Audit

Introduction

Audit is the inspection and verification of the accuracy of financial records and statements. Private businesses and all levels of government conduct internal audits of accounting records and procedures. Internal audits are conducted by a company’s own personnel to uncover bookkeeping errors and also to check the honesty of employees. In large companies, internal auditing is an ongoing procedure. A company that trades stock on a registered stock exchange or is preparing to issue new shares of stock must submit to an external audit. These companies are known as publicly traded companies. An external audit is used to give the public a true statement of a company’s financial position. It is made at least once a year by public accountants who are not regular employees of the company. The auditors make sure that the company has followed proper accounting procedures in its financial records and statements. They compare the current financial statements with those of the previous year to determine whether the statements are calculated consistently. If they are not, they present a distorted picture of the company’s financial position. The auditors also inspect real estate, buildings, and other assets to see if their value is overstated. Debts and other liabilities are checked to see if they have been understated (Hollingsworth & White 1999).

 

Financial auditing practice has a much longer history than many of the other developments that can be considered and the large firms of accountants, in which many financial auditors work have become influential advisory institutions throughout the world.  Thus financial auditing has provided the model which has influenced the design of auditing practice in many other fields. Although environmental, medical, or value for money audits are conceived as distinct from financial auditing, the latter continues to exert its normative influence as a centre of gravity for debate and discussion. And it is in the context of financial auditing that the dependency of acts of verification on judgment and negotiation is most apparent. The power of the financial auditing model lies in its benchmarking potential for other audit practices. In part this potential is realized indirectly through the work of accountant advisors, for whom the financial auditing model is a fundamental component of their expertise and whose advice in areas of control is shaped by it. But the influence can also be direct as entities such as hospital trusts, privatized industries, charities, and many other organizations become subject to an intensification of financial control and reporting requirements. This is an expanding domain, not just of neutral checking but also of judgment and of an evaluation of the fundamental purposes of organizations. Paradoxically, given the influential role of the financial auditing model suggested above, its status as a practice is unclear. What do audits produce and how are they effective? (Vernon 2002).

 

Financial auditing is subject to expectations and demands which are, justifiably or otherwise, often disappointed. Nevertheless, the official procedural knowledge base of auditing has evolved in response to scandals and corporate failures in such a way that the essential puzzle of what audits produces their effectiveness remains hidden from view as an article of faith. Finally despite, and probably because of, this puzzle it is argued that financial auditing maintains itself as an institutionally credible system of knowledge. Notwithstanding crisis and scandal it satisfies the aspirations and demands of a variety of regulatory programs. Particular audits may fail but the system as such cannot. The possibility of effective auditing is necessarily presupposed by regulatory intentions. Traditionally, auditing has applied itself to the domain of finance, but organizations are increasingly finding value from internal audits that monitor other aspects of their activity. Environmental and social audits, for example, have been championed by firms in response to the ethical concerns of both shareholders and the public in relation to the company's impact upon the locality. Financial auditing is growing in importance too, partly in response to recent major scandals such as the collapse of banks, and also in order to monitor the increasingly complex demands being made upon accountants (Vernon 2002).

 

However, auditing remains something of a mystery to those outside of the profession, and has become more specialized as accounting has become more sophisticated. For example, while best practice has evolved certain tools for analytical review or establishing audit trails, an element of subjective judgment remains as auditors decide what evidence to include. Further, rules of thumb can never be ruled out. Audit risk has developed as an issue too, as the models for reducing the probability of mistakes being made on sampling, for example, become more subtle. In countries such as Canada these have changed dramatically. Here, a Bayesian approach was introduced in 1980. Auditors recognize the limitations of their science. They are not held responsible for detecting fraud, for example. Auditing provides a degree of assurance, but not insurance, as to the financial position of the firm (Vernon 2002).

 

Auditing Differences

Readers of financial statements of foreign companies audited by major international accounting firms assume a uniformly high quality of information. International differences in audit objectives, standards and practice, however, result in varying levels of audit assurance. Financial statement users and accountants whose clients demand expertise in all phases of financial accounting and reporting matters whether domestic and international need to be aware of these differences. The development of audit standards and practice in different countries is influenced by numerous factors including the nature of financing, the size and complexity of businesses and capital markets, tax laws and the legal environment. In the United States and the United Kingdom, many owners provide much of the financing for public companies, and capital markets are large and sophisticated (Frost & Ramin 1996). As a result, shareholders' needs significantly influence financial statements and independent audits, and private-sector bodies have a strong impact on both accounting and audit standard setting. In Germany, a small number of large banks and pension funds traditionally supply most business capital, and ownership and voting rights generally are concentrated. One result is less demand for independent audits and for a sophisticated, investor-oriented financial reporting system. Another is that the German accounting profession has less influence in establishing accounting standards which are set primarily by commercial laws. However, as in the United States and the United Kingdom, the accounting profession has played an important role in developing audit standards. International differences in business, legal and cultural environments also have led to varying audit objectives. Consistent with a strong investor orientation, the audit objective in the United States is to express an opinion on whether the financial statements present fairly, in all material respects, financial position, results of operations and cash flows in conformity with generally accepted accounting principles. The strong presumption is that to present fairly, financial statements must conform to generally accepted accounting principles (GAAP). Departures are permitted only in rare instances (Frost & Ramin 1996).

 

Like the United States, the United Kingdom has investor-oriented public regulation, a strong audit tradition and a large, well-established accounting profession. However, in contrast to the United States, where audit standard setting is highly concentrated in the private sector, it is United Kingdom company law in addition to the private sector that influences audit practice. Thus, although the audit's overriding objective is formation of an opinion on whether the financial statements give a true and fair view, the U.K. auditor also expresses an opinion on whether the financial statements have been properly prepared in accordance with the Companies Acts. In Germany, lenders and institutional owners have direct access to company information, reducing the need for detailed financial reports and auditing standards designed to protect a widely dispersed shareholder and creditor base. Thus, until recently, the sole audit objective in Germany was to judge whether the accounting records, financial statements and management report complied with laws and regulations. In 1987, the true and fair view concept became part of German accounting requirements as a consequence of incorporating the European Union's fourth directive on individual company accounts into company law. The directive's overriding requirement is that financial statements give a true and fair view of a company's financial position and the results of operations, making both compliance with company law and conformance with a true and fair view audit objectives in Germany (Frost & Ramin 1996).

 

Germany generally has the most rigorous education and practice requirements for becoming certified as a public accountant. German audit managers tend to be involved with clients over a number of years; German managements generally consider the service they receive of low quality if audit staff changes from year to year. German auditors have lower legal exposure than their U.S. counterparts, since liability for negligence damages in statutory audits is capped and contractual limitations normally exist in all other audit services. However, auditors' legal risk in Germany appears to be growing as evidenced by an increase in publicized audit failures (Frost & Ramin 1996). The six largest U.S. accounting firms are all market leaders in the United Kingdom and Germany. However, fee income, growth rates and the relative importance of audit, tax and management consulting services vary. For example, 1993 to 1994 total fee income for the six firms in the United States ($13.3 billion) is much greater than in the United Kingdom ($3.8 billion) and Germany ($2.2 billion). The average annual growth rates of these firms' fees in the United States (9.3%) and Germany (8.5%) are substantially greater than in the United Kingdom (3%). Audit fees are relatively more important to firms in Germany, where they average 60% of total fee income in contrast to 49% in the United States and 41% in United Kingdom (Frost & Ramin 1996).

 

Although auditing standards address similar topics in the three countries, their content, level of detail and application in practice vary considerably. U.S. audit standards are highly specific and comprehensive. German standards are briefly stated and function at a much more general level. U.K. audit standard setters promote principles rather than rules; U.K. standards are much more extensive than German standards, but they are less so than U.S. standards. As a result of the close relationships between corporate managers and their external accountants in Germany, several audit practices differ considerably from those in the United States and the United Kingdom. For example, German managers might consider it inappropriate for auditors to question managements' oral statements. German auditors also are more hesitant to accept responsibility for detecting irregularities than their U.S. or U.K. counterparts (Frost & Ramin 1996).

 

Numerous other differences exist. Some argue they will lead to different levels of audit assurance, in spite of unified audit approaches and programs of international auditing firms. For example, in Germany, relatively few related party disclosures are required in the financial statements and audit reports. The United Kingdom requires disclosure of related party transactions in the annual report and recently issued standards on auditing them. U.S. GAAP also requires financial statements to disclose material related party transactions other than compensation arrangements or similar items in the ordinary course of business, and U.S. generally accepted auditing standards include detailed guidance on procedures auditors should consider to identify related party relationships and transactions. Securities regulations also lead to international differences in audit assurance levels. In the United States, the Securities and Exchange Commission considers conformance with GAAP and Generally accepted auditing standard (GAAS) to be so important that financial statements of listed companies can't have audit reports qualified for scope limitations or nonconformity with GAAP. The German and U.K. stock exchanges do not have similar restrictions. However, the London Stock Exchange subjects’ new applicants that have had a qualified audit opinion in the previous three years to additional requirements (Frost & Ramin 1996).

 

There are philosophic differences in auditing between the United Kingdom and the United States. In the United States, auditors are oriented to the shareholder much as they were intended to be in the United Kingdom's Companies Acts. In the United Kingdom, the nature of who the auditor is reporting to has changed with the years. The auditor's function has come to be seen as an extension of the Inland Revenue, the tax collecting authority in the United Kingdom. Chartered accountants are more proactive on behalf of the tax authority in the United Kingdom than in the United States. Indeed, the auditor in the United Kingdom submits his or her report to both the Inland Revenue and the shareholders, whereas in the United States, the report is made to the shareholders only. Another difference between the United Kingdom and the United States is that the Companies Acts apply to all corporations, public or private. One other difference between financial reports in the United States and in the United Kingdom is that the latter has, for a relatively long time, commented on the social responsibility aspects of a company's activities (Heely & Nersesian 1993).  Accounting statements and auditors' reports in the United States have made little mention of the impact of the company on society. In recent years, there has been a growing practice for U.S. companies to be more proactive in making such statements. Another area of potential confusion between U.K. and U.S. accounting practices is in language. The U.K. term ordinary shares is the same as common shares in the United States. The U.K. term stocks means inventories in the U.S. Own shares in the United Kingdom means treasury stock in the United States. Debtors versus receivables, provision for bad debt versus reserve for doubtful accounts, and taken to reserves versus included in equity are other differences in terminology between the United Kingdom and the United States. This matter of differences in terminology becomes bothersome for non-English speaking companies that desire to issue an English version of their annual reports. Usually, the purpose of the English version is in preparation for raising funds in the London and/or New York capital markets, or to attract American or English investors. The simple decision to translate a company's financial statements into English is complicated by which form of English is more suitable for presentation purposes (Heely & Nersesian 1993).

 

Australia has historically been heavily influenced by British accounting practices. The Companies Act of 1961 contains the concept of the accountability of directors to shareholders, including the stipulation that annual accounts and audits of financial statements must be true and fair. In Australia, the courts frequently decide on what is to be construed as true and fair in accounting practices, not the professional accounting societies. Accountants are represented by either the Australian Society of Certified Public Accountants (CPAS) with over 60,000 members, or the Institute of Chartered Accountants with nearly 22,000 members. These organizations compete for both membership and influence, which complicates the process of arriving at generally accepted accounting principles. These are established by the Australian Accounting Research Foundation, which is jointly sponsored by the two professional accounting organizations. Recent decisions have more or less mirrored changes in accounting practices taking place in the United States, which is why Australian accounting is a mix of U.K. and U.S. accounting practices. Australian annual reports contain a section on social responsibility and Australian companies also publish annual reports for their employees (Heely & Nersesian 1993).  The Australian Society of CPAs and the Institute of Chartered Accountants jointly approve academic programs of study that will qualify an applicant for eventual professional recognition. To become a CPA in Australia, a trainee must have an undergraduate degree with a major in accounting and three years of experience under the supervision of a CPA or chartered accountant, or five years unsupervised experience in accounting or finance. A trainee must also complete course work designed by the Australian Society of CPAs in auditing, external reporting, insolvency and reconstruction, management accounting, taxation, and treasury, each with its own examination. The total program for becoming a CPA must be completed within five years of enrollment. If not completed within this time, the trainee must re-enroll starting from the beginning (Heely & Nersesian 1993).

 

Canada is a member of the Commonwealth of Nations and its companies are organized under legislation similar to the Companies Acts of Britain. However, corporate legislation emanates from dual levels of government: federal and provincial. Similar to a choice of English or French as an official language, a company has a choice as to which provincial or federal corporate law applies when the company is first incorporated. A company actually has a choice of thirteen sets of law that includes federal law, or the applicable law in ten provinces and two territories. The choice depends on a number of factors including the scope of operations, nature of the business, disclosure and reporting requirements, the structure of the shareholdings, and the residences of the directors. The Canadian Institute of Chartered Accountants is an umbrella organization governed by representatives of the provincial organizations. The provincial organizations have delegated to the national organization the setting of accounting and auditing standards for the nation. The Canadian Institute of Chartered Accountants speaks for the accounting profession on national issues and settles issues between the provincial organizations. Its declarations are given statutory recognition, that is, are legally binding. The nature of financial statement reporting and auditing requirements differ among corporations; depending on which of the thirteen sets of legislation apply. Although this sounds confusing, there is apparently little difficulty in the preparation of financial statements. Only certified members of the Canadian Institute of Chartered Accountants can conduct audits (Heely & Nersesian 1993). 

 

There are other organizations such as the Certified General Accountants Association and the Society of Management Accountants, whose members generally fill industrial or government accounting positions. As one might expect, accounting standards issued by the Canadian Institute of Chartered Accountants are influenced by what occurs south of the border. However, the accounting systems in the United States and Canada are not exact replicas of each another. In Canada, audited statements are required only for large publicly traded companies, whereas in the United States, all publicly traded companies must be audited (Heely & Nersesian 1993).

France is a nation of many small companies. Accounting practices are uniform throughout the country. The Plan Comptable is essentially a national cookbook for accounting, with detailed instructions on such matters as valuation methods and procedures, disclosure rules, and the standard forms to be used by accountants. This follows, conceptually, the French practice of codifying its laws. In France, tax laws have precedence over the concept of a true and fair presentation of financial results. In fact, financial reports are usually the tax returns for a company. Yet, as has already been discussed, there are frequently major differences between book and tax returns in the portrayal of the financial results of a company (Heely & Nersesian 1993).

 

Japanese accounting practices originate from two sources. Prior to World War II, the major influence was the German Commercial Code of 1889. Following World War II, the U.S. inspired Securities and Exchange Law became the foundation of how Japanese companies were to report financial results to their shareholders. Both German and American influences can be seen in current Japanese accounting practices. The German influence is seen in the control exerted over accounting practices by government ministries, the lack of public availability of private companies' accounts, uniform formats for published accounts, dominance of tax rules in determining income, and the establishment of legal reserves. There is more emphasis on the form, or layout, of accounts than substance, or depth of meaning, in portraying the financial results of a company. When form over substance prevails, the true and fair view suffers (Heely & Nersesian 1993). The Netherlands is a small nation whose commerce is largely intertwined with that of its neighboring states. Accounting principles are closely related to those practiced in the United Kingdom. Dutch accounting principles require that annual financial statements show a true and fair picture of the financial position of the company with all items appropriately grouped and described. Financial statements must be drawn up in accordance with sound business practice, which is interpreted to mean that accounting principles must be acceptable to the business community. The process of stating assets and liabilities and determining results are to be disclosed. Financial statements are prepared on a consistent basis, with disclosure of material effects of changes in accounting principles. Comparative financial information for the preceding period must be disclosed (Heely & Nersesian 1993).

 

Auditing and accounting standards vary from country to country largely because of differing business practices, fiscal systems, culture, tradition and company law. Worldwide uniformity of auditing and accounting standards is an objective of the International Federation of Accountants (IFAC) and the International Accounting Standards Committee (IASC). A number of developing countries have adopted the international standards set by these bodies as benchmarks for their national standards; however, developed countries are moving more cautiously from their own well-established standards to international standards. Thus, auditing and accounting diversity will continue to be a fact of life (Gould, Mcallister & Orsini 1997).

Difference between ISA 240 and SAS 99

The ISA 240 is a 46 page description and discussion of the auditor’s responsibility to consider fraud in the audit of financial statements. It is divided into different titles that includes an introduction; the description of the characteristics of fraud; description of the responsibilities of those charged with governance and of management; the inherent limitations of an audit in the context of fraud; the responsibilities of the auditor for detecting material misstatement due to fraud; professional skepticism; discussion among the engagement team; risk assessment procedures; identification and assessment of the risks of material misstatement due to fraud; responses to the risks of material misstatement due to fraud; evaluation of audit evidence; management representations; communications with management and those charged with governance; communications to regulatory and enforcement authorities; auditor unable to continue the engagement; documentation; effective date. This standard Distinguishes fraud from error and describes the two types of fraud that are relevant to the auditor, that is, misstatements resulting from misappropriation of assets and misstatements resulting from fraudulent financial reporting; describes the respective responsibilities of those charged with governance and the management of the entity for the prevention and detection of fraud, describes the inherent limitations of an audit in the context of fraud, and sets out the responsibilities of the auditor for detecting material misstatements due to fraud. This standard also requires the auditor to maintain an attitude of professional skepticism recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor’s past experience with the entity about the honesty and integrity of management and those charged with governance. Moreover this standard requires members of the engagement team to discuss the susceptibility of the entity’s financial statements to material misstatement due to fraud and requires the engagement partner to consider which matters are to be communicated to members of the engagement team not involved in the discussion.

 

The standard requires auditor to do certain things such as performing procedures to obtain information that is used to identify the risks of material misstatement due to fraud; identifying and assessing the risks of material misstatement due to fraud at the financial statement level and the assertion level and for those assessed risks that could result in a material misstatement due to fraud, evaluate the design of the entity’s related controls, including relevant control activities, and to determine whether they have been implemented; determining overall responses to address the risks of material misstatement due to fraud at the financial statement level and consider the assignment and supervision of personnel, consider the accounting policies used by the entity and incorporate an element of unpredictability in the selection of the nature, timing and extent of the audit procedures to be performed; designing and performing audit procedures to respond to the risk of management override of controls; determining responses to address the assessed risks of material misstatement due to fraud; considering whether an identified misstatement may be indicative of fraud; obtaining written representations from management relating to fraud; and communicating with management and those charged with governance. The ISA 240 provides guidance on communications with regulatory and enforcement authorities. The standard provides guidance if, as a result of a misstatement resulting from fraud or suspected fraud, the auditor encounters exceptional circumstances that bring into question the auditor’s ability to continue performing the audit. Lastly the standard establishes documentation requirements.

 

According to the Standards the term error refers to an unintentional misstatement in financial statements, including the omission of an amount or a disclosure, such as the following a mistake in gathering or processing data from which financial statements are prepared; an incorrect accounting estimate arising from oversight or misinterpretation of facts; and a mistake in the application of accounting principles relating to measurement, recognition, classification, presentation or disclosure. According to the standards the term fraud refers to an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. Auditors do not make legal determinations of whether fraud has actually occurred. Fraud involving one or more members of management or those charged with governance is referred to as management fraud. A fraud involving only employees of the entity is referred to as employee fraud. In either case, there may be collusion within the entity or with third parties outside of the entity. According to ISA 240 fraudulent financial reporting involves intentional misstatements including omissions of amounts or disclosures in financial statements to deceive financial statement users. Fraudulent financial reporting may be accomplished by the following manipulation, falsification, or alteration of accounting records or supporting documentation from which the financial statements are prepared; misrepresentation in, or intentional omission from, the financial statements of events, transactions or other significant information; intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure. Fraudulent financial reporting can be caused by the efforts of management to manage earnings in order to deceive financial statement users by influencing their perceptions as to the entity’s performance and profitability. Such earnings management may start out with small actions or inappropriate adjustment of assumptions and changes in judgments by management. Pressures and incentives may lead these actions to increase to the extent that they result in fraudulent financial reporting. Such a situation could occur when, due to pressures to meet market expectations or a desire to maximize compensation based on performance, management intentionally takes positions that lead to fraudulent financial reporting by materially misstating the financial statements. In some other entities, management may be motivated to reduce earnings by a material amount to minimize tax or to inflate earnings to secure bank financing.

 

The primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and with management. The respective responsibilities of those charged with governance and of management may vary by entity and from country to country. In some entities, the governance structure may be more informal as those charged with governance may be the same individuals as management of the entity.  It is important that management, with the oversight of those charged with governance, place a strong emphasis on fraud prevention, which may reduce opportunities for fraud to take place, and fraud deterrence, which could persuade individuals not to commit fraud because of the likelihood of detection and punishment. This involves a culture of honesty and ethical behavior. Such a culture, based on a strong set of core values, is communicated and demonstrated by management and by those charged with governance and provides the foundation for employees as to how the entity conducts its business. Creating a culture of honesty and ethical behavior includes setting the proper tone; creating a positive workplace environment; hiring, training and promoting appropriate employees; requiring periodic confirmation by employees of their responsibilities and taking appropriate action in response to actual, suspected or alleged fraud. It is the responsibility of those charged with governance of the entity to ensure, through oversight of management, that the entity establishes and maintains internal control to provide reasonable assurance with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. Active oversight by those charged with governance can help reinforce management’s commitment to create a culture of honesty and ethical behavior. In exercising oversight responsibility, those charged with governance consider the potential for management override of controls or other inappropriate influence over the financial reporting process, such as efforts by management to manage earnings in order to influence the perceptions of analysts as to the entity’s performance and profitability. The ISA 240 focuses more towards auditing on a wider perspective. The said standards discussed what constitutes fraud and risk assessment. The said standards explained what should be done to ensure that cases of fraud can be known. ISA 240 focused more on the auditor as a person and what should be their relationship with the management team. Moreover ISO 240 gave guidelines of how auditors should act in accordance to the different situations they are facing.

 

On the other hand SAS 99 is a 51 page description and discussion of consideration of fraud in a financial statement audit. According to SAS 99 Fraud is a broad legal concept and auditors do not make legal determinations of whether fraud has occurred. Rather, the auditor’s interest specifically relates to acts that result in a material misstatement of the financial statements. The primary factor that distinguishes fraud from error is whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional. Fraud is an intentional act that results in a material misstatement in financial statements that are the subject of an audit. Three conditions generally are present when fraud occurs. First, management or other employees have an incentive or are under pressure, which provides a reason to commit fraud. Second, circumstances exist for example, the absence of controls, ineffective controls, or the ability of management to override controls that provide an opportunity for a fraud to be perpetrated. Third, those involved are able to rationalize committing a fraudulent act. Some individuals possess an attitude, character, or set of ethical values that allow them to knowingly and intentionally commit a dishonest act. However, even otherwise honest individuals can commit fraud in an environment that imposes sufficient pressure on them. The greater the incentive or pressure, the more likely an individual will be able to rationalize the acceptability of committing fraud.

 

Fraudulent financial reporting need not be the result of a grand plan or conspiracy. It may be that management representatives rationalize the appropriateness of a material misstatement, for example, as an aggressive rather than indefensible interpretation of complex accounting rules, or as a temporary misstatement of financial statements, including interim statements, expected to be corrected later when operational results improve. According to SAS 99 Fraud also may be concealed through collusion among management, employees, or third parties. Collusion may cause the auditor who has properly performed the audit to conclude that evidence provided is persuasive when it is, in fact, false. For example, through collusion, false evidence that controls have been operating effectively may be presented to the auditor, or consistent misleading explanations may be given to the auditor by more than one individual within the entity to explain an unexpected result of an analytical procedure. As another example, the auditor may receive a false confirmation from a third party that is in collusion with management. Although fraud usually is concealed and management’s intent is difficult to determine, the presence of certain conditions may suggest to the auditor the possibility that fraud may exist. For example, an important contract may be missing, a subsidiary ledger may not be satisfactorily reconciled to its control account, or the results of an analytical procedure performed during the audit may not be consistent with expectations. However, these conditions may be the result of circumstances other than fraud. Documents may legitimately have been lost or misfiled; the subsidiary ledger may be out of balance with its control account because of an unintentional accounting error; and unexpected analytical relationships may be the result of unanticipated changes in underlying economic factors. Even reports of alleged fraud may not always be reliable because an employee or outsider may be mistaken or may be motivated for unknown reasons to make a false allegation

 

The auditor should inquire of management about whether management has knowledge of any fraud or suspected fraud affecting the entity; whether management is aware of allegations of fraud or suspected fraud affecting the entity, for example, received in communications from employees, former employees, analysts, regulators, short sellers, or others; management’s understanding about the risks of fraud in the entity, including any specific fraud risks the entity has identified or account balances or classes of transactions for which a risk of fraud may be likely to exist; programs and controls the entity has established to mitigate specific fraud risks the entity has identified, or that otherwise help to prevent, deter, and detect fraud, and how management monitors those programs and controls; for an entity with multiple location  the nature and extent of monitoring of operating locations or business segments, and  whether there are particular operating locations or business segments for which a risk of fraud may be more likely to exist; whether and how management communicates to employees its views on business practices and ethical behavior. According to SAS 99 In planning the audit, the auditor also should perform analytical procedures relating to revenue with the objective of identifying unusual or unexpected relationships involving revenue accounts that may indicate a material misstatement due to fraudulent financial reporting. An example of such an analytical procedure that addresses this objective is a comparison of sales volume, as determined from recorded revenue amounts, with production capacity. An excess of sales volume over production capacity may be indicative of recording fictitious sales. As another example, a trend analysis of revenues by month and sales returns by month during and shortly after the reporting period may indicate the existence of undisclosed side agreements with customers to return goods that would preclude revenue recognition. SAS 99 focused on the auditor as a authoritative and a careful person who makes sure that everything observed is noted,  and every accusations of fraud has been proven before making any moves towards it. Analytical procedures performed during planning may be helpful in identifying the risks of material misstatement due to fraud. However, because such analytical procedures generally use data aggregated at a high level, the results of those analytical procedures provide only a broad initial indication about whether a material misstatement of the financial statements may exist. Accordingly, the results of analytical procedures performed during planning should be considered along with other information gathered by the auditor in identifying the risks of material misstatement due to fraud.

            

According to SAS 99 When audit test results identify misstatements in the financial statements; the auditor should consider whether such misstatements may be indicative of fraud. That determination affects the auditor’s evaluation of materiality and the related responses necessary as a result of that evaluation. If the auditor believes that misstatements are or may be the result of fraud, but the effect of the misstatements is not material to the financial statements, the auditor nevertheless should evaluate the implications, especially those dealing with the organizational position of the persons involved. For example, fraud involving misappropriations of cash from a small petty cash fund normally would be of little significance to the auditor in assessing the risk of material misstatement due to fraud because both the manner of operating the fund and its size would tend to establish a limit on the amount of potential loss, and the custodianship of such funds normally is entrusted to a non-management employee. Conversely, if the matter involves higher-level management, even though the amount itself is not material to the financial statements, it may be indicative of a more pervasive problem, for example, implications about the integrity of management. In such circumstances, the auditor should reevaluate the assessment of the risk of material misstatement due to fraud and its resulting impact on the nature, timing, and extent of the tests of balances or transactions and the assessment of the effectiveness of controls if control risk was assessed below the maximum. The auditor’s consideration of the risks of material misstatement and the results of audit tests may indicate such a significant risk of material misstatement due to fraud that the auditor should consider withdrawing from the engagement and communicating the reasons for withdrawal to the audit committee or others with equivalent authority and responsibility. Whether the auditor concludes that withdrawal from the engagement is appropriate may depend on the implications about the integrity of management and the diligence and cooperation of management or the board of directors in investigating the circumstances and taking appropriate action. Because of the variety of circumstances that may arise, it is not possible to definitively describe when withdrawal is appropriate. The auditor may wish to consult with legal counsel when considering withdrawal from an engagement.

 

Some risks are inherent in the environment of the entity, but most can be addressed with an appropriate system of internal control. Once fraud risk assessment has taken place, the entity can identify the processes, controls, and other procedures that are needed to mitigate the identified risks. Effective internal control will include a well-developed control environment, an effective and secure information system, and appropriate control and monitoring activities. Because of the importance of information technology in supporting operations and the processing of transactions, management also needs to implement and maintain appropriate controls, whether automated or manual, over computer-generated information. SAS 99 give attention on what constitutes fraud but it gives more explanation and more examples regarding that topic. SAS 99 focuses not only on what the auditor should act but it focuses on how they act given the different personalities and characteristics.