Management Override and Financial Statement Fraud
Management can perpetuate financial reporting frauds by overriding established control procedures and recording unauthorized or inappropriate journal entries or other closing adjustments. Grantees will find this information useful in preventing similar occurrences from happening within their organizations.
The following is an excerpt from Fraud Detection in a GAAS Audit..
Examining Journal Entries and Other Adjustments
Management can perpetrate financial reporting frauds by overriding established control procedures and recording unauthorized or inappropriate journal entries or other post closing adjustments (for example, consolidating adjustments or reclassifications). For example, SEC Accounting and Auditing Enforcement Release No. 1287 (Guilford Mills, Inc.) describes a situation in which the controller entered false journal entries debiting accounts payable and crediting purchases (cost of sales). The effect was to understate payables and significantly increase earnings.
To address situations such as these, SAS No. 99 requires you to test the appropriateness of journal entries recorded in the general ledger and other adjustments.
Understanding the financial reporting process. To effectively implement this required procedure, you will need to obtain a good understanding of the entity's financial reporting process. This understanding is important because it allows you to know what should happen in a "normal" situation so you can then identify anomalies. The following table describes example inquiries you may consider making of entity personnel. Adjacent to each inquiry is a description of how the information learned from the answer can help you identify and select journal entries and other adjustments for testing.
|Example Inquiry||Identify and Select Items for Testing|
|What are the sources of significant debits and credits to a given account? For example, is the account posted automatically as a normal part of transaction processing, or is it posted directly through a journal entry?||Look for account activity being posted from unexpected sources (for example, a journal entry where none is expected).|
|Who has the ability (for example, logical or physical access to the necessary records) to make journal entries or other adjustments?||Look for the information to be an "opportunity" within the fraud triangle framework. Look for incentives and the ability to rationalize related to the same individuals.|
|Who is responsible for initiating journal entries or other adjustments?||Look for transactions initiated from unexpected sources|
|What approvals are required for journal entries or other adjustments?||Look for unapproved transactions.|
Your understanding of the financial reporting process also should include knowledge of how journal entries are initiated, recorded, and processed (for example, directly online or in batch mode from physical documents), the design of any controls over journal entries and other adjustments, and whether those controls have been placed in operation. This information will help you design suitable tests.1
As part of your brainstorming session, you should consider discussing how journal entries may be used to perpetrate or conceal a fraud. For example, you might discuss:
- The various ways in which management could originate and post inappropriate journal entries or other adjustments.
- The kinds of unusual combinations of debits and credits that the engagement team should be looking for.
- The types of journal entries or other adjustments that could result in a material misstatement that would not likely be detected by standard audit procedures.
As part of your inquiries of management and others about fraud-related matters, you should consider asking accounting, data entry, and IT personnel about whether they have observed any unusual accounting entries during the audit period.
Identifying journal entries and other adjustments for testing. Your assessment of the risk of material misstatement due to fraud, together with your assessment of the effectiveness of controls, will determine the extent of your tests. SAS No. 99 requires that you inspect the general ledger to identify journal entries to be tested and examine the support for those items. This procedure is required even if you determine that controls over journal entries and other adjustments are operating effectively. When testing journal entries and other adjustments, it is vital that you identify and consider the entire population of journal entries and other adjustments. Be aware that some entries and adjustments may be made outside of the general ledger. For that reason, you will need to obtain a complete understanding of how the various general ledgers are combined and the accounts are grouped to create the financial statements.
SAS No. 99 (AU sec. 316.61) provides the following guidance on what to consider when selecting items for testing.
Characteristics of Fraudulent Entries or Adjustments
- Entries made to unrelated, unusual, or seldom-used accounts
- Entries made by individuals who typically do not make journal entries
- Entries recorded at the end of the period or as postclosing entries that have little or no explanation or description
- Entries made either before or during the preparation of the financial statements that do not have account numbers
- Entries that contain round numbers or a consistent ending number
The Nature and Complexity of the Accounts
- Accounts that contain transactions that are complex or unusual in nature
- Accounts that contain significant estimates and period-end adjustments
- Accounts that have been prone to errors in the past
- Accounts that have not been reconciled on a timely basis or contain unreconciled differences
- Accounts that contain intercompany transactions
- Accounts that are otherwise associated with an identified risk of material misstatement due to fraud
In addition to these items, you should consider journal entries and other adjustments that are processed outside the normal course of business ("nonstandard" entries and adjustments).
Computer assisted audit techniques may be required to identify entries that only exist electronically.2 CAATs may be necessary to identify the complete population of journal entries and other adjustments to be tested. In addition, CAATs may be used to detect:
- Entries made at unusual times of day, for example outside regular business hours
- Entries made by unusual users, blank or nonsensical user names, senior management, or the IT staff
- Electronic entries that, through management manipulation, are not documented in the general ledger
- One-time or otherwise nonrecurring transactions
Once you identify journal entries and other adjustments for testing, you should examine documentary evidence indicating that they were properly supported and approved by management. Because fraudulent journal entries often are made at the end of a reporting period, your testing ordinarily should focus on the journal entries made at that time. However, you should not completely ignore journal entries made throughout the period.
PITF Practice Alert No. 03-2, Journal Entries and Other Adjustments, provides additional guidance on the procedures you should consider to review journal entries and other adjustments for signs of management override of internal control. That Practice Alert is included as Appendix C to this book.
Accounting estimates are particularly vulnerable to manipulation because they depend so heavily on judgment and the quality of the underlying assumptions. For that reason, SAS No. 99 requires you to perform a retrospective review of prior-year accounting estimates for the purpose of identifying bias in management's assumptions underlying the estimates.
This review is not intended to call into question your professional judgments made in prior years that were based on information available at the time. Rather, this retrospective review should be considered within the context of its implications for the current year audit, and the facts and circumstances that currently exist. Although this procedure is included in that section of the standard used to describe responses to management override, it might also have been included as part of the information-gathering phase of the engagement. That is, the information you gain from a retrospective review of management's assumptions underlying key estimates may be used to identify risks of material misstatement due to fraud.
Many financial reporting frauds have been perpetrated or concealed by using unusual transactions that are outside the normal course of business. For that reason, SAS No. 99 requires auditors to understand the business rationale for these types of transactions. SAS No. 99 (AU sec. 316.67) provides an excellent list of items you should consider when understanding the business rationale for unusual transactions.
As indicated in SAS No. 99, entities intent on fraudulently reporting financial results may use related party transactions to perpetrate or conceal the fraud. The most common related party transactions used for these purposes include the following.
- Property sales and exchanges
- Sales of property (including real estate) at prices that differ significantly from their appraised value
- Exchanges of property for similar property in a nonmonetary transaction
- Sales without substance, for example when the seller provides funds to the buyer, which allow the buyer to fully remit the sales price
- Sales with a commitment to repurchase that, if known, would preclude recognition of all or part of the revenue
- Sales at below-market rates to an unnecessary "middle man" related party, who in turn sells to the ultimate customer at a higher price, with the related party (and ultimately its principals) retaining the difference
- Purchase of assets at prices in excess of fair market value
- Sales arrangements in which the seller has a concurrent obligation to the buyer to purchase goods or services or provide other benefits
- Sale of land with arranged financing
- Sales of marketable securities at a significant discount from quoted market prices
- Lending activity
- Borrowing or lending on an interest-free basis or at a rate of interest significantly above or below market rates
- Making loans with no scheduled terms for when or how the funds will be repaid
- Loans to parties that do not possess the ability to repay
- Advancing company funds that are subsequently transferred to a debtor and used to repay what would otherwise be an uncollectible loan or receivable
- Loans advanced ostensibly for a valid business purpose and later written off as uncollectible
- Purchase of services
- Services or goods at little or no cost to the entity
- Payments for services never rendered or rendered at inflated prices
- Engaging in other transactions (for example, leases) at more or less than market value
- Agreements under which one party pays expenses on behalf of another party
As indicated in SAS No. 99, these types of related party transactions, per se, do not constitute fraudulent financial reporting. However, if these transactions were entered into without proper approval, or if entity management did not identify these transactions for you, there may be indications that fraudulent financial reporting is being concealed.
1. Note that SAS No. 55, Consideration of Internal Control in a Financial Statement Audit (AICPA, Professional Standards, vol. 1, AU sec. 319), as amended, already requires you to obtain an understanding of the entity's internal control, including journal entries. The requirements of SAS No. 99 place an even greater premium on auditors understanding their clients' financial reporting process. [back]
2. You may refer to Chapter 8 for additional guidance on computer assisted audit techniques. [back]
Management Override and Financial Statement Fraud. Ramos, Michael J. Fraud Detection in a GAAS Audit. AICPA. 2004. English.
Last Reviewed: September 2008
Last Updated: July 30, 2015