Magazine article The CPA Journal

Management Fraud Risk Factors: Ratings by Forensic Experts

Magazine article The CPA Journal

Management Fraud Risk Factors: Ratings by Forensic Experts

Article excerpt

In Brief

Supplementing SAS Guidance with Forensic Insight

SAS82, Consideration of Fraud in a Financial Statememnt Audit, identifies 25 risk factors within three categories that auditors should consider when assessing the risk of management fraud in a financial statement audit. But SAS offers no guidance about how much weight or importance to place on th erisk factors, meaning auditors' judgments can vary widely.

The authors conducted a survey to determine how forsenic experts weighted and ranked the importance of the 25 factors. Thirty-five experts from the Big Five provided data to produce a composite model of the importance of the factors. The results is a model that mmay provide auditors with useful guidance on evaluating the factors in assessing the risk of management fraud.

SAS 82, Consideration of Fraud in a Financial Statement Audit, sets the standards for auditors' assessment of management frauds. Management is responsible for creating a system of internal control which provides reasonable assurance that financial statements are free from management fraud; the auditor is responsible for detecting fraud. In doing so, the auditor must assess the likelihood of management fraud and fraud risk separately from that of unintentional errors.

SAS 82 identifies 25 risk factors to guide the auditor in fulfilling its two requirements:

* Consideration of whether fraud risk factors are present; and

* Assessing the risk of material misstatement due to fraud and documenting a response. The fraud risk assessment is not intended to be

assessed at a level (e.g., high, medium, low), as may be the case with inherent or control risk. The fraud risk assessment evolves throughout the audit and the presence of a risk factor does not necessarily mean that fraud has occurred. Rather, the presence of the risk factor should produce an audit response. The risk factors in SAS 82 are intended to sensitize the auditor to the possibility of fraud and to heighten skepticism. Although SAS 82 specifically addresses both management fraud and employee fraud (asset misappropriation), management fraud is more likely to have a direct and material impact on the financial statements.

The 25 Management Fraud Risk Factors

Neither SAS 82 nor the related implementation guide offers any guidance about how to weight the importance of the 25 management fraud risk factors. Thus, auditors may interpret SAS 82 as indicating that all risk factors are equally important, whereas in a specific audit that is unlikely.

The 25 management fraud risk factors (summarized in Exhibit 1) fall within three categories:

* Management characteristics and influence over the control environment (hereafter, management characteristics);

* Industry conditions; and

Operating and financial stability characteristics.

SAS 82 presents the risk factors with no indication about their relative importance in making the fraud risk assessment. To determine which of the risk factors were considered most important, the authors surveyed 35 forensic experts at four of the Big Five in an AICPA-sponsored research project. Their firms had identified them as the most experienced individuals in the field. Many held special certification in fraud, including the Certified Fraud Examiner (CFE) (see "Developing Fraud Expertise," The CPA Journal, April 2001); all held the title of manager, partner, principal, or an equivalent.

Relative Importance of the Risk Factors

A mathematical model, the Analytic Hierarchy Process (AHP), provides a way to measure which factors the experts viewed as more important than others, if at all, through a defined set of factors.

The experts made a series of comparisons in two steps. First, they considered the three categories of management fraud risk factors in pairs. For each comparison, the experts indicated which category was more important than the other in making the management fraud risk assessment. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.