they performed procedures to identify or detect fraud during the year?
Has management satisfactorily responded to any finding from procedures performed to identify or detect fraud?
Are they aware of any actual, suspected, or alleged fraud?
(AU-C 240.19)
Inquiries of Others within the Organization
The auditor should also ask others within the entity whether they are aware of actual or suspected fraud, using professional judgment to determine to whom these inquiries are made and how extensive the inquiries should be. The following are examples of people who may provide helpful information and, therefore, to whom the auditor may wish to consider directing inquiries:
1 Anyone at varying levels of authority with whom the auditor deals during the audit, such as when the auditor is obtaining an understanding of the entity’s internal controls, observing inventory, performing cutoff procedures, or getting explanations for fluctuations noted during analytical procedures
2 Operating staff not directly involved in financial reporting
3 Employees involved in initiating, recording, or processing complex or unusual transactions
4 In-house legal counsel
(AU-C 240.A19)
Inquiries of Those Charged with Governance
The auditor should understand how those charged with governance oversee the entity’s assessment of fraud risks and the mitigating programs and controls. (AU-C 240.20) The auditor should make the following inquiries of those charged with governance:
What are those charged with governance’s (or the audit committee’s or at least the chair’s) views of the risk of fraud?
Do they know about actual, alleged, or suspected fraud in the entity?
(AU-C 240.21)
Considering the Results of Analytical Procedures
When performing the required analytical procedures in planning the audit as discussed in Section 520, Analytical Procedures, the auditor may find unusual or unexpected relationships as a result of comparing the auditor’s expectations with recorded amounts or ratios developed from such amounts. The auditor should consider those results in identifying the risk of material misstatement due to fraud. (AU-C 240.22)
The auditor should also perform analytical procedures relating to revenue with the objective of identifying unusual or unexpected relationships involving revenue accounts that may indicate a material misstatement due to fraudulent financial reporting. Examples of such procedures include:
Comparing sales volume with production capacity (sales volume greater than production capacity might indicate fraudulent sales).
Trend analysis of revenues by month and sales return by month shortly before and after the reporting period (the analysis may point to undisclosed side agreements with customers to return goods).
Trend analysis of sales by month compared with units shipped. This may identify a material misstatement of recorded revenues.
(AU-C 240.A25)
Although analytical procedures performed during audit planning may be helpful in identifying the risk of material misstatement due to fraud, they may only provide a broad indication, since such procedures use data aggregated at a high level. Therefore, the results of such procedures should be considered along with other information obtained by the auditor in identifying fraud risk. (AU-C 240.26)
Considering Fraud Risk Factors
Using professional judgment, the auditor should consider whether information obtained about the entity and its environment indicates that fraud risk factors are present, and, if so, whether it should be considered when identifying and assessing the risk of material misstatement due to fraud. (AU-C 240.24)
Examples of fraud risk factors are presented in Illustrations 1 and 2 at the end of this chapter. These risk factors are classified based on the three conditions usually present when fraud exists:
1 Incentive/pressure
2 Opportunity
3 Attitude/rationalization
(AU-C 240.A30)
The auditor should not assume that all three conditions must be present or observed. In addition, the extent to which any condition is present may vary.
The size, complexity, and ownership of the entity may also affect the identification of fraud risks. (AU-C 240.A31)
In planning the audit, the auditor will most likely use a list of fraud risk factors to serve as a memory jogger. This list may be taken from the examples listed in the AU-C Illustrations at the end of this chapter, or the examples provided may be tailored to the client. The documentation of this list of fraud risk factors to be considered is not required, but represents good practice.
During the planning and performance of the audit, the auditor may identify some of the fraud risk factors from the list as being present at the client. Of those risk factors present, some will be addressed sufficiently by the planned audit procedures; others may require the auditor to extend audit procedures.
Considering Other Information
The auditor should evaluate other information that may be helpful in identifying fraud risk. The auditor should consider:
Any information from procedures performed when deciding to accept or continue with a client
Results of review of interim financial statements
Identified inherent risks
Information from the discussion among engagement team members
Identifying Fraud Risks
Fraud risk factors may come to the auditor’s attention while performing procedures relating to acceptance or continuance of clients, during engagement planning or obtaining an understanding of an entity’s internal control, or while conducting fieldwork. Accordingly, the assessment of the risk of material misstatement due to fraud is a cumulative process that includes a consideration of risk factors individually and in combination. As noted earlier, assessment of fraud risk factors is not a simple matter of counting the factors present and converting the result to a level of fraud risk. A few risk factors or even a single risk factor may heighten the risk of fraud significantly.
Attributes
The auditor should use professional judgment and information obtained when identifying the risks of material misstatement due to fraud. The auditor should consider the following attributes of the risk when identifying risks:
Type (Does the risk involve fraudulent financial reporting or misappropriation of assets?)
Significance (Could the risk lead to a material misstatement of the financial statements?)
Likelihood (How likely is it that the risk would lead to a material misstatement of the financial statements?)
Pervasiveness (Does the risk impact the financial statements as a whole, or does it relate to an assertion, account, or class of transactions?)
Throughout the audit, the auditor should evaluate whether identified fraud risks can be related to certain account balances or classes of transactions and related assertions, or whether they relate to the financial statements as a whole. (AU-C 240.25) Examples of accounts or classes of