How Auditors Can Detect Fraud
Everyone is familiar with the word “fraud,” whether it is because they or someone they know has been a victim of it or because of the many stories of business scams such as the Enron scandal. Every year, around 5 percent of entities’ revenue is lost to insider fraud. That represents a potential total loss of $4 trillion annually in the U.S. alone. The reality is that fraud is everywhere, and the threat of fraud keeps increasing. Due to COVID-19 and current economic conditions, there is an increased risk of fraud for both individuals and businesses.
Auditors conduct their engagements in accordance with Generally Accepted Auditing Standards (GAAS). The American Institute of CPAs’ (AICPA) Code of Professional Conduct requires members to comply with the Statements on Auditing Standards (SASs). SAS No. 99 requires auditors to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatements, whether due to fraud or error. According to SAS 99, there are three conditions typically present when fraud is committed:
- Incentives/pressures — employees’ mindset towards committing fraud. Example: Bonuses that are based on financial metrics.
- Opportunities — circumstances that allow fraud to occur. Example: Lack of supervision of internal controls and a poor tone at the top.
- Attitudes/rationalizations — individuals’ justification for committing fraud. Example: An individual wanting to get back at their employer because he/she was treated wrongly or an employee is feeling entitled.
Keep in mind that most fraud occurs with trusted personnel.
How Auditors Can Detect Fraud
The standard defines fraud as an intentional act resulting in a material misstatement in the financial statements. Fraud on financial statements consists of the following two types:
- Misstatements resulting from fraudulent financial reporting
- Misstatements resulting from the misappropriation of assets
The AICPA recommends that auditors assess where a company may be vulnerable to fraud and assess risk of material misrepresentation and fraud by management.
It is important to keep in mind that per AU-C Section 240, Consideration of Fraud in a Financial Statement Audit, both those charged with governance and management are primarily responsible for the prevention and detection of fraud. Management, with the oversight of those charged with governance, needs to establish strong prevention guidelines which should include creating a culture of honesty and ethical behavior. While auditors are not responsible to detect fraud (but to identify fraud through planning and risk assessments), there are guidelines that auditors need to follow to comply with GAAS, including the following:
- Discussion among the engagement team. It is crucial that everyone on the engagement team — from interns to partners — discuss that the financials might be susceptible to material\ misstatements due to fraud. Everyone needs to be aware of external and internal factors that may create an incentive or pressure to commit fraud.
- Discussion with management and others within the entity. When interviewing employees to determine if they have any knowledge of fraud, the auditor should not only focus on asking these questions to management but also to other employees such as warehouse staff who handle the day-by-day operations.
- Assessment of the risk of material misstatement. The auditor needs to identify and assess the risk of material misstatement at the financial statement level and at the assertion level for classes of transactions and account balances. The auditor needs to review the financials, and, based on industry and entity knowledge, identify the risk of material misstatements.
- Professional skepticism. Auditors should maintain professional skepticism throughout the audit. It doesn’t matter whether they have been working with the entity for several years or they have developed a relationship with management, auditors should always recognize the possibility that a material misstatement due to fraud may exist.
Auditors need to be aware that business disruption coupled with employees working remotely could result in internal controls not functioning as designed, thus allowing greater potential for fraud. Auditors must be diligent, remain skeptical and follow their instincts. If something doesn’t seem right, ask more questions, perform more testing and investigate further.
Desiree Martinez, MS, is a senior auditor at Traphagen CPAs & Wealth Advisors. She is a member of the NJCPA Accounting and Auditing Standards Interest Group.
This article appeared in the Spring 2022 issue of New Jersey CPA magazine. Read the full issue.