Joanne M. Flood - Wiley Practitioner's Guide to GAAS 2020

1 1 See “Definitions of Terms” section.

Scope

Definitions of Terms

Objectives of AU-C Section 240

Requirements

Description and Characteristics of Fraud

Responsibilities of the Auditor

Professional Skepticism

Engagement Team Discussion about Fraud (Brainstorming)

Obtaining Information Needed to Identify Fraud Risks

Identifying Fraud Risks

Assessing Identified Risks

Responding to the Results of the Assessment

Evaluating Audit Evidence

Communication about Possible Fraud to Management and Those Charged with Governance

Documentation

Antifraud Programs and Controls

AU-C 240 Illustrations

AU-C 240 focuses on the auditor’s responsibility for fraud in a financial statement audit. AU-C 240 complements and expands on guidance in AU-C 315 and 330 regarding risks of material misstatements. (AU-C 240.01)

Source: AU-C 240.11.For definitions related to this standard, see Appendix A, “Definitions of Terms”: Fraud, Fraud risk factors.

The objectives of the auditor under AU-C Section 240 are to:

1 Identify and assess the risks of material misstatement of the financial statements due to fraud;

2 Obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; and

3 Respond appropriately to fraud or suspected fraud identified during the audit.

(AU-C 240.10)

Although fraud is a broad legal concept, the auditor’s interest specifically relates to fraudulent acts that cause a material misstatement of financial statements. Two types of misstatements are relevant to the auditor’s consideration in a financial statement audit.

1 Misstatements arising from fraudulent financial reporting

2 Misstatements arising from misappropriation of assets

(AU-C 240.02–.03)

Fraudulent financial reporting does not need to involve a grand plan or conspiracy. Management may rationalize that a misstatement is appropriate because it is an aggressive interpretation of accounting rules, or that it is a temporary misstatement that will be corrected later.

Fraudulent financial reporting and misappropriation of assets differ in that fraudulent financial reporting is committed, usually by management, to deceive financial statement users, whereas misappropriation of assets is committed against an entity, most often by employees.

Fraud Risk Factors.Fraud generally involves the following three conditions:

1 A pressure or an incentive to commit fraud

2 A perceived opportunity to do so

3 Rationalization of the fraud by the individual(s) committing it

(AU-C 240.A1)

However, not all three conditions must be observed to conclude that there is an identified risk. It is particularly difficult to observe that the correct environment for rationalizing fraud is present.

Although fraud usually is concealed, the presence of risk factors or other conditions may alert the auditor to its possible existence.

The auditor should be aware that the presence of each of the three conditions may vary, and is influenced by factors such as the size, complexity, and ownership of the entity. These three conditions usually are present for both types of fraud.

KPMG released a study of 750 fraudsters in 81 countries, “Global Profile of a Fraudster: Technology Enables and Weak Controls Fuel the Fraud,” 1regarding characteristics of people who commit fraud: They

are often experienced employees in a position to collude with people inside and outside the entity.

usually hold management or senior positions.

do not have a prior history of criminal activity.

are highly respected.

appear trustworthy.

are predominantly male between the ages of 36 and 55

Most (61%) fraudsters are employed by the entity.

In 2010, several organizations (the Center for Audit Quality Financial Executives International, the Institute of Internal Auditors, and the National Association of Corporate Directors) formed the Anti-Fraud Collaboration. The organization’s website at antifraudcollaboration.orgcontains resources for audits in the form of case studies, reports, videos, articles, and free CPE.

Management’s Override of Controls.The auditor should also be alert to the fact that fraudulent financial reporting often involves the override of controls, and that management’s override of controls can occur in unpredictable ways. Also, fraud may be concealed through collusion, making it particularly difficult to detect.

In recent years, one international company paid a multimillion-dollar fine to the SEC for inflating its fiscal year results to meet earnings expectations and committing other accounting-related violations over a first-year period. 2Another international company paid penalties because it was overstating revenues and assets. 3Both companies improperly accounted for write-downs under ASC 450. One company also failed to properly amortize intangible assets under ASC 350.

Responsibilities for the Prevention and Detection of Fraud.Management and those charged with governance have the primary responsibility for the prevention and detection of fraud. Management should create an atmosphere that makes fraud prevention a priority by creating a culture of ethical behavior supported by oversight. Management should consider potential inappropriate influence over the financial reporting process, such as managing earnings. Management is responsible for designing and implementing programs to prevent, deter, and detect fraud. When management and others, such as the audit committee and board of directors, set the proper tone of ethical conduct, the opportunities for fraud are significantly reduced. (AU-C 240.04)

In every audit, the auditor is obligated to plan and perform the audit to obtain reasonable assurance about whether the financial statements as a whole are free of material misstatements, whether caused by error or by fraud. (AU-C 240.05)

As defined in AU-C Section 200, professional skepticism is an attitude that includes a questioning mind and critical assessment of audit evidence. The auditor should conduct the entire engagement with an attitude of professional skepticism, recognizing that fraud could be present, regardless of past experience with the entity or beliefs about management’s integrity. (AU-C 240.08 and .12) The auditor should not let his or her beliefs about management’s integrity allow the auditor to be satisfied with any audit evidence that is less than persuasive. Finally, the auditor should continuously question whether information and evidence obtained suggest that material misstatement caused by fraud has occurred.

When planning the audit, members of the audit team must discuss where and how the financial statements may be susceptible to material misstatement caused by fraud. This discussion should include the following:

Exchange ideas and brainstorm about where the financial statements are susceptible to fraud, how assets could be stolen, and how management might engage in fraudulent financial reporting.

Emphasize the need to maintain the proper mind-set throughout the audit regarding the potential for fraud. As previously discussed, the auditor should continually exercise professional skepticism and have a questioning mind when performing the audit and evaluating audit evidence. Engagement team members should thoroughly probe issues, acquire additional evidence when necessary, and consult with other team members and firm experts as needed.