New Fraud Guidance

Communication is the name of the game where fraud is suspected.
BY J. RUSSELL MADRAY

EXECUTIVE SUMMARY
SSARS NO. 12, Omnibus Statement on Standards for Accounting and Review Services—2005, amended SSARS no. 1, making specific changes regarding the practitioner’s consideration of fraud and illegal acts in compilation and review engagements.

ALTHOUGH COMPILATION AND REVIEW performance standards don’t require CPAs to assess the risk of fraud, they still must inform the client of incorrect, incomplete or otherwise unsatisfactory information discovered during an engagement.

ACCOUNTANTS NEED NOT REPORT illegal acts that are clearly inconsequential and may reach agreement in advance with the entity regarding the nature of such items to be communicated.

MISSTATEMENTS IN FINANCIAL STATEMENTS may be intentional, thus constituting fraud, or unintentional, the result of error. Therefore, in a review, CPAs must make specific inquiries and obtain specific written representations from management about fraud.

IN ADDITION TO THE REVISIONS to SSARS no. 1 related to fraud, SSARS no. 12 contains amendments to guidance on updating management representation letters, restricted-use reports and restatement adjustments.

J. RUSSELL MADRAY, CPA, is president of the Madray Group Inc., an accounting and auditing technical consulting practice, and a senior lecturer at Clemson University’s School of Accountancy and Legal Studies in Clemson, S.C. His e-mail address is russ@madray.com .

new statement on standards for accounting and review services (SSARS) makes specific changes regarding an accountant’s consideration of fraud and illegal acts in compilation and review engagements. The AICPA Accounting and Review Services Committee (ARSC) amended SSARS no. 1, Compilation and Review of Financial Statements by issuing SSARS no. 12, Omnibus Statement on Standards for Accounting and Review Services—2005. This article covers SSARS no. 12’s changes, which are generally effective for compilations and reviews of financial statements for periods ending after December 15, 2005.

SSARS no. 12 does not change the objectives in such engagements. You need not report illegal acts that are clearly inconsequential and may reach agreement in advance with the entity regarding the nature of such items to be communicated. The statement doesn’t require you as the CPA to assess the risk of fraud or to plan a compilation or review engagement specifically to discover fraud. However, this doesn’t relieve you of responsibility for informing the client if incorrect, incomplete or otherwise unsatisfactory information comes to your attention during the engagement.

In 2004 ARSC issued SSARS no. 10, which required that the accountant in a review engagement make specific inquiries and obtain written representations from management regarding fraud (see “ An Update on Review Engagements, JofA , Aug.04, page 69). At the same time ARSC issued an interpretation to explain what steps should be taken to communicate about fraud or illegal acts when, during the performance of a compilation or a review engagement, the accountant suspects that fraud or an illegal act may have occurred.

Trouble by the Numbers
Compilation Engagements: Causes of Malpractice Claims, 1994–2000

Errors on financial statements 33%
Failure to detect defalcation 25
Engagement scope dispute 18
Inadequate disclosures 9
Conflict of interest 7
Fraud 6
Release of records 2
Total 100%

Source: AICPA, Compilation and Review Alert 2004/05, page 14.

FIRST THINGS FIRST: THE UNDERSTANDING
SSARS no. 1 (as amended—in this and all other references in this article) says CPAs should establish an understanding with the client, preferably in writing, regarding the compilation or review services to be performed. This should include a description of the nature and limitations of the services to be performed and of any report to be issued. It also should provide that

The engagement cannot be relied upon to disclose errors, fraud or illegal acts.

The CPA will inform the appropriate level of management of any material errors and any evidence or information that comes to his or her attention during the performance of compilation or review procedures that fraud or illegal acts may have occurred. In performing such an engagement you need not report any matters regarding illegal acts that are clearly inconsequential and may reach agreement with the entity in advance about which matters will be communicated.

More SSARSs
The AICPA Accounting and Review Services Committee (ARSC) also recently issued SSARS nos. 13 and 14 (see Official Releases, JofA, Nov.05, pages 109–121). SSARS no. 13, Compilation of Specified Elements, Accounts, or Items of a Financial Statement, expands the applicability of the SSARSs to situations in which an accountant is engaged to compile, or issues a compilation report on, specified elements, accounts or items of a financial statement. SSARS no. 14, Compilation of Pro Forma Financial Information, expands the applicability of SSARSs to situations in which an accountant is engaged to compile, or issues a compilation report on, pro forma financial information.

COMPILATIONS
The objective of a compilation is to present information—in the form of financial statements—that is the representation of management, without undertaking to express any assurance on the statements. You are not required to perform any additional procedures or search for fraud or illegal acts. However, during the performance of compilation or review procedures, such as inquiries or analytical procedures in a review or reading the financial statements in a compilation, if any evidence or information comes to your attention regarding fraud or an illegal act, you should request that management consider the effect of the matter on the financial statements and you should consider its effect on the compilation report. If you believe the financial statements are materially misstated, you should obtain additional or revised information.

REVIEWS
A review engagement provides limited assurance that the financial statements require no material modifications in order to conform to generally accepted accounting principles (GAAP) or an other comprehensive basis of accounting (OCBOA). Misstatements can be intentional, thus constituting fraud, or unintentional, the result of error. SSARS no. 1, issued in 1978, established that the objective of a review engagement is to provide a CPA with a reasonable basis for expressing such limited assurance.

The SSARS requires the accountant to obtain from management specific written representations for all financial statements and periods covered by the accountant’s review report. The contents will depend on the circumstances of the engagement and the nature and basis of the presentation of the financial statements, but management must specifically acknowledge

Its responsibility to prevent and detect fraud.

Any awareness—including communications received from employees, former employees or others—of any fraud or suspected fraud affecting the entity that could have a material effect on financial statements.

COMMUNICATION IS THE KEY
When fraud or an illegal act involves senior management, you should report it to an individual or group at a higher level, such as the manager, owner or board of directors. The communication may be oral or written; if it’s oral, you should document it. When an owner of the business is involved, you should consider resigning from the engagement.

You also should consider consulting with your counsel and insurance provider whenever any information comes to your attention that fraud or an illegal act may have occurred, unless it’s clearly inconsequential.

It’s not ordinarily part of the CPA’s job to disclose any evidence or information—about fraud or illegal acts that may have occurred—to parties other than the client’s senior management or board of directors. In fact, doing so would be precluded by your ethical or legal obligations of confidentiality unless it’s

To comply with certain legal and regulatory requirements.

To respond to a successor accountant who is communicating with you in accordance with SSARS no. 4, Communications Between Predecessor and Successor Accountants (AICPA, Professional Standards, volume 2, AR section 400), as amended, regarding acceptance of an engagement to compile or review the financial statements of a nonpublic entity.

In response to a subpoena.

It’s a good idea to consult with legal counsel before discussing matters with outside parties.

Litigation Risk in Compilation Engagements
Y ou’ve likely heard about the growing trend of lawsuits filed against CPAs who perform compilations and bookkeeping services that fail to detect employee embezzlement. As CPAs, you should be aware that the risk of a costly lawsuit is present in all engagements—even compilation engagements. Here are some steps to take.

Perform all compilation engagements in accordance with statements on standards for accounting and review services (SSARSs). Many clients do not understand or appreciate the fact that a compilation or bookkeeping service does not include the examination of cancelled checks or bank images. Some clients presume that when you ask for their bank statement or reconciliation, you are examining the cancelled checks for fraudulent payees and/or endorsements—though clearly, compilation standards do not require that. It’s important to have a meaningful discussion with each client about the compilation procedures you will perform and to tailor the engagement letter to reflect what will and won’t be done.

Reassess your firm’s client acceptance and continuance procedures. Practice Alert 2003-03, Acceptance and Continuance of Clients and Engagements, provides guidance with respect to such procedures ( www.aicpa.org/download/secps/pralert_03_03.pdf ).

Talk to your clients who own businesses about the risk of fraud and their responsibilities. Since it is not your responsibility to examine cancelled checks when performing a compilation engagement, stress that it’s important for the business owner (or someone else unrelated to the cash function) to perform this procedure as part of internal control over financial reporting.

Avoid clients that operate in industries outside your firm’s expertise. SSARSs do not prevent your accepting such engagements, but they do require that you obtain the necessary level of knowledge to properly serve those clients.

Use clearly worded engagement letters that outline both your responsibilities and the client’s. (For examples, go to www.aicpa.org/members/div/auditstd/technic_arsc.asp .) Stress that a compilation does not involve obtaining an understanding of internal control or assessing control risk; testing accounting records by obtaining corroborating evidential matter through inspection, observation or confirmation (for example, by examining cancelled checks); or performing inquiries, analyses or certain other procedures ordinarily performed in audits or reviews.

When performing bookkeeping services, especially as part of an engagement to perform management services, take special care to have a detailed engagement letter that spells out the procedures you will perform relative to any cash account. When performing a bank reconciliation, specify what procedures will be performed, especially with respect to the payee and the endorsement of cancelled checks.

Be aware of three key facts about your risk in compilation engagements:

The potential for fraud exists on all engagements.

Although SSARSs clearly state that a compilation cannot be relied upon to disclose fraud and that it is not your responsibility, the public’s perception often is different.

There’s a growing trend of litigation against accounting firms.

A few minutes of care and explanation can protect your firm from litigation and damage to its reputation.

FRAUD OR ILLEGAL ACT?
Fraud is a broad legal concept, and accountants do not make legal determinations of whether an act is, in fact, fraudulent. Rather, the accountant’s interest specifically relates to acts that result in a material misstatement of the financial statements. The primary factor that distinguishes fraud from error is whether the underlying action is intentional. If it is, it’s fraud.

Intent often is difficult to determine, particularly in matters involving accounting estimates and the application of accounting principles. Two types of misstatements are relevant to consideration of fraud—those arising from fraudulent financial reporting and those from misappropriation of assets.

Misstatements arising from fraudulent financial reporting are intentional misstatements or omissions of amounts or disclosures in financial statements designed to deceive financial statement users where the effect causes the financial statements not to be presented, in all material respects, in conformity with GAAP or OCBOA.

Misstatements arising from misappropriation of assets (sometimes referred to as theft or defalcation) involve the theft of an entity’s assets that causes the financial statements not to be presented in all material respects in conformity with GAAP or OCBOA.

The term illegal acts refers to violations of laws or governmental regulations other than fraud. Illegal acts by clients, management or employees acting on behalf of an entity are attributable to the entity. Such acts cover a broad range of issues, including occupational safety and health, employment practices, environmental protection and antitrust laws but not personal misconduct by the entity’s personnel unrelated to their business activities. Illegal acts may not always be intentional and may not always have an effect on financial statements.

Determining whether an act is fraudulent or illegal is normally beyond accountants’ professional competence. It would generally be based on the advice of an informed expert qualified to practice law or final determination by a court of law. However, an accountant’s training, experience and understanding of the client and its industry may provide a basis for recognizing that some client acts may be fraudulent or illegal.

PUT IT IN WRITING
Although there are no specific documentation requirements in a compilation engagement, any information about suspected fraud that you communicate to management or others should be documented in the engagement workpapers.

In a review engagement, any communications, whether oral or written, to management or others regarding fraud or illegal acts that come to your attention must be documented in the workpapers.

UPDATE, RESTRICT, RESTATE
In addition to the revisions to SSARS no. 1 related to fraud, SSARS no. 12 contains amendments to guidance on updating management representation letters, restricted-use reports and restatement adjustments.

The new guidance discusses the circumstances in which you should consider obtaining an updating representation letter from management. Examples include situations in which

You do not issue your review report for a significant period of time after obtaining a management representation letter upon completion of inquiry and analytical review procedures.

A material event occurs after the completion of inquiry and analytical review procedures, including obtaining the original management representation letter, but before issuance of the report on the reviewed financial statements.

In cases where a former client asks a predecessor accountant to reissue his or her report on the financial statements of a prior period—and those statements are to be presented on a comparative basis with reviewed financial statements of a subsequent period—the predecessor accountant should obtain an updating representation letter from the management of the former client.

AICPA RESOURCES
Publications
SSARS No. 12, Omnibus Statement on Standards for Accounting and Review Services—2005 (paperback, # 060650JA).

SSARS no. 13, Compilation of Specified Elements, Accounts, or Items of a Financial Statement (paperback, # 060651JA).

SSARS no. 14, Compilation of Pro Forma Financial Information (paperback, # 060652JA).

Compilation and Review Alert—2005/06 (paperback, # 022306JA).

Compilation and Review Engagements—Essential Questions and Answers (paperback, # 006622JA).

Review Engagements: New and Expanded Guidance on Analytical Procedures, Inquiries and Other Procedures (paperback, #006618JA).

CPE
Advanced Update for Compilation and Review Engagements (text, # 731505JA). Also available as a public seminar or on-site training ( www.aicpalearning.org/public_seminars.asp ).

Conferences
National Advanced Accounting and Auditing Technical Symposium
Chicago
July 19–21, 2006

For more information about these resources, to place an order or to register, go to www.cpa2biz.com or call 888-777-7077.

SSARS no. 12 also revises SSARS no. 1 to provide guidance on restricting the use of reports issued pursuant to SSARSs. The term general use applies to compilation and review reports that are not restricted to specified parties, while restricted use applies to reports that are intended only for specified third parties. Restrictions on the use of a report may arise, for example, from the purpose of the report and the potential for it to be misunderstood when taken out of context. Restrict the use of a report when its subject matter, or the presentation being reported on, is based on measurement or disclosure criteria contained in contractual agreements or regulatory provisions not in conformity with GAAP or OCBOA. Also consider informing your client that restricted-use reports are not intended for distribution to nonspecified parties, even when they are included in a document containing a separate general-use report. In establishing the terms of the engagement, the new guidance does not preclude your reaching an understanding with the client that the client and the specified parties will distribute it only to parties identified in the report. You are not responsible for controlling a client’s distribution of a restricted-use report, though the report should be worded to alert readers to the restriction on its use.

SSARS no. 12 revises SSARS no. 2, Reporting on Comparative Financial Statements (AICPA, Professional Standards, volume 2, AR section 200.25–.26), to allow a successor accountant to report on the restatement adjustment of prior-period financial statements while indicating that a predecessor accountant reported on the financial statements of the prior period before restatement. The previous guidance precluded the successor accountant’s reporting on the restatement adjustment only.

Requirements for Consideration of Fraud and Illegal Acts

Requirement Compilation Review Audit
Establish required understanding with the entity. The engagement cannot be relied upon to disclose errors, fraud or illegal acts, but you must inform the appropriate level of management of any material errors, or any evidence or information that comes to your attention during the performance of compilation procedures that fraud or an illegal act may have occurred.

You need not report any matters regarding clearly inconsequential illegal acts that may have occurred and may reach agreement in advance with the entity on the nature of any such matters to be communicated.

The engagement cannot be relied upon to disclose errors, fraud or illegal acts, but you must inform the appropriate level of management of any material errors, or any evidence or information that comes to your attention during the performance of review procedures that fraud or an illegal act may have occurred.

You need not report any matters regarding clearly inconsequential illegal acts that may have occurred and may reach agreement in advance with the entity on the nature of any such matters to be communicated.

GAAS requires that you obtain reasonable, rather than absolute, assurance about whether the financial statements are free of material misstatement, whether caused by error or by fraud. Accordingly, a material misstatement may remain undetected.

Also an audit is not designed to detect error or fraud that is immaterial to the financial statements.

Conduct brainstorming session among engagement personnel regarding the risks of material misstatement due to fraud. No No Yes
Gather information necessary to identify risks of material misstatement due to fraud. No No Yes
Identify risks that may result in a material misstatement due to fraud. No No Yes
Evaluate the entity's programs and controls that address the identified risks of material misstatement due to fraud, and assess the risks, taking into account this evaluation. No No Yes
Respond to the results of the assessment. No No Yes
Evaluate evidence. No No Yes
Communicate information about fraud to management. Only evidence or information that fraud or an illegal act may have occurred that comes to your attention during the performance of compilation procedures need be communicated. Only evidence or information that fraud or an illegal act may have occurred that comes to your attention during the performance of review procedures need be communicated. Yes
Document any communications, whether oral or written, to management or others regarding fraud or illegal acts. Recommended Required Required
Document the consideration of fraud. No No Yes

SPONSORED REPORT

Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.

QUIZ

News quiz: IRS warning on cyberattacks and a change in pension rules

Once again, the IRS sounds the alarm about a threat from cyberthieves. See how much you know about this and other recent news with this short quiz.

CHECKLIST

Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.