Fraud Risk Assessment
eBook - ePub

Fraud Risk Assessment

Building a Fraud Audit Program

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Fraud Risk Assessment

Building a Fraud Audit Program

Book details
Book preview
Table of contents
Citations

About This Book

Providing a comprehensive framework for building an effective fraud prevention model, Fraud Risk Assessment: Building a Fraud Audit Program presents a readable overview for developing fraud audit procedures and building controls that successfully minimize fraud. An invaluable reference for auditors, fraud examiners, investigators, CFOs, controllers, corporate attorneys, and accountants, this book helps business leaders respond to the risk of asset misappropriation fraud and uncover fraud in core business systems.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Fraud Risk Assessment by Leonard W. Vona in PDF and/or ePUB format, as well as other popular books in Business & Managerial Accounting. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2012
ISBN
9781118429082
Edition
1
Topic
Business
Subtopic
Managerial Accounting
Index
Business

Chapter 1

Fraud Theory

Auditors today are at a crossroads regarding how to incorporate fraud detection into their audit plans. Sarbanes-Oxley, Public Company Accounting Oversight Board (PCAOB) regulators, and the professional standards of auditing are requiring auditors to give greater consideration to incorporating fraud detection into their audit plan. Companies’ boards of directors, management, and the public are asking why is fraud occurring and going undetected in our business systems. Auditors are asking themselves whether fraud can be detected when there is no predication or allegation of a specific fraud.
Traditionally, the auditing profession had two fundamental ways to deal with the fraud question:
1. Search for fraud using a passive approach of testing internal controls. The approach relies on auditors seeing the red flags of fraud. Although few audit programs incorporate specific red flags for audit observation, the assumption is that professional experience will provide auditors with the skills to observe the red flags.
2. React to fraud allegations received through a tip or some other audit source. Since studies continue to indicate that most frauds are detected through tips, we need to ask ourselves how effective past audit approaches have been.
Historically, the profession relied on evaluating the adequacy and effectiveness of internal controls to detect and deter fraud. Auditors would first document the system of internal controls. If internal controls were deemed adequate, the auditors would then test those controls to ensure they were operating as intended by management. The test of internal controls was based on testing a random, unbiased sample of transactions in the business system. Conventionally, audit standards stated that auditors should be alert to the red flags of fraud in the conduct of an audit. Study after study indicates that the lack of professional skepticism is a leading cause for audit failure in detecting fraud.
In one sense, the search for fraud seems like a daunting responsibility. However, fraud in its simplest form should be easy to find. After all, the key to finding fraud is looking where fraud is and has been. This book focuses on the use of fraud auditing to detect fraud in core business systems. Fraud auditing is a proactive audit approach designed to respond to the risk of fraud. Essentially, the fraud audit approach requires auditors to answer these questions:
  • Who commits fraud, and how?
  • What type of fraud are we looking for?
  • Should fraud be viewed as an inherent risk?
  • What is the relationship between internal controls and fraud opportunity?
  • How is fraud concealed?
  • How can we incorporate the fraud theory into our audit approach?
  • What are the ways fraud auditing can be used to detect fraud?

BUILDING FRAUD THEORY INTO THE AUDIT PROCESS

Fraud auditing is similar to, but different from traditional auditing in several ways. Typically, an audit starts with an audit plan, whereby, risks are identified through a risk assessment, controls are linked to the risks, sampling plans and audit procedures are developed to address the risk(s) identified. The audit steps are the same regardless of the system(s) being targeted. Throughout the process, the auditor must have an understanding of the system(s) being audited. For example, to audit financial statements, auditors must understand generally accepted accounting principles (GAAP). In the same way, to audit a computer system, auditors must understand information technology (IT) concepts.

Using the Fraud Risk Assessment

If the steps are the same, then what feature makes fraud auditing different from traditional auditing? Simply, the body of knowledge associated with fraud. The fraud theory must be built into the audit process. Specifically, during the audit planning stage, auditors must determine the type and the size of the fraud risk. By performing a fraud risk assessment, the identified fraud risk is associated with the core business systems. As in the traditional audit, controls are linked to the risk, but in this circumstance it is the fraud risk that is targeted. By incorporating the fraud theory in the fraud risk assessment, the concealment strategies employed by the perpetrator(s) are also considered. Auditors rely on the red flags of fraud to prompt awareness of a possible fraudulent event, known as the specific fraud scheme. The sampling plan is used to search for the transaction indicative of the specific fraud scheme. Then, the audit procedure is designed to reveal the true nature of the transaction.

The Principles of Fraud Theory

Although the fraud risk assessment is a practical tool, there are principles upon which fraud auditing is based that auditors should know before initiating a fraud audit plan. These principles are as follows:
  • Fraud theory is a body of knowledge.
  • Fraud is predictable to the extent of how it will occur in a specific situation, not necessarily in the actual occurrence.
  • The key to locating fraud is to look where fraud occurs.
  • If you want to recognize fraud, you need to know what fraud looks like.
  • People commit fraud, not internal controls.
  • Fraud risk and control risk have similarities. However, fraud risk differs from control risk by containing the elements of intent and concealment.
  • Fraud audit procedures must be designed to pierce the concealment strategies associated with the fraud scheme.
  • Fraud audit procedures must validate the true economic substance of the transaction.
  • Fraud audit comments differ from the traditional management letter or internal audit report.

ATM : AWARENESS, THEORY, METHODOLOGY

Fraud is like an ATM machine at a bank. Both are designed to withdraw money. ATM machines enable users to withdraw money from banks. Fraud is the withdrawal of funds from an organization. The funds may be embezzled directly, siphoned off through kickback schemes, or be the result of inflated costs due to bribery and conflict of interests. The fraud audit approach requires awareness, theory, and methodology (ATM) to detect fraud. Successful auditors need:
Awareness of the red flags of fraud:
  • Fraud concealment strategies
  • Sophistication of the concealment strategy
  • Indicators of fraudulent transactions
Theory provides an understanding how fraud occurs in a business environment:
  • Fraud definitions
  • The fraud triangle
Methodology designed to locate and reveal fraudulent transactions. The methodology employed in designing a fraud audit program consists of the following stages:
  • Define the scope of fraud to be included and excluded from the audit program.
  • Verify compliance with the applicable professional standards.
  • Develop the fraud risk assessment including:
    • Identify the type of fraud risk.
    • Identify business processes or accounts at risk.
    • Internal controls are linked to the fraud risk.
    • Concealment strategies revealed using the red flags of fraud.
    • Develop a sampling plan to search for the specific fraud scheme.
    • Develop the appropriate fraud audit procedures.
  • Write the fraud audit report.
  • Understand the fraud conversion cycle.
  • Perform the fraud investigation.
The search for fraud is built on both awareness and methodology; however, both items are predicated on auditors having a sufficient knowledge of the science of fraud, hence the fraud theory. Auditors are not born understanding fraud. The awareness needs to be incorporated into the audit plan through audit team discussions during the planning stages. Audit programs must incorporate a methodology that responds to the identified fraud risks existing in core business systems.

Theory

The “T” in ATM stands for theory, specifically, fraud theory. Given that the knowledge of fraud theory is needed by auditors in order for “awareness” to be incorporated into the audit plan and for a “methodology” to be established, the specific elements of fraud theory need to be discussed as a first step.

Definitions

Inherent to the process of searching for fraud is having a clear definition of fraud to be incorporated into the fraud risk assessment. Throughout the process, a thorough understanding of the fraud theory is critical to an auditor’s success in preventing, detecting, deterring, and prosecuting fraud.
Auditors need to understand that fraud is an intentional and deliberate effort by the perpetrator to conceal the true nature of the business transaction. Fraud perpetrators have varying levels of sophistication, opportunity, motives, and skills to commit fraud.
The fraud risk assessment starts with a definition of fraud and the type of fraud facing organizations. The assessment can be based on a legal definition, an accounting definition, or the author’s definition specifically designed for fraud risk assessments.
The Legal Definition
  • A known misrepresentation of the truth or the concealment of a material fact to induce another to act to their detriment.
  • A misrepresentation made recklessly without the belief in its truth to induce another person to act.
  • A tort arising from a knowing misrepresentation, concealment of material fact, or reckless misrepresentation made to induce another to act to their detriment.
  • Unconscionable dealing especially in contract law. The unfair use of power arising out of the parties’ relative positions and resulting in an unconscionable bargain.
The legal definition requires auditors to understand the legal implications of the terms in the definition. The term “misrepresentation” includes concealment, nondisclosure, or false representation. The misrepresentation must relate to a material fact rather than a simple opinion. However, opinions made by an individual purportedly with superior knowledge could become a misrepresentation. Concealment, referred to as suppression of facts, is also a critical aspect of the misrepresentation. The courts have accepted these theories of concealment:
  • Intentional concealment of known defects.
  • Active prevention of the discovery of the defects.
  • Uttering lies, with the intent to deceive.
  • Nondisclosure typically does not rise to the level of fraud, unless a fiduciary relationship exists.
In reality, the use of the legal definition of fraud is impractical for most audit organizations simply because the definition is written for civil and criminal prosecutions.

The Accounting Definition

Given the specific usage of the legal definition, auditors typically look to the applicable professional standards followed by the audit organization. The American Institute of Certified Public Accountants (AICPA) offers guidance in its Statement of Auditing Standards (SAS No. 99) as to the auditor’s responsibilities to detect fraud that would have a material impact on the financial statements. The standards focus on financial statement and asset misappropriation schemes. Interestingly, the standard does not provide a definition of fraud. Rather auditors are guided by the standard definitions of errors in financial statements. An example of a professional standard applicable to fraud is the Institute of Internal Auditors Standard 1210.A2.
The Institute provides guidance on Auditor’s Responsibilities Relating to Fraud Risk Assessment, Prevention, and Detection. The standard states that internal auditors should have sufficient knowledge to identify the indicators of fraud, but they are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. The standard contains a section called “What is Fr...

Table of contents

  1. Cover
  2. Contents
  3. Title
  4. Copyright
  5. Preface
  6. About the Author
  7. Acknowledgments
  8. Chapter 1: Fraud Theory
  9. Chapter 2: The Fraud Audit
  10. Chapter 3: Organizational Fraud Risk Assessment
  11. Chapter 4: Fraud Penetration Risk Assessment
  12. Chapter 5: Fraud Data Mining
  13. Chapter 6: Fraud in Expenditure
  14. Chapter 7: Contract Fraud
  15. Chapter 8: Bribery
  16. Chapter 9: Travel Expenses
  17. Chapter 10: Payroll Fraud Schemes
  18. Chapter 11: Revenue Fraud
  19. Chapter 12: Asset Fraud Schemes
  20. Chapter 13: Fraud Control Theory
  21. Chapter 14: Fraud Audit Report
  22. Chapter 15: Fraud Investigation for the Auditor
  23. Index