The auditors responsibility to consider
fraud in an audit of financial statements
Audit in a nutshell
Reality
Picture (= financial statements)
Balance sheet
Assets
Liabilities
Equity
Process
Inherent
Detection
Audit
Risk
Page 2
Control
Existence
Occurence
Valuation
Measurement
Completeness
Rights / Obligations
Presentation
Roadmap
Planning and Risk
Identification
Strategy and Risk
Assessment
Client Acceptance and
Continuance
Identify Significant
Classes of
Transactions and
Related Applications
Execution
Design Tests of
Controls
Design Test of
Controls
Conclusion and
Reporting
Prepare Summary of
Audit Differences
Understand clients
Business
Understand IT
Environment
Complexity and
Determine IT
Professional
Involvement
Understand Flows of
Transactions, WCGWs
and Controls
Execute Test of
Controls
Perform final audit
procedures
Perform Walkthroughs
Design substantive
audit procedures
Management Letter
Make Combined Risk
Assessments
Execute Substantive
Audit Procedures
Report
Identify Fraud Risks
and Determine
Responses
Determine
TE and
DeterminePM,
Materiality
SAD Nominal Amount
Page 3
Learning Objectives
►
Define fraud and distinguish between fraudulent financial reporting and
misappropriation of assets
►
Understand the board’s and management’s responsibilities and the
auditor’s responsibilities for detecting material misstatements due to fraud
►
Develop responses to identified fraud risks
►
Understand other responsibilities
Page 4
Learning Objectives
►
Define fraud and distinguish between fraudulent financial reporting
and misappropriation of assets
►
Understand the board’s and management’s responsibilities and the
auditor’s responsibilities for detecting material misstatements due to fraud
►
Develop responses to identified fraud risks
►
Understand other responsibilities
Page 5
Define Fraud and Distinguish Between Fraudulent Financial
Reporting and Misappropriation of Assets
Auditor’s responsibility is to plan and perform audits to obtain reasonable
assurance about whether the financial statements are free of material
misstatements due to errors or fraud.
ISA 240 establishes standards and provides guidance on the auditor’s
responsibility to consider fraud in an audit of financial statements, standards
and guidance are intended to be integrated into the overall audit process.
Page 6
Define Fraud and Distinguish Between Fraudulent Financial
Reporting and Misappropriation of Assets
►
“Error” refers to an unintentional misstatement in F/S.
►
“Fraud” refers to an intentional act by one or more individuals among
management, those charged with governance, employees, or third parties,
involving the use of deception to obtain an unjust or illegal advantage
(ISA 240 § 11).
►
Auditors do not make legal determinations of whether fraud has actually
occurred.
Page 7
Define Fraud and Distinguish Between Fraudulent
Financial Reporting and Misappropriation of Assets
Two types of intentional misstatements are relevant to the auditor
A.
Misstatements resulting from fraudulent financial reporting, including
omissions of amounts or disclosures in financial statements to deceive
financial statements users.
►
►
►
Accomplished by manipulation, falsification or alteration of records and
documentation, by mispresentation in or intentional omission from and by
misapplication of accounting principles.
Often involves management override of controls using techniques as changing
assumptions / judgments used to estimate account balances, recording
fictitious journal entries, concealing or not disclosing facts.
Management may take deliberate actions to meet earnings objectives that lead
to fraudulent financial reporting by materially misstating the financial
statements. Earnings management is performed in order to deceive users by
influencing their perceptions as to the entity’s performance.
Page 8
Define Fraud and Distinguish Between Fraudulent
Financial Reporting and Misappropriation of Assets
Two types of intentional misstatements are relevant to the auditor
B.
Misstatements resulting from misappropriation of assets.
Misappropriation of assets involves theft of an entity’s assets through
normally employees, in some notable cases however through top
management or others internal to the organization.
►
Misappropriation of assets is often accompanied by false or misleading
records or documents in order to conceal the theft.
Page 9
Three Conditions for Fraud Arising are Described in
ISA 240
These three conditions are the same for fraudulent financial reporting and
misappropriation of assets but the risks factors are different .
These are referred to as the fraud triangle
Incentives / Pressures
(Perceived)
Opportunities
Page 10
Attitudes /
(Some) Rationalization
Pressure / Incentive
Financial stability or profitability is threatened by economic, industry, or
entity operating conditions.
► Excessive pressure exists for management to meet the requirements or
expectations of third parties
► Information available indicates that the personal financial situation of
management or those charged with governance is threatened by the entity’s
financial performance
► There is excessive pressure on management or operating personnel to
meet financial targets established by those charged with governance,
including sales or profitability incentive goals.
► Personal financial obligations may create pressure on management or
employees with access to cash or other assets susceptible to theft to
misappropriate those assets.
►
Page 11
Pressure / Incentive
Key words:
► Meet the deadline
► Make sales quota
► Under the gun
► Don’t leave a trail
► Not comfortable
► Want no part of this
► Don’t let the auditor find out
► Budget cuts
► Change in independence auditors
Page 12
Changes in accounting regulations
► Declining customer demand
► Downsizing
► Financial targets
► Lack of demand
► Increase debt financing
► Hurry up
► Excessive reportable conditions
►
Opportunity
The nature of the industry or the entity’s operations provides opportunities
to engage in fraudulent financial reporting
► The monitoring of management is not effective
► There is a complex or unstable organizational structure
► Internal control components are deficient
► Certain characteristics or circumstances may increase the susceptibility of
assets to misappropriation
►
Page 13
Opportunity
Key words:
► Override
► Write-off
► Recognize revenue
► Special fees
► Off the books
► Cash advance
► Cut off
► Future deliver
► Deferred balance reserve
Page 14
Inconsequential
► Margin level
► Multiple deliver
► Pool share
► Multiple element
► Revenue share partner
► Smooth earnings
► Pull earnings forward
►
Rationalization
Communication, implementation, support, or enforcement of the entity’s
values or ethical standards by management, or the communication of
inappropriate values or ethical standards, that are not effective
► The owner-manager makes no distinction between personal and business
transactions
►
Page 15
Rationalization
Key words:
► I think it’s okay
► Sounds reasonable
► I deserve
► Everybody does it
► Nobody will find out
► Fix it later
► Worth it
► Entitled
Page 16
I didn’t get my bonus
► It’s not fraud
► Gray area
► It’s only a timing difference
► Part of my job
► I am not hurting anyone
► Accounting estimates
► I don’t get enough
►
Learning Objectives
►
Define fraud and distinguish between fraudulent financial reporting and
misappropriation of assets
►
Understand the board’s and management’s responsibilities and the
auditor’s responsibilities for detecting material misstatements due to
fraud
►
Develop responses to identified fraud risks
►
Understand other responsibilities
Page 17
Management’s and Board’s Responsibilities
►
“Primary responsibility for the prevention and detection of frauds rests
with both those charged with governance of the entity and with
management” (ISA 240 § 4).
►
“It is important that management, with oversight from those charged with
governance, place a strong emphasis on fraud prevention…, and fraud
deterrence by …
►
►
►
Creating and maintaining a culture of honesty and ethical behavior
Evaluating fraud risks and implementing programs and controls to mitigate the
identified risks
Establishing a control environment and maintaining policies and procedures to assist
in achieving the objective of ensuring, as far as possible, the orderly and efficient
conduct of the entity’s business”.
Page 18
Understand the Auditor’s Responsibilities
When obtaining reasonable assurance, an auditor maintains an attitude of
professional skepticism (ISA 240 § 12) throughout the audit, recognizing
the possibility that a material misstatement due to fraud could exist. Due to
the characteristics of fraud, the auditors attitude of professional skepticism
is particularly important when considering the risk of fraud.
Professional skepticism is an attitude that includes a questioning mind and a
critical assessment of audit evidence.
ISA 240 provides additional guidance on considering the risks of fraud in an
audit and designing procedures to detect material misstatements due to
fraud.
Page 19
Understand the Auditor’s Responsibilities
Information used to assess fraud risk is summarized below
Communication
among audit team
Inquiries of
management
Risk
factors
Analytical
procedures
Identified risks of material misstatements due to fraud
Page 20
Other
information
Understand the Auditor’s Responsibilities
►
Discussion among the engagement team as required by ISA 315
“Understanding the entity and its environment and assessing the risks of
material misstatements”.
► The discussion occurs with a questioning mind that address:
►
►
►
how and where audit team members believe the entity’s financial statements
might be susceptible to material misstatements due to fraud, including
consideration of known external and internal factors affecting the entity,
how management could perpetrate and conceal fraudulent financial reporting,
and
how assets of the entity could be misappropriated.
Page 21
Understand the Auditor’s Responsibilities
►
Inquiries of management regarding management’s own assessment of
the risk of fraud and the controls in place to prevent and detect it.
►
►
The auditor should also inquire about any information reported by management to
the audit committee about fraud risks and related controls.
Making inquiries of other within the entity, in addition to management may provide
auditors with a perspective that is different from management, and those responsible
for the financial reporting process.
(Internal audit personnel, operating personnel, in-house legal counsel, chief ethics,
compliance officer, chief risks officer).
Page 22
Understand the Auditor’s Responsibilities
►
The auditor should understand how those charged with governance
exercise oversight of management’s processes for identifying and
responding to the risks of fraud in the entity and understand the internal
control to mitigate these risks.
►
►
The audit committee often assumes an active role in overseeing management’s fraud
risk assessment and response processes.
ISA 240 requires also the auditor to inquire whether those charged with governance
have knowledge of any actual, suspected or alleged fraud affecting the entity.
Page 23
Understand the Auditor’s Responsibilities
►
ISA 240 requires the auditor to evaluate whether fraud risk factors exist
that indicate incentives or pressures to perpetrate fraud, opportunities, to
carry out fraud, or attitudes or rationalizations used to justify a fraudulent
action.
►
►
Fraud risk factors cannot easily be ranked in order of importance and the significance
of fraud risk factors varies in assessing the risks of material misstatement.
Size, complexity and ownership characteristics of the entity have a significant influence
on the consideration of relevant fraud risk factors.
Page 24
Understand the Auditor’s Responsibilities
►
Analytical procedures performed during planning may be helpful in
identifying unusual or unexpected relationships or events that might
indicate material misstatements, involving particularly revenue accounts.
►
The auditor ordinarily presumes that there are risks of fraud in revenue
recognition and considers which types of revenues may give rise to such
risks. The comparison of sales volume based on recorded revenue with
actual production capacity could reveal revenues beyond the capacity.
Page 25
Learning Objectives
►
Define fraud and distinguish between fraudulent financial reporting and
misappropriation of assets
►
Understand the board’s and management’s responsibilities and the
auditor’s responsibilities for detecting material misstatements due to fraud
►
Develop responses to identified fraud risks
►
Understand other responsibilities
Page 26
Develop Responses to Identified Fraud Risks
►Change
►
►
►
►
the overall conduct of the audit
Assignment and supervision of personnel
Careful consideration of management’s choice of accounting principles (subjective
measurements, complex transactions).
Incorporate unpredictability in the audit plan
ISA 330 “The auditor’s procedures in response to assessed risks” requires the
auditor to perform substantive procedures that are specifically responsive to risks
that are assessed as significant risks.
Page 27
Develop Responses to Identified Fraud Risks
Design and performed audit procedures to address fraud risks at the
assertion level
► Obtain evidence that is more reliable and relevant (i.e. physical observation,
inspection, gather more evidence on data by the use of computer assisted audit
techniques)
►
►
►
►
Timing of procedures
Increasing sample sizes
Performing analytical procedures at a more detailed level
Obtain additional corroborative information (i.e. confirmation not only of
outstanding amounts but also of details of sales agreements, right of return and
delivery terms)
►
Examples of possible procedures are presented in Appendix 2 to ISA 240.
Page 28
Develop Responses to Identified Fraud Risks
►
Design and perform procedures to address management override of
controls
►
►
►
Examine using professional judgment the appropriateness of journal entries recorded
in the general ledger or adjustments to amounts reported in the financial statements
that are not reflected in formal journal entries such as through consolidating
adjustments and reclassifications. The auditor should first obtain and document an
understanding of the entity’s financial reporting process and the controls over
journal entries and other adjustments.
Review accounting estimates for possible bias. The auditor is required to
“look-back” at significant prior year estimates to identify any changes that might
indicate a possible bias in management’s judgments and assumptions.
Evaluate the business rationale for significant transactions. Determine whether the
accounting treatment is appropriate and whether information is adequately disclosed
in financial statements.
Page 29
Learning Objectives
►
Define fraud and distinguish between fraudulent financial reporting and
misappropriation of assets
►
Understand the board’s and management’s responsibilities and the
auditor’s responsibilities for detecting material misstatements due to fraud
►
Develop responses to identified fraud risks
►
Understand other responsibilities
Page 30
Understand Other Responsibilities
►
The auditor should obtain appropriate written representations from
management. In addition to acknowledging its responsibility for the
financial statements, management should acknowledge its responsibility
for internal control designed and implemented to prevent and detect fraud.
►
Communications with the appropriate level of management, as well as
senior management and those charged with governance as soon as
practicable when the auditor determines that fraud may be present.
Page 31
Thank you for your attention
Questions
Page 32