Fraud Risk Considerations

Fraud Risk Considerations

The fraud refers to intentional misrepresentations regarding financial information by one or more individuals among management, employees or third parties. According to the Association of Certified Fraud Examiners’ (ACFE) 2020 Global Fraud Study, organizations lose an average of 5% of revenue to fraud each year. On a global scale, that represents approximately $4.2 trillion lost annually supposing that the Global GDP is $84.5 trillion in 2020. Despite these figures from the Association of Certified Fraud Examiners’ 2020 Global Study, unfortunately, many companies fail to incorporate comprehensive policies and procedures to prevent, detect and mitigate fraud.

Studies have found that the schemes used by professional fraudsters are remarkably consistent. Among the various types of fraud that organizations can face, occupational fraud is likely the largest and most common threat. This kind of fraud can be put into three categories: Asset Misappropriation, Corruption, and Financial Statement Fraud. But, as per AS 2401, note that two types of misstatements are relevant to the auditor’s consideration of fraud; fraudulent financial reporting and misappropriation of assets.

The number of cases and the effect of these cases appear inversely proportional. Asset misappropriation occurs in the vast majority of fraud schemes (86% of cases); however, these schemes also tend to cause the lowest median loss. In contrast, financial statement fraud schemes, in which the perpetrator intentionally causes a material misstatement or omission in the organization’s financial statements, are the least common (10% of schemes) but costliest category of occupational fraud.

Fraudulent financial reporting are intentional misstatements or omissions of amounts or disclosures in financial statements designed to deceive financial statement users where the effect causes the financial statements not to be presented, in all material respects, in conformity with GAAP. Misstatements in the financial statements can arise from either fraud or error. The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional. Fraudulent financial reporting may be accomplished by the following:

• Manipulation, falsification, or alteration of accounting records or supporting documents from which financial statements are prepared
• Misrepresentation in or intentional omission from the financial statements of events, transactions, or other significant information
• Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure

Misappropriation of Assets Misstatements arising from misappropriation of assets (sometimes referred to as theft or defalcation) involve the theft of an entity’s assets where the effect of the theft causes the financial statements not to be presented, in all material respects, in conformity with GAAP. Misappropriation of assets can be accomplished in various ways, including embezzling receipts, stealing assets, or causing an entity to pay for goods or services that have not been received.

Fraud risk factors

The Fraud Triangle outlines three elements that are typically present when an individual commits occupational fraud – Pressure, Opportunity and Rationalization. All of these elements are typically present, so effectively addressing any one of them will help minimize the fraud risk. Incentive&pressure; a reason to commit fraud, opportunity; a lack of effective controls, and rationalization/attitude; an attempt to justify fraudulent behavior.

Consideration of Fraud during an Audit

The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. Because of the hidden aspects of fraud and the need to exercise judgment when assessing fraud risk, even a properly planned and conducted audit may not detect fraud. And the auditor’s ability to detect fraud depends on the skillfulness of the perpetrator, the frequency and extent of manipulation, the degree of collusion involved, the relative size of the individual amounts manipulated, and the seniority of the individuals involved.

Responsibilities

Both Management and Auditor have responsibilities, management is responsible for designing and implementing programs and controls to prevent, deter, and detect fraud. On the other hand, auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement, whether caused by error or fraud.

Audit Requirements

Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. The auditor uses the knowledge, skill, and ability called for by the profession of public accounting to diligently perform, in good faith and with integrity, the gathering and objective evaluation of evidence. The auditor neither assumes that management is dishonest nor assumes unquestioned honesty. In exercising professional skepticism, the auditor should not be satisfied with less than persuasive evidence because of a belief that management is honest.

Audit procedures are the processes, techniques and methods used by auditors to obtain audit evidence that enables them to conclude the audit objective and express an opinion. Sometimes we call audit procedures audit programs. SAS 99 not only requires auditors to be reasonably sure that financial statements are free of material misstatements, whether caused by error or fraud, but it gives them focused and clarified guidance on meeting their responsibilities to uncover fraud. Auditor should perform the following procedures;

• Discussion among engagement personnel regarding the risks of material misstatement due to fraud
• Obtaining the information needed to identify risks of material misstatement due to fraud
  • Inquiring of management and others within the entity about the risks of fraud
  • Considering the results of the analytical procedures performed in planning the audit
  • Evaluating Fraud Risk Factors
• Identifying Risks
  • Attribute of risks;
    • Type of Risk; fraudulent financial reporting or misappropriation of assets
    • Significance of the risk
    • Likelihood of the risk
    • Pervasiveness of the risk
  • Presumption of risks;
    • Improper revenue recognition
    • Management override of controls
  • Additional Consideration;
    • Whether and to what extent the three fraud risk factors are present
    • The size, complexity, and ownership structure of the entity
    • The susceptibility of items to manipulate
    • Considering how fraud can be perpetrated or concealed
  • Assessing Risks; the auditor evaluates the identified fraud risks after considering the effect of the entity’s programs and controls such as obtaining an understanding of the entity and its environment, including its internal control, and specific controls.
• Responding to the results of the assessment; the auditor’s response to the risks of material misstatement due to fraud involves the application of professional skepticism when gathering and evaluating audit evidence. The auditor responds to the results of the risk assessment in three ways;
  • A response that has an overall effect on how the audit is conducted
  • Response encompassing specific audit procedures
  • Response addressing risks related to management override of controls
• Evaluating audit evidence
• Communicating about fraud to management, those charged with governance, and others
• Documenting the auditor’s consideration of fraud