A Primer for Brainstorming Fraud Risks: There Are Good and Bad Ways to Conduct Brainstorming Sessions

Auditors are required by SAS no. 99, Consideration of Fraud in a Financial Statement Audit, to conduct a "brainstorming" session in every audit. Its purpose is twofold: to consider fraud risks that may be present and to emphasize the importance of professional skepticism throughout the entire audit process. Key members of the audit team--from the lead partner or manager in charge of the engagement all the way down to new staff--meet during the planning stages and during the course of the audit to exchange ideas about how and where they believe the entity's financial statements may be susceptible to material misstatements due to fraud and to discuss how management could perpetrate and conceal fraudulent financial reporting or misappropriate assets. This article will discuss how audit team leaders can avoid the pitfalls inherent in brainstorming sessions and employ the best practices for maximizing the benefits. When carefully planned and managed, brainstorming can lead to many high-quality ideas about possible fraud risks audit team members wouldn't likely generate individually. A brainstorming session that ignores best practices, however, might quickly give way to inefficiencies and distractions that ultimately could muddy the audit team's ability to focus on relevant fraud risks. That kind of deterioration can hinder key audit decisions, leading the team down dangerous paths--for example, to incorrect conclusions concerning which fraud risks are present, confusion on how to respond to a disjointed list of identified risk issues or lack of "buy-in" to the brainstorming process. VALUE OF BRAINSTORMING SESSIONS Research has shown that auditors are much more likely to correctly identify fraud risk conditions if the audit team engages in open-ended, nontraditional considerations of them. Responses from numerous stakeholders, such as forensic accountants, internal auditors, external auditors and other fraud experts, have reaffirmed the benefits of auditors engaging in such discussions. The difficulty auditors face in assessing fraud risks partially stems from the fact that most of them have never encountered a material fraud during their careers; thus, they may be less effective when assessing fraud risks on their own, which makes group exploration all the more valuable in identifying them. A barrier to disseminating critical information can be the engagement partner's or manager's failure to share information about a client's honesty and integrity with the engagement team. So, in part, brainstorming sessions prompt the more experienced auditors to share their insights with less experienced team members and, in turn, encourage those who are less experienced but have recent firsthand knowledge of client processes to provide their insights to the senior members. Even though brand-new team members may not have information specific to the client to contribute, these sessions provide an excellent opportunity for dram to become familiar with pertinent information that could affect their professional skepticism during their first year on the engagement. And, new team members bring a fresh perspective to the process by sharing insights from other client experiences. In any case, the brainstorming requirement mandates that all key audit team members must engage in dialogue. (See "Auditors' Responsibility for Fraud Detection," JofA, Jan. 03, page 28, for a discussion of the brainstorming requirement of SAS no. 99.) POTENTIAL PITFALLS Four common pitfalls can hinder an audit team's brainstorming effectiveness: group domination, "social loafing," "groupthink" and "groupshift." Group domination is one of the most corrosive problems. Because the goal of a brainstorming session is to have audit team members share thoughts and ideas, one or two participants dominating the process can quickly squelch the creative energies of the group as a whole, reducing the likelihood the team will identify any actual fraud risks. …