Under AU-C section 240, Consideration of Fraud in a Financial Statement Audit, the auditor is required to evaluate whether information obtained from risk assessment procedures and related activities performed indicates that one or more fraud risk factors are present. Management should also be looking for and responding to the presence of accounting fraud risk factors. Fraud risk factors are events or conditions that: (1) indicate rationalizations or attitudes to justify a fraudulent action; (2) indicate an incentive or pressure to perpetrate fraud; or (3) provide an opportunity to commit fraud. [Hint. One way to remember the fraud risk factor categories is to think of the acronym RIO (i.e., rationalization, incentive, and opportunity).] In general, the greater the number of fraud risk factors that are present the greater the risk of accounting fraud occurring.
In 2017, a textbook example of how fraud risk factors may manifest themselves came to light in a neighboring city to where I live. The long-time president of the chamber of commerce abruptly resigned after 40 years of service. It came to light that unfortunately, in recent years she had developed a strong affinity for slot machines. She estimated that over a three-year period she had lost close to $50,000. Her desire to fill the one-armed bandit turned her into a two-armed bandit in that she took approximately $40,000 from the chamber of commerce and the convention and visitors bureau via unauthorized bonuses, credit card abuse, and false reimbursement payments. In the end, the president had: (1) the rationalization to commit the fraud in that she thought she might always win the big one and perhaps repay the funds and keep some winnings; (2) an incentive to commit the fraud to cover her losses; and (3) the opportunity to commit the fraud in that she had a great reputation and largely unchecked/unquestioned authority.
The identification and evaluation of accounting fraud risk factors is a critical process for both auditors and management and requires both forethought and experience. The significance of fraud risk factors varies from entity to entity and ranking fraud risk factors in order of importance can at times be problematic. However, quite often the most difficult tasks are also the most important.
Interested in learning more? Sign up for Fraud and Abuse in Not-for-Profit Entities and Governments: Stealing from Everyone with Charlie Blanton, CPA.
Charlie Blanton, CPA is Senior Director of Governmental and Nonprofit Content for Surgent CPE, where he authors Surgent’s government and not-for-profit CPE courses and is a frequent webinar instructor. Charlie has over 25 years of experience in auditing and industry having worked at KPMG, the Texas Society of CPAs, Taylor Publishing, Texas Wesleyan University, and the AICPA.