Assessing fraud risks is an integral part of the auditing process. The Statement on Auditing Standards (SAS) No. 99, Consideration of Fraud in a Financial Statement Audit, requires auditors to consider potential fraud risks before and during the information-gathering process. Business owners and managers may find it helpful to understand how this process works, even if their financial statements are not audited.
SAS 99 advises auditors to presume that, if given the opportunity, companies will improperly recognize revenue and management will attempt to override internal controls. Certain factors create opportunities for dishonest employees to commit fraud and, therefore, should be avoided, if possible. Examples of fraud risk factors that auditors consider include:
- Large amounts of cash or other valuable inventory items on hand, without adequate security measures in place
- Heavy dependence on a few key employees, who have too much power & too few checks & balances
- Employees with conflicts of interest, such as relationships with other employees & financial interests in vendors or customers
- Unrealistic goals & performance-based compensation that tempt workers to artificially boost revenue & profits
- Failure to conduct background checks & other pre-employment screening
- Weak internal controls
Auditors also watch for questionable journal entries that dishonest employees could use to hide their impropriety. These entries might, for example, be made to seldom-used or intracompany accounts; on holidays, weekends, or the last day of the accounting period; or with limited descriptions. Fraudsters also tend to use round numbers — just below the dollar threshold that would require additional signatures — for their fictitious journal entries.
Auditors are responsible for using professional skepticism throughout the audit process, as well as planning and performing the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, either caused by fraud or error. Auditors generally are not required to investigate fraud, but they are required to communicate fraud risk findings to the appropriate level of management who can then take actions to prevent fraud in their organizations.
If conditions exist that make it impractical to plan an audit in a way that will adequately address fraud risks, an auditor may even decide to withdraw from the engagement. When conditions are ripe for fraud, we can help you pursue a formal forensic accounting investigation to find out more.