Obtaining Information Needed To Identify Fraud Risks
In addition to performing procedures required under Section 311, Planning and Supervision, the auditor should obtain information needed to identify the risks of material misstatement due to fraud by:
- Asking management and others within the entity about their views on the risk of fraud and how such risks are addressed.
- Considering unusual or unexpected relationships identified by analytical procedures performed while planning the audit.
- Considering whether any fraud risk factors exist.
- Considering other information that may be helpful in identifying fraud risk.
Note: The auditor should document the procedures performed to obtain information to identify and assess fraud risks.
Inquiries of Management – The auditor should make the following inquiries of management:
- Does management know about actual or suspected fraud?
- Have there been any allegations of actual or suspected fraud from employees, former employees, analysts, regulators, short sellers, and others?
- Does management understand the entity’s fraud risk, including any identified risk factors or account balances or classes of transactions for which a fraud risk is likely to exist?
- What programs and controls does the entity have to help prevent, deter, and detect fraud? How does management monitor such programs?
- When there are multiple locations, how are operating locations or business segments monitored? Is fraud more likely to exist at any one of the locations or business segments?
- Does management communicate its views on business practices and ethical behavior to employees, and if so, how?
- Has management reported to the audit committee or equivalent body how the entity’s internal control prevents, deters, and detects fraud?
Note: When evaluating management’s responses to these inquiries, auditors should remember that management is often in the best position to commit fraud. Therefore, the auditor should determine when it is necessary to corroborate those responses with other information. When responses are inconsistent, the auditor should obtain additional audit evidence.
Inquiries of the Audit Committee – The auditor should make the following inquiries of the audit committee:
- What are the audit committee’s (or at least the chair’s) views of the risk of fraud?
- Does the audit committee know about actual or suspected fraud in the entity?
Note: The auditor should also understand how the audit committee oversees the entity’s assessment of fraud risks and the mitigating programs and controls.
Inquiries of Internal Auditors – The auditor should make the following inquiries of internal auditors:
- What are the internal auditors’ views on the risk of fraud?
- Have the internal auditors performed procedures to identify or detect fraud during the year?
- Has management satisfactorily responded to any finding from procedures performed to identify or detect fraud?
- Are the internal auditors aware of any actual or suspected fraud?
Inquiries of Others within the Organization – The auditor should also ask others within the entity about whether they are aware of actual or suspected fraud, using professional judgment to determine to whom these inquiries are made and how extensive the inquiries should be. The following are examples of people that may provide helpful information and, therefore, that the auditor may wish to consider directing inquiries to:
- Anyone at varying levels of authority that the auditor deals with during the audit, such as when the auditor is obtaining an understanding of the entity’s internal controls, observing inventory, performing cutoff procedures, or getting explanations for fluctuations noted during analytical procedures.
- Operating staff not directly involved in financial reporting.
- Employees involved in initiating, recording, or processing complex or unusual transactions.
- In-house legal counsel.
Considering the Results of Analytical Procedures – When performing the required analytical procedures in planning the audit the auditor may find unusual or unexpected relationships as a result of comparing the auditor’s expectations with recorded amounts or ratios developed from such amounts. The auditor should consider those results in identifying the risk of material misstatement due to fraud. The auditor should also perform analytical procedures relating to revenue with the objective of identifying unusual or unexpected relationships involving revenue accounts that may indicate a material misstatement due to fraudulent financial reporting. Examples of such procedures include:
- Comparing sales volume with production capacity (Sales volume greater than production capacity might indicate fraudulent sales).
- Trend analysis of revenues by month and sales return by month shortly before and after the reporting period (The analysis may point to undisclosed side agreements with customers to return goods).
Note: Although analytical procedures performed during audit planning may be helpful in identifying the risk of material misstatement due to fraud, they may only provide a broad indication since such procedures use data aggregated at a high level, Therefore, the results of such procedures should be considered along with other information obtained by the auditor in identifying fraud risk.
Considering Fraud Risk Factors – Using professional judgment, the auditor should consider whether information obtained about the entity and its environment indicates that fraud risk factors are present, and, if so, whether it should be considered when identifying and assessing the risk of material misstatement due to fraud. These risk factors are classified based on the three conditions usually present when fraud exists:
Considering Other Information – The auditor should evaluate other information that may be helpful in identifying fraud risk. The auditor should consider:
- Any information from procedures performed when deciding to accept or continue with a client.
- Results of review of interim financial statements.
- Identified inherent risks.
- Information from the discussion among engagement team members.
Or; use below page navigation to move foreward or backward: