Jacob Given and Dr. T. Jeff Wilks, School of Accountancy & Information Systems

Overview of Topic Area

The United States is currently facing a perceived crisis in our financial reporting system. In recent years, a large increase in the number of financial frauds reported and subsequent business failures have led to concerns in both the public and private sectors as to the legitimacy of corporations published financial statements. These concerns have led to new regulations from regulatory agencies and oversight boards as well as legislation from the US Congress. The substance of these new regulations and legislation focus on the need for management, investors, regulators and auditors to become more involved in preventing and detecting financial statement fraud.

In order to help auditors prevent and detect financial statement fraud, the American Institute of Certified Public Accountants (AICPA) issued Statement on Auditing Standards (SAS) 53: Consideration of fraud in a financial statement audit; in 1988; SAS 82: Consideration of fraud in a financial statement audit; in 1997; and SAS 99: Consideration of fraud in a financial statement audit; in 2002. All three of these guidelines give auditors guidance in how to detect fraud during a financial statement audit.

Each successive SAS has given clearer guidance on how they should plan an audit in order to accurately asses the risks of fraudulent activity at the company. The auditor’s liability has not changed, they still provide reasonable assurance as to the accuracy of financial statements; however, the steps and procedures the auditors must complete have become greater due to myriad of methods some companies use to “cook the books.”

The center piece of all of the fraud standards is the “Fraud Triangle”, which was introduced in 1953 by Dr. Donald R. Cressey in his book, Other People’s Money: A Study in the Social Psychology of Embezzlement1. In his book, he delineates the conditions present in fraudulent financial activities into three groups:

· Pressure/incentives

· Opportunity

· Attitude/rationalization

SAS 99 encourages auditors to obtain a broad range of information regarding the potential for fraud and then view the information using the fraud triangle paradigm2. Auditors are encouraged to use analytical procedures within the scope of the fraud triangle. Auditors should use audit team discussion, inquiries of management, industry analysis, analysis of controls and analytical procedures to assess the risk of the fraud. During the planning phase of the audit, auditors should review the assessed risks and develop an appropriate audit response.3 By adhering to the recommendations given in SAS 99, auditors should initially assess the risk of fraud in the planning stage of the audit and then continually assess the risk of fraud throughout the audit. Any change in assessment will initiate and adaptation of audit procedures to respond and review potential fraud risks.

Specific Purpose of this Project

The purpose of this research project was to determine how the audit firms chose to apply the recommendations given in SAS 99. Each firm was left to decide how to best integrate the recommendations into their current audit practices. I analyzed each of the big four’s current practices and then compared them to each other. No attempt was made to determine which methodology is better, only to list each firm’s methodology.

During my internship at the US Securities and Exchange Commission I read the big four audit firms current literature on fraud risk assessment. Through meetings with partners and managers of big four firms, I asked them about their firms’ current literature on fraud risk assessment, and any potential future changes to the literature and if their individual office has any unique procedures. As in previous studies of audit firm’s fraud risk assessment literature, the name of the firm that uses a certain procedure will remain confidential4.

Each firm has differed in how they applied the recommendations in SAS 99. A good example of how the firms differ in their application and documentation of the recommendations is in how to conduct and document management inquiries regarding fraud risk. SAS 99 recommends auditors query management regarding the risks of fraud. One firm requires the auditor to write out his or her assessment of management and the topics discussed. Guidelines given by the firm include:

· Management’s understanding of fraud risk

· Whether they have knowledge of fraud that has been perpetrated on or within the entity

· Questions on specific accounts, locations, types of transactions, account balances or financial statement categories where fraud risk factors might exist; and how management may be addressing such risks.

Another firm lists the different types of risk assessments involving management and the auditor is required to check off boxes labeled “yes” or “no” dependent on whether or not the risk is present. A third firm has created an action plan for each type of risk and requires auditors to address potential risks with the whole team. Management inquiry is not listed as a separate procedure, but each risk has an action step which includes talking to management. The final documenting step of each risk is to write out the actions the auditors will perform to mitigate the potential risks. The fourth firm has combined the internal control assessment and fraud risk consideration. This firm also requires the auditors to check boxes labeled “yes” or “no”, but does not have risks associated with management broken out separately.

The different methods each firm uses for querying management’s view of fraud and the entity’s risks is indicative of the differences throughout the risk assessment. Two firms require the audit team to either verbalize or write down the steps the team will take to mitigate risks, and the other two firms require the audit team to check off predetermined boxes listing out the risks. A summary page is included at the end of the check lists for the audit team to list any comments and describe the teams responses to the risk factors listed.

All of the firms indicated through interviews and literature that they are now constantly considering the risks of fraud throughout the audit. Also, they are also more cautious about the clients they accept from other firms when another firm disengages from an audit.

Conclusion

Despite these new fraud standards and new guidelines from the national offices of each firm on how fraud risks should be assessed an integrated into an audit, much work still needs to be done. Over the past three years, the number of Officer & Director bars sought against principals of public traded companies has increased five fold5, and the number of SEC complaints involving improper accounting has increased three fold 6. The solution might not lie in new guidelines and standards, but in changes in mentality and thinking. SAS 99 starts down this path by emphasizing the need to view an audit through the lens of professional skepticism and the permeation of fraud risk assessments throughout the audit.

References

• Cressey, D. R, Other People’s Money: A Study in the Social Psychology of Embezzlement (Glencoe, Ill: Free Press Press, 1953)
• Beasley, M., Menelaides, S., Montgomery, D. and Palmrose, Z., “Auditor’s New Procedures for Detecting Fraud.” Journal of Accountancy. (May 2002) : 63.
• Beasley, M. Menelaides, S., Montgomery, D. and Palmrose, Z., “Auditor’s New Procedures for Detecting Fraud.” 64.
• Shelton, S., Whittington, O. and Landsittel, D. “Auditing Firm’s Fraud Risk Assessment Practices” Accounting Horizons. Vol 15. (March 2001) : 21.
• Cutler, Stephen. “Remarks Before the District of Columbia Bar Association” Washington DC. Feb. 11, 2004
• Cutler, Stephen. “Remarks Before the AICPA” Washington DC. December 12, 2002