Auditors' Responsibility for Fraud Detection: SAS No. 99 Introduces a New Era in Auditors' Requirements
Ramos, Michael J., Journal of Accountancy
Auditors will enter a much expanded arena of procedures to detect fraud as they implement SAS no. 99. The new standard aims to have the auditor's consideration of fraud seamlessly blended into the audit process and continually updated until the audit's completion. SAS no. 99 describes a process in which the auditor (1) gathers information needed to identify risks of material misstatement due to fraud, (2) assesses these risks after taking into account an evaluation of the entity's programs and controls and (3) responds to the results. Under SAS no. 99, you will gather and consider much more information to assess fraud risks than you have in the past. (For the text of the new standard, see Official Releases, page 105.)
SAS no. 99 reminds auditors they need to overcome some natural tendencies--such as overreliance on client representations--and biases and approach the audit with a skeptical attitude and questioning mind. Also essential: The auditor must set aside past relationships and not assume that all clients are honest. The new standard provides suggestions on how auditors can learn how to adopt a more critical, skeptical mind-set on their engagements, particularly during audit planning and the evaluation of audit evidence.
NEW REQUIREMENT: DISCUSSION AMONG ENGAGEMENT PERSONNEL
SAS no. 99 requires the audit team to discuss the potential for a material misstatement in the financial statements due to fraud before and during the information-gathering process. This required "brainstorming" is a new concept in auditing literature, and early in the adoption process firms will need to decide how best to implement this requirement in practice. Keep in mind that brainstorming is a required procedure and should be applied with the same degree of due care as any other audit procedure.
There are two primary objectives of the brainstorming session. The first is strategic in nature, so the engagement team will have a good understanding of information that seasoned team members have about their experiences with the client and how a fraud might be perpetrated and concealed.
The second objective of the session is to set the proper "tone at the top" for conducting the engagement. The requirement that brainstorming be conducted with an attitude that "includes a questioning mind" is an attempt to model the proper degree of professional skepticism and "set" the culture for the engagement. The belief is that such an audit engagement culture will infuse the entire engagement, making all audit procedures that much more effective.
The mere fact the engagement team has a serious discussion about the entity's susceptibility to fraud also serves to remind auditors that the possibility does exist in every engagement--in spite of any history or preconceived biases about management's honesty and integrity.
You should note that SAS no. 99 does not restrict brainstorming to the planning phase of the audit process. Brainstorming can be used in conjunction with any part of the information-gathering process. Auditors gather data continuously throughout the engagement, so look for opportunities to brainstorm all the way through. Some auditors may choose to meet for discussions again near the conclusion of the audit to consider the findings and experiences of all team members and whether the team's assessment about and response to the risk of material misstatement due to fraud were appropriate.
In addition to brainstorming, SAS no. 99 requires audit team members to communicate with each other throughout the engagement about the risks of material misstatement due to fraud. In fact, the standard requires the auditor with final responsibility for the audit to determine whether there has been appropriate communication among team members throughout the engagement.
STRUCTURING AN EFFECTIVE BRAINSTORMING SESSION
Split it into two parts. …