1 / 40

SAS #99

SAS #99. Introduction & Overview. Supercedes SAS #82 “The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.” (SAS #1)

amaryllis
Download Presentation

SAS #99

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAS #99

  2. Introduction & Overview • Supercedes SAS #82 • “The auditor has a responsibility to plan • and perform the audit to obtain reasonable • assurance about whether the financial • statements are free of material • misstatement, whether caused by • error or fraud.” (SAS #1) • Periods beginning after 12-15-2002

  3. Description and Characteristicsof Fraud • For purposes of this statement, fraud is: • “an intentional act that results in a material misstatement in financial statements that are the subject of an audit.” • More narrow definition that legal definition

  4. Black’s Law Dictionary • Fraud is defined as, “…all multifarious means which human ingenuity can devise, and which are resorted to by one individual to get an advantage over another by false suggestions or suppression of the truth. It includes all surprise, trick, cunning, or dissembling, and any unfair way by which another is cheated.”

  5. Common Law Fraud Four elements: • Material false statement • Knowledge that the statement was false • Reliance on the statement by victim • Damages

  6. CFE Categories of Fraud • Misrepresentation of material facts • Concealment of material facts • Bribery • Conflicts of interest • Theft of money or property • Theft of trade secrets or intell. property • Breach of fiduciary duty • Statutory offenses

  7. SAS #99 – 2 types of fraud • Misstatements arising from: • 1) Fraudulent financial reporting; and, • 2) Misappropriation of assets

  8. O C C U P A T I O N A L F R A U D a n d A B U S E C L A S S I F I C A T I O N S Y S T E M

  9. ¶7: 3 conditions present when fraud occurs: • Incentive or Pressure; • Opportunity; and, • Rationalization • The Fraud Triangle! • However, see ¶35

  10. The Fraud Triangle • According to Cressey, p. 20 of text: • One of the most fundamental observations of the Cressey study was that it took all 3 elements (conditions) for the trust violation to occur. • Compare that with ¶35 of SAS #99:

  11. ¶35 of SAS #99: • “the auditor should not assume that all 3 conditions must be observed or evident before concluding that there are identified risks.” • “…the auditor cannot assume that the inability to observe one or two of these conditions means there is no risk…”

  12. ¶13 – Professional Skepticism • Includes a questioning mind, and, • A critical assessment of audit evidence • Mindset that fraud may exist, regardless of past experience with that client and • Regardless of the auditor’s belief about management’s honesty and integrity.

  13. Discussion Among Personnel • Required brainstorming throughout the audit, but especially during planning • Helps set the tone or mindset for staff • Must be documented (¶83) • DOH Audit example

  14. PART II -How Do We Gather Information on the Risk of Fraud?

  15. Procedures to Obtain Information re: risk of fraud • You must understand the entity’s business and the industry in which it operates (SAS #22), first and foremost. • Make inquiries • Consider unusual or unexpected relationships • Consider whether fraud risk factors exist • Consider other information • Must document procedures performed

  16. PART III –Identify Risks from Information Gathered

  17. Identifying Risks Due to Fraud • ¶35 • The 3 factors can occur in differing degrees, thus may NOT seem to be present when in fact they are. • Identify risks by assertion or for the financial statements as a whole

  18. When identifying risks, consider: • The type of risk (FFR or MA); • The significance of the risk (how material it is); • The likelihood of the risk; and, • The pervasiveness of the risk.

  19. ¶41 – Revenue Recognition • Start with presumption that there IS a risk of MM due to fraud in revenue recognition. • If you don’t, you will have to justify why not.

  20. ¶42 – Management Override • Same as with RR – always should address the risk of management override, regardless of finding any other risks present. • ¶57 – 67 describe specific procedures you may want to perform on every audit.

  21. PART IV –Now That We Have Identified Risks, What Next?

  22. For Each Risk Identified, We Must: • 1) determine what management is doing to mitigate those risks (if anything); and, • 2) after considering management’s controls, respond by modifying our audit programs, assigning staff, etc. where appropriate.

  23. ¶44 – Evaluating Management’s Programs and Controls: • For “risks of MM due to fraud” that have been identified: • evaluate whether entity programs and controls address these risk; • whether they have been suitably designed; and,

  24. ¶44 – Evaluating Management’s Programs and Controls (continued): • whether they have been placedinoperation • basically apply the old SAS#1 technique just like any other thing that could go wrong

  25. PART V-How Do WeRespond?

  26. Auditor’s Response to Identified Risks: ¶46 - Apply professional skepticism ¶48 – The auditor also responds in the following 3 ways: a) Assesses overall considerations b) Alters nature, timing, and extent c) Performs procedures to address management override

  27. ¶50 – Overall Responses: • Assignment of personnel & supervision • Accounting Principles • - consider management’s judgment • Predictability of audit procedures • - change timing or methods • - look @ otherwise immaterial balances • - unannounced tests

  28. ¶51 – N, T, E Responses: • Must test (substantive) for fraud. The risk cannot be reduced to an approp. low level thru tests of controls only. • Nature – more reliable tests (SAS #31) • Timing – closer to end of period • Extent – larger sample sizes, etc. • See ¶53 for examples

  29. ¶54 – N, T, E Responses to FFR risk: • Revenue recognition • Inventory quantities • - cattle example • Management estimates • - SAS #57, prepare own estimate • - retrospective review

  30. ¶55-56 - N, T, E Response to MA risk: • Test operating effectiveness of controls • inspect assets at or near period end • use highly reliable analytical review procedures • In summary, do things you would not normally do

  31. ¶57 – Response to risk of Management Override: • Always respond to this risk even if no other responses are warranted • Following procedures must be performed: • examine journal entries; • review accounting estimates for biases; • evaluate business rationale for transact.

  32. PARTS VI & VII –Evaluating and Communicating Results

  33. ¶68 – Evaluating Audit Results • Should be an ongoing process • Put all the results together and see if any patterns show up • Keep up the “brainstorming” sessions

  34. ¶69 – Analytical Review • In the overall review stage, make sure you have performed analytical review steps of REVENUE • Management is generally unable to manipulate certain info. to create seemingly normal or expected relationships • Ex: If theft overstates assets, certain ratios to sales will be off.

  35. ¶79 – Communicating Results • To management • To Board or Audit Committee • To Outsiders if: • - legally required • - to successor auditor (SAS #84) • - responding to subpoena • - funding agency

  36. PART VIII–Documentation Requirements

  37. ¶80 – Documentation • The auditor should document: • “brainstorming”; • procedures performed to identify risks; • specific risks identified; • auditor’s response to those risks; • why improper revenue recognition is not a risk (if so);

  38. ¶80 – Documentation (cont.) • procedures performed (and results) regarding risk of management override; • other conditions and analytical review relationships; and, • communications to management, board, and others

  39. In Summary of SAS #99: • 1) “brainstorm” with colleagues; • 2) gather information; • 3) identify risks of mm due to fraud; • 4) assess client response (i/c); • 5) modify audit plan (respond) as approp.; • 6) evaluate audit results; • 7) communicate results; and, • 8) document, document, document

  40. THE END

More Related