1

AAS4/ SA 240

Auditors’ Responsibility as regards Fraud & Error

2

Bookkeeping scandals

October 16, 2001

Issue: Off-Balance Sheet Accounting and Financial Reporting Fraud

Impact: $3 billion in undisclosed losses

June 20, 2002

Issue: Financial Reporting Fraud

Impact: $9 billion in unreported expenses

March 28, 2002

Issue: Financial Reporting Fraud and embezzlement

Impact: $2.5 billion of hidden debt

September, 2003

Issue: Financial Reporting Fraud and inappropriate consolidation

Impact: $ millions in overstated earnings

3

What is Fraud? Fraud is an intentional act by one or more individuals among

management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.

Although fraud is a broad legal concept, the auditor is concerned with fraud that causes a material misstatement in the financial statements.

Two types of misstatements relevant to the auditor’s consideration

of fraud:

– Misstatements resulting from fraudulent financial reporting

– Misstatements resulting from misappropriation of assets.

4

Introduction to Fraud Fraudulent Financial Reporting Misrepresentation in, or intentional omission from, the

financial statements of events, transactions, or other significant information

Manipulation, falsification or alteration of records or documents from which financial statements are prepared

Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosures.

Misappropriation Misappropriation of assets – often accompanied by false or

misleading records in order to conceal that the assets are missingExamples include: Embezzling receipts Stealing physical assets or intellectual property Recording of transactions without substance

5

Introduction to Fraud There are three conditions generally present when fraud

occurs.

Incentive/Pressures Opportunities

Attitudes/Rationalizations

Fraud

Triangle

6

Error

Unintentional mistakes in financial information such as: mathematical or clerical mistakes in the underlying

records and accounting data; Incorrect accounting estimate arising from oversight or

misinterpretation of facts; or misapplication of accounting policies.

7

Distinguishing Factor

The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement in the financial statements is intentional or unintentional. Unlike error, fraud is intentional and usually involves deliberate concealment of the facts. While the auditor may be able to identify potential opportunities for fraud to be perpetrated, it is difficult, if not impossible, for the auditor to determine intent, particularly in matters involving management judgment, such as accounting estimates and the appropriate application of accounting principles.

8

Responsibility for Prevention & Detection

Management Responsibility Although AAS4 focuses on the auditor's responsibilities with

respect to fraud and error, the primary responsibility for the prevention and detection of fraud and error rests with both those charged with governance and the management of an entity. The respective responsibilities may vary from entity to entity.

The management is responsible for establishing a control environment and maintain policies and procedures by implementing and ensuring continued operation of accounting and internal control systems, which are designed to prevent fraud and error.

Such systems reduce but do not eliminate the risk of misstatements, Accordingly, management assumes responsibility for any remaining risk.

9

Responsibility for Prevention & DetectionAuditors Responsibility As regards the auditors’, the standard states that when

planning and performing audit procedures and evaluating and reporting the results thereof, the auditor should consider the risk of material misstatements in the financial statements resulting from fraud or error.

Inherent Limitations of an audit An auditor cannot obtain absolute assurance that material

misstatements in the financial statements will be detected. The auditor is able to obtain only a reasonable assurance that material misstatements in the financial statements will be detected.

The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting a material misstatement resulting from error.

10

Auditors – Tackling Fraud & Error: Increased Professional Skepticism in their attitude- matters

that increase risk of misstatement, circumstances that arouse suspicion, evidences obtained that are contradictory to management assertions or representations.

Professional Skepticism is an attitude implying that the auditor makes a critical assessment, with a questioning mind, of the validity of audit evidence obtained and is alert to audit evidence that contradicts or brings into question the reliability of documents or management representations.

11

Auditors – Tackling Fraud & Error: While planning an audit, the auditor should discuss with

the audit team members the susceptibility of the entity to material misstatements in the financial statements.

While planning an audit, the auditor should make inquiries of management, so as to be able to understand managements assessment of risk and the systems in place to address the risk, to determine whether management is aware of any known or suspected fraud, and to determine whether management has discovered any material errors. This will provide useful information regarding risk of material misstatements resulting from management fraud

Discussions with those charged with governance Continual assessment of Fraud assessment Documentation

12

Risk Inherent Risk Control risk Detection risk

When assessing inherent risk and control risk in accordance with AAS 6 (Revised), “Risk Assessments and Internal Control”, the auditor should consider how the financial statements might be materially misstated as a result of fraud or error. In considering the risk of material misstatement resulting from fraud, the auditor should consider whether fraud risk factors are present that indicate the possibility of either fraudulent financial reporting or misappropriation of assets.

13

Fraud Risk FactorsAuditor may identify events or conditions that provide an opportunity, a motive, or a means to commit fraud, or indicate that fraud may have already occurred.

Such events or conditions are called fraud risk factors.

Accordingly, the auditor exercises professional judgment when considering fraud risk factors individually or in combination and whether there are specific controls that mitigate the risk. The auditor uses professional judgment when assessing the significance and relevance of fraud risk factors and determining the appropriate audit response.

The presence of fraud risk factors may indicate that the auditor will be unable to assess control risk at less than high for certain financial statement assertions. On the other hand, the auditor may be able to identify internal controls designed to mitigate those fraud risk factors that the auditor can test to support a control risk assessment below high.

14

Fraud Risk FactorsSome examples of Fraud Risk Factors Relating to Misstatements resulting from Fraudulent Financial Reporting can be grouped into:

Management’s Characteristics and Influence over control environment – compensation, stock options, increasing stock price or earnings trend, management commitments to third parties like creditors or analysts, taxation issues, no ethics policies, domination, non monitoring of controls, failure to correct material weaknesses, aggressive targets, disregard for regulatory matters, high turnover of management personnel, relationship with previous auditor, history of claims against the entity or violations, weak corporate structure

Industry Conditions – new accounting, statutory or regulatory requirements, high degree of competition or market saturation, decline in demand, technological obsolescence

Operating Characteristics and Financial Stability – cash flows generation, pressure to obtain additional capital, assets or liabilities or revenues or expenses based on significant estimates, significant related party transactions, significant number of unduly complex transactions, complex organizational structure, interest rates, dependency on debt

15

Fraud Risk Factors

Examples of Fraud Risk Factors Relating to Misstatements resulting from Misappropriation of assets can be grouped into:

Susceptibility of assets to misappropriation – large amounts of cash on hand, easily convertible assets like bearer bonds, small inventory or fixed assets items of high value

Lack of Controls – poor physical safeguards, lack of appropriate segregation of duties, inadequate record keeping, lack of inadequate management supervision, lack of appropriate system of authorization and approval of transactions

16

Detection Risk

Based on the auditor's assessment of inherent and control risks (including the results of any tests of controls), the auditor should design substantive procedures to reduce to an acceptably low level the risk that misstatements resulting from fraud and error that are material to the financial statements taken as a whole will not be detected. In designing the substantive procedures, the auditor should address the fraud risk factors that the auditor has identified as being present.

17

Impact AAS 6 (Revised) “Risk Assessments and Internal Control”, explains that the auditor's control risk assessment, together with the inherent risk assessment, influences the nature, timing and extent of substantive procedures to be performed to reduce detection risk to an acceptably low level.

In some cases, even though fraud risk factors have been identified as being present, the auditor's judgment may be that the audit procedures, including both tests of control, and substantive procedures, already planned, are sufficient to respond to the fraud risk factors.

In other circumstances, the auditor may conclude that there is a need to modify the nature, timing and extent of substantive procedures to address fraud risk factors present.

In these circumstances, the auditor considers whether the assessment of the risk of material misstatement calls for an overall response, a response that is specific to a particular account balance, class of transactions or assertion, or both types of response. The auditor considers whether changing the nature of audit procedures, rather than the extent of them, may be more effective in responding to identified fraud risk factors.

18

Procedures when circumstances indicate possible misstatement

To perform procedures to determine whether the financial statements are materially misstated

Use of professional judgment to assess the type of fraud or error and likelihood of its occurrence

Use of professional judgment to assess the likelihood that a particular fraud or error could have a material effect on the financial statements

Consider impact on audit risk and the nature, timing and extent of substantive procedures

Consider the assessment of effectiveness of internal controls if control risk was assessed below high

Assignment of team members and work allocation/ reallocation

19

Procedures to consider whether an identified misstatement indicates fraud

The auditor should assess whether an identified misstatements may be indicative of fraud- use professional judgment

If there is an indication then the auditor should consider the implications of misstatement in relation to the other aspects of the audit with particular emphasis on management representations.

20

Evaluation and Disposition of Misstatements and Effect on Audit Report

When the auditor confirms that, or is unable to conclude whether, the financial statements are materially misstated as a result of fraud or error, the auditor should consider the implications for the audit.

If a significant fraud has occurred or the fraud is committed by those charged with governance the auditor should consider the necessity for a disclosure in the financial statements. If disclosure is not made then the auditor should consider an appropriate disclosure in his report

21

Documentation Auditors should document all fraud risk factors identified

as being present and document the auditors response to such factors. If during the performance of the audit, if such factors indicate that additional audit procedures are necessary, the auditor should document these and his response to these factors.

Auditor must document matters which are important in providing evidence to support the audit opinion and the working papers must include the auditors reasoning on all matters which required use of professional judgment.

22

Management RepresentationsThe auditor should obtain written representations that: it acknowledges its responsibility for the implementation and

operation of accounting and internal control systems that are designed to prevent and detect fraud and error;

it believes the effects of those uncorrected financial statement misstatements aggregated by the auditor during the audit are immaterial, both individually and in the aggregate, to the financial statements taken as a whole. A summary of such items should be included in or attached to the written representation;

it has disclosed to the auditor all significant facts relating to any frauds or suspected frauds known to management that may have affected the entity; and

it has disclosed to the auditor the results of its assessment of the risk that the financial statements may be materially misstated as a result of fraud.

23

Communication

When the auditor identifies a misstatement resulting from fraud, or a suspected fraud, or error, the auditor should consider the auditor's responsibility to communicate that information to management, those charged with governance and, in some circumstances, when so required by the laws and regulations, to regulatory and enforcement authorities also.

Communication on a timely basis is necessary to initiate action.

Determination of the level of management to which the communication should be made is a matter of professional judgment, and factors like nature, magnitude and frequency of misstatement should be considered.

24

Communication – Error

If the auditor has: identified a material misstatement from error, then the

auditor should communicate to the appropriate level of management and consider the need to report to those charged with governance.

Uncorrected misstatements considered immaterial individually or in the aggregate should be informed to those charged with governance of those uncorrected misstatements after taking into consideration materiality limits.

25

Communication – Fraud

If the auditor has: identified a fraud, whether or not it results in a material

misstatement in the financial statements; or

obtained evidence that indicates that fraud may exist (even if the potential effect on the financial statements would not be material);

the auditor should communicate these matters to the appropriate level of management on a timely basis, and consider the need to report such matters to those charged with governance.

26

Communication- Fraud

If the auditor has concluded that the misstatements is or may be, arising from fraud and has determined that the effect could either be material or has not been able to evaluate whether the effect is material then he should consider

discuss the matter and the approach for further investigation if required with a level in the management higher than those involved and with the management at the highest level

If appropriate, suggest the management to seek legal opinion

27

Communication- Material Weaknesses in Internal Control

Material Weaknesses identified by Auditor – the auditor should communicate to

management all material weaknesses in internal control related to the prevention and detection of fraud and error and the auditor should be satisfied that those charged by governance have been informed of any weaknesses related to the prevention and detection of fraud (Note: not error)

Management – the auditor should be satisfied that those charged by governance have been informed of any weaknesses related to the prevention and detection of fraud

28

Communication- Exceptional Circumstances

If the auditor has reason to doubt the integrity or honesty of management or those charged with governance, the auditor should consider seeking legal advice.

If the statutory & regulatory framework requires that the auditor should report adverse or unfavorable remarks, the auditor may consider seeking legal advice. eg. NBFC

29

CommunicationExamples:

Questions regarding management competence and integrity Fraud involving management – communicate with Parent

company, BOD, Audit Committee Other frauds resulting in material misstatement – CFO, Audit

committee Material Misstatements resulting from an error- CFO or audit

coordinator. Further consider the need to inform those charged with governance. Uncorrected misstatements considered immaterial individually or in the aggregate should be informed after taking into consideration materiality limits.

Misstatements indicating material weaknesses in internal controls including design or operation of the financial reporting – Management letter, CFO, Audit committee or parent company

Misstatements that may cause future financial statements to be materially misstated – Audit committee, CFO

30

Non ContinuanceIf the auditor concludes : that it is not possible to continue performing the audit as a result of a misstatement resulting from fraud or suspected fraud, the auditor should

consider the professional or legal responsibilities applicable in the circumstances

consider the possibility of withdrawing from the engagement

If the auditor withdraws: Discuss the same with appropriate level of management and

those charged with governance, and the reasons for the withdrawal

Consider if there is a professional or legal requirement to report When contacted, inform the incoming auditor of the

professional reasons why the appointment should not be accepted. Only facts should be communicated to the incoming auditor and not the auditors conclusions.

31

Non Continuance

Such an event may be triggered by such circumstances:

Entity does not take remedial action regarding fraud Auditors consideration of the risk of material misstatement

resulting from fraud and the results of audit tests indicate a significant risk of material or pervasive fraud; or

Auditor has significant concern about the integrity or competence of the management or those charged with governance

32

Fraud Risk Assessment

Identify & Capture Fraud Risk Factors

Consider Available Information:• External - news, analyst reports,

significant developments, litigation) • Inquiries • Preliminary analytical review• Engagement team discussions

Evaluate Fraud Risk Factors & Identify

Fraud Risks

Design & Execute Tests of Controls &

Substantive Procedures

Fraud Risks: • Industry-specific• Revenue recognition• Management override• Company-specific fraud

schemes

Execute Plan:• Test mitigating controls • Test journal entries and

estimates• Perform substantive

procedures• Evaluate evidence