8.04 Management considers fraud risk factors. Fraud risk factors do not necessarily indicate that fraud exists but are often present when fraud occurs. Fraud risk factors include the following: Incentive/pressure – Management or other personnel have an incentive or are under pressure, which provides a motive to commit fraud.
A fraud risk assessment to identify exposures and provide recommendations to mitigate them.
Incentive/pressure – Management or other personnel have an incentive or are under pressure, which provides a motive to commit fraud. Opportunity – Circumstances exist, such as the absence of controls, ineffective controls, or the ability of management to override controls, that provide an opportunity to commit fraud.
Opportunity – Circumstances exist, such as the absence of controls, ineffective controls, or the ability of management to override controls, that provide an opportunity to commit fraud. Attitude/rationalization – Individuals involved are able to rationalize committing fraud.
A fraud risk assessment to identify exposures and provide recommendations to mitigate them.
Fraud prevention starts with a management team committed to a culture of honesty and integrity. They institute a formal code of conduct with a strong, unfailingly enforced policy on fraud. An active training program ensures employees understand fraud, its impact on the company, and the seriousness with which management takes the matter. Employees should have ready access to resources should they have questions as well as a whistleblower hotline through which they can report questionable activity anonymously.
Management also prevents fraud by establishing a positive and productive work environment. Reasonable performance expectations and incentive programs ease the temptation to game the system. Staffing key departments with the right skill sets and headcount allows for a segregation of duties and appropriate checks and balances for operational and transactional control. Regular employee reviews set expectations for performance and create the means by which poor performers are either rehabilitated or terminated. Finally, management demonstrates they are deeply invested, involved, and interested in the company’s financial affairs, business processes, and employee opinions and contributions.
Organizations with reduced headcount are particularly vulnerable as they are less likely to segregate duties with the associated procedural checks and balances. Incentive and/or pressure may push employees to commit fraud.
Most fraud goes undetected. Of reported instances, the ACFE reports median losses equal to $150,000 with the underlying behaviors in effect for 18 months before detection.
The fraud triangle identifies three broad categories of risk that set the stage for fraud.
Fraud is a surprisingly big issue. According to the Association of Certified Fraud Examiners (ACFE), organizations lose up to 5% of their total revenue to fraud. Common schemes include: Skimming. Accepting cash from a customer but not recording the sale. Billing Fraud.
Risk factors reflective of attitudes/rationalizations by board members, management, or employees that allow them to engage in and/or justify fraudulent financial reporting may not be susceptible to observation by the auditor.
The primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. It is important that management create a culture of honesty and ethical behavior, reinforced by active oversight from a board of directors and/or audit committee. 6.
AU-C 240.A75 cites several examples of risk factors related to misstatements arising from misappropriation of assets, including the creation of adverse relationships between the entity and employees with access to cash or other assets susceptible to theft. Examples of adverse relationships include known or anticipated future employee layoffs; recent or anticipated changes to employee compensation or benefit plans; and promotions, compensation, or other rewards inconsistent with expectations.
Misstatements arising from fraudulent financial reporting are intentional misstatements or omissions of amounts, accounts, events, or disclosures in financial statements designed to deceive financial statement users, and include the manipulation, falsification, or alteration of accounting records or supporting documents from which financial statements are prepared, and the intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure.
controls, including automated controls and controls over interim financial reporting (where external reporting is required), can lead to opportunities for misstatements to occur due to fraudulent financial reporting. Management is responsible for establishing and maintaining internal controls, and determines if the controls are operating as intended (and that they are modified if conditions change) by performing monitoring activities such as bank reconciliations and evaluations of compliance with the entity's policies. An important consideration for the auditor is to determine if the knowledge base and skill level of those responsible for monitoring the system (i.e., management) is adequate to identify problems encountered and to seek timely, corrective action.