Bi3.net
 Home
 ProductCenter
 About Us
 Contact Us
 Contact Us
 Send Us a Message
 Mailing List
 Web Links
 ServiceCenter
 CustomerCenter
 Forms
 Audit Intelligence

Close Preview Window

 
Contact Us

 

 The new era of professional judgment?.and realizing that fraud is a five (not a four) letter word

 

by Kathi Rank, CPA and Richard B. Lanza, CPA

 

_________________________________________________________________________________

 

 

SAS 99 – The New Chapter in Fraud Fighting - A Realization of the Common Thread

 

SAS 99 is the newly issued audit standard requiring auditors to “dig deeper” to root out fraud.   It is a comprehensive, far-reaching audit standard and requires that we significantly change the way we think about and perform audits.  Major changes include:

 

Ø      A required brainstorming session among the audit team members to discuss the potential for material misstatement due to fraud.

Ø      Expanded use of analytical procedures to gather information used to identify risks of the material misstatement due to fraud.

Ø      The consideration of other information, such as client acceptance and continuance procedures, during the information-gathering phase.

Ø      An emphasis on the importance of maintaining the proper state of mind throughout the audit-that is, professional skepticism.

Ø      An increased emphasis on inquiry of senior management as an audit procedure that increases the likelihood of fraud detection.

 

As auditors complete the above procedures, a common thread can be seen: Audit work is more “thinking” and less checklist driven.

Audit work is more “thinking” and less checklist driven!

Consider the business environment in the 1980s, when the personal computer was first introduced and then widely adopted. At that time, it was predicted that with the new technology, huge investment companies would reap significant benefits in the form of increased productivity. In fact, increases in productivity were quite slow to develop, and by the end of the decade business owners were asking, Where's the benefit?  Through formal and informal study of the situation, analysts concluded that the anticipated benefits of the new technology were slow to surface because companies had simply used the technology to automate existing processes. The more successful implementations occurred when entities used technology as a basis for rethinking their existing practices and designing new ones.

 

That same dynamic could be said of the introduction of SAS 99, assuming of course that checklists not become the basis for its implementation.   Audit checklists, containing the common tests that should be completed in an audit, are useful tools like our Palm Pilots help us remember where we need to be at 3:15 today.  But the checklist should not drive an audit any more than our Palm Pilots should start booking appointments for us.  It is unfortunate but the audit process has been devalued in many ways through the over-use of checklists.  Up-front thinking and business understanding was walking out the door and being replaced with a junior auditor and a checklist.  The hope (and increase in audit realization) was to have the junior auditor use the expert system of the checklist to do the same job as the experienced auditor.

 

Checklists don’t work for SAS 99!  It doesn’t help that audits have been recently devalued in the public’s mind through the numerous financial disasters.  By compounding this with the use of checklists instead of sound thinking, the auditor is doing a disservice to themselves, the firm, and the profession as a whole.    This is not to say that checklists do not provide some value in ensuring that all steps were followed.  It is to just to say that SAS 99 requires a whole new set of tools, with the best tool available for free right under an auditor’s cranium.

 

New Mindsets Required

As to using their brain differently, the new SAS requires auditors to bring a new perspective to understanding an entity's business and its internal control.  Auditors have always been required to gain an understanding of the entity's business and the industry in which it operates in order to plan the audit.  Now, that understanding will be broader and deeper.  The auditor also has to consider all of the fraud prevention and detection controls existing at the client.  Taken as a whole, SAS No. 99 requires auditors to understand an entity's business, allowing them to identify unusual transactions outside the normal course of business.

 

The standard also requires that auditors maintain a healthy skepticism throughout the engagement.  They must set aside their beliefs that management is honest, even though they  may have many years of prior experience with the management team.   This questioning mind is expected to allow new perspectives of “what can go wrong” which will start in the early brainstorming sessions and may lead to increased testing and obtaining further evidence.  In our opinion, professional skepticism cannot be taught, it must be learned.  All of the articles, guidebooks, manuals and checklists for SAS 99 and Fraud Audits include more checklists, and seem to suggest that any auditor can become a fraud expert by checking the boxes.   We don't know if you remember the 'Paint by Numbers' kits from when you were a kid, but finishing a Paint by Numbers no more made you a Da Vinci than following a thorough checklist makes one a fraud expert or a good auditor.

 

Experienced Judgment Required

Fraud expertise and the expertise to spot “what can go wrong” are obtained through experience.  This experience could be personal such as on a past engagement, obtained through training, or obtained through discussions with professional contacts.  Regardless, it takes time to build up this requisite knowledge.  Such knowledge will need to be applied to all of the new procedures required by SAS 99 to ensure an effective audit (as junior staff will have a difficult time completing the procedures without experienced guidance):

 

Ø      Discussion among engagement personnel regarding the risks of material misstatement due to fraud.

Ø      Obtaining the information needed to identify risks of material misstatement due to fraud.

Ø      Inquiring of management and others within the entity about the risks of fraud:

§         Considering the results of the analytical procedures performed in planning the audit.

§         Considering fraud risk factors.

§         Considering certain other information.

Ø      Assessing the identified risks after taking into account an evaluation of the entity's programs and controls.

Ø      Responding to the results of the assessment.

§         A general response affecting the entire scope and approach of the audit

§         A response to identified risks that involves the nature, timing, and extent of the auditing procedures to be performed.

§         A response involving the performance of certain procedures to further address the risk of material misstatement due to fraud involving management override of controls.

Ø      Evaluating audit evidence to determine whether the accumulated results of auditing procedures and other observations affect the initial assessment.

 

What is most striking from the above procedures is the increase in audit quality, based on infusion of experienced judgment.  And like all processes, improved quality in the planning and performance of that process leads to an improved final product. 

 

Aside from the improved quality, putting more experienced judgment back into the audit highlights the value of the CPA.  Quality and value result in numerous benefits to the client.  This is just plain old good business practice and ultimately fosters good business counseling (see last section of this article for more on this topic). 

 

 

New Tools to Aid the Thinking Process

Guidebooks and Training

There are many guidebooks and training on the subject of fraud prevention and detection from a host of suppliers.  Probably the two best sources of information are the AICPA and the Association of Certified Fraud Examiners (“ACFE”).  The ACFE is the first source to review as they have been focused on this topic longer than any other entity.   ACFE offers a host of video, CD-Rom, self study, and in person training classes.  The AICPA is another good source as their Auditing Standards Board released SAS 99 and their related guidebooks are the most authoritative.  Aside from training in the audit standard itself, additional training in financial statement fraud, fraud schemes, and interviewing techniques is recommended.

 

Another consideration for training is in the realm of creativity and brainstorming.  While everyone has sat in a room and thrown out ideas, there is a real science and art to idea generation.  A quick search in Amazon or the Barnes & Noble website will provide a huge resource for reading/training options.  It is suggested that the key words “creativity”, “brainstorming”, and “facilitated meeting” be used in the website’s search engine for the best results. 

 

Financial Statement Analysis Toolsets

Although SAS 99 asks that two types of fraud be considered, the key fraud in the public’s mind is financial statement fraud.  Per a recent study by the Association of Certified Fraud Examiners, financial statement fraud occurred the least (5.1% of cases) but it had the most impact with an average $4.25 million per scheme. 

 

And the best way to detect such fraud is starting with the financial statements themselves.  Below is an extensive list of benefits for doing financial statement analysis:

 

  1. To assist the auditor in planning the nature, timing, and extent of audit procedures
  2. To help direct auditor’s attention to the existence of management fraud.  For example, the Association of Certified Fraud Examiners listed the use of analytical procedures as one of four means towards a proactive fraud policy.
  3. To reduce risk in testing account balances
  4. To review overall reasonableness at the end of the audit
  5. To assist in proposing financial statement adjustments based on analytical calculations
  6. To identify areas of focus that are not on the income statement or balance sheet as analytical procedures help auditors look beyond what is being currently reported to what they expect to be reported based on business and industry trends.
  7. To help an auditor better understand the relationships existing within the financial information of the business entity.

 

New tools, especially ones that come with product guides focused on fraud detection, can raise the bar for less experienced auditors.  Also, tools that make it easy to load statement data and then automatically analyze it in various numeric and graphical ways reduce the time spent doing “grunt” work which increases the time allotted for review.  One such tool, Audit Intelligence (www.bi3.net) eliminates the repetitive, mundane aspect of gathering the data, organizing the data, preparing the data and organizing it into formats that allow more visibility and transparency into the numbers.  The identification of unusual patterns/trends/anomalies or irrational ratios can be accomplished rapidly, with the added ability to explore underneath the surface and better understand why the results are what they are.  The tool actually has screens focused on all fraud indicators associated with common frauds such as overstated revenue.  It also does a great job in trending data over time to unearth patterns that may not been seen when looking at two annual periods side-by-side.  Finally, Audit Intelligence provides guidebooks and training to quickly “jump start” auditors into seeing fraudulent patterns.  The guidebook in particular amasses practically every fraudulent financial indicators in easy-to-use matrices for quick application to the data at hand.

Fraud is Not a Four Letter Word (It is Actually Five Letters)

 

Benefits to the Client of Reducing Fraud

Up until 1997 when the AICPA issued SAS 82 (recently replaced by SAS 99), fraud was never mentioned in the audit standards.  Instead the word “irregularity” was used as fraud has such negative connotations.  Times have changed and not only is the fraud word being uttered, it is being shouted by the public and associated public watchdogs as an evil that must be detected whenever possible. 

 

With such a desire to “root out” fraud (many times without knowing why), below is a list of key benefits for its elimination[1]:

 

Ø      Save 2% to 3% of revenues normally lost to fraud - Per the 2002 Report to the Nation on Occupational Fraud and Abuse (Association of Certified Fraud Examiners), companies lose 6% of revenue to fraud.  Fraud prevention was found to reduce that figure by between 30% and 48%. Therefore, fraud prevention measures could save organizations 2 - 3% of revenues. Note that these estimates show only a portion of the true picture as most fraud is never reported.

Ø      Enhance market value – A 2002 McKinsey & Company survey[2] indicated that by moving from worst to best in corporate governance, companies could expect to see a 10-12% increase in their market values.

Ø      Reduce federal penalties – Under the Federal Sentencing Guidelines, there is a 40% reduction in penalties for companies using due diligence in implementing programs to detect and prevent violations of law.

Ø      Reduce audit fees – More audit work now required under SAS 99 generally translates into higher fees. Organizations looking to reduce, or at least hold the line on audit fees should focus on establishing and managing strong anti-fraud programs and controls to mitigate fraud risks and provide external auditors a foundation of existing controls for audit planning reliance. 

Ø      Prevent civil lawsuits - Many times employees who experience issues in the workplace first try to resolve these issues internally. If their complaints are ignored, employees feel compelled to go to an outside advocate. That could be a private attorney, government regulator or news agency. Giving employees an internal outlet can solve problems without the event becoming public knowledge or an issue for the courts.  (Refer back to the September 2002 supplement for the “Ethics Decision Tree for CPAs in Business and Industry” for a methodology.)

Ø      Recover more of the loss – According to a recent study, only 60% of organizations carry necessary fraud insurance and for those that did, 49% of them recovered only 0-25% of the original loss[3]. Prevention, by its nature, would have saved the entire loss.

Ø      Maintain a positive brand image – Recent events illustrate the devastating effects to an organization of even the hint of fraudulent financial statement reporting. Through appropriate prevention measures, an organization’s image can remain intact.

 

Benefits to the CPA Firm of “Rooting Out” Fraud

The audit, in many circles, became the “foot in the door” that led to other, more profitable, consulting services.  Now, the audit can be viewed as a valuable service as it will work harder to detect fraud for clients and the public at large.  Fraud reduction work, pointed out in an audit, can also lead to additional services as follows:

 

Ø      Fraud review engagements – A review of the company’s policies and procedures to detect fraud which is designed to determine whether they are adequately functioning.  Please note that this is not expected to provide assurance that fraud has not or will not be effectuated but rather highlights any weaknesses in the prevention system. 

Ø      Fraud examinations – An investigation into an allegation of fraud.  It is conducted in accordance with lawful fraud examination techniques which include, but are not limited to, examination of books and records, voluntary interviews of appropriate personnel, and other such evidence gathering procedures as necessary under the circumstances.  The investigation does not provide assurance of uncovering fraud but makes a best effort to identify such happenings.

Ø      Expert witness – Professional assistance designated to provide testimony in criminal and civil prosecutions where the services can be used to support investigations of such matters such as financial frauds, embezzlements, misapplication of funds, etc.  Expert witnesses may also be used as defense witnesses or to support the defendant’s counsel on matters that involve accounting or audit issues.  Generally, the expert plays an ongoing part with the litigation team with the following assigned duties:

 

o        Establish the facts

o        Interpret the facts

o        Comment on the opposing expert’s facts and opinions

o        Define the professional standards in the particular area of your opponent’s expertise[4]

 

Other Benefits to the CPA Firm

Two hundred years ago the farmer was the dominant profession in the United States, replaced 100 years later by factories.  Today, it is the farming of ideas that is arguably the most important business.  For example, 50 years ago the top 100 companies in the S&P 500 made something you can touch while today only 50% fit into that category[5].

 

CPAs, providing untouchable business experience and intelligence, are probably in the best position to provide improved business performance ideas.   For example, inefficiencies in the processing of accounts receivable, payables and inventory can lead to additional consultations to assist the company’s improvement. 

 

What’s more is that through following the new procedures in SAS 99, auditors will work more to develop junior accountants and distill their experience.  For instance, using tools such as financial statement analysis more experienced CPAs can show business relationships and indicators for further review to more junior staff.

 

Richard B. Lanza, CPA, PMP, is a manager of internal audit at a Fortune 200 retailer, where he focuses mainly on using computer-assisted audit tools to improve business intelligence, increase efficiencies, and identify bottom-line savings. He is the founder of the non-profit Web site, www.auditsoftware.net/community and headed the Program Management Office at the American Institute of Certified Public Accountants where he focused on their fraud initiative. He was recently awarded the prestigious Outstanding Achievement in Commerce Award from the Association of Certified Fraud Examiners.  His e-mail address is: questions@richlanza.com.

 

The opinions in this article are the author’s and do not necessarily represent the policies or positions of his employer.

 

Kathi Rank, CPA is a retired partner having spent over 25 years with Windes & McClaughry, a large local firm in Southern California.  In connection with providing audit, tax and consulting services to a wide range of clients she lead the firm into use of electronic audit tools in the early days of personal computers and was the technology partner in charge of the firm’s investment in and implementation of technology solutions.  E-mail address krank@socal.rr.com

 


[1] CPA Letter. “What SAS 99 Means to Industry Members”. November 2002.

[2] McKinsey Quarterly, “A premium for good governance,” 2002 Number 3.

 

[3] ACFE. “2002 Report to the Nation on Occupational Fraud and Abuse”. 2002.

 

[4] Association of Certified Fraud Examiners. “Fraud Examiners Manual”. 2003 Edition.

[5] Simon and Schuster.  “Unleashing the Idea Vir


Back