In one sense, there is nothing new when it comes to misstatement of revenue in financial statements. With a little effort, you can find real-life examples of these schemes in both publicly traded companies and privately held companies. How the scheme is perpetrated may differ by industry or by company. How the scheme is concealed may differ by industry or by company. So, how can auditors uncover these schemes?
This year, we are focused on the fraud risk assessment process as both a management tool and an audit tool. The common theme of my blogs is, “Do you understand fraud risk?” I have raised a number of issues that I hope were helpful within your career as an auditor, investigator, risk manager, or senior leader.
The new fraud auditing standards require you to bring a “deeper understanding” of potential fraud schemes into audit planning and execution. The last two months we focused on what this means in when considering asset misappropriation. Over the next few months, we will focus on financial reporting.
As we have discussed in previous blogs, the new fraud auditing standards require you to bring a “deeper understanding of potential fraud schemes into their audit planning and execution.”
This year, I have focused on the fraud risk assessment process as both a management tool and an audit tool. The common theme of my blogs is, “Do you understand fraud risk?” I have raised a number of issues that I hope were helpful within your career as an auditor, investigator, risk manager, or senior leader. In this blog, we’re diving into what having a deeper understanding looks like.
The fundamental concepts of creating a fraud risk assessment document are well known and widely published. I have no intention of reiterating the process. But, in a recent project, I was engaged to help the company respond to an internal audit recommendation. The request led me to an exploration and reconsideration of the common approach.
Where is the beef?
If that phrase doesn’t instantly resonate, take a look at this video. This was an iconic video from the 80s, and people are still asking the question today. (I hope you get my sense of humor.)
The new IIA (Institute of Internal Auditors) Global Internal Audit Standards place a significant emphasis on internal auditors actively assessing and mitigating fraud risk within an organization, requiring them to take a more proactive approach to fraud detection and incorporate a deeper understanding of potential fraud schemes into their audit planning and execution.
In the beginning of my career, someone once told me, "People commit fraud, not internal controls." So, if we are to perform a proper analysis of fraud risk, then we need first to assess people. No, I do not mean a psychological profile. To me, it means the opportunity the person has by virtue of the position in the business cycle. Or by their sophistication to conceal the fraud scheme. Or, by understanding the natural vulnerabilities that exist within their business system.
This will be the summer of challenging our profession’s guidance on fraud risk assessment. As you know, last month we raised the question of whether fraud risk assessment is simply an academic process to meet a standard.
