Management Fraud and Audit Risk

Slides:



Advertisements
Similar presentations
Audit Planning With Analytical Procedures, Risk, and Materiality
Advertisements

AUDITING THE REVENUE PROCESS
Obtaining Clients Submit a proposal
6 THE AUDIT PROCESS. AUDITRESPONSIBILITIES AND OBJECTIVES AUDITRESPONSIBILITIES Audit Objective Primary objective of the audit is to express an opinion.
8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
McGraw-Hill/Irwin ©2007 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 3 Management Fraud and Audit Risk "It takes 20 years to build a.
Audit Planning and Analytical Procedures Chapter 8.
S11: Risk Based Audit Approach. Session Objectives  To define audit risks and establish the relationship between materiality and audit risk  To discuss.
Management Fraud and Audit Risk
Understanding the Client and General Planning
Planning the Audit; Linking Audit Procedures to Risk
Review of Introduction to Auditing
MODERN AUDITING 7th Edition
4-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 4 Materiality and Risk.
Auditing A Risk-Based Approach To Conducting A Quality Audit
Auditing & Assurance Services, 6e
Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett Slides prepared by Roger Simnett.
Nature of an Integrated Audit
Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 6 Audit Responsibilities and Objectives
McGraw-Hill/Irwin ©2007 by the McGraw-Hill Companies, Inc. All rights reserved. Step 5: Evaluate Audit Evidence  Discrepancies in the accounting records.
Chapter 4 Risk Assessment.
Auditing Internal Control over Financial Reporting
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 3-1 Chapter Three Risk Assessment and Materiality Chapter Three.
1 Designing Substantive Procedures The auditor “must plan and perform the audit to reduce the audit risk to an acceptably low level that is consistent.
8 - 1 ©2003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/Beasley Materiality and Risk Chapter 8.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Materiality and Risk Chapter 9.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Understanding Audit Risk Assessment
IT Auditing & Assurance, 2e, Hall & Singleton C hapter 12: Fraud Schemes & Fraud Detection.
Case 6.3 WorldCom Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill.
Evidence and Documentation
9 - 1 ©2003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 9.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Chapter 4 Risk Assessment McGraw-Hill/Irwin
Chapter 3 Audit Planning, Types of Audit Tests, and Materiality McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
AUDITING THE REVENUE CYCLE AND RELATED ACCOUNTS
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Audit Planning and Types of Audit Tests Chapter Five.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 5-1 Chapter Five Audit Planning and Types of Audit Tests Chapter.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Learning Objectives LO1 Differentiate among frauds, errors, and illegal acts that might occur in an organization. LO2 Explain the auditing standards related.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
Chapter 06 Audit Planning, Understanding the Client, Assessing Risks, and Responding McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc.
OVERVIEW THE AUDIT PROCESS Overview of the Audit Process.
Copyright © 2007 Pearson Education Canada 1 Chapter 10: Fraud Auditing.
© 2003 by the AICPA SAS 99: Consideration of Fraud in a Financial Statement Audit.
18-1 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Audit Planning. Decide whether or not to accept the prospective client Obtain knowledge of client’s business and industry Make preliminary arrangements.
SAS 99: Consideration of Fraud in a Financial Statement Audit.
Chapter 3 Audit Planning, Types of Audit Tests, and Materiality McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
and Types of Audit Tests
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
Audit Planning, Understanding the Client, Assessing Risks and Responding Chapter 6.
Internal Control Evaluation: Assessing Control Risk
Types of fraud Fraudulent Financial Reporting—An intentional misstatement or omission of amounts or disclosures with the intent to deceive users. Most.
Question 4-1 Which of the following statements concerning noncompliance by clients is correct?    A.  An auditor's responsibility to detect noncompliance.
PLANNING, MATERIALITY AND ASSESSING THE RISK OF MISSTATEMENT
Audit Planning, Types of Audit Tests and Materiality
Developing the Overall Audit Plan and Audit Program
Management Fraud and Audit Risk
Materiality and Risk Chapter 8.
Chapter 3 Management Fraud and Audit Risk
Audit Planning and Analytical Procedures
Management Fraud and Audit Risk
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Management Fraud and Audit Risk Chapter 3 Management Fraud and Audit Risk My actions are inexcusable…. I'm sorry for the hurt that has been caused by my cowardly behavior. -- Scott Sullivan, former WorldCom CFO, at his sentencing. "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - - Warren Buffet, billionaire investor McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.

Exhibit 3.1 Management Fraud Overview 3-2 Exhibit 3.1 Management Fraud Overview

Financial Statements: Errors, Frauds and Illegal Acts 3-3 Financial Statements: Errors, Frauds and Illegal Acts Errors are unintentional misstatements or omissions of amounts or disclosures in financial statements. Management Fraud is intentional misstatements or omissions of amounts or disclosures in financial statements. Direct-effect illegal acts are violations of laws or government regulations by the company or its management or employees that produce direct and material effects on dollar amounts in financial statements. "Illegal acts" (far‑removed) are violations of laws and regulations that are far removed from financial statement effects (for example, violations relating to insider securities trading, occupational health and safety, food and drug administration, environmental protection, and equal employment opportunity).

Overview of Auditors’ and Other Professionals’ Responsibilities 3-4 Overview of Auditors’ and Other Professionals’ Responsibilities External Auditors (CPAs) SAS 99: Consideration of Fraud in a Financial Statement Audit Design audit to provide reasonable assurance of detecting fraud that could have a material effect on the financial statements. Perform fraud-related procedures SAS 54: Illegal Acts Focused primarily is on direct-effect illegal acts SAS 114: “The Auditor’s Communication with Those Charged with Governance” Other Professional’s Responsibilities (Discussed later in Module D) Internal Auditors (CIAs) Internal auditors support management's efforts to establish a culture that embraces ethics, honesty, and integrity. They assist management with the evaluation of internal controls used to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are involved in any fraud investigations. Governmental Auditors Focus on laws and regulations (compliance), design audit to detect abuse and illegal acts, report to the appropriate authority Certified Fraud Examiners (CFEs) Assignments begin with predication (probable cause)

Exhibit 3.2 Considering the Risk of Fraud (SAS 99) 3-5 Exhibit 3.2 Considering the Risk of Fraud (SAS 99) Step 1: Audit team discussion (“brainstorming”) Gather information to identify risks. Identify risks. Assess risks taking into account entity’s programs and controls. Respond to results of assessment. Step 2: Identify information necessary to assess fraud risk factors Step 3: a. Identify and b. Assess fraud risk factors Step 4: Respond to risk assessment Step 5: Evaluate audit evidence Step 6: Communicate fraud matters Step 7: Document fraud matters

Step 1: Audit team discussion (“brainstorming”) 3-6 Step 1: Audit team discussion (“brainstorming”) Required procedure Objectives Gain understanding of Previous experiences with client How a fraud might be perpetrated and concealed in the entity Procedures that might detect fraud Set proper tone for engagement Discussions should be ongoing throughout the engagement

Step 2: Obtain Information to Identify Risks 3-7 Step 2: Obtain Information to Identify Risks Inquiries Management Audit committee Internal auditors Others Planning analytical procedures Net income to cash flows (total accruals to total assets) Days sales in receivables Gross margin Asset quality index (non current assets- p,p&e to total assets) Sales growth index

3-8 Step 3a: Identify Risk Factors Related to Fraudulent Financial Reporting Management’s characteristics and influence Industry conditions Operating characteristics and financial stability

Risk Factors: Management’s Characteristics and Influence 3-9 Risk Factors: Management’s Characteristics and Influence Management has a motivation to engage in fraudulent reporting. Management decisions are dominated by an individual or a small group. Management fails to display an appropriate attitude about internal control. Managers’ attitudes are very aggressive toward financial reporting. Managers place too much emphasis on earnings projections. Nonfinancial management participates excessively in the selection of accounting principles or determination of estimates. The company has a high turnover of senior management. The company has a known history of violations. Managers and employees tend to be evasive when responding to auditors’ inquiries. Managers engage in frequent disputes with auditors.

Risk Factors: Industry conditions 3-10 Risk Factors: Industry conditions Company profits lag the industry. New requirements are passed that could impair stability or profitability. The company’s market is saturated due to fierce competition. The company’s industry is declining. The company’s industry is changing rapidly.

Risk Factors: Operating Characteristics 3-11 Risk Factors: Operating Characteristics A weak internal control environment prevails. The company is not able to generate sufficient cash flows to ensure that it is a going concern. There is pressure to obtain capital. The company operates in a tax haven jurisdiction. The company has many difficult accounting measurement and presentation issues. The company has significant transactions or balances that are difficult to audit. The company has significant and unusual related-party transactions. Company accounting personnel are lax or inexperienced in their duties.

Step 3b: Assess Fraud Risks 3-12 Step 3b: Assess Fraud Risks Type of risk Significance of risk Likelihood of risk Pervasiveness of risk Assess controls and programs

Required Risk Assessments 3-13 Required Risk Assessments Presume that improper revenue recognition is a fraud risk. Identify risks of management override of controls. Examine journal entries and other adjustments. Review accounting estimates for biases. Evaluate business rationale for significant unusual transactions.

Step 4: Respond to Assessed Risks 3-14 Step 4: Respond to Assessed Risks Overall effect on audit Assignment of personnel Choice of accounting principles Predictability of auditing procedures Examination of journal entries and other adjustments Retrospective review of prior year accounting estimates Extended procedures Surprise inventory counts Contract confirmations

More Examples of Extended Procedures 3-15 More Examples of Extended Procedures Count the petty cash twice in one day. Investigate suppliers/vendors. Investigate customers. Examine endorsements on canceled checks. Add up the accounts receivable summary. Audit general journal entries. Match payroll to life and medical insurance deductions. Match payroll to social security numbers. Match payroll with addresses. Retrieve customer checks. Use marked coins and currency. Measure deposit lag time. Examine documents. Inquire, ask questions. Covert surveillance. Horizontal and vertical analysis. Net worth analysis. Expenditure analysis.

Step 5: Evaluate Audit Evidence 3-16 Step 5: Evaluate Audit Evidence Discrepancies in the accounting records. Conflicting or missing evidential matter. Problematic or unusual relationships between the auditor and management. Results from substantive of final review stage analytical procedures. Vague, implausible or inconsistent responses to inquiries.

Step 6: Communicate Fraud Matters 3-17 Step 6: Communicate Fraud Matters SAS 99: Evidence that fraud may exist must be communicated to appropriate level of management. Sarbanes Oxley: Significant deficiencies must be communicated to those charged with governance. Any fraud committed by management (no matter how small) is material.

Step 7: Document Fraud Matters 3-18 Step 7: Document Fraud Matters Discussion of engagement personnel. Procedures to identify and assess risk. Specific risks identified and auditor response. If revenue recognition not a risk—explain why. Results of procedures regarding management override. Other conditions causing auditors to believe additional procedures are required. Communication to management, audit committee, etc.

3-19 Illegal Acts Illegal acts are violations of laws or government regulations by the company or its management or employees. Direct-effect illegal acts produce direct and material effects on the financial statements (e.g., income tax evasion). Indirect-effect illegal acts are far removed from financial statement (e.g., violations relating to insider securities trading, occupational health and safety, food and drug administration, environmental protection, and equal employment opportunity).

Red Flags of Potential Illegal Acts 3-20 Red Flags of Potential Illegal Acts Unauthorized transactions. Government investigations. Regulatory reports of violations. Payments to consultants, affiliates, or employees for unspecified services. Excessive sales commissions and agents’ fees. Unusually large cash payments. Unexplained payments to government officials. Failure to file tax returns or to pay duties and fees.

Must Communicate Findings? 3-21 Exhibit 3.4 Auditor Responsibility for Detecting Errors, Frauds, and Illegal Acts   Responsible for Detection? Must Communicate Findings? Material Immaterial Errors Yes No (Audit Committee) Fraud (One level above) Illegal Acts (Direct Effect)

The AUDIT RISK MODEL (ARM) 3-22 The AUDIT RISK MODEL (ARM) Audit risk (AR) is the risk (likelihood) that the auditor may unknowingly fail to modify the opinion on financial statements that are materially misstated (e.g., an unqualified opinion on misstated financial statements.) The AUDIT RISK MODEL decomposes overall audit risk into three components: inherent risk (IR), control risk (CR), and detection risk (DR): AR = IR x CR x DR (IR x CR = Risk of Material Misstatement (RMM))

Exhibit 3.4 Inherent, Control and Detection Risk 3-23 Exhibit 3.4 Inherent, Control and Detection Risk Internal Controls Financial Statements Accounting Information System Events, Transactions Substantive Procedures INHERENT RISK The likelihood that, in the absence of internal controls, an error or fraud will enter the accounting information system CONTROL RISK The likelihood that an error or fraud will not get caught by the client’s internal controls. DETECTION RISK The likelihood that an error or fraud will not be caught by the auditor’s procedures. AUDIT RISK The likelihood that an error or fraud will occur, and not get caught by either the internal controls or auditor’s procedures. Risk of Material Misstatement (RMM)

3-24 ARM Concepts The auditor cannot affect inherent risk or control risk. The auditor can only ASSESS them. The auditor can only affect detection risk—generally by examining more evidence. Detection risk is inversely related to control risk and inherent risk. Detection risk is inversely related to competence and reliability of evidence.

3-25 Inherent Risk Inherent Risk (IR) is the likelihood that, in the absence of internal controls, a material misstatement could occur. In other words, it is a measure of the susceptibility of an account to misstatement. Factors affecting account inherent risk include: Dollar size of the account Liquidity Volume of transactions Complexity of the transactions New accounting pronouncements Subjective estimates

Other Factors Affecting Overall Inherent Risk 3-26 Other Factors Affecting Overall Inherent Risk Competition Economy Nature of Industry Management Style Leverage

Inherent Risk: General Categories of Errors and Frauds 3-27 Inherent Risk: General Categories of Errors and Frauds Invalid transactions are recorded. Valid transactions are omitted from the accounts. Unauthorized transactions are executed and recorded. Transaction amounts are inaccurate. Transactions are classified in the wrong accounts. Transaction accounting and posting is incorrect. Transactions are recorded in the wrong period.

Inherent Risk: General Categories of Errors and Frauds 3-28 Inherent Risk: General Categories of Errors and Frauds Error Examples Fraud Examples Invalid transactions are recorded A computer malfunction causes a sales transaction to be recorded twice Fictitious sales are recorded and charged to nonexistent customers Valid transactions are omitted from the accounts Shipments to customers are never recorded because of problems in the company’s information processing system Shipments are made to an employee’s friend and purposely never recorded Unauthorized transactions are executed and recorded A customer’s order is not approved for credit yet the goods are shipped, billed, and charged to the customer without requiring payment in advance Unauthorized purchases are made and shipped to an employee’s house Transaction amounts are inaccurate An employee calculates depreciation incorrectly A company “short ships” a shipment to a customer and bills the customer for the full amount ordered Transactions are classified in the wrong accounts Sales to a subsidiary company are recorded as sales to outsiders instead of intercompany sales or the amount is charged to the wrong customer account receivable record A loan to the company’s CEO (not permitted under Sarbanes-Oxley) is classified as an account receivable to conceal the transaction Transaction accounting and posting are incorrect Sales are posted in total to the accounts receivable control account, but some are not posted to individual customer account records Capital leases are accounted for as operating leases in order to keep related liabilities off the balance sheet Transactions are recorded in the wrong period The company fails to record a shipment that was sent by a supplier FOB shipping point in December, but the shipment was not received (or recorded) until January Shipments made in January (of the next fiscal year) are backdated and recorded as sales in December

3-29 Control Risk Control Risk (CR) is the likelihood that a material misstatement would not be caught by the client’s internal controls. Factors affecting control risk include: The environment in which the company operates (its “control environment”). The existence (or lack thereof) and effectiveness of control procedures. Monitoring activities (audit committee, internal audit function, etc.).

3-30 Detection Risk Detection risk (DR) is the risk that a material misstatement would not be caught by audit procedures. Factors affecting detection risk include: Nature, timing, and extent of audit procedures Sampling risk Risk of choosing an unrepresentative sample. Nonsampling risk Risk that the auditor may reach inappropriate conclusions based upon available evidence.

Detection Risk and the Nature, Timing, and Extent of Audit Procedures 3-31 Detection Risk and the Nature, Timing, and Extent of Audit Procedures Lower Detection Risk Higher Detection Risk Nature More effective tests. Less effective tests. Timing Testing performed at year-end. Testing can be performed at Interim. Extent More tests. Fewer tests.

Example of the Audit Risk Model 3-32 Example of the Audit Risk Model AR =.05 (set by firm) IR =.90 (nature of account) CR =.70 (assessed by auditor) DR =.08 [.05/(.90 X .70)] =.08 Low High Medium High

Exhibit 3.8 Matrix Approach to Detection Risk Determination 3-33 Exhibit 3.8 Matrix Approach to Detection Risk Determination   Control Risk Low Moderate High Inherent Risk Detection Risk Moderate to High Low to Moderate

More Examples 3-34 AR IR CR DR? .05 1.0 .50 Low Moderate Very Low High .10 2.0? Low Medium

3-35 Materiality Materiality refers to an amount (or transaction) that would influence the decisions of users (i.e., an amount (or event) that would make a difference). The emphasis is on user, rather than management or the audit team. Materiality Criteria: Quantitative Criteria: Absolute size Relative size Cumulative effects Qualitative Criteria Nature of the item or issue Circumstances Uncertainty Ultimately, materiality is a matter of professional judgment.

Exhibit 3.9 Materiality Table 3-36 Larger of Client Total Revenues or Total Assets is …   Over But not Over Planning Materiality Factor X Excess Over $0 $30 thousand + .0593 30 thousand 100 thousand 1,780 .0312 300 thousand 3,960 .0215 1 million 8,260 .0145 3 million 18,400 .00995 10 million 38,300 .00674 30 million 85,500 .00461 100 million 178,000 .00312 300 million 396,000 .00215 1 billion 826,000 .00145 3 billion 1,840,000 .000995 10 billion 3,830,000 .000674 30 billion 8,550,000 .000461 100 billion 17,800,000 .000312 300 billion 39,600,000 .000215 . . . 82,600,000 .000148 Source: AICPA Audit Sampling Guide, AICPA (New York, New York), 2001.

General Audit Procedures 3-37 General Audit Procedures Inspection of records and documents Vouching Tracing Scanning Inspection of tangible assets Observation Inquiry Confirmation Recalculation Reperformance Analytical Procedures

(Existence or Occurrence) 3-38 Vouching/Tracing Q: Did all recorded sales actually occur? Summary Listing [Sales Journal] Tracing (Completeness) Vouching (Existence or Occurrence) Source Documents [Shipping documents] Q: Were all sales recorded?

3-39 Audit Programs A list of the audit procedures the auditors need to perform to gather sufficient appropriate evidence on which to base their opinion on the financial statements. Each audit program is based, in part, on the output of Audit Risk Model. Generally one for each major cycle or group of related accounts. Revenue and collection (Chapter 7) Acquisition and expenditure (Chapter 8) Production (Chapter 9) Financing and investing (Chapter 10) Signed off as procedures are performed.