The auditors responsibility to consider fraud in an audit of financial statements

Transcription

1 The auditors responsibility to consider fraud in an audit of financial statements

2 Audit in a nutshell Reality Picture (= financial statements) Balance sheet Assets Liabilities Equity Process Detection Inherent Audit Risk Control Existence Occurence Valuation Measurement Completeness Rights / Obligations Presentation Page 2

3 Roadmap Planning and Risk Identification Strategy and Risk Assessment Execution Conclusion and Reporting Client Acceptance and Continuance Identify Significant Classes of Transactions and Related Applications Design Tests of Controls Design Test of Controls Prepare Summary of Audit Differences Understand clients Business Understand IT Environment Complexity and Determine IT Professional Involvement Identify Fraud Risks and Determine Responses Understand Flows of Transactions, WCGWs and Controls Perform Walkthroughs Execute Test of Controls Design substantive audit procedures Perform final audit procedures Management Letter Determine PM, Materiality TE and SAD Nominal Amount Make Combined Risk Assessments Execute Substantive Audit Procedures Report Page 3

4 Learning Objectives Define fraud and distinguish between fraudulent financial reporting and misappropriation of assets Understand the board s and management s responsibilities and the auditor s responsibilities for detecting material misstatements due to fraud Develop responses to identified fraud risks Understand other responsibilities Page 4

5 Learning Objectives Define fraud and distinguish between fraudulent financial reporting and misappropriation of assets Understand the board s and management s responsibilities and the auditor s responsibilities for detecting material misstatements due to fraud Develop responses to identified fraud risks Understand other responsibilities Page 5

6 Define Fraud and Distinguish Between Fraudulent Financial Reporting and Misappropriation of Assets Auditor s responsibility is to plan and perform audits to obtain reasonable assurance about whether the financial statements are free of material misstatements due to errors or fraud. ISA 240 establishes standards and provides guidance on the auditor s responsibility to consider fraud in an audit of financial statements, standards and guidance are intended to be integrated into the overall audit process. Page 6

7 Define Fraud and Distinguish Between Fraudulent Financial Reporting and Misappropriation of Assets Error refers to an unintentional misstatement in F/S. Fraud refers to an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage (ISA ). Auditors do not make legal determinations of whether fraud has actually occurred. Page 7

8 Define Fraud and Distinguish Between Fraudulent Financial Reporting and Misappropriation of Assets Two types of intentional misstatements are relevant to the auditor A. Misstatements resulting from fraudulent financial reporting, including omissions of amounts or disclosures in financial statements to deceive financial statements users. Accomplished by manipulation, falsification or alteration of records and documentation, by mispresentation in or intentional omission from and by misapplication of accounting principles. Often involves management override of controls using techniques as changing assumptions / judgments used to estimate account balances, recording fictitious journal entries, concealing or not disclosing facts. Management may take deliberate actions to meet earnings objectives that lead to fraudulent financial reporting by materially misstating the financial statements. Earnings management is performed in order to deceive users by influencing their perceptions as to the entity s performance. Page 8

9 Define Fraud and Distinguish Between Fraudulent Financial Reporting and Misappropriation of Assets Two types of intentional misstatements are relevant to the auditor B. Misstatements resulting from misappropriation of assets. Misappropriation of assets involves theft of an entity s assets through normally employees, in some notable cases however through top management or others internal to the organization. Misappropriation of assets is often accompanied by false or misleading records or documents in order to conceal the theft. Page 9

10 Three Conditions for Fraud Arising are Described in ISA 240 These three conditions are the same for fraudulent financial reporting and misappropriation of assets but the risks factors are different. These are referred to as the fraud triangle Incentives / Pressures (Perceived) Opportunities Attitudes / (Some) Rationalization Page 10

11 Pressure / Incentive Financial stability or profitability is threatened by economic, industry, or entity operating conditions. Excessive pressure exists for management to meet the requirements or expectations of third parties Information available indicates that the personal financial situation of management or those charged with governance is threatened by the entity s financial performance There is excessive pressure on management or operating personnel to meet financial targets established by those charged with governance, including sales or profitability incentive goals. Personal financial obligations may create pressure on management or employees with access to cash or other assets susceptible to theft to misappropriate those assets. Page 11

12 Pressure / Incentive Key words: Meet the deadline Make sales quota Under the gun Don t leave a trail Not comfortable Want no part of this Don t let the auditor find out Budget cuts Change in independence auditors Changes in accounting regulations Declining customer demand Downsizing Financial targets Lack of demand Increase debt financing Hurry up Excessive reportable conditions Page 12

13 Opportunity The nature of the industry or the entity s operations provides opportunities to engage in fraudulent financial reporting The monitoring of management is not effective There is a complex or unstable organizational structure Internal control components are deficient Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation Page 13

14 Opportunity Key words: Override Write-off Recognize revenue Special fees Off the books Cash advance Cut off Future deliver Deferred balance reserve Inconsequential Margin level Multiple deliver Pool share Multiple element Revenue share partner Smooth earnings Pull earnings forward Page 14

15 Rationalization Communication, implementation, support, or enforcement of the entity s values or ethical standards by management, or the communication of inappropriate values or ethical standards, that are not effective The owner-manager makes no distinction between personal and business transactions Page 15

16 Rationalization Key words: I think it s okay Sounds reasonable I deserve Everybody does it Nobody will find out Fix it later Worth it Entitled I didn t get my bonus It s not fraud Gray area It s only a timing difference Part of my job I am not hurting anyone Accounting estimates I don t get enough Page 16

17 Learning Objectives Define fraud and distinguish between fraudulent financial reporting and misappropriation of assets Understand the board s and management s responsibilities and the auditor s responsibilities for detecting material misstatements due to fraud Develop responses to identified fraud risks Understand other responsibilities Page 17

18 Management s and Board s Responsibilities Primary responsibility for the prevention and detection of frauds rests with both those charged with governance of the entity and with management (ISA 240 4). It is important that management, with oversight from those charged with governance, place a strong emphasis on fraud prevention, and fraud deterrence by Creating and maintaining a culture of honesty and ethical behavior Evaluating fraud risks and implementing programs and controls to mitigate the identified risks Establishing a control environment and maintaining policies and procedures to assist in achieving the objective of ensuring, as far as possible, the orderly and efficient conduct of the entity s business. Page 18

19 Understand the Auditor s Responsibilities When obtaining reasonable assurance, an auditor maintains an attitude of professional skepticism (ISA ) throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist. Due to the characteristics of fraud, the auditors attitude of professional skepticism is particularly important when considering the risk of fraud. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. ISA 240 provides additional guidance on considering the risks of fraud in an audit and designing procedures to detect material misstatements due to fraud. Page 19

20 Understand the Auditor s Responsibilities Information used to assess fraud risk is summarized below Communication among audit team Inquiries of management Risk factors Analytical procedures Other information Identified risks of material misstatements due to fraud Page 20

21 Understand the Auditor s Responsibilities Discussion among the engagement team as required by ISA 315 Understanding the entity and its environment and assessing the risks of material misstatements. The discussion occurs with a questioning mind that address: how and where audit team members believe the entity s financial statements might be susceptible to material misstatements due to fraud, including consideration of known external and internal factors affecting the entity, how management could perpetrate and conceal fraudulent financial reporting, and how assets of the entity could be misappropriated. Page 21

22 Understand the Auditor s Responsibilities Inquiries of management regarding management s own assessment of the risk of fraud and the controls in place to prevent and detect it. The auditor should also inquire about any information reported by management to the audit committee about fraud risks and related controls. Making inquiries of other within the entity, in addition to management may provide auditors with a perspective that is different from management, and those responsible for the financial reporting process. (Internal audit personnel, operating personnel, in-house legal counsel, chief ethics, compliance officer, chief risks officer). Page 22

23 Understand the Auditor s Responsibilities The auditor should understand how those charged with governance exercise oversight of management s processes for identifying and responding to the risks of fraud in the entity and understand the internal control to mitigate these risks. The audit committee often assumes an active role in overseeing management s fraud risk assessment and response processes. ISA 240 requires also the auditor to inquire whether those charged with governance have knowledge of any actual, suspected or alleged fraud affecting the entity. Page 23

24 Understand the Auditor s Responsibilities ISA 240 requires the auditor to evaluate whether fraud risk factors exist that indicate incentives or pressures to perpetrate fraud, opportunities, to carry out fraud, or attitudes or rationalizations used to justify a fraudulent action. Fraud risk factors cannot easily be ranked in order of importance and the significance of fraud risk factors varies in assessing the risks of material misstatement. Size, complexity and ownership characteristics of the entity have a significant influence on the consideration of relevant fraud risk factors. Page 24

25 Understand the Auditor s Responsibilities Analytical procedures performed during planning may be helpful in identifying unusual or unexpected relationships or events that might indicate material misstatements, involving particularly revenue accounts. The auditor ordinarily presumes that there are risks of fraud in revenue recognition and considers which types of revenues may give rise to such risks. The comparison of sales volume based on recorded revenue with actual production capacity could reveal revenues beyond the capacity. Page 25

26 Learning Objectives Define fraud and distinguish between fraudulent financial reporting and misappropriation of assets Understand the board s and management s responsibilities and the auditor s responsibilities for detecting material misstatements due to fraud Develop responses to identified fraud risks Understand other responsibilities Page 26

27 Develop Responses to Identified Fraud Risks Change the overall conduct of the audit Assignment and supervision of personnel Careful consideration of management s choice of accounting principles (subjective measurements, complex transactions). Incorporate unpredictability in the audit plan ISA 330 The auditor s procedures in response to assessed risks requires the auditor to perform substantive procedures that are specifically responsive to risks that are assessed as significant risks. Page 27

28 Develop Responses to Identified Fraud Risks Design and performed audit procedures to address fraud risks at the assertion level Obtain evidence that is more reliable and relevant (i.e. physical observation, inspection, gather more evidence on data by the use of computer assisted audit techniques) Timing of procedures Increasing sample sizes Performing analytical procedures at a more detailed level Obtain additional corroborative information (i.e. confirmation not only of outstanding amounts but also of details of sales agreements, right of return and delivery terms) Examples of possible procedures are presented in Appendix 2 to ISA 240. Page 28

29 Develop Responses to Identified Fraud Risks Design and perform procedures to address management override of controls Examine using professional judgment the appropriateness of journal entries recorded in the general ledger or adjustments to amounts reported in the financial statements that are not reflected in formal journal entries such as through consolidating adjustments and reclassifications. The auditor should first obtain and document an understanding of the entity s financial reporting process and the controls over journal entries and other adjustments. Review accounting estimates for possible bias. The auditor is required to look-back at significant prior year estimates to identify any changes that might indicate a possible bias in management s judgments and assumptions. Evaluate the business rationale for significant transactions. Determine whether the accounting treatment is appropriate and whether information is adequately disclosed in financial statements. Page 29

30 Learning Objectives Define fraud and distinguish between fraudulent financial reporting and misappropriation of assets Understand the board s and management s responsibilities and the auditor s responsibilities for detecting material misstatements due to fraud Develop responses to identified fraud risks Understand other responsibilities Page 30

31 Understand Other Responsibilities The auditor should obtain appropriate written representations from management. In addition to acknowledging its responsibility for the financial statements, management should acknowledge its responsibility for internal control designed and implemented to prevent and detect fraud. Communications with the appropriate level of management, as well as senior management and those charged with governance as soon as practicable when the auditor determines that fraud may be present. Page 31

32 Thank you for your attention Questions Page 32