Fraud: A Review of
AAA Auditing Standards Committee
Kay W. Tatum, Chair; Brian Ballou; Joseph V. Carcello; Peter R. Gillett; George
Krull; Konrad W. Kubin; Larry E. Rittenberg; Roger Simnett
The AICPAs Auditing Standards Board formed the Fraud Task Force to
consider revising SAS No. 82, Consideration of Fraud in a Financial
Statement Audit, and/or recommend other related standard-setting
initiatives. After its September 2000 meeting, the task force (chaired by David
Landsittel with academic members Mark Beasley and Zoe-Vonna Palmrose) asked the
AAAs Auditing Standards Committee to prepare a review of the academic
fraud literature. The committee prepared a report that summarized 25 articles
and classified them according to questions posed by Landsittel and Bedard
(1997) after the issuance of SAS No. 82. The following report is based on the
report that was presented to the task force at its December 2000 meeting.
Issue 1: Is the
concept of a separate fraud risk evaluation appropriate?
- Zimbelman (1997). This study found
that auditors who separately assess fraud risk spend more time reading fraud
cues (i.e., red-flag risk factors) compared to those who make a combined
evaluation of risk of both fraud and error, implying that more attention might
be paid to red-flag cues under SAS No. 82. Budgeted hours for audit testing
were higher using a separate assessment of fraud risk, in both high- and
low-fraud risk scenarios, and participants did not choose different audit
procedures in response to differences in perceived risk. The results suggest
that SAS No. 82 may not lead to increased fraud detection.
- Knapp and Knapp (2000). This study
examines the effects of audit experience and explicit fraud risk assessment
instructions on the effectiveness of analytical procedures in detecting
financial statement fraud. Explicit instructions to assess fraud risk led to
better performance. Audit managers were more accurate in their fraud risk
assessment than audit seniors. Managers with explicit instructions performed
significantly better than other groups, showing that experience and explicit
Issue 2: What are the
most important factors that may be indicative of fraud?
- Albrecht and Romney (1986). This
study tests the relative incidence of 87 red flags across fraud and no-fraud
observations. Only about one-third of these red flags were found to be
significant predictors of fraud. A large number of the red flags found to be
good predictors pertained to personal characteristics of management (e.g., key
executives living beyond their means, key executives who are
wheeler-dealers, etc.). Moreover, many company-specific factors
(e.g., business operations deteriorating significantly, etc.) were either
insignificant or untestable.
- Loebbecke, Eining, and Willingham
(1989). This paper presents the results of a survey of audit partners from KPMG
who have had experiences with fraudulent financial reporting and with asset
misappropriations. The authors develop a fraudulent financial reporting
assessment model, which incorporates a reasoning process in evaluating the
likelihood of fraud. The model posits that fraudulent financial reporting is a
function of conditions, managerial motivation, and attitude. The authors
suggest a separate assessment of the likelihood of errors, fraudulent financial
reporting, and asset misappropriation.
The authors found two
factorsdecision-making domination by one person or a small group acting
in concert and weak internal controlsin 75 percent of the observations.
The primary indicators of conditions suggesting heightened risk of fraud were:
dominated decisions, the presence of one or an aggregation of transactions that
have a major effect on the financial statements, related party transactions,
weak internal control, and difficult-to-audit transactions. The primary
indicators of managerial motivation for fraud were: industry decline,
inadequate profits, emphasis on earnings projections, and significant
contractual commitments. The primary indicators of an attitude predisposing one
toward fraud were: dishonest management, undue emphasis on earnings
projections, personality anomalies, prior year fraud, lies or evasiveness, and
an aggressive attitude toward financial reporting. Fraudulent financial
reporting was found to be more common than asset misappropriations and much
more likely in public than private companies.
reporting was more common among manufacturing, transportation, and technology/
communications firms, and less common among educational and other
- Pincus (1989). Auditors using a red
flags questionnaire considered a more comprehensive and uniform set of
potential fraud indicators than auditors who were not using a questionnaire.
However, questionnaire use did not lead to more effective fraud detection;
non-users outperformed the questionnaire users in a fraud case.
- Hackenbrack (1993). Factors related
to incentives to commit fraud (e.g. pressure to increase the stock price and
earnings-based management incentive compensation) were rated as highly
important by auditors, along with a domination by a manager.
- Dechow, Sloan, and Sweeney (1996).
Firms subject to SEC enforcement actions for overstating earnings desired to
(1) raise external financing at low cost, and (2) avoid violations of debt
covenant restrictions. They also were (3) less likely to have an audit
committee, (4) more likely to have a company founder as CEO, (5) more likely to
have a board dominated by insiders, and (6) less likely to have an external
stockholder monitoring management. The results did not support the notion that
managers manipulate earnings to obtain larger earnings-based bonuses or to sell
their stockholdings at inflated prices.
- Summers and Sweeney (1998). This
paper examines whether insider trading is a useful predictor of financial
statement fraud. The authors find that insiders reduce their holdings of
company stock in the presence of fraud. Insiders reduce their stock position by
engaging in significant selling activity. There was not a significant
difference between fraud and nonfraud firms in stock purchases by insiders.
Note that insider trading is not mentioned in SAS No. 82 as a risk factor.
Issue 3: Can the
identified fraud indicators be weighted or put into a model?
- Hackenbrack (1993). High variability
in the importance ratings assigned to various fraud risk factors was noted.
Some of this variability appears related to the auditors experience with
large vs. small clients. Auditors assigned primarily to large client
engagements place relatively more emphasis on risk factors relating to
opportunity to commit fraud than do auditors assigned primarily to smaller
- Bell and Carcello (2000). This paper
presents the results of an attempt to develop a model useful in predicting the
existence of fraudulent financial reporting. The model is based on 77 fraud
instances and 305 nonfraud instances drawn from KPMGs audit practice. The
model correctly classified 80 percent of the fraud cases while only
misclassifying 11 percent of the nonfraud cases. The significant risk factors
included in the model were: weak internal control environment, rapid growth,
inadequate/inconsistent profitability, undue emphasis on meeting earnings
projections, dishonest or overly evasive management, ownership status (private
vs. public), and an interaction between a weak control environment and an
aggressive attitude toward financial reporting.
Issue 4: When does a
risk factor become a red flag?
- None of the articles reviewed
directly related to this issue. However, see Bell and Carcello (2000) discussed
in Issue 3.
Issue 5: Should
auditors rely on controls when risk factors are present?
- Matsumura and Tucker (1992).
Auditors are expected to better detect fraud when penalties for not detecting
fraud are increased, when testing requirements are increased, or when
clients internal controls are strong. Managers are expected to be less
likely to commit fraud when testing requirements are increased or when
clients internal controls are strong. An experimental market using
accounting students and economic gains and losses to represent benefits and
costs in this setting found results consistent with the expectations.
- Bloomfield (1997). Subjects acting
as auditors make less accurate risk assessments when the auditor perceives that
control risk is low (i.e., a client with strong internal controls), while legal
liability for audit failure is high. Bloomfield notes that the severity of this
effect may be mitigated if auditing standards imposed maximum levels of
detection risk, and/or if auditors commit to some substantive testing
regardless of their risk assessment.
- Caplan (1999). The study models the
auditors fraud investigation decision in a setting in which management is
given two choices: whether to install weak or strong internal controls and
whether to engage in fraudulent financial reporting. The study concluded that
the use of control strength as a red flag in fraud risk assessment
is reasonable even when management can override controls, and that, the audit
failure rate is higher when internal controls are weak. When internal controls
are weak, the auditor expects to find numerous errors. Because routine audit
procedures do not distinguish between errors and fraud, the impact of fraud on
audit evidence may go unnoticed.
Issue 6: What
lessons for auditors have been identified by examining data on
prior fraud litigation and SEC enforcement actions?
- Palmrose (1987). Economic downturns
tend to be associated with increases in auditor litigation. Professional
standards may not protect auditors from litigation. However, most business
failures that occur without management fraud resulted in a dismissal of the
case against the auditor (without the auditor making payments).
- Bonner, Palmrose, and Young (1998).
The most common categories of fraud that resulted in SEC enforcement actions
were (1) omitted or improper disclosures, (2) fictitious revenues, (3)
premature revenue recognition, and (4) overvalued assets and undervalued
expenses/liabilities. Fictitious transactions were also more likely to cause
auditors being named as defendants.
- Erickson, Mayhew, and Felix (2000).
Failure to detect fraud can be attributed to failure to understand the
clients business/industry. A detailed analysis of publicly available
working papers and depositions from Lincoln Savings and Loan unveiled
persuasive evidence that auditors became so entrenched in accounting for
complex transactions that they failed to understand the viability of the
transactions in Lincolns industry and economic environment.
Issue 7: How can the
profession promote more professional skepticism among
- Bernardi (1994). Except for auditors
with a high degree of sensitivity to ethical situations, auditors are
insensitive to information about client integrity and competence when
conducting a substantive audit procedure. This conclusion was supported in a
behavioral experiment using managers and seniors from five of the then Big 6
firms. Further, fraud detection was higher for managers and for those with an
increased prior belief about fraud.
- Hoffman and Patton (1997). This
paper examines whether the extent of dilution (i.e. the extent to which
auditors judgments are influenced by irrelevant information) in the fraud
risk context is affected by accountability to superiors. Results show that
auditors judgments exhibit the dilution effect regardless of
accountability. While accountability does not exacerbate the dilution effect,
it is associated with more conservative fraud-risk assessments.
- Braun (2000). Time pressure reduces
the likelihood that auditors will detect cues that could lead to discovery of
fraudulent financial reporting. Experienced auditors under time pressure in an
experiment were more focused on accumulating evidence regarding frequency and
amount of misstatements at the expense of attention given to qualitative
aspects of misstatements indicative of potential fraud. Further, evidence
suggested that those under low levels of time pressure considered a broader
range of cues while executing detailed tests.
Issue 8: Would a
requirement for management reports on controls or an auditor opinion on
controls provide an effective deterrent to fraud?
- Hermanson (2000). This study
investigates the demand for reporting on internal control by surveying 1,350
people across nine user groups. Respondents agreed that both voluntary and
involuntary management reports on internal control motivate management to
improve controls and audit committees to increase their oversight of internal
control. Respondents were neutral about whether management reports on internal
controls provide substantially greater protection against material fraud.
Issue 9: Can new
technologies be used to improve fraud detection (e.g., electronic sensors,
software, expert systems, modeling)?
- Eining, Jones, and Loebbecke (1997).
Auditors using a model that provided a suggested fraud risk assessment perform
better than those using the checklist and those making unaided decisions.
However, those using the expert system with constructive dialogue outperformed
all other groups. The importance of management fraud assessment stems from its
potential effect on subsequent audit planning decisions. In this regard,
auditors using the expert system make decisions concerning additional audit
actions that are more consistent with their risk assessments than auditors in
the other groups.
- Green and Choi (1997). This study
examines the relative effectiveness of neural networks (NN) as a means of
detecting financial statement fraud in the revenue and collection cycle of
publicly held manufacturing and merchandising companies. Three NN models are
developed and applied to a sample containing both fraudulent and nonfraudulent
financial statements. The studys results support future use of NNs as a
fraud-risk assessment tool.
Issue 10: Are
communications hot lines an effective deterrent to
- Hooks, Kaplan, and Schultz (1994).
An open communication environment can assist in deterring fraud.
Whistle-blowing was found to be an important factor in fraud prevention and
detection, since potential perpetrators of fraud were less likely to proceed if
the prospects of being reported were increased.
- Schultz and Hooks (1998). The
authors predict that an individual knowledgeable about fraud is more likely to
disclose it to an auditor when there is a close relationship with the auditor
and the individual does not stand to benefit from the fraud. The results of a
classroom experiment involving auditing students acting in a scenario involving
these factors were consistent with this prediction.
Issue 11: Can
analytical procedures be better used to detect fraud warning
- Calderon and Green (1994). This
paper examines the use of financial analysts forecasts in performing
analytical procedures directed toward identifying fraudulent financial
reporting. The authors find that financial analysts forecasts provide
relatively accurate signals of fraud in the presence of fraudulent financial
reporting. However, financial analysts forecasts are ineffective in
signaling the absence of fraud when fraud is not present.
- Hassell (1994). This paper
identifies two limitations of the Calderon and Green (1994) study. First,
analysts forecasts are not intended to predict fraud. Second,
analysts forecasts may not be independent of management because of
personal relationships between analysts and company employees.
- Summers and Sweeney (1998). This
paper (discussed in Issue 2) also considers the explanatory power of a number
of financial characteristics in predicting fraud. Fraud companies have a higher
level of inventory relative to sales, are growing faster, and have a higher
return on assets than nonfraud companies in the year prior to the beginning of
Issue 12: Is there a
significant relationship between corporate governance and fraud?
- Beasley (1996). This paper examines
whether a significant relationship exists between board of director composition
and financial statement fraud (both fraudulent financial reporting and asset
misappropriation, although approximately 90% of the observations involved
fraudulent financial reporting). Results supported a significant negative
relationship between the percentage of outside directors (i.e., nonmanagement)
and the likelihood of financial statement fraud. This result does not depend on
how an outside director is defined. Results did not show a significant
relationship between audit committee existence (or composition) and the
likelihood of financial statement fraud. However, the results showed a negative
relationship between the percentage of stock held by outside directors and the
likelihood of financial statement fraud. Similarly, a negative relationship
existed between the tenure of outside directors and the likelihood of financial
statement fraud. A direct relationship between the number of other
directorships held by outside directors and the likelihood of financial
statement fraud was also observed. Finally, those firms with smaller boards
were less likely to experience fraud.
- McMullen (1996). Companies that have
audit committees were found to have a lower incidence of: (1) shareholder
litigation alleging management fraud, (2) quarterly earnings restatements, (3)
SEC actions, (4) illegal acts, and (5) auditor turnover.
S., and M. B. Romney. 1986. Red-flagging management fraud: A validation.
Advances in Accounting3: 323333.
Beasley, M. S. 1996. An
empirical analysis of the relation between the board of director composition
and financial statement fraud. The Accounting Review 71 (October):
Beasley, M. S., J. V.
Carcello, and D. R. Hermanson. 1999. Fraudulent Financial Reporting:
19871997, An Analysis of U.S. Public Companies. New York, NY: COSO.
Bedard, J. C., R.
Simnett, and J. A. Devoe-Talluto. 2000. Auditors consideration of fraud:
How behavioral research can address the concerns of standard setters.
Advances in Accounting Behavioral Research (forthcoming).
Bell, T. B., and J. V.
Carcello. 2000. A decision aid for accessing the likelihood of fraudulent
financial reporting. Auditing: A Journal of Practice & Theory 19
Bernardi, R. A. 1994.
Fraud detection: The effect of client integrity and competence and auditor
cognitive style. Auditing: A Journal of Practice & Theory 13
Bloomfield, R. J. 1997.
Strategic dependence and the assessment of fraud risk: A laboratory study.
The Accounting Review 72 (October 1997): 517538.
Bonner, S. E., Z-V.
Palmrose, and S. M. Young. 1998. Fraud type and auditor litigation: An analysis
of SEC accounting and auditing enforcement releases. The Accounting
Review 73 (October): 503532.
Braun, R. L. 2000. The
effect of time pressure on auditor attention to qualitative aspects of
misstatements indicative of potential fraudulent financial reporting.
Accounting, Organizations and Society 25: 243259.
Calderon, T. G., and B.
P. Green. 1994. Analysts forecasts as an exogenous risk indicator in
analytical auditing. Advances in Accounting 12: 281300.
Caplan, D. 1999.
Internal controls and the detection of management fraud. Journal of
Accounting Research 37 (Spring): 101117.
Dechow, P. M., R. G.
Sloan, and A. P. Sweeney. 1996. Causes and consequences of earnings
manipulation: An analysis of firms subject to enforcement actions by the SEC.
Contemporary Accounting Research 13 (Spring): 136.
Eilifsen, A., and W. F.
Messier. 2000. The incidence and detection of misstatements: A review and
integration of archival research. Journal of Accounting Literature
Eining, M. M., D. R.
Jones, and J. K. Loebbecke. 1997. Reliance on decision aids: An examination of
auditors assessment of management fraud. Auditing: A Journal of
Practice & Theory 16 (Fall): 119.
Erickson, M., B. W.
Mayhew, and W. L. Felix. 2000. Why do audits fail? Evidence from Lincoln
Savings and Loan. Journal of Accounting Research 38 (Spring):
Green, B. P., and J. H.
Choi. 1997. Assessing the risk of management fraud through neural network
technology. Auditing: A Journal of Practice & Theory 16 (Spring):
Hackenbrack, K. 1993.
The effect of experience with different sized clients on auditor evaluations of
fraudulent financial reporting indicators. Auditing: A Journal of Practice
& Theory 12 (Spring): 99110.
Hassell, J. M. 1994. An
academic perspective on Analysts forecasts as exogenous risk
indicators in analytical auditing. Advances in Accounting 12:
Hermanson, H. 2000. An
analysis of the demand for reporting on internal control. Accounting
Horizons 14 (September): 325341.
Hoffman, V. B., and J.
M. Patton. 1997. Accountability, the dilution effect, and conservatism in
auditors fraud judgments. Journal of Accounting Research 35
Hooks, K. L., S. E.
Kaplan, and J. J. Schultz, Jr. 1994. Enhancing communication to assist in fraud
prevention and detection. Auditing: A Journal of Practice & Theory
13 (Fall): 86117.
Knapp, C. A., and M. C.
Knapp. 2000. The effects of experience and explicit fraud risk assessment in
detecting fraud with analytical procedures. Accounting, Organizations and
Landsittel, D., and J.
Bedard. 1997. Fraud and the auditor: Current developments and ongoing
challenges. The Auditors Report (Fall): 34.
Loebbecke, J. K., M. M.
Eining, and J. J. Willingham. 1989. Auditors experience with material
irregularities: Frequency, nature, and detectability. Auditing: A Journal of
Practice & Theory 8 (Fall): 128.
Matsumura, E. M., and R.
R. Tucker. 1992. Fraud detection: A theoretical foundation. The Accounting
Review 67 (Fall): 753782.
McMullen, D.A. 1996.
Audit committee performance: An investigation of the consequences associated
with audit committees. Auditing: A Journal of Practice & Theory 15
Nieschwietz, R. J., J.
J. Schultz, Jr. and M. F. Zimbelman. 2000. Empirical research on external
auditors detection of financial statement fraud. Working paper.
Palmrose, Z-V. 1987.
Litigation and independent auditors: The role of business failures and
management fraud. Auditing: A Journal of Practice & Theory 6
Pincus, K. V. 1989. The
efficacy of a red flags questionnaire for assessing the possibility of fraud.
Accounting, Organizations and Society 14: 153163.
Schultz, J. J., Jr., and
K. Hooks. 1998. The effect of relationship and reward on reports of wrongdoing.
Auditing: A Journal of Practice & Theory (Fall) 17: 1535.
Summers, S. L., and J.
T. Sweeney. 1998. Fraudulent misstated financial statements and insider
trading: An empirical analysis. The Accounting Review 73 (January):
Zimbelman, M. F. 1997.
The effects of SAS No. 82 on auditors attention to fraud risk factors and
audit planning. Journal of Accounting Research 35 (Supplement):
Back to Contents Page