Browse Auditing and Attestation (AUD)

Responding to Fraud Risks Through Detection, Response, and Documentation

Feb 7, 2025

How fraud-risk brainstorming, tailored responses, unpredictability, and documentation affect audit planning.

On this page

Fraud risk affects more than the list of procedures in an audit program. It changes the auditor’s skepticism, staffing, supervision, timing, sample selection, communication with governance, and documentation. Once a fraud risk is identified, the audit file should show a clear path from the risk to the response.

AUD questions often ask whether the auditor should do something general, such as “be skeptical,” or something specific, such as test journal entries, inspect side agreements, expand cutoff testing, or add unpredictability. Choose the response that directly addresses the fraud path described in the fact pattern.

Fraud Brainstorming

The engagement team discusses how fraud could cause a material misstatement. The discussion should include both fraudulent financial reporting and misappropriation of assets, but it should not stop at broad categories. A useful brainstorming result identifies the account, assertion, possible scheme, and planned response.

Weak brainstorming result Stronger brainstorming result
“Revenue fraud is possible.” “Revenue may be overstated through side agreements or premature shipment near year-end, affecting occurrence and cutoff.”
“Inventory theft could occur.” “Finished goods in remote warehouses may be misappropriated because cycle counts are not independently reviewed.”
“Management override is a risk.” “Manual top-side entries posted after normal close review could understate expenses or reclassify liabilities.”

The auditor should update the fraud risk assessment when new information arises. Fraud assessment is not completed once planning ends.

Required and Tailored Responses

Fraud responses can be overall responses or assertion-level responses.

Response type What changes Example
Overall response Engagement staffing, supervision, skepticism, and unpredictability Assign more experienced staff to revenue testing
Assertion-level response Nature, timing, and extent of procedures for a specific risk Test year-end sales cutoff and inspect side agreements
Management-override response Required focus on journal entries, estimates, and unusual transactions Review manual entries posted by senior management
Governance response Communication with those charged with governance Discuss significant fraud risks with the audit committee

The auditor should not respond to fraud risk with management representations alone. Representations are useful, but they do not replace audit evidence.

Unpredictability

Unpredictability reduces the chance that management or employees can anticipate and avoid the auditor’s procedures. It is especially useful when fraud could be concealed through routine timing or predictable testing.

Examples include:

  • Performing procedures at unexpected locations.
  • Testing transactions from unusual periods.
  • Selecting accounts or locations not tested in prior years.
  • Performing surprise inventory counts.
  • Changing the nature of evidence requested.
  • Expanding journal-entry search criteria.

Unpredictability should still be purposeful. Random variation is less persuasive than a changed procedure tied to a plausible fraud risk.

Journal Entry Testing

Journal entry testing is central to fraud response because management override often occurs through manual entries or consolidation adjustments. The auditor commonly focuses on entries that are unusual, unsupported, posted late, posted by unexpected users, posted to suspense accounts, or made to accounts affected by fraud pressure.

Journal-entry attribute Fraud concern
Posted near period-end Earnings management or cutoff manipulation
Manual top-side entry Bypassing normal transaction controls
No approval or weak support Override or concealment
Round-dollar amount Possible nonroutine adjustment
Unusual account combination Reclassification or concealment
Posted by senior management Override of normal close process

The auditor should evaluate both the entry and the business purpose. A valid entry can still require additional evidence if the timing, preparer, amount, or account combination is unusual.

Documentation Expectations

Documentation should make the fraud-risk logic reviewable. A reviewer should be able to see why the risk was identified, what procedure responded to it, what evidence was obtained, and whether the result changed the risk assessment.

    flowchart LR
	    A["Fraud risk identified"] --> B["Affected account and assertion"]
	    B --> C["Planned response"]
	    C --> D["Procedure performed"]
	    D --> E["Evidence and conclusion"]
	    E --> F["Reassessment if needed"]

Documentation commonly includes:

  • The fraud brainstorming topics and participants.
  • Identified fraud risks and affected assertions.
  • Overall and assertion-level responses.
  • Journal-entry testing approach and criteria.
  • Procedures over estimates and significant unusual transactions.
  • Communications with management and those charged with governance.
  • Any changes to risk assessment during the audit.

Example: Revenue Side Agreements

A software company has aggressive growth targets and several large contracts signed near year-end. The engagement team identifies a fraud risk that revenue could be recorded before performance obligations are satisfied or despite side agreements granting cancellation rights.

The auditor may respond by:

  • Inspecting contracts and amendments for unusual terms.
  • Confirming terms directly with customers when appropriate.
  • Testing revenue cutoff around year-end.
  • Reviewing credit memos and returns after year-end.
  • Searching for side agreements outside the standard contract repository.
  • Discussing the risk with the audit committee.

The audit file should connect the identified fraud risk to occurrence, cutoff, and presentation or disclosure procedures.

Common Exam Traps

  • Treating fraud brainstorming as optional or purely administrative.
  • Choosing management inquiry when more persuasive evidence is available.
  • Responding to fraud risk only by increasing sample size, without changing procedure nature.
  • Ignoring journal entries because transaction-level controls appear effective.
  • Failing to document changes when fraud risk is identified after planning.
  • Treating misappropriation of assets and fraudulent financial reporting as the same risk.

Key Takeaways

  • Fraud risk response must be tied to a specific fraud path.
  • Unpredictability should be purposeful and risk-based.
  • Journal-entry testing addresses management override.
  • Documentation should show the link from risk identification to procedures and conclusions.

Fraud Risk Detection, Response, and Documentation Quiz

### What is the main purpose of a fraud brainstorming session? - [ ] To set the audit fee and time budget - [x] To identify how material misstatement due to fraud could occur and plan responses - [ ] To replace substantive procedures with inquiry - [ ] To prepare the final audit opinion before fieldwork > **Explanation:** Fraud brainstorming identifies plausible fraud paths and helps the auditor plan targeted responses. ### Why does the auditor add unpredictability to procedures? - [x] To reduce the chance that fraudsters can anticipate and avoid the audit approach - [ ] To eliminate the need for risk assessment - [ ] To make all testing random and unrelated to risk - [ ] To reduce evidence requirements > **Explanation:** Unpredictability makes concealment harder, but it should still be tied to identified risks. ### A heightened revenue fraud risk is identified near year-end. Which response is most appropriate? - [ ] Reduce revenue testing because fraud risk has already been documented. - [ ] Rely only on management's representation letter. - [x] Expand cutoff testing and inspect contracts or side agreements. - [ ] Test only routine payroll transactions. > **Explanation:** Revenue fraud risk requires procedures that address the affected revenue assertions. ### Which statement best describes misappropriation of assets? - [x] Theft or misuse of entity resources - [ ] Only intentional overstatement of revenue by senior management - [ ] A required accounting estimate - [ ] An audit sampling method > **Explanation:** Misappropriation involves theft or misuse of assets such as cash, inventory, or supplies. ### Which journal entry is most likely to receive heightened attention in fraud testing? - [ ] A recurring automated depreciation entry with normal approval - [x] A late manual top-side entry posted by senior management with weak support - [ ] A routine payroll accrual generated by the payroll system - [ ] A standard monthly rent entry supported by a lease schedule > **Explanation:** Late, manual, unsupported entries posted by senior management can indicate management override. ### Why should changes to audit strategy be documented when fraud risk changes? - [x] The file should show how the auditor responded to newly identified risks. - [ ] Documentation replaces the need to perform procedures. - [ ] Documentation is needed only when the audit opinion is modified. - [ ] Fraud risks are documented only after report issuance. > **Explanation:** Documentation should connect risk changes to audit responses and conclusions. ### What is the best reason to perform walkthroughs of high-risk processes in the current year? - [ ] Prior-year walkthroughs are always invalid. - [x] Processes, controls, systems, and personnel may have changed. - [ ] Walkthroughs eliminate the need for substantive testing. - [ ] Walkthroughs are useful only for cash accounts. > **Explanation:** Current-year understanding matters because controls and personnel can change. ### Which response best addresses a fraud risk involving remote inventory theft? - [ ] Ask management whether theft occurred and stop if management says no. - [ ] Test only revenue recognition. - [x] Perform surprise counts or expand physical inventory procedures at selected locations. - [ ] Lower professional skepticism because theft is not financial reporting fraud. > **Explanation:** Surprise or expanded inventory procedures directly respond to possible misappropriation. ### Fraud risk considerations primarily affect which parts of the audit? - [x] The nature, timing, and extent of audit procedures - [ ] Only the cover letter to management - [ ] Only the tax provision - [ ] Only the auditor's billing arrangement > **Explanation:** Fraud risk affects the audit plan, including evidence type, timing, extent, staffing, and supervision. ### True or False: Management representations alone are sufficient to respond to a significant fraud risk. - [ ] True - [x] False > **Explanation:** Representations may support evidence, but they do not replace procedures designed to address fraud risk.
Revised on Monday, June 15, 2026
Inherent vs. Control Risk
Materiality