Consideration of Fraud in a Financial Statement Audit: PCAOB

• Auditing and Assurance
• ||
• May 21, 2025

According to statutory requirements under US GAAP, companies are mandated to conduct an audit of their financial statements to ensure compliance with applicable regulations. It is the auditor’s responsibility to identify any material errors or fraudulent activities within the financials.

It is essential for organizations to appoint a competent auditor who is well-versed in U.S. GAAP and possesses a deep understanding of regulatory compliance who can effectively detect misstatements or irregularities that may otherwise lead to legal penalties or financial losses. For this purpose, the organization must be aware of various considerations regarding fraudulent activities and how to improve them.

Why financial statement audit is important?

The general responsibilities of the auditor in conducting an audit require the auditor to plan and perform the audit to obtain Sufficient Appropriate Audit Evidence (SAAE) to obtain reasonable assurance about whether the Financial Statements (FS) are free of material misstatement, whether due to error or fraud. This article outlines the auditor’s responsibilities in identifying, addressing, and communicating fraud risks during an audit of financial statements.

Description and Characteristics of Frauds

What is Fraud?

Fraud is a deliberate act intended to mislead users about their financial information, and it is a significant concern in financial reporting and auditing. The primary distinction between fraud and error is whether the underlying action is intentional or unintentional. Fraud typically requires more serious actions to conceal, whereas errors are often unintentional mistakes that can be corrected once identified.

Two types of misstatements

1. Misstatements arising from fraudulent financial reporting
2. Misstatements arising from misappropriation of assets.

 1. Misstatements arising from fraudulent financial reporting: These are the intentional misstatements or omissions of amounts or disclosures in financial statements. Fraudulent financial reporting misstatements may be accomplished by the following:

• Accounting records or supporting documentation used to prepare financial statements may be manipulated, falsified, or altered intentionally or unintentionally.
• Events, transactions, or other important information may be intentionally omitted from or misrepresented in the financial statements.
• Intentional misapplication of accounting principles relating to classification, amounts, manner of presentation, or disclosure

In some cases, fraudulent financial reporting may not be part of a grand plan or conspiracy. Sometimes, management rationalizes material misstatements as “aggressive interpretations” of complex accounting rules or considers the misstatements as temporary errors, hoping to correct them later. This is an example of how management can rationalize misstatements.

2. Misstatements arising from misappropriation of assets (sometimes referred to as theft or defalcation): It occurs when individuals steal or misuse company resources, where the effect of theft causes a misrepresentation in the financial statements

Misappropriation of assets and misstatements can be accomplished by the following:

• Embezzling receipts: Employees or management may divert company funds for personal use
• Stealing assets: These could be physical assets like small but high-value inventory or cash
• Causing an entity to pay for goods or services that have not been received
• Creating false or misleading records or documents, potentially by circumventing controls

Three Conditions for Fraud to Occur

1. Incentive or Pressure: Management or other employees feel pressure (e.g., unrealistic performance targets) or have a financial incentive, which provides a reason to commit fraud.

2. Opportunity: Circumstances exist—for example, the absence of oversight by senior management and those charged with governance, ineffective internal controls, or the ability of management to override controls—that provide an opportunity for fraud to be perpetrated.

3. Rationalization: Those committing fraud may justify their actions, even to themselves. They may believe the business can “afford” the theft or that a perceived short-term setback justifies their behavior. Sometimes, due to perceived unfairness or unrealistic expectations, employees may justify dishonest behavior.

How management can perpetrate fraud?

Since management often has the power to modify financial records or override controls, they are in a position to commit fraud. In particular, management’s overriding of controls often results in fraudulent financial reporting, which makes it more difficult for auditors to detect.

The following are some examples of how management commits fraud:

• Directing employees to manipulate financial statements
• Concealing fraudulent actions by modifying documents or providing misleading information during audits

These types of fraud can be particularly difficult for auditors to detect, especially when management, employees, and outside parties collude.

Audit Procedures as per U.S. GAAP- Performed to Respond to Assessed Fraud Risks Relating to Fraudulent Financial Reporting

When fraud risks related to fraudulent financial reporting are assessed, auditors may perform the following procedures:

 1. Revenue Recognition:

• Conduct substantive analytical procedures comparing revenue by month, product line, or segment to identify unusual trends.
• Confirm with customers specific contract terms and the absence of side agreements.
• Inquire with sales or legal personnel about unusual transactions near period-end
• Observe shipments or returns at period-end to ensure proper sales and inventory cut-off procedures.
• Test controls for electronically initiated revenue transactions to ensure proper recording

2. Inventory Quantities:

• Review inventory records to identify high-risk areas and perform surprise counts or unannounced visits
• Conduct inventory counts near period-end to minimize manipulation risks
• Examine goods during inventory counts, looking for irregularities like hollow stacks or mislabelled items
• Perform additional procedures to test the accuracy of inventory quantities and use computer-assisted audit techniques to verify counts

3. Management Estimates:

• Identify fraud risks involving management estimates, such as asset valuations or liabilities (e.g., pension obligations)
• Use auditor-employed specialists or independent estimates to test the reasonableness of management’s estimates
• Conduct a retrospective review of prior period estimates to assess consistency and reasonableness

Audit Procedures as per U.S. GAAP- Performed to Respond to Assessed Fraud Risks Relating to Misappropriations of Assets

When the auditor identifies a fraud risk related to misappropriation of assets, such as easily accessible cash or movable inventory like laptops, the audit procedures focus on the specific risks identified.

1. Account Balances: Audit procedures should be tailored to the fraud risk, such as cash or inventory that is vulnerable to theft.

2. Control Testing: The auditor should assess and test the controls designed to prevent and detect asset misappropriation. This includes evaluating the design and effectiveness of these controls.

3. Physical Inspection: If applicable, the auditor may conduct physical inspections of assets, such as counting cash or securities, especially near the end of the reporting period.

4. Substantive Analytical Procedures: In certain cases, auditors may develop a high level of precision in estimating an expected dollar amount to compare with the recorded amount, identifying any discrepancies that could indicate misappropriation.

Audit Procedures as per U.S. GAAP- Addressing the Risk of Management Override of Controls

The risk of management override of controls is a significant concern because management can manipulate accounting records and override internal controls. To mitigate this risk, the auditor should perform specific procedures to detect and address potential fraud. Below are key audit procedures to address this risk:

1. Examine Journal Entries and Adjustments:

• Understanding Financial Reporting Process: The auditor should understand the financial reporting process and internal controls over journal entries (e.g., who can initiate entries and how they are recorded)
• Selecting and Testing Journal Entries: The auditor should identify and test journal entries, especially those made at period-end or unusual times
• Testing Non-standard Transactions: Special attention should be given to non-recurring transactions, such as business combinations or adjustments, that are not subject to regular controls

2. Review of Accounting Estimates:

• Retrospective Review: The auditor should review prior period estimates to detect any bias in management’s judgment or assumptions that may indicate fraud
• Evaluating Bias: If bias is found, the auditor should assess whether it could lead to material misstatements due to fraud, such as adjusting estimates to meet the target

3. Evaluate Significant Unusual Transactions:

• Identify and understand unusual transactions: The auditor must identify significant unusual transactions (e.g., large, complex, or unusual transactions) that fall outside the normal course of business
• Investigate business purpose: For these transactions, the auditor should verify if there’s a legitimate business purpose or if they could indicate fraudulent financial reporting or asset misappropriation
• Complex or related party transactions: Special attention should be given to transactions involving related parties or those that lack economic substance, which might indicate fraud

4. Evaluate the Form of Transactions:

• Analyse complex transactions: The auditor should look for overly complex transactions or those lacking commercial substance, such as those structured to achieve specific accounting treatments or financial targets

5. Ensure Proper Accounting and Disclosure:

• Verify financial reporting: Ensure that significant unusual transactions are properly accounted for and disclosed in the financial statements for a fair presentation

Documenting the Auditor’s Consideration of Fraud

The auditor should document the following:

• Planning Discussion: The discussion among the engagement team in planning the audit regarding the risk of fraud in the financial statements, including when and how the discussion occurred, who participated, and the subject matter discussed
• Fraud Risk Assessment Procedures: The audit team needs to perform procedures to obtain information necessary to identify and assess the fraud risks
• Identified Fraud Risks: The team should document the fraud risks that were identified at the financial statement and assertion levels, and explain the linkage of those risks to the auditor’s response
• Revenue Recognition Fraud Risk: If improper revenue recognition is not identified as a fraud risk, the reasons supporting the auditor’s conclusion are
• Audit Procedures to Address Fraud: The auditor must document the results of the procedures performed to address the assessed fraud risks, including any procedures performed to further address the risk of management override of controls
• Other Conditions Requiring Further Action: If any unusual conditions and analytical relationships exist that require additional auditing procedures, these should be documented. The auditor should explain why they believe further action is necessary and what they plan to do.
• Communications About Fraud: The auditor must document the nature of the communications about fraud made to management, the audit committee, and others 

How Mercurius can help you?

This is the result of ever-growing desires and an urge to have a competitive edge in the market, as frauds and scandals have gained pace in our country and the entire world. Witnessing such unethical practices, our role as auditors is crucial, as we are the ones entrusted with the responsibility to report such fraud.

With the rapid change in technology and perpetrating minds, auditors need to pull up their socks and equip themselves and their teams to detect fraud and report it to discharge their duties well professionally and as citizens of our Nation.

At Mercurius, we take pride in being a trusted CPA firm with industry-wide experience, holding both PCAOB and IFRS registration. We assist our clients in dealing with internal audits, government audits of various corporate matters (including company incorporation), statutory audits, ROC compliance, and company winding-up. In India, we can provide them adequate support and guidance from our end. If you have any questions or would like to learn more about the Reporting of fraud by auditors, please get in touch with us.