Fraud Requirements in SSARS 10
Practitioners’ Perceptions Raise Interesting Questions

By Michael D. Akers and Jodi L. Bellovary

E-mail Story Print Story

The authors reviewed the comment letters that the AICPA received in response to the exposure draft for SSARS 10 and conducted a survey of practitioners after the statement was issued. Both the comment letters and the survey results suggest a concern that the requirements under SSARS 10 are increasing public expectations and accountants’ responsibilities for fraud in review engagements.

Background

At its July 2003 meeting, the ARSC considered whether guidance was needed on how accountants should consider fraud in review engagements and how accountants should document expectations developed when performing analytical procedures in review engagements. In the following months, the staff liaison to the ARSC prepared drafts of the proposed standard and revised it based on comments from the ARSC. Between December 2003 and April 2004, the ARSC accepted comment letters on the exposure draft of the standard. At its April 2004 meeting, the ARSC revised the draft based upon the comment letters received and issued the final standard. Based on comment letters, the ARSC also decided to issue two other documents:

• An interpretation providing guidance on communicating indications of possible fraud or illegal acts to clients, and
• An issues paper providing guidance on documenting expectations developed in review engagements.

The ARSC issued the standard due to consideration of protection of the public, the need for more meaningful reviews, and feedback from the peer review process.

New Fraud Requirements Under SSARS 10

SSARS 10 amends SSARS 1, Compilation and Review of Financial Statements, primarily by expanding inquiries during review engagements to include fraud and by requiring that the management representation letter address fraud. While SSARS 10 also clarifies and provides additional guidance regarding review procedures and workpaper documentation, this article focuses only on the additional fraud requirements.

SSARS 1, AR section 100.05, “Understanding with the Entity,” discusses the need for the accountant to establish an understanding with the client. Included in this is “the understanding … (a) that the engagement cannot be relied upon to disclose errors, fraud, or illegal acts and (b) that the accountant will inform the appropriate level of management of any material errors that come to his or her attention and any fraud or illegal acts that come to his or her attention, unless they are clearly inconsequential.” The ARSC determined that there was a need for clarification of these issues and for an explicit outline of the procedures implied in SSARS 1, and the result was SSARS 10.

SSARS 10 lists inquiries that accountants should consider making during a review, including management’s knowledge of actual or suspected fraud that could materially impact the financial statements. The statement suggests that the accountant inquire of management concerning “their knowledge of any fraud or suspected fraud affecting the entity involving management or others where the fraud could have a material effect on the financial statements” (paragraph 31). Appendix B to the statement, which provides a list of inquiries for illustrative purposes only, suggests questions such as “Have there been any instances of fraud or illegal acts within the entity?” and “Have there been any allegations or suspicions that fraud or illegal acts might have occurred or might be occurring within the entity?”

An accountant may be able to obtain further significant information by inquiring of management regarding other violations. For example, Appendix B suggests the following inquiry: “Are there any violations, or possible violations, of laws or regulations the effects of which should be considered for financial statement accrual or disclosure?” Additional questions may be necessary to obtain sufficient responses.

Under SSARS 10, management must acknowledge its responsibility for fraud detection and prevention in the management representation letter. Management’s written representations must also disclose knowledge of any actual or suspected fraud that could have a material impact on the financial statements.

Comments to SSARS 10 Exposure Draft

The ARSC received 14 comment letters on the exposure draft. Seven responses were from practitioners, six were from state boards and CPA societies, and one was from the AICPA Peer Review Board. Six of the comment letters expressed concerns regarding the new fraud requirements. One respondent thought the ARSC was “requiring procedures that are close to audit procedures for reviews.” Another response included a similar comment. Two respondents believed that the new standard would increase accountants’ liability and would bring about an increase in litigation. Three responses expressed concern for increased costs, and four respondents believed the additional requirements would be burdensome for small or nonpublic businesses.

The ARSC considered the comment letters received, and concluded that the proposed guidance did not include any new procedures or responsibilities with respect to the performance of review responsibilities regarding fraud. Instead, the proposed guidance clarified what had always existed in the standards but had not been explicitly stated. As such, the ARSC concluded that no changes were necessary.

Survey Results

The purpose of the survey was to assess practitioners’ perceptions regarding the new fraud requirements under SSARS 10. Specifically, the authors wanted to determine whether practitioners believe that SSARS 10 will increase their responsibility for fraud detection as well as their exposure to legal liability. They also wanted to determine practitioners’ opinions about the reasons for the fraud requirements in SSARS 10. Last, the authors wanted to learn how practitioners plan to address the fraud requirements in SSARS 10.

The authors surveyed 500 AICPA members who indicated “compilation and review” as an area of interest. Forty-four (8.8%) completed surveys were returned. Respondents rated five statements on a scale of 1 (strongly disagree) to 5 (strongly agree). The Exhibit presents the survey statements and mean responses.

Based on the mean values of responses, respondents agreed that SSARS 10 was issued primarily to address public expectations with regard to fraud. Respondents also agreed that SSARS 10 will increase exposure to legal liability for review engagements and responsibility for fraud detection.

The authors’ findings led them to propose two questions:

• If these additional procedures lead to increased litigation costs for review engagements, and there is evidence that litigation costs continue to increase for audit and assurance engagements, do the benefits exceed the costs?
• Will these new procedures lead to an expectation gap with respect to review engagements, similar to audit and assurance engagements?

Respondents’ opinions were fairly neutral concerning the comment that their firm intends to expand procedures to go beyond making client inquiries regarding fraud based on the new SSARS 10 requirements. The findings suggested that respondents disagree that in the future accountants will have the same level of responsibility for fraud in review engagements that auditors have in audit engagements.

Respondents were also asked to provide written responses to three questions.

Additional procedures. Respondents were asked: “If procedures will be expanded, what additional procedures will be included?” Six respondents were unsure what additional procedures will be performed. One respondent indicated that the firm intends to drop all of its review clients. Other responses indicated the following:

• The firm was considering using audit procedures.
• The firm planned to perform a more detailed review of management controls.
• The firm would clarify the understanding of its responsibility related to fraud in the engagement and representation letters.
• Currently, all review engagements are approved by all partners prior to the acceptance of the engagement. Additional procedures may include a fraud assessment of the client prior to acceptance.

Purpose of SSARS 10. The second question was: “In your opinion, what was the primary purpose of including fraud inquiries and management representation regarding actual or suspected fraud in SSARS 10?” Responses tended to include some reference to public expectations. Examples included the following:

• To make people aware.
• Public perception of widespread management fraud.
• Public reaction to high-level fraud in publicly held companies.
• To address public expectations.
• An attempt to satisfy the public perception of CPAs after Enron.

Other respondents thought that the primary purpose of including fraud inquiries was to establish an understanding with the client regarding fraud and to enhance the awareness of management and accountants. Several respondents indicated a belief that SSARS 10 is moving the review engagement requirements toward audit requirements—for example, to eliminate the review engagement in favor of an audit and to bring review standards in line with auditing standards.

Fraud procedures prior to SSARS 10. Last, respondents were asked: “Prior to the issuance of SSARS 10, did you include fraud procedures in review engagements?” Twenty-six respondents indicated that they did not specifically include fraud in review engagements prior to SSARS 10. Several stated that they would follow up on any unusual relationships or findings during a review engagement. One respondent included fraud inquiries in its review checklist already. Two respondents included specific procedures, such as testing check signing and endorsements and reviewing accounts susceptible to fraud. Several respondents inquired about fraud during interviews or addressed fraud in the representation letter.

Was SSARS 10 Necessary?

Review engagements provide limited, not positive, assurance. While additional inquiries and disclosures in management’s representation letter should be relatively easy to incorporate, the authors could find no substantive reasons for these procedures to be considered necessary. The question, however, is whether performing such procedures increases public expectations for the detection of fraud.

Comments from the exposure draft and the findings of the authors’ survey of practitioners who perform reviews suggest that the additional fraud requirements in SSARS 10 were adopted to meet public expectations. Yet no evidence suggests that review engagements were not meeting public expectations with regard to fraud.

Will the additional procedures expose accountants to increased litigation? The authors’ findings suggest that respondents believe SSARS 10 will result in additional exposure to legal liability. With the additional fraud requirements in SSARS 10, the public may hold accountants to a higher level of responsibility for review engagements, which could lead to increased litigation.