43 terms

Management Fraud and Audit Risk (ch. 3)

are unintentional misstatements or omissions of amounts or disclosures in financial statements.
Management fraud
is intentional misstatements or omissions of amounts or disclosures in financial statements.
Direct effect illegal
acts are violations of laws or government regulations by the company or its management or employees that produce direct and material effects on dollar amounts in financial statements.
Consideration of Fraud
(External Auditors (CPAs))

Design audit to provide reasonable assurance of detecting fraud that could have a material effect on the financial statements.

Perform fraud-related procedures

(SAS 99): _______ in a Financial Statement Audit
Illegal Acts
(External Auditors (CPAs))

Focused primarily is on direct-effect illegal acts

SAS 54: _______
Charged with Governance
(External Auditors (CPAs))

SAS 114: "The Auditor's Communication with Those __________

The auditor must communicate the acts of fraud.
Internal Auditors (CIAs)
These auditors support management's efforts to establish a culture that embraces ethics, honesty, and integrity. They assist management with the evaluation of internal controls used to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are involved in any fraud investigations.
Governmental Auditors
These auditors focus on laws and regulations (compliance), design audit to detect abuse and illegal acts, report to the appropriate authority
Certified Fraud Examiners (CFEs)
This examiners assignment begins with predication (probable cause).
Risk of Fraud
1. Gather information to identify risks.

2. Identify risks.

3. Assess risks taking into account entity's programs and controls.

4. Respond to results of assessment.

Steps to consider the....
Audit team discussions (brainstorming)
(Step 1 in detecting fraud)


Gain understanding of:
-Previous experiences with client
-How a fraud might be perpetrated and concealed in the entity
-Procedures that might detect fraud

Set proper tone for engagement

Discussions should be ongoing throughout the engagement
Obtain Information to Identify Risks
(Step 2 in detecting fraud)

Inquiries: Management, Audit committee, Internal auditors, Others

Planning analytical procedures:

- Net income to cash flows (total accruals to total assets)
- Days sales in receivables
- Gross margin
- Asset quality index (non current assets- p,p&e to total assets)
- Sales growth index
Identify Risk Factors
(Step 3a in detecting fraud)

__________ Related to Fraudulent Financial Reporting

- Management's characteristics and influence
- Industry conditions
- Operating characteristics and financial stability
- Based on experience
Industry Condition
- Company profits lag the industry.
- New requirements are passed that could impair stability or profitability.
- The company's market is saturated due to fierce competition.
- The company's industry is declining.
- The company's industry is changing rapidly.

These risk factors are related to...
Operating Characteristics
- A weak internal control environment prevails.
- The company is not able to generate sufficient cash flows to ensure that it is a going concern.
- There is pressure to obtain capital.
- The company operates in a tax haven jurisdiction.

These risk factors are related to...
Assessing Fraud Risks
(Step 3b in detecting fraud)

- Type of Risk
- Significance of risk
- Likelihood of risk
- Pervasiveness of risk
- Assess controls and programs

In this step you are...
Required Risk Assessments
1. Presume that improper revenue recognition is a fraud risk.

2.Identify risks of management override of controls.
- Examine journal entries and other adjustments.
- Review accounting estimates for biases.
- Evaluate business rationale for significant unusual transactions.

These are...
Respond to Assessed Risks
(Step 4 in detecting fraud)

Overall effect on audit:

Assignment of personnel, Choice of accounting principles, Predictability of auditing procedures,
Examination of journal entries and other adjustments, Retrospective review of prior year accounting estimates

Extended procedures:

Surprise inventory counts, Contract confirmations
Extended Procedures
Count the petty cash twice in one day., Investigate suppliers/vendors, Match payroll with addresses, Retrieve customer checks, Use marked coins and currency.

These are examples of...
Evaluate Audit Evidence
(Step 5 in detecting fraud)

- Discrepancies in the accounting records.
- Conflicting or missing evidential matter.
- Problematic or unusual relationships between the auditor and management.
- Results from substantive of final review stage analytical procedures.
- Vague, implausible or inconsistent responses to inquiries.
Communicate Fraud Matters
(Step 6 in detecting fraud)

SAS 99: Evidence that fraud may exist must be communicated to appropriate level of management.

Sarbanes Oxley: Significant deficiencies must be communicated to those charged with governance.

Any fraud committed by management (no matter how small) is material.
Document Fraud Matters
(Step 7 in detecting fraud)

- Discussion of engagement personnel.
- Procedures to identify and assess risk.
- Specific risks identified and auditor response.
- If revenue recognition not a risk—explain why.
- Results of procedures regarding management override.
- Other conditions causing auditors to believe additional procedures are required.
- Communication to management, audit committee, etc.
direct effect Illegal acts
are violations of laws or government regulations by the company or its management or employees.
produce ______ and material effects on the financial statements (e.g., income tax evasion).

These illegal acts have a _____ effect
are far removed from financial statement (e.g., violations relating to insider securities trading, occupational health and safety, food and drug administration, environmental protection, and equal employment opportunity).

These illegal acts have a _____ effect
Audit Risk
is the risk (likelihood) that the auditor may unknowingly fail to modify the opinion on financial statements that are materially misstated (e.g., an unqualified opinion on misstated financial statements.)
Audit Risk Model
decomposes overall audit risk into three components: inherent risk (IR), control risk (CR), and detection risk (DR):

AR = IR x CR x DR
(IR x CR = Risk of Material Misstatement (RMM))

This is the...
The auditor cannot affect inherent risk or control risk. The auditor can only assess them.

The auditor can only affect detection risk—generally by examining more evidence.

Detection risk is inversely related to control risk and inherent risk.

Detection risk is inversely related to competence and reliability of evidence.

These are _______ of the audit risk model
Inherent Risk
is the likelihood that, in the absence of internal controls, a material misstatement could occur. In other words, it is a measure of the susceptibility of an account to misstatement.
- Dollar size of the account, Liquidity, Volume of transactions, Complexity of the transactions,New accounting pronouncements, Subjective estimates

- Competition, Economy, Nature of Industry, Management Style,Leverage

These are factors affecting account _______ risk
- Invalid transactions are recorded.
- Valid transactions are omitted from the accounts.
- Unauthorized transactions are executed and recorded.
- Transaction amounts are inaccurate.
- Transactions are classified in the wrong accounts.
- Transaction accounting and posting is incorrect.
- Transactions are recorded in the wrong period.

These are examples of ______ risk
Control Risk
is the likelihood that a material misstatement would not be caught by the client's internal controls.
- The environment in which the company operates (its "control environment").
- The existence (or lack thereof) and effectiveness of control activities.
- Monitoring activities (audit committee, internal audit function, etc.).

These are factors affecting _______ risk
Detection Risk
is the risk that a material misstatement would not be caught by audit procedures.
- Nature, timing, and extent of audit procedures
- Sampling risk: Risk of choosing an unrepresentative sample.
- Nonsampling risk: Risk that the auditor may reach inappropriate conclusions based upon available evidence.

These are factors affecting _______ risk
refers to an amount (or transaction) that would influence the decisions of users (i.e., an amount (or event) that would make a difference). The emphasis is on user, rather than management or the audit team.
Absolute size, Relative size, Cumulative effects

These refer to _______ criteria of materiality
Nature of the item or issue, Circumstances, Uncertainty

These refer to _________ criteria of materiality
professional judgment
Ultimately, materiality is a matter of ....
planning substantive procedures
(Using materiality in an audit)

As a guide to _______ —directing attention and audit work to those items or accounts that are important, uncertain, or susceptible to errors or frauds.
performance materiality
(Using materiality in an audit)

As a guide to evaluation of the evidence. Auditors use __________ (an amount less than materiality for the financial statements as a whole) to make sure that the aggregate of uncorrected and undetected immaterial misstatements does not exceed materiality for the financial statements as a whole.
(Using materiality in an audit)

Auditors use materiality for making ______ about the audit report.
- Inspection of records and documents: Vouching, Tracing, Scanning
- Inspection of tangible assets
- Observation
- Inquiry
- Confirmation
- Recalculation
- Reperformance
- Analytical Procedures

These are all general audit _________