Where do your clients keep the money on their financial statements? Is that where the risk of fraud is?
Where’s the Risk?
When the bank robber was asked why he robbed the bank, he replied, “because that’s where they keep the money.” Do your clients keep it in cash, accounts receivable, inventory or less liquid things, like property, plant and equipment? Usually things with bigger balances are more likely to have more risk. And although things like cash are more likely to be stolen, due to the inherent risk associated with it, it may not always receive the attention it deserves.
Auditor’s Duty to Assess Risk
Auditors have a duty to assess the risk of fraud in every engagement and to address the risk by tailoring the nature, timing and extent of procedures to bring the risk to an acceptable level. Despite the risk assessment suite of standards, auditors continue to struggle with appropriately assessing risk and applying procedures, according to practice monitoring programs through the AICPA. That lack of risk assessment, and documentation of it, has become a focus of the Peer Review Board as the absence results in poor audit quality. Some estimates indicate that more than half of the substandard audit engagements were due to inappropriate risk assessment. Identifying where the risk of material misstatement exists is critical to applying the right procedures at the right level to achieve our desired outcome of reduced audit risk.
Use of Confirmations
The use of confirmations for material balances has been in existence for more than 80 years. Since the late 1930s, confirmations have been used to provide evidence about key assertions related to revenue and collections, in particular, existence and valuation. Proper confirmations include direct communication with the third party, professional skepticism, a respondent who is free of bias, and the auditor maintaining control of the process.
Sometimes auditors become complacent about using what are deemed simple procedures like bank confirmations or analytical procedures. Standard setters know that, and from time to time issue reminders in the form of alerts, special reports, and as part of the audit guides. One such alert was released less than a year before the Parmalat scandal. The confirmation fraud associated with that entity resulted in a $5 billion fraud, but it isn’t the only one. The ACFE 2018 Report to the Nations on Occupational Fraud indicates that while over half of victim organizations lose less than $200,000, another 22% lose $1 million or more. It isn’t just a big business problem. Small businesses typically lose twice as much per fraud scheme as large businesses. While misappropriation of assets doesn’t result in the largest losses, it is the most prevalent form of occupational fraud at nearly 90% of the cases studied. Electronic confirmations typically alleviate many of the issues found with paper ones. They’re more likely to be responded to, in a quicker timeframe and provide a traceable path, as well as a means of authenticating the recipient. They also permit the auditor to easily alter the timing (can be continuous) and extent (increase sample size easily and efficiently) of the procedures.
For more on assuring you’re assessing audit risk appropriately and tying the procedures performed to the appropriate assertion, visit our CPE and learning website for courses like Audit Risk and Assertions.