Chapter 03 - Management Fraud and Audit Risk CHAPTER Management Fraud and Audit Risk LEARNING OBJECTIVES Review Checkpoints Exercises, Problems and Simulations Define and explain the differences among several kinds of fraud, errors, and illegal acts that might occur in an organization 43 Explain auditors’ responsibilities with respect to detecting and reporting fraud 2, 45, 53, 56, 57, 60, 62 List and explain some conditions that can lead to frauds 4, 46, 50, 63 Explain auditors’ responsibilities with respect to illegal acts 61 Describe the conceptual audit risk model and explain the meaning and importance of its components in terms of professional judgment and audit planning 7, 8, 9, 10 47, 51, 55, 58, 59 Define materiality and explain its relationship to the audit risk model 11, 12 List and describe eight general types of audit procedures for gathering evidence 13, 14, 15, 16 44, 48, 49, 52 Describe the content and purpose of audit programs 17, 18, 19 54 3-1 Chapter 03 - Management Fraud and Audit Risk SOLUTIONS FOR REVIEW CHECKPOINTS 3.1 White collar crimes are frauds perpetrated by people who work in offices and steal with a pencil or a computer terminal The contrast is violent street crime Employee fraud is the use of fraudulent means to take money or other property from an employer It consists of three phases: (1) the fraudulent act, (2) the conversion of the money or property to the fraudster’s use and (3) the cover-up Embezzlement is a type of fraud involving employees or nonemployees wrongfully taking funds or property entrusted to their care, custody, and control, often accompanied by false accounting entries and other forms of lying and cover-up Larceny is simple theft of an employer’s property that is not entrusted to an employee’s care, custody or control Defalcation is another name for employee fraud and embezzlement Errors are unintentional misstatements or omissions of amounts or disclosures in financial statements Direct-effect illegal acts are violations of laws or government regulations by the company or its management or employees that produce direct and material effects on dollar amounts in financial statements “Illegal acts” (far-removed) are violations of laws and regulations that are far removed from financial statement effects (for example, violations relating to insider securities trading, occupational health and safety, food and drug administration, environmental protection, and equal employment opportunity) 3.2 AICPA auditing standards require that: a audit team members have an understanding and awareness of signs of errors, frauds (including direct-effect illegal acts), and indirect-effect illegal acts b the audit be designed to respond to knowledge of fraud risks and provide reasonable assurance of detecting material errors and frauds (including direct-effect illegal acts) c audit team members should have the proper degree of professional skepticism, assuming neither dishonesty nor unquestioned honesty of management d for reporting, the materiality concept is different for errors, fraud, and illegal acts For errors, the usual idea of materiality prevails; for frauds (including direct-effect and far-removed illegal acts) immateriality is expressed in terms of “clearly inconsequential.” Matters that fall below the threshold apparently can be reported to levels of management below the board of directors and audit committee More significant matters are reported to the director level, and management involvement in frauds and illegal acts is never considered inconsequential 3-2 Chapter 03 - Management Fraud and Audit Risk 3.3 The seven steps specified by SAS 99: Consideration of Fraud in a Financial Statement Audit are: Step 1: Engagement Team Discussion (“Brain Storming”) Step 2: Identify Information Necessary to Assess Fraud Risk Factors Step 3: (a) Identify Risk Factors Related to Fraudulent Financial Reporting and (b) Assess Fraud Risks Step 4: Respond to Assessed Risks Step 5: Evaluate Audit Evidence Step 6: Communicate Fraud Matters Step 7: Document Fraud Matters 3.4 Below are some other conditions and circumstances that have existed along with frauds in the past: Fraud Risk Factors • • • • • • • • • • 3.5 Management’s Characteristics and Influence Management has a motivation (bonus compensation, stock options, etc.) to engage in fraudulent reporting Management decisions are dominated by an individual or a small group Management fails to display an appropriate attitude about internal control and financial reporting Managers’ attitudes are very aggressive toward financial reporting Managers place too much emphasis on earnings projections Nonfinancial management participates excessively in the selection of accounting principles or determination of estimates The company has a high turnover of senior management The company has a known history of violations Managers and employees tend to be evasive when responding to auditors’ inquiries Managers engage in frequent disputes with auditors • • • • • Industry Conditions Company profits lag the industry New requirements are passed that could impair stability or profitability The company’s market is saturated due to fierce competition The company’s industry is declining The company’s industry is changing rapidly Operating Characteristics and Financial Stability • A weak internal control environment prevails • The company is not able to generate sufficient cash flows to ensure that it is a going concern • There is pressure to obtain capital • The company operates in a tax haven jurisdiction • The company has many difficult accounting measurement and presentation issues • The company has significant transactions or balances that are difficult to audit • The company has significant and unusual related-party transactions • Company accounting personnel are lax or inexperienced in their duties Auditors should know how to preserve the chain of custody of evidence The chain of custody is the crucial link of the evidence to the suspect, called the “relevance” of evidence by attorneys and judges If documents are lost, mutilated, coffee-soaked, compromised (so a defense attorney can 3-3 Chapter 03 - Management Fraud and Audit Risk argue that they were altered to frame the suspect), they can lose their effectiveness for the prosecution 3-4 Chapter 03 - Management Fraud and Audit Risk 3.6 3.7 a There is no difference among the categories at the awareness level b The expectation is lower for far-removed illegal acts, where audit procedures (other than inquiry and familiarity) are performed only when specific information indicates that possible illegal acts may have a material indirect effect on financial statements c About the same degree of skepticism with respect to all the categories; in connection with errors and frauds (including direct-effect illegal acts) auditors should have the proper degree of professional skepticism, assuming neither dishonesty nor unquestioned honesty of management; in connection with far-removed illegal acts, auditors should make inquiries about management’s policies and procedures for compliance with laws and regulations and obtain written management representations concerning the absence of violations of laws and regulations d For reporting, the materiality concept is different: (1) for errors, the usual idea of materiality prevails, (2) for frauds (including direct-effect and far-removed illegal acts), immateriality is expressed in terms of “clearly inconsequential.” Matters that fall below the threshold can be reported to levels of management below the board of directors and audit committee More important matters go to the director level, and management involvement in frauds and illegal acts is never considered inconsequential Audit risk is a concept applied both to the probability of issuing an inappropriate opinion and to the probability of failing to detect material errors and frauds in a particular disclosure or account balance Audit risk is a conceptual combination of the other risks: Audit Risk = Inherent Risk x Internal Control Risk x Detection Risk “Audit risk in an overall sense” refers to the audit taken as a whole and the probability that the auditors will issue an inappropriate opinion on financial statements Generally, this is the risk of giving the standard unqualified report when the financial statements contain material misstatements or the report should be qualified or modified in some manner “Audit risk applied to individual account balances” refers to the probability that auditors will fail to discover misstatement in a particular account balance at least equal to the tolerable misstatement assigned to the audit of that balance This version of audit risk is applied in concept at the individual account balance level 3.8 The three components of audit risk are: Inherent risk the probability that material errors or frauds have entered the data processing system Internal control risk the probability that the client’s system of internal control will fail to detect material errors and frauds, provided any enter the accounting system in the first place Detection risk the probability that audit procedures will fail to find material errors and frauds, provided any have entered the system and have not been detected or corrected by the client’s internal control system 3-5 Chapter 03 - Management Fraud and Audit Risk 3.9 From the Audit Risk Alert Some of the effects of bad economic times auditors should be alert to detect in clients’ financial statements: • • • • • • 3.10 Asset valuations recoverability and bases of accounting Inappropriate offsetting of assets and liabilities Changes in cost-deferral policies and the reasonableness of amortization periods Allowances for doubtful accounts, in general, and loan-loss allowances for financial institutions, in particular Compliance with financial covenants and the necessity to obtain waivers from lending institutions to meet current requirements Changes in sales practices or terms that may require a change in accounting The nature of audit procedures refers to their effectiveness in detecting errors and fraud Confirmation with third parties is more effective in detecting errors and fraud than verbal inquiry The timing of audit procedures refers to when they are performed, usually at (1) interim, or at (2) year-end However, timing may have other aspects such as surprise procedures (unannounced to client personnel) or procedures performed after the year-end The extent of the application of procedures usually refers to the sample sizes of data examined, such as the number of customer accounts receivable to confirm, or the number of inventory types to count 3.11 “Material information” in accounting and auditing is “information that should be disclosed if it is likely to influence the economic decisions of financial statement users “Planning materiality” in an audit context is the largest amount of uncorrected dollar misstatement that could exist in published financial statements, yet they would still fairly present the company’s financial position and results of operations in conformity with GAAP 3.12 “Vouching” relates to the examination of documents Generally, items of financial information are selected from an account, and auditors then go backward through the bookkeeping-filing system to find the source documentation which supports the item selected “Tracing” essentially is the opposite direction compared to “vouching” In the process of tracing, auditors select sample items of basic source documents and proceeds forward through the bookkeeping process to find the final recording of the accounting transactions “Scanning” refers to the auditors scrutinizing documentation for unusual items and events 3.13 Auditors use eight general audit procedures to gather evidence: 1) inspection of records and documents (vouching, tracing, scanning), 2) inspection of tangible assets, 3) observation, 4) inquiry, 5) confirmation, 6) recalculation, 7) reperformance, and 8) analytical procedures One or more of these procedures may be used no matter what account balance, control procedure, class of transactions, or other information is under audit 3-6 Chapter 03 - Management Fraud and Audit Risk 3.14 Five types of general analytical procedures: Compare financial information with prior period(s) Compare financial information with budgets or forecasts Study predictable financial information patterns based on the entity’s experience Compare financial information to industry statistics Study financial information relationships to nonfinancial information 3.15 Yes, the Hylas and Ashton research brief in the chapter showed that auditors have credited discovery of errors and frauds to analytical review procedures in 27.1% of the cases in a set of audits 3.16 Auditing standards not require auditors to express planning materiality as a specific dollar amount An event or amount may be material by its significance, either quantitatively or qualitatively 3.17 An audit program is a list of the audit procedures the auditors need to perform to gather sufficient appropriate evidence on which to base their opinion on the financial statements Auditors indicate when they have performed each procedure, and where the evidence is documented Thus, audit programs are used not only for quality control and supervision, but also as documentation that the audit team is following generally accepted auditing standards 3.18 An internal control program contains the specification of procedures for obtaining an understanding of the client’s business and internal control and for assessing the inherent risk and the control risk related to the financial account balances and classes of transactions A substantive audit program contains the specification of substantive procedures for gathering direct evidence on management’s assertions (i.e., existence, occurrence, completeness, cutoff, rights and obligations, valuation and allocation, accuracy, classification, and understandability) about amounts and disclosures in the financial statements 3-7 Chapter 03 - Management Fraud and Audit Risk 3.19 Four “cycles” and accounts in them: Revenue and collection cycle Acquisition and expenditure cycle Production and conversion cycle Financing and investment cycle X X X X X X X X X X X X X X X Inventory Fixed assets Accumulated depreciation Accounts payable Accrued expenses General expense X X Cost of goods sold Depreciation expense X X X X X X X X X X X Cash Accounts receivable Allowance for doubtful accounts Sales Sales returns Bad debt expense Marketable securities Bank loans Long term notes Accrued interest Capital stock Retained earnings Dividends declared Interest expense Income tax expense SOLUTIONS FOR MULTIPLE-CHOICE QUESTIONS 3.20 3.21 a Incorrect b Incorrect c Incorrect d Correct a Correct Inherent risk is one component of the risk of material misstatement (the correct answer) Control risk is one component of the risk of material misstatement (the correct answer) Detection risk is the likelihood that the auditors will not detect misstatements that may have entered the accounting system and not been detected or corrected by the client’s internal controls This is the definition of the risk of material misstatement The risk of material misstatement is composed of inherent risk and control risk 3-8 Chapter 03 - Management Fraud and Audit Risk 3.22 3.23 3.24 3.25 3.26 a Correct b c Incorrect Incorrect d Incorrect a Incorrect b Incorrect c Incorrect d Correct a b c Incorrect Incorrect Incorrect d Correct a b Incorrect Incorrect c Incorrect d Correct b Correct Management is responsible for making the estimates in the first place, just as management is primarily responsible for all the financial statement elements Auditors need to determine the reasonableness of estimates Auditors need to determine estimates are presented in conformity with GAAP Auditors need to determine whether estimates are adequately disclosed in the financial statements Independent auditors are supposed to understand the nature of errors and frauds Independent auditors are supposed to assess the risk of occurrence of errors and frauds Independent auditors are supposed to design audits to provide reasonable assurance of detecting errors and frauds Independent auditors are not required to report all finding of errors and frauds to police authorities This is the risk of giving an inappropriate opinion This is the risk of misstatements entering the accounting system This is the risk that the client’s internal control will not detect misstatements that enter This is the risk that auditors will not detect misstatements The business situation creates inherent risk Business risk is the name for the collective risk faced by a company that engages in business It includes the probability that customers will buy from competitors, that product lines will become obsolete, that taxes will increase, that government contracts will be lost, or that employees will go on strike Control risk is a function of management’s design and operation of its internal controls Auditors are responsible for performing the evidence-gathering procedures that manage and control detection risk DR = AR/ (IRxCR) = 0.05/0.50 = 0.10 3-9 Chapter 03 - Management Fraud and Audit Risk 3.27 a Incorrect b Correct c Incorrect d Incorrect 3.28 a b c d Incorrect Incorrect Correct Incorrect These accounts are part of the acquisition cycle These accounts are part of the conversion cycles These accounts are part of the revenue cycle These accounts are part of the financing and investment cycle 3.29 a Incorrect b Incorrect c Correct d Incorrect You won’t find an unrecorded item (completeness assertion) by looking in the financial statement numbers Starting with the potentially unrecorded items is an audit for the completeness assertion, not the existence assertion You can find evidence of existence of recorded amounts by selecting from the recorded amounts (general ledger) and going back to the supporting original transaction documents Selecting from the supporting original transaction documents and going to the general ledger is an audit for the completeness assertion, not the existence assertion a Incorrect b c d Incorrect Correct Incorrect a Incorrect b Incorrect c d Correct Incorrect This is a type of “overall response”, not a “specific procedural response.” Auditors ought to direct specific procedures toward the area where the suspicion lies This is a specific procedural response mentioned in SAS 99 This is an overall response, not a “specific procedural response.” a b c d Correct Incorrect Incorrect Incorrect The objective is to perform a quality audit and keep audit risk low Control risk = is generally not warranted Inherent risk = is generally not warranted 40% audit risk is too high 3.30 3.31 3.32 An audit program does not specify audit standards All the GAAS are relevant in all audits An audit program contains specifications of procedures the auditors believe appropriate for the financial statements under audit Documentation of the assertions under audit, the evidence obtained, and the conclusions reached describe audit documentation, not audit programs Reconciliation of the account balances in the financial statements with the account balances in the client’s general ledger is one element of the content of audit documentation, not audit programs While solving for DR works mathematically, you will find that IR (not given in the problem) has to be greater than 100%, therefore the solution is not possible (Very tricky!) If control risk rises, detection risk should decrease This solution is both mathematically and practically correct If control risk rises, detection risk should decrease 3-10 Chapter 03 - Management Fraud and Audit Risk 3.46 Audit Simulation: Analysis of Accounting Estimates The company has fudged the write-offs toward being as small as possible, hoping to satisfy the auditors Taken one at a time, only the uncertainty about the deferred subscription costs is large enough to break the materiality threshold But the set of problems cannot be taken one at a time Here is a suggested low-high audit estimate: Low Estimate High Estimate Write-off deferred subscription costs (1) Provide allowance for bad debts (2) Provide for expected warranty expense (3) Lower of cost or market inventory write-down (4) Loss on government contract refund (5) $ 6,000,000 $ 4,000,000 $ 2,000,000 $ 5,600,000 $ 1,000,000 $12,000,000 $ 4,000,000 $ 6,000,000 $ 5,600,000 $ 2,000,000 Total write-offs and losses $18,600,000 $29,600,000 (1) The low estimate gives benefit of doubt to survival of the business, writing off half the deferred costs as if one-half might be written off over the next two years The company seems to have taken the 50% probability ($6 million) and allocated half to each of the two years (2) The company seems ready to provide the allowance for all the doubtful accounts receivable (3) Not much information for the audit team (such as a probability distribution) (4) It looks like the company plans to rebuild the inventory and recover as much as it can, namely the $4,400,000 that can be realized from selling the rebuilt parts, but the lower of cost or market was figured incorrectly The company seems to have subtracted the selling price ($8 million) from the inventory cost ($10 million) to get the $2 million write-down The correct calculation is: Net Realizable Value: Selling price proceeds Cost to rebuild Cost to market and ship (20% x $8 million) Ceiling (net realizable value) Floor, Subtract “normal profit” (5% x $8 million) Floor $ 8,000,000 ( 2,000,000) ( 1,600,000) $ 4,400,000 ( 400,000) $ 4,000,000 Replacement cost is apparently $6 million for the modern part, so the “market” for lower of cost or market is NRV = $4,400,000, and the inventory write-down is $10,000,000 $4,400,000 = $5,600,000 Sale of the rebuilt parts will produce zero profit in subsequent period(s): Selling price Cost of Goods Sold: Inventory sold (written-down cost) Rebuilding cost Cost to market and ship Profit 3-16 $ 8,000,000 4,400,000 2,000,000 (6,400,000) (1,600,000) -0- Chapter 03 - Management Fraud and Audit Risk (5) 3.46 For a contingency such as this government contract dispute, GAAP suggests recognizing loss at the lower end of a range for loss, so a $1 million loss provision would satisfy GAAP Audit Simulation: Analysis of Accounting Estimates (Continued) Recommended Adjustment: Management’s suggestion of $11,000,000 cost/loss recognition is not sufficient It “leaves” $7,600,000 income overstatement, even using the auditors’ low estimate of $18,600,000 Even booking the low estimate “leaves” $10,000,000 unrecognized (including the government contract contingency at $1 million instead of $2 million) The minimum adjustment, given the limited information available in this problem, is below Adequate disclosures should be made about the $6 million deferred subscription costs remaining and the prospects for the business, and about the warranty expense estimate, since these are the items that leave uncertain assets and liabilities in the financial statements Subscription expense Bad debt expense Warranty expense Cost of goods sold Government contract loss Deferred subscription costs Allowance for doubtful accounts Estimated warranty liability Inventory Estimated liability on contract 3-17 Debit $ 6,000,000 $ 4,000,000 $ 2,000,000 $ 5,600,000 $ 1,000,000 Credit $ 6,000,000 $ 4,000,000 $ 2,000,000 $ 5,600,000 $ 1,000,000 Chapter 03 - Management Fraud and Audit Risk 3.47 Audit Risk Model Evaluation of risk assessment conclusions with AR = IR x CR x DR as a model Paul is not justified in acting upon a belief that IR = He may have seen no adjustments proposed because (1) none were material or (2) Tordik’s control system has functioned well in the past and prevented/detected/corrected material errors If IR = 0, then AR = and no further audit work need be done Conservative auditing standards and practice not permit this level of (non)work based on this little evidence and knowledge Hill is not justified in acting upon a belief that CR = She may well know that Edward’s internal accounting control is exceptionally good, but (1) her review did not cover the last month of Edward’s fiscal year and (2) control procedures are always subject to lapses If CR = 0, then AR = and no further audit work need be done Conservative audit practice does not permit assessment of control risk at 0% to the exclusion of other audit procedures Insofar as audit effectiveness is concerned, Fields’ decision is within the spirit of audit standards Even if IR = and CR = 1, if DR = 0.02, the AR = 0.02 This audit risk (AR) seems quite small However, Fields’ decision may result in an inefficient audit This case was deliberately left ambiguous, without quantifying the audit risks Students will need to experiment with the model One approach is to compare the current audit to a hypothetical last year’s audit when “everything was operating smoothly.” Assume: Last Year: Current Year: AR = IR (0.50) + CR (0.20) x DR (0.20) = 0.02 AR = IR (1.0) + CR (1.0) x DR (0.25) = 0.25 Features of the hypothetical comparison: Inherent risk is greater than last year Control risk is greater than last year The audit was less extensive, possibly resulting in greater detection risk Audit risk appears to be very high An alternative analysis is that Shad perceived higher inherent and control risk early, and he did not put any audit time into trying to assess the risks at less than 100% He proceeded directly to performance of extensive substantive procedures and worked a lesser total number of hours, yet still performed a high-quality audit by keeping AR low by keeping DR low 3-18 Chapter 03 - Management Fraud and Audit Risk 3.48 Audit Procedures Types of procedures used by auditors in general, with examples: 1a Document Inspection (Vouching) • find brokers’ invoices and cancelled checks showing agreement with record amounts for securities investments 1b Document Inspection (Tracing) • select a sample of shipping documents and trace them to sales invoices, sales journal recording and posting to general ledger 1c Document Inspection (Scanning) • scan expense accounts for credit entries • scan payroll check lists for unusually large checks Inspection of tangible assets • verify existence of fixed assets by locating them Observation • observation, test-counting of client’s physical inventory-taking Confirmation • obtaining accounts receivable confirmations • obtaining client’s lawyer’s letter Inquiry and written representations • ask client personnel about accounting events • complete an internal control questionnaire • obtain written client representation letter Recalculation • recompute the client’s calculation of depreciation expense Reperformance • analyze valuation of receivables by re-aging them by due date Analytical procedures any example that fits one of these: • compare financial information with prior periods • compare financial information with budgets and forecasts • study predictable financial information patterns (e.g., ratio analysis) • compare financial information to industry statistics • study financial information in relation to nonfinancial information 3-19 Chapter 03 - Management Fraud and Audit Risk 3.49 Confirmation Procedure a An audit confirmation is a written statement to the CPA from someone external to the client on a fact which that person is qualified to affirm b The two main characteristics a confirmation should possess are: The party supplying the information requested must be knowledgeable and independent, i.e., must have knowledge of information of interest to the auditors and must be outside the scope of influence of the organization being audited, and The auditors must obtain the information directly from the informed party 3.50 Auditing an Accounting Estimate The audit problem is to develop a range of valuation of the inventory in order to evaluate management’s estimate Low High Selling price Advertising and shipping expenses $ 78,000 7,000 $ 92,000 5,000 Auditors’ estimate of the range for the inventory valuation $ 71,000 $ 87,000 a Yes, an adjustment can be proposed Loss (or Cost of Goods Sold) Inventory $ 12,000 $12,000 Write down the inventory to the nearest end of the auditors’ range ($99,000 client valuation minus the “high” end of the auditors’ valuation) b 3.51 No adjustment is necessary The management estimate of $80,000 is within the auditors’ range estimate Risk Assessment Refer to the question for the items 1-15 Discussion can range across many reasons 10 Decrease overall audit risk Increase Increase Increase Decrease No effect Decrease Increase Increase Decrease 11 12 13 14 15 3-20 Increase Increase No effect Increase Increase Chapter 03 - Management Fraud and Audit Risk 3.52 Potential Audit Procedure Failures This is a very open-ended discussion topic Students’ responses could be quite varied depending upon their experience and imagination The best classroom strategy is to start with one of the procedures, then list the students’ suggestions on the chalkboard The discussion can become very lively! 3.53 SAS 99 Review Management fraud is deliberate fraud committed by management that injures investors and creditors through materially misleading financial statements The class of perpetrators is management; the class of victims is investors and creditors; and the instrument of perpetration is financial statements Sometimes management fraud is called “fraudulent financial reporting,’’ which was defined by the National Commission on Fraudulent Financial Reporting (1987) as “intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.” Defalcation is another name for employee fraud, embezzlement, and larceny Employee fraud is the use of fraudulent means to take money or other property from an employer It usually involves falsifications of some kind false documents, lying, exceeding authority, or violating an employer’s policies Embezzlement is a type of fraud involving employees’ or nonemployees’ wrongfully taking money or property entrusted to their care, custody, and control, often accompanied by false accounting entries and other forms of lying and cover-up Larceny is simple theft for example, an employee taking an employer’s money or property that has not been entrusted to the custody of the employee b Under GAAS, auditors are responsible for assessing the risk of material misstatements due to management fraud and due to misappropriation of assets (employee fraud); consider this assessment when designing procedural responses (overall response and specific procedural response); ask management abut its understanding of fraud risk in the company; pay attention to fraud risk factors; document the risk assessment and management knowledge in the audit documentation; determine whether the company has specific control to mitigate fraud risks; consider the effectiveness of the company’s prevention, detection, and deterrence programs; perform procedures to provide a reasonable assurance of detecting material misstatements due to fraud c Characteristics of management fraud important for consideration: materiality of the effect on financial statements, the level of management involved, the extent and skillfulness of concealment, the relationship to control activities, the specific accounts affected 3-21 Chapter 03 - Management Fraud and Audit Risk 3.53 SAS 99 Review (Continued) d Concern-heightening factors: • • • • • • • • • • • • • • • • • • Management decisions are dominated by an individual or small group Managers’ accounting attitudes are unduly aggressive Managers place much emphasis on meeting earnings projections Management’s business reputation is poor Management has engaged in opinion shopping Managers are evasive responding to auditors= inquiries Managers engage in frequent disputes with auditors Managers display significant disrespect for regulatory bodies Company has a weak internal control environment Company accounting personnel are lax or inexperienced in their duties Company employs inexperienced managers Company is in a period of rapid growth Company profit lags the industry Company has going concern problems (near bankruptcy) Company is decentralized without adequate monitoring Company has many difficult accounting measurement and presentation issues The company may be offered for sale The company makes acquisitions using its stock These next “red flags” have more to with employee frauds (misappropriations of assets) than management fraud, but auditors are supposed to know about them: • • • • • • • • • • • • • • • • • • • • • • • • Missing documents Second endorsements on checks Unusual endorsements Unexplained adjustments to inventory balances Unexplained adjustments to accounts receivable Old items in bank reconciliations Old outstanding checks Customer complaints Unusual patterns in deposits in transit Cash shortages and overages Excessive voids and credit memos Customer complaints Common names or addresses for refunds Adjustments to receivables and payables General ledger does not balance Increased past due receivables Inventory shortages Increased scrap Alterations on documents Duplicate payments Employees cannot be found Second endorsements on checks Documents photocopied Dormant accounts become active 3-22 Chapter 03 - Management Fraud and Audit Risk 3.53 SAS 99 Review (Continued) e 3.54 Disclosure might be required: (1) To comply with legal and regulatory requirements (including reporting a change of auditors on SEC Form 8-K, reporting control matters and disagreements according to Item 304 of SEC Regulation S-K) (2) To report to the SEC under the requirements of the Private Securities Litigation Reform Act (when illegal acts material to the financial statements are not reported to the SEC by the company’s board of directors) (3) To respond to successor auditors’ inquiries (SAS 84) (4) To respond to a subpoena (5) To communicate with a funding or other agency when required in audits of entities that receive governmental financial assistance Internet Exercise: Audit Programs on the Internet This is an open-ended question Students’ responses could be quite varied depending upon their interests 3.55 Kaplan CPA Exam Simulation: Inherent Risk To: The President of the Ferreira Company From: Partner, Riley & Associates CPAs As one step in performing an audit to provide reasonable assurance that financial statements are presented fairly in conformity with United States generally accepted accounting principles, the CPA must make an assessment of the inherent risk that exists within the reporting entity Inherent risk is the possibility that a material misstatement will occur within the reporting entity’s accounting system Auditors normally assess inherent risk early in the audit process If inherent risk is judged to be especially high, the audit team will frequently have to compensate by decreasing detection risk (the possibility that a material misstatement will not be caught by the external auditors’ testing) to a level lower than anticipated so that overall audit risk is reduced to an acceptably low level Detection is reduced by carrying out additional substantive testing or by performing substantive testing that renders a higher quality of audit evidence Inherent risk is assessed by steps such as (a) performing analytical procedures, (b) looking at problems found in prior audits, (c) analyzing the number of accounts that require significant estimations to be made, (d) studying the quality of the accounting systems used by the company, (e) evaluating the experience, training, and competency of the individuals working with the accounting systems, and (f) analyzing the risk associated with accounts having particularly high balances or number of transactions 3-23 Chapter 03 - Management Fraud and Audit Risk 3.56 Kaplan CPA Exam Simulation: SAS 99 Fraud Guidelines The audit team should conduct the audit with professional skepticism which includes an attitude that assumes balances are incorrect until verified by the audit team by gathering evidence F Due professional care requires the audit team to exercise professional skepticism Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence Standards go on to state that auditors should neither assume that management is dishonest nor assume unquestioned honesty The fact that a company needs to obtain additional debt or equity financing to stay competitive may be a fraud risk factor T The following fraud risk factors are associated specifically with fraudulent financial reporting: Excessive pressure exists for management to meet the requirements or expectations of third parties due to the following: a) Profitability expectations of investment analysts, investors, or significant creditors b) Company needs to obtain additional debt or equity financing to stay competitive c) Company has marginal ability to meet debt repayment or other debt covenant requirements Professional skepticism should be exercised throughout the audit process T Since evidence is gathered and evaluated throughout the audit, professional skepticism should be exercised throughout the audit process The three components of the fraud triangle are incentive, opportunity and fraud risk factors (Note: The fraud triangle is discussed in Chapter 6) F The three components of the fraud triangle are incentive, opportunity and rationalization If fraud is detected and misstatement does exist, an audit team assesses if it is material If it is not material, the audit team tells management and has no other responsibility T If fraud is detected and it is deemed to be immaterial, an audit team need only inform members of management at least one level above those involved If a material problem is resolved, it is not necessary for the audit team to inform the audit committee F Even if a material problem is resolved, the audit committee of the board of directors must be informed because the issue had a significant impact on the financial reporting of the company When performing a financial statement audit, auditors are required to explicitly assess the risk of material misstatement due to fraud T AU 312 and AU 316 both required that auditors specifically assess the risk of material misstatements due to fraud and consider that assessment in designing the audit procedures to be performed 3-24 Chapter 03 - Management Fraud and Audit Risk 3.57 Kaplan CPA Exam Simulation: Financial Statement Assurance What assurance does the audit team provide that misstatements due to errors that are material to the financial statements will be detected? Reasonable AU 110 and AU316 requires the audit team to design the audit to provide reasonable assurance that material misstatements, whether caused by error or fraud, be detected What assurance does the audit team provide that misstatements that are material to the financial statements due to fraudulent financial reporting will be detected? Reasonable AU 110 and AU316 requires the audit team to design the audit to provide reasonable assurance that material misstatements, whether caused by error or fraud, be detected Fraudulent financial reporting is one of the major types of fraud What assurance does the audit team provide that misstatements due to direct-effect illegal acts that are material to the financial statements will be detected? Reasonable AU 110 requires the audit team to design the audit to provide reasonable assurance of detecting material errors, fraud and directeffect illegal acts A direct-effect illegal act is one that would have an effect on the determination of financial statement amounts What assurance does the audit team provide that misstatements that are material to the financial statements due to misappropriation of assets will be detected? Reasonable AU 110 and AU316 requires the audit team to design the audit to provide reasonable assurance that material misstatements, whether caused by error or fraud, be detected Misappropriation is one of the major types of fraud 3-25 Chapter 03 - Management Fraud and Audit Risk 3.58 Kaplan CPA Exam Simulation: Audit Risk Control risk is the possibility that a material misstatement will occur within Hardi’s accounting system F The statement is true for inherent risk Control risk, on the other hand, is the possibility that a material misstatement that has occurred will not be detected by the company’s control system A CPA performing an audit has no responsibility to look for or find illegal acts that not have a direct impact on Hardi’s financial statements T Those actions are outside the scope of the audit, and in addition, they may well be hidden However, auditors must maintain a skeptical attitude and, thus, may discover such illegal acts or situations pointing to illegal acts If a CPA discovers fraud that causes a material misstatement, then it must be reported by the CPA to Hardi’s audit committee T There should be an understanding between the audit team and the audit client as to the reporting of any other fraud that is uncovered, including fraud that causes an immaterial misstatement A CPA would increase the level of detection risk if it is found that Hardi’s accounting system is outdated or understaffed or operated by individuals lacking training and experience F Such a situation would warrant an increase in the level of inherent risk and control risk Based on the facts, it is likely that a material misstatement will occur within the company’s accounting system, and the company’s control system is incapable of detecting such a material misstatement An example of fraudulent financial reporting would be if Hardi improperly capitalized an immaterial lease in a deliberate attempt to overstate income T Fraudulent financial reporting does not only cover material misstatement; even immaterial amounts can be construed to be fraudulent financial reporting If Hardi has a management bonus based on net income, it directly suggests that a CPA should set inherent risk at maximum F Although the management bonus is a strong indicator of high inherent risk, the audit team must assess the Hardi audit on an overall basis and not make a conclusion on inherent risk based simply on one piece of information 3-26 Chapter 03 - Management Fraud and Audit Risk 3.59 Kaplan CPA Exam Simulation: Audit Risk Ridge will use statistical sampling rather than judgment sampling Decreases audit risk Detection risk decreases whenever audit team gathers more evidence or obtains evidence of a better quality Evidence is considered to be of a better quality if it is gathered using more sophisticated techniques (such as statistical sampling rather than judgment sampling) This is Ridge’s first audit of Western Increases audit risk The fact that it is a first- time audit by Ridge increases the possibility that misstatements have occurred (for both current and prior years) and will not be detected by Ridge This increases the auditors’ assessment of inherent risk Reconciliation of bank statements Decreases audit risk Based on the documentation, bank reconciliations are performed in a timely manner This decreases audit risk (In contrast, the lack of complete and timely reconciliations of assets represents inadequate internal control over assets which may increase the susceptibility of misappropriation of those assets and thus increase audit risk) There are a large number of transactions within the accounts receivable general ledger control account and its subsidiary ledgers Increases audit risk The existence of accounts with large balances or many transactions usually increases inherent risk due to the complexity of auditing them Level of turnover in the accounting department Decreases audit risk The clerk has been employed by Western for 12 years and the controller for ten years; therefore, two of the key employees have remained in their positions for a long time which indicates low turnover This would generally decrease audit risk (In contrast, a high turnover rate in the accounting department would represent a deficiency in internal accounting control and thus increase audit risk) 3-27 Chapter 03 - Management Fraud and Audit Risk 3.59 Kaplan CPA Exam Simulation: Audit Risk (Continued) The accounting system is three years old Decreases audit risk The system is not outdated (it is only three years old) and appears to be meeting Western’s needs The system was tested very recently (last year) by the prior auditors and found to be operating effectively (In contrast, an outdated accounting system would increase inherent risk) Western is the only provider of water in the three surrounding counties Has no impact on audit risk The fact that Western is the only provided of water in the three surrounding counties has no impact on audit risk The clerk handles nearly all aspects of the accounts receivable/cash receipts system Increases audit risk Because the clerk handles nearly all aspects of the accounts receivable/cash receipts system, there is a general lack of separation of duties within the accounts receivable/cash receipts application This increases control risk and audit risk Ridge bid on the audit of Western along with four other firms Ridge was selected because the audit committee determined that Ridge had the best and lowest bid Has no impact on audit risk The fact that Ridge was selected because it had the best and lowest bid has no impact on audit risk There are two new housing developments within Western’s service area, but contrary to expectations, tap-in fee income is down significantly from last year and from budget Increases audit risk Inherent risk is increased if, during the performance of analytical procedures in the initial audit planning stages, it is discovered that client balances vary significantly from the auditors’ expectations The clerk’s high level of personal debt Increases audit risk Personal debts or other financial obligations may create pressure on management or other employees (who have access to cash or other assets susceptible to theft) to misappropriate such assets In the case of Western’s clerk it represents a potential incentive or pressure, which is a fraud risk factor that increases audit risk The advanced age of the water treatment plant Has no impact on audit risk The advanced age of the plant has no impact on audit risk 3-28 Chapter 03 - Management Fraud and Audit Risk 3.60 Kaplan CPA Exam Simulation: Auditor’s Consideration of Fraud in a Financial Statement Audit The audit team has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud Because of the nature of audit evidence and the characteristics of fraud, the audit team is able to obtain reasonable, but not absolute, assurance that material misstatements are detected The audit team has no responsibility to plan and perform the audit to obtain reasonable assurance that misstatements, whether caused by errors or fraud, not material to the financial statements are detected (AU sec 110, par 2) 3.61 Kaplan CPA Exam Simulation: Illegal Acts Subject: Illegal Acts – F.D.A violations During the audit of Woodson Flavors International, we discovered that the company has several Environmental Protection Agency (E.P.A.) violations resulting in fines totaling $6,000 In accordance with U.S GAAS, the audit team does not include audit procedures specifically intended to detect illegal acts with an indirect effect Although, when other audit procedures uncover illegal acts, the audit team should apply the necessary procedures to determine whether an illegal act has occurred Further testing is now necessary because the discovery of the payment to the E.P.A indicates the possibility of an indirect illegal act 3.62 Mini-Case: Red Flags NOTE TO INSTRUCTOR: For this assignment, questions and from this Mini-Case are applicable E&Y was aware that there was an undue emphasis on analysts’ reaction to quarterly profits They were also aware of the centralized power exerted by Scrushy Other red flags included the high turnover in the CFO position, and the rapid growth in net income They also accepted explanations of whistle-blower accusations that might have revealed the fraud if followed up Auditors should understand and test controls over the consolidation process just as they over purchasing, sales, payroll, etc SAS 99 requires specific procedures to ensure against management override of controls, which occurred at the consolidation process These procedures would include reviewing the consolidation entries, adjusting journal entries, as well as the controls over such entries 3-29 Chapter 03 - Management Fraud and Audit Risk 3.63 Mini-Case: Red Flags NOTE TO INSTRUCTOR: For this assignment, question from this Mini-Case is applicable The auditors missed several red flags: • The size and location of the cash account should have been a red flag It is very unusual for a large company to have so much cash in a (foreign) bank account • Between January 2000 and September 2003, Parmalat raised more than $5 billion in debt offerings With so much cash available, why was Parmalat continuing to borrow money? • The smudged fax verifying the balance was highly suspicious Where was the original? Was it sent directly to the auditors? 3-30 ... health and safety, food and drug administration, environmental protection, and equal employment opportunity) 3.2 AICPA auditing standards require that: a audit team members have an understanding and. .. rights and obligations, valuation and allocation, accuracy, classification, and understandability) about amounts and disclosures in the financial statements 3-7 Chapter 03 - Management Fraud and. .. generally accepted auditing standards 3.18 An internal control program contains the specification of procedures for obtaining an understanding of the client’s business and internal control and for assessing