terms of Use Agreement and Privacy Policy.
© Copyright © 2001 American Accounting Association
You may not repost, republish, reproduce, package and/or redistribute the content of this page,
in whole or in part, without the written permission of the copyright holder.
Online Business Database | Online Business Information | Email Marketing Lists | Sales and Marketing Solutions | Business Mailing Lists
AllBusiness.com, its parent company D&B, and its affiliates.
