WIXLIB

[9]A UDIT R ISK ,I NCLUDING THER ISK OF F RAUD[FRAUD IS ON THE RISE: RESULTS OF THEKPMG FRAUD SURVEY 2003In the spring of 2003, KPMG Forensic commissioned phone interviews with 459 executives of public companies with revenues of 250 million or more, as well as individualsfrom state and federal government agencies. They found that 75 percent of these organizations had experienced fraud in the last 12 months, a 13 percent increase over theresults of their 1998 survey.Following is a brief summary of the frequency and magnitude of the types of fraud discovered.Type of FraudFraudulent financial reportingMedical/Insurance fraudConsumer fraudVendor related, third-party fraudMisconductEmployee fraudComputer crimeaPercentage ExperiencingFraud in the Last 12 mo.7%12%32%25%15%60%18%Average Annual Costof Fraud ( 000) 257,932a 33,709 2,705 759 732 464 67One company reported costs of financial reporting fraud of 4 billion.Assessing the risk of fraud is challenging because the types of fraud that are least frequent, fraudulent financial reporting and medical and insurance fraud, are also the mostexpensive. As a result, auditors need to develop skills at separating the ordinary from theunusual.The 2003 KPMG Fraud Survey reports surprisingly high percentage rates for the incidence of fraud. Fraud is not something that happens less than 1 percent of the time.Even fraudulent financial reporting does not appear to be a rare event. One in 14 of thecompanies surveyed reported that they had experienced fraudulent financial reporting inthe last 12 months, and the cost of this type of fraud is very high.In addition, the survey identified factors that contributed to the fraud in the organization. The frequency of reporting underlying factors from fraud surveys in 2003, 1998, and1994 is as follows.

CHAPTER 9/AUDIT RISK, INCLUDING THE RISK OF FRAUDFactors Contributing to Fraud200319981994Collusion between employees and third partiesInadequate internal controlsManagement override of internal controlsCollusion between employees and managementLack of control over management by directorsIneffective/Nonexistent ethics or compliance %23%6%7%[ 351 ]The quality of procedures performed in the risk assessment process, including recognizing factors that are associated with the occurrence of fraud, has a significant influenceon the effectiveness of audit tests in detecting material misstatements. Chapter 9explores the audit risk model in more detail, including an emphasis on the risk of fraud.Source: KPMG 2003 Fraud Survey.[PREVIEW OF CHAPTER 9]Figure 7-4 describes six key steps in performing risk assessment procedures. This chapter focuses on two of those steps: consider audit risk, including the risk of fraud, anddevelop preliminary audit strategies for significant financial statement assertions. The following diagram provides an overview of the chapter organization and content.Audit Risk, Including the Risk of FraudAudit Risk– AnOverviewAssessing the Riskof FraudHow Significant IsFraud?Fraud DefinedThe Fraud TriangleAuditing for FraudThe Audit RiskModelPreliminary AuditStrategiesIllustrating the AuditRisk ModelAssessing theComponents of AuditRiskRelationship BetweenAudit Risk and AuditEvidenceComponents ofPreliminary AuditStrategiesThree Basic PreliminaryAudit StrategiesChapter 9 focuses on risk assessment procedures associated with assessing the riskfor fraud, other inherent risk, and using the audit risk model to develop preliminary auditstrategies for various assertions.This chapteraddresses (516) 333 2580 the following aspects of theHadel Studioauditor’s knowledge and the auditor’s decision process.

[ 352 ]PART 2/AUDIT PLANNINGfocus on auditor knowledgeAfter studying this chapter you should understand the following aspects of an auditor’s knowledge base:K1. Know the importance of the concept of audit risk and its individual components.K2. Know the definition of fraud and its two major components.K3. Understand the relationship between inherent risk, control risk, analytical procedures risk, and test ofdetails risk.K4. Understand the relationship between detection risk and audit evidence.focus on audit decisionsAfter studying this chapter you should understand the factors that influence the following audit decisions.D1. What three conditions are generally present when fraud occurs?D2. What risk assessment procedures should be used to assess the risk of fraud?D3. What factors influence the auditor’s assessment of inherent risk?D4. How does an auditor develop a preliminary audit strategy for various assertions?[AUDIT RISK—AN OVERVIEW]Audit Risk and Materiality in Conducting an Audit, AU 312.02, defines audit risk asfollows:Audit risk is the risk that the auditor may unknowingly fail to appropriately modify his or heropinion on financial statements that are materially misstated.Auditor Knowledge 1 Know the impor-tance of the conceptof audit risk and itsindividual components.The overall concept of audit risk is the inverse of the concept of reasonableassurance. The more certain the auditor wants to be of expressing the correctopinion, the lower will be the audit risk he or she is willing to accept. If 99 percent certainty is desired, audit risk is 1 percent, whereas if 95 percent certaintyis considered satisfactory, audit risk is 5 percent. Usually professional judgmentsregarding reasonable assurance and the overall level of audit risk are set as amatter of audit firm policy, and audit risk will be comparable from one audit toanother.Recall that the auditor controls neither inherent risk nor control risk. Inherent risk and control risk are client-related factors. The auditor performs riskassessment procedures to develop a knowledgeable perspective about the riskfactors that are present in a client’s situation. Armed with this knowledge, theauditor then designs further audit procedures that are responsive to the client’srisk factors.What does the auditor need to know about the client to develop a knowledgeable perspective? The auditor needs to know enough so that he or she can:

CHAPTER 9 /AUDIT RISK, INCLUDING THE RISK OF FRAUD[ 353 ]Relate risk to potential misstatements in the financial statements, either at thefinancial statement level (risks that have a pervasive effect on the financialstatements) or the assertion level (risks that relate to particular assertions).Consider whether risks are of a magnitude that will result in a material misstatement in the financial statements.Consider the likelihood that risks will result in material misstatements.The next sections of this chapter devote substantial attention to the risk assessment procedures associated with understanding the risk of fraud and the assessment of inherent risk. It then discusses the audit risk model in more detail andexplains how the auditor makes a preliminary assessment of risk in order to makepreliminary decisions about the collection of audit evidence.[ASSESSING THE RISK OF FRAUD]HOW SIGNIFICANT IS FRAUD?Fraudulent financial reporting got everyone’s attention with the collapse of Enronand WorldCom when investors lost approximately 66 billion and 176 billionrespectively. The evidence shows that these were not isolated instances. TheKPMG Fraud Survey reported that 7% of the companies surveyed had problemswith fraudulent financial reporting. The GAO Report on Financial Statement Restatement identified 919 restatements of public company financial statements (approximately 6 percent of all public companies) between January 1997 and June 30,2002. The 2004 Report to the Nation by the Association of Certified Fraud Examiners reports on 508 individual fraud cases that resulted in over 761 million inlosses. The victims of fraud reported in this study appeared in every segment ofour economy; 42 percent in privately held companies, 30 percent in publiclytraded companies, 16 percent in government, and 12 percent in not-for-profitorganizations.Generally accepted auditing standards recognize a responsibility for findingthese types of material misstatements and state that the auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whetherthe financial statements are free of material misstatement, whether caused byerror or fraud (AU 110.02). GAAS (AU 316–SAS 99) requires auditors to performspecific risk assessment procedures in every audit to assess the risk of fraud, bothdue to fraudulent financial reporting and misappropriation of assets. Theseresponsibilities are explained in more detail in the following sections.Auditor Knowledge 2 Know the definitionof fraud and its twomajor components.FRAUD DEFINEDFraud is a broad legal concept. Auditors are not lawyers and do not make legaldecisions about the legal specifications of fraud. However, auditors are interestedin acts that result in a material misstatement of the financial statements. From theauditor’s perspective, the primary factor that distinguishes fraud from error iswhether the underlying action that results in the misstatement of the financialstatements is intentional or unintentional. Generally accepted auditing standardsdefine fraud as follows: