AUDIT OF THE REVENUE CYCLE

(1)

407

C H A P T E R

AUDIT OF THE REVENUE

CYCLE 12

STANDARDS REFERENCED IN THIS CHAPTER

CAS 240—The auditor’s responsibilities relating to fraud in an audit of financial statements

CAS 505—External confirmations

CAS 540—Auditing accounting estimates, including fair value accounting estimates and related disclosures ASPE 3400—Revenue IFRS 15—Revenue from Contracts with Customers We have looked at the planning of the audit, including the risk

assessment process, and considered how the auditor develops a sampling strategy for tests of controls and substantive tests.

We now will apply all of this to developing an audit strategy for a specific cycle. We start with the most significant cycle for most organizations—revenue.

Fictitious Revenue at Poseidon Concepts

On February 6, 2015, after conducting a joint investigation with the SEC, the Alberta Securities Exchange (ASC) released a statement alleging that a once promising oilfield services company, Poseidon Concepts Corp., had issued fraudulent financial statements that overstated revenue by $106 million. Regulators alleged that Joe Kostelecky, an executive vice-president based in the United States, had directed junior accounting staff to book revenue without signed contracts and had made false assur- ances to senior accounting staff that the contracts were valid, existing, and collectible.

Poseidon had two types of arrangements with customers—day-to-day rentals based solely upon actual usage, and take-or-pay contracts that guaranteed access to a set of tanks at a discounted rate for a certain period of time. In the take-or-pay contracts, customers were obligated to pay Poseidon whether or not they took delivery of the tanks or used the tanks. During the first two

LEARNING OBJECTIVES

After studying this chapter, you should be able to:

1 Understand and explain the revenue process.

2 Identify inherent risk factors and determine significant risks in the revenue cycle.

3 Evaluate key controls for the revenue cycle and assess control risk.

4 Use professional judgment to develop an audit approach (strategy) for the revenue cycle.

5 Design tests of control for the revenue cycle.

6 Design substantive tests, including audit data analytics, to address the various assertions in the revenue cycle.

7 Design fraud procedures for the revenue cycle.

continued >

(2)

CHAPTER 12 I AUDIT OF THE REVENUE CYCLE

408

quarters of 2012, Kostelecky pressured the invoicing clerk to book take-and-pay revenue despite the lack of documentation to support the revenues she was asked to book.

The revenue fraud was uncovered when a new operations controller started to question Kostelecky regarding the collectibility of take-or-pay receivables from U.S. customers, which had grown by over 500 percent in comparison to the previous year. In response to the controller’s inquiries for supporting documentation, the invoicing clerk provided him with a list of contracts that she had booked. Only 12 of the 54 contracts were fully executed agreements. The CFO decided to contact customers directly. In an email to the CFO, the controller noted, “Lots of calls being made, lots of blank stairs [sic] and head scratching from our customers’ end . . . In a lot of cases I have been talking to customers who we have millions of dollars in receivable balances [sic] who have no idea who Poseidon is.”

At that point, the company hired EY to perform a forensic review. As a result, the company restated its financial results for the first three quarters of 2012 and informed the public and the securities regulators of the fraud. Share prices plummeted by more than 95 percent and Poseidon subsequently filed for bankruptcy. Kostelecky agreed to pay $75 000 to settle allegations with the SEC. In March 2017, the ASC found Kostelecky guilty of fraud and, in its decision, it stated,

“Kostelecky engaged in what we termed . . . a campaign of disinformation.” Earlier, three other executives reached a settlement with the ASC and agreed to pay a combined total of $375 000 after admitting they filed financial statements that wildly overstated the company’s revenue. However, the ASC found Kostelecky to be the “source” and “primary cause” of Poseidon’s breach of securities law. At the time of writing, the ASC had not announced Kostelecky’s punishment. Kostelecky is also facing criminal charges in the United States. If convicted, he faces a maximum penalty of 20 years in prison on each count and maximum total fines of $6.25 million. Although neither securities regulator charged the auditors (KPMG), class action lawsuits totalling $650 million are still pending.

Sources: Dan Healing, “ASC files new charges against failed Poseidon Concepts,” Calgary Herald, February 6, 2015. Janet McFarland, “Former Poseidon executive settles with SEC over fraud allegations,” Globe and Mail, February 6, 2015. Janet McFarland, “Former Poseidon executives reach settlement with ASC over allegations” Globe and Mail, June 16, 2016.

Amanda Stephenson, “Poseidon Concepts’ executive obviously deceitful in breach of securities law: ASC,” Calgary Herald, March 17, 2017. United States District Court for the District of North Dakota Southwestern Division, Securities and Exchange Commission Versus Joseph A. Kostelecky, February 6, 2015.

LO 1 Understand and explain the revenue process.

Revenue cycle—the decisions and processes necessary for the transfer of the ownership of goods and services to customers after they are made available for sale; it begins with a request by a customer and ends with the conversion of material or service into an account receivable, and ultimately into cash.

continued

Figure 12-1 provides an overview of the audit process for the revenue cycle. In the remainder of the chapter, we will explain each of the various steps in the process. To help understand the logic of the process, you can refer to Figures 7-3 and 8-2.

Revenue is, for most organizations, one of the largest accounts and an important driver of the organization’s results. For that reason, it is usually the most important cycle in the financial statement audit. We begin the chapter with a description of the revenue process. In order to assess RMM at the assertion level, it is necessary to understand revenue process, the entity, and its environment, as well the applicable accounting framework. Based upon this assessment of RMM at the assertion, the audit team will determine the audit approach for the revenue cycle, develop an appropriate risk response at the assertion level, and gather the audit evidence. Finally, the audit team will evaluate the results, adjust the audit approach if necessary, and conclude as to whether the classes of transactions, account balances, and disclosures of the revenue cycle are fairly stated.

OVERVIEW OF THE REVENUE PROCESS

The revenue cycle, also referred to as the revenue, receivables, and receipts cycle, involves the decisions and processes necessary for the transfer of the ownership of goods and services to customers after they are made available for sale. It begins with

M12_AREN1983_15_SE_C12.indd 408 25/03/21 9:43 AM

(3)

409 a request or order by a customer (or a customer selecting and picking up a product) and ends with the conversion of material or service into an account receivable or cash.

Classes of Transactions, Accounts Balances, and Disclosures

Figure 12-2 shows typical accounts included in the revenue cycle using T-accounts.

The nature of the accounts may vary, of course, depending on the industry and client involved. There are differences in the nature and account titles for a service industry, a retail company, and an insurance company, but the key concepts remain the same. To provide a frame of reference for understanding the material in this chapter, let’s assume we’re dealing with a wholesale merchandising company like Hillsburg Hardware.

Figure 12-2 shows the way accounting information flows through the various accounts in the revenue cycle. This figure shows that there are five classes of transactions in the revenue cycle:

1. Sales (cash and sales on account) 2. Cash receipts

Classes of transactions in the revenue cycle—the categories of transactions for the sales and collection cycle in a typical company: sales, cash receipts, sales returns and allowances, write-off of uncollectible accounts, and bad-debt expense.

Client Acceptance

Audit Planning

Assess Risk of Material Misstatement

Develop Risk Response

Perform Risk Responses

Conclusion

Reporting

Documentation Ethical requirements and

quality control

Specific Considerations:

Understand entity and environment and accounting framework

Apply materiality

Determine significant classes of transactions, account balances, and disclosures

Assess risk of material misstatement at assertion level

• Assess inherent risk at assertion level taking into account controls audit intents to test

• Determine Significant Risks

• Identify Relevant Controls to mitigate those risks

Determine audit approach (strategy) for revenue cycle

Develop response at assertion level

• Design tests of controls (if plan to rely upon controls)

• Design substantive analytical procedures

• Design substantive tests of details (mandatory if material)

• Design fraud-related substantive procedures (required unless revenue recognition is not a significant risk)

Gather audit evidence

• Perform test of controls (if applicable)

• Perform substantive analytical procedures

• Perform substantive tests of details Evaluate results and adjust audit approach if necessary

• Determine Significant Risks Identify Relevant Controls to mitigate those risks

Professional skepticism, professional judgment Communicate with management and those in charge of governance as required

Materiality: Revenue and/or accounts receivable are typically the most material accounts in the financial statements.

Significant Risks: Standards require the auditor to assume a high fraud risk for revenue recognition (occurrence and cutoff assertions).

High-risk assertions are typically occurrence/existence for revenue/accounts receivable, cutoff of revenue, sales returns and allowance, and valuation of accounts receivable.

Multi-element contracts, subscription/usage-based billing, and royalty/licensing models typically increase the risk of revenue recognition.

Key Controls: Auditors are especially concerned about the following: controls that prevent and detect fraud, controls over occurrence and cutoff of revenue, controls related to cash receipts, and controls related to allowance for doubtful accounts.

Figure 12-1 Summary of the Audit Process for the Revenue Cycle

(4)

410

3. Sales returns and allowances 4. Write-off of uncollectible accounts 5. Estimate of bad-debt expense

Figure 12-2 also shows that, with the exception of cash sales, every transaction and amount is ultimately included in one of two balance sheet accounts—accounts receivable or allowance for uncollectible accounts. For simplicity, we assume that the same internal controls exist for both cash and credit sales. Figure 12-3 summarizes the classes of transactions, account balances, and disclosures, and their related assertions for the revenue cycle. While the audit team must obtain sufficient appropriate evidence for all assertions, recall auditors focus their efforts on the relevant assertions—those assertions that have a high risk of material misstatement. In the case of the revenue cycle, the relevant assertions are the occurrence, accuracy, and cutoff of revenues, and the existence, right to, and valuation and allocation of receivables.

Note this is a generalization based upon where fraud and error often occur. As we go through the chapter, we will discuss this in more depth.

Table 12-1 lists the common business processes and typical documents and records related to the revenue, receivables, and receipts process. The first row relates to sales transactions (as described in Figure 12-2) and the other rows relate to the remaining classes of transactions—cash receipts, sales returns and allowances, charge-off of uncollectible accounts, and bad-debt expense. Before auditors can assess control risk and design tests of controls (if applicable) and substantive tests, they need to understand how transactions are processed.

Processing Customer Orders

Figure 12-4 provides an overview of the how sales transactions are processed, which is initiated by the customer placing an order. Legally, an order is an offer to buy goods

Cash sales Gross

sales

Bad debts Sales returns and allowances Cash discounts

taken Cash in bank

Ending balance Bad debts Beginning balance Write-off of

uncollectible accounts

Allowance for uncollectible accounts Charge-off of

uncollectible accounts Sales returns and allowances

Cash receipts

Ending balance Beginning balance

Accounts receivable

Sales on account Sales on

account

Figure 12-2 Classes of Transactions and Account Balances in the Revenue Cycle

M12_AREN1983_15_SE_C12.indd 410 25/03/21 9:43 AM

(5)

411 under specified terms. The receipt of a customer order often results in the immediate creation of a sales order. In a retail environment, the customer order is absent as the customer picks up the product and takes it to a point-of-sale terminal.

Customer Order A customer order is a request for merchandise by a customer. It may be received by telephone, by letter, or as a completed printed form that has been sent to prospective and existing customers, through salespeople, through electronic submission of the customer order through the internet, or through another network linkage between the supplier and the customer.

Classes of Transactions and Disclosures

• Sales

• Cash Receipts

• Sales Allowance and Returns

• Write-off uncollectible Accounts

• Bad-Debt Expense

• Revenue Disclosures

Related Assertions

• Occurrence

• Completeness

• Accuracy

• Cutoff

• Classification

• Presentation

Account Balances and Disclosures

• Accounts Receivable

• Allowance for Doubtful Accounts

• Accounts Receivable Disclosures

Related Assertions

• Existence

• Rights and Obligation

• Completeness

• Valuation and Allocation • Valuation at historical cost • Valuation at net realizable value

• Presentation

Figure 12-3 Classes of Transactions, Account Balances, and Disclosures, and Related Assertions in the Revenue Cycle

Classes of Transactions Account Balances Business Processes Documents and Records

Sales Accounts receivable Processing customer orders

Approving credit Shipping goods

Billing customers and recording sales

• Customer order or sales order

• Shipping documents

• Sales invoice

• Sales transaction file

• Sales journal or listing

• Customer master file

• Accounts receivable trial balance

• Customer monthly statement Cash receipts Cash in bank (debits from

cash receipts) Accounts receivable

Processing and recording cash

receipts • Remittance advice

• Prelisting of cash receipts

• Cash receipts transaction file

• Cash receipts journal or listing Sales returns and allow-

ances Accounts receivable Processing and recording sales

returns and allowances • Credit memo

• Sales returns and allowances journal Write-off of uncollectible

accounts Accounts receivable

Allowance for doubtful accounts

Writing off uncollectible accounts

receivable • Uncollectible account authorization

• formGeneral journal Bad-debt expense Allowance for doubtful

accounts Providing for bad debts • General journal

Table 12-1 Classes of Transactions, Account Balances, Business Processes, Related Documents and Records for the Revenue Cycle

(6)

412

Sales Order A sales order is a document for communicating the description, quantity, and related information for goods ordered by a customer. This is often used to indicate credit approval and authorization for shipment.

Approving Credit

Before goods are shipped, a properly authorized person must approve credit to the customer for sales on account. Weak practices in credit approval often result in excessive bad debts and accounts receivable that may be uncollectible. Salespeople do not perform the credit check because their performance incentives would likely impact their credit decisions. (Note: This separation of tasks is segregation of duties.) An indication of credit approval on the sales order often serves as the approval to ship the goods. In some companies, the computer automatically approves a credit sale based on preap- proved credit limits maintained in a customer master file. The computer allows the sale to proceed only when the proposed sales order total plus the existing customer balance is less than the credit limit in the master file. Once the balance approaches the credit limit, exception reports are produced for the credit manager to review and approve.

Shipping Goods

This critical function is the first point in the cycle at which the company gives up assets. Most companies recognize sales when goods are shipped. A shipping document is prepared at the time of shipment, which can be done automatically by a computer, based on sales order information. The shipping document, which is often a multi-copy bill of lading, is essential to the proper billing of shipments to customers. Companies that maintain perpetual inventory records also update their inventory records based on shipping records.

Shipping Documents Once the credit department approves the order, it is sent to shipping, which prepares the shipping documents. The shipping documents initiate shipment of the goods, indicating the description of the merchandise, the quantity shipped, and other relevant data. The company sends the original to the customer and retains one or more copies. Two key shipping documents are the packing slip and the bill of lading.

The packing slip is a document that describes the goods being shipped. The bill of lading serves as acknowledgment for receipt of goods for delivery by the carrier. The bill of lading is often transmitted electronically—once goods have been shipped—and automatically generates the related sales invoice as well as the entry in the sales journal. Many companies use bar codes and handheld computers to record removal of inventory from the warehouse. This information is used to update the perpetual inventory records.

Billing Customers and Recording Sales

Because billing customers is the means by which the customer is informed of the amount due for the goods, it must be done correctly and on a timely basis. Billing the proper amount is dependent on charging the customer for the quantity shipped at

Customer Sales

Department Credit

Department Shipping Accounts

Receivable

Processing customer orders

Approving

Credit Shipping

Goods Billing customers and recording sales

Accounting

Figure 12-4 An Overview of Processing Sales Transactions

M12_AREN1983_15_SE_C12.indd 412 25/03/21 9:43 AM

(7)

413 the authorized price, which includes consideration for freight charges, insurance, and terms of payments. The most important aspects of billing are as follows:

• All shipments made have been billed. (completeness)

• No shipment has been billed more than once. (occurrence)

• Each shipment is billed for the proper amount. (accuracy)

In most systems, billing of the customer includes preparation of an electronic record or a multi-copy sales invoice and real-time updating of the sales transactions file, accounts receivable master file, and general ledger master file for sales and accounts receivable. The accounting system uses this information to generate the sales journal and, along with cash receipts and miscellaneous credits, to prepare the accounts receivable trial balance.

Sales Invoice A sales invoice is a document or electronic record indicating the description and quantity of goods sold, the price, freight charges, insurance, terms, and other relevant data. The sales invoice is the method of indicating to the customer the amount of a sale and the payment due date. Companies send the original to the customer, and retain one or more copies. Typically, the computer automatically prepares the sales invoice after the customer number, quantity, destination of goods shipped, and sales terms are entered. The computer calculates the invoice extensions and total sales amount using the information entered, along with prices in the inventory master file.

Sales Transaction File This is a computer-generated file that includes all sales transactions processed by the accounting system for a period, which could be a day, week, or month. It includes all information entered into the system and information for each transaction, such as customer name, date, amount, account classification or classifications, salesperson, and commission rate. The file can also include returns and allowances, or there can be a separate file for those transactions.

The information in the sales transaction file is used for a variety of records, listings, or reports, depending on the company’s needs. These may include a sales journal, accounts receivable master file, and transactions for a certain account balance or division.

Sales Journal or Listing This is a listing or report generated from the sales transaction file that typically includes the customer name, date, amount, and account classification or classifications for each transaction, such as division or product line. It also identifies whether the sale was for cash or accounts receivable. The journal or listing is usually for a month but can cover any period of time. Typically, the journal or listing includes totals of every account number for the time period. The same transactions included in the journal or listing are also posted simultaneously to the general ledger and, if they are on account, to the accounts receivable master file. The journal or listing can also include returns and allowances, or there can be a separate journal or listing of those transactions.

Accounts Receivable Master File This is a computer file used to record individual sales, cash receipts, and sales returns and allowances for each customer and to maintain customer account balances. The master file is updated from the sales, sales returns and allowances, and cash receipts computer transaction files. The total of the individual account balances in the master file equals the total balance of accounts receivable in the general ledger. A printout of the accounts receivable master file shows, by customer, the beginning balance in accounts receivable, each sales transaction, sales returns and allowances, cash receipts, and the ending balance.

Accounts Receivable Trial Balance This list or report shows the amount receivable from each customer at a point in time. It is prepared directly from the accounts receivable master file and is usually an aged trial balance that includes the total balance outstanding and the number of days the receivable has been outstanding, grouped by category of days (such as less than 30 days, 31 to 60 days, and so on).

(8)

414

Monthly Statement This is a document sent electronically or by mail to each customer, indicating the beginning balance of the account receivable, the amount and date of each sale, cash payments received, credit memos issued, and the ending balance due. It is, in essence, a copy of the customer’s portion of the accounts receivable master file.

The four remaining parts of the process involve collecting and recording cash, processing sales returns and allowances, writing off uncollectible accounts, and providing for bad-debt expense.

Processing and Recording Cash Receipts

Processing and recording cash receipts includes receiving, depositing, and recording cash. Cash includes both currency and cheques. A potential fraud risk is the possi- bility of theft. Theft can occur before receipts are entered in the records, referred to as skimming. It is the single most common form of cash misappropriation when employees steal incoming funds. The term comes from the fact that the money is taken off the top, the way cream is skimmed from milk. The risk of theft is reduced in the handling of cash receipts when cash handling is separated from deposit and recording in the accounts, and when all cash must be deposited in the bank and recorded on a timely basis.

Remittance Advice A remittance advice is a document mailed to the customer and typically returned to the seller with the cash payment. It indicates the customer name, the sales invoice number, and the amount of the invoice. A remittance advice is used as a record of the cash received to permit the immediate deposit of cash and to improve control over the custody of assets. If the customer fails to include the remittance advice with the payment, it is common for the person opening the mail to prepare one at that time.

Prelisting of Cash Receipts This is a list prepared when cash is received by someone who has no responsibility for recording sales, accounts receivable, or cash and who has no access to accounting records. It is used to verify whether cash received was recorded and deposited at the correct amounts and on a timely basis.

Many companies use a bank to process cash receipts from customers. In other cases, receipts are submitted electronically from a customer’s bank account to a company bank account through the use of electronic funds transfer (EFT). When customers purchase goods by credit card, the issuer of the credit card uses EFT to transfer funds into the company’s bank account and the bank provides information to the company to prepare the cash receipt entries in the accounting records.

Cash Receipts Transaction File This is a computer-generated file that includes all cash receipts transactions processed by the accounting system for a period, such as a day, week, or month. It includes the same type of information as the sales transaction file.

Cash Receipts Journal or Listing This listing or report is generated from the cash receipts transaction file and includes all transactions for a time period. The same transactions, including all relevant information, are included in the accounts receivable master file and general ledger.

Processing and Recording Sales Returns and Allowances

When a customer is dissatisfied with the goods, the seller often accepts the return of the goods or grants a reduction in the charges. The company prepares a receiving report for returned goods and returns them to storage. Returns and allowances are recorded in the sales returns and allowances transaction file, as well as the accounts receivable master file. Credit memos are issued for returns and allowances to aid in maintaining control and to facilitate record-keeping.

Skimming—a common form of cash misappropriation in which the employees steal incoming funds prior to their being recorded in the accounting records.

M12_AREN1983_15_SE_C12.indd 414 25/03/21 9:43 AM

(9)

415 Credit Memo A credit memo indicates a reduction in the amount due from a customer because of returned goods or an allowance. It often takes the same general form as a sales invoice, but it supports reductions in accounts receivable rather than increases.

Sales Returns and Allowances Journal This is the journal used to record sales returns and allowances. It performs the same function as the sales journal. Many companies record these transactions in the sales journal rather than in a separate journal.

Writing Off Uncollectible Accounts Receivable

Regardless of the diligence of credit departments, some customers do not pay their bills. After concluding that an amount cannot be collected, the company must write it off. Typically, this occurs after a customer files for bankruptcy or the account is turned over to a collection agency. Controls in this area are very important because it can be used as a way to hide embezzlement of cash.

Uncollectible Account Authorization Form This is a document used internally to indicate authority to write an account receivable off as uncollectible.

Providing for Bad Debts

Because companies cannot expect to collect on 100 percent of their sales, accounting principles require them to record bad-debt expense for the amount they do not expect to collect. Most companies record this transaction at the end of each month or quarter.

CONCEPT CHECK

C12-1 List the five classes of transactions for the revenue cycle. For each category, describe how the completeness assertion is relevant to that transaction.

LO 2 Identify inherent risk factors and determine significant risks in the revenue cycle.

IDENTIFY INHERENT RISK FACTORS AND DETERMINE SIGNIFICANT RISKS

Understand the Entity, Its Environment, and the Revenue Process

In order to understand each organization’s unique process of earning and recognizing revenue it is necessary to have an understanding of the entity and its environment.

Recall from Chapter 6, the audit team will perform risk assessment procedures to form an understanding of industry, regulatory environment, and general economic factors, ownership structure, management and governance, business model, and performance measures. These risk procedures involve inquiry, visiting the client prem- ises, walk-throughs, reviewing minutes and significant contracts, and preliminary analytical review, which can also be audit data analytics (ADAs).

Preliminary Analytical Review Through understanding of the entity and its environment, the auditor can develop expectations of total revenue, gross margins, and net receivables, which will assist in performing preliminary analytical procedures. Pre- liminary analytical procedures help the auditor to identify potential misstatements and the relevant assertions. Table 12-2 presents examples of the major types of ratios and comparisons for the revenue cycle that could be used for planning purposes, and potential misstatements that may be indicated by the analytical procedures.

Figure 12-5 is an excerpt from the working paper that documents the preliminary analytical review conducted for Hillsburg Hardware’s revenue cycle. You will note that analysis requires not simply making comparisons from year to year, but seeing whether

(10)

416

the results make sense in relation to the auditor’s knowledge of the business model, the industry, the general economic environment, and relevant performance measures, as well as analyzing the relationships among the various ratios. Analytical procedures should also consider more than financial performance data and should incorporate nonfinancial data that is relevant to the industry (such as sales per square foot).

In today’s rapidly changing audit environment (think of the COVID pandemic), effective analysis of either analytical procedures or audit data analytics is only possible if the auditor has a good understanding of the entity and its environment. Therefore, the auditor will need to tailor analytical procedures to the client’s industry that compare revenues with the relevant performance measures to provide a meaningful basis to assess revenue, gross margins, and net receivables.

Audit Data Analytics as Risk Assessment Procedures As we have discussed in earlier chapters, ADAs can be effectively used to identify significant risks of misstatement.

For example, an ADA can be used to break down revenue by customer demographic, by invoice, and in aggregate for the year. This type of risk assessment procedure read- ily identifies high-value invoices and high volumes of sales to customers and helps to verify the auditor’s understanding of the key customers and the revenue process. It can also be useful in identifying areas where there is a potential higher risk of fraud.

Understand the Applicable Accounting Framework

Given that revenue is a core process of all organizations, it is not surprising that revenue recognition is often a key audit matter. In order to assess the client’s revenue recognition policies, the auditor must be knowledgeable about the revenue requirements of the relevant accounting framework. In Canada, IFRS is required for publicly accountable entities and optional for private companies. The IFRS standard, IFRS 15, Revenue from Contracts with Customers, focuses on the core principle that revenue is recognized when there is a transfer of control. This is significantly different than ASPE, which is based upon transfer of risks and rewards. Figure 12-6 presents a five- step model of IFRS 15 to determine when to recognize revenue (occurrence), and at what amount (accuracy/valuation).

In order to be able to assess the client’s revenue recognition policy, the auditor must be knowledgeable about the client’s business model, the industry, and the client’s different types of sales or service contracts. This includes understanding the client’s key products and services that affect revenue, including key contractual arrangements.

Analytical Procedure for Planning Possible Misstatement and Related Classes of

Transactions and/or Account Balances Relevant Assertion Evaluate the ratio of returns and allowances to sales. Could indicate unusual sales arrangements and

possible over or understatement of revenue Occurrence or completeness Compare bad-debt expense as a percentage of gross

sales with that of previous years. Uncollectible accounts receivable that have not been provided for could indicate understatement of account receivable

Valuation (net realizable)

Compare number of days that accounts receivable

are outstanding with that of previous years. Overstatement or understatement of allowance for

uncollectible accounts and bad-debt expense Valuation Compare aging categories as a percentage of

accounts receivable with those of previous years. Overstatement or understatement of allowance for

uncollectible accounts and bad-debt expense Valuation Compare allowance for uncollectible accounts as a

percentage of accounts receivable with that of previous years.

Overstatement or understatement of allowance for

uncollectible accounts Valuation

Evaluate cash receipts collected after year-end to

cash receipts during the year. If slow, may indicate special sales arrangements, and

potential overstatement of revenue Occurrence Table 12-2 Analytical Procedures for Planning the Revenue Cycle

M12_AREN1983_15_SE_C12.indd 416 25/03/21 9:43 AM

(11)

417 Hillsburg Hardware Limited

June 30, 2020

Comparative Information Dollar Amounts (in thousands) 30-06-20

(projected) Gross sales

Sales returns and allowances Gross profit Accounts receivable Allowance for

Uncollectible accounts

$144 328 1 242 39 845 20 197 1 240

30-06-19

(audited) 30-06-18

(audited) Percentage

Change 2020–2019

Percentage Change 2019–2018

Prepared by: F.M.

Approved by: L.N.

Bad-debt expense Total current assets Net earnings before taxes and extraordinary items Number of accounts receivable

3 323 51 027 6 401 415 Number of accounts

receivable with balances over $150 000

19

$132 161 935 36 350 17 521 1 311 2 496 49 895 4 659 385 17

$123 438 753 33 961 13 852 1 283 2 796 49 157 3 351 372 16 9.2%

32.8 9.6 15.3 (5.4) 33.1 2.3 37.4 7.8 11.8

3.5 6.3 7.1%

24.2 7.0 26.5 2.2 (10.7) 1.5 39.0

Gross profit/net sales Sales returns and allowances/gross sales

Allowance for uncollectible accounts/accounts receivable Number of days’ receivables outstanding

30-06-20 (projected) 30-06-19 (audited) 30-06-18 (audited)

Bad-debt expense/net sales

Net accounts receivable/total current assets

Evaluation of Results

Profit margins have remained steady and there do not appear to be any potential misstatements, with the exception of accounts receivable as explained below.

• The allowance as a percentage of accounts receivable has declined from 7.5 percent to 6.1 percent;

however, the number of days’ receivables outstanding and economic conditions due to pandemic do not justify this change.

The potential misstatement is approximately $282 758 ($20 197 000 × [0.075 – 0.061] = Total accounts receivable times the percentage decline).

Conclusion:

Based upon specific performance materiality for revenue of $265 000 the unexplained difference is material.

Further follow-up is necessary, particularly related to the allowance for doubtful accounts.

2.3%

6.1%

27.8%

0.9%

48.1 37.2%

27.7%

0.6%

9.3%

39.6 2.3%

25.6%

27.7%

0.7%

7.5%

43.6 1.9%

32.5%

Figure 12-5 Analytical Review Working Paper

(12)

418

Although the risk of material misstatement in the revenue cycle is dependent upon the specific circumstances of the client, high revenue recognition risk companies are often companies that use multi-element contracts, subscription/usage-based billings, and royalty/licensing models. These business models increase RMM in the occurrence assertion because of the complexity in the processing of the sales transactions—

specifically billings and revenue recognition are managed separately.

Consider Auditing in Action 12-1, which is an excerpt from the FIFA auditor’s report describing the risks related to the organization’s adoption of IFRS 15 in 2016.

Naturally, the auditors would need a thorough understanding of IFRS in order to evaluate the application of the policy.

Identify Inherent Risk Factors

Based upon its understanding of the revenue process, the audit team identifies inherent risk factors, those events or conditions that affect risk of material misstatement before the consideration of controls. For complex revenue transactions, auditors should make inquiries to marketing and sales personnel and/or in-house legal counsel of their knowledge of unusual terms or conditions. Auditors will also need to read sales contracts (for terms and responsibilities of the buyer and seller). If the transactions are complex, it is necessary to ensure that the engagement is staffed with appropriate personnel (for instance, more experienced auditors should be assigned to the revenue stream, as should those with industry-specific experience). In some cases, auditors may need to refer to outside specialists or other knowledgeable people within their firm who are not involved in the engagement.

Below is an excerpt from the Auditor’s Report for FIFA, explaining why revenue recognition is high-risk at FIFA.

Appropriateness and Application of the New Revenue Recog- nition Policy

FIFA has a four-year revenue cycle, which is dominated by the FIFA World Cup™. Consequently, FIFA usually signs major contracts for television broadcasting rights, marketing rights, licensing rights and hospitality rights for at least a full four-year cycle. The timing of revenue recognition for each revenue type and contract may differ considerably.

The core principle of IFRS 15 is that an entity recognizes revenue to depict the transfer of promised services to customers in an amount that reflects the consideration it expects in exchange for those services.

There are three elements to this new standard that are critical to FIFA’s revenue recognition:

1) Recognize revenue over time or at a point in time;

2) Identify separate performance obligations (i.e., a promise to transfer a distinct service or series of distinct services) within the contracts to which revenue should be allocated;

3) Determine the value of each of the identified performance obligations.

We considered revenue recognition and the application of this new standard to be a key audit matter because of the risk of material misstatements in the financial statements given the complexity of the contracts concerned and the judgements and estimates required of management.

Source: FIFA Financial Report 2016.

AUDITING IN ACTION 12-1

Complex Contracts Increase Revenue Recognition Risk at FIFA

Identify the contract

Identify the performance

obligations

Determine the transaction price

Allocate the transaction price to

the performance obligation

Recognize revenue when each performance obligation is satisfied Figure 12-6 IFRS 15—The Five-Step Model of Revenue Recognition

M12_AREN1983_15_SE_C12.indd 418 25/03/21 9:44 AM

(13)

419 Table 12-3 summarizes the relevant inherent risk factors and provides examples of possible events or conditions that may indicate risks of misstatement at the assertion level related to the classes of transactions, account balances, and disclosures of the revenue cycle.

Relevant Assertions-Revenue Because management usually has more incentive to overstate revenues than to understate them, the relevant assertions for revenue are occurrence and cutoff. One obvious example of incentive is management compensa- tion (bonuses or stock options) being tied to certain earnings targets. Another example is the role of financial analysts and other market participants, who place increasing emphasis on revenue growth, which pressures management of public companies to overstate revenue. Or, there may be considerable pressure to meet earnings forecasts.

For example, as described in Auditing in Action 12-2, Nortel management had made growth predictions that would have been very difficult to achieve.

Relevant Inherent Risk Factor Possible events or conditions Examples of increased RMM at assertion level

Complexity Regulatory • Some industries, such as construction, have significant legal compliance issues, which impacts when to recognize revenue (occurrence) and estimating receivables (valuation).

Business Model • An organization that has significant revenue transactions with related-party transactions may have increased risk in accuracy and valuation assertions as well as completeness of the relevant disclosures.

Applicable Accounting

Framework • The application of IFRS 15 is complex and will increase risk for revenue recognition (occurrence)—see Auditing in Action 12-1.

Transactions • A complex revenue contract will increase risk for revenue recognition—see Auditing in Action 12-1.

Subjectivity Applicable Accounting

Framework • With the significant impact of COVID on certain industries, historical trend information is likely to no longer be applicable, resulting in a considerable estimation uncertainty in the allowance for doubtful accounts and other estimates associated with the revenue cycle (for instance, returns or breakage rates in the case of gift cards or risks related to advance sales).

Change Economic Conditions • With the COVID pandemic, the airline industry has been significantly impacted. As a result, there have been significant changes in ticketing practices, and it is questionable whether customer contracts are enforceable, which affect the timing and amount of revenue to be recognized.

Applicable Accounting

Framework • Application of new accounting pronouncements increase risk of material misstatement (see Auditing in Action 12-1 regarding FIFA’s adoption of IFRS 15).

Uncertainty Reporting • It is common in the real estate industry to recognise revenue over time (per IFRS 15. 35(c)). However, this approach can only be applied when the entity has an enforceable right to payment.

With the COVID pandemic causing significant financial distress for many customers, it is likely this criterion is no longer met, which means the entity would recognise revenue at a point in time.

Susceptibility to misstatement due to management bias or other fraud factors risk

Reporting • Revenue transactions and recognition policies create opportu- nities for management and employees to engage in fraudulent financial reporting. See discussion below regarding fraud factors.

Transactions • Significant related-party transactions increase the opportunity for fraud.

• Significant nonroutine or non-systematic transactions, including related-party transactions and large revenue transactions, at year-end increase the risk of fraud.

Table 12-3 Identifying Inherent Risk Factors in the Revenue Cycle

(14)

420

Relevant Assertions-Accounts Receivable Usually, the primary assertions at risk for accounts receivable are existence and valuation. Existence of accounts receivable is directly related to occurrence of sales—if a valid sale did not occur, then a valid receivable does not exist. Similarly, if the company has a high incidence of sales returns (as a result of its return policy or because it has issues with product quality), then it is possible that some receivables are not valid. Valuation is considered high risk mainly because of the judgment involved in evaluating net realizable value (specifically the allowance for doubtful accounts). Valuation would also be high risk if collectibility were questionable. For instance, a client may have adopted liberal credit policies in order to increase sales.

In some circumstances, rights and obligations may also be a concern. Some companies factor their accounts receivable in order to meet cash flow needs. The factor, which is a specialized financial intermediary that purchases accounts receivable at a discount, typically charges interest on the advance plus a commission. The price paid for the receivables is discounted from their face amount to take into account the like- lihood of uncollectibility of some of the receivables. If the receivables are sold without recourse, then the factor bears the credit risk (and the rights and obligations); however, if the receivables are sold with recourse, the credit risk (rights and obligation) remains with the client. As you can imagine, these are important details that financial statement users would want to know.

Some inherent risk factors affecting accounts receivable and related assertions include the following:

• Long-term contracts increases the risk that receivables are misclassified—Classi- fication Assertion.

• Receivables are pledged as collateral, assigned to someone else, factored, or sold (restrictions must be disclosed)—Rights and Obligation Assertion.

Nortel, once Canada’s tech giant and the favourite of investors and analysts, orchestrated several revenue-boosting schemes in order to meet its earnings forecasts. In total, Nortel’s revenue-boosting schemes overstated its 2000 revenues by approximately $1.4 billion. In 2007, the SEC announced that Nortel paid $35 million to settle financial fraud charges in relation to its revenue-fraud schemes.

One example is its use of “vendor financing,” whereby Nortel aggressively offered millions of dollars of credit to customers, which some claim were uncreditworthy, so that they could buy Nortel products. As one former employee of Nortel noted, “It allows you to hit your sales objectives. All of this was driven by bonuses and objectives in stock prices.” Another way the company boosted its revenue was through the use of bill-and-hold arrangements, whereby it recorded undelivered inventory sitting in storage as revenue. This change of accounting policy mainly affected Nortel’s optical revenue—a metric watched closely by Wall Street. One project manager, who reported his concerns to the SEC, saw that the company had recorded $900 million in revenue for products that not only had not been built, but had not even been scheduled to be engineered.

The Nortel saga highlights several risk factors that should increase auditors’ professional skepticism regarding revenue recognition. One obvious red flag was the change of accounting policy regarding bill-and-holds. Other red flags were the various bonus plans and the pressure to meet earnings forecasts. Cou- pled with this, at the time of its revenue boosts, Nortel was suf- fering serious losses due to the widespread economic downturn that impacted the entire telecommunications industry. The auditors had also reported material control weaknesses in their audit report on internal controls over financial reporting—another factor that increases the risk of misstatement. Further, the tone at the top was one that encouraged the manipulation of financial results to meet earnings targets. As one former employee noted,

“It becomes part of the culture where numbers become more important than the truth.”

Sources: Bruce Livesey, The Thieves of Bay Street, Toronto: Vintage Canada, 2013. Theresa Tedesco, “Nortel trial to open old wounds,”

Financial Post, January 12, 2012. Securities and Exchange Com- mission, “Nortel Networks pays $35 million to settle financial fraud charges,” Litigation Release 2007–2017, October 15, 2007.

AUDITING IN ACTION 12-2

Giving Revenue a Boost at Nortel

M12_AREN1983_15_SE_C12.indd 420 25/03/21 9:44 AM

(15)

421

• Payment is not required until the purchaser sells to its end customers—Existence Assertion.

• Collection of the receivable is contingent upon future events (e.g., certain royalty arrangements)—Existence Assertion.

• Sales are made to customers with high credit risk—Existence Assertion.

Determine Significant Risks

Recall from Chapter 7, significant risks are those assessed inherent risks that are close to the upper end of the spectrum on inherent risk. They are those risks that have a higher magnitude of potential misstatement and a higher probability of occurring than other inherent risk factors. If we refer back to Table 12-3, all the examples would likely be considered significant risks.

Significant risks often relate to significant nonroutine transactions that occur infre- quently or to judgmental matters, such as accounting estimates with significant mea- surement uncertainty. For example, auditors are likely to consider material revenue contracts that appear to be overly complex with no apparent business rationale to be a significant risk (and likely a significant fraud risk). Other indicators that an inherent risk factor is a significant risk:¹

• Management is placing more emphasis on the need for a particular accounting treatment than on understanding the economics of the transaction.

• Transactions with nonconsolidated related parties are not properly reviewed or approved by those in charge of governance.

• Transactions with previously unidentified related parties that do appear to have the substance or financial strength to support the transaction without the support of the entity under audit.

As we have discussed in previous chapters, auditing standards require for all significant risks, the audit team must understand and evaluate of the entity’s controls relevant to those significant risks and perform substantive tests related to assertions deemed to have significant risks (CAS 300). While significant risks will vary from entity to entity, Table 12-4 summarizes a selection of risks of error or fraud in the revenue cycle.

Risk of Revenue Recognition Fraud For most audits, revenue recognition (overstatement of revenue) is a treated as significant risk as required by CAS 240. Analytical procedures are helpful in highlighting potential warning signals or symptoms of risk of revenue fraud, including the following:

• Gross margins decreasing while sales are increasing could signal a side agreement for a special discount.

• Unusually high returns could be caused by a channel stuffing arrangement or other side agreement permitting reseller returns of unsold goods.

• Unexplained differences in physical inventory counts might indicate that a bill- and-hold fraud is taking place.

• Buildup of aged accounts receivable balances might be caused by backdating agreements, side agreements, or channel stuffing arrangements.

• An unusual spike in sales just before the end of the reporting period could indicate that revenue is being recognized prematurely or in the incorrect period.

Fraud Schemes Revenue is susceptible to manipulation for several reasons. Over- statement of revenues often increases net income by an equal amount because related costs of sales are often not recorded for fictitious or prematurely recognized revenues.

1 International Auditing and Assurance Standards Board, Auditor Considerations Regarding Unusual or Highly Complex Transactions, New York: IAASB, 2010.

CAS

(16)

422

Common revenue manipulations are listed below (you will note that the two key assertions are occurrence and cutoff):

• Fictitious revenues or sham sales (occurrence assertion): As in the case of Poseidon Concepts in the opening vignette, documents supporting fictitious sales could be created; inventory records and shipping documents may also be falsi- fied. (A review of 2014 SEC enforcement cases found that outright fabrication of sales records is a common type of revenue fraud.)²

• Premature revenue recognition (occurrence and cutoff assertions): Sales can be recorded even though the sales involved unresolved contingencies (such as customer acceptance, right of return, etc.).

• Round-tripping or recording loans as sales (occurrence assertion): Round- tripping involves recording sales by shipping goods to alleged customers and then providing funds to pay back the company.

• Improper cutoff of sales (cutoff assertion): Subsequent period sales are recorded as current period sales.

• Improper recording of sales from “bill-and-holds” that do not meet criteria for revenue recognition (occurrence and (possibly) cutoff assertions): As highlighted in Auditing in Action 12-2, companies may make arrangements with customers for early billing and then hold the goods for shipping. Unless the customer has requested such an arrangement and there appears to be a legitimate business reason, these types of arrangements generally do not meet the revenue recognition criteria.

• Side arrangements that change the original terms of sale (such as a consignment arrangement or generous right of return), or not meeting requirements for recording revenue (occurrence assertion): Management or sales representatives design “side contracts” with customers that contravene the company’s normal business practice and revenue recognition policy.

• Manipulation of adjustments and estimates: Returns and allowances are not recorded or are understated (completeness assertion for returns and allowances, valuation and/or existence for accounts receivable); or bad debts are understated (valuation assertion for accounts receivable).

Risks of Error Misappropriation of Assets,

Other Fraud, or Illegal Acts Fraudulent Financial Reporting

• Orders are shipped to a customer with a bad credit rating.

• There is incorrect recognition of revenue percentage for long-term contracts or complex revenue arrangements.

• Sales are recorded twice (duplicated) or acciden- tally omitted.

• Sales are recorded for the incorrect quantity or the incorrect price.

• Inventory is stolen and the sale is recorded as a fictitious sale (no shipping document).

• Revenue is recorded when goods have not been delivered.

• Consignment sales are intentionally recorded as revenue.

• Fictitious revenue transactions are recorded and reported.

• There is improper (and intentional) recording of transactions that do not meet revenue recognition criteria (e.g., terms of sale are not completed, unresolved contingencies exist, improperly accelerating the estimated percentage of completion).

• There is improper (and intentional) recording of bill-and-hold transactions.

• Subsequent period revenue is deliberately recorded in the current period.

• Financing transactions (borrowings) are recorded as revenue.

• Goods never ordered by the customer are shipped, or defective products are shipped but revenues are recorded at the full amount.

• Channel stuffing: Inventory is shipped to customers with favourable terms, such as right of return, so that the client retains risks of ownership.

• Long-term service revenue (such as the provision of maintenance) is intentionally recorded as current revenue and receivable.

Table 12-4 Examples of Risks of Error or Fraud in the Revenue Cycle

2 Nicolas Morgan and Shauna Watson, “Revenue recognition changes could spur SEC fraud probes,” CFO.com, December 12, 2014, accessed August 15, 2017, at http://ww2.cfo.com/gaap -ifrs/2014/12/revenue-recognition-changes-spur-sec-fraud-probes/.

M12_AREN1983_15_SE_C12.indd 422 26/03/21 10:32 PM

(17)

423 Another common fraud scheme (in the misappropriation of assets category) is lapping of accounts receivable, which involves the postponement of entries for the collection of receivables in order to conceal the embezzlement of cash. Lapping is most likely to occur if there is lack of segregation of duties— for example, if the person who handles cash receipts also has access to the accounting records (meaning he or she has the ability to enter the cash receipts into the computer system). He or she takes the cash, defers recording the cash receipts from one customer, and covers the shortages with the receipts of another customer. These receipts, in turn, are covered in the accounting records from the receipts of a third customer a few days later. The employee must continue to cover the shortage through repeated lapping, replace the stolen money, or find another way to conceal the shortage.

Lapping of accounts receivable—the postponement of entries for the collection of receivables to conceal an existing cash shortage; a common type of defalcation.

CONCEPT CHECK

C12-2 Why is occurrence a high-risk assertion for revenue?

C12-3 Why is accounts receivable often an important account to audit?

C12-4 Why is valuation a high-risk assertion for accounts receivable?

LO 3 Evaluate key controls for the revenue cycle and assess control risk.

ASSESS CONTROL RISK

Figure 9-2 provides an overview of the factors the audit team considers in deciding to test effectiveness of controls. First, the team will obtain an understanding of the entity-level and general controls, those controls that are pervasive and affect multiple transaction cycles. The team will also obtain an understanding of those control activities that are relevant to the audit and consider “what can go wrong” at the assertion level.

Evaluate Key Controls and Assess Control Risk

As highlighted in Chapter 9, auditors focus on key controls for revenue—those controls that are expected to have the greatest impact on reducing risk of material misstatement in classes of transactions and relevant assertions. Knowledge of the following control activities assists in identifying the key controls and deficiencies:

• Separation of duties. Separation of entry of sales data from entry of cash receipts (to prevent theft of cash and then hiding it in the records); separation of credit limit approval from sales (because sales employees may receive bonuses based upon sales and could be motivated to provide higher credit limits to unworthy customers); independent verification of key data, such as credit limits and other master file data, control totals, and journal entries such as bad-debt write-offs.

• Proper authorization. Authorization by management or independent individuals should be provided and documented for (1) credit prior to a sale; (2) removal of goods for shipment; and (3) sales prices, terms, and charges, to ensure that only authorized goods are shipped at appropriate prices to customers who are good credit risks.

• Adequate documents and records. Accurate, complete transactions that cannot be altered should be retained in paper or electronic format that documents the sales-related business events (orders, shipments, sales, returns, credits, adjustments, and master file changes) and can be traced from origin to the general ledger accounts.

• Sequentially numbered documents. Automatic sequential numbering that is accounted for and monitored should be present for all transaction types (invoices/credit notes, shipments, adjustments, and master file changes).

• Mailing of statements. Whether electronic mailing or through traditional mail, mailing and the entry of sales or cash receipts should be two independent processes (so that customers could report unusual entries in their statements).

(18)

424

• Independent verification processes. Whether handled by people or by software, verification can involve checking numerical continuity, matching of orders to shipments to invoices, and production of exception reports for independent follow-up.

After auditors identify key controls and control deficiencies, auditors assess control risk for the transaction assertions.

Determine Extent of Tests of Controls

Recall from Chapter 9, auditors perform tests of controls in two situations:

1. There are risks for which substantive procedures are not sufficient (when the process is highly automated). You will note in the Hillsburg overall audit strategy working paper (Figure 10-2), the audit team identified revenue transactions that were highly automated and did not leave an audit trail; therefore, tests of controls would be performed.

2. If the auditors plan to test the effectiveness of controls. To make this decision, auditors must determine the cost–benefit of testing controls—meaning whether substantive tests will be reduced sufficiently to justify the cost of performing tests of controls.

The extent of tests of controls is determined by planned reliance on controls (which would mean a control risk assessment of moderate or low). If control risk is low, the number of expected deviations is low, which decreases the sample size. Other factors that affect the extent of control testing is the frequency of the control, length of period, whether other tests of controls are being performed for that particular assertion, and the relevance and reliability of the audit evidence (see Table 9-4).

LO 4 Use professional judgment to develop an audit approach (strategy) for the revenue cycle.

CONCEPT CHECK

C12-5 What are the three types of misstatements that are associated with the occurrence assertion for sales?

DETERMINE AUDIT APPROACH FOR REVENUE CYCLE

Recall from Chapter 10 that the planned reliance on controls determines whether the auditor will use a combined or substantive audit approach. As we have learned to date, this risk response can vary wid