The following auditing standard is not the current version and does not reflect any amendments effective on or after December 31, 2016. The current version of the auditing standards can be found here. Show
Consideration of Fraud in a Financial Statement AuditSummary Table of Contents
(Supersedes SAS No. 82)Source: SAS No. 99.Effective for audits of financial statements for periods beginning on or after December 15, 2002.Introduction and Overview.01[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Section 110, Responsibilities and Functions of the Independent Auditor, paragraph .02, states, "The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. [footnote omitted]" fn 1 This section establishes requirements and provides direction relevant to fulfilling that responsibility, as it relates to fraud, in an audit of financial statements. fn 2 [The following note is effective for audits of fiscal years ending on or after November 15, 2007. See PCAOB Release 2007-005A. For audits of fiscal years ending before November 15, 2007, click here.] Note: When performing an integrated audit of financial statements and internal control over financial reporting, refer to paragraphs 14–15 of PCAOB Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, regarding fraud considerations, in addition to the fraud consideration set forth in this section. .01A[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004.] Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement, establishes requirements regarding the process of identifying and assessing risks of material misstatement of the financial statements. Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement, establishes requirements regarding designing and implementing appropriate responses to the risks of material misstatement. Auditing Standard No. 14, Evaluating Audit Results, establishes requirements regarding the auditor's evaluation of audit results and determination of whether he or she has obtained sufficient appropriate audit evidence. .02[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] The following is an overview of the organization and content of this section:
[.03][Paragraph deleted effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] .04Although this section focuses on the auditor's consideration of fraud in an audit of financial statements, it is management's responsibility to design and implement programs and controls to prevent, deter, and detect fraud. fn 3 That responsibility is described in section 110.03, which states, "Management is responsible for adopting sound accounting policies and for establishing and maintaining internal control that will, among other things, initiate, record, process, and report transactions (as well as events and conditions) consistent with management's assertions embodied in the financial statements." Management, along with those who have responsibility for oversight of the financial reporting process (such as the audit committee, board of trustees, board of directors, or the owner in owner-managed entities), should set the proper tone; create and maintain a culture of honesty and high ethical standards; and establish appropriate controls to prevent, deter, and detect fraud. When management and those responsible for the oversight of the financial reporting process fulfill those responsibilities, the opportunities to commit fraud can be reduced significantly. Description and Characteristics of Fraud.05Fraud is a broad legal concept and auditors do not make legal determinations of whether fraud has occurred. Rather, the auditor's interest specifically relates to acts that result in a material misstatement of the financial statements. The primary factor that distinguishes fraud from error is whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional. For purposes of the section, fraud is an intentional act that results in a material misstatement in financial statements that are the subject of an audit. fn 4 .06Two types of misstatements are relevant to the auditor's consideration of fraud—misstatements arising from fraudulent financial reporting and misstatements arising from misappropriation of assets.
.07Three conditions generally are present when fraud occurs. First, management or other employees have an incentive or are under pressure, which provides a reason to commit fraud. Second, circumstances exist—for example, the absence of controls, ineffective controls, or the ability of management to override controls—that provide an opportunity for a fraud to be perpetrated. Third, those involved are able to rationalize committing a fraudulent act. Some individuals possess an attitude, character, or set of ethical values that allow them to knowingly and intentionally commit a dishonest act. However, even otherwise honest individuals can commit fraud in an environment that imposes sufficient pressure on them. The greater the incentive or pressure, the more likely an individual will be able to rationalize the acceptability of committing fraud. .08Management has a unique ability to perpetrate fraud because it frequently is in a position to directly or indirectly manipulate accounting records and present fraudulent financial information. Fraudulent financial reporting often involves management override of controls that otherwise may appear to be operating effectively. fn 6 Management can either direct employees to perpetrate fraud or solicit their help in carrying it out. In addition, management personnel at a component of the entity may be in a position to manipulate the accounting records of the component in a manner that causes a material misstatement in the consolidated financial statements of the entity. Management override of controls can occur in unpredictable ways. .09Typically, management and employees engaged in fraud will take steps to conceal the fraud from the auditors and others within and outside the organization. Fraud may be concealed by withholding evidence or misrepresenting information in response to inquiries or by falsifying documentation. For example, management that engages in fraudulent financial reporting might alter shipping documents. Employees or members of management who misappropriate cash might try to conceal their thefts by forging signatures or falsifying electronic approvals on disbursement authorizations. An audit conducted in accordance with GAAS rarely involves the authentication of such documentation, nor are auditors trained as or expected to be experts in such authentication. In addition, an auditor may not discover the existence of a modification of documentation through a side agreement that management or a third party has not disclosed. .10Fraud also may be concealed through collusion among management, employees, or third parties. Collusion may cause the auditor who has properly performed the audit to conclude that evidence provided is persuasive when it is, in fact, false. For example, through collusion, false evidence that controls have been operating effectively may be presented to the auditor, or consistent misleading explanations may be given to the auditor by more than one individual within the entity to explain an unexpected result of an analytical procedure. As another example, the auditor may receive a false confirmation from a third party that is in collusion with management. .11Although fraud usually is concealed and management's intent is difficult to determine, the presence of certain conditions may suggest to the auditor the possibility that fraud may exist. For example, an important contract may be missing, a subsidiary ledger may not be satisfactorily reconciled to its control account, or the results of an analytical procedure performed during the audit may not be consistent with expectations. However, these conditions may be the result of circumstances other than fraud. Documents may legitimately have been lost or misfiled; the subsidiary ledger may be out of balance with its control account because of an unintentional accounting error; and unexpected analytical relationships may be the result of unanticipated changes in underlying economic factors. Even reports of alleged fraud may not always be reliable because an employee or outsider may be mistaken or may be motivated for unknown reasons to make a false allegation. .12As indicated in paragraph .01, the auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by fraud or error. fn 7 However, absolute assurance is not attainable and thus even a properly planned and performed audit may not detect a material misstatement resulting from fraud. A material misstatement may not be detected because of the nature of audit evidence or because the characteristics of fraud as discussed above may cause the auditor to rely unknowingly on audit evidence that appears to be valid, but is, in fact, false and fraudulent. Furthermore, audit procedures that are effective for detecting an error may be ineffective for detecting fraud. The Importance of Exercising Professional Skepticism.13[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Due professional care requires the auditor to exercise professional skepticism. See section 230, Due Professional Care in the Performance of Work, paragraphs .07 through .09. Because of the characteristics of fraud, the auditor's exercise of professional skepticism is important when considering the fraud risks. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. The auditor should conduct the engagement with a mindset that recognizes the possibility that a material misstatement due to fraud could be present, regardless of any past experience with the entity and regardless of the auditor's belief about management's honesty and integrity. Furthermore, professional skepticism requires an ongoing questioning of whether the information and evidence obtained suggests that a material misstatement due to fraud has occurred. In exercising professional skepticism in gathering and evaluating evidence, the auditor should not be satisfied with less-than-persuasive evidence because of a belief that management is honest. [.14–.45][Paragraphs deleted, effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] [The following heading is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Responding to Assessed Fraud Risks[.46–.50][Paragraphs deleted, effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] [The following heading is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Responses Involving the Nature, Timing, and Extent of Procedures to Be Performed[.51][Paragraph deleted, effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] .52[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Paragraph 8 of Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement, states that "[t]he auditor should design and perform audit procedures in a manner that addresses the assessed risks of material misstatement due to error or fraud for each relevant assertion of each significant account and disclosure." Paragraph 12 of Auditing Standard No. 13 states that "the audit procedures that are necessary to address the assessed fraud risks depend upon the types of risks and the relevant assertions that might be affected."
.53[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] The following are examples of responses to assessed fraud risks involving the nature, timing, and extent of audit procedures:
[The following heading is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Additional Examples of Audit Procedures Performed to Respond to Assessed Fraud Risks Relating to Fraudulent Financial Reporting.54[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] The following are additional examples of audit procedures that might be performed in response to assessed fraud risks relating to fraudulent financial reporting:
[The following heading is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Examples of Audit Procedures Performed to Respond to Fraud Risks Relating to Misappropriations of Assets.55[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] The auditor may have identified a fraud risk relating to misappropriation of assets. For example, the auditor may conclude that the risk of asset misappropriation at a particular operating location is significant because a large amount of easily accessible cash is maintained at that location, or there are inventory items such as laptop computers at that location that can easily be moved and sold. .56[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] The audit procedures performed in response to a fraud risk relating to misappropriation of assets usually will be directed toward certain account balances. Although some of the audit procedures noted in paragraphs .53 and .54 and in paragraphs 8 through 15 of Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement, may apply in such circumstances, such as the procedures directed at inventory quantities, the scope of the work should be linked to the specific information about the misappropriation risk that has been identified. For example, if a particular asset is highly susceptible to misappropriation and a potential misstatement would be material to the financial statements, obtaining an understanding of the controls related to the prevention and detection of such misappropriation and testing the design and operating effectiveness of such controls may be warranted. In certain circumstances, physical inspection of such assets (for example, counting cash or securities) at or near the end of the reporting period may be appropriate. In addition, the use of substantive analytical procedures, such as the development by the auditor of an expected dollar amount at a high level of precision, to be compared with a recorded amount, may be effective in certain circumstances. [The following heading is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Audit Procedures Performed to Specifically Address the Risk of Management Override of Controls.57[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] As noted in paragraph .08, management is in a unique position to perpetrate fraud because of its ability to directly or indirectly manipulate accounting records and prepare fraudulent financial statements by overriding established controls that otherwise appear to be operating effectively. By its nature, management override of controls can occur in unpredictable ways. Accordingly, as part of the auditor's responses that address fraud risks, the procedures described in paragraphs .58 through .67 should be performed to specifically address the risk of management override of controls. .58Examining journal entries and other adjustments for evidence of possible material misstatement due to fraud. Material misstatements of financial statements due to fraud often involve the manipulation of the financial reporting process by (a) recording inappropriate or unauthorized journal entries throughout the year or at period end, or (b) making adjustments to amounts reported in the financial statements that are not reflected in formal journal entries, such as through consolidating adjustments, report combinations, and reclassifications. Accordingly, the auditor should design procedures to test the appropriateness of journal entries recorded in the general ledger and other adjustments (for example, entries posted directly to financial statement drafts) made in the preparation of the financial statements. More specifically, the auditor should:
.59The auditor's understanding of the entity's financial reporting process may help in identifying the type, number, and monetary value of journal entries and other adjustments that typically are made in preparing the financial statements. For example, the auditor's understanding may include the sources of significant debits and credits to an account, who can initiate entries to the general ledger or transaction processing systems, what approvals are required for such entries, and how journal entries are recorded (for example, entries may be initiated and recorded online with no physical evidence, or may be created in paper form and entered in batch mode). .60An entity may have implemented specific controls over journal entries and other adjustments. For example, an entity may use journal entries that are preformatted with account numbers and specific user approval criteria, and may have automated controls to generate an exception report for any entries that were unsuccessfully proposed for recording or entries that were recorded and processed outside of established parameters. The auditor should obtain an understanding of the design of such controls over journal entries and other adjustments and determine whether they are suitably designed and have been placed in operation. .61[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] The auditor should use professional judgment in determining the nature, timing, and extent of the testing of journal entries and other adjustments. For purposes of identifying and selecting specific entries and other adjustments for testing, and determining the appropriate method of examining the underlying support for the items selected, the auditor should consider:
.62Because fraudulent journal entries often are made at the end of a reporting period, the auditor's testing ordinarily should focus on the journal entries and other adjustments made at that time. However, because material misstatements in financial statements due to fraud can occur throughout the period and may involve extensive efforts to conceal how it is accomplished, the auditor should consider whether there also is a need to test journal entries throughout the period under audit. .63[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Reviewing accounting estimates for biases that could result in material misstatement due to fraud. In preparing financial statements, management is responsible for making a number of judgments or assumptions that affect significant accounting estimates fn 24 and for monitoring the reasonableness of such estimates on an ongoing basis. Fraudulent financial reporting often is accomplished through intentional misstatement of accounting estimates. Paragraphs 24 through 27 of Auditing Standard No. 14, Evaluating Audit Results, discuss the auditor's responsibilities for assessing bias in accounting estimates and the effect of bias on the financial statements. .64The auditor also should perform a retrospective review of significant accounting estimates reflected in the financial statements of the prior year to determine whether management judgments and assumptions relating to the estimates indicate a possible bias on the part of management. The significant accounting estimates selected for testing should include those that are based on highly sensitive assumptions or are otherwise significantly affected by judgments made by management. With the benefit of hindsight, a retrospective review should provide the auditor with additional information about whether there may be a possible bias on the part of management in making the current-year estimates. This review, however, is not intended to call into question the auditor's professional judgments made in the prior year that were based on information available at the time. .65If the auditor identifies a possible bias on the part of management in making accounting estimates, the auditor should evaluate whether circumstances producing such a bias represent a risk of a material misstatement due to fraud. For example, information coming to the auditor's attention may indicate a risk that adjustments to the current-year estimates might be recorded at the instruction of management to arbitrarily achieve a specified earnings target. .66[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2014. See PCAOB Release No. 2014-002. For audits of fiscal years beginning before December 15, 2014, click here.] Evaluating whether the business purpose for significant unusual transactions indicates that the transactions may have been entered into to engage in fraud. Significant transactions that are outside the normal course of business for the company or that otherwise appear to be unusual due to their timing, size, or nature ("significant unusual transactions") may be used to engage in fraudulent financial reporting or conceal misappropriation of assets. Note: The auditor's identification of significant unusual transactions should take into account information obtained from: (a) the risk assessment procedures required by Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement (e.g., inquiring of management and others, obtaining an understanding of the methods used to account for significant unusual transactions, and obtaining an understanding of internal control over financial reporting) and (b) other procedures performed during the audit (e.g., reading minutes of the board of directors meetings and performing journal entry testing). Note: The auditor should take into account information that indicates that related parties or relationships or transactions with related parties previously undisclosed to the auditor might exist when identifying significant unusual transactions. See paragraphs 14–16 of Auditing Standard No. 18, Related Parties. Appendix A of Auditing Standard No. 18, Related Parties, includes examples of such information and examples of sources of such information. .66A[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2014. See PCAOB Release No. 2014-002.] The auditor should design and perform procedures to obtain an understanding of the business purpose (or the lack thereof) of each significant unusual transaction that the auditor has identified. The procedures should include:
Note: Paragraph 11A of Auditing Standard No. 13 requires the auditor to take into account the types of potential misstatements that could result from significant unusual transactions in designing and performing further audit procedures. .67[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2014. See PCAOB Release No. 2014-002. For audits of fiscal years beginning before December 15, 2014, click here.] The auditor should evaluate whether the business purpose (or the lack thereof) indicates that the significant unusual transaction may have been entered into to engage in fraudulent financial reporting or conceal misappropriation of assets. In making that evaluation, the auditor should evaluate whether:
Note: Paragraphs 20–23 of Auditing Standard No. 14, Evaluating Audit Results, provide requirements regarding the auditor's evaluation of whether identified misstatements might be indicative of fraud. .67A[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2014. See PCAOB Release No. 2014-002.] The auditor must evaluate whether significant unusual transactions that the auditor has identified have been properly accounted for and disclosed in the financial statements. This includes evaluating whether the financial statements contain the information regarding significant unusual transactions essential for a fair presentation of the financial statements in conformity with the applicable financial reporting framework.fn 25B Note: The auditor considers management's disclosure regarding significant unusual transactions in other parts of the company's Securities and Exchange Commission filing containing the audited financial statements in accordance with AU sec. 550, Other Information in Documents Containing Audited Financial Statements. [.68–.78][Paragraphs deleted, effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Communication About Possible Fraud to Management, the Audit Committee, the Securities and Exchange Commission, and Others fn 37.79[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2012. See PCAOB Release No. 2012-004. For audits of fiscal years beginning before December 15, 2012, click here.] Whenever the auditor has determined that there is evidence that fraud may exist, that matter should be brought to the attention of an appropriate level of management. This is appropriate even if the matter might be considered inconsequential, such as a minor defalcation by an employee at a low level in the entity's organization. Fraud involving senior management and fraud (whether caused by senior management or other employees) that causes a material misstatement of the financial statements should be reported directly to the audit committee in a timely manner and prior to the issuance of the auditor’s report. In addition, the auditor should reach an understanding with the audit committee regarding the nature and extent of communications with the committee about misappropriations perpetrated by lower-level employees. .80[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] If the auditor, as a result of the assessment of the risks of material misstatement, has identified fraud risks that have continuing control implications (whether or not transactions or adjustments that could be the result of fraud have been detected), the auditor should consider whether these risks represent significant deficiencies that must be communicated to senior management and the audit committee. fn 38 (See section 325, "Communications About Control Deficiencies in An Audit of Financial Statements," paragraph 4.). The auditor also should evaluate whether the absence of or deficiencies in controls that address fraud risks or otherwise help prevent, deter, and detect fraud (see paragraphs 72–73 of Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement) represent significant deficiencies or material weaknesses that should be communicated to senior management and the audit committee. .81[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2012. See PCAOB Release No. 2012-004. For audits of fiscal years beginning before December 15, 2012, click here] The auditor also should consider communicating other fraud risks, if any, identified by the auditor. Such a communication may be a part of an overall communication to the audit committee of business and financial statement risks affecting the entity and/or in conjunction with the auditor communication about the qualitative aspects of the entity’s accounting policies and practices (see paragraphs 12–13 of Auditing Standard No. 16, Communications with Audit Committees). The auditor should communicate these matters to the audit committee in a timely manner and prior to the issuance of the auditor’s report. .81A[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2014. See PCAOB Release No. 2014-002.] The auditor has a responsibility, under certain conditions, to disclose possible fraud to the Securities and Exchange Commission to comply with certain legal and regulatory requirements. These requirements include reports in connection with the termination of the engagement, such as when the entity reports an auditor change and the fraud or related risk factors constitute a reportable event or are the source of a disagreement, as these terms are defined in Item 304 of Regulation S-K and Item 16F of Form 20-F. These requirements also include reports that may be required pursuant to Section 10A(b) of the Securities Exchange Act of 1934 relating to an illegal act that the auditor concludes has a material effect on the financial statements. .82[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2014. See PCAOB Release No. 2014-002. For audits of fiscal years beginning before December 15, 2014, click here.] The auditor also may have a duty to disclose the existence of possible fraud to parties outside the entity in the following circumstances:
Documenting the Auditor's Consideration of Fraud.83[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] The auditor should document the following:
[.84][Paragraph deleted, effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] AppendixExamples of Fraud Risk Factors.85[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] A.1 This appendix contains examples of risk factors discussed in paragraphs 65 through 69 of Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement. Separately presented are examples relating to the two types of fraud relevant to the auditor's consideration—that is, fraudulent financial reporting and misappropriation of assets. For each of these types of fraud, the risk factors are further classified based on the three conditions generally present when material misstatements due to fraud occur: (a) incentives/pressures, (b) opportunities, and (c) attitudes/rationalizations. Although the risk factors cover a broad range of situations, they are only examples and, accordingly, the auditor may wish to consider additional or different risk factors. Not all of these examples are relevant in all circumstances, and some may be of greater or lesser significance in entities of different size or with different ownership characteristics or circumstances. Also, the order of the examples of risk factors provided is not intended to reflect their relative importance or frequency of occurrence. Risk Factors Relating to Misstatements Arising From Fraudulent Financial ReportingA.2 The following are examples of risk factors relating to misstatements arising from fraudulent financial reporting. Incentives/Pressures
[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2014. See PCAOB Release No. 2014-002. For audits of fiscal years beginning before December 15, 2014, click here.] Opportunities
Attitudes/RationalizationsRisk factors reflective of attitudes/rationalizations by board members, management, or employees, that allow them to engage in and/or justify fraudulent financial reporting, may not be susceptible to observation by the auditor. Nevertheless, the auditor who becomes aware of the existence of such information should consider it in identifying the risks of material misstatement arising from fraudulent financial reporting. For example, auditors may become aware of the following information that may indicate a risk factor:
Risk Factors Relating to Misstatements Arising From Misappropriation of AssetsA.3 Risk factors that relate to misstatements arising from misappropriation of assets are also classified according to the three conditions generally present when fraud exists: incentives/pressures, opportunities, and attitudes/rationalizations. Some of the risk factors related to misstatements arising from fraudulent financial reporting also may be present when misstatements arising from misappropriation of assets occur. For example, ineffective monitoring of management and weaknesses in internal control may be present when misstatements due to either fraudulent financial reporting or misappropriation of assets exist. The following are examples of risk factors related to misstatements arising from misappropriation of assets. Incentives/Pressures
Opportunities
Attitudes/RationalizationsRisk factors reflective of employee attitudes/rationalizations that allow them to justify misappropriations of assets, are generally not susceptible to observation by the auditor. Nevertheless, the auditor who becomes aware of the existence of such information should consider it in identifying the risks of material misstatement arising from misappropriation of assets. For example, auditors may become aware of the following attitudes or behavior of employees who have access to assets susceptible to misappropriation:
Amendment to Section 230, Due Professional Care in the Performance of Work.861. This section amends section 230, Due Professional Care in the Performance of Work, paragraphs .12 and .13, to include a discussion about the characteristics of fraud and a discussion about collusion. (The new language is shown in boldface italics; deleted language is shown by strikethrough.) Reasonable Assurance
Amendment to Section 333, Management Representations, paragraph .06 and Appendix A [paragraph .16].871. This section requires the auditor to make inquiries of management about fraud and the risk of fraud. In support of and consistent with these inquiries, this amendment revises the guidance for management representations about fraud currently found in section 333, Management Representations, paragraph .06h, and Appendix A [paragraph .16]). New language is shown in boldface italics; deleted language is shown by strikethrough.
2. Subsequent subparagraphs and footnotes are to be renumbered accordingly.
3. Subsequent subparagraphs are to be renumbered accordingly. Exhibit - Management Antifraud Programs and ControlsGuidance to Help Prevent, Deter, and Detect Fraud.88(This exhibit is reprinted for the reader's convenience but is not an integral part of the section.)
PrefaceSome organizations have significantly lower levels of misappropriation of assets and are less susceptible to fraudulent financial reporting than other organizations because these organizations take proactive steps to prevent or deter fraud. It is only those organizations that seriously consider fraud risks and take proactive steps to create the right kind of climate to reduce its occurrence that have success in preventing fraud. This document identifies the key participants in this antifraud effort, including the board of directors, management, internal and independent auditors, and certified fraud examiners. Management may develop and implement some of these programs and controls in response to specific identified risks of material misstatement of financial statements due to fraud. In other cases, these programs and controls may be a part of the entity's enterprise-wide risk management activities. Management is responsible for designing and implementing systems and procedures for the prevention and detection of fraud and, along with the board of directors, for ensuring a culture and environment that promotes honesty and ethical behavior. However, because of the characteristics of fraud, a material misstatement of financial statements due to fraud may occur notwithstanding the presence of programs and controls such as those described in this document. IntroductionFraud can range from minor employee theft and unproductive behavior to misappropriation of assets and fraudulent financial reporting. Material financial statement fraud can have a significant adverse effect on an entity's market value, reputation, and ability to achieve its strategic objectives. A number of highly publicized cases have heightened the awareness of the effects of fraudulent financial reporting and have led many organizations to be more proactive in taking steps to prevent or deter its occurrence. Misappropriation of assets, though often not material to the financial statements, can nonetheless result in substantial losses to an entity if a dishonest employee has the incentive and opportunity to commit fraud. The risk of fraud can be reduced through a combination of prevention, deterrence, and detection measures. However, fraud can be difficult to detect because it often involves concealment through falsification of documents or collusion among management, employees, or third parties. Therefore, it is important to place a strong emphasis on fraud prevention, which may reduce opportunities for fraud to take place, and fraud deterrence, which could persuade individuals that they should not commit fraud because of the likelihood of detection and punishment. Moreover, prevention and deterrence measures are much less costly than the time and expense required for fraud detection and investigation. An entity's management has both the responsibility and the means to implement measures to reduce the incidence of fraud. The measures an organization takes to prevent and deter fraud also can help create a positive workplace environment that can enhance the entity's ability to recruit and retain high-quality employees. Research suggests that the most effective way to implement measures to reduce wrongdoing is to base them on a set of core values that are embraced by the entity. These values provide an overarching message about the key principles guiding all employees' actions. This provides a platform upon which a more detailed code of conduct can be constructed, giving more specific guidance about permitted and prohibited behavior, based on applicable laws and the organization's values. Management needs to clearly articulate that all employees will be held accountable to act within the organization's code of conduct. This document identifies measures entities can implement to prevent, deter, and detect fraud. It discusses these measures in the context of three fundamental elements. Broadly stated, these fundamental elements are (1) create and maintain a culture of honesty and high ethics; (2) evaluate the risks of fraud and implement the processes, procedures, and controls needed to mitigate the risks and reduce the opportunities for fraud; and (3) develop an appropriate oversight process. Although the entire management team shares the responsibility for implementing and monitoring these activities, with oversight from the board of directors, the entity's chief executive officer (CEO) should initiate and support such measures. Without the CEO's active support, these measures are less likely to be effective. The information presented in this document generally is applicable to entities of all sizes. However, the degree to which certain programs and controls are applied in smaller, less-complex entities and the formality of their application are likely to differ from larger organizations. For example, management of a smaller entity (or the owner of an owner-managed entity), along with those charged with governance of the financial reporting process, are responsible for creating a culture of honesty and high ethics. Management also is responsible for implementing a system of internal controls commensurate with the nature and size of the organization, but smaller entities may find that certain types of control activities are not relevant because of the involvement of and controls applied by management. However, all entities must make it clear that unethical or dishonest behavior will not be tolerated. Creating a Culture of Honesty and High EthicsIt is the organization's responsibility to create a culture of honesty and high ethics and to clearly communicate acceptable behavior and expectations of each employee. Such a culture is rooted in a strong set of core values (or value system) that provides the foundation for employees as to how the organization conducts its business. It also allows an entity to develop an ethical framework that covers (1) fraudulent financial reporting, (2) misappropriation of assets, and (3) corruption as well as other issues. fn 46 Creating a culture of honesty and high ethics should include the following. Setting the Tone at the TopDirectors and officers of corporations set the "tone at the top" for ethical behavior within any organization. Research in moral development strongly suggests that honesty can best be reinforced when a proper example is set—sometimes referred to as the tone at the top. The management of an entity cannot act one way and expect others in the entity to behave differently. In many cases, particularly in larger organizations, it is necessary for management to both behave ethically and openly communicate its expectations for ethical behavior because most employees are not in a position to observe management's actions. Management must show employees through its words and actions that dishonest or unethical behavior will not be tolerated, even if the result of the action benefits the entity. Moreover, it should be evident that all employees will be treated equally, regardless of their position. For example, statements by management regarding the absolute need to meet operating and financial targets can create undue pressures that may lead employees to commit fraud to achieve them. Setting unachievable goals for employees can give them two unattractive choices: fail or cheat. In contrast, a statement from management that says, "We are aggressive in pursuing our targets, while requiring truthful financial reporting at all times," clearly indicates to employees that integrity is a requirement. This message also conveys that the entity has "zero tolerance" for unethical behavior, including fraudulent financial reporting. The cornerstone of an effective antifraud environment is a culture with a strong value system founded on integrity. This value system often is reflected in a code of conduct. fn 47 The code of conduct should reflect the core values of the entity and guide employees in making appropriate decisions during their workday. The code of conduct might include such topics as ethics, confidentiality, conflicts of interest, intellectual property, sexual harassment, and fraud. fn 48 For a code of conduct to be effective, it should be communicated to all personnel in an understandable fashion. It also should be developed in a participatory and positive manner that will result in both management and employees taking ownership of its content. Finally, the code of conduct should be included in an employee handbook or policy manual, or in some other formal document or location (for example, the entity's intranet) so it can be referred to when needed. Senior financial officers hold an important and elevated role in corporate governance. While members of the management team, they are uniquely capable and empowered to ensure that all stakeholders' interests are appropriately balanced, protected, and preserved. For examples of codes of conduct, see Attachment 1, "AICPA 'CPA's Handbook of Fraud and Commercial Crime Prevention,' An Organizational Code of Conduct," and Attachment 2, "Financial Executives International Code of Ethics Statement" provided by Financial Executives International. In addition, visit the Institute of Management Accountant's Ethics Center at www.imanet.org for their members' standards of ethical conduct. Creating a Positive Workplace EnvironmentResearch results indicate that wrongdoing occurs less frequently when employees have positive feelings about an entity than when they feel abused, threatened, or ignored. Without a positive workplace environment, there are more opportunities for poor employee morale, which can affect an employee's attitude about committing fraud against an entity. Factors that detract from a positive work environment and may increase the risk of fraud include:
The entity's human resources department often is instrumental in helping to build a corporate culture and a positive work environment. Human resource professionals are responsible for implementing specific programs and initiatives, consistent with management's strategies, that can help to mitigate many of the detractors mentioned above. Mitigating factors that help create a positive work environment and reduce the risk of fraud may include:
Employees should be empowered to help create a positive workplace environment and support the entity's values and code of conduct. They should be given the opportunity to provide input to the development and updating of the entity's code of conduct, to ensure that it is relevant, clear, and fair. Involving employees in this fashion also may effectively contribute to the oversight of the entity's code of conduct and an environment of ethical behavior (see the section titled "Developing an Appropriate Oversight Process"). Employees should be given the means to obtain advice internally before making decisions that appear to have significant legal or ethical implications. They should also be encouraged and given the means to communicate concerns, anonymously if preferred, about potential violations of the entity's code of conduct, without fear of retribution. Many organizations have implemented a process for employees to report on a confidential basis any actual or suspected wrongdoing, or potential violations of the code of conduct or ethics policy. For example, some organizations use a telephone "hotline" that is directed to or monitored by an ethics officer, fraud officer, general counsel, internal audit director, or another trusted individual responsible for investigating and reporting incidents of fraud or illegal acts. Hiring and Promoting Appropriate EmployeesEach employee has a unique set of values and personal code of ethics. When faced with sufficient pressure and a perceived opportunity, some employees will behave dishonestly rather than face the negative consequences of honest behavior. The threshold at which dishonest behavior starts, however, will vary among individuals. If an entity is to be successful in preventing fraud, it must have effective policies that minimize the chance of hiring or promoting individuals with low levels of honesty, especially for positions of trust. Proactive hiring and promotion procedures may include:
TrainingNew employees should be trained at the time of hiring about the entity's values and its code of conduct. This training should explicitly cover expectations of all employees regarding (1) their duty to communicate certain matters; (2) a list of the types of matters, including actual or suspected fraud, to be communicated along with specific examples; and (3) information on how to communicate those matters. There also should be an affirmation from senior management regarding employee expectations and communication responsibilities. Such training should include an element of "fraud awareness," the tone of which should be positive but nonetheless stress that fraud can be costly (and detrimental in other ways) to the entity and its employees. In addition to training at the time of hiring, employees should receive refresher training periodically thereafter. Some organizations may consider ongoing training for certain positions, such as purchasing agents or employees with financial reporting responsibilities. Training should be specific to an employee's level within the organization, geographic location, and assigned responsibilities. For example, training for senior manager level personnel would normally be different from that of nonsupervisory employees, and training for purchasing agents would be different from that of sales representatives. ConfirmationManagement needs to clearly articulate that all employees will be held accountable to act within the entity's code of conduct. All employees within senior management and the finance function, as well as other employees in areas that might be exposed to unethical behavior (for example, procurement, sales and marketing) should be required to sign a code of conduct statement annually, at a minimum. Requiring periodic confirmation by employees of their responsibilities will not only reinforce the policy but may also deter individuals from committing fraud and other violations and might identify problems before they become significant. Such confirmation may include statements that the individual understands the entity's expectations, has complied with the code of conduct, and is not aware of any violations of the code of conduct other than those the individual lists in his or her response. Although people with low integrity may not hesitate to sign a false confirmation, most people will want to avoid making a false statement in writing. Honest individuals are more likely to return their confirmations and to disclose what they know (including any conflicts of interest or other personal exceptions to the code of conduct). Thorough follow-up by internal auditors or others regarding nonreplies may uncover significant issues. DisciplineThe way an entity reacts to incidents of alleged or suspected fraud will send a strong deterrent message throughout the entity, helping to reduce the number of future occurrences. The following actions should be taken in response to an alleged incident of fraud:
Expectations about the consequences of committing fraud must be clearly communicated throughout the entity. For example, a strong statement from management that dishonest actions will not be tolerated, and that violators may be terminated and referred to the appropriate authorities, clearly establishes consequences and can be a valuable deterrent to wrongdoing. If wrongdoing occurs and an employee is disciplined, it can be helpful to communicate that fact, on a no-name basis, in an employee newsletter or other regular communication to employees. Seeing that other people have been disciplined for wrongdoing can be an effective deterrent, increasing the perceived likelihood of violators being caught and punished. It also can demonstrate that the entity is committed to an environment of high ethical standards and integrity. Evaluating Antifraud Processes and ControlsNeither fraudulent financial reporting nor misappropriation of assets can occur without a perceived opportunity to commit and conceal the act. Organizations should be proactive in reducing fraud opportunities by (1) identifying and measuring fraud risks, (2) taking steps to mitigate identified risks, and (3) implementing and monitoring appropriate preventive and detective internal controls and other deterrent measures. Identifying and Measuring Fraud RisksManagement has primary responsibility for establishing and monitoring all aspects of the entity's fraud risk-assessment and prevention activities. fn 51 Fraud risks often are considered as part of an enterprise-wide risk management program, though they may be addressed separately. fn 52 The fraud risk-assessment process should consider the vulnerability of the entity to fraudulent activity (fraudulent financial reporting, misappropriation of assets, and corruption) and whether any of those exposures could result in a material misstatement of the financial statements or material loss to the organization. In identifying fraud risks, organizations should consider organizational, industry, and country-specific characteristics that influence the risk of fraud. The nature and extent of management's risk assessment activities should be commensurate with the size of the entity and complexity of its operations. For example, the risk assessment process is likely to be less formal and less structured in smaller entities. However, management should recognize that fraud can occur in organizations of any size or type, and that almost any employee may be capable of committing fraud given the right set of circumstances. Accordingly, management should develop a heightened "fraud awareness" and an appropriate fraud risk-management program, with oversight from the board of directors or audit committee. Mitigating Fraud RisksIt may be possible to reduce or eliminate certain fraud risks by making changes to the entity's activities and processes. An entity may choose to sell certain segments of its operations, cease doing business in certain locations, or reorganize its business processes to eliminate unacceptable risks. For example, the risk of misappropriation of funds may be reduced by implementing a central lockbox at a bank to receive payments instead of receiving money at the entity's various locations. The risk of corruption may be reduced by closely monitoring the entity's procurement process. The risk of financial statement fraud may be reduced by implementing shared services centers to provide accounting services to multiple segments, affiliates, or geographic locations of an entity's operations. A shared services center may be less vulnerable to influence by local operations managers and may be able to implement more extensive fraud detection measures cost-effectively. Implementing and Monitoring Appropriate Internal ControlsSome risks are inherent in the environment of the entity, but most can be addressed with an appropriate system of internal control. Once fraud risk assessment has taken place, the entity can identify the processes, controls, and other procedures that are needed to mitigate the identified risks. Effective internal control will include a well-developed control environment, an effective and secure information system, and appropriate control and monitoring activities. fn 53 Because of the importance of information technology in supporting operations and the processing of transactions, management also needs to implement and maintain appropriate controls, whether automated or manual, over computer-generated information. In particular, management should evaluate whether appropriate internal controls have been implemented in any areas management has identified as posing a higher risk of fraudulent activity, as well as controls over the entity's financial reporting process. Because fraudulent financial reporting may begin in an interim period, management also should evaluate the appropriateness of internal controls over interim financial reporting. Fraudulent financial reporting by upper-level management typically involves override of internal controls within the financial reporting process. Because management has the ability to override controls, or to influence others to perpetrate or conceal fraud, the need for a strong value system and a culture of ethical financial reporting becomes increasingly important. This helps create an environment in which other employees will decline to participate in committing a fraud and will use established communication procedures to report any requests to commit wrongdoing. The potential for management override also increases the need for appropriate oversight measures by the board of directors or audit committee, as discussed in the following section. Fraudulent financial reporting by lower levels of management and employees may be deterred or detected by appropriate monitoring controls, such as having higher-level managers review and evaluate the financial results reported by individual operating units or subsidiaries. Unusual fluctuations in results of particular reporting units, or the lack of expected fluctuations, may indicate potential manipulation by departmental or operating unit managers or staff. Developing an Appropriate Oversight ProcessTo effectively prevent or deter fraud, an entity should have an appropriate oversight function in place. Oversight can take many forms and can be performed by many within and outside the entity, under the overall oversight of the audit committee (or board of directors where no audit committee exists). Audit Committee or Board of DirectorsThe audit committee (or the board of directors where no audit committee exists) should evaluate management's identification of fraud risks, implementation of antifraud measures, and creation of the appropriate "tone at the top." Active oversight by the audit committee can help to reinforce management's commitment to creating a culture with "zero tolerance" for fraud. An entity's audit committee also should ensure that senior management (in particular, the CEO) implements appropriate fraud deterrence and prevention measures to better protect investors, employees, and other stakeholders. The audit committee's evaluation and oversight not only helps make sure that senior management fulfills its responsibility, but also can serve as a deterrent to senior management engaging in fraudulent activity (that is, by ensuring an environment is created whereby any attempt by senior management to involve employees in committing or concealing fraud would lead promptly to reports from such employees to appropriate persons, including the audit committee). The audit committee also plays an important role in helping the board of directors fulfill its oversight responsibilities with respect to the entity's financial reporting process and the system of internal control. fn 54 In exercising this oversight responsibility, the audit committee should consider the potential for management override of controls or other inappropriate influence over the financial reporting process. For example, the audit committee may obtain from the internal auditors and independent auditors their views on management's involvement in the financial reporting process and, in particular, the ability of management to override information processed by the entity's financial reporting system (for example, the ability for management or others to initiate or record nonstandard journal entries). The audit committee also may consider reviewing the entity's reported information for reasonableness compared with prior or forecasted results, as well as with peers or industry averages. In addition, information received in communications from the independent auditors fn 55 can assist the audit committee in assessing the strength of the entity's internal control and the potential for fraudulent financial reporting. As part of its oversight responsibilities, the audit committee should encourage management to provide a mechanism for employees to report concerns about unethical behavior, actual or suspected fraud, or violations of the entity's code of conduct or ethics policy. The committee should then receive periodic reports describing the nature, status, and eventual disposition of any fraud or unethical conduct. A summary of the activity, follow-up and disposition also should be provided to the full board of directors. If senior management is involved in fraud, the next layer of management may be the most likely to be aware of it. As a result, the audit committee (and other directors) should consider establishing an open line of communication with members of management one or two levels below senior management to assist in identifying fraud at the highest levels of the organization or investigating any fraudulent activity that might occur. fn 56 The audit committee typically has the ability and authority to investigate any alleged or suspected wrongdoing brought to its attention. Most audit committee charters empower the committee to investigate any matters within the scope of its responsibilities, and to retain legal, accounting, and other professional advisers as needed to advise the committee and assist in its investigation. All audit committee members should be financially literate, and each committee should have at least one financial expert. The financial expert should possess:
ManagementManagement is responsible for overseeing the activities carried out by employees, and typically does so by implementing and monitoring processes and controls such as those discussed previously. However, management also may initiate, participate in, or direct the commission and concealment of a fraudulent act. Accordingly, the audit committee (or the board of directors where no audit committee exists) has the responsibility to oversee the activities of senior management and to consider the risk of fraudulent financial reporting involving the override of internal controls or collusion (see discussion on the audit committee and board of directors above). Public companies should include a statement in the annual report acknowledging management's responsibility for the preparation of the financial statements and for establishing and maintaining an effective system of internal control. This will help improve the public's understanding of the respective roles of management and the auditor. This statement has also been generally referred to as a "Management Report" or "Management Certificate." Such a statement can provide a convenient vehicle for management to describe the nature and manner of preparation of the financial information and the adequacy of the internal accounting controls. Logically, the statement should be presented in close proximity to the formal financial statements. For example, it could appear near the independent auditor's report, or in the financial review or management analysis section. Internal AuditorsAn effective internal audit team can be extremely helpful in performing aspects of the oversight function. Their knowledge about the entity may enable them to identify indicators that suggest fraud has been committed. The Standards for the Professional Practice of Internal Auditing (IIA Standards), issued by the Institute of Internal Auditors, state, "The internal auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud." Internal auditors also have the opportunity to evaluate fraud risks and controls and to recommend action to mitigate risks and improve controls. Specifically, the IIA Standards require internal auditors to assess risks facing their organizations. This risk assessment is to serve as the basis from which audit plans are devised and against which internal controls are tested. The IIA Standards require the audit plan to be presented to and approved by the audit committee (or board of directors where no audit committee exists). The work completed as a result of the audit plan provides assurance on which management's assertion about controls can be made. Internal audits can be both a detection and a deterrence measure. Internal auditors can assist in the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of the system of internal control, commensurate with the extent of the potential exposure or risk in the various segments of the organization's operations. In carrying out this responsibility, internal auditors should, for example, determine whether:
Internal auditors may conduct proactive auditing to search for corruption, misappropriation of assets, and financial statement fraud. This may include the use of computer-assisted audit techniques to detect particular types of fraud. Internal auditors also can employ analytical and other procedures to isolate anomalies and perform detailed reviews of high-risk accounts and transactions to identify potential financial statement fraud. The internal auditors should have an independent reporting line directly to the audit committee, to enable them to express any concerns about management's commitment to appropriate internal controls or to report suspicions or allegations of fraud involving senior management. Independent AuditorsIndependent auditors can assist management and the board of directors (or audit committee) by providing an assessment of the entity's process for identifying, assessing, and responding to the risks of fraud. The board of directors (or audit committee) should have an open and candid dialogue with the independent auditors regarding management's risk assessment process and the system of internal control. Such a dialogue should include a discussion of the susceptibility of the entity to fraudulent financial reporting and the entity's exposure to misappropriation of assets. Certified Fraud ExaminersCertified fraud examiners may assist the audit committee and board of directors with aspects of the oversight process either directly or as part of a team of internal auditors or independent auditors. Certified fraud examiners can provide extensive knowledge and experience about fraud that may not be available within a corporation. They can provide more objective input into management's evaluation of the risk of fraud (especially fraud involving senior management, such as financial statement fraud) and the development of appropriate antifraud controls that are less vulnerable to management override. They can assist the audit committee and board of directors in evaluating the fraud risk assessment and fraud prevention measures implemented by management. Certified fraud examiners also conduct examinations to resolve allegations or suspicions of fraud, reporting either to an appropriate level of management or to the audit committee or board of directors, depending upon the nature of the issue and the level of personnel involved. Other InformationTo obtain more information on fraud and implementing antifraud programs and controls, please go to the following Web sites where additional materials, guidance, and tools can be found.
Attachment 1: AICPA "CPA's Handbook of Fraud and Commercial Crime Prevention," An Organizational Code of ConductThe following is an example of an organizational code of conduct, which includes definitions of what is considered unacceptable, and the consequences of any breaches thereof. The specific content and areas addressed in an entity's code of conduct should be specific to that entity.
Attachment 2: Financial Executives International Code of Ethics StatementThe mission of Financial Executives International (FEI) includes significant efforts to promote ethical conduct in the practice of financial management throughout the world. Senior financial officers hold an important and elevated role in corporate governance. While members of the management team, they are uniquely capable and empowered to ensure that all stakeholders' interests are appropriately balanced, protected, and preserved. This code provides principles that members are expected to adhere to and advocate. They embody rules regarding individual and peer responsibilities, as well as responsibilities to employers, the public, and other stakeholders. All members of FEI will:
What indicates misappropriation of assets?Misappropriation of Assets means the theft of an entity's assets that causes the financial statements not to be presented in conformity with generally accepted accounting principles. Misappropriation of assets includes false or misleading records or documents, possibly created by circumventing controls.
Which of the following is a factor that relates to incentives to misappropriate assets?Which of the following is a factor that relates to incentives to misappropriate assets? Significant personal financial obligations. In the fraud triangle, fraudulent financial reporting and misappropriation of assets: share the same three conditions.
Which refers to falsification or misappropriation of cash which is very common especially in case of big business concern?Embezzlement refers to a form of white-collar crime in which a person or entity intentionally misappropriates the assets entrusted to them.
Which of the following risk factors indicates an increased risk of misappropriation of assets?Which of the following risk factors indicates an increased risk of misappropriation of assets? High turnover of senior management.
|