How auditors evaluate fraud risks
Assessing fraud risks is an integral part of the auditing process. Statement on Auditing Standards (SAS) No. 99, Consideration of Fraud in a Financial Statement Audit, requires auditors to consider potential fraud risks before and during the information-gathering process. Business owners and managers may find it helpful to understand how this process works — even if their financial statements aren’t audited.
SAS 99 advises auditors to presume that, if given the opportunity, companies will improperly recognize revenue and management will attempt to override internal controls. Certain factors create opportunities for dishonest employees to commit fraud and, therefore, should be avoided, if possible. Examples of fraud risk factors that auditors consider include:
Auditors also watch for questionable journal entries that dishonest employees could use to hide their impropriety. These entries might, for example, be made to seldom-used or intracompany accounts; on holidays, weekends, or the last day of the accounting period; or with limited descriptions. Fraudsters also tend to use round numbers — just below the dollar threshold that would require additional signatures — for their fictitious journal entries.
Auditors are responsible for using professional skepticism throughout the audit process, as well as planning and performing the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, either caused by fraud or error. Auditors generally aren’t required to investigate fraud. But they are required to communicate fraud risk findings to the appropriate level of management, who can then take actions to prevent fraud in their organizations.
If conditions exist that make it impractical to plan an audit in a way that will adequately address fraud risks, an auditor may even decide to withdraw from the engagement. When conditions are ripe for fraud, we can help you pursue a formal forensic accounting investigation to find out more.