Fraud Auditing and Different Type of Fraud
Over the years, the role of auditors become increasingly important especially in a capitalist economy as the process of wealth creation and political stability depends heavily upon confidence in processes of accountability and how well the expected roles are being fulfilled. An auditor has the responsibility for the prevention, detection and reporting of fraud, other illegal acts and errors is one of the most controversial issues in auditing. The most frequently debated areas amongst auditors, politicians, media, regulators and the public is where the fraud is coming from and by whom.
This disagreement has been especially tinted by the collapse of big corporations like Enron and WorldCom. The unforeseen fall of Enron and WorldCom traumatized the world as both of these companies received clean bills of health from their auditors immediately prior to their for bankruptcy. Type of fraud Fraud itself comprises a large variety of activities and includes bribery, political corruption, business and employee fraud, consumer theft; network hacking, bankruptcy and divorce fraud, and identity theft. Many find it helpful to separate between internal and external fraud.
Internal fraud is usually found by internal auditors. In the Statement of Auditing Standards 99, it’s defines fraud as an intentional act that results in a material misstatement in financial statements. There are two types of fraud considered: misstatements arising from fraudulent financial reporting (e. g. falsification of accounting records) and misstatements arising from misappropriation of assets (e. g. theft of assets or fraudulent expenditures). Examples of fraudulent financial reporting and Misappropriation of assets; * Fraudulent financial reporting.
An example of fraudulent financial reporting is a company that ships customers’ goods that have not been ordered and then records the revenue as if it met all the criteria for revenue recognition. In other cases involving new high technology products, company personnel may have provided customers with a side agreement granting right of return for any reason or made payment for the goods contingent on receipt of funding or some other event.
In such cases the side agreement typically is not disclosed to the auditor because he underlying transaction would not meet the criteria for revenue recognition under generally accepted accounting principles. * Misappropriation of assets. Examples of misappropriation of assets are thefts of cash, inventory or securities. Small practitioners specifically asked for guidance in this area because they were more likely to encounter misappropriations than fraudulent financial reporting. Auditors from larger firms were more concerned about fraudulent financial reporting from a materiality standpoint but also thought guidance on misappropriations would be helpful.
The Institute of Internal Auditors (IIA) Definition The IIA describes fraud as “any illegal acts characterized by deceit, concealment or violation of trust. These acts are not dependent upon the application of threat of violence or of physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. ” The IIA further clarifies fraud and misconduct. Deterrence of Fraud Deterrence of fraud consists of those actions taken to discourage the perpetration of fraud and limit the exposure if fraud does occur.
The principal mechanism for deterring fraud is control. The primary responsibility for establishing and maintaining control rests with management. Internal control is a process affected by an organization’s management that is designed to provide reasonable assurance regarding the achievement of objectives in the following categories: 1. Reliability of financial reporting, 2. Compliance with applicable laws and regulations and 3. Effectiveness and efficiency of operations. The standard describes the fraud triangle. Generally, the three ‘fraud triangle’ conditions are present when Fraud occurs.
First, there is an incentive or pressure that provides a reason to commit fraud. Second, there is an opportunity for fraud to be perpetrated (e. g. absence of controls, ineffective controls, or the ability of management to override controls. ) Third, the individuals committing the fraud possess an attitude that enables them to rationalize the fraud. (http://en. wikipedia. org/wiki/SAS_99) As we know fraud is more likely to be committed by a single individual, without a prior history of fraud, who often raises a red flag because they are living beyond their means and are experiencing financial difficulties.
The reasons for fraud are not always obvious to the business owner or even their attorneys. However, what is obvious is that it is often overlooked, ignored, and even undetected. An Analysis of the Fraud Triangle Abstract The concept of a “Fraud Triangle” is introduced to the professional literature in SAS No. 99, Consideration of Fraud in a Financial Statement Audit. The Fraud Triangle consists of three conditions generally present when fraud occurs: Incentive/Pressure, Opportunity, and Attitude/ Rationalizations.
Input from forensic experts, academics and others consistently show that evaluation of information about fraud is enhanced when auditors evaluate in the context of these three conditions. To examine the impact of the fraud triangle on the audit process, this paper develops an evidential network that has two major sub-networks: one to capture risk and evidential relationships for a conventional financial statement audit and the other to capture the risk and evidential relationships for fraud risk assessment. These networks use the Belief Functions approach to express the uncertainties involved in the evidence in a financial statement audit.
The results of the analyses support the concept of the fraud triangle in that the three components and the relationships between those components are shown to have a substantial impact on audit risk. Part of an auditor’s job is to ensure that their clients’ financial statements are free of fraud. But, what is fraud? It is a universally understood term; however, most people are unable to truly define what it means. Depending on the source from which it is obtained, there are a number of definitions for the term.
For example, the definition in Webster’s dictionary is going to be different from the definition of fraud that the AICPA has. Also, to make things a bit more complicated, some definitions, such as the one given by the ACFE, are broken down into categories based on the types of fraud that can occur, each of which having its own definition of course. One would think that a simple word like fraud would be easily definable, but in reality, it has multiple meanings and can be interpreted differently depending to whom or where it is being referenced. Documentation
The auditor should document in the work papers the assessment of the risk of material misstatement due to fraud. At a minimum, the auditor needs to document those risk factors identified in the audit engagement and the auditors’ response to them. If other risk factors are identified during the audit that causes the auditor to believe an additional response is required, he or she should document those factors or conditions and any further response the auditor concluded was appropriate. Fraud Theory Auditors today are at a crossroads regarding how to incorporate fraud detection into their audit plans.
Sarbanes – Oxley, Public Company Accounting Oversight Board (PCAOB) regulators, and the professional standards of auditing are requiring auditors to give greater consideration to incorporating fraud detection into their audit plan. Companies’ boards of directors, management, and the public are asking why is fraud occurring and going undetected in our business systems. Auditors are asking themselves whether fraud can be detected when there is no predication or allegation of a specific fraud. Traditionally, the auditing profession had two fundamental ways to deal with the fraud question:
Search for fraud using a passive approach of testing internal controls. The approach relies on auditors seeing the red flags of fraud. Although few audit programs incorporate specific red flags for audit observation, the assumption is that professional experience will provide auditors with the skills to observe the red flags. 2. React to fraud allegations received through a tip or some other audit source. Since studies continue to indicate that most frauds are detected through tips, we need to ask ourselves how effective past audit approaches have been.
Historically, the profession relied on evaluating the adequacy and effectiveness of internal controls to detect and deter fraud. Auditors would first document the system of internal controls. If internal controls were deemed adequate, the auditors would then test those controls to ensure they were operating as intended by management. The test of internal controls was based on testing a random, unbiased sample of transactions in the business system. Conventionally, audit standards stated that auditors should be alert to the red flags of fraud in the conduct of an audit.
Study after study indicates that the lack of professional skepticism is a leading cause for audit failure in detecting fraud. In one sense, the search for fraud seems like a daunting responsibility. However, fraud in its simplest form should be easy to find. After all, the key to finding fraud is looking where fraud is and has been. This book focuses on the use of fraud auditing to detect fraud in core business systems. Fraud auditing is a proactive audit approach designed to respond to the risk of fraud. Essentially, the fraud audit approach requires auditors to answer these questions:
Who commits fraud, and how? . What type of fraud are we looking for? 3. Should fraud be viewed as an inherent risk? 4. What is the relationship between internal controls and fraud opportunity? 5. How is fraud concealed? 6. How can we incorporate the fraud theory into our audit approach? 7. What are the ways fraud auditing can be used to detect fraud? The auditor’s response to risk can vary widely. He or she may believe the audit program already addresses areas of risk sufficiently, making no further response necessary. Depending on the nature of the risk, the auditor may wish to change the nature, timing or extent of procedures.
The auditor may wish to increase the number of locations at which inventory counts are observed or assure that the inventory counts are moved close to yearend. In connection with receivable confirmation requests, the auditor—faced with other risk factors—may wish to inquire of the appropriate person about the existence of side agreements. When the auditor has significant concerns about management’s integrity or otherwise concludes it is not possible to address the level of risk on the engagement, he or she should consider withdrawing from the audit, with appropriate communications to the entities audit committee.
According to criminologist Donald R. Cressey While researching his doctoral thesis in the 1950s, famed criminologist Donald R. Cressey came up with this hypothesis to explain why people commit fraud. The three key elements in the fraud triangle are opportunity, motivation, and rationalization. Opportunity is the element over which business owners have the most control. Limiting opportunities for fraud is one way a company can reduce it. Opportunity is the ability to commit fraud. Because fraudsters don’t wish to be caught, they must also believe that their activities will not be detected.
The Opportunity to commit fraud is possible when employees have access to assets and information that allows them to both commit and conceal fraud. Employees are given access to records and valuables in the ordinary course of their jobs. Unfortunately, that access allows people to commit fraud. Over the years, managers have become responsible for a wider range of employees and functions. This has led to more access for them, as well as more control over functional areas of companies. Access must be limited to only those systems, information, and assets that are truly necessary for an employee to complete his or her job.
Opportunity is created by weak internal controls, poor management oversight, and/or through use of one’s position and authority. Failure to establish adequate procedures to detect fraudulent activity also increases the opportunities fraud for to occur. Motivation, or can be referred to as incentive, is another aspect of the fraud triangle, it is a pressure or a “need” felt by the person who commits fraud. It might be a real financial or other type of need, such as high medical bills or debts. Or it could be a perceived financial need, such as a person who has a desire for material goods but not the means to get them.
Motivators can also be non financial. There may be high pressure for good results at work or a need to cover up someone’s poor performance. Addictions such as gambling and drugs may also motivate someone to commit fraud. Lastly, employees may rationalize this behavior by determining that committing fraud is OK for a variety of reasons. Rationalization is a crucial component in most frauds. Rationalization involves a person reconciling his/her behavior with the commonly accepted notions of decency and trust. For those who are generally dishonest, it is probably easier to rationalize a fraud.
For those with higher moral standards, it is probably not so easy. They have to convince themselves that fraud is OK with “excuses” for their behavior. Common rationalizations include making up for being underpaid or replacing a bonus that was deserved but not received. A thief may convince himself that he is just “borrowing” money from the company and will pay it back one day. Some embezzlers tell themselves that the company doesn’t need the money or won’t miss the assets. Others believe that the company “deserves” to have money stolen because of bad acts against employees.
Role of Auditors in Corruption Investigations Auditors may come across situations, during their examinations, which smack of corruption. Since investigation requires different standards and skills, the auditors cannot get into the business of investigating a suspected case of corruption. However, they can forward extracts of their reports to investigating agencies for further probe. As compared to auditing, investigation is a different area of oversight. However, auditors can play a vital role in assisting the agencies responsible for investigation against alleged cases of corruption.
The investigating agency could be an internal entity, some anti-corruption commission, police, judiciary or a specialized body for a mega corruption case. The investigation may be initiated on a complaint from a citizen, employee, auditor or a supervisor in an organization. Internal auditors usually have more diversified and detailed knowledge of operations in different parts of the organization than the investigating agency staff that may be deployed only for a particular case.
The internal auditors can assist the investigating staff in interpreting various rules, in explaining various practices, in sharing some of the onfidential information that they may possess or discussing technical details of operations. The internal auditors can pinpoint areas of excessive cost and weaker controls which can help the investigating staff in detecting corruption. Conclusion In conclusion, there are many faces of fraud. The definition or clarification of what fraud actually is depends entirely on the reference from which it is being examined. As was shown, each source has its own definition of fraud and what categories of fraud do in fact exist.
In order to fully understand how to look for and identify fraud in financial statements of clients, auditors need to understand what fraud is and what characteristics constitute fraud.