July 4, 2009
 
About the AICPA
Member Service Center
Membership Information
AICPA Mission
Corporate Governance
Understanding the Organization
Frequently Asked Questions
Media Center
People and Places
Jobs at the AICPA
Vision Project
Legal Briefs
Professional Resources
Accounting and Auditing
Accounting and Auditing Technical Help
Accounting Standards
Audit and Attest Standards
Audit Committee Effectiveness Center
Authoritative Standards
Business Reporting Assurance & Advisory Services
Considerations for the Economic Crisis
Enhanced Business Reporting
FASB Accounting Standards Codification
IFRS
Private Company Financial Reporting
Sarbanes-Oxley Resources
SEC Regulations Committee
XBRL
Tax
Business, Industry, and Government
Financial Management Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Public Accounting Firm Resources
Center for Audit Quality
Employee Benefit Plan Audit Quality Center
Governmental Audit Quality Center
PCPS Firm Practice Center
Small Firm Corner
Peer Review
AICPA Peer Review Program
Peer Review Public File
Center Peer Review Program
Peer Review Transparency
Professional Ethics/Code of Conduct
Code of Conduct
Disciplinary Actions
Professional Ethics
Personal Financial Planning
Forensic and Valuation Services
Information Technology
Antifraud Resource Center
Financial Literacy
Exposure Drafts
CPA Marketing Toolkit
Public Meeting Notices
Conferences, Publications, CPE & the AICPA Library
AICPA Conferences
CPE
Publications
AICPA Library
Magazines and Newsletters
The CPA Letter
Journal of Accountancy
Journal of Accountancy Classified Ads
Newsletters
The Tax Adviser
Weekly News Updates
Copyright Information
Becoming a CPA/Academic Resources
Accounting Education Center
Students and CPA Candidates
Minority Initiatives
Start Here. Go Places.
Career Development and Workplace Issues
What's New
Career Advice
Job Search Tools
Mentoring Guidelines
Women in the Profession
Work-Life Balance
Young CPA Network
Consumer Information
360 Degrees of Financial Literacy
Antifraud Resource Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Disciplinary Actions
Find a CPA
Peer Review Firm Terminations
Peer Review Public File
Web Trust
Media Center and Video Library
Media Center
Video Library
Legislative Activities and State Licensing Issues
Congressional and Federal Affairs
Mobility and State Licensing Issues
State News and Info
   Home · Online Publications · The CPA Letter · November 2002 · Business and Industry · What Does New Audit Standard SAS No. 99, Consideration of Fraud in a Financial Statement Audit, Mean for Business and Industry Members?
 
  What Does New Audit Standard SAS No. 99, Consideration of Fraud in a Financial Statement Audit, Mean for Business and Industry Members?
 

 

A new fraud audit standard, effective for audits of periods beginning on or after Dec. 15, 2002, has been issued by the Auditing Standards Board. The board believes the new standard will result in a substantial change in auditors performance and thereby improve the likelihood that auditors will detect material misstatements due to fraud in a financial statement audit. Given the nature and extent of the new procedures, management should plan to provide auditors with more information and open themselves up to more extensive fraud-detection procedures.

How will SAS 99 affect industry members?
The fight against fraud begins with strong anti-fraud programs and controls that management should have in place to prevent and deter fraud. It continues with the auditor. The new SAS contains an exhibit outlining the types of controls and programs that the auditor will be looking for. Depending on the existing control structure, management probably will need to implement stronger anti-fraud programs and controls. Such measures should provide numerous benefits to the organization, as noted later in this article.

Even though the new SAS is not effective for your upcoming audit, your auditors may choose to early-adopt the SAS. In any case though, it is good business to start thinking about fraud deterrence now. Some of the new audit procedures that you can expect to see include:

  • Querying management about its views on fraud risks, knowledge of any known or suspected fraud, the method for communicating to employees its views on business ethics, and how it monitors anti-fraud programs and controls.
  • Broadening the range of information used to assess risks of material misstatement beyond what is defined in SAS 82 (for example, increased inquiries, brainstorming and analytical procedures).
  • Developing an appropriate response to each fraud risk identified in the assessment which may include, among other activities, increased review of inventories and revenue recognition, as well as performing surprise audits.
  • Performing additional procedures responding to the risk of management override of controls, such as scrutinizing journal entries, accounting estimates and unusual transactions. (Remember, this is how many of the recent high-profile frauds took place above the internal control system.)
  • Assessing the organizations programs and controls to address fraud risks. Note that to assist auditors (and management), SAS 99 will include an exhibit of anti-fraud programs and controls. This exhibit, which has been prepared in cooperation with other organizations, provides a framework of programs and controls to reduce financial statement fraud. In the near future, the AICPA will work with corporate America to outline a definitive set of anti-fraud criteria and controls as well as enhance existing attestation standards for CPAs to review and report such criteria to the public.

Benefits to Be Realized by Management
By having in place strong programs and controls that are intended to prevent and deter fraud, an organization should realize the following benefits:

  • Save 2% to 3% of revenues normally lost to fraud Per the 2002 Report to the Nation on Occupational Fraud and Abuse (Association of Certified Fraud Examiners), companies lose 6% of revenue to fraud. Fraud prevention was found to reduce that figure by between 30% and 48%. Therefore, fraud prevention measures could save organizations 2-3% of revenues. Note that these estimates show only a portion of the true picture as most fraud is never reported.
  • Enhance market value A 2002 McKinsey & Company survey1 indicated that by moving from worst to best in corporate governance, companies could expect to see a 10-12% increase in their market values.
  • Reduce federal penalties Under the Federal Sentencing Guidelines, there is a 40% reduction in penalties for companies using due diligence in implementing programs to detect and prevent violations of law.
  • Reduce audit fees More audit work now required under SAS 99 generally translates into higher fees. Organizations looking to reduce, or at least hold the line on, audit fees should focus on establishing and managing strong anti-fraud programs and controls to mitigate fraud risks and provide external auditors a foundation of existing controls for audit planning reliance.
  • Prevent civil lawsuits Many times employees who experience issues in the workplace first try to resolve these issues internally. If their complaints are ignored, employees feel compelled to go to an outside advocate. That could be a private attorney, government regulator or news agency. Giving employees an internal outlet can solve problems without the event becoming public knowledge or an issue for the courts. (Refer back to the September 2002 supplement for the Ethics Decision Tree for CPAs in Business and Industry for a methodology.)
  • Recover more of the loss According to a recent study, only 60% of organizations carry necessary fraud insurance and for those that did, 49% of them recovered only 0-25% of the original loss2 . Prevention, by its nature, would have saved the entire loss.
  • Maintain a positive brand image Recent events illustrate the devastating effects to an organization of even the hint of fraudulent financial statement reporting. Through appropriate prevention measures, an organizations image can remain intact.

How a Company Can Reduce Fraud
The risk of fraud can be reduced through a combination of prevention, deterrence and detection measures. However, fraud often is difficult to detect because it often involves concealment through falsification of documents or collusion. Therefore, it is important to place a strong emphasis on fraud prevention, which may reduce opportunities for fraud to take place, and fraud deterrence, which could persuade individuals that they should not commit fraud because of the likelihood of detection and punishment. Moreover, prevention and deterrence measures are much less costly than the time and expense required for fraud detection and investigation.

Anti-fraud programs and controls, as discussed in the SAS 99 Exhibit, include the following key elements:

  • Create and maintain a culture of honesty and high ethics. The ethical culture needs to be set by management through their daily words, but more importantly, their actions. Therefore, the organizations value system requires not so much a written code of conduct (which is important as well) but a daily, consistent adherence to these values. Companies should also clearly communicate their ethical values, decision-making processes and codes of conduct to all employees so they may be empowered to make appropriate ethical decisions even when they are far from headquarters or confronted with a new dilemma.
  • Evaluate the risks of fraud, and implement risk mitigation. Fraud risk assessment should be part of a more enterprise-wide risk monitoring process but can also be done separately. A
    collection of fraud risk factors are included in SAS 99 and are segregated into the areas of fraudulent financial reporting and asset misappropriation. Based on the assessed risks, a response is developed which may include preventative controls (reducing the opportunity to commit fraud), mitigation controls (reducing the impact of the potential fraud), or transference (selecting appropriate fraud insurance such as a fidelity insurance policy).
  • Develop an appropriate oversight process. Internal and
    external parties need to oversee the risk of and responses to fraudulent financial reporting. Although the entire management team shares the responsibility for implementing and monitoring these activities, the entitys CEO should initiate and support such measures. In addition, the entire organization should adopt a level of fraud awareness similar to a neighborhood watch
    program. Employees should have a means to communicate wrongdoing without fear of retribution as tips from employees are still the number one way fraud is uncovered. Further,
    independent verifications by internal and external auditors help to ensure controls are operating effectively. Such reviews should be reported directly to the audit committee. Coupled with follow-up work to suspected wrongdoing, these reviews send a strong deterrent message throughout the organization. Oversight needs to take a tiered approach so that override at any given layer, including the CEO, may be identified and properly handled. The top layer of this oversight process is reserved for the audit committee who must ensure top management upholds its responsibilities to the organization.

1 McKinsey Quartely, A premium for good governance, 2002 Number 3.
2 2002 Report to the Nation on Occupational Fraud and Abuse (Association of Certified Fraud Examiners).

Handbook on Fraud Prevention

Developed specifically for CPAs working in business and industry, The CPAs Handbook of Fraud and Commercial Crime Prevention (No. 056504CPA11) is a valuable reference designed to help CPAs manage the risk of fraud. Price: $180 member/$225 non-member. 

 

 

 

  
 
To ensure that you can receive email messages from the AICPA, remember to update your member profile. Also, add the AICPA's email domains ("aicpa.org" and "email.aicpa.org") to your Sender Safe List, or contact your IT administrator to update your firm's email software.

©2006-2009 The American Institute of Certified Public Accountants, ISO 9001 Certified
AICPA Privacy Policy and Copyright Information | Jobs at the AICPA | Contact Us
AICPA, 1211 Avenue of the Americas, New York, NY 10036
Trusted Commerce