5505 Assessment of the Risk of Material Misstatement Due to Fraud
Sep-2022

Identification and assessment of the risks of material misstatement due to fraud

CAS Requirement

In accordance with CAS 315, the auditor shall identify and assess the risks of material misstatement due to fraud at the financial statement level, and at the assertion level for classes of transactions, account balances and disclosures (CAS 240.26).

OAG Guidance

Consider if an identified financial statement level fraud risk can be related to a specific FSLI (and related assertions), in which case we may need to modify the level of risk and nature, timing and extent of procedures related to that FSLI. For example, if the risk of segregation of duties mainly relates to the Sales department of the entity, this may affect the risk and audit procedures to be performed on Revenue and Accounts Receivable FSLIs.

Similarly, consider if a fraud risk already identified at the FSLI assertion level might indicate a more pervasive financial statement level risk, which would require a broader response. For example, if we have identified lack of controls over safeguarding of specific assets during the physical inventory observation, consider if the risk of misappropriation may relate to other assets as well. If the risk might affect many assertions, it will also need to be identified as a financial statement level risk.

When assessing risks of material misstatement due to fraud at the assertion level we take into account the degree to which inherent risk factors affect the susceptibility of relevant assertions to misstatement (including susceptibility to bias or other fraud risk factors). Refer to OAG Audit 5043.3 for guidance on evaluating inherent risk factors.

Our response to the identified fraud risks is influenced by the nature and significance of the risks identified and the entity’s programs and controls that address these identified risks. In some cases, we may judge that auditing procedures otherwise planned are sufficient to respond to the risks of fraud. In other circumstances, we may conclude that we need to modify our procedures.

Risks of fraud in revenue recognition

CAS Requirement

When identifying and assessing the risks of material misstatement due to fraud, the auditor shall, based on a presumption that there are risks of fraud in revenue recognition, evaluate which types of revenue, revenue transactions or assertions give rise to such risks. CAS 240 paragraph 48 specifies the documentation required where the auditor concludes that the presumption is not applicable in the circumstances of the engagement and, accordingly, has not identified revenue recognition as a risk of material misstatement due to fraud (CAS 240.27).

Documentation of the rebuttal of revenue recognition risk

If the auditor has concluded that the presumption that there is a risk of material misstatement due to fraud related to revenue recognition is not applicable in the circumstances of the engagement, the auditor shall include in the audit documentation the reasons for that conclusion (CAS 240.48).

CAS Guidance

Material misstatement due to fraudulent financial reporting relating to revenue recognition often results from an overstatement of revenues through, for example, premature revenue recognition or recording fictitious revenues. It may result also from an understatement of revenues through, for example, improperly shifting revenues to a later period. (CAS 240.A29)

The risks of fraud in revenue recognition may be greater in some entities than others. For example, there may be pressures or incentives on management to commit fraudulent financial reporting through inappropriate revenue recognition in the case of listed entities when, for example, performance is measured in terms of year‑over‑year revenue growth or profit. Similarly, for example, there may be greater risks of fraud in revenue recognition in the case of entities that generate a substantial portion of revenues through cash sales. (CAS 240.A30)

The presumption that there are risks of fraud in revenue recognition may be rebutted. For example, the auditor may conclude that there is no risk of material misstatement due to fraud relating to revenue recognition in the case where a there is a single type of simple revenue transaction, for example, leasehold revenue from a single unit rental property. (CAS 240.A31)

OAG Guidance

We evaluate which types of revenue and revenue transactions give rise to risks of fraud in revenue recognition at the assertion level. It is important that the assessment of fraud risk in revenue recognition is performed with sufficient granularity to identify the risk at the FSLI assertion level and develop an appropriate response. As the revenue fraud risk would relate to specific financial statement assertions, our response to the fraud risk in revenue recognition would focus on those specific assertions and not necessarily aim to address others. However, when we rebut the fraud risk presumption, we need to carefully consider the rationale for doing so and document it appropriately in the workpapers.

We analyze revenue with the objective of identifying unusual or unexpected relationships involving revenue and related accounts that may be indicative of a material misstatement due to fraud. For example:

  • Unusual increase in revenue recorded close to the period end.

  • Significant returns from customers that might indicate undisclosed side agreements.

  • Subsequent adjustments to accounts receivable for billing adjustments or other credits that may indicate fictitious sales.

  • Unusual credits recorded within cost of sales.

This could include revenue analytics performed at a disaggregated level (e.g., by monthly or quarterly time period, line of business, location, product, or account), analysis of gross margins at a disaggregated level (e.g., by product, on a weekly basis prior to and after period end), or comparison of revenue with related operating data. Analytics performed at a high level (e.g., entity level) may mask significant, but offsetting, differences that are more likely to come to our attention when data is disaggregated.  In all cases, we consider incentives, opportunities and rationalization when assessing the risk of fraud in revenue recognition (see OAG Audit 5501). Consideration of incentives, opportunities and rationalization of fraud may be performed during the fraud risk brainstorming discussion held at the planning phase of the audit.

An effective method to identify fraud risks related to revenue is to discuss the ways in which revenue fraud may manifest (fraud schemes). Some revenue fraud schemes can be simple. For example, issuing credit returns after period close to conceal fictitious or premature revenue recognition. Other schemes can involve a much higher level of sophistication, for example, creating falsified documents and emails that are intended to conceal that reported revenues are overstated. Also, we may consider discussing industry or entity‑specific fraud schemes with the Internal Specialist for Fraud.

Based on the outcome of our brainstorming and fraud risk assessment, we determine whether we have identified one or more risks of material misstatement due to fraud related to revenue recognition and the revenue types and assertions relevant to those risks. Determining the relevant assertions for the identified risks of fraud in revenue recognition reflects our fraud risk assessment based on entity specific factors and does not constitute rebutting the risk for other assertions that we do not identify as relevant (i.e., the risk of fraud in revenue recognition is considered to be rebutted only when we determine that there are no relevant assertions for the risk). If the basis for our conclusion on which assertions and revenue types are relevant to risk of fraud in revenue recognition is not already evident from documentation of the relevant fraud risk factors and understanding of the entity’s revenue activities, document the rationale.

For example, if we do not believe there is a risk of material misstatement due to fraud in the cut‑off assertion for an entity that is known to have a high volume of bill and hold arrangements (or other conditions that might reasonably present a risk of cut‑off manipulation), then a more explicit documented rationale would be appropriate.

When we have identified a risk of material misstatement due to fraud in revenue recognition, it is assessed as a significant risk in accordance with CAS 240.28. As with all identified risks of material misstatement, our documentation of the basis for our identification and assessment of the fraud risk at the assertion level includes documenting our evaluation of inherent risk factors which facilitates the development of an appropriately tailored audit response.

The determination of the circumstances where we may rebut the presumed significant risk of fraud in revenue recognition requires not only consideration of the nature of revenue, e.g., simple or complex, but also what, if any, management’s incentive may be to misstate revenue or profits (e.g., taking into account the extent to which revenue is a key performance indicator for the business and the impact on profits of misstating revenue). While a relatively straightforward revenue recognition accounting policy may not present more than a normal risk of material misstatement due to error, the mere lack of accounting complexity and/or the straightforward nature in which revenue transactions are processed does not alone provide sufficient rationale to conclude the risk of material misstatement due to fraud is not present. When considering whether it is appropriate to rebut the presumed significant risk of fraud in revenue recognition, we are not assessing whether the identified risk of material misstatement due to fraud represents a significant or elevated/normal risk because we are required by CAS 240.28 to treat any identified risk of material misstatement due to fraud as a significant risk). Rather, our assessment is focused on whether there are relevant assertions for the identified risk of material misstatement (i.e., the assertions for which the risk represents a reasonable possibility of occurring and being material if it were to occur).

We also consider whether rebuttal of the significant risk is consistent with other judgments we make in the audit, e.g., if revenue has been selected as the appropriate benchmark for determining overall materiality because we judge it most relevant to users of the financial statements, we may want to consider whether it would be appropriate to conclude there is no incentive for management to misstate revenue.

We also need to consider our overall assessment of fraud risk factors present at the entity as part of our assessment of the presumed risk.

There can be many different factors to consider when evaluating whether it may be appropriate to rebut the significant risk of fraud in revenue recognition. Some common factors to consider, among other entity‑specific factors and identified fraud risk factors, include the following:

  • The level of pressure on management to manipulate revenue, including pressure to meet stakeholder expectations or contractual obligations (e.g., covenants) and the extent to which management compensation is influenced by revenues and/or earnings (e.g., the entity is profitable, solvent and has positive cash flows which may indicate little pressure on management, and/or management’s compensation is not unduly influenced by reported revenues)

  • The level of complexity of revenue recognition (e.g., leasehold revenue from a single unit rental property would typically be considered a low level of complexity because of a simple accounting policy and non‑complex systems and processes used by the entity)

  • The clarity of the point at which risks and rewards of ownership transfer to the customer (e.g., point of transfer is readily identified by means of signed delivery notes and the entity has no significant post sale obligations or commitments)

If uncertain about a judgment concluding that it is appropriate to rebut the significant risk of fraud in revenue recognition, consider consultation with Audit Services.

A risk titled Revenues, as it relates to fraud, unless presumption is not applicable (with associated completeness, accuracy, cut‑off, and existence/occurrence assertions) is automatically included in the Audit Planning Template. The inherent risk is automatically determined as Significant.

Where we are able to overcome the presumption that the fraud risk relating to revenue recognition is significant, manually change the inherent risk to Normal to reflect our assessment of inherent risk. When we do this, we are required to add an explanation to document our rationale.

What does the auditing standard require?

CAS 240 paragraphs 26‑28 outline the following procedures related to risk of fraud:

  • Identify and assess the risks of material misstatement due to fraud at the financial statement level, and at the assertion level for classes of transactions, account balances and disclosures;

  • Evaluate which types of revenue, revenue transactions or assertions give rise to fraud risks, based on a presumption that there are risks of fraud in revenue recognition;

  • If this presumption is not applicable, document the reasons why; and

  • Treat those assessed risks of material misstatement due to fraud as significant risks.

Based on these requirements, we should rebut only when we conclude that there is no risk of material misstatement due to fraud in revenue recognition. The auditing standard requires that if there is any risk of material misstatement due to fraud identified it should be treated as a significant risk in our audits.

What do engagement teams need to do?

To properly assess the risk of fraud in revenue recognition, teams should:

  1. Identify the entity’s types of revenue and revenue transactions.

    In this step, we obtain an understanding of the end‑to‑end business process for revenue transactions, including the revenue recognition policy for each revenue stream.

  2. Evaluate which types of revenue, revenue transactions or assertions give rise to the risk of material misstatement due to fraud in revenue recognition.

    In this step, we evaluate whether any relevant fraud risk factors (opportunities, incentives, and rationalization) specific to revenue recognition are present, and identify the specific assertions affected.

  3. Conclude on which types of revenue, revenue transactions or assertions give rise to risk of material misstatement due to fraud in revenue recognition.

    In this step, we conclude whether such risk exists for all or certain types of revenue and revenue transactions. If there are clearly no risks of material misstatement due to fraud in revenue recognition in the end‑to‑end business process for revenue transactions, then teams may be able to rebut the risk of fraud in revenue recognition.

  4. To the extent not already done so, obtain an understanding of the entity’s related controls, including control activities, relevant to the identified significant fraud risk.

    In most cases, we would already have obtained this understanding in step 1); however, we should revisit whether our understanding of control activities is sufficiently detailed related to controls addressing the risk of fraud.

  5. Design and perform further audit procedures to respond to the identified fraud risk relating to revenue recognition.

    In many cases the risk of fraud in revenue recognition will be addressed by procedures performed to cover other risks, such as journal entry testing, cut‑off procedures, accrual testing, etc. Upfront consideration and documentation will need to be performed during planning in order to consider fraud schemes and how we have responded to the specific fraud risks.

Possible reasons to rebut the revenue recognition risk include:

  • Revenue recognition is not complex.

  • There is little pressure on management to manipulate revenue as financial information supports that it is profitable, solvent and has positive cash flows.

  • The date of transfer of risks and rewards of ownership relating to sales is readily identified by means of signed delivery notes.

  • Sales are homogeneous, thereby decreasing the risk that incorrect revenue recognition relating to one sale could significantly affect revenue recognition for the year.

  • All sales are invoiced in local currency.

  • In prior years no revenue recognition exceptions were noted during our audit.

Revenue recognition fraud schemes, identifiers and responses

OAG Guidance

Revenue Recognition Fraud Schemes, Identifiers and Responses

Note 1: This outline serves only as an illustration to refer to when assessing fraud risk and identifying an audit response during the course of a financial statement audit. It does not encompass all existing schemes or potential indicators that would be demonstrative of a thorough understanding of entity specific fraud risks, nor is it intended to be an exhaustive checklist of all potential audit responses to the specific schemes listed. We use professional judgment and consider the entity’s internal controls which may be an important part of our response.

Note 2: The individuals to be interviewed depend upon specific risks identified. Potential interviewees extend beyond management and financial accounting personnel, including, but not limited to, warehouse/shipping personnel, sales personnel, distributors, suppliers, and customers.

Scheme Potential Indicators of Scheme Potential Interviewees and Questions Potential Audit Response to Identified Risk

Premature Revenue Recognition: Billing for goods or services that do not meet the agreed delivery terms

Premature delivery of product or services, or channel stuffing

  • Unexplained improvements in gross margin especially on sales made at the end of an accounting period.

  • Increased days sales outstanding at the end of a period as compared with other parts of the year and prior year.

  • Inconsistent business activity (i.e., higher revenues with no corresponding increase in distribution costs).

  • Spike in sales activity at period end

  • Manual or non‑systematic invoicing of sales.

  • Numerous billing errors that need to be corrected and re‑billed.

  • Credit adjustments to accounts receivable after period end.

  • Management, financial and accounting and sales personnel:

    • What are the reasons for change in receivables and/or gross margins, in billing process, customer base, sales term, etc?
  • Management:

    • Have there been any changes in the revenue recognition policy?
    • How did the change affect revenue recognition?
  • Accounts receivable personnel:

    • What is the extent of manual billing?
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Perform analytical procedures to identify the existence of unusual transactions in accounts receivable. In particular review:

    • Receivable turnover.
    • Days Sales Outstanding.
    • A/R Allowance as a percent of A/R.
  • Look for unusual fluctuations or trends for the current period when compared to prior periods (prior year, quarterly, monthly and weekly). The ratios may indicate that A/R is increasing or that liabilities (i.e. deferred revenue) are decreasing inappropriately from one period to the next which could indicate fictitious sales or premature revenue recognition.

  • Review prior period ratios and compare them to prior period to determine if there is a pattern of increased unsettled revenue.

  • Compare current year monthly sales with prior year monthly sales and look for unusual fluctuations.

  • In periods with unexpected analytic results, examine sales transactions for delivery terms, credit notes, billing accuracy, and related cost of sales.

  • Confirm accounts receivable balances at year end (note: early confirmations with a roll forward may be ineffective in identifying this fraud scheme).

Premature Revenue Recognition: Side agreements with Customers and Others

Agreements made with customers after the original agreement is entered into which modify the material terms of the original contract

  • Large amount of post period end credits, not expected for the client’s business circumstances.

  • Numerous side agreements made outside of the course of normal reporting channels with terms not expected for the client’s business circumstances providing for, for example:

    • Liberal/unconditional rights of return.
    • Rights to cancel orders at any time.
    • Contingencies which if not met make the sale null and void.
    • Excuse of payment if goods purchased are not resold or for total absolution of payment.
    • Rights of continuing negotiations.
    • Committing the entity to use its own sales force to find customers for reseller.
    • Extended payment terms beyond 12 months.
    • Absolving customers of payment obligation if anticipated funding is not received.
    • Treatment of sales agreement as ineffective until goods resold.
  • Management and accounting personnel:

    • Tell me about any side agreements which modify sales that you were made aware of.
    • What is the nature of side agreements?
    • Explain your point of view on entering into side agreements. Should such agreements to be made frequently/never, etc.?
  • Sales force:

    • Tell me about any circumstances surrounding situations when you were allowed/encouraged to use side letters (whether written or oral) with different terms from the original contract.
    • What are the details of side agreements entered into?
    • Tell me about any situations when management commits(ed) the entity to use its own sales force to find customers for resellers.
  • Management and the sales force:

    • Tell me about any situations when the entity made side agreements which extend payment terms beyond 12 months for goods purchased and not resold, or excuse payment altogether.
    • What is the entity’s right of return policy and how was it developed.
    • What were changes to the return policy (this point only for new clients or for an entity that changes their return policy).
  • Accounts receivable personnel or collections personnel:

    • Tell me about any sales persons or departments that have a high number of unusual transactions and/or significant post sale adjustments.
  • Financial and accounting personnel about their knowledge and experience of side agreements which:

    • Absolve customers of payment obligations if anticipated funding is not received.
    • Treat sales agreement as ineffective until goods are resold.
  • Relevant personnel (including management, sales people and accounting staff):

    • Tell me about any practices when revenue was recorded for sales for which customers had not signed a purchase order (soft sales).
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is a part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review customer contracts, including side agreements; to determine if there is persuasive evidence of an arrangement and paying particular attention to unusual terms and conditions.

Premature Revenue Recognition: General factors tending to indicate premature revenue recognition

  • Large, numerous or unusual sales transactions occurring shortly before the end of the period where sales are expected to decline, or are unusual for the specific client’s business and circumstances.

  • Large amounts of returns or credits after the close of a period.

  • Inquire of relevant personnel (including management, sales force and accounting staff):

    • Tell me about reasons for any large, numerous sales transactions occurring shortly before the end of the period. Why was such sales activity different than in earlier periods?
    • Tell me about customers with seasonal fluctuation in ordering.
    • Tell me about reasons for any large returns and/or credits after the close of a period.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review sales contracts for sales closer to period end including the provisions governing time, manner and conditions for payment, delivery, shipping terms, risk of loss, passage of title and return provisions to determine whether a sales agreement exists and ensure that all conditions have been met to justify revenue recognition.

  • Examine large or unusual transactions occurring prior to the close of the period to ensure that they are properly accounted for.

  • Examine transactions occurring prior to the close of the period end for customers who ordinarily do not order in that season

  • Conduct sales cut‑off tests by selecting invoices from both the end of the previous period and the beginning of the subsequent period and examine the appropriate supporting documentation sales order, shipping documentation etc., to ensure that they are recorded in the proper period.

  • Verify sales via written confirmations. If considered necessary, using professional judgement, confirm with customer the reasons for large returns.

  • Review sales and shipping invoices to ensure that they are in numerical sequence. If not, execute procedures designed to detect fictitious invoices that may be hidden, or at least withheld from the auditor.

Premature Revenue Recognition: Early Delivery of Product

Delivery of a product prior to customers’ readiness to accept or recording the shipment of goods before they have left the warehouse

  • Delivery of goods before agreed upon date in the purchase order.

  • Shipping department:

    • Tell me about any situations when you have been asked to ship earlier than normal for customers or if there is inventory stored in the warehouse that has been documented as shipped.
    • What are situations and transactions, if any, when you have been asked to adjust the shipping dates?
  • Sales force:

    • Tell me about any situations when you requested that product be shipped to customers to arrive more than a few days ahead of the customers’ required delivery date.
  • Warehouse and shipping personnel—Tell me about any situations where you have been asked to:

    • Destroy, conceal, pre‑date or postdate the shipping and/or inventory documents.
    • Accelerate shipments prior to month or year‑end.
    • Ship to a temporary or holding warehouse prior to final shipment to the customer’s premises.
    • Do anything else which is otherwise unusual, questionable or improper.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Examine underlying shipping documents (including terms FOB destination and shipping point) for accuracy, compare with order/ agreement terms and conditions, and verify existence of transactions.

  • Perform shipping analytics, such as shipping point, dates and destination trend analysis per customer. Compare to prior periods (prior year, prior quarters, prior month ends). Inquire of management regarding fluctuations.

  • If considered necessary, using professional judgment, confirm with customer about reasons and situations when they have ever been asked to accept delivery of products earlier than required.

Premature Revenue Recognition: Channel Stuffing

Shipping of products to customers who are encouraged to overbuy in exchange for short term discounts

  • Entity’s products are sold through distribution channels.

  • Large, numerous or unusual transactions occurring shortly before the end of the period at discounted prices.

  • Large spikes in period end sales to distributors, followed by a lull of sales in the following period.

  • Sales people:

    • Tell me about any situations when management has encouraged distributors to overbuy under the short‑term offer of deep discounts or other incentives.
  • Shipping personnel:

    • Tell me about any situations when product has been shipped to customers ahead of their requirements.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review customer contracts and side agreements for unusual discounts in exchange for sales and for right of return provisions.

  • Examine if sale transactions are appropriately recorded.

  • Examine goods returns subsequent to period end, compare to other periods to determine if the returns unusually significant.

  • Review changes in inventory balances to determine if there are signs of buildup due to channel stuffing.

  • Review of gross margins.

  • Testing Inventory net realizable value as compared to the latest sales.

  • Review of changes in receivable balances at period end by comparison to other times of the year.

Improper Revenue Recognition: Recording Fictitious Revenues

False sales to existing customers or false sales to customers that do not exist

  • Significant adjustments to revenue at or shortly after the end of the reporting period.

  • Unexpected increases in sales by month at period end.

  • Customers with unknown names or addresses.

  • Manual invoices utilized to record sales.

  • Non-standard journal entries to record revenue.

  • Accounting personnel (including junior personnel):

    • Tell me about any situations when revenues are recorded outside of the normal invoicing process, or standard monthly journal entries. If so, what kind of journal entries supporting documentation exists?
    • Tell me about any situations when accounting personnel have been inappropriately pressured to make or adjust journal entries.
    • Tell me about any situations when you would have been pressured into creating false invoices for existing customers.
  • Sales people, accounting staff and shipping personnel:

    • Tell me about any situations when you have noted unusually high sales or shipments to customers with no reasonable explanation.
  • Tell me about situations when you have noted significant sales or shipments to unfamiliar new customers.

  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Send confirmations to customers to verify amount of sales.

  • Perform alternative procedures responsive to the indicated specific fraud risk for confirmations not returned or returned with exceptions.

  • Review journal entries supporting documentation, and verify their accuracy.

  • Examine sales which reverse in the subsequent period.

  • See Early Delivery of Product and Bill and Hold sections.

  • Conduct research of publicly available information (e.g., on‑line database, manual record and Internet) to verify existence and legitimacy of customer.

Improper Revenue Recognition: Related Party Transactions

Transactions with parties with an intention of achieving a particular accounting result, rather than for a valid business purpose or, concealing the related party nature of the transactions and not making appropriate disclosures

  • Sales with a commitment from the seller to repurchase the goods.

  • Sales with a guarantee by an entity financed by the seller of what is essentially an uncollectible receivable.

  • Other sales to related parties or sales transactions with terms which are less than arm’s length.

  • Shipments made to third party warehouses rather than to a customer’s regular address in order to conceal the related party transaction.

  • Shipments of damaged goods at full sales prices.

  • Abnormally large amounts of sales to one or few parties.

  • Material receivables from related parties including officers, employees and directors.

  • Management, sales people, accounting staff, shipping personnel and procurement staff:

    • Tell me about any situations when you were made aware of customers or suppliers that may be related to management or other employees of the entity.
    • If there are numerous sales to a single or few customers, inquire as to the nature of the relationship between the buyer and entity.
    • Are there any sales contracts involving related parties? What is the nature of their involvement?
    • Tell me about any situations where the entity has repurchased goods.
  • Counsel, prior auditors and other service providers:

    • Tell me about the extent of your knowledge of related parties to material transactions.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Look for and examine related party transactions outside the ordinary course of the business.

  • Conduct background investigations on customers and suppliers to identify related parties and confirm legitimacy of business.

  • Look for and examine unusual or complex transactions occurring close to the end of a reporting period.

  • Look for significant bank accounts or operations for which there is no apparent business purpose.

  • Review the nature and extent of businesses transacted with major suppliers, customers, borrowers and lenders to look for previously undisclosed relationships and the substance of the transactions.

  • Review confirmations of loan receivables and payables for indications of guarantees.

  • Vary and perform alternative and/or additional procedures when confirmations are not returned or returned with indication of guarantees or exceptions.

  • Examine material cash disbursements, advances and investments to determine if these are made in or to entities to whom sales are also made.

  • Trace related party sales to supporting documentation (i.e. contract and sales order) to ensure appropriately recorded.

  • If considered necessary, using professional judgment, confirm with related parties whether there are side agreements for right of return or contract cancellation without recourse.

Improper Revenue Recognition: Backdating of agreements

  • Applicable in industries where the date of a signed contract directly impacts revenue recognition (e.g. software sales).

  • Individuals in sales, financial, accounting and legal departments:

    • Tell me about any situations when you have been instructed or pressured to back date agreements.
  • Contract administrator:

    • Tell me about any contracts that sales personnel stated were signed but were not received by the contract administration group until after period end.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Examine original signed customer contracts for dating and to determine the nature and validity of business transacted with major customers, borrowers and lenders.

Improper Revenue Recognition: Backordered Sales

Recognizing revenue for backordered goods that are not shipped yet

  • Numerous sales reversals transactions recorded after close of period.

  • Large, numerous or unusual transactions occurring shortly before the end of the period.

  • Numerous customer complaints regarding lack of completeness in shipments.

  • Management, the sales force, financial and accounting personnel:

    • Tell me about the policy for billing backordered goods and partially filled orders.
    • Tell me about the process for filling partially filled orders or backlog.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review sales documentation for partial shipment or backordered goods to determine that revenue is not recognised for orders or portions that cannot be filled.

Improper Revenue Recognition: Bill and Hold sales

Recognizing revenue for Sales agreements where goods that have been sold are not shipped to the customer but as an accommodation are segregated outside of other inventory or are shipped to a warehouse for storage awaiting customer instructions

  • Bills of lading signed by an entity employee rather than shipping company.

  • Shipments made to entity owned warehouses or storage facilities rather than to a customer’s regular address.

  • Shipping information is missing on invoices.

  • Unusual shipping terms included on invoice (e.g. ship in place or ship in storage).

  • Unexpected decrease in current year monthly sales from the prior year may indicate the reversal of fraudulent bill and hold transactions in a subsequent period.

  • Unexplained improvements in gross margin.

  • Warehouse personnel:

    • Tell me about customer inventory held on the premises or in a third party warehouse or in trucks/rail cars.
  • Shipping department or finance personnel:

    • Tell me about situations when you have been asked to falsify or alter shipping documents.
  • With respect to entities shipping products, inquire of the warehouse and shipping personnel about situations whether he/she or anyone else has been instructed:

    • To misstate the amount of merchandise the entity ships, receives or holds.
    • To destroy, conceal, pre‑date or postdate the shipping and/or inventory documents.
    • To ship to a temporary or holding warehouse prior to final shipment to the customer’s premises.
    • To do anything else which is otherwise unusual, questionable or improper.
  • Accounting management:

    • Tell me about any bill and hold policies and any customers with bill and hold arrangements.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • For recognized bill and hold transactions, examine sales contracts and/or orders and other evidence to ensure that:

    • The risks of ownership have passed to the buyer.
    • The customer has made a fixed commitment to purchase the goods.
    • There is a fixed schedule for delivery of the goods.
    • The ordered goods are segregated from the seller’s inventory and not used to fill other orders, and the goods are complete and ready for shipment.
  • Examine underlying shipping documents for accuracy and verify existence of transactions.

  • Compare shipping costs to prior periods for reasonableness.

  • Review warehouse costs and understand the business purpose of all warehouses.

  • Confirm special bill and hold terms with customers directly including transfer of risk of loss and liability to pay for the bill and hold goods.

  • Test reconciliation of goods shipped to goods billed for accuracy.

  • Select a sample of sales transactions from the sales journal, obtain the supporting documentation and:

    • Inspect the sales order for approved credit terms.
    • Compare the details of the sales orders, shipping documents and sales invoices for inconsistencies.
    • Recompute any extensions on sales invoices (i.e. price multiplied by quantity).
  • In conjunction with the physical inventory, tour facility or warehouse, inquire of warehouse personnel about any held customer products and evaluate entity’s follow up of the physical count adjustments.

Improper Revenue Recognition: Misuse of Return / Exchange / Refund Policies (e.g. specific customer return/exchange/ refund practice are unusually liberal as compared to entity official policy and market practice)

  • Customers given payment terms extending over a substantial portion of the period in which the customer is expected to use or market the related products.

  • Customers are given an extended return, refund or exchange period on products or services.

  • Significant post sale credits offered to customers.

  • Sales personnel:

    • Tell me about any situations when the entity has offered customers price concessions, refunds, or new products. If so, inquire as to how long the payment term extends.
    • Inquire as to the entity’s exchange policy.
  • Accounting staff and financial personnel:

    • Tell me about details of the returns policy, including amount of returns. Confirm that the policy is being followed with warehouse personnel who process returns.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review the underlying value of the entity’s products in relation to competitor products available in the market. Has the selling price decreased due to the introduction of new products or market conditions?

  • Verify subsequent sales pricing for price erosion and net realisable value of inventory.

  • Examine subsequent credits to customers and their nature to identify price concessions or liberal credits offered to customers over and above policy.

  • Compare returns subsequent to the reporting period end to both the return reserve and the total monthly returns for reasonableness.

Improper Revenue Recognition: Recording sales where contingency clauses require different accounting treatment

  • Sales contracts where collection is tied to some other event such as the resale of a product or receipt of anticipated funding.

  • Customers given payment terms extending over a long period of time.

  • Sales personnel, legal and financial personnel:

    • Tell me about the existence of contingencies in sales contracts and about situations when customers are being given unusually generous payment terms or the contract contains unusual terms regarding payment.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Confirm with customers the terms of sales, including any contingency clauses.

  • Test the accounting treatment of contracts with non‑standard terms, including contingency clauses.

Improper Revenue Recognition: Manipulation of standing data—pricing master file

  • Weak controls over the master pricing files.

  • Manual invoicing of transactions.

  • Wide variation of sales prices offered on the same product or SKU.

  • Numerous credit notes to adjust for pricing of sold goods/services.

  • Sales personnel and billing personnel:

    • Tell me about the ability to change established pricing when negotiating a sale.
    • Tell me about the levels of authority needed in order to change an established sales price, and the controls over that process.
    • Tell me about any situations when you have been instructed/pressured to change the price outside of understood policies or if you are aware of others who have done so.
    • Tell me about any instances when you received complaints from customers regarding differences in pricing on invoices versus their expectations.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Confirm with customers the terms of sales, including pricing terms.

  • Examine revenue transactions and vouch prices to purchase order or contract.

  • Test credit notes to determine nature and cause of credits.

Improper Revenue Recognition: Frontloading revenue on percentage of completion projects

  • Weak processes and controls over the accounting for projects on the percentage of completion method.

  • A trend of decreasing margins may indicate intentional front loading of revenue.

  • Lookback analyses of previous periods indicate the company is not accurate in its percentage of completion estimations.

  • Project managers and accountants:

    • Tell me about the status of the projects.
    • Tell me about the reasons for a trend of decreasing margins.
    • Tell me about the accuracy achieved in prior periods in estimation of percentage of completion.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Obtain a listing of contracts where revenue is recognized on a percentage of completion basis and perform testing over the cost estimates and reperform related revenue recognition calculation.

  • Test actual costs to determine whether any costs are prepaid or materials delivered at the job site well in advance of scheduled usage.

Improper Revenue Recognition: Frontloading revenue on multi‑element transactions

  • Weak processes and controls over the accounting for multi‑element transactions.

  • Limited data points made available from which to determine allocation of consideration method on the individual elements.

  • A significant portion of revenue on a multi‑element transaction is recognized for the licensing portion of the transaction.

  • Revenue recognition managers:

    • Tell me about any products or divisions that have a wide range of values assigned to the same individual elements across different multi‑element transactions.
    • Tell me about the history of adjustments that have had to be made to correct for errors in the assigning of value to elements within multi‑element transactions.
    • Tell me what may be your specific objectives/goals to meet when determining how to allocate the revenue (i.e. pressure to allocate to recognize revenue upfront).
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Obtain a listing of multi‑element transactions entered into during the year and perform testing over the allocation of revenue.

  • Review and analyze products or divisions that have a wide range of values assigned to the same individual elements across different multi‑element transactions.

  • Confirm with customers that conditions for recognized elements of transactions were met before recognition.

Improper Revenue Recognition: Other Sham Transactions

Booking consignment sales as income

Conditional Sales (i.e. recognition in instances where the buyer has right of return.)

Recording refundable deposits as income

Transactions with no business purpose

  • Company with significant consignment sales.

  • Customers are given an unusual return, refund or exchange period on products or services.

  • Significant refundable deposits.

  • Sales transactions with no supporting evidence regarding nature and substance of transaction.

  • Sales and legal department:

    • Tell me about the number of consignment transactions/ arrangements you have encountered.
  • Management and the legal department:

    • Tell me about the business purpose of any large or unusual transactions that appear to be out of the ordinary course of business.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review inventory provided to customers on consignment and determine if revenue was recognised prematurely.

  • Examine third party documents or contracts to determine that cash remittances are appropriately recorded as a revenue (i.e. are not refundable deposits)

  • Test transactions with no apparent business purpose by reviewing supporting documentation, to understand the nature and business purpose of the transaction.

Improper Revenue Recognition: Decreasing Contra revenue accounts

Decreasing or misclassifying contra revenue accounts to artificially increase revenue (e.g. decreasing customer returns, discounts and warranties reserves and/or allowance for doubtful accounts
  • Decrease in the contra account or other sales allowances or provisions in relation to the prior period.

  • Returns and allowances misclassified as expenses rather than as a reduction of gross sales.

  • Sales personnel:

    • Tell me about the nature of changes or reductions to sales allowances such as the allowance for sales returns.
    • Tell me about any situations when there have been changes to the return policies.
    • Tell me if you have tried to provide discounts to struggling customers outside the company’s policies.
    • Tell me about any situations where you have been asked for information that would impact returns, discounts and/or allowances or where you received resistance/ challenges from accounting or management to the information you have provided.
  • Accounting personnel:

    • Tell me about any situations when you have approved reclassification of contra revenue items to expense accounts, or been pressured to do so.
    • Tell me about any situations when you have felt pressure to inappropriately understate reserves/ allowances
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Test returns/ allowance and warranty reserve account to determine that all returns are recorded and that all warranty liabilities are recorded in the year of sale.

  • Review returns and allowances account mapping to ensure proper classification in the financial statement.

  • Review and/or test customer returns subsequent to period end and compare aggregate amount to the reserve for adequacy.

Improper Revenue Recognition: Keeping books open for extended time after period end to include additional sales
  • Unusual increases in recorded monthly or weekly sales close to financial period end.

  • Accounting staff:

    • Tell me about situations when you were made aware of unusual delays in closing the books at period end.
  • Shipping managers:

    • Tell me about any situations when you have been asked to alter the shipping dates of orders.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Perform cut‑off tests to determine whether sales are recorded in the proper period.

  • Look for unusual transactions occurring late in the financial records closing process.

Improper Revenue Recognition: Improperly reporting revenue based on gross sales
  • Situations where an entity sells the service or the product of another organization.

  • Product sales for which the underlying product was not carried in the company’s inventory.

  • Accounting and billing personnel:

    • Tell me about the use of any “drop shipment” or other types of sales where the company never takes title to the product prior to selling it to a customer.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review and test sales terms by reading contracts or purchase orders to determine whether the entity:

    • Acts as a principal in the transaction.
    • Takes title to the products.
    • Has risks and rewards of ownership.
    • Acts as an agent or broker.
Overstatement of Assets/Understatement of Liabilities fraud schemes, identifiers and responses

OAG Guidance

Overstatement of Assets / Understatement of Liabilities Fraud Schemes, Identifiers and Responses

Note 1: This outline serves only as an illustration to refer to when assessing fraud risk during the course of a financial statement audit. It does not encompass all existing schemes or potential indicators that would be demonstrative of a thorough understanding of entity specific fraud risks, nor is it intended to be an exhaustive checklist of all procedures for the specific schemes listed. We use professional judgment and consider the entity’s internal controls which may be an important part of our response.

Note 2: The individuals to be interviewed depend upon specific risks identified. Potential interviewees extend well beyond management and financial accounting personnel, including, but not limited to, warehouse/shipping personnel, sales personnel, distributors, suppliers, and customers.

Scheme Potential Indicators of Scheme Potential Interviewees and Questions Potential Audit Response to Identified Risk

Inventory

Fictitious Inventory—reporting inventory which does not exist

Recording fictitious inventory receipts

Intentionally recording fictitious inventory via journal entry or adjustment to the perpetual records

  • Management discourages us from observing physical inventory counts.

  • Unusual increase in the amount or value of bulk inventory maintained and costed based on weight or volume.

  • Bulk inventory that has different value dependent on the grade or quality of the material.

  • Unsupported inventory, journal entries.

  • Out of sequence inventory count sheets, or inventory count sheets that appear different than the standard sheets being utilized on the count.

  • Inventory for which multiple SKU’s appear to relate to the same or similar product, but have widely different descriptions and locations.

  • SKU’s in inventory that have relatively significant extended value, but little or no sales or purchasing history within the perpetual inventory system.

  • Unusual or suspicious receiving documentation.

  • Unusual or suspicious purchase orders.

  • Large quantities of high cost items in final inventory report.

  • Inclusions in inventory counts of merchandise already sold or for which purchases are not recorded.

  • Relatively significant “book to physical” adjustments that increase inventory balance.

  • Material reversing entries to the inventory account after the close of the accounting period.

  • Inventory that is not subject to a physical cycle count.

  • Inventory maintained in off‑site locations at which entity management, employees or their third party service provider did not perform physical inventory counts.

  • Entity with multiple locations requests unusually early notice regarding the location of the auditor’s selection of sites at which they will be observing the physical inventory count.

  • Existence of inventory items that customer returned which are included in inventory and not counted in physical observation as a result (Example: the entity mails bricks to a customer, and informs the customer it was a mistake and to mail them back. The entity asserts the returned packages contain inventory and adds the purported value to the total inventory balance.

  • Finance personnel and management:

    • Tell me about any situations when the entity is trying to obtain or has obtained financing secured by inventory.
  • Purchasing personnel:

    • Tell me about any situations when you have been pressured to create fake invoices and purchase orders or false shipping and receiving reports for inventory.
    • Tell me about any situations where you have been asked to process a purchase order or receiving report for inventory in unusual circumstances.
  • Accounting personnel:

    • Tell me about any situations when you have been pressured to create non standard journal entries for the inventory without proper support.
    • Tell me about any situations when you have noticed unusual book to physical adjustments (e.g. a significant adjustment to inventory balances at a location that usually has a high rate of accuracy).
    • Tell me about ongoing accuracy of the perpetual inventory system (i.e. do they experience “stock outs” on high value items).
  • Warehouse/Shipping personnel:

    • Tell me about any issues you have had with stock shortages/ unfilled orders due to problems with the perpetual records.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Observe physical inventory count.

    • To ascertain whether there are well kept perpetual inventory records that are appropriately checked by physical counts:
    • Of goods held with third parties.
    • To ensure that consigned inventory is excluded from inventory.
    • In locations that were not observed in prior year(s) audits.
  • Trace inventory tags to the inventory report sheets or other underlying documents.

  • Test count large quantities of high cost inventory items from sheet to floor.

  • Obtain confirmations from suppliers as to the sales of inventory to the entity.

  • Review inventory and cost of sales general ledgers for the reporting period prior to and subsequent to year‑end and investigate any large and unusual entries and reversing entries.

  • Test unusual reconciling items in inventory balance reconciliation to the general ledger.

Manipulation of inventory counts

Over reporting the quantity of inventory on hand to increase the recorded value on books

Manipulating physical inventory count results, including “book to physical” adjustments to increase inventory

  • Ratio analysis yielding a gross profit percentage higher than expected.

  • Inventory which is increasing proportionately faster than sales.

  • Decreasing inventory turnover.

  • Inventory as a percentage of total assets rising faster than expected.

  • Cost of goods sold per books not agreeing with the entity’s tax return.

  • Shipping costs have fallen while total inventory or Cost of Sales has increased.

  • Monthly or weekly trend analysis indicates spikes in inventory balance near financial reporting period ends.

  • Inventory turnover lower than competitor or industry average.

  • Finance and warehouse personnel:

    • Tell me about the entity’s policy for inventory counts (i.e. frequency and procedure).
  • Management and internal audit:

    • Tell me about any monetary adjustment of the book to physical counts as well as the reasons for the significant differences.
    • Tell me about the nature of the entity’s environment with respect to inventory controls, including the physical inventory.
    • Tell me about any situations when not all inventory shrinkages have been reported.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Investigate differences in inventory counts.

  • During physical inventory expand number of test counts. (Consider focusing additional test counts on high value items).

  • For significant “book to physical” adjustments, understand the reasons for the adjustments and if deemed necessary test the significant adjustments.

  • Observe a physical inventory count unannounced.

  • Observe physical inventories for multi‑locations all on the same date.

  • Also consider the example procedures for fictitious inventory in preceding section.

Improper Valuation

Assigning an improper valuation to recorded inventory to increase the value

  • Few or no write downs to market or no provisions for obsolescence where there have been rapid changes in product lines or technology or rapid decline in the market.

  • Price adjustments or pricing concessions on sales that may indicate a net realizable value problem.

  • Inventory in which SKU’s appear to be the same or similar product, but have widely different values.

  • SKU’s in inventory that have relatively significant extended value, but little or no sales or purchasing history within the perpetual inventory system.

  • Entity does not have processes/controls to evaluate standard costs and/or variances between standards and actual costs and to determine whether those amounts should be capitalized.

  • Overly complex overhead and labor standard costing computations.

  • Accounting personnel:

    • Tell me about the entity’s inventory pricing policy and how they identify value mark‑downs.
    • Tell me about any situations when you have been requested to delay inventory write‑downs due to obsolescence.
    • Tell me about any situations when you are have become aware of any items being sold below cost.
  • Management, accounting and finance personnel:

    • Tell me about situations when the entity has shown historical patterns in the past of over valuation of inventories.
  • Warehouse personnel:

    • Tell me about slow moving, damaged or obsolete inventory.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Test inventory value.

  • Compare inventory value with its net realizable value for identification of necessary write‑offs (e.g. due to obsolescence, lower demand).

  • Review the perpetual inventory records for slow‑moving or obsolete items and evaluate management’s reserve for slow moving and obsolete items.

Fraudulent or improper inventory capitalization

Overstating income by the improper capitalization of expenditures as inventory costs

  • “General and administrative” personnel costs are included in the standard costing model.

  • Entity is capitalizing inventory costs that other companies in the industry expense.

  • Management and accounting personnel:

    • Tell me about the entity’s policy for inventory cost capitalization.
    • Tell me about reasons for any unusual variances or any unusual changes in the standard costing process/controls.
    • Where applicable, tell me about reasons why gross margin is significantly lower than competitors or why the inventory balance seems high in comparison to competitors with similar sales volume.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Observe the manufacturing process and interview relevant personnel to gain an understanding of the costs associated with the manufacture of inventory.

  • Perform analytical procedures to assess relative proportion of components of cost of sales compared to prior periods and/or industry benchmarks.

  • Test the company’s development of standard costs and compare to actual based on the understanding obtained above.

Receivables

Fictitious Receivables

Recording Receivables which do not exist

  • Large receivables from related parties or unfamiliar sources.

  • Large discounts, allowances or returns after the close of the accounting period.

  • Lengthening of aging of receivables or granting of extended credit terms.

  • Reclassification of receivables between customers.

  • Write off of customer balances shortly after period end.

  • Reduction of allowance or reserve balances from prior periods.

  • Large volume sales to customers close to end of reporting period (stuffing the channel).

  • Increased trend of past due receivables.

  • Decrease in quick or current ratio.

  • Unexplained decrease in accounts receivable turnover.

  • Unexplained increase in Days Sales Outstanding (DSO).

  • Lack of adequate controls concerning sales and billing.

  • See also Revenue Recognition Schemes Table.

  • Finance personnel and management:

    • Tell me about any situations when the entity has tried to obtain financing secured by its receivables.
  • Sales personnel:

    • Tell me about any situations when you have been pressured to create fake invoices for sales.
  • Accounting or sales personnel:

    • Tell me about any situations when you have been pressured to adjust the value of receivables.
  • Accounting personnel:

    • Tell me about any situations when you have been pressured to create journal entries or invoices for fictitious sales of inventory or assets.
    • Tell me whether any customers have been pressured to accept large volume orders close to the end of period, accompanied by a liberal right of return.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Select sales and credit memoranda and perfom the following:

    • Examine the related records of goods shipped (i.e. purchase order, packing list, invoice and sales transaction journal).
    • Examine records of returns and claims from customers (receiving log, debit memo, credit memo, A/R transaction journal).
    • Determine whether there are unusually high volumes of returned goods recorded subsequent to period end by obtaining and reviewing the sales returns reports.
    • Consider unusual fluctuations in sales by obtaining and reviewing the daily sales reports for a number of working days before and after year‑end (e.g. five working days).
    • Consider whether there are unusual, suspicious or non‑standard transactions posted to accounts receivable including reclassification of accounts receivable balances between customers.

Related Party Receivables

Recording receivables which the entity does not intend to collect

  • Material unusually long‑outstanding receivables from related parties including officers, employees and directors.

  • Numerous leases between related parties.

  • Relevant personnel:

    • Tell me about side agreements with related parties that provide a right of return or contract cancelation without recourse.
  • Legal personnel:

    • Tell me about the business purpose of all leases entered into by the entity with related parties.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Examine terms of related party transactions to determine if they are outside the ordinary course of business.

  • Conduct background investigations on customers and suppliers to identify related parties and confirm legitimacy of business.

  • Examine supporting documentation for unusual or complex transactions occurring close to the end of a reporting period.

  • Look for significant bank accounts or entity operations for which there is no apparent business purpose.

  • Review the nature and extent of businesses transacted with major suppliers, customers, borrowers and lenders to look for previously undisclosed relationships.

  • Confirm loans (receivables and payables) for indications of guarantees.

  • Perform alternative procedures if confirmations are not returned or returned with material exceptions.

  • Review material cash disbursements, advances and investments to determine if the client is funding a related entity.

  • Agree related party sales to supporting documentation (i.e., contract and sales order) and consider whether appropriately recorded.

  • Discuss with counsel, prior auditors and other service providers the extent of their knowledge of parties to material transactions.

  • Inquire about side agreements with related parties for right of return or contract cancelation without recourse.

Inadequate reserves or failure to adequately recognize bad debts or impairment of receivables

  • Bad debt provisions or reserves that appear to be inadequate in relation to prior periods.

  • History of inadequate reserves for uncollectible receivables.

  • No apparent consideration of or adjustment of allowances in recognition of worsening economic conditions.

  • A/R days outstanding which are worsening from prior periods.

  • Management:

    • Tell me about the reason for any change in the reserve rates or policy for reserves in accounts receivable.
  • Sales force and credit department:

    • Tell me about any situations when you have been pressured to grant credit to customers who are not credit worthy.
  • Credit department:

    • Tell me about any situations when you have been told to extend payment terms for certain customers.
  • Tell me about any situations when the entity has changed its credit policy and the reason for such change.

  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Perform analytical procedures to compare provision to prior periods and investigate differences above established threshold.

  • Perform substantive procedures to verify reasonableness of bad debt allowance reserve.

  • Perform a retrospective review of the prior period estimate by comparing it to actual current period results (i.e. look‑back in respect of bad debt allowance).

Investments

Improper Valuation

Assigning an improper valuation to securities

  • Evidence of a decline in the fair value of debt securities that appears to be other than temporary, that is not recorded.

  • Improper classification of securities such that a security is recorded at amortized cost rather than fair value.

  • Accumulating losses for securities in other reserve accounts when circumstances indicate it should be recognized as a loss for the period.

  • Investment group personnel:

    • Tell me about when any unusual push back was received to your communication that a security is other than temporarily impaired.
  • Tell me if the company’s stated and disclosed investment intent and classification is consistent with the investing instructions you receive.

  • Management:

    • Tell me about the rationale for not recording a loss for a sustained decline in the fair value of a security and who has been involved in the decision to not record the loss.
  • Accounting personnel:

    • Tell me about any situations when you have been asked or pressured to record securities in a category which is not in line with management initial intention, or initial classification.
    • Tell me about any situations when all unrealized gains and losses in securities have been recorded and if not the reason.
  • Tell me about any situations when you have been asked to postpone recognition of an impairment of a security.

  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Gain an understanding of the process used by management to classify investments and consider whether investment activities support or conflict with management’s stated intent. Look at written records of investment strategies, records of investment activities, and minutes of meetings of the Board of Directors.

  • Perform recomputations where necessary to determine whether:

    • Unrealised/realised gains/losses are computed in accordance with the applicable financial reporting framework.
    • Investment income is properly computed.
    • Securities are properly valued in accordance with the applicable financial reporting framework (i.e., amortised cost or fair value).
    • Securities are properly classified in accordance with the applicable financial reporting framework based on management’s intent.
    • All impaired securities are written down to fair value.
  • Perform cut‑off procedures to determine whether purchases, sales and investment revenue are recorded in the proper period.

  • Investigate significant differences identified in the value of investments on the confirmation/ statement and the amount recorded by the company.

Fictitious Investments

Recording investments which do not exist

  • Investments with missing supporting documentation and/or that do not appear on brokerage statements.

  • Accounting personnel:

    • Tell me about any situations when you have been asked or pressured to record fictitious investments.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Determine if investment actually exists by physical inspection or by confirmation with the issuer or custodian.

  • Confirm unsettled transactions with broker‑dealer.

  • Review minutes of board of directors meeting to determine whether investments were authorised by the Board and that entity policy was followed in the trading of securities.

  • Review executed partnership or similar agreements.

  • Consider whether there is appropriate segregation of duties for purchasing, recording and maintaining custody of investments.

Other Assets

Improper capitalization of expenses as costs of fixed assets to increase the value of assets.

  • Unusually high balance of fixed assets.

  • Capitalized costs that are increasing faster than revenue over lengthy periods.

  • Capitalized costs which are not at historical cost.

  • Accounting policies which have been (or are) aggressive with respect to capitalization.

  • Repair and maintenance expenses (or other operating expense) declining at a rate inconsistent with operating activities (indicating these costs may have been capitalized instead of expensed).

  • Accounting personnel:

    • Tell me about any situations when you have been requested to record routine repairs as capitalised costs.
  • Inquire as to dates assets are placed in service and any construction interest or taxes that were capitalized beyond the in service date.

  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review capitalized improvements to property and equipment and consider whether or not they add to the utility or increase the life of the asset. If not evaluate why the costs were not recorded as expenses.

  • Test fixed assets additions by obtaining supporting detail.

Fictitious Fixed Assets

Recording assets which do not exist

  • Existence of questionable fixed assets on books not having a clear purpose in the business.

  • Lack of a subsidiary ledger to record additions and retirements.

  • Lack of adequate policies and procedures to determine whether property and equipment are received and properly recorded.

  • Lack of adequate written policies and procedures concerning the recording, retirement and disposition of fixed assets.

  • Purchasing or accounting personnel:

    • Tell me about any situations when you have ever been asked to prepare false invoices or journal entries for the purchase of assets or input an asset addition without proper supporting documentation.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Tour the entity’s facility and review fixed assets. Also, select certain fixed assets from fixed asset listing and physically inspect that the fixed asset exists.

  • Determine whether retired or sold assets have been removed from the reported fixed asset balance.

Manipulation of fixed asset valuations

Recording assets at more than purchase costs

Deferring impairment charges

  • Existence of questionable fixed assets valuation.

  • Lack of a report, detailed listing and/or underlying evidence for fixed assets valuation.

  • Lack of adequate written policies and procedures regarding valuation of fixed assets.

  • Reluctance to the acknowledgment of existing impairment indicators or insufficient response to the existence of such indicators.

  • Purchasing and accounting personnel:

    • Tell me whether you have been asked or pressured to record assets at anything other than historical cost.
  • Accounting personnel:

    • Tell me about the impairments you have recorded and what the underlying cause was.
    • Tell me whether you have been asked to postpone a write down of a fixed asset.
  • Business manager:

    • Tell me about any issues with the productivity of specific plants, warehouses or locations.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Test fixed asset addition values to determine they are in accordance with the applicable financial reporting framework.

  • Observe fixed assets, review the fixed asset ledger and other documents relating to fixed assets and inquire of management to determine if there is:

    • A significant decrease in the value of the asset.
    • A significant change in the manner the asset is used.
    • A significant adverse change in legal factors, the business climate or an adverse action or assessment by a regulator which would affect the value of an asset.

Schemes Involving Depreciation/Amortization

Assigning unreasonable estimated useful lives

Deferring the shortening of estimated useful lives

  • Unusually slow depreciation of fixed assets or lengthy amortization periods.

  • Unexpected trend of decreasing depreciation and amortization charges.

  • Lack of written depreciation policy.

  • Accounting personnel:

    • Tell me about any situations when you have been asked or pressured to manipulate asset lives or salvage values.
  • Tell me about any changes in estimated useful lives of assets.

  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review prior year depreciation charges and compare with current year for reasonableness.

  • Review detailed list of fixed assets and evaluate the assigned estimated lives of assets.

  • Select fixed assets and recalculate the net book value at reporting date based upon the estimated life of the asset.

Liabilities

Understating Expenses or Concealing Liabilities; inappropriate Capitalization of Costs or postponing the recording of expenses.

  • Unexpected Increase in current / quick ratio from one period to the next.

  • Unexpected improvements in gross margins.

  • Increase in inventory with no corresponding increase in accounts payable.

  • Accounting personnel:

    • Tell me about any situations when you have been asked to postpone recording expenses until a subsequent period.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Perform operating expense cut‑off test to determine whether expenses are recorded in proper period. Focus on whether any current expenses have been recorded in the next reporting period.

  • See Decreasing Contra Revenue Accounts (Improper Revenue Recognition) for relevant potential responses.

  • Compare prior years’ expenses and liabilities to current year and look for unusual trends.

  • Perform current or quick ratio analysis.

  • Review capitalized expenditures to determine whether they may be more appropriately classified as expenses.

Understating Expenses or Concealing Liabilities: Off Balance Sheet Entities

Establishing off balance sheet entities with related parties to conceal debt or manipulate operating results

  • Complex, interrelated off‑balance sheet entities that have investments in each other and enter into transactions with each other and with the entity, including purchases/sales of assets, and operating agreements.

  • Off‑balance sheet debt arrangements that are collateralized by the entity’s assets or guarantees.

  • Recognises gains from sales of assets and fees for services related to those assets (e.g., marketing and or management contract fees) after their sale to thinly capitalized unconsolidated special‑purpose entities.

  • Repurchases assets that were previously sold to special‑purpose entities.

  • Sales leaseback arrangement with related party.

  • Investments made by thinly capitalized unconsolidated special‑purpose entities (that are controlled by entity executives).

  • Management and legal personnel:

    • Tell me about the entity’s affiliation with or sponsorship of special purpose entities, partnerships or joint ventures.
    • Tell me about the entity’s purpose for establishing this special purpose entity(ies).
    • Tell me about the legal structure of the special purpose entity.
    • Tell me how the entity accounted for the venture (cost or equity method).
    • Tell me what financial instruments are held in legal trust.
    • Tell me about any restrictive provisions of agreements with special purpose entities or other ventures.
    • Tell me about situations when the entity engages in other off balance sheet activities.
    • Inquire about the existence of any side agreements (whether verbal or written) not contained in the original contract with special purpose entities or other ventures.
    • Inquire about related parties involved in managing investments or receiving remuneration from investments.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review all contracts for investments and ventures entered into by the entity.

  • See Related Party Transactions in Revenue Recognition section.

  • Confirmations of agreement terms with related parties.

Misappropriation of Assets Fraud Schemes, Identifiers and Responses

OAG Guidance

Misappropriation of Assets Fraud Schemes, Identifiers and Responses

Note 1: This outline serves only as an illustration to refer to when assessing fraud risk during the course of a financial statement audit. It does not encompass all existing schemes or potential indicators that would be demonstrative of a thorough understanding of entity specific fraud risks, nor is it intended to be an exhaustive checklist of all potential audit responses to the specific schemes listed. We use professional judgment and consider the entity’s internal controls which may be an important part of our response.

Note 2: The individuals to be interviewed depend upon specific risks identified. Potential interviewees extend beyond management and financial accounting personnel, including, but not limited to, warehouse/shipping personnel, sales personnel, distributors, suppliers, and customers.

Scheme Potential Indicators of Scheme Potential Interviewees and Questions Potential Audit Response to Identified Risk

Cash

Unrecorded income or cash receipts

  • Poor collection procedures.

  • Unusual decreases in cash.

  • Decrease in sales accompanied by an increase in cost of sales.

  • Unexplained cash balance discrepancies/ reconciling items.

  • Reversing entries or adjustments which are necessary to reconcile to the amount of cash on hand.

  • Poor controls over the completeness of recording sales.

  • Lack of adequate segregation of duties between employees opening the mail and recording the receipt of payments.

  • Customer cash receipts maintained in an account for a long period of time before being applied to customer’s outstanding balance.

  • Management or internal audit group:

    • Tell me about any situations when there have been problems with employee theft of incoming cash receipts.
    • Tell me about the entity’s policy for monitoring off site sales people (if applicable) or rental properties which generate cash flows for the entity.
    • Tell me how reconciling items or discrepancies are treated and reviewed by management.
  • Management and sales personnel:

    • Tell me about excessive customer complaints regarding billing and/or payments not being applied to their accounts.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Compare cash register tape to the physical cash on hand.

  • Test sale transactions to supporting details to evaluate completeness of recorded transactions.

  • Test all significant reconciling items in reconciliation of revenue, cash and accounts receivable to supporting detail.

Understated Sales or Receivables

  • See Unrecorded income or cash receipts above.

  • Management or internal audit group:

    • Tell me about any situations when there have been problems with employee manipulation of sales entries or incoming cash receipts.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Inspect sales invoices and compare with customer orders and delivery reports.

  • Examine incoming cash receipts from customers to ensure that payments are made in accordance with sales contracts terms and that any discount terms are accurately recorded.

Fraudulent Disbursements

Disbursement of entity funds including the issuance of false credits and rebates, bribes to legitimate vendors for which the employee receives a kickback

  • Cash register employees with authority to void their own transactions.

  • Lack of review of refunds, credits, rebates, etc.

  • Excessive number or value of voided purchase or sales transactions for which no supporting documentation is found.

  • Missing or altered cash register tapes.

  • Large amounts of refunds, credits, rebates, issued to vendors.

  • Access to cash, checks, purchase orders, is for multiple employees.

  • Unexplained over budget expenses.

  • Unusual reconciling items or lack of timely resolution of reconciling items.

  • Accounting and other relevant personnel:

    • Tell me about the entity’s policy for processing refunds, rebates or credits. Do the appropriate people verify these transactions?
    • Tell me about any situations when the entity’s policy with respect to check approval/ signing is subject to override and if so, by whom and how often.
    • Inquire about unexplained reconciling items for bank accounts and ask for supporting evidence.
    • Inquire why certain indicators are present, and corroborate explanations with evidence.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review supporting documentation for voided or refunded transactions.

  • Trace sale transaction terms to supporting details to determine whether discounts or rebates have been appropriately measured and applied.

  • Compare level of discounts and rebates as a percentage of revenues in the current year to the same ratios in the prior year.

  • Determine if there is an approved vendor list and investigate unusual concentration of activity with a particular vendor.

  • Investigate related party transactions.

  • Test reconciling items in bank reconciliations.

Fraudulent Disbursements

Theft of Entity checks & Check Tampering

Pay and return schemes (e.g. an employee improperly pays a vendor or pays a vendor for an invoice twice and subsequently intercepts and cashes the check returned by vendor)

  • See Unrecorded income or cash receipts above.

  • Lack of adequate safeguarding of cash or incoming checks.

  • Unusual reconciling items or lack of timely resolution of reconciling items.

  • Excessive number of voided checks.

  • Cheques payable to employees other than regular payroll checks.

  • Excessive “soft expenses” (advertising, legal consulting etc.) or unexpected trends in expenses.

  • Duplicate or multiple payments, reimbursements, rebates, refunds, credits etc. to the same vendor.

  • Checks payable to cash.

  • Lack of adequate segregation of duties between individuals authorised to process checks and those in supervisory/ approval role.

  • Accounting, finance and treasury personnel:

    • Tell me about the policy for establishing bank accounts and who has authority to maintain such account. Tell me about situations when you were made aware of established bank accounts which do not seem related to the entity’s business purpose.
  • Accounting personnel:

    • Tell me about any situations when the entity’s policy with respect to checks is subject to override and if so, by whom and how often are such controls overridden.
    • Tell me how often the vendor list is audited and updated.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Review bank accounts established by the entity to ensure that they have been properly authorized and that only authorized personnel are drawing on them.

  • Select a sample of canceled issued checks and examine for evidence of alterations or other tampering.

  • Select a sample of cheques and review endorsements to ensure that endorsements have been made by proper parties and checks are deposited into authorized bank accounts.

  • Select a sample of canceled checks and examine for validity of payees.

  • Select a sample of checks and examine for checks payable to cash, bearer, unknown vendors or employees.

  • Select a sample of payments for review of multiple/duplicate payments, refunds etc for possible pay and return schemes.

  • Select a sample of payments and review for excessive “soft expenses”.

  • Review list of vendors for shell companies or for companies with no apparent business purpose or to determine if vendor is linked to employees in any manner.

Payroll Fraud

Fictitious Employees

Creating fictitious employees or retaining former employees on the payroll and cashing the pay checks

  • Lack of adequate segregation of duties of the hiring, payroll processing and check disbursement function (HR vs. payroll function).

  • Lack of adequate procedures governing the hiring and firing process.

  • Lack of controls over new hires or terminations.

  • Significant variances of budget to actual for payroll expense.

  • Management:

    • Tell me about the entity’s policy for hiring, pay increases and firing of personnel.
    • Tell me about controls over additions and deletion of employees from the payroll system and reconciliation of payroll expenses from one period to the next.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Obtain payroll check run(s) and review check run(s) to determine whether all checks are sequenced numerically. Select employees and trace hours worked to time sheet (ensure approved by supervisor for hourly employees) and obtain employee file to determine whether documentation validating hiring of the employee is in place.

  • Also, perform the above procedure for manual payroll checks. Also, understand why a manual check was used.

  • Evaluate whether changes to payroll register/system are adequately documented and supported.

Falsified Pay Rate or Hours

  • Lack of adequate control procedures over time reporting for hourly employees.

  • Lack of adequate control procedures over changes in pay rates (salary or hourly rate).

  • Lack of adequate policies and procedures governing bonuses and commissions, etc.

  • Management:

    • Tell me about any situations when the entity has established unrealistic quotas for sales or hours to be worked.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Reconcile time cards/sheets (with approved supervisor signature and employee signature) to pay check or check run.

  • For a selection of employees agree pay rate changes to supporting approval documentation.

  • Recalculate commissions by testing sales invoices, back to sales orders, shipment documents and customer receipt.

Inventory

Theft of Inventory

  • Excessive write downs of inventory as compared to prior periods.

  • Lack of adequate segregation of duties between individuals authorized to buy/sell inventory, individuals with record keeping functions and individuals with physical custody of inventory.

  • Management:

    • Tell me about the entity’s policy with respect to write down of inventory.
    • Tell me about the entity’s policy with respect to inventory counts and how differences in counts are explained or treated.
    • Tell me about if there were any unusual shrinkages or adjustments, or if you have received push back from manufacturing/ warehouse personnel in investigating physical inventory differences.
  • Evaluate the design and implementation of controls addressing significant fraud risk identified and determine if reliance on those controls is an important part of an appropriate response to the specific fraud risk. If so, test operating effectiveness of relevant controls.

  • Observe full physical inventory and analyse inventory account for discrepancies between physical inventory and books.

  • Analyse historical trends of inventory write‑downs.

Understanding and evaluating fraud‑related controls

CAS Requirement

The auditor shall treat those assessed risks of material misstatement due to fraud as significant risks and accordingly, to the extent not already done so, the auditor shall identify the entity’s controls that address such risks, and evaluate their design and determine whether they have been implemented (CAS 240.28).

CAS Guidance

Management may make judgments on the nature and extent of the controls it chooses to implement, and the nature and extent of the risks it chooses to assume. In determining which controls to implement to prevent and detect fraud, management consider the risks that the financial statements may be materially misstated as a result of fraud. As part of this consideration, management may conclude that it is not cost effective to implement and maintain a particular control in relation to the reduction in the risks of material misstatement due to fraud to be achieved. (CAS 240.A32)

It is therefore important for the auditor to obtain an understanding of the controls that management has designed, implemented and maintained to prevent and detect fraud. In identifying the controls that address the risks of material misstatement due to fraud, the auditor may learn, for example, that management has consciously chosen to accept the risks associated with a lack of segregation of duties. Information from identifying these controls, and evaluating their design and determining whether they have been implemented, may also be useful in identifying fraud risks factors that may affect the auditor’s assessment of the risks that the financial statements may contain material misstatement due to fraud. (CAS 240.A33)

OAG Guidance

For guidance on obtaining an understanding of the entity’s system of internal controls, including controls that address the risks of material misstatement at the assertion level in the control activities component refer to OAG Audit 5031.

Consider whether the absence of, or deficiencies in, programs and controls to mitigate specific risks of fraud or to otherwise help prevent, deter, and detect fraud represent control deficiencies to be communicated to senior management and the audit committee.

Refer to guidance on communicating deficiencies at OAG Audit 2220.

Procurement Fraud Schemes, Identifiers and Responses

Note 1: This outline serves only as an illustration to refer to when assessing fraud risk during the course of a financial statement audit. It does not encompass all existing schemes or potential indicators that would be demonstrative of a thorough understanding of entity specific fraud risks, nor is it intended to be an exhaustive checklist of all potential audit responses to the specific schemes listed. We use professional judgment and consider the entity’s internal controls which may be an important part of our response.

Note 2: The individuals to be interviewed depend upon specific risks identified. Potential interviewees extend beyond management and financial accounting personnel, including, but not limited to, warehouse/shipping personnel, sales personnel, distributors, suppliers, and customers.

Scheme Potential Indicators of Scheme Potential Interviewees and Questions (See Note 2) Potential Audit Response to Identified Risk

Procurement

Contract Splitting

Dividing a requirement into a number of smaller contracts in order to avoid controls

  • A supplier is awarded several sole source contracts just below the monetary threshold for such contracts.

  • The contracts are for the same or similar goods or services.

  • The contracts are awarded within a short time span.

  • The contracts are awarded sequentially, with a new sole source contract being awarded just as the previous sole source contract was set to expire.

  • Inquire of procurement staff why the requirements were not combined into a single competitive contract.

  • Look for unusual trends in sole source contracts, such as a spike in the number of sole source contracts awarded for a given dollar value.

  • If there is an unusually high number of sole source contracts awarded just below the monetary threshold for such contracts, it may indicate contract splitting.

Abuse of Amendments

A contract is initially awarded at a low price, which is later amended to substantially increase the value of the contract

  • Amendments are made that are substantial in relation to the size of the original contract.

  • Amendments are for services that are unrelated to the original contract.

  • Inquire of procurement staff why the additional costs were not factored into the original contract.

  • Look for contracts with substantial amendments.

  • Assess whether the amendments are reasonable or whether they are for foreseeable items that should have been factored into the original contract.

Inappropriate Sole Sourcing

Awarding a sole source contract when it should have been awarded through a competitive process

  • Sole source contracts that don’t appear to meet any of the criteria set out in Section 6 of the Government Contracts Regulations, which are:

    (a) the need is one of pressing emergency in which delay would be injurious to the public interest;

    (b) the estimated expenditure does not exceed

    (i) $25,000,

    (ii) $100,000, where the contract is for the acquisition of architectural, engineering and other services required in respect of the planning, design, preparation or supervision of the construction, repair, renovation or restoration of a work, or

    (iii) $100,000, where the contract is to be entered into by the member of the Queen’s Privy Council for Canada responsible for the Canadian International Development Agency and is for the acquisition of architectural, engineering or other services required in respect of the planning, design, preparation or supervision of an international development assistance program or project;

    (c) the nature of the work is such that it would not be in the public interest to solicit bids; or

    (d) only one person is capable of performing the contract.

  • Inquire of procurement staff why the contracts were entered into without soliciting bids, even though they did not meet the required criteria.

  • Look for sole source contracts with missing or inadequate justification for why they were entered into without soliciting bids.

Bid Tailoring

Adjusting a statement of work in order to favour a particular supplier, giving an unfair advantage over other potential suppliers

  • Specifications stipulate the use of a brand name without stating ‘or equivalent’

  • Vague or incomplete specifications

  • Narrow or overly specific specifications

  • Fewer than expected vendors submit bids

  • Complaints from other bidders or vendors that the specifications match too closely those of a single competitor

  • Inquire who drafted or consulted on the specifications

  • Inquire about the history between the entity and the winning bidder

  • Inquire what the typical amount of bidders are on similar projects

  • Review the bid evaluations

  • Obtain the fairness monitor report, if applicable

  • Compare the bid specificity to similar projects

  • Review the contract history with the vendor

Guidance on Assessing Management’s Anti-fraud Programs and Controls

OAG Guidance

Guidance on Assessing Management’s Anti-fraud Programs and Controls

Management’s anti-fraud programs and controls, whether manual or automated, can be circumvented by collusion of two or more people or by inappropriate management override of internal control. Accordingly, management’s fraud risk assessment is expected to consider and evaluate the potential for collusion and/or management’s override of controls. We also evaluate whether the entity’s programmes and controls are suitably designed to prevent or detect material misstatements resulting from fraud risks including collusion and management’s override of controls. If we determine that management has designed effective programs and controls, evaluate whether the relevant programs and controls have been implemented. Knowledge of management’s anti‑fraud programs and controls will assist in developing our audit responses to the risks of fraud, which may include testing the operating effectiveness of these controls.

See guidance on the Entity’s System ofInternal Control and its relevance to the audit at OAG Audit 5031.

Overview

Assess whether the entity’s programs and controls that address identified risks of material misstatement due to fraud at the financial statement level and the assertion level have been suitably designed, implemented and maintained. These programs and controls may involve

  • broad programs designed to prevent, deter, and detect fraud (including programs to promote a culture of honesty and ethical behavior); and

  • specific controls designed to mitigate specific risks of fraud.

Evaluation of management’s anti-fraud programs and controls

Our evaluation of management’s anti-fraud programs and controls may include:

  • Management accountability.
  • Oversight by Board of Directors and Audit Committee.
  • Control environment.
  • Commitment to deter, detect, and remediate fraud.
  • Management’s assessment of fraud risk.
  • Control activities.
  • Employee and third party integrity diligence.
  • Information and communication regarding fraud.
  • Monitoring and auditing systems.
  • Investigation and remediation of identified fraud.
Management Accountability

Management has primary responsibility for establishing and monitoring programs and controls to prevent and detect fraud. Although management may delegate certain responsibilities to investigations, internal audit, security, and others, an anti-fraud program will not be deemed effective unless management accepts overall responsibility.

Oversight by Board of Directors or Audit Committee

An effective fraud management program requires active oversight by the Board or Directors or Audit Committee. Consider whether the Board of Directors or Audit Committee:

  • Oversees management’s anti-fraud programs and controls, including management’s identification of fraud risks and implementation of anti-fraud measures.

  • Oversees the potential for management override of controls or other inappropriate influence over the financial reporting process.

  • Oversees mechanisms for employees to report concerns.

  • Reviews management’s reported information for reasonableness compared with prior or forecasted results, as well as with peers or industry averages.

  • Seeks the views of the internal auditors and independent auditors regarding management’s involvement in the financial reporting process and, in particular, management’s ability to manipulate information processed by the entity’s financial reporting system.

  • Receives periodic reports describing the nature, status and eventual disposition of alleged or suspected fraud and misconduct.

  • Encourages internal audit to express any concerns about management’s commitment to appropriate internal controls or to report suspicions or allegations of fraud.

  • Reviews the internal audit plan, including whether such plan addresses fraud risk.

  • Possesses the ability and authority to investigate any alleged or suspected fraud brought to its attention, including the power to retain legal, accounting, and other professional advisers as needed.

Control Environment

A strong culture of honesty, integrity, and high ethics is fundamental to an effective fraud management program. The engagement team’s consideration of the control environment necessarily includes consideration of the corporate culture at the entity‑wide, senior management, management unit and business process levels.

As a part of our review of the control environment, consider:

  • Whether the entity has adopted a written code of ethics that applies to the company’s principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions.

  • If the entity has not adopted such a code of ethics, the reasons it has not done so.

We define the term “code of ethics” to mean a codification of standards that is reasonably designed to deter unethical behaviours and to promote:

  • Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships.

  • Avoidance of conflicts of interest, including disclosure to an appropriate person or persons identified in the code of any material transaction or relationship that reasonably could be expected to give rise to such a conflict.

  • Full, fair, accurate, timely, and understandable disclosure in reports and documents in the entity’s government filings and in other public communications made by the entity.

  • Compliance with applicable governmental laws, rules and regulations.

  • The prompt internal reporting to an appropriate person or persons identified in the code of violations of the code.

  • Accountability for adherence to the code.

Consider the extent of the scope of the code; that is, whether it applies to all employees and Board of Directors, or just to senior executives. In evaluating the code, consider the frequency of the entity’s review and updating of the codes; that is; consider whether the entity continuously evaluates its ethics and integrity compliance. Consider whether the entity requires periodic written confirmation regarding compliance with the code of ethics.

Also consider how the entity ensures that employees and others comply with the code of ethics. We address this subject below in the context of monitoring, investigation, and remediation.

Our review of the control environment considers the existence and effectiveness of ethics hotlines and “whistleblower” programs. Specifically, consider whether the Board of Directors or Audit Committee has established procedures for:

  • Receipt, retention and treatment of complaints received by the entity regarding fraud risk or allegations of fraud and other financial misconduct.

  • Employees of the entity or third parties to make confidential, anonymous submission to the Board of Directors or Audit Committee regarding questionable accounting or auditing matters.

There is no “one‑size‑fits‑all” approach for whistleblower programs and procedures. For example, a program at a small domestic entity very likely will differ from a program at a large, multinational corporation.

Commitment to Deter, Detect, and Remediate Fraud

The entity needs to demonstrate a commitment to respond to fraud as part of its culture of honesty, integrity, and high ethics. Evaluate whether the commitment is genuine. Consider both the existence and non‑existence of documented programs and controls to deter, detect, investigate, and remediate fraud. In assessing commitment, consider not only the words, but also the entity’s actions in enforcing anti‑fraud programs. Further, consider the entity’s responsiveness to recommendations for improvement as a result of specific instances of fraud or controls reviews.

Management’s Periodic Assessment of Fraud Risk

An effective anti‑fraud program requires that management assess the risk of financial statement fraud, just as we assess the risk of fraud as a part of the audit. Management needs to assess the risk of fraud at the entity, senior management, management unit, and business process levels.

Management will conduct these assessments on a recurring basis, particularly if the entity or management unit/business process undergoes a major change, such as a change in strategy, personnel, organizational structure, or geographic location. The assessment of fraud risk needs to consider the potential for management override and the risk of unauthorized or improper receipts and expenditures.

Control Activities

Consider both the presence and absence of control activities in our evaluation, that is, the processes, controls and other activities that are needed to mitigate the identified risks. Because of the importance of information technology in supporting operations and the processing of transactions, also consider whether management has implemented and maintained appropriate controls over computer‑generated information.

Employee and Third Party Integrity Diligence

Consider whether the entity engages in proactive hiring and promotion procedures, including

  • conducting background investigations on candidates for employment or for promotion to a position of trust; and
  • verifying the candidate’s education, employment history, and personal references.

Monitor changes in senior management, especially changes of management personnel involved with control processes. Inquire whether the entity has collected background information during the hiring or promotion process. If no background information has been collected, consider whether a background investigation is warranted.

Our evaluation of the fraud management program considers the extent to which the entity conducts integrity reviews regarding agents, joint venture partners, vendors, customers, and other third parties with which it transacts. Consider whether these inquiries are conducted periodically and updated as new information is received. Consider the appropriateness of conducting such inquiries as well as the different legal standards in which the entity engages in business.

Information and Communication Regarding Fraud

Consider whether information regarding risks is identified, captured, processed, and communicated effectively and adequately throughout the entity. Consider, for example, training programs, and the dissemination of publications that explain in a practical manner what is required.

In reviewing training programs, consider whether training is required, as well as whether it is provided both at the time of hiring and on a continuing basis. Consider the scope of the training, audience, and frequency.

Also consider whether employees, particularly those within senior management, finance, and areas that might be exposed to unethical behavior, are required to confirm, on a periodic basis, whether they have engaged in or have knowledge of any fraud or misconduct committed by or against the entity.

Monitoring and Auditing

Consider whether management‑monitoring activities surrounding control and compliance processes effectively address the prevention and detection (including the complete and timely reporting) of fraud. Such consideration will include an evaluation of the risk of override by management.

Also consider the effectiveness of internal audit or the equivalent function. Consider whether the internal auditor has sufficient knowledge to identify the indicators of fraud (as required by Institute of Internal Auditors’ Standards for the Professional Practice of Internal Auditing). Consider whether internal auditors evaluate fraud risks and controls and make recommendations for improvement. Also consider whether internal auditors proactively search for fraud as a part of their audits. Consider the internal auditors’ ability to report directly to the Board of Directors or Audit Committee, if they desire to express concerns about management.

Given the evolution of information technology, also consider whether management utilizes its information systems to identify fraud indicators.

Investigation and Remediation of Identified Fraud

The entity’s performance regarding the investigation and remediation of identified fraud is another critical benchmark of effective programs and controls to deter and detect fraud. For example, consider the entity’s investigative process, including thoroughness of investigations, actions taken against violators, responsiveness to control weaknesses.

Evaluate whether and how the entity responds to allegations of fraud, including “whistle blower” allegations. Consider the entity’s disciplinary mechanisms and whether they are appropriate and consistent.

Consider whether and how the entity responds after fraud has been detected. In particular, consider whether the entity inquire into how and why the fraud was committed, as well as how it was detected. Consider whether and what steps the entity has taken to learn from the incident and to prevent similar conduct.

Follow policy on involvement of the internal specialist for fraud, and Legal Services when reasonable suspicions cannot be dispelled or where the entity has mishandled and identified instances of fraud. Refer to guidance and policy on consultations at OAG Audit 3081.