The CPA Journal

SAS 82's Effects on Fraud Discovery

By Stephen T. Jakubowski, Patricia Broce Joseph Stone, and Carolyn Conner

In Brief

Reality and Expectations Continue to Differ

Issued in 1997, SAS 82, Consideration of Fraud in a Financial Statement Audit, attempted to address certain perceived shortcomings of the audit process and audit quality. Today, the Auditing Standards Board is again considering the role of the audit in fraud detection in response to issues raised by the O'Malley Panel on Audit Effectiveness. Before engaging in a new round of standards setting, however, the auditing profession should carefully consider whether SAS 82's implementation meets its objectives and investigate its impact on the audit process. The authors' research indicates that SAS 82 has heightened awareness of the risks of financial reporting fraud, increased the amount of audit planning for fraud detection, and refocused certain aspects of the audit planning and implementation process. They also suggest that SAS 82 may have created higher expectations in the investing public than can be fulfilled by the current audit process.

The 1997 issuance of SAS 82, Consideration of Fraud in a Financial Statement Audit, attempted to address public criticism of the audit process and audit quality. SAS 82 requires that independent auditors make a specific assessment of the risk of material misstatement on financial statements attributable to fraudulent financial reporting or asset misappropriation at the beginning of the audit and maintain this focus throughout.

SAS 82 requires the assessment of the risk of material misstatement and consideration of nearly 40 specific fraud risk factors. These include management, industry, and operational characteristics. Specifically, auditors are required to make inquiries of management concerning the possible risk of fraud and to document in the workpapers any identified risk factors as well as their response to these risk factors. The standard became effective for financial statement audit periods ending on or after December 15, 1997.

Expectations Regarding SAS 82

Before SAS 82, fraud detection standards were set by SAS 53, The Auditor's Responsibility to Detect and Report Errors and Irregularities. Issued in 1988, SAS 53 was intended to narrow the expectation gap between the independent auditor's actual responsibilities to detect financial statement misstatements and financial statement users' perceptions of these responsibilities. Within several years, however, the AICPA's Expectation Gap Roundtable and the Public Oversight Board (POB) raised serious concerns about SAS 53's success in bridging the expectation gap. In 1993, the POB concluded that there was a widespread belief that auditors had a greater responsibility for the detection of fraud than was being met. The Auditing Standards Board (ASB) concluded that some practitioners did not understand their fraud detection responsibilities under SAS 53, and it sought to clarify the auditor's responsibility for the detection and reporting of fraud through SAS 82.

"I am hopeful that the standard [SAS 82] will enhance the likelihood of detection of material misstatement due to fraud," said David Landsittel, the ASB fraud task force chair, "further enabling the CPA profession to serve the public interest and increase the value of our services." Joseph P. Liotta, another member of the ASB fraud task force, indicated that SAS 82 requires auditors to ascertain management's understanding of the risk of fraud. Auditors must determine whether management is aware of any fraud perpetrated against the entity. The new standard has also led to the incorporation of new fraud terminology in the management representation letter. Liotta suggested that SAS 82 would result in auditors asking different questions of management. According to Liotta, "Research has shown that more frauds will be found by simply asking the right questions."

Liotta suggested that, in a majority of cases, SAS 82 would have little or no impact on audit fees. However, he also said that audit fees might increase in "some situations, particularly initial public offerings or certain industries that require more effort on the public accountant's part." Liotta also suggested that audit cost increases could be likely in companies where management is not effectively addressing fraud risk factors.

Methodology and Findings

A questionnaire was mailed to approximately 800 auditors in nine states (Indiana, Kentucky, Maryland, North Carolina, Ohio, Pennsylvania, Tennessee, Virginia, and West Virginia ) and Washington, D.C. The questionnaire included open-ended questions that permitted respondents to describe their experiences under the new standard. The final sample was composed of 116 respondents.

Eighty-two percent of respondents said that SAS 82 has affected their financial statement audits. Forty-five percent of respondents said that audits under SAS 82 involve more time, documentation, planning, and fieldwork. Seventeen percent said that auditors are now more aware of fraud risk factors, 7% stated that SAS 82 has resulted in more efficient auditing procedures, and 6% said that it has led to more training on fraud-related issues. Other, less common, comments (less than 5%) said that SAS 82 has-

The vast majority of the respondents (97%) said that SAS 82 has not led to an increase in the discovery of misstatements arising from the misappropriation of assets. The majority of the respondents (82%) had no comment regarding this question, but 9% said that SAS 82 has not led to an increase in the discovery of fraud, 3% said that auditors are now less defensive with clients, and another 3% reported that SAS 82 has led to a greater awareness of fraud risk factors.

A large majority of the respondents (91%) said that they had not experienced any implementation problems. Nonetheless, 5% said that SAS 82 has involved more time, documentation, and planning; another 5% said that SAS 82 has required more training on fraud-related issues. Other comments indicated that SAS 82 has led to more efficient auditing procedures, has created some peer review problems, and has been difficult to implement.

There was far less agreement on SAS 82's impact on the auditor's legal liability. Forty-five percent of respondents indicated that liability exposure has increased, while 52% said that it has had no effect; 3% were uncertain. Twenty-two percent of respondents said that SAS 82 has led to greater legal exposure because the auditor's responsibility for detecting fraud has increased. Another 9% said that liability exposure has increased because the client and the public perceive that the auditor is doing more to uncover fraud. Only 3% believe that SAS 82 has resulted in less legal exposure because of the additional audit effort.

Thirty percent of respondents said that SAS 82 has resulted in few or no benefits to the auditor. Twenty-four percent said that auditors are more aware of fraud risk factors, and another 17% said that SAS 82 has improved communications and clarified auditor and client responsibilities. Fourteen percent of respondents said that SAS 82 has increased audit effort or improved audit efficiency. Five percent said that additional guidance to the auditor had been provided, and 10% had no comment.

According to 34% of respondents, SAS 82 has brought little or no benefit to clients. Twenty-four percent disagreed, saying that SAS 82 has heightened clients' awareness of fraud; 12% percent said that it improved communications with the auditor, 9% said that the client receives more auditor effort for the fee paid, and another 6% said that SAS 82 has increased the likelihood of fraud discovery. Twelve percent of respondents had no comment.

With regard SAS 82's costs to the auditor and client, 31% said that SAS 82 has resulted in few or no additional costs to the auditor. On the other hand, 43% percent said that SAS 82 resulted in higher audit costs and another 13% said that the increases could not be passed on to the client. A small number of respondents said that SAS 82 has led to additional legal liability exposure and higher insurance costs, and 8% had no comment.

Although 48% of respondents said that SAS 82 has resulted in few or no additional costs to the client, 42% said that SAS 82 audit fees were higher. Only one respondent said that the client incurred additional costs associated with implementing internal controls as result of SAS 82. Nine percent had no comment.

Implications

One of the expected benefits of SAS 82 was that it would result in the increased discovery of fraud. Almost all of the auditors surveyed in this study said that SAS 82 has not brought about increased discovery of fraud. SAS 82 has led to auditors making more inquiries in order to ascertain management's understanding of the risk of fraud. The results of the authors' survey indicate that the primary benefit of SAS 82 lies in a heightened awareness of fraud by both auditors and management.

Although SAS 82 was intended to clarify the auditor's responsibility for detecting and reporting fraud, may have actually increased the auditor's responsibility for fraud. Nearly a third of survey respondents thought that their exposure to legal liability had increased. The primary reasons given for this were that auditors believed either that they actually had a greater responsibility to detect fraud or that clients perceived auditors were now doing more to uncover fraud. Although SAS 82 does not expand the auditor's responsibility, inadequate compliance creates potential legal liability. Of the seven respondents that no longer conduct financial statement audits, two said that this was because of SAS 82.

SAS 82 makes it clear that the auditor's responsibility is bound by the concepts of materiality and reasonable assurance. Although its intent was to clarify the auditor's responsibility for detecting and reporting fraud, SAS 82 may have inadvertently widened the expectation gap, especially if audit clients-and the public-perceive that auditors are charged with discovering and reporting fraud.