Assessing fraud risks is an integral part of the auditing process. Statement on Auditing Standards (SAS) No. 99, Consideration of Fraud in a Financial Statement Audit, requires auditors to consider potential fraud risks before and during the information-gathering process. It is helpful for companies to understand how this process works even if their financial statements aren’t audited.
Fraud Risk Factors
SAS 99 advises auditors to presume that, if given the opportunity, companies will improperly recognize revenue and management will attempt to override internal controls. Certain factors create opportunities for dishonest employees to commit fraud and, therefore, should be avoided. Examples of fraud risk factors that auditors consider include:
- Large amounts of cash or other valuable inventory items on hand, without adequate security measures in place,
- Heavy dependence on a few key employees, who have too much power and too few checks and balances,
- Employees with conflicts of interest, such as relationships with other employees and financial interests in vendors or customers,
- Unrealistic goals and performance-based compensation that tempt workers to artificially boost revenue and profits,
- Failure to conduct background checks and other pre-employment screening, and
- Weak internal controls.
Auditors also watch for questionable journal entries that dishonest employees could use to hide their impropriety. These entries might, for example, be made to seldom-used or intracompany accounts; on holidays, weekends, or the last day of the accounting period; or with limited descriptions. Fraudsters also tend to use round numbers for fictitious journal entries that stay below the dollar threshold that would require additional signatures.
Auditor’s Role in Fraud Risk Identification
Auditors are responsible for using professional skepticism throughout the audit process. They also plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, either caused by fraud or error. Auditors generally aren’t required to investigate fraud, but they are required to communicate fraud risk findings to the appropriate level of management. Key stakeholders can then take actions to prevent fraud in their organizations.
If conditions exist that make it impractical to plan an audit in a way that will adequately address fraud risks, an auditor may even decide to withdraw from the engagement. When conditions are ripe for fraud, GBQ can help you pursue a formal forensic accounting investigation to find out more.
Get a Fraud Risk Assessment
Prepare for your next audit by letting us perform a fraud risk assessment for your business. Our team of experts will look for potential fraud schemes or scenarios and identify ways to mitigate fraud risks. Contact us today to prevent fraud before it happens.