SAS 99: Consideration of Fraud in a Financial
Statement Audit And the Fraud Triangle
Christopher P. Stenmon Principal, CPA, MST
2 August 2022
Happy Birthday SAS 99! This October, auditors all around the United States will be celebrating the 20th year since this statement was issued. Well, “celebrating” might be a slight stretch but I must admit that it makes me feel a little old knowing I have been doing this work at the same firm for more than twenty-five years. I remember attending seminars and working through our firm’s training and implementation of this standard like it was just yesterday.
Since then, the following six items are required to be addressed and documented in our workpapers for all financial statement audits:
- How and when the brainstorming session occurred and what members of the audit team participated. Which procedures were performed to obtain the information to identify and assess fraud risk (questionnaires, checklists, etc.)
- What specific risks of material misstatement occurred due to fraud and the auditor’s response to those risks
- What were the results of the procedures performed to address the risk of management override of controls
- Which conditions and analytical procedures led to additional audit procedures
- What were the nature of communications about fraud made to management and others (for example Audit Committee or other Board members, etc.)
I believe that these audit procedures and audit processes have helped to keep some frauds from occurring. However, technology has changed over these twenty years and the sophistication of frauds have become difficult to uncover.
Some Frauds Still Can Occur Even With A Well Planned Audit and Good Internal Controls
Anyone reading this article has heard of the Bermuda Triangle and even though it may have been a long time ago, we learned about different types of triangles in high school geometry. But have you heard of the fraud triangle? From a very young age, we learned that triangles have three sides.
In the fraud triangle, the three sides represent the following:
As auditors, we understand that you cannot have a 100% accurate method for preventing fraud from occurring. However, your organization can work to minimize the risk on each side of the triangle which could significantly reduce the threat of fraud occurrence.
Opportunity can be greatly reduced by having good internal controls in place. I always remember the simplest way to explain this is by comparing it to securing one’s own important possessions. Do you lock your door every night? Do you lock your car every night? If not, you are creating the opportunity for someone to commit a fraud.
Motivation is the pressure or incentive to commit fraud. When an individual feels motivated, they do things one would never think possible. Over the years, fraud cases I have read about involved pressures due to a family illness, drugs or alcohol, gambling, and foreclosure or eviction. These are the frauds that are more difficult for outsiders to find, but they are ones that are more likely discovered by your own employees.
What best practices can organizations have in place to help to reduce the motivation to commit fraud? From my experience, organizations that foster a healthy work environment, have good communication, which includes a strong “tone at the top”, and pay their employees fairly are the most successful at minimizing motivations to commit fraud.
Rationalization is the ability for an individual to convince oneself that their wrongful actions are ok. Getting to this point at a company usually would take some time. When was that person was hired? Did they have an employee handbook that discussed the importance of honesty and high ethical standards? Does the company have a mission statement or company wide values that are shared at all levels? Do they have good internal controls to prevent an employee from “borrowing” from the petty cash drawer?
In May 2022, the inflation rate hit a forty-year high. Economists are predicting a recession. There is so much uncertainty in the world. With these factors in play, I predict individuals committing frauds will be on the rise. If you have any concerns about the internal controls within your organization, please contact our office.