SAS99 Overview
Upcoming SlideShare
Loading in...5

SAS99 Overview






Total Views
Views on SlideShare
Embed Views



1 Embed 1 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Fraud 1 – Misappropriation of Assets Involves the theft of an entity’s assets where the effect of the theft causes the financial statements to be materially misstated Usually perpetrated by employees but can involve management Typically driven by opportunity Often a major concern for the owner-manager of a privately-held business entity Fraud 2 – Fraudulent Financial Reporting Intentional misstatements or omissions of amounts or disclosures in financial statements designed to deceive users Usually perpetrated by management Typically driven by incentives or pressures A concern for both publicly and privately held entities, including governmental and not-for-profit organizations
  • Auditors need to overcome common natural tendencies and biases Overreliance on client representations (oral and written) or failure to collaborate those representations with other audit evidence Lack of awareness or failure to recognize that an observed condition may indicate a material fraud Lack of experience in understanding why fraud occurs or the behavior patterns to look for Personal relationships with clients and belief that they are honest and conduct themselves with integrity
  • The entity’s environment and culture (“tone at the top”) Common control failures at small business entities ACFE Report to the Nation – 2002
  • Examining journal entries and other adjustments for evidence of possible material misstatement due to fraud Performing a ‘retrospective review’ of accounting estimates for biases Understanding the organization’s rationale for unusual transactions

SAS99 Overview SAS99 Overview Presentation Transcript

  • SAS 99: Consideration of Fraud in a Financial Statement Audit Based upon AICPA 2003 overview available at
  • The Perpetrators – Who They Are
    • Typical perpetrator is a first-timer
      • On average, employees tend to be 30% honest, 30% dishonest, 40% potentially dishonest if conditions exist
      • Small businesses are ripe with conditions
      • Often the least expected employee
    • Hints? What to look for?
      • Changes in financial situation (new cars, jewelry, clothes)
      • Excessive lifestyle given position and pay
      • Life events, drugs, gambling, divorce
    • Ease of opportunity brings rationalization
    • Never forget background checks – good client recommendation!
  • SAS 99 Overall Requirement
    • An audit should be planned and performed to obtain reasonable assurance about whether the financial statements are free of material misstatements, whether caused by error or fraud.
    • An audit requires due professional care, which in turn requires that the auditor exercise professional skepticism.
  • Causes of Misstatements
    • Causes
    Fraud Errors Misappropriation of Assets Financial Reporting
  • Two Types of Fraud Considered in an Audit
    • Fraudulent financial reporting (“cooking the books”)--examples
      • Falsification of accounting records
      • Omissions of transactions
    • Misappropriation of assets--examples:
      • Theft of assets
      • Fraudulent expenditures
  • Professional Skepticism
    • An attitude that includes a questioning mind and a critical assessment of audit evidence
    • The engagement should be conducted recognizing possibility of material misstatement due to fraud
    • An auditor should not be satisfied with less than persuasive evidence (more than just inquiry)
  • Fraud Conditions (“Fraud Triangle)
    • Incentive
    • (Pressure)
    • Opportunity Rationalization
    • (Attitude)
  • Steps involved in Considering the Risk of Fraud
    • Staff discussion
    • Obtain information needed to identify risks
    • Identify risks
    • Assess identified risks
    • Respond to results of assessment
    • Evaluate audit evidence
    • Communicate about fraud
    • Document consideration of fraud
  • Step 1—Staff Discussion of the Risk of Fraud
    • Usually led by engagement leader
    • Brainstorm
    • Consider how and where financial statements might be susceptible to fraud
    • Exercise professional skepticism
  • Step 2—Obtain information needed to identify risk of fraud
    • Inquiries of management, the audit committee, internal auditors and others (various levels of the organization!)
    • Consider results of analytical procedures
    • Consider fraud risk factors
    • Consider other information
  • Step 3—Identify Risks that may Result in Fraud and Consider
    • Type of risk
    • Significance of risk (magnitude)
    • Likelihood of Risk
    • Pervasiveness of risk
  • Step 4—Assess the identified risks after considering programs and controls
    • Consider understanding of internal control
    • Evaluate whether programs and controls address the identified risks
    • Assess risks taking into account this evaluation
  • Step 5—Respond to Results of the Assessment
    • As risk increases
    • Overall responses
      • More experienced staff
      • More attention to accounting policies
      • Less predictable procedures
    • Specific responses
      • Consider need to increase evidence by altering the nature, timing and extent of audit procedures (might move from a moderate to high necessary level of comfort for certain audit areas)
  • Step 5—Respond to Results of the Assessment (concluded)
    • On all audits, the auditor should consider the possibility of management override of controls and examine:
      • Adjusting journal entries
      • Accounting estimates
      • Unusual significant transactions
  • Step 6—Evaluate Audit Evidence
    • Assess risk of fraud throughout the audit
    • Evaluate analytical procedures performed as substantive tests and at overall review stage
    • Evaluate risk of fraud near completion of fieldwork
    • Respond to misstatements
    • MUST included element of unpredictability – what is this???
  • Step 7—Communicate about Fraud
    • Communicate
      • All fraud to an appropriate level of management
      • All management fraud to audit committee
      • All material fraud to management and audit committee
    • Determine if reportable conditions related to internal control have been identified; communicate them to the audit committee
  • Document Consideration of Fraud
    • Document steps 1 -7
      • Staff discussion
      • Information used to identify risk of fraud
      • Fraud risks identified
      • Assessed risks after considering programs and controls
      • Results of assessment of fraud risk
      • Evaluation of audit evidence
      • Communications requirements
    • If improper revenue recognition was not considered a risk, why it wasn’t