CORPORATE SCANDAL FALLOUT AFFECTS PRIVATE COMPANIES
November 2003 Vol. 7 Issue 10
DOLLARS & SENSE
If you are an executive of a private company, you may have thought you had escaped the fallout from the recent corporate scandals. But although your company may not operate under the watchful eye of the Securities and Exchange Commission, if your business is required to have an audit, you will very soon feel the impact of at least one new major accounting regulation — if your business is required to have an audit..
SAS 99, the Accounting Standards Board’s new auditing standard for fraud, calls for auditors to develop a “mindset that fraud can occur.” Because auditors may become comfortable with their clients, SAS 99 fosters a strict, professional relationship and encourages auditors to more fully discuss fraud risk, to examine certain financial items more closely and to question management.
In applying SAS 99, one must first understand the definition ofwhat fraud is. SAS 99 defines fraud as “an intentional act that results in a material misstatement in financial statements that are subject to audit.” Material misstatements may result from either fraudulent financial reporting or misappropriation of assets. We have recently seen fraudulent financial reporting in corporate America. The offenders include such notables as Enron, Rite Aid and Xerox. For these companies, the financial statement fraud was the overstatement of revenues. The fraud was perpetrated for various reasons, including an effort to maintain or inflate stock prices, meet forecasts or to compensate top management. Fraud related to the misappropriation of assets is identified with activities such as embezzlement by an employee or the theft of inventory or fixed assets. In the vast majority of fraudulent financial statement reporting and misappropriation of assets, there are certain similarities. SAS 99 refers to the combination of the elements of incentive/pressure, opportunity and attitude/rationalization (the fraud triangle). Fraud may occur when only one of these elements exists, but the risk of fraud is at its greatest when all three elements are in place. In an effort to understand and identify fraud, both auditors and the company’s management must be aware of the elements of fraud.
As part of planning for your audit, the auditors are required to discuss the risk of fraud and consider where that risk is the greatest. In determining fraud risk, it is imperative that auditors exercise professional skepticism. Auditors must reassess beliefs as to the integrity and honesty of management and only accept persuasive audit evidence. This reassessment of an existing audit client may be very difficult, but is essential in applying SAS 99. It might best be accomplished by changing members of the audit team. Having new team members without previous knowledge of management or the company may develop new ideas or cause the audit engagement team to revisit areas previously dismissed as a fraud risk.
As part of the discussing the risk of fraud, SAS 99 requires the audit engagement team to go through a brainstorming process. The objectives of brainstorming are to determine how fraud may occur and be hidden by management and to develop the proper attitude about fraud within the engagement team. If the audit partner or audit manager does not express the proper attitude about detecting fraud, this might adversely affect the mindset of other members of the audit engagement team. In achieving brainstorming objectives, there must be an exchange of free flowing ideas among members of the brainstorming team. The brainstorming team should include key members of the engagement team. The brainstorming session should be designed so that all members, both senior and junior, participate. Every member of the team should feel free to contribute without fear of criticism by other members.
Once fraud risk areas are identified, auditors must further evaluate the systems and information in those areas. Auditors will obtain this information through inquiry of management and other employees of the company, consider results of analytical procedures and consider fraud risk factors and certain other information. During the inquiry process, SAS 99 requires the auditor to ask employees of the company if they are aware of any fraud or suspected fraud and to inquire if they have ever been asked to, or witnessed another employee, circumvent the company’s policies, procedures or controls.
These inquires will be made with management, audit committee members and key accounting personnel. Inquires may include other company employees. Inquiry of other employees may provide the auditor with great insight into the attitudes/ rationalizations of the company. The information gathered would be assessed to determine where material misstatements due to fraud may occur and to design necessary procedures to detect. These procedures may include examining journal entries, reviewing unusual transactions or performing unpredictable audit procedures such as changing nature and timing of audit procedures from interim to year-end, testing lower value items, perform surprise inventory observations or test accounts not normally tested.
As a result of implementing SAS 99, auditors will be required to invest more time in the planning stage, increase their emphasis on professional skepticism, design and implement unpredictable audit procedures and to continually assess where material misstatements due to fraud may be perpetuated.
Material misstatements due to fraud can have negative implications effecting affecting stockholders, employees, third parties, and potential investors. A and, as recently seenwe know, these misstatements can have an impact on the economy as a whole.
Still, The detection of fraud cannot be placed solely on the shoulders of auditors. Management is still responsible for designing and implementing company programs and controls to prevent, deter and detect fraud. It is management’s responsibility to instill the proper attitudes towards fraud and to enforce the policies and procedures developed by the company.