Article: SAS 99 and the Prevention of Fraud


	Greg Obolewicz

March 2004

SAS 99 and the Prevention of Fraud

2004 standards underscore the roles of auditors and management in producing reliable financial statements

Responding to calls for tighter restrictions on the relationship between public companies and their auditors as a way of uncovering evidence of fraud, in 2002 Congress passed the Sarbanes-Oxley Act. That legislation prompted the American Institute of Certified Public Accountants to issue SAS (Statement on Auditing Standards) No. 99, “Consideration of Fraud in a Financial Statement Audit.”

The purpose of SAS 99 is to “establish standards and provide guidance to auditors in fulfilling their responsibility as it relates to fraud in an audit of financial statements conducted in accordance with generally accepted auditing standards.” The new standard does not mandate that all auditors become forensic auditors, but it does require that the audit approach now include an increased emphasis on identifying financial statement fraud.

Fraud defined. SAS 99 defines fraud as “an intentional act resulting in a material misstatement in the financial statements” and raises the ante for auditors by requiring us to look for fraud throughout the entire audit process.

The primary purpose of SAS 99 is to increase and strengthen the awareness of a company’s management and its auditors with regard to:

the possibilities of fraud in a financial environment, and
the steps necessary to increase the possibilities of detecting fraud.

As a practical matter, the new standard goes beyond fraud detection and should result in more effective audits and more responsive and valuable client service.

Management’s role. Fraudulent financial reporting need not be the result of a grand plan or conspiracy. It may be that management rationalizes a material misstatement of the company’s condition as, for example, an aggressive (rather than indefensible) interpretation of accounting rules, or as a temporary misstatement of financial statements that will be corrected later when the numbers look better.

Management is responsible for overseeing the activities carried out by its employees and for implementing and monitoring anti-fraud processes and controls. The most important way for management to prevent fraud is to communicate effectively, by both word and deed, a zero-tolerance policy. This may seem self-evident, but setting the right tone at the top goes a long way toward preventing fraud throughout an organization.

Benefits. When a company puts in place anti-fraud procedures, it does much more than protect itself from the tremendous monetary damage fraud can cause; it safeguards its reputation, its ability to achieve its strategic objectives, and its value. Further, it helps a company create the corporate governance and management oversight expected of organizations of all size, private or public.

Conditions for fraud. Generally, there are three conditions present when fraud occurs:

incentive or pressure,
opportunity, and
rationalization (i.e., finding a reasonable justification for committing fraud).

When so inclined, upper and middle managers are able to perpetrate fraud because they are often in a position to manipulate accounting records and produce fraudulent financial information. To make matters worse, business owners can unintentionally allow fraud to occur in their companies when, in the interest of simplicity or expediency, they resist the implementation or enforcement of internal controls designed to prevent fraud.

How auditors err. It is the auditor’s job to certify to owners, lenders, investors and other third parties the accuracy and reliability of a company’s financial statements. That is why an auditor’s independence of the company being audited is so critical.

In fulfilling their role, auditors may fail to detect fraud-related material misstatements in financial statements. The causes may be many but can usually be tied to one of five main issues:

Over-reliance on client representations (or failure to corroborate those representations with other audit evidence).
Failure to recognize that an observed condition may indicate a material fraud.
Lack of experience in understanding why fraud occurs or what behavior patterns to look for (this lack of experience can result in a complacent attitude about fraud).
Personal relationships with clients.
Assuming that the company’s managers at all levels are honest and conduct themselves with integrity.

Reminder. SAS 99 reminds auditors that they need to overcome these natural tendencies and biases and to approach engagements with professional skepticism, a questioning mind and an awareness that fraud can occur anywhere, regardless of prior experience with a company.

For the client, if Sarbanes-Oxley and SAS 99 offer any downside, it may lie in the necessity for the auditor to make additional inquiries, follow more time-consuming procedures, and require more documentation than before. That means more time, more meetings, and higher audit costs. It’s not an ideal situation, but it should result in more reliable and useful financial statements. It’s also a sign of the times.

Based in Mesa, Arizona, and serving closely held businesses in the East Valley, the Phoenix area and throughout Arizona, Schmidt Westergard & Company, PLLC, is an independent full-service tax, audit, accounting and business advisory firm focusing on the middle market.