Assessing fraud risks is an integral part of the auditing process. Statement on Auditing Standards (SAS) No. 99, Consideration of Fraud in a Financial Statement Audit, requires auditors to consider potential fraud risks before and during the information-gathering process. Business owners and managers may find it helpful to understand how this process works — even if their financial statements aren’t audited.
SAS 99 advises auditors to presume that most companies have a risk of improperly recognizing revenue and a risk that management could attempt to override internal controls. Also, certain factors create opportunities for dishonest employees to commit fraud, and therefore, should be avoided. Examples of fraud risk factors that auditors consider include:
- Large amounts of cash or other valuable inventory items on hand, without adequate security measures in place
- Heavy dependence on a few key employees, who have too much power and too few checks and balances
- Employees with conflicts of interest, such as relationships with other employees and financial interests in vendors or customers
- Unrealistic goals and performance-based compensation that tempt workers to artificially boost revenue and profits
- Failure to conduct background checks and other pre-employment screening
- Weak internal controls
Auditors also watch for questionable journal entries that dishonest employees could use to hide their impropriety. These entries might, for example, be made on the last day of the accounting period or with limited descriptions.
Auditors are responsible for using professional skepticism throughout the audit process, as well as planning and performing the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, either caused by fraud or error. Auditors generally aren’t required to investigate fraud. But they are required to communicate fraud risk findings to the appropriate level of management, who can then take actions to prevent fraud in their organizations. Please contact us at [email protected] if you would like more information on evaluating fraud risks.