0 aas4/ sa 240 auditors’ responsibility as regards fraud & error
TRANSCRIPT
1
AAS4/ SA 240
Auditors’ Responsibility as regards Fraud & Error
2
Bookkeeping scandals
October 16, 2001
Issue: Off-Balance Sheet Accounting and Financial Reporting Fraud
Impact: $3 billion in undisclosed losses
June 20, 2002
Issue: Financial Reporting Fraud
Impact: $9 billion in unreported expenses
March 28, 2002
Issue: Financial Reporting Fraud and embezzlement
Impact: $2.5 billion of hidden debt
September, 2003
Issue: Financial Reporting Fraud and inappropriate consolidation
Impact: $ millions in overstated earnings
3
What is Fraud? Fraud is an intentional act by one or more individuals among
management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.
Although fraud is a broad legal concept, the auditor is concerned with fraud that causes a material misstatement in the financial statements.
Two types of misstatements relevant to the auditor’s consideration
of fraud:
– Misstatements resulting from fraudulent financial reporting
– Misstatements resulting from misappropriation of assets.
4
Introduction to Fraud Fraudulent Financial Reporting Misrepresentation in, or intentional omission from, the
financial statements of events, transactions, or other significant information
Manipulation, falsification or alteration of records or documents from which financial statements are prepared
Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosures.
Misappropriation Misappropriation of assets – often accompanied by false or
misleading records in order to conceal that the assets are missingExamples include: Embezzling receipts Stealing physical assets or intellectual property Recording of transactions without substance
5
Introduction to Fraud There are three conditions generally present when fraud
occurs.
Incentive/Pressures Opportunities
Attitudes/Rationalizations
Fraud
Triangle
6
Error
Unintentional mistakes in financial information such as: mathematical or clerical mistakes in the underlying
records and accounting data; Incorrect accounting estimate arising from oversight or
misinterpretation of facts; or misapplication of accounting policies.
7
Distinguishing Factor
The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement in the financial statements is intentional or unintentional. Unlike error, fraud is intentional and usually involves deliberate concealment of the facts. While the auditor may be able to identify potential opportunities for fraud to be perpetrated, it is difficult, if not impossible, for the auditor to determine intent, particularly in matters involving management judgment, such as accounting estimates and the appropriate application of accounting principles.
8
Responsibility for Prevention & Detection
Management Responsibility Although AAS4 focuses on the auditor's responsibilities with
respect to fraud and error, the primary responsibility for the prevention and detection of fraud and error rests with both those charged with governance and the management of an entity. The respective responsibilities may vary from entity to entity.
The management is responsible for establishing a control environment and maintain policies and procedures by implementing and ensuring continued operation of accounting and internal control systems, which are designed to prevent fraud and error.
Such systems reduce but do not eliminate the risk of misstatements, Accordingly, management assumes responsibility for any remaining risk.
9
Responsibility for Prevention & DetectionAuditors Responsibility As regards the auditors’, the standard states that when
planning and performing audit procedures and evaluating and reporting the results thereof, the auditor should consider the risk of material misstatements in the financial statements resulting from fraud or error.
Inherent Limitations of an audit An auditor cannot obtain absolute assurance that material
misstatements in the financial statements will be detected. The auditor is able to obtain only a reasonable assurance that material misstatements in the financial statements will be detected.
The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting a material misstatement resulting from error.
10
Auditors – Tackling Fraud & Error: Increased Professional Skepticism in their attitude- matters
that increase risk of misstatement, circumstances that arouse suspicion, evidences obtained that are contradictory to management assertions or representations.
Professional Skepticism is an attitude implying that the auditor makes a critical assessment, with a questioning mind, of the validity of audit evidence obtained and is alert to audit evidence that contradicts or brings into question the reliability of documents or management representations.
11
Auditors – Tackling Fraud & Error: While planning an audit, the auditor should discuss with
the audit team members the susceptibility of the entity to material misstatements in the financial statements.
While planning an audit, the auditor should make inquiries of management, so as to be able to understand managements assessment of risk and the systems in place to address the risk, to determine whether management is aware of any known or suspected fraud, and to determine whether management has discovered any material errors. This will provide useful information regarding risk of material misstatements resulting from management fraud
Discussions with those charged with governance Continual assessment of Fraud assessment Documentation
12
Risk Inherent Risk Control risk Detection risk
When assessing inherent risk and control risk in accordance with AAS 6 (Revised), “Risk Assessments and Internal Control”, the auditor should consider how the financial statements might be materially misstated as a result of fraud or error. In considering the risk of material misstatement resulting from fraud, the auditor should consider whether fraud risk factors are present that indicate the possibility of either fraudulent financial reporting or misappropriation of assets.
13
Fraud Risk FactorsAuditor may identify events or conditions that provide an opportunity, a motive, or a means to commit fraud, or indicate that fraud may have already occurred.
Such events or conditions are called fraud risk factors.
Accordingly, the auditor exercises professional judgment when considering fraud risk factors individually or in combination and whether there are specific controls that mitigate the risk. The auditor uses professional judgment when assessing the significance and relevance of fraud risk factors and determining the appropriate audit response.
The presence of fraud risk factors may indicate that the auditor will be unable to assess control risk at less than high for certain financial statement assertions. On the other hand, the auditor may be able to identify internal controls designed to mitigate those fraud risk factors that the auditor can test to support a control risk assessment below high.
14
Fraud Risk FactorsSome examples of Fraud Risk Factors Relating to Misstatements resulting from Fraudulent Financial Reporting can be grouped into:
Management’s Characteristics and Influence over control environment – compensation, stock options, increasing stock price or earnings trend, management commitments to third parties like creditors or analysts, taxation issues, no ethics policies, domination, non monitoring of controls, failure to correct material weaknesses, aggressive targets, disregard for regulatory matters, high turnover of management personnel, relationship with previous auditor, history of claims against the entity or violations, weak corporate structure
Industry Conditions – new accounting, statutory or regulatory requirements, high degree of competition or market saturation, decline in demand, technological obsolescence
Operating Characteristics and Financial Stability – cash flows generation, pressure to obtain additional capital, assets or liabilities or revenues or expenses based on significant estimates, significant related party transactions, significant number of unduly complex transactions, complex organizational structure, interest rates, dependency on debt
15
Fraud Risk Factors
Examples of Fraud Risk Factors Relating to Misstatements resulting from Misappropriation of assets can be grouped into:
Susceptibility of assets to misappropriation – large amounts of cash on hand, easily convertible assets like bearer bonds, small inventory or fixed assets items of high value
Lack of Controls – poor physical safeguards, lack of appropriate segregation of duties, inadequate record keeping, lack of inadequate management supervision, lack of appropriate system of authorization and approval of transactions
16
Detection Risk
Based on the auditor's assessment of inherent and control risks (including the results of any tests of controls), the auditor should design substantive procedures to reduce to an acceptably low level the risk that misstatements resulting from fraud and error that are material to the financial statements taken as a whole will not be detected. In designing the substantive procedures, the auditor should address the fraud risk factors that the auditor has identified as being present.
17
Impact AAS 6 (Revised) “Risk Assessments and Internal Control”, explains that the auditor's control risk assessment, together with the inherent risk assessment, influences the nature, timing and extent of substantive procedures to be performed to reduce detection risk to an acceptably low level.
In some cases, even though fraud risk factors have been identified as being present, the auditor's judgment may be that the audit procedures, including both tests of control, and substantive procedures, already planned, are sufficient to respond to the fraud risk factors.
In other circumstances, the auditor may conclude that there is a need to modify the nature, timing and extent of substantive procedures to address fraud risk factors present.
In these circumstances, the auditor considers whether the assessment of the risk of material misstatement calls for an overall response, a response that is specific to a particular account balance, class of transactions or assertion, or both types of response. The auditor considers whether changing the nature of audit procedures, rather than the extent of them, may be more effective in responding to identified fraud risk factors.
18
Procedures when circumstances indicate possible misstatement
To perform procedures to determine whether the financial statements are materially misstated
Use of professional judgment to assess the type of fraud or error and likelihood of its occurrence
Use of professional judgment to assess the likelihood that a particular fraud or error could have a material effect on the financial statements
Consider impact on audit risk and the nature, timing and extent of substantive procedures
Consider the assessment of effectiveness of internal controls if control risk was assessed below high
Assignment of team members and work allocation/ reallocation
19
Procedures to consider whether an identified misstatement indicates fraud
The auditor should assess whether an identified misstatements may be indicative of fraud- use professional judgment
If there is an indication then the auditor should consider the implications of misstatement in relation to the other aspects of the audit with particular emphasis on management representations.
20
Evaluation and Disposition of Misstatements and Effect on Audit Report
When the auditor confirms that, or is unable to conclude whether, the financial statements are materially misstated as a result of fraud or error, the auditor should consider the implications for the audit.
If a significant fraud has occurred or the fraud is committed by those charged with governance the auditor should consider the necessity for a disclosure in the financial statements. If disclosure is not made then the auditor should consider an appropriate disclosure in his report
21
Documentation Auditors should document all fraud risk factors identified
as being present and document the auditors response to such factors. If during the performance of the audit, if such factors indicate that additional audit procedures are necessary, the auditor should document these and his response to these factors.
Auditor must document matters which are important in providing evidence to support the audit opinion and the working papers must include the auditors reasoning on all matters which required use of professional judgment.
22
Management RepresentationsThe auditor should obtain written representations that: it acknowledges its responsibility for the implementation and
operation of accounting and internal control systems that are designed to prevent and detect fraud and error;
it believes the effects of those uncorrected financial statement misstatements aggregated by the auditor during the audit are immaterial, both individually and in the aggregate, to the financial statements taken as a whole. A summary of such items should be included in or attached to the written representation;
it has disclosed to the auditor all significant facts relating to any frauds or suspected frauds known to management that may have affected the entity; and
it has disclosed to the auditor the results of its assessment of the risk that the financial statements may be materially misstated as a result of fraud.
23
Communication
When the auditor identifies a misstatement resulting from fraud, or a suspected fraud, or error, the auditor should consider the auditor's responsibility to communicate that information to management, those charged with governance and, in some circumstances, when so required by the laws and regulations, to regulatory and enforcement authorities also.
Communication on a timely basis is necessary to initiate action.
Determination of the level of management to which the communication should be made is a matter of professional judgment, and factors like nature, magnitude and frequency of misstatement should be considered.
24
Communication – Error
If the auditor has: identified a material misstatement from error, then the
auditor should communicate to the appropriate level of management and consider the need to report to those charged with governance.
Uncorrected misstatements considered immaterial individually or in the aggregate should be informed to those charged with governance of those uncorrected misstatements after taking into consideration materiality limits.
25
Communication – Fraud
If the auditor has: identified a fraud, whether or not it results in a material
misstatement in the financial statements; or
obtained evidence that indicates that fraud may exist (even if the potential effect on the financial statements would not be material);
the auditor should communicate these matters to the appropriate level of management on a timely basis, and consider the need to report such matters to those charged with governance.
26
Communication- Fraud
If the auditor has concluded that the misstatements is or may be, arising from fraud and has determined that the effect could either be material or has not been able to evaluate whether the effect is material then he should consider
discuss the matter and the approach for further investigation if required with a level in the management higher than those involved and with the management at the highest level
If appropriate, suggest the management to seek legal opinion
27
Communication- Material Weaknesses in Internal Control
Material Weaknesses identified by Auditor – the auditor should communicate to
management all material weaknesses in internal control related to the prevention and detection of fraud and error and the auditor should be satisfied that those charged by governance have been informed of any weaknesses related to the prevention and detection of fraud (Note: not error)
Management – the auditor should be satisfied that those charged by governance have been informed of any weaknesses related to the prevention and detection of fraud
28
Communication- Exceptional Circumstances
If the auditor has reason to doubt the integrity or honesty of management or those charged with governance, the auditor should consider seeking legal advice.
If the statutory & regulatory framework requires that the auditor should report adverse or unfavorable remarks, the auditor may consider seeking legal advice. eg. NBFC
29
CommunicationExamples:
Questions regarding management competence and integrity Fraud involving management – communicate with Parent
company, BOD, Audit Committee Other frauds resulting in material misstatement – CFO, Audit
committee Material Misstatements resulting from an error- CFO or audit
coordinator. Further consider the need to inform those charged with governance. Uncorrected misstatements considered immaterial individually or in the aggregate should be informed after taking into consideration materiality limits.
Misstatements indicating material weaknesses in internal controls including design or operation of the financial reporting – Management letter, CFO, Audit committee or parent company
Misstatements that may cause future financial statements to be materially misstated – Audit committee, CFO
30
Non ContinuanceIf the auditor concludes : that it is not possible to continue performing the audit as a result of a misstatement resulting from fraud or suspected fraud, the auditor should
consider the professional or legal responsibilities applicable in the circumstances
consider the possibility of withdrawing from the engagement
If the auditor withdraws: Discuss the same with appropriate level of management and
those charged with governance, and the reasons for the withdrawal
Consider if there is a professional or legal requirement to report When contacted, inform the incoming auditor of the
professional reasons why the appointment should not be accepted. Only facts should be communicated to the incoming auditor and not the auditors conclusions.
31
Non Continuance
Such an event may be triggered by such circumstances:
Entity does not take remedial action regarding fraud Auditors consideration of the risk of material misstatement
resulting from fraud and the results of audit tests indicate a significant risk of material or pervasive fraud; or
Auditor has significant concern about the integrity or competence of the management or those charged with governance
32
Fraud Risk Assessment
Identify & Capture Fraud Risk Factors
Consider Available Information:• External - news, analyst reports,
significant developments, litigation) • Inquiries • Preliminary analytical review• Engagement team discussions
Evaluate Fraud Risk Factors & Identify
Fraud Risks
Design & Execute Tests of Controls &
Substantive Procedures
Fraud Risks: • Industry-specific• Revenue recognition• Management override• Company-specific fraud
schemes
Execute Plan:• Test mitigating controls • Test journal entries and
estimates• Perform substantive
procedures• Evaluate evidence