This question serves as a nice review of the way fraud risk assessment fits into the overall risk assessment process you have learned about in Chapter 3 of the text.
According to ASA 240.16 & A11-A12, the assessment of the risk of fraud begins with a meeting of the entire team for such purpose. This brainstorming session needs to encourage the involvement of all team members and cannot be just a staff training session. The objective is to solicit the ideas from all team members and to sensitize the entire team to the particular problem areas that this client presents. The process begins with such a session, but does not end there. During the audit the entire team needs to consider how the information being developed relates to the areas already identified, noting new areas that need attention, or adjusting expectations on the areas already identified. The areas identified by fraud risk are primarily in the areas of inherent risk and control risk – the risk of material misstatement. Increased fraud risk represents an increase in inherent risk (the risk that errors exist) or will also increase the control risk (the risk that the client’s internal control system will not detect the error or irregularity).
Be sure to check ASA 240.2-9 carefully for reasons why the normal financial statement audit process is NOT designed to detect fraud … that would be a separate assurance engagement to be negotiated and an engagement letter prepared – check back to the Framework for Assurance Engagements in your Handbook.