Another Implement for the Fraud Examiner’s Toolbox
SAS 99 not only requires auditors to be reasonably sure that financial statements are free of material misstatements, whether caused by error or fraud, but it gives them focused and clarified guidance on meeting their responsibilities to uncover fraud.
The U.S. Statement on Auditing Standards
(SAS) 99, “Consideration of Fraud in a Financial Statement Audit,” is recommended reading for Certified Fraud Examiners worldwide.
CFEs who routinely inspect financial statements will be pleased by the greater emphasis on fraud detection in this new SAS issued by the Auditing Standards Board of the American Institute of CPAs. Additionally, CFEs who are also CPAs now have a new implement in their toolboxes.
The new SAS draws heavily on the international auditing standard ISA 240 but also adds additional steps that may be of particular interest to our non-U.S. readers. ISA 240 is now being revised to incorporate many of these changes.
With the recent rash of accounting scandals, investors, creditors, and other financial statement users want auditors to look deeper for fraud. SAS 99 not only requires auditors to be reasonably sure that financial statements are free of material misstatements, whether caused by error or fraud, but it also gives them focused and clearer guidance on meeting their responsibilities to uncover fraud.
Though much of SAS 99 may be review for CFEs, they still will learn useful information from the statement whether they are auditors, law enforcement, private investigators, attorneys, or other professionals. (Find an overview of SAS 99 and purchasing information at www.aicpa.org/members/div/auditstd/riasai/sas99.asp.)
SAS 99 requires auditors to look for fraud throughout the entire audit process. The standard defines fraud as an intentional act resulting in a material misstatement in the financial statements. Fraud consists of two major types: 1) misstatements resulting from fraudulent financial reporting and 2) misstatements resulting from the misappropriation of assets (often referred to as theft or defalcation).
SAS 99 describes three conditions typically present when fraud is committed: incentives/pressures, opportunities, and attitudes/rationalizations (These are reminiscent of the three sides of the renowned Fraud Triangle1). Specifically, the perpetrator of the fraud likely is under pressure or has an incentive to commit the fraudulent act. Second, opportunities probably exist for the perpetrator to commit the fraud. Finally, the perpetrator likely is able to rationalize his or her fraudulent act or possesses an attitude that the act was acceptable. There is a direct relationship between the existence of the three conditions and the likelihood of the occurrence of fraud. However, SAS 99 emphasizes that all three conditions do not need to be present for fraud to occur. The appendix to SAS 99 provides examples of each of the three conditions. (Exhibit 1 on page 42 shows a sampling of some of the fraudulent financial reporting examples.)
SAS 99 reiterates the importance of exercising professional skepticism throughout the audit. The auditor must maintain a questioning mind and critically assess the responses from the reporting entity’s management and other evidence examined to determine the risk or existence of fraudulent misstatements. The auditor should never accept less-than-persuasive evidence based on the assumption that management is honest.