By Vijay R. Chemuturi, CPA
Statement of Auditing Standards No. 99 (SAS 99), Consideration of Fraud in a Financial Statement Audit, requires auditors to consider fraud risk factors at various stages of an audit of financial statements. It also requires the auditor to assess such identified risks and respond to them by performing procedures that address the risk of material misstatement due to fraud.
Evaluating fraud risk factors is probably the most difficult part of assessing overall audit risk, and owes its complexity to the fact that human behavior cannot be predicted with certainty. Past trends, however, can offer an indication of what can be expected. Looking at where and how fraud was perpetuated in the past can assist auditors in this endeavor.
A recent study1 by the Association of Certified Fraud Examiners (ACFE) estimated that U.S organizations lose approximately 5 percent of annual revenue to fraud. In comparison to a 2004 study, this represents a decrease of 1 percent. The median loss caused by fraud, however, increased from $56,500 in 2002 and 2003 to $159,000 in 2004 and 2005. Asset misappropriations were the most common type of fraud, occurring in over 90 percent of all cases studied. Financial statement fraud was the least common, but it had the largest dollar impact when it did occur, $2 million per the 2006 study. Most of the fraud schemes were committed by the accounting department and upper management. The next most commonly cited group was the sales department.
Finding fraud can be difficult, so knowing where to look is invaluable. In asset misappropriation schemes, the asset that was targeted most was cash, followed by inventory, equipment, then proprietary information. The most common method in this area revolved around cash receipts and cash on hand. Billing schemes, payroll schemes, expense reimbursements, check tampering, wire transfers, and register disbursements were other areas. Billing schemes were the most common form of fraudulent disbursements. Concealing liabilities was the most common method of financial statement fraud employed, while timing differences was the least.
Looking at the numbers and examining hot spots is critically important, but the anti-fraud control that had a measurable effect on an entity’s ability to combat fraud was found to be anonymous hot lines. Entities with hot lines suffered less median losses due to fraud compared with those that did not. Reductions in fraud losses also were found at entities that had internal audit departments, regularly performed external audits, and anti-fraud training for employees and management.
The most common anti-fraud measures in use by the entities in the study were external audits, followed by internal audits, fraud training, and hot lines. External audits, however, were only the fifth-most common method through which fraud was detected, the study reported. Hot-line tips were the most common method. Nearly 50 percent of all fraud committed by upper management was detected through tips, where only 9 percent of this type was detected through internal control.
These findings from the ACFE show an existing gap between the anti-fraud measures employed and the most common methods of fraud discovery. SAS 99 requires auditors to apply professional skepticism in evaluating audit evidence, but auditors seeking to minimize overall audit risk also must keep in mind the above findings when identifying fraud risk factors.
1 2006 ACFE Report to the Nation on Occupational Fraud & Abuse, Association of Certified Fraud Examiners, www.acfe.com/fraud/report.asp. Statistics from the 2002 and 2004 reports also cited.
Vijay R. Chemuturi, CPA, CFE, is a senior associate with KPMG LLP in New York. He can be reached at vchemuturi@kpmg.com.
Copyright 1998-2007 PICPA. All rights reserved. Contact journal@picpa.org for reprint permission