OVERVIEW

Objective

¾

To describe the auditor’s and management’s responsibilities to consider fraud and non-compliance with laws in an audit of financial statements.

FRAUD

¾ Definitions

¾ Types of fraud

¾ Management responsibilities

¾ Auditor responsibilities

¾ Discussions within team

¾ Risk assessment

¾ Significant risks and revenue recognition

¾ Response to risks

¾ Evaluation of audit evidence

¾ Management representations

¾ Communication

¾ Withdrawal

LAWS AND REGULATIONS

¾ Non-compliance”

¾ Types of laws and regulations

¾ Audit implications

¾ Management responsibilities

¾ Auditor responsibilities

¾ Indicators

¾ Discovery

1

FRAUD [ISA 240]

¾

ISA 240 The Auditor’ Responsibility to Consider Fraud in the Audit of Financial Statements distinguishes fraud from error and provides significant guidance on the auditor’s responsibilities to consider fraud in an audit of financial statements.

¾

Whilst the ISA relates to the external auditor, its guidance is equally appropriate to the internal auditor.

1.1

Definition

1.1.1

“Error”

Unintentional mistakes in financial statements, including the omission of an amount or disclosure.

Examples include:

¾

A mistake in gathering or processing data from which financial statements are prepared.

¾

An incorrect accounting estimate arising from oversight or misinterpretation of facts.

¾

A mistake in the application of accounting principles relating to measurement,

recognition, classification, presentation or disclosure.

Definition

1.1.2

“Fraud”

Intentional act of deception by one or more individuals to obtain an unjust or illegal advantage resulting in a material misstatement of the financial

statements.

¾

Fraud involves incentive or pressure to commit fraud, a perceived opportunity to do so and some rationalisation of the act.

¾

Individuals may be:

‰ involved in management or charged with governance (i.e. “management fraud”); ‰ employees (i.e. “employee fraud”); or

‰ third parties (in collusion with management and/or employees).

Example 1

Solution

¾

Alteration, falsification or manipulation of accounting records or documents

¾

Applying accounting policies inappropriately

¾

Collusion

¾

Mathematical or clerical mistakes in collecting or processing accounting data

¾

Misapplication of accounting policies

¾

Misappropriation of assets (i.e. theft)

¾

Oversight or misinterpretation of facts resulting in an incorrect accounting estimate

¾

Recording transactions without economic substance

¾

Suppression or omission of effects of transactions from

records or documents

1.2

Types of fraud

¾

There are two types of fraud which result in the misstatement of financial statements: ‰ fraudulent financial reporting; and

‰ misappropriation of assets.

1.2.1

Fraudulent financial reporting

Misstatements or omissions of amounts or disclosures intended to deceive users of financial statements.

¾

Motivated, for example, by pressures to achieve earnings target.

¾

Includes:

‰ Deception (e.g. through manipulation, falsification, forgery or alteration) of accounting records or supporting documents.

‰ Misrepresentation, or intentional omission, of disclosure of significant information. ‰ Deliberate misapplication of accounting principles affecting the measurement,

1.2.2

Misappropriation (theft) of assets

¾

Often motivated by persons “living beyond their means”, e.g.: ‰ embezzlement (of monies);

‰ stealing assets (physical) or intellectual property (e.g. copying CDs) ‰ using an entity’s tangible assets for personal benefit;

‰ causing the business to pay for goods and services not received.

¾

Theft may be, but is not necessarily, concealed by falsified records or documents.

1.3

Management responsibilities

1.3.1

Basic responsibilities

¾

Primary responsibility for prevention AND detection of fraud and error lies with management and those charged with governance.

Commentary

The respective responsibilities of management and those charged with governance (if any) may depend on the entity, voluntary codes, legal requirements, etc. Management creates the control environment. Those charged with governance oversee management.

¾

Management must place a strong emphasis on fraud prevention and establish a culture of honesty and ethical behaviour.

¾

Those charged with governance must ensure that the appropriate risk management procedures and internal control are in place, and operate. This includes compliance with applicable laws and regulations.

1.3.2

Potential for management override

¾

The auditors, and those charged with governance, must consider the potential for management override of internal control and the use of inappropriate influence over the financial reporting process (e.g. aggressive earnings management).

Example 2

Give FIVE techniques that could be used by management to override internal controls.

Solution

1.4

Auditor responsibilities

1.4.1

For prevention

¾

None. Auditors are not, and cannot be, held responsible for prevention of fraud and error.

¾

However, the external audit (as well as internal audit) may act as a deterrent.

1.4.2

For detection

¾

The auditor should consider the risk of material misstatement arising from fraud and error when:

‰ planning and performing audit procedures; and ‰ evaluating and reporting on the results thereof.

¾

Error is more likely to be detected than fraud since fraud is ordinarily accompanied by acts specifically designed to conceal its existence. For example:

‰ collusion; ‰ forgery;

‰ deliberate failure to record transactions; ‰ intentional misrepresentations to the auditor.

¾

The risk of not detecting a material misstatement arising from fraud is higher that that of not detecting a misstatement from error purely because of the nature of fraud and the way the perpetrators will attempt to conceal the fraud.

¾

Subsequent discovery of material misstatement does not, in itself, indicate audit failure (i.e. not adhering to basic principles and essential procedures). Whether or not the auditor has performed an audit in accordance with ISAs is determined by the audit procedures performed, the sufficiency and appropriateness of the evidence obtained and the auditor’s interpretation of that evidence in deriving their report.

1.4.3

Inherent limitations of an audit

¾

There is always an unavoidable risk that material misstatements resulting from fraud (and to a lesser extent error) may not be detected due to the inherent limitations of an audit.

¾

Unless the audit reveals evidence to the contrary, taking into account the auditor’s planning and performing the audit for the risk of fraud, the auditor is entitled to accept representations as truthful and records and documents as genuine.

¾

However, “the auditor should plan and perform the audit with an attitude of professional scepticism, recognizing that conditions or events may be found that indicate that fraud or error may exist”.

1.4.4

Professional scepticism

¾

Due to the characteristics of fraud, the auditor’s attitude of professional scepticism is particularly important when considering the risks of material misstatement due to fraud.

¾

Professional scepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. In appropriate circumstances, it is not a mind that will accept audit evidence at face value.

¾

Professional scepticism requires an ongoing questioning of whether the information and audit evidence obtained suggests that a material misstatement due to fraud may exist.

1.5

Discussions with the engagement team

¾

As part of the planning procedures, key members of the engagement team (e.g. the engagement partner, other assignment partners and managers) should discuss the susceptibility of the entity’s financial statements to material misstatement due to fraud.

¾

Areas covered by the discussion should, at least, cover:

‰ how and where the entity’s financial statements may be susceptible to material misstatement due to fraud;

‰ how management could perpetrate and conceal fraudulent financial reporting, and how assets of the entity could be misappropriated;

‰ the circumstances that might be indicative of aggressive earnings management;

‰ the known external and internal factors affecting the entity that may create a pressure for fraud or provide the opportunity for fraud to be perpetrated;

‰ management’s involvement in overseeing employees with access to cash or other assets susceptible to misappropriation;

‰ any unusual or unexplained changes in behaviour or lifestyle of management or employees;

‰ how unpredictability will be incorporated into the nature, timing and extent of the audit procedures to be performed;

‰ whether certain types of audit procedures are more effective than others; ‰ any allegations of fraud that have come to the their attention; and

‰ the risk of management override of controls.

1.6

Risk assessment procedures

¾

Under ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment the auditor is required to carry out a risk assessment including the possibility of material misstatement caused by fraud.

1.6.1

Inquiries of management

¾

Inquiries of management are made regarding their assessment of the risk of fraud and the controls in place to prevent and detect it.

¾

The way management approach the prevention and detection of fraud, and the actions taken should fraud occur, are indicative of management’s attitude to internal control.

¾

Discussions should also be held with management about their knowledge of actual, suspected or alleged frauds and the action they took.

1.6.2

Inquiries of those charged with governance

¾

As management are in a key position to be able to override internal control,

understanding the role of those charged with governance enables the auditor to assess the strength of the oversight procedures and the susceptibility of the entity to

management fraud.

¾

As the oversight procedures are in effect part of the entity’s internal control, the auditor should consider observing the governance process by attending appropriate meetings, reviewing reports and discussing matters directly with the audit committee.

¾

As with management, enquiries should be made of those charged with governance about their knowledge of actual, suspected or alleged fraud. The response should be compared with management’s and any inconsistencies investigated.

1.6.3

Inquiries of others

¾

Would include: ‰ internal audit;

‰ direct and indirect (of the finance function) operating personnel; ‰ those employees who deal with complex or unusual transactions; ‰ internal and external legal services; and

‰ any employee who is designated responsible for ethics and/or specific laws and regulations (e.g. the MLO – money laundering officer).

1.6.4

Consideration of fraud risk factors

¾

In understanding the entity (as well as throughout the audit process) the auditor should be aware of potential fraud risk factors (for both financial reporting and

misappropriation of assets):

‰ events or conditions that indicate an incentive or pressure to commit fraud; ‰ provide the opportunity to commit fraud; and

1.6.5

Risk factors relating to fraudulent financial reporting

¾

Incentives and/or pressure arising from:

‰ negative impact on financial stability or profitability due to political, economic, social, technological, industry, or entity operating conditions, (basically PEST risk factors);

‰ external third parties (e.g. investment analysts, banks, credit rating agencies) putting significant pressure upon management to, for example, meet forecasts;

‰ the entity’s poor financial performance placing management under personal financial pressure (e.g. personal guarantees of entity debt);

‰ those charged with governance placing management under pressure to meet financial targets, including sales or profitability incentive goals (includes pressure on operating personnel from management).

¾

Opportunities arising from:

‰ ineffective monitoring of management (e.g. poor oversight of the board by those charged with governance or of the CEO by the board);

‰ a complex or unstable organizational structure (e.g. rapid turnover of senior employees, opaque management structure with unclear lines of responsibility);

‰ deficient internal control components (e.g. lack of monitoring, lack of understanding and high turnover of key control staff.

¾

Attitude and rationalisation (eg the individual justifying their fraudulent actions and believing their actions are valid) through:

‰ ineffective communication of high ethical values (or the communication of poor ethical values) by management;

‰ failure by management or those charged with governance to take appropriate action for breaches of the entity’s rules and regulations, e.g. fraudulent expense claims, inappropriate use of company assets;

‰ known history of violations of laws and regulations that have not been identified or corrected by higher authorities;

‰ a need to maintain key performance indicators (e.g. earnings per share);

‰ a need to minimise corporate taxation failing to correct known ineffective material internal controls;

Example 3

Suggest examples of risk factors for each of the following incentive/pressure categories:

¾

Financial stability or profitability is threatened by economic, industry, or entity operating conditions

¾

External third parties, e.g. investment analysts, banks, credit rating agencies, putting significant pressure upon management

¾

The entity’s poor financial performance placing management under personal financial pressure

1.6.6

Risk factors relating to misappropriation of assets

¾

Incentives and/or pressure arising from:

‰ management or employees with financial problems (e.g. debts, divorce, drugs).

‰ deterioration of employee/employer relationship (e.g. expected or known redundancy, expected or actual negative changes in remuneration and benefits, expectations on promotions and benefits not met)

¾

Opportunities arising from:

‰ the type of assets controlled by the entity (e.g. large volumes of cash, easily convertible assets such as bearer bonds, diamonds, computer chips and precious metals and other assets with high external demand);

‰ poor internal control environment (e.g. inadequate segregation of duties or independent checks);

‰ inadequate control of senior management expenditures (e.g. travel and other re-imbursements);

‰ inadequate oversight of employees responsible for assets (e.g. inadequate supervision of remote locations);

‰ inadequate recording, tracking and physical reconciliation of assets;

‰ inadequate system of authorization and approval of transactions (e.g. purchasing and asset disposals);

‰ inadequate physical safeguards over cash, investments, inventory, or fixed assets; ‰ lack of mandatory vacations for employees performing key control functions (e.g.

minimum of two weeks and preferably over at least one month end control period);

‰ inadequate management understanding of, and controls over, information technology (e.g. a programmer is able to change a program and misappropriate company property);

‰ inadequate management understanding of complex processes carried out by employees (e.g. derivative trading).

¾

Attitude and rationalisation through:

‰ lack of respect for internal control over misappropriation of assets (e.g. ability to overriding existing controls);

‰ tolerance of petty theft (e.g. stationery, scrap metal, use of company systems for private gain);

Example 4

The size, complexity, and ownership characteristics of a business have a significant influence on the consideration of relevant fraud risk factors.

Required:

Suggest three fraud risk factors that might ordinarily be considered for a large (e.g. listed) business which may be inapplicable or less important for a smaller (e.g. unlisted) business.

Solution

¾

¾

1.6.7

Analytical review and other information

¾

Any unusual or unexpected relationships identified when using analytical review (in understanding the entity and throughout the audit process) may indicate risks of material misstatement due to fraud (e.g. fictitious sales).

¾

All information received about the entity should be considered for the risk of material misstatement due to fraud (e.g. information obtained during client acceptance

procedures, any interim engagements).

1.7

Significant risks and revenue recognition

1.7.1

Significant risks

¾

Having identified potential fraud risk factors, any risk of material misstatement at the financial statement level and the assertion level due to those factors, must be identified and classified as significant risks.

¾

ISA 315 requires that the design of controls, control activities and whether the controls have been implemented MUST be audited for all significant risks.

1.7.2

Revenue recognition

¾

Revenue recognition is always considered to be a significant risk (as it has been a major factor in many financial statement frauds).

¾

The types of revenue, revenue transactions and revenue assertions that may give rise to the risk of fraud must be considered.

¾

In the event that revenue recognition is not considered to give rise to a risk of material misstatement due to fraud, the reasons for this must be clearly documented.

1.8

Response to risk of material misstatement due to fraud

¾

Responses to the risk of material misstatement due to fraud include: ‰ considering the overall audit approach;

‰ the nature, timing and extent of substantive audit procedures;

‰ specific audit procedures to consider the risk of management override of controls.

¾

Depending on the nature of the entity and the risk identified, the planned audit

procedures may be sufficient or they may need to be revised when the risk is considered.

1.8.1

Overall audit approach

¾

Altering the nature, timing and extent of audit procedures to incorporate an element of unpredictability (from the entity’s management view point) to reflect the fact that management may be familiar with prior audit approaches, e.g.:

‰ different sample selection procedures; ‰ different locations visited;

‰ unannounced audit visits;

‰ full year end inventory count for perpetual inventory systems; ‰ some final audit work carried out at the inventory count visit.

1.8.2

Audit procedures to respond to risk of material misstatements caused by fraud

¾

The nature of audit procedures may need to be changed to obtain audit evidence that is more reliable and relevant or to obtain additional corroborative information. For example:

‰ physical inspection of at risk assets, rather than acceptance of third party confirmation;

‰ circularisation of receivables balances plus sales agreement terms (e.g. to confirm returns policies, ‘special’ discounts);

‰ specific attention paid to cut-off procedures at the year end during physical inventory observation;

‰ inquiries of non-financial personnel involved within the risk area.

¾

Timing of the procedures may need to be modified, e.g.:

‰ a full inventory count and reconciliation at the year end even though management relies on continuous inventory counting;

‰ greater detail of substantive testing conducted between the interim audit and the year end (e.g. full testing in that period rather than reliance on analytical review and reconciliation).

¾

Changing the extent of audit procedures reflects the assessment of the risks of material misstatement due to fraud, e.g.

‰ increasing sample sizes;

‰ performing analytical procedures at a more detailed level; ‰ using computer-assisted audit techniques.

1.8.3

Management override of controls

¾

ISA 240 requires that in addition to overall responses to address the risks of fraud, the following areas are specifically considered:

‰ Journal entries and other adjustments (e.g. consider volumes, values and timing);

‰ Accounting estimates (consider possible bias to “profit smooth”);

‰ Business transaction rationale (i.e. if significant transactions appear overly complex or involve special purpose entities).

1.9

Evaluation of audit evidence

¾

As the audit progresses, errors and misstatements will be uncovered. The auditor must consider whether such errors:

‰ may be indicative of fraud; and if so

‰ the implications for the audit particularly the reliability of management representations

¾

The nature and cumulative impact of errors and misstatements must also be considered as they may be indicative of fraud at a higher level.

¾

Indications of possible financial misstatements due to fraud included:

‰ discrepancies in the accounting records (e.g. unsupported transactions or last minute adjustments;)

‰ conflicting or missing evidence (e.g. no original documents when expected to exist and implausible responses from management);

Example 5

Suggest, with reasons, the audit implications of:

(a) a fraud involving misappropriations of petty cash; and

(b) fictitious sales contracts being entered into by the sales director.

Solution

(a)

Petty cash fraud

¾

¾

¾

¾

(b)

Management fraud

¾

¾

¾

1.10 Management representations (

see also Session 20)

¾

Must be in writing and cover that management:

‰ is responsible for the design and implementation of internal control to prevent and detect fraud;

‰ have disclosed to the auditor the results of their fraud risk assessment and their knowledge of any fraud or suspected fraud (or allegations thereof) that could have a material effect on the financial statements.

1.11 Communication with management and those charged with

governance

1.11.1 Of a misstatement resulting from fraud (or a suspected fraud)

1.11.2 Management

1.11.3 Those charged with

governance

1.11.4 Regulatory and

enforcement authorities

¾

Communicate factual findings if:

‰ fraud may exist (even if

potentially immaterial); or ‰ fraud exists.

¾

On a timely basis for

management to take action.

¾

Level of management depends on:

‰ nature; ‰ magnitude; ‰ frequency; and ‰ likelihood of

recurrence.

¾

Report to a level above that of persons

believed to be

implicated − otherwise seek legal advice.

¾

Report material

weaknesses in the design or

implementation of internal control to prevent and detect fraud.

¾

Communicate if fraud involves:

‰ management ‰ employee with

significant role in controls

‰ others resulting in a material

misstatement

¾

If management is

suspected of fraud: ‰ report and discuss

nature, timing and extent of audit procedures.

¾

If fraud is not material:

‰ discuss at planning stage approach to reporting.

¾

Report material

weaknesses in the design or

implementation of internal control to prevent and detect fraud.

¾

The auditor’s duty of confidentiality ordinarily precludes any reporting to a third party.

¾

If duty is overridden (e.g. by statute or courts of law) seek legal advice.

¾

Under some

jurisdictions, there may be a statutory duty to report fraud and material error to

supervisory authorities.

¾

In most cases, seek legal

advice or advice from the ACCA on the legal and ethical matters involved.

Example 6

Solution

¾

¾

¾

¾

¾

¾

1.11.5 To users of the auditor’s report

Although the auditor’s report is not explained until later (see Session 30) it should be noted that if a matter is immaterial there will be no grounds for qualifying the auditor’s report. Thus immaterial fraud and error is not drawn to the attention of the users of financial statements.

1.12 Withdrawal from the engagement

1.12.1 Exceptional circumstances

¾

Management does not take the necessary remedial action regarding fraud.

¾

Results of audit tests indicate a significant risk of material and pervasive fraud.

¾

There are significant doubts about the competence or integrity of management (or those charged with governance).

1.12.2 Factors to be considered

¾

When deciding whether or not withdrawal is appropriate:

‰ Whether management or those charged with governance are implicated. ‰ The effects on the auditor of continuing an association with the client. ‰ Any professional and legal responsibilities in such circumstances. ‰ The alternatives, if any, to withdrawal.

‰ Taking legal advice.

1.12.3 Communicating reasons

¾

If it is not possible to continue performing the audit the auditor considers:

‰ his professional and legal responsibilities (e.g. to report to those who appoint him or, in some cases, to regulatory authorities);

¾

In the event of withdrawal the auditor should:

‰ discuss the reasons for so doing with the appropriate level of management (and those charged with governance); and

‰ consider any professional or legal requirements to report his withdrawal (with reasons).

1.12.4 Inquiry from a proposed (successor) auditor

¾

The extent to which an existing auditor can advise his successor (“nominee”) depends on:

‰ whether or not the client gives permission to discuss its affairs; and

‰ ethical requirements (e.g. IFAC’s Code of Ethics for Professional Accountants (“The Code”)).

¾

On receiving an inquiry from a proposed successor auditor (in accordance with The Code) the existing auditor, should advise, with the client’s permission, any professional reasons why the nominee should not accept the appointment.

¾

If the client’s permission is not granted that fact should be disclosed to the nominee.

¾

If fraud or suspected fraud contributed to the change in appointment the existing

auditor must take care to state only the facts of the matter.

2

CONSIDERATION OF LAWS AND REGULATIONS

ISA 250 Consideration of Laws and Regulations provides extensive guidance that not only applies to the external auditor, but may also be used by the internal auditor.

2.1

“Non-compliance”

2.1.1

Meaning

Acts of omission or commission, either intentional or unintentional, which are contrary to the prevailing laws or regulations.

2.1.2

Inclusions

¾

Transactions entered into by, or in the name of, the entity or on its behalf by its management or employees.

2.1.3

Exclusions

2.1.4

Legal determination

¾

May be recognized by auditor.

¾

Generally based on advice of informed expert qualified to practice law.

¾

Ultimately determined by a court of law.

2.2

Types of laws and regulations

¾

For determining form or content of financial statements or the amounts to be recorded or disclosures to be made (e.g. “Companies Acts”).

¾

To be complied with by management or to allow conduct of business (e.g. relating to banks, financial services, insurance, chemical industry).

¾

Relating to operating aspects (e.g. occupational safety and health and equal employment).

2.3

Audit implications

¾

Financial consequences of non-compliance e.g. fines, litigation, etc.

¾

Generally, the further removed non-compliance is from the events and transactions ordinarily reflected in financial statements, the less likely the auditor is to become aware of it or to recognize its possible non-compliance.

2.4

Management responsibilities

¾

Management is responsible to ensure that operations are conducted within the laws and regulations applicable to the entity.

¾

Policies and procedures to assist management in discharging its responsibilities for the prevention and detection of non-compliance include:

‰ Monitoring legal requirements

‰ Designing systems to meet applicable legal requirements

‰ Instituting and operating appropriate systems of internal control ‰ Developing, publicizing and following a Code of Conduct ‰ Training employees

‰ Discipline employees who fail to comply with it

‰ Engaging legal advisors to assist in monitoring legal requirements ‰ Maintaining a register of relevant significant laws.

¾

In larger entities, these policies and procedures may be supplemented by assigning appropriate responsibilities to an

2.5

Auditor responsibilities

¾

Plan, perform and evaluate the audit recognising that non-compliance with laws and regulations may materially affect the financial statements.

¾

The procedures are similar to the audit approach to fraud, e.g. ‰ apply professional scepticism;

‰ obtain a general understanding of applicable laws and regulations;

‰ understand how the entity complies with those laws and regulations, the risk procedures and internal control applicable to ensuring laws and regulations are not breached;

‰ identify critical laws and regulations, i.e. those that may cause the entity to cease operations;

‰ identify instances of non-compliance with laws and regulations by, for example, inquiring of management, those charged with governance, company solicitors, inspecting of correspondence with relevant parties;

‰ be aware when auditing the financial statement assertions of the impact that breaches of laws and regulations may have on those assertions.

2.6

Indications that non-compliance may have occurred

¾

Information that may indicate potential breaches in laws or regulations includes:

‰ Investigation by government departments. ‰ Payment of fines or penalties.

‰ Payments for unspecified services or loans to consultants, related parties, employees or government employees.

‰ Excessive commissions or agent’s fees .

‰ Purchasing at prices significantly above or below market price. ‰ Unusual payments in cash or transfers to numbered bank accounts.

‰ Complex corporate structures including offshore companies where ownership cannot be identified.

‰ Unusual transactions with companies registered in tax havens. ‰ Tax evasion such as under declaring of income.

‰ Payments for goods or services made other than to the country of origin. ‰ Payments without proper exchange control documentation.

2.7

Non-compliance discovered

2.7.1

Considerations

¾

Need to understand the nature of the breach, the circumstances in which it occurred and the potential effect on the financial statements.

¾

Potential consequences include;

‰ fines ‰ penalties ‰ damages

‰ threat of expropriation of assets

‰ enforced discontinuation of operations ‰ litigation.

¾

Whether potential consequences require disclosure.

¾

Whether potential consequences are so serious as to call into question the true and fair view (fair presentation) given by financial statements.

2.7.2

Procedures

¾

Document findings − include copies of records/documents and minutes of conversations.

¾

Discuss with management.

¾

Consult with entity’s lawyer.

¾

Consider consulting with legal expert.

¾

Consider impact on other areas of the audit (e.g. need to re-assess risk.

¾

Consider whether the size and nature of the breach is such as to call into doubt management integrity and, therefore, other representations made by management.

2.8

Reporting non-compliance and withdrawal from the engagement

¾

As for fraud.

FOCUS

You should now be able to:

¾

define and distinguish between the terms “error”, “fraud” and “misstatement”;

¾

compare and contrast the respective responsibilities of management and the auditor

regarding fraud and error;

EXAMPLE SOLUTION

Solution 1 — Fraud or error

Alteration, falsification or manipulation of accounting

records or documents Fraud

Applying accounting policies inappropriately Fraud (if intended)/Error (if mistake made in ignorance)

Collusion Fraud

Mathematical or clerical mistakes in underlying records

and accounting data Error

Misapplication of accounting policies Error

Misappropriation of assets (e.g. theft) Fraud

Oversight or misinterpretation of facts Error

Recording transactions without economic substance Fraud Suppression or omission of effects of transactions from

records or documents Fraud

Solution 2 — Management override

¾

Recording fictitious journal entries, particularly close to the end of an accounting period, to manipulate operating results or achieve other objectives – such entries may need to be reversed out in the following period.

¾

Inappropriately adjusting assumptions and changing judgments used to estimate account balances (e.g. aggressive application of accounting policies).

¾

Omitting, advancing or delaying recognition in the financial statements of events and transactions that have occurred during the reporting period, e.g. recognising revenue not yet earned.

¾

Concealing, or not disclosing, facts that could affect the amounts or disclosures recorded in the financial statements (e.g. product liability suites, related party transactions).

¾

Engaging in complex transactions that are structured to misrepresent the financial position or financial performance of the entity (e.g. off balance sheet financing and the use of special purpose entities).

Solution 3 — Fraud risk factors

¾

Financial stability or profitability is threatened:

‰ High degree of competition or market saturation, accompanied by declining margins.

‰ High vulnerability to rapid changes, such as changes in technology, product obsolescence, or interest rates.

‰ Significant declines in customer demand and increasing business failures in either the industry or overall economy.

‰ Operating losses making the threat of bankruptcy, foreclosure, or hostile takeover imminent.

‰ Recurring negative cash flows from operations or an inability to generate cash flows from operations while reporting earnings and earnings growth.

‰ Rapid growth or unusual profitability especially compared to that of other companies in the same industry.

‰ New accounting, statutory, or regulatory requirements.

¾

External third parties putting significant pressure upon management.

‰ Profitability or trend level expectations of investment analysts, institutional investors, significant creditors, or other external parties (particularly expectations that are unduly aggressive or unrealistic), including expectations created by management in, for example, overly optimistic press releases or annual report messages.

‰ Need to obtain additional debt or equity financing to stay competitive, including financing of major research and development or capital expenditures.

‰ Marginal ability to meet exchange listing requirements or debt repayment or other debt covenant requirements.

‰ Perceived or real adverse effects of reporting poor financial results on significant pending transactions, such as business combinations or contract awards.

¾

The entity’s poor financial performance placing management under personal financial pressure

‰ Significant financial interests in the entity.

‰ Significant portions of their compensation (for example, bonuses, stock options, and earn-out arrangements) being contingent upon achieving aggressive targets for stock price, operating results, financial position, or cash flow.

Solution 4 — Fraud risk factors in a larger business

¾

Ineffectiveness of those charged with governance and/or the internal audit function. A small (unlisted) business is unlikely to need a separate governance function as it will be owned by the management.

¾

Lack of enforcement or monitoring of a formal (written) code of conduct. The ethical approach of management and the culture of the organisation is very often set by

example. The business will probably be small enough such that executive management has day to day contact with other managers and a significant number of employees.

¾

Domination of management by one individual. In a small business this is very often the case, but does not automatically mean high risk. By itself it does not mean a failure to display and communicate an appropriate attitude regarding internal control. BUT – it could be a potential weakness as there is the opportunity for management override. Assessment of the management integrity is critical.

¾

An ineffective budgeting system. In a smaller business, management will be able to exercise very close day to day monitoring of financial and other transactions. Because of management’s closeness to the core transactions of the business, there will be very little, if anything, going on that they do not know about.

Solution 5 — Audit implications

(a)

Petty cash fraud

¾

Little significance in assessing risk of misstatement.

¾

The amount of potential loss tends to be limited by the manner in which petty cash is funded (e.g. on an impress system)

¾

The employee with custody of petty cash usually has a low level of authority.

¾

But if the individual concerned holds a management position, the integrity of that

person has been impaired. Thus their involvement with other management areas must be carefully reviewed.

¾

The entity should carry “fidelity” insurance to cover any financial loss arising.

(b)

Management fraud

¾

The reliability of evidence previously obtained must be reassessed. In particular, concerning the completeness and truthfulness of management representations made and the authenticity of accounting records and documentation.

¾

Even if the amount is not material to the financial statements, it may be indicative of a more pervasive problem.

Solution 6 — Matters to be reported to those charged with governance

¾

Concerns about the nature, extent and frequency of management’s assessments of the controls in place to prevent and detect fraud and of the risk that the financial statements may be misstated.

¾

A failure by management to appropriately address identified material weaknesses in internal control.

¾

A failure by management to appropriately respond to an identified fraud.

¾

The auditor’s evaluation of the entity’s control environment, including questions regarding the competence and integrity of management.

¾

Actions by management that may indicate fraudulent financial reporting, such as management’s selection and application of accounting policies to manage earnings in order to deceive financial statement users.