Adding value with SAS no. 99.

• Author: Geraci, John
• Position: Statement on Auditing Standards

In implementing SAS No. 99, Consideration of Fraud in a Financial Statement Audit, auditors focus on compliance with professional standards. But implementation also offers CPA firms and their clients opportunities to work to improve companies' control environments to deter fraud.

The Statement on Auditing Standards (SAS) No. 99, Consideration of Fraud in a Financial Statement Audit (AICPA, Professional Standards, vol. 1, AU sec.316), has created a stir in the accounting profession. Historically, professional standards required auditors to be aware of the potential risk of fraud, and to the extent of any indication that fraud could be occurring within the organization, to report those findings to the appropriate client personnel. Now, under SAS No. 99, there is a presumption by auditors that fraud is occurring within the client's organization.

For a long time before the AICPA issued SAS No. 82, which has the same title as and is superseded by SAS No. 99, CPAs held the position that audits cannot be relied upon to detect fraud in a client's organization. Regardless of the requirements of SAS No. 99, many auditors still maintain that it is inherently difficult to detect fraud while performing a standard financial statement audit. Nevertheless, the burden and ultimate responsibility of CPAs has been expanded under this pronouncement.

A silver lining

Although SAS No. 99 is a compliance matter facing auditors, CPA firms and their clients should not view it merely as a requirement; this new pronouncement also presents opportunities for clients--and therefore, opportunities for CPA firms. At our firm of approximately 100 professionals (Boston-based Vitale, Caturano and Company), we have rolled out SAS No. 99 on a large percentage of our audits. Overall, client response has been consistent and positive.

SAS No. 99 requires the auditor to assess the potential risk of fraud in two areas: financial reporting, and the misappropriation of assets. Compliance with SAS No. 99 requires additional time, most of which is incurred during the preliminary or planning aspect of the engagement. The starting point of implementing SAS No. 99, typically, is the brainstorming session. During this session, the audit team brainstorms on the potential risks of fraud relative to the client and, in doing so, identifies the directional risk associated with that potential fraud. If, for example, a client is interested in paying the least amount of taxes, the directional risk...