The most highly publicized statement on auditing standards in years rolled off the presses in early February. SAS no. 82, Consideration of Fraud in a Financial Statement Audit, provides expanded operational guidance on the auditor's consideration of material fraud in conducting a financial statement audit. The new SAS, which supersedes SAS no. 53, The Auditor's Responsibility to Detect and Report Errors and Irregularities, is effective for audits of financial statements for periods ending on or after December 15, 1997. This article explains why the American Institute of CPAs issued the new standard and how it will change what auditors do.
WHY A NEW SAS ON FRAUD?
In its March 1993 report, In the Public Interest, the Public Oversight Board of the AICPA division for CPA firms SEC practice section made a number of recommendations about fraud, including issuing a call for auditors to exercise the professional skepticism demanded by SAS no. 53. The AICPA board of directors, in its June 1993 report, Meeting the Financial Reporting Needs of the Future: A Public Commitment From the Public Accounting Profession, supported the POB recommendations and other initiatives to prevent and detect fraud. As a result of these and other developments, the AICPA auditing standards board formed the fraud task force to take a hard look at SAS no. 53. The ASB concluded that it was crucial to develop a SAS that focused solely on financial statement fraud.
After substantial deliberation, the ASB issued an exposure draft of a proposed SAS, Consideration of Fraud in a Financial Statement Audit, in May 1996. Although some mistakenly viewed the ED as a response to the Private Securities Litigation Reform Act of 1995, the board's consideration of fraud had started long before that legislation was signed in December 1995. After considering the issues raised in comment letters and revising the proposed SAS, in November 1996 the ASB voted to issue the final standard.
SAS no. 82 clarifies, but does not increase, the auditor's responsibility to detect fraud. The auditor's responsibility is still framed by the key concepts of materiality and reasonable assurance. The ASB believed this obligation was so central to an audit that a responsibility statement should be placed in the general standards (AU section 110 of AICPA Professional Standards) to heighten the auditor's overall awareness throughout the audit. The full text of the responsibility statement appears in the box below. (See the sidebar on page 33 for a discussion of how a financial statement audit differs from a fraud audit.)
Is the auditor responsible for detecting any kind of fraud that may have occurred? Absolutely not. The auditor's responsibility relates to the detection of material misstatements caused by fraud and is not directed to the detection of fraudulent activity per se. Thus, the auditor of financial statements must obtain reasonable assurance that the statements are free of material misstatements, whether caused by error or fraud.
THE RISK OF MATERIAL MISSTATEMENT
The SAS describes two types of fraud that may result in financial statement misstatements:
* Fraudulent financial reporting. An example of fraudulent financial reporting is a company that ships customers goods that have not been ordered and then records the revenue as if it met all the criteria for revenue recognition. In other cases involving new high technology products, company personnel may have provided customers with a side agreement granting "right of return" for any reason or made payment for the goods contingent on receipt of funding or some other event. In such cases the side agreement typically is not disclosed to the auditor because the underlying transaction would not meet the criteria for revenue recognition under generally accepted accounting principles.
* Misappropriation of assets. Examples of misappropriation of assets are thefts of cash, inventory or securities. Small practitioners specifically asked for guidance in this area because they were more likely to encounter misappropriations than fraudulent financial reporting. Auditors from larger firms were more concerned about fraudulent financial reporting from a materiality standpoint but also thought guidance on misappropriations would be helpful.
Some practitioners questioned the auditor's responsibility to detect certain significant defalcations, such as at a retailing company where thefts are reflected in cost of goods sold after inventories are adjusted to actual quantities on hand. While the answer depends on the actual facts and circumstances involved, many believe the auditor should have a feel for when inventory shrinkage is not in line with other entities in the industry. Although some argue the amount attributed to a defalcation should be shown on a line labeled "theft expense," there is no such requirement under GAAP
SAS no. 82 requires the auditor to specifically assess the risk of material misstatement of the financial statements due to fraud in every audit. The auditor is not expected to assess the risk of fraud as high, medium or low, as might be the case in assessing control risk. Rather, SAS no. 82 asks the auditor to consider risk factors relating to fraudulent financial reporting and misappropriation of assets in each of the categories shown in paragraphs 16 and 18 of the statement. The auditor then needs to consider that risk assessment in designing the audit procedures he or she will perform. In the...