Fraud Risks – An auditors response to fraud in financial reporting

Fraud is a broad legal concept; the auditor is concerned with fraud that causes a material misstatement in the financial report. This requirement is mandated in Australian Auditing Standards and requires auditors to identify and assess the risks of material misstatement due to fraud and to determine overall and specific responses to those risks. Having said this, it should be known Audits are designed to provide reasonable assurance, not perfect or absolute assurance.

When is a misstatement in a financial report due to an error or fraud?

Firstly, what is a material misstatement?

A material misstatement is information in the financial statements that is sufficiently incorrect that it may impact the economic decisions of someone relying on those statements.

In the context of a financial report audit, misstatements can arise from either fraud or error. The key consideration underpinning this distinction is whether the misstatement was deliberate or unintentional. Importantly, the auditor does not make a legal determination of whether fraud has actually occurred.

There are two types of intentional misstatements an auditor specifically considers:

1. Misstatements resulting from fraudulent financial reporting (for example, misclassification of assets and liabilities, managing earnings to uphold perceptions of profitability); and
2. Misstatements resulting from misappropriation of assets (for example, theft).

Fraudulent Financial Reporting

Fraudulent financial reporting involves intentional misstatements, including omissions of amounts or disclosures in the financial report to deceive financial report users. Fraudulent financial reporting may be accomplished by the following:

• Manipulation, falsification (including forgery), or alteration of accounting records or supporting documentation from which the financial report is prepared.
• Misrepresentation in, or intentional omission from, the financial report of events, transactions, or other significant information.
• Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure.

How is fraudulent Financial Reporting Committed?

Fraud can be committed by management overriding controls using such techniques as intentionally:

• Recording fictitious journal entries, particularly close to the end of an accounting period, to manipulate operating results or achieve other objectives.
• Inappropriately adjusting assumptions and changing judgements used to estimate account balances.
• Omitting, advancing or delaying recognition in the financial statements of events and transactions that have occurred during the reporting period.
• Omitting, obscuring, or misstating disclosures required by the applicable financial reporting framework, or disclosures that are necessary to achieve fair presentation.
• Concealing facts that could affect the amounts recorded in the financial report.
• Engaging in complex transactions that are structured to misrepresent the financial position or financial performance of the entity.

Misappropriation of Assets

Misappropriation of assets involves the theft of an entity’s assets. Misappropriation of assets can be accomplished in a variety of ways including:

• Embezzling receipts (for example, misappropriating collections on accounts receivable).
• Stealing physical assets or intellectual property (for example, stealing inventory for personal use or for sale, stealing scrap for resale).
• Causing an entity to pay for goods and services not received (for example, payments to fictitious vendors, kickbacks paid by vendors to the entity’s purchasing agents in return for inflating prices, payments to fictitious employees).
• Using an entity’s assets for personal use (for example, using the entity’s assets as collateral for a personal loan or a loan to a related party).
• Misappropriation of assets is often accompanied by false or misleading records or documents to conceal the fact the assets are missing or have been pledged without proper authorisation.

Audit Limitations

Even when an audit is properly planned in accordance with the auditing standards, it’s possible for material misstatements in the financial report to go undetected. It’s generally easier to find unintentional errors than to detect a material misstatement resulting from fraud.

This is because fraud may involve sophisticated concealment schemes. These include, forgery, deliberate failure to record transactions, or intentional misrepresentations made to the auditor. The risk of not detecting a material misstatement resulting from management fraud, is significantly greater than for employee fraud. This is because management is usually able to manipulate accounting records directly or indirectly, present fraudulent financial information or override internal controls. In addition, collusion between employees, suppliers and customers can make it harder for the auditor to uncover fraud.

Steps an auditor completes to respond to fraud risks in a financial report audit

1. Interviews and fraud inquiries

A critical part of the audit process is interviews and fraud-related inquiries. These meetings might be with management, the Board, internal auditors, employees, and legal advisors. Questions your auditor might ask you include:

• Whether management has knowledge of any actual, suspected, or alleged fraud,
• Management’s process for identifying, responding to and monitoring the fraud risks in the entity,
• The nature, extent, and frequency of management’s assessment of fraud risks and the results of those assessments,
• Any specific fraud risks management has identified, or have been brought to its attention,
• The classes of transactions, account balances or disclosures for which a fraud risk is likely to exist,
• Management’s communications, if any, to those charged with governance about its process for identifying and responding to fraud risks, and
• Management’s communications, if any, to employees on its views on appropriate business practices and ethical behavior.

2. Review of journal entries

A risk present in all entities is management override of internal control. This is because management can manipulate accounting records and prepare a fraudulent financial report by overriding controls that otherwise appear to be operating effectively. Accordingly, your auditor may test the appropriateness of journal entries recorded in the general ledger and adjustments made in the preparation of a financial report.

3. Review of accounting estimates

Accounting estimates and critical judgements made by management are fundamental to the preparation of a financial report. Accordingly, your auditor will consider:

• Whether the judgements and decisions made by management in determining the accounting estimates included in the financial report indicate a possible bias, potentially representing a risk of material misstatement,
• Performing a retrospective review of management judgements and assumptions reflected in the financial report of the prior year.

Responsibility for the Prevention and Detection of Fraud in Financial Reporting

An audit is an important, independent, oversight function. The primary responsibility for the prevention and detection of fraud rests with those charged with governance of the entity and/or management.

It’s important management places a strong emphasis on fraud prevention. By doing this it  may reduce opportunities for fraud to take place, and increase fraud deterrence, resulting in individuals not committing fraud due to the likelihood of detection and sanction.

We often hear the expression “tone at the top”- Whatever tone management sets “trickles-down” to employees of the entity.

Final thoughts on responding to fraud risks

Each entity faces unique risk factors and exposure to fraud risks. You can read our article on the different types of fraud and how to prevent it here. You can also download our “7 top ideas to prevent fraud” PDF by clicking here. This article has outlined examples of how an auditor responds to financial reporting fraud risks, examples of fraud, limitations in an audit and the responsibility for the prevention and detection of fraud in a financial report. As auditors, it may sound presumptuous, but we can’t stress how valuable an audit is on your entity’s financial reports, and we recommend you speak to a professional if you are considering this.

If you would like to discuss your organisation’s fraud risk exposure, financial report audit, internal audit or compliance requirements, Bishop Collins would be delighted to have an obligation-free and confidential discussion.