Written by: Zainab AlEkri Ch.

11 Typed By: Ali Jameel

Chapter.11
Fraud Auditing

Misstatement in F/S

There is no intention There is intention

“Something wrong”
Error or mistake. The type of misstatment is
Fraud.
It is usually so obvious, while based on the intention It is so difficult to discover it, because
there is no intention to commit having the intention to commit this
this misstatement, no one will try misstatement, mean working hard to
to cover it cover it

There is Two Types of Fraud

1. Fraudulent financial reporting Or “Management Fraud”: 2. Misappropriation of assets:

- All of F/S are wrong -misleading- mostly committed by management,  Less dangerous than the 1st type.
therefore it is very dangerous and very difficult to be discovered, because  It means reducing assets, due to
top management has the power over the organization that give them more theft.
ability to cover whatever they do.  Mostly committed by the
employees, that is why also
They may commit fraud in different ways: called “employee fraud”.
1. Earning management: play with earning figure “net income” to
decrease, or increase it depending on their incentive: Such as:
 Amounts: :  Cashier stole cash.
> Increase Net income: when they have loss for example.  Employee stole some of the
> Decrease Net income: when they want to evade “paying taxes for inventory.
example”.
 Disclosure, “Not really common way” :
[e.g.: omitting some information to mislead decision makers
“shareholder”]

2. Earning smooth: try to fix the level of the net income over the
years. [By sitting a range for it, to be presented for decision
makers, so when the actual net income get less they won’t claim].
(e.g. , if in2015 they have got $2m, they will show $1.5m only, so
when in 2016 they get $1.4m, no one will claim the poor
performance of the organization).

- In the 1st type of fraud -Fraudulent Financial reporting- > al F/S are going to be affected, because one change in
one of the F/S will impact on the others, because they are connected with each other. [Every single change
requires a series of changes to be covered].

1
Written by: Zainab AlEkri Ch.11 Typed By: Ali Jameel
Types of Fraud:

1. Fraudulent financial reporting: an intentional misstatement or omission of amounts or disclosure with intent to
deceive users.
 A decision was taken to commit the misstatement.
Examples:
 Accelerating the timing of recording sales revenue to increase reported sales and earning > playing with /changing
the timing of some sale transactions. [E.g. if in 2016 sale where down, but there is an agreement to sell large
number of inventory in 2017, the organization will show 2017 sales in 2016]
 Recording expenses as fixed assets to increase earning > hiding some expenses from income statement and
presenting them as fixed assets in the B/S.

2. Misappropriation of assets: involve theft of entity assets.

Examples:
 Clerk issuing payment to fictitious company.
 This usually happen because of inadequate separation of duties.
 To reduce/detect fraud > good + effective internal control is one way to do so.
 A sales clerk failing to record a sale and pocketing -steal- the cash receipts.

 The fraud triangle (three conditions):

Incentive/Pressure
(Having a reason -motive- to commit Fraud)

Fraud
Opportunities Attitude/Rationalization
(Internal control system -Weakness-) (Personal character, behavior, values)

 If the three condition are met > Fraud are committed, while if one or two are not, it will not happen.
 Therefore when top management or the employee, has the incentive to commit fraud, they are unethical people, and
the internal control system are weak > they will commit fraud.

 In the other side if they have the incentive and the internal control is weak, but they are ethical people > Fraud will
not happen, and so on, if one of the three conditions is not met, fraud will not be committed.

These three conditions are the same for the two types of fraud, which are:
 Fraudulent Financial reporting –management fraud-.
 Misappropriation of assets -employee fraud-
> They differ in their examples

2
Written by: Zainab AlEkri Ch.11 Typed By: Ali Jameel

 Examples of risks factors for fraudulent reporting

1. Incentive/Pressure: Management or other employees have incentive or pressure to materially misstate F/S
1) Financial stability or profitability is threatened by economy, industry, or entity operating condition. [Top
management get worried about market and shareholder reaction due to negative financial issues, so in order to keep
their image/reputation and not to lose shareholder support, they may decide to commit fraud)

2) Excessive pressure “exists” for management to meet debt requirements. [Some Banks/organization set a number of
requirements to give loans, so if it has not been met, top management may commit some manipulation in order to get
the loan at specific interest rate]
For example, if the bank will give “A” company a loan at 9% interest rate if they get $2m as a net income, while if they
did not get this income, they have to pay 12% as interest rate, therefore “A” company top management may commit
fraud to record net income at $2m to meet the debt requirement.

3) Management or the board of director personal net worth is materially threatened by the entity financial
performance. [Top management/Board of directors will gain more benefits if the entity financial performance is high, so
when they find out that the financial performance is low, they may manipulate financial statements for their own
benefits and rewards]

2. Opportunities. Circumstances provide opportunities for management or employees to misstate financial statements.
1) There are significant accounting estimates that are difficult to verify. [such as using different accounting methods for
different activities in the organization to make it difficult to trace accounting estimates, like when accounting for
depreciation > they will use straight line method for one activity, unit of production for another one , and
double-declining method for the third activity, this will confuse board of directors]

2) There is ineffective oversight over financial reporting. [Top management may give an indication for board of
directors and shareholders -decision maker- that financial reporting are very confusing and difficult to trace, so they
won’t pay attention to it, which will give them the chance to commit fraud].

3) High turnover or ineffective accounting internal audit, or information technology staff exists. [High turnover mean
hiring and laying-off employees very quickly -in a shore period- so at the end of the year, top management will hire new
employees who will not be able to trace, control and understand everything inside the company > Top management will
have the chance to play with financial statements]

3. Attitudes/*Rationalization: An attitude, character, or set of ethical values exists that allow management or
employees to intentionally commit a dishonest act, or they are in an environment that impasses sufficient pressure that
causes them to rationalize committing a dishonest.
1) In-appropriation or inefficient (communication) and support of the entity’s values is evident. [Top management
with dishonest, unethical personal character will not spread of ethical values, or encourage their employees to be good
and ethical, because if he will, they could detect his fraud).

2) History of violation of laws in known. [Those who always violate laws and ethical values are expected to commit
fraud depending on their historical behaviors].

3) Management has a practice of making overly aggressive or unrealistic forecasts. [When they always present and
estimate unrealistic forecast and they knew it, therefore their character is not good, their attitude will lead to fraud to
be committed]
*Rationalization: To undervalue committing fraud -Think of it like nothing is wrong with it-

3
Written by: Zainab AlEkri Ch.11 Typed By: Ali Jameel

 Examples of risk factors for Misappropriation of assets:

1. Incentive/Pressure:

1) Personal financial obligation creates pressure to misappropriate assets. [Not related to the organization, personal
financial matter -like when the cashier has an obligation to be paid, so he may has this as an incentive to steal cash-]

2) Adverse relationship between “management” and “employees” motivate employees to misappropriate assets.
[Related to the organization > relationship between management and employees, they may not respect them, punish
them all the time > to be an incentive to commit fraud.

3) Known or expected employee’s layoffs. [When employees known or expect to be fired, therefore they may
misappropriate assets as compensation for themselves or revenge]

4) Promotion, compensation, or other rewards “inconsistent with expectations”. [This is also related to management
attitude, when employees feel injustice regarding the allocation of promotions, compensation, and rewards, feeling that
they deserve more, this may lead them to misappropriate assets).

2. Opportunities:
Examples of risks factors for misappropriation of assets:
1) There is a presence of large amounts of cash on hand or inventory items. [When the organization keep a large
amounts of cash or inventory items at its premises > when employees know that, they may be encouraged to steal
some] > Therefore cash must be deposited in the bank on a daily basis.

2) There is inadequate internal control over assets. [Bad internal control system > lack of physical control over assets]

3) Lack of appropriate segregation of duties or independent check. [The absence of one of control activities package
make a chance to commit this type of fraud –misappropriation of assets-]

4) Lack of job applicant screening for employees with access to assets. [For those employees who will work -deal- with
assets > they must be subjected to job applicant screening to make sure that they don’t have any previous criminal
records -theft- , if this was not applied > there may be some of them had].

3. Attitudes/*Rationalization:

1) Disregard for the need to monitor or reduce risk of misappropriating assets exists.[This is also related to control
activities > when there is no physical control over assets, and records, this will increase the risk of misappropriating
assets].

2) Disregard of internal control. [Not paying attention to internal control]

Strongly linked with internal control, because even unethical people won’t do anything wrong until they have the chance
to.

4
Written by: Zainab AlEkri Ch.11 Typed By: Ali Jameel
 Assessing the risk of fraud:

- Auditing standard (SAS 99) provide guidance to auditor in assessing the risk of the fraud.

 Professional skepticism:
[SAS 1 states that an auditor neither assume that client -management- is dishonest, nor assumes unquestioned
honestly] > CPA should suspect his client, to be motivated to do his best due to his concern to check the client very
will and collect sufficient appropriate evidence. [Start from the point of engagement until finishing writing audit
report].
 To collect information to assess fraud risk (evidence), from: Sources to assess fraud risks.
 Communication among audit team
 Inquire of management
 Risk factors to identify risks of material misstatements due to fraud.
 Analytical
 Other information

1. Communication among audit team.

 SAS 99 requires from Audit team to conduct discussion to share insight and to brainstorming ideas, that address the
following:
a) How and where they think that there is a possibility of material misstatement due to fraud (Considering external
and internal factors):
 Who may have the Incentive or pressure to commit fraud or not?
 What about internal control? Is there any opportunity to commit fraud?
 What about management, and employee’s character and attitude? Are they ready to commit fraud if possible?
b) Possibilities that management will commit fraud and how.
c) How assets could be misappropriated -by employees-
d) CPA now must be ready to start their auditing, by deciding what response to make regarding the susceptibility of
material misstatements due to fraud.
2. Inquire of management:
One type of audit evidence. CPA will go directly to his clients personnel and ask them some question and collecting
their answers orally or written with their signature. [He wants to know whether he has knowledge of any fraud or
suspected fraud within the company].
 SAS 99 requires auditors to inquire > management, audit committee, internal audits views -if the entity has
internal function-, or employees dealing with internal control > this depend on CPA professional judgment, about
what information to make the inquiries about and select the appropriate group that deal with specific information.
3. Risk Factors:
SAS 99 requires CPA to evaluate Factors to commit fraud (the three conditions): “incentive, opportunity, and
attitude”
4. Analytical procedures:
Also one type of audit evidence > using it to compare rations, figures of the audit year -current- and the previous
year, CPA should apply them during planning and completion phases to identify any unusual fluctuation in the
transaction.

5. Other information:
All information that has been obtained during the audit process must be into consideration. (Any available
information).

5
Written by: Zainab AlEkri Ch.11 Typed By: Ali Jameel
 Documenting fraud assessment:
1) Discussion: Between audit team. (Evidence of the brainstorm before auditing > to be presented in audit file
2) Procedures: Action done by CPA when auditing his client to detect fraud.
3) Specific risks: Documenting his tracing for the three conditions of fraud. “incentive, opportunity, and attitude”
4) Reasons: For any action done by CPA, there must be a reason, and it must be documented.
5) Results: Concluding any result, “conclusion” > these must be documented as well
6) Other conditions: Considering any other matter with the client > document it
7) Nature of communication: When CPA contact with audit committee, internal auditor, or anyone else, this
communication must be documented.

 Responding to the risk of fraud:

After applying professional skepticism and collecting information from the previous 5 resources, CPA must have the
ability to decide that his client may commit fraud > how he will response?
1. Overall audit process -planning- will be changed, because of CPA suspicion; he must due more care while he auditing
and consider risk factor more.
2. Design and perform audit procedures to address identified risks. (Related to fraud)
3. Design and perform procedures to address the risk of management override of controls. [While management fraud
is the most dangerous type, therefore CPA need to trace management rules applied over risks related to fraud]

To do so, CPA is required to take 3 actions:

I. Examine journal entries and other *adjustments -for evidence- of possible misstatements due to fraud.
[*It is expected that management will manipulate adjustments to commit fraud] > For example, management
will violate revenue recognition principle by recording next period revenue at the current period -year-.
II. Review accounting estimates for biases. [Inside F/S there are a lot of items figures that are based on estimations
such as depreciation, therefore it is expected that management decided to commit fraud, they will play with
accounting estimates]
III. Evaluate the business rationale for significant unusual transactions

 When CPA starts to audit applying his professional skepticism, he may suspect his client even more, because of:

1) Discrepancies in the accounting records.

Contradictions in clients accounting records -information- [Normally accounting records must contain similar
information -when comparing them in journal, ledger, and other documents used to record- > therefore, when
information in each record don’t match with other records, this mean that a fraud been committed]
2) Conflicting or missing audit evidence.
When applying different audit evidence, CPA may find out that collected information from each evidence is different
from other > this will be an indication that a fraud been committed. [For example, information in documents related to
sales transactions is different when CPA inquires his client’s employees and also different information when he applied
confirmation > this is conflicts].
 “Missing records/evidence > means that someone had hide them, which is an indication of committed fraud”

3) Unusual relationship between previous CPA and management.

Current CPA must investigate about previous CPA, to look for any signals of unusual relationship with the client, that
made them not independent, which make them -client- able to commit fraud.
4) Result from substantive tests.
[Which are 3 tests, applied over Financial statements and figures], when their results are strange and unusual, CPA will
suspect more that a fraud had been committed.

6
Written by: Zainab AlEkri Ch.11 Typed By: Ali Jameel
 Specific Fraud Risk Areas.
[Ways to commit fraud > when CPA, know them, he will be able to investigate and discover them]
1. Revenue and accounts receivable fraud risks -very common way of fraud-.
2. Inventory fraud risks.
3. Purchases and accounts payable fraud risks.
4. Other areas of fraud risk.
 Fraudulent Financial Reporting Risk for Revenue:
 AICPA, SEC issued guidance dealing with revenue recognition.
 SAS99 require auditor to identify revenue recognition as a fraud risk in the most audit > Because revenue is almost
always the largest account in the income statement, therefore even a small misstatement percentage of revenue
can still have a large effect on income.
 [Depending on revenue recognition principle to recognize revenue -record it- , two conditions must be met:
1) Starting the transaction. -Started- 2) Completing the transaction. - Completed-

 [So when management record revenue before these conditions are met > it will be fraud, because it is violation to
the principle].

 Revenue and accounts receivable fraud risk.

 Techniques -Methods- used to manipulate revenue:
1. Recording of Fictitious revenue: Unearned revenue, not exist. (The most common form of revenue fraud)
 For example: the client record $5M Revenue, which is not real, claiming that these sale are on credit
> Therefore, they must adjust Account Receivable in Balance Sheet and also adjust Equity section to balance the two
side of the B/S, so they also going to re-prepare owners’ equity statements.
2. Premature revenue recognition: Revenue not yet earned “been recorded before it been recognized” > Accelerated
“revenue recognition”.
 For example: Violation of revenue recognition principle. (Management records revenue before the transaction is
completed). Because only when the transaction completed the customer will pay the cash if it’s on Cash or will give
Account Receivable -if on credit-, here where revenue must be recognized. (The two conditions will be met).

3. Manipulation of adjustment’s to revenue:

a) Manipulating depreciation expenses, Sale return and discount, by hiding them to avoid reducing sale figure.
b) Company may also understate bad debt expenses.
 For example: Management will select specific accounts to be deleted, to adjust the balance -Figure-, like -for
example- deleting “Sale allowances” account to represent “Sales” with higher -big figure- than it must be, which will
impact over Net income.

Further explanation for “Premature Revenue”:
- It’s all about “accelerating the timing of revenue recognition” to meet earning or sales forecasts.
 One of its ways is “Sales in hold” > When the organization has a request from customer to purchase goods,
Management accelerates recording revenue, while the transaction still not started nor completed.
 Another method is “issuing side agreements” > After playing with adjustment’s, and recording revenue in the
current period, while they must be recorded in the subsequent period, management will try to cover their
manipulation through changing agreements dates in its documents.

7
Written by: Zainab AlEkri Ch.11 Typed By: Ali Jameel
 Another example for “Manipulation of adjustments”:
Changing -reducing- Bad debt expenses (Understate), to show big figure for A/C Rec.
___________

Reason for manipulation of Adjustments:

(They are the same as “Examples of Risk factors for misappropriation of assets- under opportunity condition of fraud” >
Pg.4 under opportunities).

 Misappropriation of Assets:-

“Misappropriation of Cash receipts” Common example

Cash collected from sale transactions

 It involves failure to record a sale or an adjustment to customer Account receivable to hide the theft.
There are two ways to commit this type of fraud by employees:
1) The cashier will steal cash after collecting it from sale transactions, and he won’t record the transaction in journal
“This way is so difficult to be discovered and traced.(For CPA,when auditing it is hard to know -find out- that there
were un-recorded sale transaction)
2) The cashier will collect the cash and steal a part of it -or the entire amount- , he must cover his theft by reducing
the customer’s account in one of three ways:
I. Record a sale return or allowance. (To reduce customers A/C Rec.).
For Example: The actual amount to be collected is 1000, and the cashier stole 400, So he will claim that the 400 is
sales return and allowance.
Sale returns and allowances 400
A/c Rec. - Customer 400

II. Write off the customers amount:

In this situation, the cashier may steal the entire amount collected from the client > he will write-off the entire
amount - cancel it-
Cash 600
A/C Rec -Customer 600
III. Apply the payment from another customer to the customers’ accounts “Lapping”.
st
When 1 customer paid the amount due, the cashier stole the entire amount or part of it, so he will not be able to
record it as it must be, so he will wait until the 2nd customer pat, to record 1st customers sales transaction, and will
continue doing this for the 2nd customer, with the 3rd and so on.

 For CPA, to discover “lapping”, applying Analytical procedures will be helpful

 Inventory Fraud Risks:

 The common type is “Fictitious inventory” > presenting inventory figure with large un-real amount “many large
companies have varied and extensive inventory in multiple locations > making it easy to commit such a fraud
 In manufacturing companies “Inventory” is the main account, it will impact over all Financial Statements, therefore
CPA - when dealing with this type of companies- he will due more attention for it.
____
 Responding to misstatements that may be the result of Fraud:
 When fraud is suspected, CPA will gather additional information to determine whether fraud actually exists.
8