Fraud Red Flags for Financial Statements
All organizations are at risk of fraud, which can be internal or external. Internal risks arise from people within the organization who can use their position to enrich themselves by misusing the resources and assets held by their employers. On the other hand, external risks are posed by officials, customers and contractors who may want to obtain money illegally. When it comes to red flags due to fraud, they can be listed such as General Red Flags for Fraud, Behavioral Red Flags, Management and Director Red Flags, and Accounting Red Flags.
We often learn academically while trying to study a subject and have difficulty applying what we learn to real cases. However, the best way to learn is to experience the learned subject or to comprehend the subject with examples, sometimes this happens with experience, sometimes it can be by making use of experienced people or organizations.
In this context, I find the AICPA’s examples valuable as a summary showing the risk of fraud in the AU-C 240. Circumstances that may indicate the possibility that the financial statements may contain a material misstatement resulting from fraud may be classified into five groups;
- Discrepancies in the accounting records
- Conflicting or missing evidence
- Conditions relating to governmental entities or not-for-profit organizations
- Problematic or unusual relationships between the auditor and management
- Other circumstances
Discrepancies in the accounting records
- Transactions that are not recorded in a complete or timely manner or are improperly recorded by amount, accounting period, classification, or entity policy
- Unsupported or unauthorized balances or transactions
- Last minute adjustments that significantly affect financial results
- Evidence of employees’ access to systems and records inconsistent with that necessary to perform their authorized duties
- Tips or complaints to the auditor about alleged fraud
Conflicting or missing evidence
- Missing documents and documents that appear to have been altered
- Unavailability of other than photocopied or electronically transmitted documents when documents in original form are expected to exist
- Significant unexplained items on reconciliations
- Unusual balance sheet changes, or changes in trends or important financial statement ratios or relationships; for example, receivables growing faster than revenues
- Inconsistent, vague, or implausible responses from management or employees arising from inquiries or analytical procedures
- Unusual discrepancies between the entity’s records and confirmation replies
- Large numbers of credit entries and other adjustments made to accounts receivable records
- Unexplained or inadequately explained differences between the accounts receivable subledger and the control account, or between the customer statements and the accounts receivable subledger
- Missing or nonexistent cancelled checks in circumstances in which cancelled checks are ordinarily returned to the entity with the bank statement
- Missing inventory or physical assets of significant magnitude
- Unavailable or missing electronic evidence, inconsistent with the entity’s record retention practices or policies
- Fewer responses to confirmations than anticipated or a greater number of responses than anticipated
- Inability to produce evidence of key systems development and program change testing and implementation activities for current year system changes and deployments
Conditions relating to governmental entities or not-for-profit organizations
- Significant transfers or transactions between funds or programs, or both, lacking supporting documents
- Abnormal budget conditions
- Procurement conditions
- Program conditions
- Grant and donor funding conditions
Problematic or unusual relationships between the auditor and management
- Denial of access to records, facilities, certain employees, customers, vendors, or others from whom audit evidence might be sought
- Undue time pressures imposed by management to resolve complex or contentious issues
- Complaints by management about the conduct of the audit or management intimidation of engagement team members, particularly in connection with the auditor’s critical assessment of audit evidence or in the resolution of potential disagreements with management
- Unusual delays by the entity in providing requested information
- Unwillingness to facilitate auditor access to key electronic files for testing through the use of computer-assisted audit techniques
- Denial of access to key IT operations staff and facilities, including security, operations, and systems development personnel
- An unwillingness to add or revise disclosures in the financial statements to make them more complete and understandable
- An unwillingness to address identified deficiencies in internal control on a timely basis
Other circumstances
- Unwillingness by management to permit the auditor to meet privately with those charged with governance
- Accounting policies that appear to be at variance with industry norms
- Frequent changes in accounting estimates that do not appear to result from changed circumstances
- Tolerance of violations of the entity’s code of conduct