Question

Many in the auditing profession assert that SAS 99 has done little to increase the likelihood of fraud detection. They note that auditors are simply required to compile a larger amount of documentation under SAS 99. If they don't find fraud, but can prove compliance with SAS 99, they are not held legally liable. What can be said about this?

Answer 1

The primary responsibility of an auditor is to gather documentation to determine whether the company’s reported financial statements taken as a whole (including footnotes) are stated fairly, in all material respects, in conformity with Generally Accepted Accounting Principles (GAAP).

Fraud is a legal concept that expands well beyond the responsibilities of auditors. An auditor is only responsible for material misstatements to the financial statements, whether caused by error or fraud. Thus, an auditor is not responsible for immaterial fraud, that is, fraud that has no material impact on the financial statements. What differentiates fraud from an error is intent. Fraud is an intentional misstatement, while an error is unintentional.

Fraud = Intentional Misstatement

Error = Unintentional Misstatement

Management override of internal controls

Management has a unique ability to commit fraud because it usually is in a position to directly or indirectly manipulate accounting records and present fraudulent financial information.

It is difficult to find fraud perpetrated by collusion!

Fraud can be concealed from the auditor and others through collusion among management, employees, or third parties. Because of collusion, an auditor may reach a conclusion about the validity of certain audit evidence.

In 2002, SAS No. 99, Consideration of Fraud in a Financial Statement Audit, was issued to replace SAS No. 82 and provide auditors with better guidance on how to enhance their abilities to detect fraud during a financial statement audit. The purpose of the standard is to help auditors take a proactive approach to prevent and detect fraud by increasing their knowledge of their clients, which should result in more meaningful risk assessment procedures (Marczewski and Akers, 2005; Kiel, 2008). SAS No. 99 calls for auditors to maintain a questioning mind regarding the potential for material misstatements due to fraud throughout the audit. They are expected to exercise professional skepticism in gathering and evaluating audit evidence and to set aside prior beliefs that management is honest and has integrity. More specifically, it requires auditors to engage in brainstorming sessions to discuss the risks of material misstatements due to fraud (AICPA, 2002). Additionally, SAS No. 99 recommends audit firms use forensic specialists to provide auditors with forensic audit training. While the intent of SAS No. 99 is to improve auditors’ performances related to fraud detection, auditors did not anticipate it would substantially affect audit effectiveness.

Financial statement auditors are expected to examine their clients’ accounts either individually or in aggregate with other accounts. They are expected to focus on accounts with a reasonable possibility of containing a material misstatement. Auditors primarily work with a materiality level that serves as a guide to their evaluations of audit evidence. The implication of materiality is considered so that auditors do not become overly concerned with minor discrepancies in any single account, unless these discrepancies are indicative of larger or pervasive problems. Given that they have a predetermined time budget for their work, auditors understand that if they spend too much time examining one area, they may have to spend less time somewhere else or run the risk of going over budget. While time is of the essence in an audit, auditors understand it is vital to do a sufficient amount of work and should not intentionally reduce or eliminate a procedure. In addition, auditors are not expected to examine every transaction and would generally rely on audit sampling.

From the above mentioned explanations, we conclude that auditors are simply required to compile a larger amount of documentation under SAS 99. If they don't find fraud, but can prove compliance with SAS 99, they are not held legally liable.