Fraud Auditing, Detection, and Prevention Blog

 Financial Statement Fraud Audit Planning: From Risk to Detection 

This year, we are focused on the fraud risk assessment process as both a management tool and an audit tool. The common theme of my blogs is, “Do you understand fraud risk?” I have raised a number of issues that I hope were helpful within your career as an auditor, investigator, risk manager, or senior leader. Last month’s blog started the conversation of understanding through the use of fraud risk statements how financial statements can be materially. To illustrate the concept, we used the following fraud risk statement:

Controller intentionally overstates assets by recording a real advertising expense incurred from a real vendor recorded through the purchase journal as a capitalized expenditure causing the capitalized advertising expenditures to be materially misstated based on ASC 340-20. ( refers to the U.S. GAAP guidance for Capitalized Advertising Costs)

In this month’s blog, we will discuss how to build the financial reporting audit plan.

Develop Your Audit Plan

We will discuss how to plan and execute your audit to properly respond to the risk of fraud. In my way of thinking, our audit plan has three components.

Fraud risk assessment

In this phase, the goal of the auditor is to understand how the balance sheet account could be materially misstated. From my perspective, this understanding all the permutations of the fraud risk statement. Before you react, this does not mean you have to document every fraud risk scenario. You must, however, understand. The simple reason is that how can you plan an audit if you do not understand the fraud risks? That is a fundamental violation of the auditing standards.

Start with the concept of using generic permutation analysis to create fraud action statements:

Remember, the fraud auditor does not know which fraud scenario the controller is going to commit, but the fraud auditor does know all the fraud scenarios the controller can commit. You start with the generic fraud action statement, then you apply the generic statement to the specific account. In this way, the fraud auditor is assured of the completeness of the fraud scenario listing.

Using the generic fraud action statement, we will identify the applicable fraud scenarios to be included in our fraud data analytics plan. Let’s assume the balance sheet has an asset entitled capitalized advertising expenditures. 

1. Controller intentionally overstates assets by recording a false operating expense incurred from a false vendor through the purchase journal as a capitalized expenditure, causing the capitalized advertising expenditures to be materially misstated.

2. Controller intentionally understates assets by failing to record a real operating expense incurred from a real vendor through a general journal entry or purchase journal as a capitalized expenditure, causing the capitalized advertising expenditures to be materially misstated.

3. Controller intentionally overstates assets by recording a real operating expense incurred from a real vendor through the purchase journal as a capitalized expenditure, causing the capitalized advertising expenditures to be materially misstated.

4. Controller intentionally overstates assets by recording a false operating expense incurred from a real vendor through the purchase journal as a capitalized expenditure, causing the capitalized advertising expenditures to be materially misstated.

5. Controller intentionally overstates assets by recording a false operating expense incurred from a real vendor through a general journal entry as a capitalized expenditure, causing the capitalized advertising expenditures to be materially misstated.

6. Controller intentionally overstates assets by recording a real operating expense incurred from a real vendor through a general journal entry as a capitalized expenditure, causing the capitalized advertising expenditures to be materially misstated.

7. Controller intentionally overstates assets by failing to adjust or reclassify a real operating expense incurred from a real vendor through a general journal entry as a capitalized expenditure, causing the capitalized advertising expenditures to be materially misstated.

8. Controller intentionally overstates assets by failing to write off a real operating expense incurred from a real vendor through a general journal entry as a capitalized expenditure, causing the capitalized advertising expenditures to be materially misstated.

The first step is now completed. Now you have built a road map on how to plan your audit for this one account balance.

Select a sample of transactions

In my opinion, selecting a sample is much easier for financial statement fraud than for asset misappropriation. The reason is simple: if the fraud risk statement occurs in the year of audit, then all the transactions must be recorded in the capitalized advertising expenses account, unless you are searching for an understatement of capitalized advertising expenses. In that case, you search the advertising expense account for expenses that should be capitalized. Or you search the general ledger for known vendors that provided advertising, and the expense is recorded in a non-advertising expense account.

Perform an audit procedure

The audit plan must be based around Key Aspects of ASC 340-20

Scope: Focuses on advertising costs that qualify for capitalization, unlike general advertising expenses, which are typically expensed as incurred.

Direct-Response Advertising: Capitalizable only if the primary purpose is to promote sales to specific customers, and there's a clear way to document that customer's specific response (e.g., coded coupons, phone logs).

Initial Measurement: Guidance on how to record the asset's value at the time of recognition (though some initial measurement rules were superseded by ASC 606).

Subsequent Measurement: Details on how to amortize the capitalized cost (usually over the expected benefit period) and test for impairment if future benefits decline.

Disclosure: Mandates disclosures about the advertising assets in financial statements.

One last thought, if management’s goal is to intentionally misstate the financial statements, then you must think about how management plans to trick the auditor. This is understanding the sophistication of concealment strategy.

Fraud Triangle Trivia

1. Who is credited with coining the phrase “fraud Triangle”

2. How many convicted embezzlers did Dr. Cressey interview for his work?

3. True or False? Were habitual criminals excluded from the study?

4.  How many prisons did Dr. Cressy visit to conduct his interviews?

5. True or False? The origins of the fraud triangle were from Dr. Cressey's PhD Thesis?

Answers to last month's trivia:  Dr. Donald Cressey

1.How many works did Dr. Cressey solely publish on criminology? Five

2. In what year did Dr. Cressy coin the phrase “fraud triangle’. According to my research, he did not coin the phrase.

3. Other People's Money: A Study in the Social Psychology of Embezzlement, What year was it published? 1969

4. Dr. Cressy had three occupations; can you name them? Sociologist, criminologist,  and penologist

5. What was the focus of much of his writings? Organized crime. He served as a consultant on organized crime for the President's Commission on Law Enforcement and Administration of Justice in 1966 and 1967