31 Aug SAS99 Fraud Detection
Please try to used information from the references in the last page of pdf Case Assignment #1 and there are further instructions on pdf First Case Assignment.
The answers to the questions should include a definition of terms, analysis of the applicable accounting and/or audit rules that may apply and an analysis of the question using the rules and the facts. This may require the team to do some research. This case provides research in the Reference section at the end of the case. That will give you a good start.
Also, you should integrate into the answers the concepts that you are learning from the in-class readings where applicable. Here are some quick examples:
In response to Q. #5 I would expect to see some discussion of SAS #99.
Auditor standards should be referenced in response to Q. #3. Also, how might the business profile analysis in the assigned Bribery and Corruption readings for week 2 be used to answer Q. #3 as well?
Do the reading on conspiracy and mail and wire fraud; department of justice policy and the federal sentencing guidelines have application to Q. #7?
Do the accountant reporting guidelines in SOX help answer Q. #8?
These are just a few examples. It is not enough to simply brainstorm the case and submit some ideas. However, I do expect your thoughts, ideas and analysis to accompany your research and readings in the answers. I hope that this provides you with some guidance.
Let me know if you have any questions.
University of Tennessee, Knoxville Trace: Tennessee Research and Creative
University of Tennessee Honors Thesis Projects University of Tennessee Honors Program
SAS 99 & Fraud Detection Shunlan Lu University of Tennessee – Knoxville
Follow this and additional works at: http://trace.tennessee.edu/utk_chanhonoproj Part of the Accounting Commons
Recommended Citation Lu, Shunlan, "SAS 99 & Fraud Detection" (2005). University of Tennessee Honors Thesis Projects. http://trace.tennessee.edu/utk_chanhonoproj/881
This is brought to you for free and open access by the University of Tennessee Honors Program at Trace: Tennessee Research and Creative Exchange. It has been accepted for inclusion in University of Tennessee Honors Thesis Projects by an authorized administrator of Trace: Tennessee Research and Creative Exchange. For more information, please contact [email protected]
SAS 99 and Fraud Detection
Advisor: Dr. Del DeVries
Fraud has been a big problem in many companies in recent years. It causes both
economic and social consequences in our society. The integrity of the accounting
profession has also been questioned. In order to give better guidance for external
auditors to uncover fraud in a Umely manner and restore public confidence to th e
accounting profession. the Auditing Standards Board of the AICPA issued
Statement of Auditing Standards No .99 (SAS 99). This paper discusses the
procedures required to implement SAS 99 and documents four recent fraud cases,
with a focus on how SAS 99 could have been effective to help auditors discover
1. Introduction ami Background
While fraud is something that can not be completely eliminated. steps can be taken in order to
detect it in a timely manner before it causes serious consequences . In order to guide external
auditors to conduct financial statement audits. The Auditing Standards Board. which is part of
the American Institute of Certified Public Accountants . issued Statement of Auditing Standards
No. 99 effective on December 15, 2002. Statement of Auditing Standards No. 99 is a collection
of standards that supersede Statement of Auditing Standards No . 82 . Consideration of Fraud in a
Financial Statement Audit. SAS No. 99 corrected some of the shortcomings of SAS No . 82. so
understanding the difference between SAS 99 and SAS No. 82 could help auditors to better
follow the guidelines of SAS NO .99 and conduct the financial statement audits more efficiently.
A detailed comparison of SAS 82 and SAS 99 1 is listed in Appendix A of this paper.
1 Donald C. Marczewski and Michael D Akers … CPA 's Perceptions of the Impact of SAS 99. " The CPA lournal Online. lune . (2005) . 18, Nov . 2005 < http /lwww .nysscpa.o rg/c pajournaU200S/60S/esse nti als/p38. htm>
While SAS 99 is a collection of standards that is intended to help external auditors detect fraud,
becoming familiar with SAS 99 could also help management or employees prevent fraud from
happening in the first place . It would be meaningful to document several recent corporate frauds
and to test how or if SAS 99 could have been effective in detecting these frauds , so that auditors
can learn what could have been done in the past in order to detect fraud, and what should be done
in the future to conduct audits effectively.
The rest of this paper is organized in the following manner. [n Section 2, the procedures required
to implement SAS 99 are discussed in detail. Section 3 contains four fraud case analyses,
including Enron, Tyco , World Com, and ZZZZ Best Company, for the purpose of testing how or
if SAS 99 could have been effective in detecting these frauds . [n Section 4, a conclusion is drawn
based on the four case analyses.
2. Procedures Required to Implement SAS 99
This section discusses procedures which are required to implement SAS 99. Many of these
procedures can be performed either at the same time or in a different sequence, depending on the
circumstances. SAS 99 includes the following ten procedures, and each of them will be discussed
in detail :
1. Description and characteristics of fraud
2. Professional skepticism
3. Discussion among key engagement personal
4. Information gathering
5. Risk Identification.
6. Risk Assessment
7. Responses to the results of the assessment.
8. Evaluation of audit evidence
9. Communication of possible fraud
10. Documentation of the auditor's consideration of fraud .
Step one . Description and characteristics of fraud.
Auditors should consider two types of misstatements. The first one is misstatements arising from
fraudulent financial reporting, which may be accomplished by manipulation, falsification, or
alteration of accounting records ; by misrepresentation or intentional omission significant
information and by intentional misapplication of accounting principles . The second type of
misstatement auditors should consider is misstatements arising from misappropriation of assets,
which causes the financial statements not to be presented according to Generally Accepted
Step two . Professional skepticism.
Due professional care requires auditors to exercise professional skepticism. When conducting a
financial statement audit, auditors should have a qu estioning mind and be critical in assessing
audit evid ence . Examples of the application of profess ional skepticism in response to the risk of
material misstatement due to fraud are designing additional or different auditing procedures to
obtain more reliable evidence in support of specified financial statement account balances ,
classes of transactions, and related assertions , and obtaining additional corroboration of
management's explanations or representations concerning material matters. Appendix 1 shows
that, compared to SAS 82, there is a dramatically increased emphasis on maintaining an attitude
of professional skepticism in SAS 99.
Step three . Discussion among key engagement personal.
Discussion among key engagement personal regarding the risks of material misstatement is
important and should continue throughout the audil. The discussion should include an exchange
of ideas among the audit team members about the susceptibility of the entity's financial
statements to material misstatement due to fraud . The discussion should emphasize the need to
maintain a questioning mind and to exercise professional skepticism in gathering and evaluating
audit evid ence .
Step four: Information gathering.
Auditors should gather the information needed to identify the risk of material misstatement due
to fraud . The first step is making inquiries of management and others within the entity about the
risks of fraud. The inquiries of management should include whether they have knowledge of any
fraud, their understanding about the risks of fraud in the entity , the programs and controls the
entity has, whether management has reported to the audit committee and so on . Besides
management, auditors should also make inquiries of the audit committee, the internal audit
personnel , and employees with varying levels of authority within the entity. The second step of
information gathering is considering the results of the analytical procedures performed in
planning the audit. The result of this analytical procedure identifies the existence of unusual
transactions or events, and amounts , ratios , and trends that might indicate the existence of fraud .
The third step in information gathering is to consider the fraud risk factors, which include the
incentives/pressures to perpetrate fraud, the opportunities to carry out the fraud , or
attitudes/rationalization to justify a fraudulent action . Lastly , there are many other sources of
information that may be helpful in identifying risk su ch as review of interim financial statement.
Step five. Risk Identification .
Auditors should identify risk that may result in material misstatements due to fraud. The
information gathered in the previous steps should be used to identify risks that might result in a
materi al misstatement due to fraud. Auditors should pay special attention if the risk factors ,
mainly pressure, opportunity and rationalization , exist. The identification of risks requires
professional judgment. In identifying risks , auditors should consider whether the risk involves
fraudulent financial reporting or misappropriation of assets, whether the risk could result in a
possible material misstatement of financial statements and the likelihood that it will result in
misstatement , and lastly , whether the potential risk is pervasive in the financial statements or
related to specific accounts. Auditors should consider improper revenue recognition as a fraud
risk, because many material misstatements due to fraudulent financial reporting result from over
or understatement of revenue. Management override of controls should also be considered a
fraud risk . A more complete list of risk factors is included in Appendix B, pages 22 to 25.
Step six. Risk assessment.
Auditors should assess the identified risks after taking into account an evaluation of the entity's
programs and controls that address the risks . According to SAS 55, auditors should understand
the five components of internal control in order to plan an audit. As part of the understanding of
the internal control , auditors should evaluate whether the programs and control are properly
designed and placed in operation.
Step seven. Responses to the results of the assessment.
Assessment of the risk of material misstatement due to fraud should affect the aSSignment of
personnel and the extent of supervision and the extent of concern about the accounting principles
and policies adopted by management. The assessment of the risk should also be used to predict
the auditing procedures that could be used in conducting the audit. The nature of the auditing
procedures performed may need to be changed to obtain evidence that is more reliable or to
obtain additional corroborative information. The timing of substantive tests and the extent of the
procedures applied should also be modified to reflect the assessed risk of material misstatement
due to fraud . The extent of the procedures applied should reflect the assessment of the risk
(Please refer to appendix C for a list of examples of modification of the nature, timing and extent
of tests, and examples of responses to identified risk of misstatements ariSing from fraudulent
financial reporting and misappropriation of assets.)
Because management is in a unique position to perpetrate fraud, the auditor should examine
journal entries and other adjustments for eVidence, review accounting estimates for biases, and
evaluate the business rationale for Significant unusual transactions that could result in material
misstatement due to fraud (Please refer to appendix 0 for examples).
Step eight. Evidence evaluation.
First of all. auditors should assess the risk of material misstatement due to fraud throughout the
audit. Examples of conditions that may be identified during fieldwork that change or support a
judgment regarding the assessment of the risks are given in AppendiX E. Secondly, the auditor
should evaluate whether analytical procedures performed as substantive tests or in the overall
review stage of the audit indicate a previously unrecognized risk of material misstatement due to
fraud. Third, the auditor should evaluate the risks of material misstatement due to fraud at or near
the completion of fieldwork to see whether the accumulated results of auditing procedures and
other observations affect the assessment of the risks of material misstatement due to fraud made
earlier in the audit. If the matter involves higher-level management, the auditor should reevaluate
the assessed risk and its impact on the nature, timing and extent of the tests of balances or
transactions and the assessment of the effectiveness of controls. On the othef hand, if the auditor
believes the misstatement is or may be the result of fraud , but there is not enough evidence to
evaluate whether the effect is material, the auditor should attempt to obtain additional evidential
matter , consider the implications for other aspects of the audit, and discuss the matter with
appropriate level of management at least one level above those involved.
Step nine. Communication of possible fraud
Auditors should communicate a possible fraud to the appropriate level of management , even if
the matter is inconsequential. For fraud involving senior management which causes a material
misstatement in the financial statement, the auditors should report to the audit committee. If the
auditors identify some risk of material misstatement due to fraud that has continuing control
implications, the auditor should report to appropriate management. Generally, the auditor does
not have the responsibility to disclose possible ffaud to outside parties. However , the auditor may
do so if the matter relates to certain legal and regulatory requirements, in response to a subpoena
and to a funding agency or other specified agency .
Step ten. Documentation of auditor's consideration offraud.
The auditors should document the follOWing: the discussion among engagement personnel, the
procedures performed to obtain information necessary to identify and assess the risks of material
misstatement due to fraud , the identified risks of material misstatement due to fraud and a
description of the auditor's response to those risks, documentation that would support the
auditor's decision, the results of the procedures performed to further address the risk of
management override of controls , other conditions and analytical relationships that caused the
auditor to believe that additional auditing procedures or other responses were required, and the
nature of the communication about fraud made to management , the audit committee, and others.
3. Case Analysis
In order for auditors to learn from the previous corporate fraud cases and to test how or if SAS
99 could have been effective in detecting these frauds, four recent fraud cases, including Enron
Cooperation , Tyco International, World Com , and ZZZZ Best Company, are documented in this
section. Each case analysis is composed of a brief summary of company background, followed
by analysis of how the fraud happened, why it happened, and finally and most importantly , how
SAS 99 could have been effective in detecting fraud .
3.1 Case one: Enron Corporation
Enron was founded in 1985 from a merger between InterNorth , Inc. , and Houston Natural Gas
Company. As a former CEO of the Houston Natural Gas Company, Kenneth Lay emerged as
CEO of Enron. Lay followed his predecessor and adopted an aggressive growth strategy.
Kenneth Lay hired Jeffery Skilling in 1987, promoting him to CEO by early 2001 , while Lay
served as the chairman of the board of directors . During the 1990s, Skilling transformed Enron
from a natural gas supplier into an energy-trading firm that served as an intermediary between
energy producers and final consumers. Widely regarded as a successful transformation , Enron
reported that revenue grew from $}O billion in early 1990s to $101 billion in 2000 . Kenneth Lay ,
Jeffrey Skilling and their top officers were nationally recognized because of Enron ' s new
business model. Enron was recognized as one of the most innovative, fastest growing and best
managed businesses and its stock price swelled.
Unfortunately, Enron suddenly collapsed and filed for bankruptcy in December 2001 3 . Enron 's
collapse shocked investors national-wide and the media reported that it was "the biggest crisis
investors have had since 1929." The loss of market capitalization was about 60 billion dollars
2 Michael C. Knapp. Contemporary Auditing Real Issues & Cases (Ohio: South-Westerns. 2004) 3-2 2. 3 "Eman Corporation". Wikipedia. 14 Nov. 2005 <online : http ://en .wikipedia. arg/wik ilEnron >
and thousands of Enron workers who held Enron' s stock in their 401 (k) retirement accounts lost
tens of billions of dollars.
Why did it happen?
There are numerous issues that are related to Enron's collapse, and the most important one is its
aggressive and fraudulent accounting practice , which was backed up by its top management
teams. Several major factors that contributed to Enron's collapse include : a bad corporate
culture , Enron's lack of internal control. Enron's transactions with its SPEs, its using of
derivatives to manipulate accounting results , and its intentional omission of important
information in financial statement disclosures . These accounting issues are discussed in detail
One of the most important factors that contributed to Enron' s collapse was that Enron did not
have a corporate culture that encouraged honest accounting practice. Enron' s key executives,
such as Kenneth Lay, Jeffrey Skilling , and Andre Fastow (former Enron CFO), were accused of
fostering rule breaking and discouraging problem reporting. Also , Enron' s internal control
system, a very important tool to decrease the risk of fraudulent financial reporting, broke down,
and lack of proper separation of duties allowed management to override control.
Special Purpose Entities, sometimes called special purpose vehicles, were used by Enron as a
tool to raise needed financing for variou s purposes without the debt being reported in its balance
sheet. An important gUideline, the so called 3 percent rule, provided by The Financial
Accounting Standard Board allows a company to not consolidate subsidiaries' financial
statements as long as at least 3 percent of a SpeCial Purpose Entity's capital is provided by
independent outside parties. Enron managed to establish hundreds of SPEs, and divert huge
amounts of its debt to these entities . Enron also conducted many transactions with its SPEs so
that it recognized unrealized gains on the increase in the market value of its own common stock .
Derivatives were another tool used by Enron to manipulate its accounting records . Enron entered
into long term commodity contracts to delivery energy commodities. Sometimes the period
covered many years. According to the accounting rules, projected profits from those contracts
must be booked . However, Enron often inflated its profits by assuming a lower cost to provide
those commodities to fulfill the contracts.
Enron also violated generally accepted accounting principles in that it intentionally failed to
disclose information in the financial statement that was critical to Enron' s users. Stockholders,
employees, the SEC and other stakeholders of Enron were not totally aware of the true situation
Could SAS 99 have prevented the fraud?
Andersen had been Enron's auditor since the merger between InterNorth, Inc . and Houston
Natural Gas Company in 1985 . As Enron's former auditor, Andersen was harshly criticized by
the public and was held responsible for Enron 's bankruptcy. As a result, Andersen's long and
proud history came to an end in 2001. In retrospect, people may ask that what could Andersen
have done differently, with the help of SAS 99 guidelines, to prevent the Enron fraud from
happening or to discover the fraud earlier?
Professional Skepticism: One of the mistakes Anderson had made was to assume that the
management team of Enron was honest and had integrity, and to believe everything management
said and the evidence that was presented to them. SAS 99 makes it very clear that it requires
auditors to exercise professional skepticism As I mentioned earlier, the management team of
Enron did not establish an honest corporate culture , and to some extent it even fostered the
dishonest accounting practices and discouraged problem reporting. If Andersen's auditors had
been a little more skeptical, the fraud at Enron could have been detected .
Risk identification: SAS 99 could have been helpful in the process of gathering information to
identify fraud risk factors. SAS 99 requires the auditor to make inquiries of management about
the possibility of fraud, to assess the effectiveness of internal controls , and to assume improper
revenue recognition as a fraud risk. A former employee of Enron , Sherron Watkins, vice
president of corporate development , wrote a letter to Kenneth Lay concerning the problematic
accounting and possible scandals that were going on in Enron. However, no one from Andersen
had ever asked Enron's management about it. If the auditors had known this information, the
auditors would have discovered lots of fraud, such as related party transactions with Enron 's
hundreds of SPEs, improper gain recognition, overriding accounting principles, overstating
revenues and so on. Enron 's lack of internal control was also surprising. A top executive of
Dynegy , after briefly considering a merger with Enron, reported that Enron's lack of internal
control was mind-boggling. If Andersen's auditors had done what SAS 99 requires them to do ,
such as talk to Enron 's internal audit personnel and Enron 's employees, they would have
gathered enough information to identify many significant risk factors which could have lead
them to uncover the fraud. Enron also had problems with improper revenue recognition . Enron
used the derivatives to manipulate its accounting records. It substantially understated the cost to
fulfill long-term contacts and thus overstated its revenue. If Enron' s auditors had assumed
improper revenue recognition as a risk factor , they wou ld have investigated more and assessed
the appropriateness of the assumptions Enron had made concerning the cost Enron would have in
order to fulfill contracts.
Responding to the identified risk Following the gUidelines of SAS 99 would have helped
Andersen's auditors to identify risks of fraud in Enron . In responding to the identified risk, the
SAS 99 procedures require auditors to adjust the nature, timing, and extent of procedures to be
performed and the assignment of personnel and supervision in order to obtain substantive audit
evidence. Because of the overwhelming risk of fraud that would have been identified, Andersen
would have assigned skilled auditors with Significant engagement experience, and they would
have been working under proper supervision. When there were considerable material
misstatements in Enron' s financial statement due to illegitimate transactions, Anderson's
accou ntants reported that they were comfortable about the transactions and how they were
presented in Enron's financial statements, even after they had spent considerable time analyzing
all sorts of questionable transactions. Also , more reliable information and evidence from outside
of Enron would have been obtained if SAS 99 were available at that time and Andersen 's
accountants followed it. That would have made Enron's scandal more obvious and it could have
been uncovered before it got worse.
Communication of Fraud: It was determined that Anderson did not fulfill its professional
responsibility in that it failed to communicate to Enron's board of directors any reportable
conditions, such as , Enron's poor internal control, its dealing with SPEs, and its problematic
financial reporting. SAS 99 would have been effective in preventing and uncovering the fraud if
it had been followed , because it requires auditors to communicate about possible fraud to
management, the audit committee, and others.
The Importance of Independence: Overwhelming evidence suggested that Andersen was deeply
involved in Enron's fraud . Besides auditing, Andersen received millions of dollars for providing
consulting services to Enron. Accountants from Andersen helped Enron set up SPEs, and Enron
followed their advice. Based on available evidence, it is not unreasonable to suggest that
Andersen's accountants were aware of what was going on in Enron, and they knew that Enron 's
financial statements were not fairly presented according to generally accepted accounting
standards. Instead of issuing a qualified opinion and bringing it to the attention of the public ,
Andersen tried to conceal the fraud, until the fraud grew too big and finally burst. From this we
can see that in order for SAS 99 to have been effective in preventing and detecting fraud in
Enron, Andersen would have had to be independent , and willing to follow the auditing standards.
In conclusion: Probably the most significant barriers to Enron's external auditors uncovering the
fraud in Enron was Anderson's deep involveme
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.