This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Auditors must know where to look for fraud detection. Understanding the incentives of those committing fraud and knowing in which accounts fraud is more likely to exist based on a risk evaluation helps identify the areas that might be subject to greatest analysis. Likewise, being aware of the types of transactions that permit further review, as well as other possible red flag indicators, may alert auditors to areas that might require a closer look. Precise detection techniques discussed in this chapter comprise carrying out logical procedures, using random audit tests, observing and checking, doing investigations, and conducting interviews. While these techniques may be performed regularly in the course of a financial statement audit, approaching them with the mind-set of professional suspicion and with better knowledge of the various types of fraudulent schemes may make the difference between detecting and not detecting fraud. This section also discusses the importance of continually bringing together all of the information obtained through the application of these detection practices and assessing the risk of fraud on the basis of such information.
The detection techniques discussed in this unit-including techniques performed as a routine part of audits-depend on on certain procedures and approaches to attain the preferred result of detecting fraud. These key procedures and approaches include the following:
Accomplish all procedures with an approach of professional suspicion.
Consider deception techniques during the evaluation of documents, including the possibility of false documents.
Carefully understand and be alert to possible red flags that are probable indicators of abnormalities and likely indicators of areas requiring further examination.
Request more documentation in accomplishing audit responsibilities. Trust but confirm.
Laying a Foundation for Detection
An auditor's ability to detect fraud may be significantly improved by personal understanding of an enterprise and the environment in which he/she works. With this knowledge, the auditor may be better able to identify irregularities or other potential red flags such as illogical analytic relationships, control weaknesses, transactions that have no obvious business purpose, related parties, and unexpected financial performance. It is important to understand the business, the control procedures in place, the accounting process, the accounting policies, the industry, and the general economic environment affecting the company.
To understand the business, and how it makes money, it is important to identify the key business partners (customers, dealers, and so forth) and understand the corporate principles and administrative organization. To understand the industry, auditors might identify competitors or comparable companies, determine how the competitors and comparable companies work, consider changes in the competitive structure such as fusions and new competitors to the market, changes in the company's market share, and developments and overall issues affecting the industry. SAS 22 offers further guidance on obtaining knowledge about an entity's business and its related industry. Such information provides a critical basis for the evaluation of the information obtained through the techniques discussed later.
Assessing the Risk of Fraud
Some level of doubt and risk exists in any financial statement audit. For example, there may be uncertainty about the capability of management and the accounting staff, about the effectiveness of internal controls, about the quality of evidence, and so on. These uncertainties or risks are commonly classified as inborn risks, control risks, or detection risks.
Measuring the amount of risk present and identifying the areas of highest risk are critical primary steps in detecting financial statement fraud. The auditor specifically evaluates fraud risk factors. Identification of the conditions that could increase the possibility of fraud, as well as other risk factors, should help in this evaluation.
Fraud Risk Factors
SAS 99 described fraud risk categories that auditors may evaluate in assessing the risk of fraud. The three main categories of fraud risk factors related to fraudulent financial reporting are management characteristics, industry characteristics, and operating characteristics including financial stability.
â€¢ Management characteristics refer to to management's capabilities, pressures, style, and attitude as they have to do with internal control and the financial reporting process. These characteristics include management's enthusiasm to involve in fraudulent financial reporting-for instance, compensation depending on achieving aggressive financial objectives; excessive involvement of nonfinancial management in the selection of accounting principles or estimates; high turnover of senior management, counsel, or board members; tense relationship between management and external auditors; and any known history of securities violations.
â€¢ Industry characteristics relate to the economic and regulatory environment in which the entity operates, ranging from constant features of that environment to altering features such as new accounting or regulatory requirements, increased competition, market saturation, or adoption by the company of more aggressive accounting policies to keep step with the industry.
â€¢ Operating characteristics and financial stability cover items such as the nature and complexity of the entity and its transactions, the geographic areas in which it functions, the number of locations where transactions are recorded and payments are made, the entity's financial condition, and its productivity. Again, the auditor would look for potential risk factors such as significant pressure on the company to obtain additional assets, fears of economic failure, or unfriendly takeover.
The two primary categories of fraud risk factors related to asset misappropriation are vulnerability of assets to misuse and adequacy of controls.
â€¢ Susceptibility of assets to misappropriation states to the nature or type of an entity's assets and the degree to which they are subject to theft or a fraudulent scheme. A company with stocks or fixed assets that include items of small size, high value, or high demand often is more vulnerable, as is a company with easily exchangeable assets such as diamonds, computer chips, or large amounts of cash receipts or cash on hand. Cash misappropriation is also included in this category through fraudulent schemes such as dealer fraud.
â€¢ Adequacy of controls refers to the ability of controls to prevent or detect misappropriations of assets, owing to the design, application, and observing of such controls.
Revisiting the Fraud Triangle
In the background of this discussion of potential red flags, it is advisable to reconsider the concept of the fraud triangle.
Incentive and pressure
Rationalization and attitude
Incentive and Pressure
Management or other employees may find themselves offered incentives or placed under pressure to commit fraud. When, for example, payment or development is significantly affected by individual, departmental, or company performance, individuals may have a motivation to manipulate results or to put pressure on others to do so. Pressure may also come from the impractical expectations of investors, banks, or other sources of finance. Certain risk factors are usefully measured in the evaluation of whether or not the organization is at a greater or lesser degree of risk, owing to incentives or pressures that could possibly lead to material misstatements.
These risk factors include:
Situations that threaten the productivity or financial constancy of the business
Excessive pressure on management to meet or go beyond the expectations of third parties, including financiers and investors
Important threats to the private wealth of management as a result of the performance of the business
Excessive internal pressures on divisional or departmental management forced by the board of directors or senior management
A struggle to retain the company's listing on a stock exchange or debt rating
Inability to meet debt bonds or satisfy conditions in union or acquirement agreements
Incentive and pressure can take a variety of forms within an organization: bonuses or incentive paid on behalf of a large portion of an employee or group's payment; triggers made into debt contracts tied to share price targets and levels; significant stock option awards all through the organization but predominantly to top management; and aggressive earnings-per-share and revenue targets set by top management and conversed to analysts, investment bankers, and other market contributors, with resultant pressure from these groups.
With regard to the risk of material misstatement due to misuse of assets, the risk factors are:
Personal financial problems that might encourage an individual to misuse assets
Adverse relationships between the entity and one or more of its employees, which might create feelings of hatred or unfaithfulness. Personal pressures have increased significantly in recent decades as stock opportunities became a common means of compensating and motivating management.
Defining the presence and degree of these pressures or incentives is part of the auditor's objective in assessing the risk that misstatements due to fraud may have occurred. Keep in mind that some people will go to surprizing lengths to satisfy their needs. The ability to satisfy those needs through incorrect measures is increased if the other constituents of the fraud triangle are present.
Conditions may exist that create opportunities for management or other staff to commit fraud. When such opportunities arise, those who might not otherwise be inclined to behave deceitfully may be drawn to do so. Even individuals under pressure and susceptible to incentives to commit a fraud are not a serious threat to an organization unless an opportunity exists for them to act on their need. An opportunity must exist to commit fraud, and the fraudster must believe the fraud can be committed with freedom. Absent or unsuccessful controls, lack of command, or inadequate assignment of duties may provide such opportunities.
Opportunities may also be intrinsic in the nature, size, or structure of the business. Certain types of transactions provide themselves more opportunities than others to misrepresentation or manipulation, as do certain kinds of balances or accounts. Certain corporate and group structures may be more opaque and susceptible to abuse. And certain types of asset are more prone to misuse. Risk factors indicative of opportunities that could lead to material misstatements as a result of falsified financial reporting include:
Factors related to the nature of the industry in which the object is working, the nature of the object's business and the transactions it enters into, and the way in which they are recorded in the profit-and-loss account or balance sheet.
The nature of the object's dealings with customers and suppliers and its position in its markets: the ability to dominate or order terms may create the opportunity for incorrect or non-arm's-length transactions.
The extent of judgment involved in defining the level of income or expenses or the estimation of assets or responsibilities: Generally, a higher degree of judgment will give rise to a greater opportunity for thoughtful manipulation.
The extent and efficiency of supervision of senior management by independent corporate governance functions such as the audit committee, nonexecutive directors, and supervisory boards.
The grade of complexity and stability of the entity or group.
The general control environment, including the continuity and effectiveness of internal audit, information technology, and accounting employees as well as the efficacy of accounting and reporting systems.
In several large financial statement fraud cases, opportunity existed by advantage of management's role in the internal control structure and its ability to dominate or avoid existing controls. With concern to the risk of material misstatement resulting from misappropriation of assets, the risk factors best categorized as related to opportunity can be summarized as follows:
Susceptibility of fixed assets, records, or other assets to misuse, depending on such variables as value, demand, transportability, and convertibility
Flaws in the controls designed to protect assets, such as command, assignments of duties, employee screening, physical controls, settlements, and other accounting controls
Rationalization and Attitude
Some individuals are more susceptible to than others to commit fraud. Other things being equal, the tendency to commit fraud depends on people's moral values as well as on their personal circumstances. Ethical behaviour is motivated both by a person's character and by external factors. External factors may include job uncertainty, such as during a downsizing, or a work environment that inspires offense, such as being passed over for promotion. The external environment also includes the attitude at the top-the attitude of management toward fraud risk and management's reactions to actual occurrences of fraud. When fraud has occurred in the past and management has not responded properly, others may interpret that the matter is not taken seriously and they can get away with it.
Risk factors that fall into this category of justification and attitude are typically the least noticeable or measurable, and many are by nature difficult for an auditor to observe or otherwise discover. Basically, rationalization and attitude are functions of the culture of an organization, the mind-set of those who work in it, and the communication between the two-for example, the level of employee loyalty to the company. The wider business environment must also be considered: hard times in an industry or in the overall economy may make it easier for some individuals to rationalize fraud. Risk factors to look for, in this somewhat vague but critically significant category, include:
Lack of clearness or communication about corporate ethical values or infrequent communication and strengthening of such values
Ignore for the risk of fraud-or useless measures when fraud rises
Lack of practicality in budgeting and estimating and in communicating expectations to third parties
Frequent efforts by management to defend incorrect accounting or disclosure strategies and practices on grounds of materiality or other grounds
Difficult relationships with the entity's auditors: a victimization attitude, obligation of unreasonable time pressure, or restrictions on access to relevant audit evidence
Most frauds begin small and build over time. Many people can easily rationalize small violations such as using the office phone for personal long-distance phone calls or stocking their home office with supplies from the company supply cabinet-and the auditor will come into contact with individuals who are, of course, capable of these rationalizations. These rationalizations can be simple, even for a complex financial crime.
Some of the most common rationalizations prove to be the following:
â€¢ It is just temporary.
The company will do better next quarter and the act can be reversed. No one will ever know.
It is not really fraud, right, if I book this entry one month and then reverse it the next? In the end, it washes and no one's harmed. The company stays in compliance with debt contracts, and we make our dividend payments.
â€¢ Management does not care.
Management does not seriously observe internal controls.
Management does not correct known shortages in controls.
Management does not correct this kind of conduct.
â€¢ Management take part in, expects, and rewards this kind of behaviour.
Management has entered into certain transactions purely for the purpose of meeting specific reporting purposes.
Management traditionally uses forceful accounting policies, and we need to remain steady with prior periods.
The people being promoted helped the company accomplish its purposes without concern to the means of getting there.
Risk taking is rewarded. We are cowboys-but nobody is allowed to say that anymore.
â€¢ No one is offended and the company is helped.
It is not substantial to the company as a whole. But it makes a huge difference to our proceeds from the public offering.
â€¢ I deserve this.
I was approved for the promotion I earned.
I'm paid at less than the market rate for my services and the price I provide.
The company has no faithfulness to its employees; I'm likely to be laid off soon.
This will make up for the benefits the company just removed.
Defining whether a basis exists to rationalize a fraudulent act is a key part of the evaluation of the risk that misstatements due to fraud may have occurred. Characteristically, all three conditions of the fraud triangle will be present in varying grades when fraud occurs. They are closely related. When the motive to commit fraud is strong, it is likely to be easier for criminals to rationalize their actions. Easy opportunity may have a similar effect: when internal controls are absent or useless, an employee may conclude that management is unconcerned to fraud- that "nobody cares." The greater the level to which all three conditions are present, the greater the possibility that fraud will occur. Creating an environment that minimizes these conditions is vital to avoiding or limiting fraud risk. However, even if one or more conditions are absent, fraud risk is not removed. The motivation or pressure may be such as to drive an individual or group to commit fraud regardless of the absence of easy opportunities to do so. Similarly, predators may not need to rationalize their attacks on a firm: it just comes naturally.
Identifying and Evaluating Risk Factors
As noted earlier, fraud risk factors need to be evaluated in context. That context can be defined as an understanding of the business of the entity and the general economic and market environment in which it operates; the presence of other fraud risk factors, if any; and the existence and efficacy of moderating controls. Facts or circumstances that may constitute fraud risk factors in one context may have less significance in another. For example, a small owner-managed entity is likely to have in place less-sophisticated corporate governance structures and systems of internal control than is a large international organization.
Basic elements such as independent supervision of management-such as by way of an effective audit committee-and assignment of duties between key operational and accounting functions may not be as well developed and may not even be practical in a smaller entity. Such matters might be cause for concern in a larger organization, but in a smaller one, their potential influence on fraud risk may be at least partially balance by the closer involvement of the owner-manager and maybe by cultural differences.
A satisfactory understanding of the entity's business and its relationship with business partners, suppliers, and customers is important to the proper evaluation of fraud risk factors. The ability to identify unusual or suspicious transactions, questionable financial ratios, and unlikely explanations by management or others clearly indicates an awareness and understanding of what is normal and expected in the context of the entity, the industry sector, and the general business and economic environment in which the entity operates.
In placing confidence on a control to lessen the risk of fraud, auditors may satisfy themselves that the control would, if operated properly, diminish the risk in question and that the control has operated effectively during the period subject to audit. Even if auditors can obtain reasonable reassurance on these counts, they should not discount the possibility that management or others may take controls or otherwise avoid normal processes to manipulate results or balances.
The identification and evaluation of fraud risk factors should not be seen as a one-time-only process carried out and completed at the planning stage. Reasonably, it is a growing process that continues through the audit. Auditors remain alert to the risk of material misstatement resulting from fraud at all stages of the audit so that their assessment may be updated in light of new information. Such information may arise:
During planning and risk calculation
In discussions with management or other employees
As a outcome of controls testing or essential analytic or detailed testing at the review or audit completion stage
The audit appointment leader ensures that a mechanism is in place within the audit team for the sharing of information concerning potential fraud risk factors-or evidence of fraud-so that any such information is brought forward and can be considered in a larger context. This helps ensure that the existing assessment of fraud risk is re evaluated regularly in light of new evidence. To achieve these goals, the audit team holds discussions about the risk of material misstatement due to fraud and the need to apply healthy professional suspicion at all times.
SAS 99 (Statement on Auditing StandardsÂ ) proposes that the key sources for the identification of fraud risk factors are investigations of management and others, analytic procedures, concern of fraud risks, and other information available within or about a specific company.
The expression management and others encompasses executive management, the audit committee, and internal audit, as well as others within the organization who might be expected to have relevant views, including those involved in operational stuffs rather than directly involved in the financial reporting process.
Amongst the questions the auditor might well raise with management, the following would be among the most significant:
Does management have knowledge of any fraud-whether related to financial reporting or to asset misappropriation-committed, unproven, or suspected that could result in a material misstatement of the entity's financial statements?
Irrespective of materiality, does management have knowledge of any fraud committed, supposed, or suspected?
Has management received any letters or communications from employees, former employees, analysts, short sellers, or others concerning parties of fraud?
What is management's understanding of the risks of fraud in the company?
Are there any specific fraud risks the company has identified or any account balances or classes of transactions for which a risk of fraud may be more likely to happen, and why?
What programs and controls has management established to lessen specific fraud risks that have been identified or to help prevent, deter, and detect fraud of other kinds? How does management monitor those programs or controls?
How does management communicate its views on business practices and ethical behaviour?
How does management demonstrate behaviour consistent with its views?
What procedures are in place to monitor the operating locations or business segments of the business? Are there any particular secondary locations or business segments in which the risk of fraud is more likely?
Has management reported to the audit committee-or to others with corresponding authority and responsibility for the entity's internal control- concerning how management believes the internal control framework serves to prevent, deter, or detect material misstatements due to fraud? The report would be likely to include the entity's control environment, risk assessment process, control activities, information and communication systems, and monitoring activities.
Has anyone asked a member of management or others within the company to withhold information from the auditor, alter documents, or make false entries in the books?
To the audit committee, the auditor might ask these questions:
What are the audit committee's views about the risk of fraud?
Is the audit committee aware of any fraud committed, supposed, or suspected?
How does the audit committee workout lapse over activities concerned with the risks of fraud and the programs and controls established to diminish risks?
What is the audit committee's evaluation of management's performance in this concern?
It is important to gain a complete understanding of where the internal auditors spend their time. In the case of multinational entities, the external auditor may gain an understanding of what internal audit is doing in each location. Questions designed both to bring to light specific instances of fraud and to assist the auditor in assessing the efficiency and independence of internal audit might include:
What are internal audit's opinions regarding the risk of fraud?
What specific internal audit procedures have been performed to prevent, discourage, or detect fraud?
What were the outcomes of this work?
Is internal audit aware of any occurrences of fraud committed, supposed, or suspected?
Has management responded reasonably to internal audit findings throughout the year?
Have there been any restrictions with respect to what internal audit can review or when the review can take place?
Questions to be asked of others within the organization will be made-to-order to their areas of knowledge and their positions in the company. While people lower in the ladder may not have the same impression as senior management, their views should not be ignored or reduced. They may have a more detailed understanding about the operation of specific controls, perhaps because they're directly involved with them. In instances in which management is the committer of the fraud, lower-level employees may know what is going on or can direct the audit team to relevant documents or transactions.
The auditor may think through the possibility that the company's general counsel may have relevant information or views. If frauds or other reportable events have occurred in the past, it is likely that in-house counsel will be aware of this. Indeed, they're likely to have been involved in any corrective or other steps taken. In-house counsel may also be aware of any regulatory or other proceedings involving the entity that may have effects on the financial statements. Legal counsel, a compliance officer, or human resources may have details of investigations and ethics violations. And there may be instances of suspected embezzlement that were handled through these channels. Others in management, especially new management, may not be aware of such ethics violations.
In specific cases, other possibly relevant sources of information or procedures may also be available to the auditor, such as:
General press and media reports that indicate the existence of concerns about matters directly or indirectly related to the entity's financial statements
Specialist industry publications and trade journals
Legal and proceedings data
Public records searches and background checks for verifying the existence of a customer, supplier, or employee: They may identify unidentified clashes of interests, ownership of real estate, judgments, liens (A right to keep possessions and belonging to another person until a debt is paid), and more. Many free and fee-based records contain public records and information, but searching them and interpreting the results can be an art. The skilled professional knows which records to access in a cost-efficient and cost-effective manner.
The extent to which the auditor includes such sources into the audit approach will be a matter of professional judgment, taking into account what is practical and reasonable in the situations.
Analytic measures are used during the course of the audit process for three primary purposes:
Preliminary analytic procedures are used to develop an understanding of the company and to direct attention to high-risk areas in defining the nature, timing, and extent of audit procedures.
Substantive analytic procedures are used to obtain audit evidence to assess account balances.
Final analytic procedures are used to assess the respectability of audit conclusions in an overall assessment of the demonstration of the financial statement.
In addition to supporting the auditor in detecting fraud, analytic procedures speak other benefits:
Assessment of the entity's ability to continue as a going concern. Directing analytic procedures may assist an auditor in determining a company's current financial condition, its condition comparative to competitors, whether the company is experiencing or may experience financial difficulty, and whether it is able to continue as a going concern.
Indication of the possible presence of errors in financial statements. When analytic procedures disclose differences between companies' actual and expected performance, such alterations could represent either accounting errors or irregularities.
Implications for audit testing and procedures. When analytic procedures are performed during an audit and do not reveal differences or irregularities compared with expectations, material blunder or irregularity is less likely to be present. In these cases, it may be probable to perform fewer detailed tests of relevant accounts because the analytic procedures establish essential evidence supporting the fair statement of the related account stabilities. If analytic procedures do reveal differences, additional testing may be essential during the audit.
Effective logical procedures can reasonably be estimated to identify surprising relationships. Using such procedures, auditors develop expectations for actual financial amounts, ratios, trends, and relationships based on their prior experience of the company (modified to reflect any known factors expected to change the outcome), experience of the relevant industry or of similar companies in the industry, expectations of management at the start of the reporting period, and the actual effective activities of the company.
Therefore, the following comparisons are characteristic aspects of analytic procedures:
Existing company data versus company data from prior period(s)
Company data versus company budgets, predictions, or plans
Company data versus business data and/or comparable company data
Company financial data versus company operational data such as production levels, number of employees, and genuine footage
Subset of company data versus other subset of company data: comparison of data on a separate basis such as by division, product, location, or employee
Company data versus auditor- assessed predictable results.
Current Company Data versus Company Data from Prior Periods
â€¦â€¦..This process includes not only comparing the existing period's balance with that of prior periods but also comparing ratios and percentage relationships over time. Comparing only the balances between the two periods would not take into account such factors as growth or the relationship between the financial data. Making comparisons on as small a unit of data as possible-monthly, for instance-and for more than just two years will provide additional relevant information. Trend analyses could be performed with monthly data. For example, using analytic procedures to identify false sales entries posted at each quarter's end to meet the three-monthly revenue or earnings goals is possible only if data is viewed by periods shorter than a quarter. Graphically illustrating these trends may better enable the auditor to determine what needs to be investigated further.
Company Data versus Company Budgets, Estimates, or Projections
Most companies prepare budgets that reflect their financial performance objectives. Often, these budgets are prepared for various areas within the company-such as departments, plants, and other subunits-and for various activities the organization conducts, such as sales, production, and research. Since budgets represent the client's expectations for the period, differences between actual results and the budget should be analyzed.
Tracing actual to budget from prior periods could be included in the current year analysis as well. If the company has always had trouble remaining within budget, this could be considered. The budget could be evaluated to determine whether it was accurate when prepared. Determining whether the budget was changed during the period to adapt to the company's actual financials is also a consideration. The fact that actual amounts estimated budgeted amounts does not necessarily indicate the absence of offensiveness. A general fraudulent scheme is to "manage the budget" to the benefit of either the company or the individual fraudster. Comparing actual results with analysts' expectations may also provide significant information.
Company Data versus Industry Data and/or Comparable Company Data
Company financial data-both balances and relationship data-is compared with data from the whole industry or with that of a competitor or comparable industry. Company performance that differs significantly from industry performance may require further analysis. Performance measures to be compared with industry measures could include, among others, sales growth, gross profit, net income, bad debt expense, and various proportions.
Company Financial Data versus Company Operational Data
Auditors may consider making evaluations between certain operational activities and the areas of the financial statements that they would expect to be affected as a result. For example, it would normally be expected that increased production levels might appear in the financial statements as increased revenue or increased inventory. Similarly, revenues within units should not exceed total production after adjusting for changes in inventory levels. Other operational data that might be compared with financial data includes number of employees, genuine footage, number of locations, shipping volumes versus volumes invoiced, and other examples relevant to the specific industry.
Company Data versus Auditor-Determined Expected Results
The auditor may have certain expectations for results-such as certain amounts, ratios, relationships, or tendencies-based on the auditor's understanding of the client and of the industry in which the company operates. A difference between the recorded outcome and the auditor's expectations might indicate a misstatement and require further investigation and justification. This analysis is highly dependent on the correctness of the auditor's expectation. Generally, the more precise the expectation-that is, the closer the expectation is to the correct balance or relationship, as opposed to the recorded balance-the more effective the procedure will be at identifying possible misstatements.
As specified before, comparisons are made not only on account balances but also on financial relationships. The most common techniques for analyzing relationships are discussed as follows.
Horizontal analysis-that is, comparison of the current period's balances with those of prior periods. This technique estimates the percentage of change between the current-period balance, as well as prior-period balances, and a base period. Accounts that are increasing or decreasing at rates significantly higher or lower than the majority of the account balances-and especially compared with related accounts-might be subject to further analysis. For example, if sales increased 22 percent during the base period but if cost of goods sold increased only 9 percent, further analysis of both accounts might be necessary.
Vertical, or common-size, analysis. This technique calculates each line item on a financial statement as a percentage of another line item. An income statement is common sized by showing each line item as a percentage of revenues. This is informative because many expenses, such as commissions or cost of goods sold, are directly dependent on the level of revenues. A balance sheet is common sized by showing each line item as a percentage of total assets-or total responsibilities plus equity. These percentages are then compared against prior-period percentages or against industry or comparable company percentages.
Comparison of the detail of a total balance with similar detail for the preceding year(s). This technique is based on analysis of the detail of a specific balance over time or at a point in time and comparison of it to similar detail from prior periods. If no major changes in the client's operations have occurred in the current period, then much of the detail making up the totals in the financial statements might also remain unchanged. It is often possible to use this method to separate the information that needs further examination. An example might be a detailed analysis of the trade receivables account. Such an analysis could disclose that a significant increase in the number of customers occurred from one period to the next, with most of the new customers having balances below the typical materiality level for performing written confirmations. This might require additional analysis.
Ratios and other financial relationships. Ratios reflect relevant information about a business by calculating the relationship among selected items on financial statements. A company's ratios can be compared with ratios from a different period or periods, with a competitor's ratios, and with an industry's ratios. Anomalies in the form of inconsistent or unexplained changes or differences from the industry may be investigated further. It is useful to calculate liquidity (cash asset ratio), activity, weightage, and cost-effectiveness ratios and figures.
Working capital balance
Accounts receivable income
Debt or debt to equity
In addition to those standard ratios, it is also relevant to analyze other relationships involving the high-risk areas of revenue recognition and inventory balances. Relationships that can be analyzed in these categories might include the following:
Sales versus returns, payments, and discounts
Sales versus promotion or advertising budget
Sales versus outgoing cargo costs
Sales versus cost of sales
Sales versus accounts payable
Sales versus sales commissions
Sales versus gross profit
Sales versus inventory
Sales versus production levels/capacity
Sales versus measure of total market size
Sales versus accounts receivable
Sales versus interest expense
Inventory versus cost of sales
Inventory versus current or total assets
Inventory versus production levels
Finally, analysis of relationships that involve cash or cash flow can reveal areas needing further review. The cash account is rarely misstated because of the ease with which cash balances can be confirmed. Therefore, examining the relationship between cash-which is likely to be stated properly-and other account balances that might be misstated can identify anomalies. Some relationships involving cash or cash flow that might be analyzed include the following:
Cash versus current or total assets
Cash from operations over time
Cash from operations versus sales
Cash from operations versus net income
Free cash flow (operating cash flow, less capital expenses and payments)
It is generally applicable to use more than one of these comparisons and/or interactive techniques because different techniques may reveal different information. Unexpected relationships should be considered for further analysis. For example, if operations are financed with a working capital line and production and sales are up but interest expense is down-supposing no decline in interest rates-further analysis may be necessary. It may be that other efficiencies assisted cash flow from operations to be used for financing the increased production and sales, or it may be that untrue sales were booked.
Financial Statement Fraud: Detection Techniques
Knowing where to look for fraud is a key element in detecting fraud. While any line item on the income statement or balance sheet is subject to manipulation, in certain areas this happens more regularly. The auditor should be most alert to potential schemes affecting these line items. Thinking about potential schemes can assist with risk identification. Most often, the aim of fraudulent financial reporting is to exaggerate net income or net worth-although the opposite may be true when individuals are involved in earnings management and in building the build-up stocks of reserves during profitable years to be used later, during periods of lower financial performance. For net income to be exaggerated; revenues typically are overstated and/or expenses typically are understated. For net worth to be overstated; assets must also be overstated and/or liabilities must be understated. In the system of double-entry accounting, any incorrect entry will appear in two or more line items. The auditor should understand the client's risk identification program; not having such a program raises a potential red flag.
Fraudulent financial reporting by means of inappropriate revenue recognition is one of the most dominant forms of material misstatement due to fraud. The auditor considers the nature of the entity's business and how it generates and accounts for revenues and then identifies ways in which revenues might be misstated and how such misstatement might be concealed. Examples of the specific risks the auditor might consider, depending on the nature of the business, comprise the following:
False sales of real goods might be created and covered by the falsification of inventory records, shipping documents, and invoices.
Sales might be exaggerated by the shipping of goods not ordered, by treating quantity of shipments as revenues, or by otherwise ignoring shipping terms that deal with ownership transfer.
Fictitious sales may be booked for product that has been packed but not shipped to the customer-and that never will be. The sale may be written off later or re-do in order not to affect ratios and metrics badly.
Sales might be subject to side agreements giving customers the right to return goods not used or to other arrangements that have the effect of partly or completely reversing sales.
Sales cut-off might be manipulated by holding the books open for a period after the year-end.
Fictitious or overstated revenues from long-term projects in progress might arise as a result of aggressive estimates as to degree of completion. This risk will tend to be increased when significant judgment is required in measuring the value of work done or the state of completion-for example, in relation to large-scale capital projects or the development of impalpable products such as custom software.
Indicators of such manipulation might include but are not limited to infrequent sales patterns or ratios developing from analytic procedures, inconsistencies in documentation, recognition of revenues not in accordance with contract, large credit notes after the year-end, long-outstanding defaulters, unresolved debit entries on intercompany accounts, or abnormalities in inventory counts. It is important to obtain a detailed understanding of significant revenue sources and related revenue recognition policies, as well as of any current changes.
Uncovering of bribes and kickbacks is difficult at best because these are typically buried in otherwise authentic transactions. That is, the company usually overpays for goods and services, upon which the culprit receives a bribe from the dealer representative. As such, bribes and kickbacks generally involve the purchasing function of the organization.
Potential objectives of such schemes include anyone with authority to award contracts or to purchase products-such as inventory, supplies, raw materials, fixed assets, and software. Potential targets may also include individuals whose sign-off is needed for acceptance of a contract, such as engineers, quality personnel, and other technical experts.
Since corruption frauds are so difficult to detect, the focus is directed heavily toward prevention. Controls need to be remarkably good in this area to lessen the risk that these transactions will occur in the first place. Prevention may begin by assessment of the areas in which control weaknesses exist.
Some outstanding control mechanisms are as follows:
Reliability in the asset obtaining bidding process
Replacement of employees through various dealer assignments
As a way of preventing the criminal from informing a partner about lower-bidding competitors, the use of private fax machines whereby bids are required to be submitted to persons other than those asking the bids
Formation of a hotline and ensuring that sellers are aware of the hotline and encouraged to use it if any employee approaches them, looking for a bribe
A strong, enforced policy on expose of conflicts of interest, including receipt of gifts and privileges by buyers.
As with the other types of frauds, analytic procedures and data withdrawal may assist in detection. The typical result of a corruption scheme is that the victim company overpays for a product or service. Trending costs and then analyzing the reason for any increases or failures to decrease when a declining trend was expected may identify the purchase of unnecessary items or of necessary items at exaggerated prices. Trending asset balances may also reveal the purchase of unneeded assets, including inventory. Excess inventory write-offs may be the result of a fraudster's attempt to make room for additional purchases. Other potential red flags that may indicate a possible corruption scheme include:
Orders regularly placed with the same dealer
Cost of materials or other purchases out of line when compared with related activities
Buyers whose way of life appear to exceed their income levels
Earning decisions-in favour of key suppliers-that are heavily influenced or made by managers outside the purchasing department
Restrictions in request documents that tend to restrict competition
A very short time frame for responding to bids.