Many of the high-profile cases of fraud over the last 25 years were concealed from the auditors by the falsification of documents. In hindsight, the auditors failed to detect the fraud for several reasons, one of which is the lack of professional skepticism. These results indicate the need for increased professional skepticism, or as referred to in Chapter 4, awareness. However, awareness in this context alone is not sufficient. Hence, the ATM approach to building a fraud audit program provides a methodology that incorporates fraud red flags into the fraud audit process.
The brainstorming sessions discussed in Chapter 4 are directed at the “A” in ATM, representing the awareness needed by the auditors. An increased awareness of fraud is necessary for a fraud audit program to work successfully. We don't want to lose our way and fall back on the traditional audit methods and apply those to fraud. This awareness encompasses the components of a fraud audit program that are singular to it. Specifically, the components are data mining, which allows the auditor to locate the fraud, and fraud audit procedures, which allow the auditor to recognize the fraud. It is the latter component that is separated into two distinct areas of testing procedures: the red flag testing procedures and the fraud audit testing procedures.
Fraud audit testing procedures and red flag testing procedures are designed to validate the authenticity of documents and the performance of internal ...