You are on page 1of 15

CHAPTER 9

AUDIT RISK, INCLUDING THE RISK OF FRAUD
Learning Check
9-1.

The KPMG 2003 Fraud Survey reported that 75% of organizations surveyed experienced
some level of fraud in the last 12 months. Seven percent reported problems with
fraudulent financial reporting and these had an average annual cost of over $250 million.
The 2004 Report to the Nation of the Association of Certified Fraud Examiners included
evidence on over 508 frauds that resulted in over $761 million in losses. The GAO report
on financial statements restatements reported 919 financial statement restatements in a 5
½ year period. While all of these may not have been due to fraud, the incidence of fraud
is not a matter of a few isolated instances.

9-2.

Fraud is an intentional act that results in a material misstatement in financial statements
that are the subject of an audit. Fraud is typically described as arising from two types of
misstatements, fraudulent financial reporting and misappropriation of assets.
Misstatements arising from fraudulent financial reporting are intentional misstatements
or omissions of amounts or disclosures in financial statements designed to deceive
financial statement users where the effect causes the financial statements not to be
presented, in all material respects, in conformity with generally accepted accounting
principles (GAAP). Misstatements arising from misappropriation of assets (sometimes
referred to as theft or defalcation) involve the theft of an entity's assets where the effect of
the theft causes the financial statements not to be presented, in all material respects, in
conformity with GAAP. Misappropriation of assets can be accomplished in various ways,
including embezzling receipts, stealing assets, or causing an entity to pay for goods or
services that have not been received.

9-3.

a.

The three elements of the fraud triangle are incentives and pressures, opportunity,
and attitudes and rationalization.

b.

An example of fraudulent financial reporting might include a situation where
management feels significant pressure to meet earnings forecasts (whether
analysts consensus forecasts or management’s forecasts) and keep stock price
high. Management is often in a position where it may override controls and so the
opportunity may be present for management to ask individuals to record entries
that might prematurely recognize revenue or to capitalize expenses. Management
may also use their position to directly take actions to inaccurately record
accounting information. Management may rationalize this behavior by believing
that it is necessary to receive an adequate bonus, or management may push the
envelop in accounting grey areas because the it is difficult for the auditor to prove

that management is wrong. Management may also believe that the behavior is
acceptable because other companies engage in similar activity. Revenue
recognition problems relate to the existence and occurrence of sales and
receivables. The capitalization of expenses relate to the presentation and
disclosures (classification) of expenditures.
c.

An example of misappropriation of assets might represent a situation where a
bookkeeper uses the opportunity to write check to him or her self. In this
situation the incentive or pressure might be related to the need for funds to pay for
private school or college for a child, or just to afford a lifestyle that the person
would like to have. The opportunity would happen when the person has the
authority to sign checks and internal controls are weak. This might include little
management oversight of the accounting process (such as management directly
receiving and reviewing bank statements before forwarding the statements to the
bookkeeper). The bookkeeper might even record a disbursement in the
accounting records using a different name than the check was actually written to.
The individual might rationalize the activity by feeling that they are making up
for a pay raise not received, or otherwise rationalize that they deserve the money.
This misstatement is a problem with the existence and occurrence of cash
disbursements.

9-4.

Common risk assessment procedures used to assess the risk of fraud include:
 Making inquiries of management and other within the entity to obtain their views
about the risk of fraud and how they are addressed.
 Considering any unusual or unexpected relationships that have been identified in
performing analytical procedures in audit planning.
 Considering other information obtained while planning the audit, such as performing
procedure to obtain the required understanding of internal controls.
 Considering information obtained while performing procedures related to client
acceptance and retention.

9-5.

The four objectives of the “brainstorming session” performed by the audit team to assess
the risk of fraud are to:
1. Allow junior members of the audit team to benefit from more senior members
knowledge of the audit client and of how fraud might be perpetrated.
2. Allow more seasoned personnel a fresh set of eyes that might identify risks that
otherwise might be overlooked.
3. Allows audit management to set the appropriate tone for the audit and to emphasize
the importance of approaching the audit with a “questioning mind.”
4. Emphasize the possibility that fraud might exist in any audit.

9-6.

Two specific risks that should be considered in every audit are:
1. The risk of problems with revenue recognition.
2. The risk of management override of internal controls.

In each case the auditor will usually assess inherent risk at the maximum for these risks,
and then carefully study the system of internal controls that might mitigate these risks.
The auditor might perform substantive tests targeted at testing revenue recognition or
substantive tests that examine journal entries or other evidence of management override
of internal controls.
9-7.

The audit risk concept is particularly important because it provides a framework for (1)
making decisions about the risk of financial statement misstatement(inherent and control
risks), and (2) making decisions about the appropriate level of detection risk. For a
specified level of audit risk there is an inverse relationship between assessed levels of
inherent and control risks and the level of detection risk that an auditor can accept for an
assertion. Thus, the lower the assessments of inherent and control risks, the higher the
acceptable level of detection risk.

9-8.

a.

Inherent risk is the susceptibility of an assertion to a material misstatement,
assuming that there are no related internal controls.

b.

A pervasive inherent risk factor is one that will affect multiple account balances
and assertions in the financial statements. For example, if management has
incentives to use accounting techniques to boost earnings when it is unable to
accomplish desired results with underlying economic substance, management
may engage in aggressive revenue recognition policies or may attempt to
capitalize items that might otherwise be expenses. Pervasive inherent risk factors
ripple right through the financial statements. An assertion specific risk factor is
one that only affects a unique assertion in the financial statements. For example,
the client may have a contentious accounting issue, such as accounting for
frequent flyer mileage liabilities for an airline, and the risk factor relates only to
the valuation of the specific liability.

a.

Control risk is the risk that a material misstatement could occur in an assertion
and will not he prevented or detected on a timely basis by the entity's internal
controls.

b.

Control risk can never be zero because internal controls cannot provide complete
assurance that all material misstatements will be prevented or detected.

c.

To support an assessment of control risk below the maximum the auditor must
obtain evidence about the effectiveness of the design and the operation of internal
controls through (1) procedures to obtain an understanding of internal controls
and (2) tests of controls.

a.

Analytical procedures risk is the risk that the auditor will not detect a material
misstatement that exists in an assertion through the application of analytical
procedures.

9-9.

9-10.

9-11.

b.

The auditor determines the planned acceptable level of analytical procedures risk
based for each assertion based on the expected effectiveness of analytical
procedures performed. Chapter 8 explained that the effectiveness of analytical
procedures is related to (Figure 8-5) the nature of the assertion, the plausibility
and predictability of the relationship, the availability of reliable data, and the
precision of the expectation.

c.

The auditor should not plan on designing effective analytical procures for
significant inherent risks that preclude the performance of tests of details. The
auditor should respond to these significant inherent risks by (1) assessing inherent
risk as maximum or high for relevant assertions, (2) obtaining evidence about the
effectiveness of design of internal controls related to the assertion, (3) ensuring
that evidence about internal controls over significant inherent risks is obtained
during the current audit period, and (4) obtaining significant evidence through
tests of details of transactions and balances. Normally, audit evidence from
substantive analytical procedures alone will provide sufficient, competent
evidence related to and assertion with significant inherent risks.

a.

Tests of details risk is the risk that the auditor will not detect a material
misstatement that exists in an assertion through the application of tests of details
such as tests of transactions or tests of balances.

b.

The auditor determines the planned acceptable level of tests of details risk based
for each assertion based on the assessments of inherent risk, control risk, and
analytical procedures risk. These three assessments affect audit strategy for tests
of details. The planned levels of tests of details risk are subsequently revised
based on evidence obtained about the effectiveness of internal controls or specific
audit findings obtained while performing substantive tests including analytical
procedures and tests of details.

9-12. For a specified level of audit risk, there is an inverse relationship between the assessed
levels of inherent risk, control risk, and analytical procedures risk for an assertion and the
level of detection risk for tests of details that the auditor can accept for that assertion.
9.13.

The concept of reasonable assurance implies that the auditor will attempt to obtain the
same level of assurance for each financial statement assertion. However, the assessed
levels of inherent risk, control risks, and analytical procedures risk may vary of different
assertions. Hence, the auditor intentionally varies the acceptable level of tests of details
risk for each assertion and account to accomplish the desired level of overall audit risk.

9-14. No. It is not appropriate under GAAS for the auditor to conclude that inherent and control
risks are so low that it is not necessary to perform any substantive tests for all of the
assertions pertaining to an account. Some evidence must always be obtained from
substantive tests (analytical procedures or tests of details) for each significant account
balance, though not necessarily for each assertion related to the account. If the risk is a
significant inherent risk the auditor should obtain evidence from substantive tests of

details (analytical procedures alone normally will not provide sufficient, competent
evidence).
9-15. The auditor can generally conclude that the following relationship exists between audit
risk, materiality and audit evidence. If audit risk is held constant and the materiality
level is reduced, the assurance obtained from substantive tests must increase, which
would require more sufficient, competent evidence. Similarly, if we hold the materiality
level constant and reduce audit risk, the assurance obtained during the audit must
increase.
In addition, the auditor can generally conclude that the following relationship exists
between detection risk, materiality and substantive tests. If detection risk is held
constant and the materiality level is reduced, the assurance obtained from substantive
tests must increase. Similarly, if we hold the materiality level constant and reduce
detection risk, the assurance obtained from substantive tests must increase.
9-16. The auditor's ultimate objective in planning and performing the audit is to reduce audit
risk to an appropriately low level to support an opinion as to whether the financial
statements are fairly presented in all material respects.
9-17. a.

b.

9-18. a.
b.

A preliminary audit strategy represents the auditor's preliminary judgments about
an audit approach and is based on certain assumptions about the conduct of the
audit. It is not a detailed specification of auditing procedures to be performed.
The four components of a preliminary audit strategy are:
1. The assessed level of inherent risk.
2. The planned assessed level of control risk considering:
 The extent of understanding of internal controls to be obtained.
 Tests of controls to be performed in assessing control risk.
3. The planned assessed level of analytical procedures risk considering:
 The extent of the understanding of the business and industry to be
obtained.
 Analytical procedures to be performed that provide evidence about the fair
presentation of an assertion.
4. The planned level of tests of details that, when combined with other
procedures, reduces audit risk to an appropriately low level.
The three audit strategies are (1) a response to lower inherent risk, (2) a lower
assessed level of control risk approach, and (3) a primarily substantive approach.
A response to lower inherent risk is often effective for assertions where inherent
risk can be assessed at moderate (or sometimes low) and analytical procedures are
effective at identifying material misstatements. The costs of performing the more
extensive procedures to obtain an understanding of the business and industry and
to perform reliable analytical procedures will often be more than offset by cost
savings from performing minimal tests of details.

The lower assessed level of control risk approach offers the potential for cost
savings when used for assertions pertaining to accounts affected by a high volume
of transactions. When controls related to such assertions are well designed and
highly effective, the cost of performing the more extensive procedures to obtain
the understanding of internal controls and to test the controls will often be more
than offset by cost savings from performing less extensive tests of details.
The primarily substantive approach may be more cost effective for assertions
pertaining to accounts that are affected by infrequent transactions or adjusting
entries. In addition, if inherent risk is high or maximum, and internal controls are
ineffective, a primarily substantive approach is the only way to restrict audit risk
to an appropriately low level.
9-19. The rationale for using a common strategy for a group of assertions affected by the same
class of transactions is that many internal controls focus on the processing of a single
type or class of transactions. Accordingly, the effectiveness of controls related to that
class of transactions will affect control risk for the assertions related to the transaction
class. For example, the effectiveness of controls related to the existence or occurrence of
sales transactions affects control risk for existence or occurrence account balance
assertions for both sales and accounts receivable.

Comprehensive Questions
9-20. (Estimated time - 25 minutes)
The following table identifies the fraud risk factors as related to fraudulent financial
reporting (FFR) or misappropriation of assets (MA), and whether they are indicators of
incentive and pressures (I/P), opportunity (O), or rationalization (R).
1. Personal financial obligations may create pressure on management or
employees with access to cash or other assets susceptible to theft to
misappropriate those assets.
2. A company has significant, unusual, or highly complex transactions,
especially those close to period end that pose difficult "substance over
form" questions.
3. A company experiences rapid growth or unusual profitability,
especially compared to that of other companies in the same industry.
4. A company has inadequate system of authorization and approval of
transactions (for example, in purchasing).
5. Employees show disregard for the need for monitoring or reducing
risks related to misappropriations of assets.
6. Personal financial obligations may create pressure on management or
employees with access to cash or other assets susceptible to theft to
misappropriate those assets.
7. There is excessive pressure on management or operating personnel to
meet financial targets set up by the board of directors or management,

FFR or MA
MA

I/P, O, or R
I/P

FFR

O

FFR

O

FFR or MA

O

MA

R

MA

I/P

FFR

I/P

FFR or MA
8.
9.
10.

11.
12.
13.

including sales or profitability incentive goals.
Assets, liabilities, revenues, or expenses based on significant estimates
that involve subjective judgments or uncertainties that are difficult to
corroborate.
Nonfinancial management shows an excessive participation in or
preoccupation with the selection of accounting principles or the
determination of significant estimates.
Management shows a domineering behavior in dealing with the
auditor, especially involving attempts to influence the scope of the
auditor's work or the selection or continuance of personnel assigned to
or consulted on the audit engagement.
Employees anticipate future layoffs.
An employee’s behavior indicates displeasure or dissatisfaction with
the company or its treatment of the employee.
A company has significant related-party transactions not in the
ordinary course of business or with related entities not audited or
audited by another firm.

I/P, O, or R

FFR

O

FFR

O

FFR

I/P

MA
MA

I/P
I/P

FFR

O

9-21. (Estimated Time – 25 minutes)
Following is a discussion of the various fraud risk factors identified in the case, including
an explanation of assertions that might be affected by the risk factors.
(a) Fraud Risk Factor
The company competes in the highly competitive
market for manufactured household products. This
is combined with the fact that the company has
performed well up until a recent recession, but now
the company is having difficulty moving inventory
in most product lines as retailers have difficult
selling in a down economy.
The company is dominated by Rob Bigbucks, the
Chairman and Chief Executive Officer that has
guided the company since it was a private company
and has extensive influence all aspects of company
operations. Rob is known to have a short temper
and have been known to threaten individuals in the
accounting department with the lack of pay raises if
they don’t assist him in achieving company goals.
The company has extended its influence over
customers and has dictated terms of sale to ensure
that customers are able to obtain desired quantities
of their most popular products.
Bonuses based on sales are a significant component
of the compensation package for individual product
sales managers.

(b) Affect on Financial Statement Assertions
This combination of competitive markets and a
downturn in the economy create the incentives and
pressures for fraudulent financial reporting and it
may have a pervasive affect on multiple account
balances or financial statement assertions.
Rob’s threats create the incentives and pressures for
fraudulent financial reporting. This is likely to
have a pervasive impact on the financial statements
given that multiple individuals in the accounting
department feel threatened. Hence, multiple
accounts or assertions may be misstated.
The influence over customers is likely to create the
opportunity for revenue recognition issues. The
most likely assertion that might be misstated is the
existence and occurrence assertion for sales and
receivables.
Bonuses based on sales targets create the incentive
for fraudulent financial reporting, and premature
revenue recognition, in order for sales managers to

Sales managers who do not meet sales targets three
quarters in a row are often replaced.

earn bonuses. The most likely assertion that might
be misstated is the existence and occurrence
assertion for sales and receivables.
In order to keep their jobs, sales managers may
engage in fraudulent financial reporting and
premature revenue recognition. The most likely
assertion that might be misstated is the existence
and occurrence assertion for sales and receivables.

9-22. (Estimated Time – 25 minutes)
The following table presents the solutions to parts a and b.

c.

Situations C and G mean that the evidence obtained from risk assessment
procedures, tests of controls, and analytical procedures may reduce audit risk to
an appropriately low level.

d.

Situation E represents a situation with maximum inherent risk. In other words
this is a significant inherent risk. The proposed audit strategy emphasizes
analytical procedures and minimizes tests of details. It is not appropriate to place
such a significant emphasis on analytical procedures for assertions that represent
significant inherent risks.

e.

Assuming that inherent risk is assessed at the maximum, two important audit
strategies are (1) a lower assessed level of control risk approach, and (2) a
primarily substantive approach emphasizing tests of details. Under a lower
assessed level of control risk approach an increased understanding of internal
controls to allow for the effective design of tests of controls. Under a primarily
substantive approach emphasizing tests of details the auditor needs a sufficient
understanding of the system of internal control to effectively design substantive
tests.
9-23. (Estimated Time – 25 minutes)
a & b. The following matrix summarizes the planned assessed levels of tests of details
risk and planned audit evidence. In addition, it ranks the cases in rank order
indicated the scenarios that would require the most extensive tests of details (1) to
the least extensive tests of details (5).

Desired audit risk
Assessed inherent risk
Planned assessed level
of control risk
Planned assessed level
of analytical
procedures risk
Planned assessed level
of test of details risk
Planned evidence
Ranking of Evidence
from Tests of Details

Situation
C

A

B

D

E

Very Low
Maximum
Low

Very Low
High
High

Very Low
Moderate
High

Very Low
Low
Moderate

Very Low
Maximum
High

Moderate

Moderate

Low

Low

High

High

Low

High

High

Very Low

See below
4

See below
2

See below
3

See below
5

See below
1

The planned evidence for situation A requires significant tests of controls and very
effective analytical procedures. As a results it requires a minimal amount of
substantive tests of details.
The planned evidence in situation B requires some evidence from risk assessment
procedures regarding inherent risk, control risk is likely to be assessed based on
procedures performed to obtain an understanding of internal controls, and the
auditor performs some analytical procedures and significant tests of details.
The planned evidence in situation C requires compelling evidence from risk
assessment procedures to support an inherent risk assessment of moderate, control
risk is likely to be assessed based on procedures performed to obtain an
understanding of internal controls, the auditor performs very effective analytical
procedures and limited tests of details.
The planned evidence in situation D requires compelling evidence from risk
assessment procedures to support an inherent risk assessment of low (e.g., prepaid
expenses), control risk is likely to be assessed based on procedures performed to
obtain an understanding of internal controls and tests of controls to support a
moderate assessment of control risk, and the auditor performs very effective
analytical procedures.
The planned evidence in situation E would probably be supported by a control
risk assessment based on procedures performed to obtain an understanding of
internal controls, some analytical procedures and very reliable tests of details.
b.

Substantive tests of details may not be necessary in situation D. To start with
inherent risk for this assertion is low. Further, significant evidence is obtained
from analytical procedures and the auditor has some evidence that internal
controls are effective. This combination is sufficient that the auditor may not
need additional detail tests.

9.24.

(Estimated Time – 20 minutes)
a.

b.

1.

Item with Higher
Inherent Risk
a

2.

b

3.

b

4.

b

5.

a

6.

a

7.

a

8.

a

9.

a

10.

a

Explanation
Inventories generally involve a higher volume of transactions and
are more susceptible to theft.
Accounting standards for the valuation of deferred income taxes
are more complex and contentious than those for cash.
Accounts payable is more likely to be deliberately understated
than overstated.
Obligations under warranties may be more difficult to estimate
than obligations for accrued wages.
The classification of an item as repairs and maintenance versus a
capital expenditure may be contentious.
Accounting standards for the valuation of long-term investments
are more complex (fair value, equity
method, etc.) than for land which is carried at its
historical cost.
Accounts receivable is more likely to be deliberately overstated
than understated.
Cash is more susceptible to misappropriation but
existing cash is simply reported at face amount.
Estimates of bad debts expense may vary from year to
year and may be more difficult to make than the
estimates involved in calculating depreciation.
The valuation of a transaction resulting in a receivable from a
related party may not be as objective as the valuation of a
transaction with a third party.

Examples of matters that may have pervasive effects on inherent risk include the
following
(Note - students are required to state only five):
 Profitability of the entity relative to the industry.
 Sensitivity of operating results to economic factors.
 Going concern problems such as lack of sufficient working capital.
 Nature, cause, and amount of known and likely misstatements detected in
prior audit.
 Management turnover, reputation, and accounting skills.
 The impact of technological developments on the company's operations and
competitiveness.

9-25. (Estimated Time – 20 minutes)
Inherent Risk Factor
1.

2.

3.

4.

5.

6.

The original CFO for a company in
the entertainment industry just retired
and a new CFO, with modest industry
experience, was hired from a CPA
firm.
During the last year the company’s
most profitable product has
experienced significant competition
and inventory quantities are building.
A software company has recently
changed its product and is now selling
both a site license bundled with
consulting services to tailor the
software to the client’s needs.
Financial difficulties during a recent
economic slowdown have put the
company in a position where it is
close to violation of debt covenants.
A larger diversified retailer has just
made a decision to put a high-end
jewelry line in its stores.
A pharmaceutical company recently
invested $500 million in research and
development over the last five years
in a product that failed to receive
FDA approval.

9.26.

Pervasive Effect
(yes/ no)

Accounts Affected

Assertions Affected

Yes

Multiple

Multiple

No

Inventory and Cost
of Goods Sold

Valuation and
Allocation (Net
Realizable Value)

No

Sales and Accounts
Receivable

Existence and
Occurrence
(Revenue
Recognition)

Yes

Multiple

Multiple

No

Inventory and Cost
of Goods Sold

Existence and
Occurrence

Any Capitalized
Research and
Development Cost

Valuation and
Allocation
(Impairment Test)

No

(Estimated Time – 10 minutes)
The risk component that is directly affected by each factor is:
1. = TD
2. = CR
3. = IR
4. = AP
5. = IR

6. = TD
7. = IR
8. = CR
9. = TD
10. = IR

9-27. (Estimated Time – 25 minutes)
a.

A preliminary audit strategy represents the auditor’s preliminary judgments about
an audit approach and is based on certain assumptions about the conduct of the
audit. It represent an audit plan for the collection of evidence regarding an
assertion.

b.

In developing a preliminary audit strategy the auditor needs to specify (1) inherent
risk, (2) the planned assessed level of control risk, and (3) the planned assessed
level of analytical procedures risk. These represent three key components of the
audit risk model.

c.

Assuming that inherent risk is assessed at the maximum, two important audit
strategies are (1) a primarily substantive approach and (2) a lower assessed level
of control risk approach. Under a primarily substantive approach the auditor
needs a sufficient understanding of the system of internal control to effectively
design substantive tests. Under a lower assessed level of control risk approach an
increased understanding of internal controls to allow for the effective design of
tests of controls.

d.

A primarily substantive approach would be favored when internal controls are not
present or are not effective. This approach would also be favored for material
populations that have few transactions or balances that can easily be tested (e.g.,
notes payable). A lower assessed level of control risk approach would be favored
when controls related to an assertion are well designed and highly effective, and
the populations includes a high volume of routine transactions (which makes this
approach cost effective).

9-28. (Estimated Time – 20 minutes)
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.

Preliminary Audit Strategy
A lower assessed level of control risk approach
A primarily substantive approach
A lower assessed level of control risk approach
A lower assessed level of control risk approach
A lower assessed level of control risk approach
A primarily substantive approach
A primarily substantive approach
A lower assessed level of control risk approach
A primarily substantive approach
A primarily substantive approach

Cases
9-29. See separate file with answers to the comprehensive case related to the audit of Mt. Hood
Furniture that is included with this chapter.

Professional Simulation
Research
Situation

Professional
Skepticism

Fraud Risk

Three citations might be relevant here.
First, AU 316.07
“Three conditions generally are present when fraud occurs. First, management or other
employees have an incentive or are under pressure, which provides a reason to commit fraud.
Second, circumstances exist—for example, the absence of controls, ineffective controls, or the
ability of management to override controls—that provide an opportunity for a fraud to be
perpetrated. Third, those involved are able to rationalize committing a fraudulent act. Some
individuals possess an attitude, character, or set of ethical values that allow them to knowingly
and intentionally commit a dishonest act. However, even otherwise honest individuals can
commit fraud in an environment that imposes sufficient pressure on them. The greater the
incentive or pressure, the more likely an individual will be able to rationalize the acceptability of
committing fraud.”
It is important to note that honest individuals can commit fraud in an environment that imposes
sufficient pressure on them.
Second, AU 316.13
“Due professional care requires the auditor to exercise professional skepticism. See section 230,
Due Professional Care in the Performance of Work, paragraphs .07 through .09. Because of the
characteristics of fraud, the auditor's exercise of professional skepticism is important when
considering the risk of material misstatement due to fraud. Professional skepticism is an attitude
that includes a questioning mind and a critical assessment of audit evidence. The auditor should
conduct the engagement with a mindset that recognizes the possibility that a material
misstatement due to fraud could be present, regardless of any past experience with the entity and
regardless of the auditor's belief about management's honesty and integrity. Furthermore,
professional skepticism requires an ongoing questioning of whether the information and
evidence obtained suggests that a material misstatement due to fraud has occurred. In exercising
professional skepticism in gathering and evaluating evidence, the auditor should not be satisfied
with less-than-persuasive evidence because of a belief that management is honest.”
This paragraph is clear that the auditor should conduct the engagement with a mindset that
recognizes the possibility that a material misstatement due to fraud could be present, regardless
of any past experience with the entity and regardless of the auditor's belief about management's
honesty and integrity.

Third, AU 316.15,
“The discussion among the audit team members about the susceptibility of the entity's financial
statements to material misstatement due to fraud should include a consideration of the known
external and internal factors affecting the entity that might (a) create incentives/pressures for
management and others to commit fraud, (b) provide the opportunity for fraud to be perpetrated,
and (c) indicate a culture or environment that enables management to rationalize committing
fraud. The discussion should occur with an attitude that includes a questioning mind as described
in paragraph .16 and, for this purpose, setting aside any prior beliefs the audit team members
may have that management is honest and has integrity. In this regard, the discussion should
include a consideration of the risk of management override of controls. Finally, the discussion
should include how the auditor might respond to the susceptibility of the entity's financial
statements to material misstatement due to fraud.”
This paragraph is clear that the auditor should put aside any prior beliefs the audit team members
may have that management is honest and has integrity, during the brainstorming session.
Professional
Skepticism
Situation

Research

Fraud Risk

To:
Audit Team
Re:
Professional Skepticism
From: CPA Candidate
The professional standards define professional skepticism as “an attitude that includes a
questioning mind and a critical assessment of audit evidence.” (AU 230.07) The auditor should
gather and objectively evaluate evidence. Since evidence is gathered and evaluated throughout
the audit, professional skepticism should be exercised throughout the audit process. Further, the
standards go on to state that “the auditor neither assumes that management is dishonest nor
assumes unquestioned honesty. In exercising professional skepticism, the auditor should not be
satisfied with less than persuasive evidence because of a belief that management is honest.” (AU
230.09)
Professional standards on the brainstorming point out that the discussion among the audit team
members should emphasize the need to maintain a questioning mind and to exercise professional
skepticism in gathering and evaluating evidence throughout the audit. Even if detection risk is
high, this should lead the audit team members to continually be alert for information or other
conditions that indicate a material misstatement due to fraud may have occurred. Professional
standards are clear that lead audit team members to thoroughly probe the issues, acquire
additional evidence as necessary, and consult with other team members and, if appropriate,
experts in the firm, rather than rationalize or dismiss information or other conditions that indicate
a material misstatement due to fraud may have occurred. (AU 316.16)

Fraud Risk
Situation

Research

Professional
Skepticism

Following is list of various fraud risks. Identify whether the following situations represent
incentives / pressures, opportunity, or attitudes / rationalizations. This solution is based on
Appendix A to AU 316.

1. Assets, liabilities, revenues, or expenses based on
significant estimates that involve subjective
judgments or uncertainties that are difficult to
corroborate
2. Excessive interest by management in maintaining or
increasing the entity's stock price or earnings trend
3. Lack of complete and timely reconciliations of assets
4. High vulnerability to rapid changes, such as changes
in technology, product obsolescence, or interest rates
5. Adverse relationships between the entity and
employees with access to cash or other assets
susceptible to theft
6. Behavior indicating displeasure or dissatisfaction
with the company or its treatment of the employee
7. Significant, unusual, or highly complex transactions,
especially those close to period end that pose difficult
"substance over form" questions
8. A practice by management of committing to analysts,
creditors, and other third parties to achieve
aggressive or unrealistic forecasts

Incentive /
Pressure

Opportunity

Attitude /
Rationalization