6.

Consideration of the risk of fraud

6.1. Concept of fraud

6.2. Fraud detection and prevention responsibilities – FDP

6.2.1. Evaluation of the fraud risk – ERF

6.2.2. “Audit of fraud” under IPPF

1
6.1. Concept of fraud
Fraud

is an illegal act - deceit, counterfeit, or violation of trust

does not necessarily involve the use of violent threat or
force

is made with a view to get financial or material

advantages / to avoid payment for or loss of services,
personal or business advantages

2
6.1. Concept of fraud
Advantages:

• direct – e.g.: getting some money

• indirect – e.g.: getting a promoton, power or influence

3
 6.1. Concept of fraud
Fraud might be perpetrated:
for the benefit of the
organization:
• Improper payments such as illegal
political contributions, bribes
• Intentional, improper representation or
valuation of transactions, assets,
liabilities or income.
• Sale or assignment of fictitious or
misrepresented assets.
• Intentional failure to record or disclose
significant information to improve the
financial picture of the organization to
outside parties.
• Tax fraud.
To the detriment of the
organization:
Acceptance of bribes
Diversion to an employee or outsider
of a potentially profitable transaction
that would normally generate profits
for the organization.
Embezzlement, as typified by the
misappropriation of money or
property, and falsification of financial
records to cover an act, thus making
detection difficult.
Intentional concealment or
misrepresentation of events or data.
Claims submitted for services or
goods not actually provided to the
organization. 4
6.1. Concept of fraud

Pressure

Fraud triangle

Opportunity Rationalization

5
6.2. FDP responsibilities

Fraud
6
 6.2. FDP responsibilities
Board and Audit Committee – supervise&monitor:
 fraud-related policies, procedures, incentive plans;
 risk of management avoidance of or undue influence on internal
controls;
 whistle-blowing policy and mechanisms in place;
 regular reporting: nature, status and eventual responses to
detected frauds;
 IA plan – consideration of the fraud risk;
 free access to independent experts in fraud investigation and
related research

7
 6.2. FDP responsibilities
IA role – answers to questions:
What are the fraud risks the company is facing with?
What are the programs and internal controls in place to address the fraud
risk?
What IA can do to help the company to prevent and detect the risk of fraud in
due time?

8
 6.2.1. Evaluation ot the risk of fraud
(ERF)
IA role in ERF:
Organization of the evaluation process – integration of ERF
within the risk assessment process in place / implementation
of a separated one
Determination of areas subjected to evaluation – application
of ERF at the level of:
organization,
units,
operations/transactions;
complex activities

9
6.2.1. Evaluation ot the risk of fraud
(ERF)
IA role in ERF:
Identify the possible scenarios: The organization perpetrates a
fraud or is a victim of fraud? How?
Assess the probability of perpetrating a fraud
Scale used
US practice – thre-value qualitative scale
Low probability – auditors need to document the organization’s
perception before dismissing the risk
Assess the fraud risk relevance (RR):
Impact of FR
RR = Impact X Probability
US practice: RR ≥ average – considered by the IA

10
6.2.1. Evaluation ot the risk of fraud
(ERF)
IA role in ERF (cont.):
Identify and assess the fraud-related internal controls
Ignorance/avoidance of internal controls
Insuficient or ineffective internal controls
Integration of ERF outcomes within the audit plan: „audit of
fraud” section

11
 6.2.2. „Audit of fraud”
IG 1210-A2.2 – FD = identification of fraud indications
suficient to justify for auditors to recommend a
comprehensive investigation.
IA responsibilities:
to have suficient knowledge on fraud-related
indications:
Constituent parts of a fraud
Techniques used
Types of fraud specific to businesses

12
 6.2.2. „Audit of fraud”
IA responsibilities (cont.):
• to be vigilant with respect to ICS deficiencies:
• many cumulative indications increase the probability of
perpetrating a fraud;
• to assess the fraud indications and establish if further
investigation is required or other specific actions;
• to inform the relevant organization’s officials about the
findings.

13
 6.2.2. „Audit of fraud”
IA obligations:
 to identify and consider the possible complicities within the
company;
 to determine the required knowledge, skills and competences
that would allow the auditor to conduct the investigation
efficiently;
 to formulate procedures for detection the fraudsters, the scope
of fraud, its causes, or techniques used;
 to coordinate its investigation with the work of relevant
 to know the rights of presumed fraudsters.

14
6.2.2. „Audit of fraud”
IG 1210.A2-1: Communication of findings in „audit of
fraud” engagements
Recommendations for improvement/application of internal
controls;
Audit tests used to identify the risk of fraud;
Fraud-risk database knowledge;
Priviledged information.

15
 6.2.2. „Audit of fraud”
IIAS 2400: Obligation to report immediately to the
board and executive managers:
If a significant fraud with reasonable probability is
detected;
If the identified fraud has already had a material negative
impact on prior years financial statements or rezults.

16