TASK: MAKE A BRIEFING OF TEN(10) SENTENCES

Auditing firms' fraud risk assessment practices

Sandra Waller Shelton; Whittington, O Ray; Landsittel, David . Accounting Horizons ; Sarasota Vol. 15, Iss. 1, (Mar 2001): 19-33.

ABSTRACT

The effectiveness of audits in detecting fraudulent misstatements in financial statements is of major concern to the auditing profession. This concern led to the issuance of Statement on Auditing Standards No. 82, which made several changes in the manner in which auditors are required to consider the risk of material misstatements due to fraud. This manuscript reports the results of a study of the practices of CPA firms in implementing SAS No. 82. Audit manuals and practice aids were compared and firm personnel from all of the Big 5 firms and 2 second-tier firms were interviewed. Results of this study indicate that audit firms differ as to whether their practice aids for fraud risk assessment are separate or integrated with other risk assessment practice aids, the timing of the fraud risk assessment, and the method of assessing fraud risk. Furthermore, although all of the firms studied include all of the SAS No. 82 factors in their audit practice aids, certain other fraud risk factors identified in academic research are not included in firm practice aids.

Headnote

SYNOPSIS: The effectiveness of audits in detecting fraudulent misstatements in financial statements is of major concern to the auditing profession. This concern led to the issuance of Statement on Auditing Standards (SAS) No. 82, which made several changes in the manner in which auditors are required to consider the risk of material misstatements due to fraud. This manuscript reports the results of a study of the practices of CPA firms in implementing SAS No. 82. We compared audit manuals and practice aids and interviewed firm personnel from all of the Big 5 firms and two second-tier firms. Results of this study indicate that audit firms differ as to (1) whether their practice aids for fraud risk assessment are separate or integrated with other risk assessment practice aids, (2) the timing of the fraud risk assessment, and (3) the method of assessing fraud risk. Furthermore, although all of the firms studied include all of the SAS No. 82 factors in their audit practice aids, certain other fraud risk factors identified in academic research are not included in firm practice aids.

INTRODUCTION

Statement on Auditing Standards (SAS) No. 82 (AICPA 1997b) describes the current responsibilities of auditors in evaluating the risk of material misstatements in financial statements due to fraud and in planning the audit response to that risk. The auditor's assessment of the risk of material misstatement due to fraud and the related response is a major determinant of the effectiveness of any particular audit. An inadequate assessment or response can result in an ineffective audit, and an excessive assessment or response can result in an inefficient audit (McDaniel and Kinney 1995).

Concurrent with the issuance of SAS No. 82 (effective for audits of periods beginning on or after December 15, 1997), the Auditing Standards Board (ASB) made a commitment to evaluate this standard and support research to assist in the evaluation process (AICPA 1997a, 13). This commitment along with the concerns expressed in the Public Oversight Board (POB) Panel on Audit Effectiveness Report and Recommendations has brought the fraud risk assessment process and the effectiveness of SAS No. 82 back to the forefront of the ASB's agenda. Specifically, the POB Panel on Audit Effectiveness Report (POB 2000,86) states:

The risk assessment and response process called for by SAS No. 82 falls short in effectively deterring fraud or significantly increasing the likelihood that the auditor will detect material fraud, largely because it fails to direct auditing procedures specifically toward fraud detection.

As a result, the ASB established a task force to reconsider the guidance contained in SAS No. 82. Therefore, relevant research on how SAS No. 82 has been implemented is of critical importance.

This paper describes the practice aids and guidance used by firms to assess fraud risk and raises SAS No. 82 implementation issues. It is designed to (1) stimulate and provide a basis for relevant research on the detection of fraud by describing and analyzing the current practices of auditing firms, (2) provide information for the ASB about current practices used to implement SAS No. 82, and (3) provide auditing educators with an understanding of how CPA firms approach this significant aspect of an audit in order to facilitate their classroom presentations of this important topic.

To obtain a comprehensive view of current practice, we compared and evaluated the audit manual sections and practice aids of all of the Big 5 accounting firms and two second-tier accounting firms. In addition, we interviewed national office partners/directors involved in developing practice materials for each firm. Results of this study indicate that audit firms differ as to whether their practice aids for fraud risk assessment are separate or integrated with other risk-assessment practice aids, the timing of the fraud risk assessment, and the method of assessing fraud risk. Furthermore, although all of the firms studied include all of the SAS No. 82 factors in their audit practice aids, certain other fraud risk factors identified in academic research are not included in firm practice aids.

SAS NO. 82

Incidents of fraudulent financial reporting and the failures to detect it have increased the public's and regulators' concerns about auditors' responsibility and ability to detect fraud. SAS No. 82 represents the latest in the profession's attempt to provide guidance to auditors in meeting these obligations. Although this auditing standard does not fundamentally change auditors' responsibility for detecting material misstatements due to fraud, it was issued in order to (1) clarify and provide added visibility to that responsibility, (2) provide auditors with additional ground rules about the kind of audit work it takes to effectively meet the responsibility, and (3) drive audit performance by requiring documentation of auditors' assessments of fraud risk. Specifically, SAS No. 82 requires auditors to:

* Perform a "specific" assessment of the risk of material misstatement due to fraud when planning the audit.

* Consider "risk factors" when making the above risk assessment and respond in the planned audit approach to those risk factors identified. In this regard, SAS No. 82 provides over 40 examples of risk factors to consider.

* Inquire of management to obtain management's understanding of the risk of fraud and to determine if management has any knowledge of fraud perpetrated on or within the entity.

* Reassess the risk of material misstatement due to fraud at the conclusion of the audit, noting whether the accumulated results of audit procedures and other observations affect the risk assessment initially performed while planning the audit.

* Document in the working papers: (1) evidence of performance of the initial risk assessment, (2) those risk factors identified as being present, together with the auditor's response thereto, and (3) the identification of any additional risk factors or conditions coming into play during the completion of the work and the reassessment, together with any further response required.

* Communicate to management and/or others, as specified, when fraud is uncovered or suspected, and when risk factors are identified that give evidence of "reportable conditions" relating to an entity's internal control.

RESEARCH METHOD

We obtained audit manual sections and practice aids pertaining to fraud risk assessment from each of the Big 5 firms and two second-tier firms. After reviewing this material, we conducted conference-call interviews with one or two national office directors/partners in charge of auditing/assurance policy from each of the firms. At least two of the researchers participated in each interview and assured the firm representatives that their responses will be kept confidential.

To structure the interviews, we developed a questionnaire to be completed by each researcher in the course of each interview. The questionnaire was based on our review of SAS No. 82 and the firms' audit manual sections/practice aids. We began the interview by discussing the purpose of the project. We also verified the completeness of the firm materials we received and obtained additional practice aids/manual sections for analysis where deemed appropriate by a firm representative. These discussions preceded specific questions pertaining to each firm's approach and practice aids for the implementation of SAS No. 82. We questioned the rationale for the nature and format of the practice aids and guidance used to incorporate the requirements of SAS No. 82 into the audit methodology. Finally, the representatives were questioned about their perceptions of the effectiveness of SAS No. 82, problems encountered by field personnel in implementing it, firm-monitoring activities to assess its effects, and their general impressions about problems in detecting fraud. Each interview lasted approximately one hour.

After each interview, the questionnaires completed by the researchers involved were reconciled. Next, a composite summary was prepared describing the process of fraud risk assessment for each firm. We verified the accuracy of this composite by asking the partners/directors originally interviewed to review the summarized information for their respective firms. These summarized responses formed the basis for our analysis. Our analysis focuses more on how and where risk assessments are documented rather than on how they are actually made.

RESULTS

Review of the audit processes and firms' practice guidance resulted in the identification of the following factors that differentiate the firms studied:

1. The extent to which the fraud risk assessment is integrated with other aspects of the audit, such as the assessment of the control environment;

2. The timing of the fraud risk assessment;

3. The degree of consideration of fraud risk factors and the method of assessment at the engagement-acceptance/continuance stage of the audit;

4. The degree of consideration of fraud risk factors and the method of assessment during audit planning, and

5. The nature of the guidance regarding the auditor's responses to the fraud risk factors.

A comparison of these factors across accounting firms appears in Table 1.