- Understand the various means by which fraud is committed and how to determine when an entity is susceptible to specific fraud schemes
- Identify profiles of individuals committing fraud for different reasons, why they commit fraud, and the most effective preventive approaches for each type
- Develop an understanding of the components that enhance the effectiveness of internal control, the characteristics of an effective internal control system, and a practical approach for assessing risk so that internal controls can be enhanced where most needed
- Establish an approach for using the understanding of internal control to design an audit using a cumulative top-down approach for a more efficient engagement that is also more likely to be effective at the detection of material misstatements due to fraud
As indicated by Joseph Wells, founder of the Association of Certified Frauds Examiners (ACFE), “Fraud is Committed by Desperate People” and desperate individuals are not likely to be deterred by conventional internal controls. It is assumed by many that almost every entity is a victim of fraud and it is due purely to luck when they are not seriously hurt. Yet management is charged with the responsibility for effective and efficient operations, and for reliable financial reporting, neither of which will occur when an entity is affected by fraud.
An audit, meanwhile, is not designed to detect fraud and, unless it is particularly material, or the auditor is lucky and “trips” across it, a fraudulent act is not likely to be detected. Even Generally Accepted Auditing Standards indicate that an auditor has a very limited ability to detect fraud. AU-C Section 240 of auditing standards, Consideration of Fraud in a Financial Statement Audit, provides a variety of reasons in paragraphs .05 through .08 that an auditor cannot and should not be held responsible for fraud that may not be detected in an audit.
Properly designed controls, however, can be effective fraud deterrents. An entity with a healthy “tone at the top”, combined with meaningful hiring policies and responsible management that is observant and that maintains a positive relationship with employees will often avoid becoming a victim to fraud and is likely, as a minimum, to avoid being adversely affected in a significant way.
Similarly, auditors that obtain a meaningful understanding of a client’s internal controls, performs an effective and well-designed assessment of the risk of material misstatement due to fraud, and conducts the engagement with an appropriate level of professional skepticism is more likely to detect a material misstatement to a client’s financial statements due to fraud.
This course will explore the different profiles of fraud perpetrators, the reasons they may commit fraud, and the most likely means of preventing it. Discussions will include the design and application of conventional controls, the performance of a meaningful risk assessment, and approaches for designing internal controls that are more likely than conventional controls to be effective at fraud prevention.
Using a similar approach for assessing risk, this course will provide auditors with meaningful guidelines as to how to document and use the understanding of internal control to better identify the areas that are more susceptible to fraud so that greater audit effort can be applied. This is followed by a process that allows the auditor to employ a cumulative top-down approach to designing and performing the audit that is likely to be more effective at detecting potential material misstatements to the financial statements while, in many cases, reducing the cost of performing the audit.