AUDITORS RESPONSIBILITY FOR DETECTING FRAUD

The current authoritative guidelines on fraud detection are presented in SAS No. 99,
Consideration of Fraud in a Financial Statement Audit, which pertains to the following areas of a
financial audit:
1. Description and characteristics of fraud
2. Professional skepticism
3. Engagement personnel discussion
4. Obtaining audit evidence and information
5. Identifying risks
6. Assessing the identified risks
7. Responding to the assessment
8. Evaluating audit evidence and information
9. Communicating possible fraud
10. Documenting consideration of fraud
This list demonstrates how the external auditor must now think about fraud during every
phase of the audit processes and seamlessly blend the auditors consideration of fraud into the
audit process. The auditor is also required to assess the risk factors related to both fraudulent
financial reporting and the misappropriation of assets.
Fraudulent Financial Reporting
Risk factors that relate to fraudulent financial reporting are grouped according to the
following classifications:
Managements characteristics and influence over the control environment. These factors
relate to the tone-at-the-top regarding internal control, management style, situational pressures,
and the financial reporting process.
Industry conditions. This includes the economic and regulatory environment in which
the entity operates. For example, a company in declining industry orwith key customers
experiencing business failures is at greater risk to fraud than one whose industry base is stable.
Operating characteristics and financial stability. This pertains to the nature of the entity
and the complexity of its transactions. For example, an organization involved withrelatedpartytransactionswithorganizationsthatarenotauditedmaybeatriskto fraud.

In the case of financial fraud (management fraud), external auditors should look for the
following kinds of common schemes:
Improper revenue recognition
Improper treatment of sales
Improper asset valuation
Improper deferral of costs and expenses
Improper recording of liabilities
Inadequate disclosures
Misappropriation of Assets
Two risk factors are related to misappropriation of assets:
1. Susceptibility of assets to misappropriation. The susceptibility of an asset pertains to its nature
and the degree to which it is subject to theft. Liquid assets, such as cash and bearer bonds, are
more susceptible to misappropriation than nonliquid assets such as steel girders and physical
plant equipment.
2. Controls. This class of risk factors involves the inadequacy or lack of controls designed to
prevent or detect misappropriation of assets. For example, a database management system that
does not adequately restrict access to accounting records increases the risk of asset
misappropriation.
Examples of common schemes related to employee theft (asset misappropriation) include the
following:
Personal purchases
Ghost employees
Fictitious expenses
Altered payee
Pass-through vendors
Theft of cash (or inventory)
Lapping

Auditors Response to Risk Assessment

The auditors judgments about the risk of material misstatements due to fraud may affect
the audit in the following ways:
Engagement staffing and extent of supervision. The knowledge, skill, and ability of
personnel assigned to the engagement should be commensurate with the assessment of the level
of risk of the engagement.
Professional skepticism. Exercising professional skepticism involves maintaining an
attitude that includes a questioning mind and critical assessment of audit evidence.
Nature, timing, and extent of procedures performed. Fraud risk factors that have control
implications may limit the auditors ability to assess control risk below the maximum and thus
reduce substantive testing.
Response to Detected Misstatements Due to Fraud
To some degree, the risk of material misstatement due to fraud always exists. The
auditors response is thus influenced by the degree of assessed risk. In some cases, the auditor
may determine that currently planned audit procedures are sufficient to respond to the risk
factors. In other cases, the auditor may decide to extend the audit and modify planned
procedures. In rare instances, the auditor may conclude that procedures cannot be sufficiently
modified to address the risk, in which case the auditor should consider withdrawing from the
engagement and communicating the reasons for withdrawal to the audit committee.
When the auditor has determined that fraud exists but has had no material effect on the
financial statements, the auditor should
Refer the matter to an appropriate level of management at least one level above those involved.
Be satisfied that implications for other aspects of the audit have been adequately considered.
When the fraud has had a material effect on the financial statements or the auditor is
unable to evaluate its degree of materiality, the auditor should
Consider the implications for other aspects of the audit.
Discuss the matter with senior management and with a board of directors audit
committee.
Attempt to determine whether the fraud is material.
Suggest that the client consult with legal counsel, if appropriate.

Documentation Requirements
The auditor should document in the working papers the criteria used for assessing the
fraud risk factors. Where risk factors are identified, the documentation should include (1) those
risk factors identified and (2) the auditors response to them.
FRAUD DETECTION TECHNIQUES
Because of the need to falsify accounting records, many fraud schemes leave a trail in the
underlying accounting data that the forensic auditor can follow if he or she knows what to look
for. For businesses with a large volume of transactions, however, finding the telltale trail using
manual procedures may be impossible. Computer-based data extraction and analysis tools such
as ACL are thus essential. To find the trail in the masses of data, the auditor first develops a
fraud profile that identifies the data characteristics that one would expect to find in a specific
type of fraud scheme. This identification requires an understanding of the enterprises processes
and internal controls (and their weaknesses). Once the fraud profile is developed, ACL can be
used to manipulate the organizations data to search for transactions that fit the profile. In this
section, we examine the operational and data characteristics of three common fraud schemes.
The ACL features that are used here for fraud detection were discussed in Chapters 9 and 10 and
explained in detail in the ACL workbook that accompanies the software license. The following
discussion presumes that the reader is familiar with that material.
Payments to Fictitious Vendors
The purchasing function is particularly vulnerable to fraud and, for many organizations,
represents a significant area of risk. A common fraud scheme involves making a payment to a
fictitious company. A preliminary step in this scheme requires the perpetrator to create a phony
vendor organization and establish it in the victim organizations records as a legitimate supplier.
The embezzler then submits invoices from the fake vendor, which are processed by the accounts
payable system of the victim company. Depending on the organizational structure and internal
controls in place, this type of fraud may require collusion between two or more individuals. For
example, the purchasing agent prepares a purchase order for items from the fake vendor, and the
receiving clerk prepares a fictitious receiving report for the items. Accounts payable receives
these documents, which appear to be legitimate, and matches them to the phony invoice when it
arrives. An accounts payable is recorded and payment is subsequently made. In smaller
organizations, a single individual with the authority to authorize payments can hatch a simpler
version of the scheme. The fraud profile describing the false-vendor scheme and the audit
procedures are described next.

Sequential Invoice Numbers

Since the victim organization is the only recipient of the invoices, the supporting invoices
issued by the phony vendor may actually be in something close to an unbroken numerical

sequence. The audit procedure is to use ACL to sort the records of the invoice file by invoice
number and vendor number. This will highlight records that possess series characteristics, which
can then be retrieved for further review.

Vendors with P.O. Boxes

Most legitimate suppliers have a complete business address. Since fake suppliers have no
physical facilities, the perpetrator of the fraud will sometimes rent a P.O. box to receive
payments by mail. Although it is also possible for a legitimate vendor to use a P.O. box, these
suppliers are candidates for further review. The audit procedure is this: Using ACLs expression
builder, create a filter to select vendor records from the invoice file that use P.O. box addresses.
From this list, verify the legitimacy of the vendor.

Vendors with Employee Addresses

Rather than rent a P.O. box, the perpetrator may use his or her home address on the
invoice. Although it is also possible that an employees home-based business is a legitimate
supplier, this is not likely and should be investigated. The audit procedure is to use ACL to join
the employee file and the invoice file using the address fields as the common key for both files.
Only records that match should be passed to the resulting combined file. These records can then
be reviewed further.

Multiple Companies with the Same Address

To divert attention away from excessive purchases made from the same vendor, a
perpetrator may create several phony suppliers that share the same mailing address. As an audit
safeguard, use ACLs Duplicates command to generate a listing of mailing addresses that are
common to two or more vendors.

Invoice Amounts Slightly below the Review Threshold

Many organizations control disbursements by establishing a materiality threshold. A

management review and signature is required for all checks that exceed the threshold. Those that
fall below the limit are not reviewed. Knowing this, the perpetrator may falsify payments that
fall just under the threshold to maximize his or her benefit from the fraud. The audit procedure
for this situation is to use ACLs expression builder to create a value range around the control
threshold to highlight suspicious activity that warrants further investigation, sort payments
records that fall within this range by vendor.
Payroll Fraud
The two common forms of payroll fraud are overpayment of employees and payments to
nonexistent employees. The first scheme typically involves inflating the number of hours worked
and/or issuing duplicate payroll checks. The second approach involves entering fictitious

employees into the payroll system. A supervisor, who then receives the resulting payroll checks,
usually perpetrates this type of fraud. A variation on this scheme is to keep a terminated
employee on the payroll. Suggested audit procedures for detecting these frauds are described
next.

Test for Excessive Hours Worked

Use ACLs Expression Builder to select payroll records that reflect excessive hours
worked. The determination of what is excessive will depend on the nature of the organization
and its policies. If moderate overtime is fairly common, then filtering records to identify
instances where the hours worked field in the payroll record is greater than 50 may uncover
fraudulent situations. Using this filter to review employee records over time may disclose a
pattern of abuse.

Test for Duplicate Payments

Use ACLs Duplicates function to search payroll records for employees with the
following characteristics:
Same employee number, same name, same address, etc. (duplicate payments)
Same name with different mailing addresses
Same name with different checking accounts
Same name with different Social Security numbers
Same mailing address with different employee names
Some duplicate records detected in the search will be due to natural phenomena (i.e.,
unrelated individuals who happen to have the same name). The results, however, provide the
auditor with a basis for further review.

Test for Nonexistent Employees

Use ACLs Join feature to link the payroll and employee files using Employee Number as
the common attribute. The resulting joined file should contain only those records from the
payroll file that do not match valid employee records. These records need to be reviewed with
management.
Lapping Accounts Receivable
Lapping was described earlier in the chapter as the theft of a customers check received in
payment on his account. The perpetrator then covers the theft in the following period by applying
cash received from a second customer to the account of the first. The simplicity of this fraud

technique is key to its success because it presents a very obscure fraud profile. The only evidence
of fraud in the underlying data is in the timing difference between when payment is received and
when it is recorded. Depending on how the organization structures its accounts receivable, this
may be difficult to detect. The problem is illustrated by comparing two common methods of
managing accounts receivable.

The Balance Forward Method

The balance forward method is used extensively for consumer accounts. Total sales to
customers for the period are itemized and billed at the period end. Customers are required to pay
only a minimum amount off the balance. The rest of the balance, plus interest, is carried forward
to the next period.
Lapping is difficult to detect in this type of system. For example, assume the perpetrator
embezzles a customer payment of $500. This amount would not be posted to the customers
account in the current period, and the balance carried forward to the next period would be
overstated by $500. In the following period, cash taken from another customer would be used to
cover this amount. Since balances carried forward are commonplace, an overstated amount does
not draw attention internally. The customer, however, may complain that the payment was not
recorded. If the embezzler himself deals with the complaint, he could explain that the payment
was received too late to be reflected on the current statement but would show up in the next
period.

The Open Invoice Method

The open invoice method is often used to manage trade accounts receivable (sales to
other business organizations). Each invoice is recorded as a separate item in the invoice file.
Checks received from customers are usually in payment of individual invoices. Since good credit
relations between customer and supplier are critical, payments tend to be on time and in full.
Partial payments resulting in balances carried forward are the exception rather than the norm.
To illustrate lapping in this situation, assume that Customer A remits a check for
$1,523.61 in payment of an open invoice for the same amount. The perpetrator pockets the check
but does not close the invoice. Therefore, the invoice balance is carried forward. In the next
period, Customer B remits a check for $2,636.88 in full payment of an open invoice. The
embezzler applies $1,523.61 of this payment to Customer As open invoice, thus closing it. The
remainder ($1,113.27) is applied to Customer Bs invoice, which remains open. The balance of
$1,523.61 is carried forward into the next period. To go undetected, the perpetrator must actively
continue the lapping fraud from period to period. This carry-forward characteristic provides the
forensic auditor with a basis for constructing a fraud profile. To illustrate, refer to invoice record
structure in Table 12.10.

The Invoice Amount field in Table 12.10 is the accounts receivable amount due. The Due
Date field is calculated at the time of the sale, and the Closed Date field is entered when the
payment is received. The Remittance Amount field reflects the amount of payment received from
the customer.
The audit procedure is as follows: Assuming the organization follows proper backup
procedures, the invoice file will be copied frequently throughout the period under review, thus
producing several archived versions of the file. Collectively, these files reflect the invoice
amounts carried forward from month to month. If the auditor suspects lapping, he or she may
employ the following ACL tests:
Use ACLs expression builder to select items from each file version whose Remittance Amount
field is greater than zero and less than the Invoice Amount field. These sets of records may
contain legitimate items that are being disputed by the customers. For example, damaged goods,
overcharges, and refused deliveries may result in customers making only partial payments. The
auditor will need to sift through these legitimate issues to identify lapping.
Merge the resulting carry-forward files into a single file reflecting activity for the entire period.
Create a calculated field of the amount carried forward (Invoice AmountRemittance
Amount).
Use the duplicates command to search the file for calculated carry-forward amounts that are the
same. Following the example just illustrated, a carry-forward pattern of $1,523.61 will emerge.