Fraud and the Financial Statement Audit: Auditor Responsibilities Under SAS 99

SAS No. 99, the fraud standard, dramatically affects how you plan and conduct an audit. You’ll learn the conceptual framework necessary to understand the characteristics of fraud. Use the risk assessment approach to detecting fraud to improve your audit performance. Written with the regional and local practitioner firms in mind, this course gives practical suggestions that address each of the concepts and needed skills and offers additional guidance on the critical areas of revenue recognition and auditing estimates. Fraud factors for specialized industries are also included.

• Understand the auditor’s responsibilities for detecting fraud during the performance of a financial statement audit
• Apply a risk-assessment approach to detecting fraud in a financial statement audit

Introduction and Overview of SAS No. 99

Learning Objectives

After completing this chapter, you should be

• Familiar with major requirements relating to an auditor’s responsibilities for detecting material misstatements due to fraud during a GAAS audit.
• Able to identify ways in which SAS No. 99 will change existing audit practice.
• Familiar with the organization of the remainder of the course.

Introduction

Background and Overview of SAS No. 99

The accounting profession was under fire. Throughout the long, hot summer, newspapers were filled with new details of a corporate accounting scandal. One of the largest, most respected companies in the United States had been caught inflating earnings and assets through blatant manipulation of the accounting rules. Thousands of investors and employees had suffered. Congressional hearings were called to examine and understand the fraud, and everyone asked, “Where were the auditors?” The accounting profession was under immense political pressure from reform-minded lawmakers, and the negative publicity surrounding the perceived audit failure cast all CPAs in the most unfavorable light.

Sound familiar? The year was 1938.

The corporate accounting scandal was McKesson-Robbins, in which the company inflated assets and earnings by $19 million through the reporting of nonexistent inventory and fictitious sales. In the wake of the scandal, the auditing profession responded by setting the first formal standards for auditing procedures, including guidance on the auditor’s responsibilities for detecting fraud.

In the years since McKesson-Robbins, the business world has been rocked by even bigger corporate frauds, and each time the profession has come under criticism – some of which is justified and some of which is not. Once again we have witnessed the quick, spectacular failure of some of this country’s largest companies, amid a series of indictments, arrests, and allegations of financial fraud. As CPAs, we find ourselves in the uncomfortable position of having to defend our work and our credibility. We are now at the beginning of the post-Enron world. In the summer of 2002, the Sarbanes-Oxley Act was signed into law, and by all accounts it has the potential to dramatically change the auditing profession. SAS No. 99, Consideration of Fraud in a Financial Statement Audit, is the first major audit standard to be released since the passage of Sarbanes-Oxley. No one ever intended these events to converge like this, but they have – a new fraud standard delivered in the midst of endless revelations of corporate malfeasance. The timing is fortuitous because this standard provides us with an excellent opportunity to repair some of the recent damage to our reputation – one auditor, one engagement at a time.

SAS No. 99 has the potential to significantly improve audit quality, not just in detecting fraud, but also in detecting all material misstatements and improving the quality of the financial reporting process. This is why.

Integrity of the Standards-Setting Process

High-quality processes lead to high-quality results. Suppose you are building a house and you want it to be beautiful and functional and stand the test of time. Everything you do – from the drafting of the plans to the selection of materials and on through the actual construction itself – must be designed to produce that type of quality. Because of that direct relationship between process and product, we can judge the quality of a finished product before it is used by looking at the quality of the process. Thinking of buying a home but having questions about its quality? Examine the quality of the building process.

Auditors should be skeptical if SAS No. 99 was the product of a hasty process designed solely as a response to the criticism the profession has received in the wake of high-profile business failures.

For that reason, it is important to recognize that SAS No. 99 is not a knee-jerk reaction to recent events. This new standard was four years in the making. It is the product of a thoughtful, thorough, and open standards-setting process that constantly seeks to improve audit quality. The standard incorporates

• Results of academic research on how auditors implemented previous standards on fraud and how those standards might be improved.
• Recommendations of the Public Oversight Board’s Panel on Audit Effectiveness, who conducted their own detailed study on audit effectiveness.
• Comments from over 50 groups and individuals representing a wide variety of stakeholders in the financial reporting process.

Only a handful of engagement teams have adopted the new standard in advance of its effective date, and it is far too early to determine whether the effective implementation of the new standard will achieve the desired effect on audit practice. However, because of the care exercised in the development of the standard, it is a high-quality standard that is likely to improve the ability of auditors to respond effectively to the potential for fraud.

Audit Smarter

If you are familiar with the previous audit standard on fraud, you know that a cornerstone of that standard was a list of “fraud risk factors,” which, though they do not necessarily indicate the existence of fraud, often have been observed when frauds have occurred. This list of fraud risk factors was intended to help auditors discover indicia of fraud while performing their engagements. In practice, this list usually was reduced to a checklist that auditors completed and included in their workpapers.

The academic research that examined the implementation of the previous standard resulted in several key findings:

• Auditors did a good job of identifying indicators of fraud. However, once those indicators were identified, they did a relatively poor job of responding appropriately to the perceived risk of fraud.
• Auditors who rely exclusively on checklists to identify fraud risk factors are less effective than those who supplement checklists with other procedures.

SAS No. 99 is extremely comprehensive and touches on many elements of the audit process. It cannot be reduced to a checklist or form. The effective implementation of SAS No. 99 will require auditors to audit smarter and think when they audit. Engagement teams who plan to implement the standard by obtaining an updated version of a generic audit program will be doing themselves and their clients an injustice. The effective implementation of SAS No. 99 will force you to rethink how you plan and perform your audits.

Standard Will Result in Better Audits, Not Just Fraud Detection

As an example of the ways in which SAS No. 99 will result in better audits, consider the effectiveness of analytical procedures. If you attend a training session on improving the effectiveness of analytical procedures, one sure-fire way for the instructor to get a laugh (and make an important point) is to describe some of the analytical review comments he or she has read on workpapers over the years. “Revenues increased because the client sold more.” Or “Change in account balance from prior year is reasonable per discussion with controller.”

What makes these types of comments scary is that they illustrate how an otherwise effective audit procedure can be rendered ineffective. And analytical procedures is just one of several areas where the performance of audit procedures is less than optimal. To reduce audit risk to an acceptable level, others on the engagement team must revisit the audit area and do additional work, which makes the engagement less efficient.

The prescription for improving these procedures (and the quality of the audit) is always the same:

• Understand the client’s business.
• Maintain a healthy professional skepticism and corroborate management’s verbal representations.
• Have the more experienced team members share their knowledge with everyone else.
• Do a more thorough job of audit planning.

You would be hard pressed to find an auditor to argue that the above list will not result in a more effective and efficient audit.

Recognize that SAS No. 99 emphasizes all of the above. In order to successfully implement the SAS, you will have to address each of the bullet points, which in turn will result in a better audit. For example, the SAS emphasizes the need for professional skepticism throughout the engagement. Not only will that attitude help you detect material misstatements caused by fraud, it will also help you detect those that are not caused by fraud.

Review Questions

1. Which of the following statements best describes the background behind the development of SAS No. 99, Consideration of Fraud in a Financial Statement Audit?
   1. It was developed in direct response to the requirements of the Sarbanes-Oxley Act.
   2. Fraud detection was identified as a core service during the AICPA “vision process,” and SAS No. 99 was developed to help auditors provide that service.
   3. Fraud investigation was a nontraditional service that was to be included in the failed “Global Business Credential,” and SAS No. 99 was developed to help CPAs provide this service.
   4. SAS No. 99 is the natural result of an audit standards-setting process that constantly seeks to improve audit quality.
2. Which of the following was considered by the Auditing Standards Board during its
   development of SAS No. 99?
   1. Results of academic research.
   2. Recommendations of the Public Oversight Board’s Panel on Audit Effectiveness.
   3. Comments from various stakeholders in the financial reporting process.
   4. All of the above.
3. Which of the following conclusion was reached by academic researchers who examined the implementation of the previous audit standard on fraud?
   1. The exclusive use of checklists to identify, assess, and respond to the risks is the most effective way for auditors to detect material misstatement due to fraud.
   2. Auditors who rely exclusively on checklists to identify fraud risk factors are less effective than those who supplement checklists with other procedures.
4. Which of the following points is emphasized in SAS No. 99?
   1. Understand the client’s business.
   2. Senior and experienced audit team members should not unduly influence the audit and therefore should keep important client information to themselves.
   3. Auditors should de-emphasize audit planning so that they may do a more thorough job of examining source documents for authenticity during fieldwork.
   4. All of the above.

731814