Some level of uncertainty and risk must exist in any fraud examination involving financial statement fraud. For example, there may be uncertainty about the competence of management and the accounting staff, about the effectiveness of internal controls, about the quality of evidence, and so on. These uncertainties or risks are commonly classified as inherent risks, control risks, or detection risks.
Assessing the degree of risk present and identifying the areas of highest risk are critical initial steps in detecting financial statement fraud. The auditor specifically evaluates fraud risk factors when assessing the degree of risk and approaches this risk assessment with a high level of professional skepticism, setting aside any prior beliefs about management’s integrity. Knowledge of the circumstances that can increase the likelihood of fraud, as well as other risk factors, should aid in this assessment.
SAS 99 identifies fraud risk categories that auditors and fraud examiners may evaluate in assessing the risk of fraud. The three main categories of fraud risk factors related to fraudulent financial reporting are management characteristics, industry characteristics and operating characteristics including financial stability.
Management characteristics pertain to management’s abilities, pressures, style, and attitude as they have to do with internal control and the financial reporting process. These characteristics include management’s motivation to engage in fraudulent financial reporting – for instance, compensation contingent on achieving aggressive financial targets; excessive involvement of non-financial management in the selection of accounting principles or estimates; high turnover of senior management, counsel, or board members; strained relationship between management and external auditors; and any known history of securities violations.
Industry characteristics pertain to the economic and regulatory environment in which the entity operates, ranging from stable features of that environment to changing features such as new accounting or regulatory requirements, increased competition, market saturation, or adoption by the company of more aggressive accounting policies to keep pace with the industry.
Operating characteristics and financial stability encompass items such as the nature and complexity of the entity and its transactions, the geographic areas in which it operates, the number of locations where transactions are recorded and disbursements made, the entity’s financial condition, and its profitability. Again, the fraud examiner would look for potential risk factors, such as significant pressure on the company to obtain additional capital, threats of bankruptcy, or hostile take-over.
The two primary categories of fraud risk factors related to asset misappropriation are susceptibility of assets to misappropriation and adequacy of controls. Susceptibility of assets to misappropriation refers to the nature or type of an entity’s assets and the degree to which they are subject to theft or a fraudulent scheme. A company with inventories or fixed assets that includes items of small size, high value, or high demand often is more susceptible, as is a company with easily convertible assets such as diamonds, computer chips or large amounts of cash receipts or cash on hand. Cash misappropriation is also included in this category through fraudulent schemes such as vendor fraud. Adequacy of controls refers to the ability of controls to prevent or detect misappropriations of assets, owning to the design, implementation and monitoring of such controls.
SAS 99 discusses fraud risk factors in the context of the fraud triangle which we’ve often discussed on this blog. SAS 99 also suggests that the auditor consider the following attributes of risk:
–Type of risk that may be present – that is fraudulent financial reporting, asset misappropriation and/or corruption.
–Significance of risk – that is whether it could result in a material misstatement.
–Likelihood of the risk
–Pervasiveness of the risk – that is whether it relates to the financial statements as whole or to just particular accounts, transactions or assertions.
Finally, management selection and application of accounting principles are important factors for the examiner to consider.