SAS99 Fraud Detection

University of Tennessee, Knoxville Trace: Tennessee Research and Creative

Exchange

University of Tennessee Honors Thesis Projects University of Tennessee Honors Program

12-2005

SAS 99 & Fraud Detection Shunlan Lu University of Tennessee – Knoxville

Follow this and additional works at: http://trace.tennessee.edu/utk_chanhonoproj Part of the Accounting Commons

Recommended Citation Lu, Shunlan, "SAS 99 & Fraud Detection" (2005). University of Tennessee Honors Thesis Projects. http://trace.tennessee.edu/utk_chanhonoproj/881

This is brought to you for free and open access by the University of Tennessee Honors Program at Trace: Tennessee Research and Creative Exchange. It has been accepted for inclusion in University of Tennessee Honors Thesis Projects by an authorized administrator of Trace: Tennessee Research and Creative Exchange. For more information, please contact [email protected]

SAS 99 and Fraud Detection

Shunlan Lu

Advisor: Dr. Del DeVries

Abstract

Fraud has been a big problem in many companies in recent years. It causes both

economic and social consequences in our society. The integrity of the accounting

profession has also been questioned. In order to give better guidance for external

auditors to uncover fraud in a Umely manner and restore public confidence to th e

accounting profession. the Auditing Standards Board of the AICPA issued

Statement of Auditing Standards No .99 (SAS 99). This paper discusses the

procedures required to implement SAS 99 and documents four recent fraud cases,

with a focus on how SAS 99 could have been effective to help auditors discover

these frauds.

1. Introduction ami Background

While fraud is something that can not be completely eliminated. steps can be taken in order to

detect it in a timely manner before it causes serious consequences . In order to guide external

auditors to conduct financial statement audits. The Auditing Standards Board. which is part of

the American Institute of Certified Public Accountants . issued Statement of Auditing Standards

No. 99 effective on December 15, 2002. Statement of Auditing Standards No. 99 is a collection

of standards that supersede Statement of Auditing Standards No . 82 . Consideration of Fraud in a

Financial Statement Audit. SAS No. 99 corrected some of the shortcomings of SAS No . 82. so

understanding the difference between SAS 99 and SAS No. 82 could help auditors to better

follow the guidelines of SAS NO .99 and conduct the financial statement audits more efficiently.

A detailed comparison of SAS 82 and SAS 99 1 is listed in Appendix A of this paper.

1 Donald C. Marczewski and Michael D Akers … CPA 's Perceptions of the Impact of SAS 99. " The CPA lournal Online. lune . (2005) . 18, Nov . 2005 < http /lwww .nysscpa.o rg/c pajournaU200S/60S/esse nti als/p38. htm>

While SAS 99 is a collection of standards that is intended to help external auditors detect fraud,

becoming familiar with SAS 99 could also help management or employees prevent fraud from

happening in the first place . It would be meaningful to document several recent corporate frauds

and to test how or if SAS 99 could have been effective in detecting these frauds , so that auditors

can learn what could have been done in the past in order to detect fraud, and what should be done

in the future to conduct audits effectively.

The rest of this paper is organized in the following manner. [n Section 2, the procedures required

to implement SAS 99 are discussed in detail. Section 3 contains four fraud case analyses,

including Enron, Tyco , World Com, and ZZZZ Best Company, for the purpose of testing how or

if SAS 99 could have been effective in detecting these frauds . [n Section 4, a conclusion is drawn

based on the four case analyses.

2. Procedures Required to Implement SAS 99

This section discusses procedures which are required to implement SAS 99. Many of these

procedures can be performed either at the same time or in a different sequence, depending on the

circumstances. SAS 99 includes the following ten procedures, and each of them will be discussed

in detail :

1. Description and characteristics of fraud

2. Professional skepticism

3. Discussion among key engagement personal

4. Information gathering

5. Risk Identification.

6. Risk Assessment

7. Responses to the results of the assessment.

8. Evaluation of audit evidence

9. Communication of possible fraud

10. Documentation of the auditor's consideration of fraud .

2

Step one . Description and characteristics of fraud.

Auditors should consider two types of misstatements. The first one is misstatements arising from

fraudulent financial reporting, which may be accomplished by manipulation, falsification, or

alteration of accounting records ; by misrepresentation or intentional omission significant

information and by intentional misapplication of accounting principles . The second type of

misstatement auditors should consider is misstatements arising from misappropriation of assets,

which causes the financial statements not to be presented according to Generally Accepted

Accounting Standards.

Step two . Professional skepticism.

Due professional care requires auditors to exercise professional skepticism. When conducting a

financial statement audit, auditors should have a qu estioning mind and be critical in assessing

audit evid ence . Examples of the application of profess ional skepticism in response to the risk of

material misstatement due to fraud are designing additional or different auditing procedures to

obtain more reliable evidence in support of specified financial statement account balances ,

classes of transactions, and related assertions , and obtaining additional corroboration of

management's explanations or representations concerning material matters. Appendix 1 shows

that, compared to SAS 82, there is a dramatically increased emphasis on maintaining an attitude

of professional skepticism in SAS 99.

Step three . Discussion among key engagement personal.

Discussion among key engagement personal regarding the risks of material misstatement is

important and should continue throughout the audil. The discussion should include an exchange

of ideas among the audit team members about the susceptibility of the entity's financial

statements to material misstatement due to fraud . The discussion should emphasize the need to

maintain a questioning mind and to exercise professional skepticism in gathering and evaluating

audit evid ence .

3

Step four: Information gathering.

Auditors should gather the information needed to identify the risk of material misstatement due

to fraud . The first step is making inquiries of management and others within the entity about the

risks of fraud. The inquiries of management should include whether they have knowledge of any

fraud, their understanding about the risks of fraud in the entity , the programs and controls the

entity has, whether management has reported to the audit committee and so on . Besides

management, auditors should also make inquiries of the audit committee, the internal audit

personnel , and employees with varying levels of authority within the entity. The second step of

information gathering is considering the results of the analytical procedures performed in

planning the audit. The result of this analytical procedure identifies the existence of unusual

transactions or events, and amounts , ratios , and trends that might indicate the existence of fraud .

The third step in information gathering is to consider the fraud risk factors, which include the

incentives/pressures to perpetrate fraud, the opportunities to carry out the fraud , or

attitudes/rationalization to justify a fraudulent action . Lastly , there are many other sources of

information that may be helpful in identifying risk su ch as review of interim financial statement.

Step five. Risk Identification .

Auditors should identify risk that may result in material misstatements due to fraud. The

information gathered in the previous steps should be used to identify risks that might result in a

materi al misstatement due to fraud. Auditors should pay special attention if the risk factors ,

mainly pressure, opportunity and rationalization , exist. The identification of risks requires

professional judgment. In identifying risks , auditors should consider whether the risk involves

fraudulent financial reporting or misappropriation of assets, whether the risk could result in a

possible material misstatement of financial statements and the likelihood that it will result in

misstatement , and lastly , whether the potential risk is pervasive in the financial statements or

related to specific accounts. Auditors should consider improper revenue recognition as a fraud

risk, because many material misstatements due to fraudulent financial reporting result from over

or understatement of revenue. Management override of controls should also be considered a

fraud risk . A more complete list of risk factors is included in Appendix B, pages 22 to 25.

4

Step six. Risk assessment.

Auditors should assess the identified risks after taking into account an evaluation of the entity's

programs and controls that address the risks . According to SAS 55, auditors should understand

the five components of internal control in order to plan an audit. As part of the understanding of

the internal control , auditors should evaluate whether the programs and control are properly

designed and placed in operation.

Step seven. Responses to the results of the assessment.

Assessment of the risk of material misstatement due to fraud should affect the aSSignment of

personnel and the extent of supervision and the extent of concern about the accounting principles

and policies adopted by management. The assessment of the risk should also be used to predict

the auditing procedures that could be used in conducting the audit. The nature of the auditing

procedures performed may need to be changed to obtain evidence that is more reliable or to

obtain additional corroborative information. The timing of substantive tests and the extent of the

procedures applied should also be modified to reflect the assessed risk of material misstatement

due to fraud . The extent of the procedures applied should reflect the assessment of the risk

(Please refer to appendix C for a list of examples of modification of the nature, timing and extent

of tests, and examples of responses to identified risk of misstatements ariSing from fraudulent

financial reporting and misappropriation of assets.)

Because management is in a unique position to perpetrate fraud, the auditor should examine

journal entries and other adjustments for eVidence, review accounting estimates for biases, and

evaluate the business rationale for Significant unusual transactions that could result in material

misstatement due to fraud (Please refer to appendix 0 for examples).

Step eight. Evidence evaluation.

First of all. auditors should assess the risk of material misstatement due to fraud throughout the

audit. Examples of conditions that may be identified during fieldwork that change or support a

judgment regarding the assessment of the risks are given in AppendiX E. Secondly, the auditor

should evaluate whether analytical procedures performed as substantive tests or in the overall

review stage of the audit indicate a previously unrecognized risk of material misstatement due to

5

fraud. Third, the auditor should evaluate the risks of material misstatement due to fraud at or near

the completion of fieldwork to see whether the accumulated results of auditing procedures and

other observations affect the assessment of the risks of material misstatement due to fraud made

earlier in the audit. If the matter involves higher-level management, the auditor should reevaluate

the assessed risk and its impact on the nature, timing and extent of the tests of balances or

transactions and the assessment of the effectiveness of controls. On the othef hand, if the auditor

believes the misstatement is or may be the result of fraud , but there is not enough evidence to

evaluate whether the effect is material, the auditor should attempt to obtain additional evidential

matter , consider the implications for other aspects of the audit, and discuss the matter with

appropriate level of management at least one level above those involved.

Step nine. Communication of possible fraud

Auditors should communicate a possible fraud to the appropriate level of management , even if

the matter is inconsequential. For fraud involving senior management which causes a material

misstatement in the financial statement, the auditors should report to the audit committee. If the

auditors identify some risk of material misstatement due to fraud that has continuing control

implications, the auditor should report to appropriate management. Generally, the auditor does

not have the responsibility to disclose possible ffaud to outside parties. However , the auditor may

do so if the matter relates to certain legal and regulatory requirements, in response to a subpoena

and to a funding agency or other specified agency .

Step ten. Documentation of auditor's consideration offraud.

The auditors should document the follOWing: the discussion among engagement personnel, the

procedures performed to obtain information necessary to identify and assess the risks of material

misstatement due to fraud , the identified risks of material misstatement due to fraud and a

description of the auditor's response to those risks, documentation that would support the

auditor's decision, the results of the procedures performed to further address the risk of

management override of controls , other conditions and analytical relationships that caused the

auditor to believe that additional auditing procedures or other responses were required, and the

nature of the communication about fraud made to management , the audit committee, and others.

6

3. Case Analysis

In order for auditors to learn from the previous corporate fraud cases and to test how or if SAS

99 could have been effective in detecting these frauds, four recent fraud cases, including Enron

Cooperation , Tyco International, World Com , and ZZZZ Best Company, are documented in this

section. Each case analysis is composed of a brief summary of company background, followed

by analysis of how the fraud happened, why it happened, and finally and most importantly , how

SAS 99 could have been effective in detecting fraud .

3.1 Case one: Enron Corporation

What happened~Z

Enron was founded in 1985 from a merger between InterNorth , Inc. , and Houston Natural Gas

Company. As a former CEO of the Houston Natural Gas Company, Kenneth Lay emerged as

CEO of Enron. Lay followed his predecessor and adopted an aggressive growth strategy.

Kenneth Lay hired Jeffery Skilling in 1987, promoting him to CEO by early 2001 , while Lay

served as the chairman of the board of directors . During the 1990s, Skilling transformed Enron

from a natural gas supplier into an energy-trading firm that served as an intermediary between

energy producers and final consumers. Widely regarded as a successful transformation , Enron

reported that revenue grew from $}O billion in early 1990s to $101 billion in 2000 . Kenneth Lay ,

Jeffrey Skilling and their top officers were nationally recognized because of Enron ' s new

business model. Enron was recognized as one of the most innovative, fastest growing and best

managed businesses and its stock price swelled.

Unfortunately, Enron suddenly collapsed and filed for bankruptcy in December 2001 3 . Enron 's

collapse shocked investors national-wide and the media reported that it was "the biggest crisis

investors have had since 1929." The loss of market capitalization was about 60 billion dollars

2 Michael C. Knapp. Contemporary Auditing Real Issues & Cases (Ohio: South-Westerns. 2004) 3-2 2. 3 "Eman Corporation". Wikipedia. 14 Nov. 2005 <online : http ://en .wikipedia. arg/wik ilEnron >

7

and thousands of Enron workers who held Enron' s stock in their 401 (k) retirement accounts lost

tens of billions of dollars.

Why did it happen?

There are numerous issues that are related to Enron's collapse, and the most important one is its

aggressive and fraudulent accounting practice , which was backed up by its top management

teams. Several major factors that contributed to Enron's collapse include : a bad corporate

culture , Enron's lack of internal control. Enron's transactions with its SPEs, its using of

derivatives to manipulate accounting results , and its intentional omission of important

information in financial statement disclosures . These accounting issues are discussed in detail

below.

One of the most important factors that contributed to Enron' s collapse was that Enron did not

have a corporate culture that encouraged honest accounting practice. Enron' s key executives,

such as Kenneth Lay, Jeffrey Skilling , and Andre Fastow (former Enron CFO), were accused of

fostering rule breaking and discouraging problem reporting. Also , Enron' s internal control

system, a very important tool to decrease the risk of fraudulent financial reporting, broke down,

and lack of proper separation of duties allowed management to override control.

Special Purpose Entities, sometimes called special purpose vehicles, were used by Enron as a

tool to raise needed financing for variou s purposes without the debt being reported in its balance

sheet. An important gUideline, the so called 3 percent rule, provided by The Financial

Accounting Standard Board allows a company to not consolidate subsidiaries' financial

statements as long as at least 3 percent of a SpeCial Purpose Entity's capital is provided by

independent outside parties. Enron managed to establish hundreds of SPEs, and divert huge

amounts of its debt to these entities . Enron also conducted many transactions with its SPEs so

that it recognized unrealized gains on the increase in the market value of its own common stock .

Derivatives were another tool used by Enron to manipulate its accounting records . Enron entered

into long term commodity contracts to delivery energy commodities. Sometimes the period

8

covered many years. According to the accounting rules, projected profits from those contracts

must be booked . However, Enron often inflated its profits by assuming a lower cost to provide

those commodities to fulfill the contracts.

Enron also violated generally accepted accounting principles in that it intentionally failed to

disclose information in the financial statement that was critical to Enron' s users. Stockholders,

employees, the SEC and other stakeholders of Enron were not totally aware of the true situation

of Enron.

Could SAS 99 have prevented the fraud?

Andersen had been Enron's auditor since the merger between InterNorth, Inc . and Houston

Natural Gas Company in 1985 . As Enron's former auditor, Andersen was harshly criticized by

the public and was held responsible for Enron 's bankruptcy. As a result, Andersen's long and

proud history came to an end in 2001. In retrospect, people may ask that what could Andersen

have done differently, with the help of SAS 99 guidelines, to prevent the Enron fraud from

happening or to discover the fraud earlier?

Professional Skepticism: One of the mistakes Anderson had made was to assume that the

management team of Enron was honest and had integrity, and to believe everything management

said and the evidence that was presented to them. SAS 99 makes it very clear that it requires

auditors to exercise professional skepticism As I mentioned earlier, the management team of

Enron did not establish an honest corporate culture , and to some extent it even fostered the

dishonest accounting practices and discouraged problem reporting. If Andersen's auditors had

been a little more skeptical, the fraud at Enron could have been detected .

Risk identification: SAS 99 could have been helpful in the process of gathering information to

identify fraud risk factors. SAS 99 requires the auditor to make inquiries of management about

the possibility of fraud, to assess the effectiveness of internal controls , and to assume improper

revenue recognition as a fraud risk. A former employee of Enron , Sherron Watkins, vice

president of corporate development , wrote a letter to Kenneth Lay concerning the problematic

9

accounting and possible scandals that were going on in Enron. However, no one from Andersen

had ever asked Enron's management about it. If the auditors had known this information, the

auditors would have discovered lots of fraud, such as related party transactions with Enron 's

hundreds of SPEs, improper gain recognition, overriding accounting principles, overstating

revenues and so on. Enron 's lack of internal control was also surprising. A top executive of

Dynegy , after briefly considering a merger with Enron, reported that Enron's lack of internal

control was mind-boggling. If Andersen's auditors had done what SAS 99 requires them to do ,

such as talk to Enron 's internal audit personnel and Enron 's employees, they would have

gathered enough information to identify many significant risk factors which could have lead

them to uncover the fraud. Enron also had problems with improper revenue recognition . Enron

used the derivatives to manipulate its accounting records. It substantially understated the cost to

fulfill long-term contacts and thus overstated its revenue. If Enron' s auditors had assumed

improper revenue recognition as a risk factor , they wou ld have investigated more and assessed

the appropriateness of the assumptions Enron had made concerning the cost Enron would have in

order to fulfill contracts.

Responding to the identified risk Following the gUidelines of SAS 99 would have helped

Andersen's auditors to identify risks of fraud in Enron . In responding to the identified risk, the

SAS 99 procedures require auditors to adjust the nature, timing, and extent of procedures to be

performed and the assignment of personnel and supervision in order to obtain substantive audit

evidence. Because of the overwhelming risk of fraud that would have been identified, Andersen

would have assigned skilled auditors with Significant engagement experience, and they would

have been working under proper supervision. When there were considerable material

misstatements in Enron' s financial statement due to illegitimate transactions, Anderson's

accou ntants reported that they were comfortable about the transactions and how they were

presented in Enron's financial statements, even after they had spent considerable time analyzing

all sorts of questionable transactions. Also , more reliable information and evidence from outside

of Enron would have been obtained if SAS 99 were available at that time and Andersen 's

accountants followed it. That would have made Enron's scandal more obvious and it could have

been uncovered before it got worse.

10

Communication of Fraud: It was determined that Anderson did not fulfill its professional

responsibility in that it failed to communicate to Enron's board of directors any reportable

conditions, such as , Enron's poor internal control, its dealing with SPEs, and its problematic

financial reporting. SAS 99 would have been effective in preventing and uncovering the fraud if

it had been followed , because it requires auditors to communicate about possible fraud to

management, the audit committee, and others.

The Importance of Independence: Overwhelming evidence suggested that Andersen was deeply

involved in Enron's fraud . Besides auditing, Andersen received millions of dollars for providing

consulting services to Enron. Accountants from Andersen helped Enron set up SPEs, and Enron

followed their advice. Based on available evidence, it is not unreasonable to suggest that

Andersen's accountants were aware of what was going on in Enron, and they knew that Enron 's

financial statements were not fairly presented according to generally accepted accounting

standards. Instead of issuing a qualified opinion and bringing it to the attention of the public ,

Andersen tried to conceal the fraud, until the fraud grew too big and finally burst. From this we

can see that in order for SAS 99 to have been effective in preventing and detecting fraud in

Enron, Andersen would have had to be independent , and willing to follow the auditing standards.

In conclusion: Probably the most significant barriers to Enron's external auditors uncovering the

fraud in Enron was Anderson's deep involveme

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.