Chapter 4

Management Fraud and Audit Risk

ACCT-4080 1Chapter 3

Chapter 3 2

1. Errors, Fraud, and Noncompliance

Definitions Errors - unintentional Fraud (irregularities) - intentional Noncompliance with laws and regulations (Illegal acts)- violations of the law

Auditor’s responsibilities History

Errors & Fraud: SAS 1, SAS 16, SAS 53, SAS 82, SAS 99 Illegal Acts: SAS 54

ACCT-4080

Chapter 3 3

1. Errors, Fraud, andNoncompliance (continued)

Errors and Fraud (AU-C 240) design and conduct the audit to provide reasonable

assurance that material errors and fraud will be discovered, and report the findings to appropriate parties

Noncompliance with laws and regulations (Illegal Acts) (AU-C 250)

direct effect noncompliance — same indirect effect noncompliance —

have general level of awareness and act on those discovered make inquiries carry out some procedures to identify noncompliance

Questions

ACCT-4080

Chapter 6 4

1. Errors, Fraud, and Noncompliance (continued)

Steps involved in Considering the Risk of Fraud• Staff discussion• Obtain information needed to identify risks• Identify risks• Assess identified risks• Respond to results of assessment• Evaluate audit evidence• Communicate about fraud• Document consideration of fraud

2. FraudCauses of Misstatements

Causes

Errors Fraud

Misappropriation Fraudulent of Assets Financial Reporting

ACCT-4080 5Chapter 3

2. Fraud (continued)

ACCT-4080 6Chapter 3

EXHIBIT 3.1

2. Fraud (continued) Fraudulent financial reporting (cooking

the books) (management fraud) falsification of financial statements falsification or omissions of transactions

Misappropriation of assets (employee fraud) larceny embezzlement

ACCT-4080 7Chapter 3

2. Fraud (continued) Overview of Fraud (outline)

costs discovery victims perpetrators common characteristics types

ACCT-4080 8Chapter 3

ISU WU Summer 2009 9

The Fraud Triangle

PRESSURE

PERCEIVEDOPPORTUNITY

RATIONALIZATION

2. Fraud (continued) Prevalence of fraud Current frauds Reasons to study fraud Fraud related job opportunities ACFE CFE

ACCT-4080 10Chapter 3

Chapter 3 11

3. Audit Risk

ACCT-4080

Chapter 3 12

3. Audit Risk AU-C 320 – Audit Risk General business risks Engagement risk Audit Risk Model

AR = RMM x DR AR = IR x CR x DR AR = IR x CR x TD x AP

Audit Risk definition the risk that the auditor may unknowingly fail to appropriately modify his or

her opinion on financial statements that are materially misstated the danger that the auditor will fail to detect material misstatements in the

financial statements at financial statement level; at account balance level

ACCT-4080

Chapter 3 13

3. Audit Risk (continued) Risk of Material Misstatement

product of inherent risk and control risk consider at entity level and account/assertion level

Inherent Risk the susceptibility of an account balance to error assuming there

are no controls based on auditor’s judgment considering understanding of entity,

nature of account (routine, systematic processing, complexity, etc), and fraud considerations

Control Risk the risk that the ICS will not prevent or detect a material error on

a timely basis based on tests of control’s effectiveness

ACCT-4080

Chapter 3 14

3. Audit Risk (continued) Detection Risk

the risk that the auditor’s procedures will not detect a material error

the product of Tests of Details Risk (TD) and Substantive Analytical Procedures Risk (AP)

Tests of Details Risk the risk that tests of details will not detect a material error

Substantive Analytical Procedures Risk the risk that analytical procedures (or other procedures

that do not utilize sampling) will not detect a material error

ACCT-4080

Chapter 3 15

3. Audit Risk (continued) Risks defined in negative Auditor’s control over risks Relationship between

RMM and DR DR and amount of substantive

testing

ACCT-4080

Chapter 3 16

3. Audit Risk (continued) Subjectively considering Audit Risk Quantifying Audit Risk

not required DR = AR / IR x CR TD = AR / IR x CR x AP

Questions

ACCT-4080

Chapter 3 17

3. Audit Risk (continued) General guidelines

Inherent Risk High > 60% Moderate 40% - 60% Low < 40%

Control Risk Maximum = 100% High > 70% Moderate 40% - 70% Low < 40% Very Low < 10%

ACCT-4080

Chapter 3 18

3. Audit Risk (continued) Analytical Procedures Risk

High > 50% Moderate 20% - 50% Low 10% - 20% Very Low < 10%

ACCT-4080

Chapter 3 19

4. Analytical Procedures Definition Uses in an audit

planning stage as a substantive test (SAP) final review stage

Required use

ACCT-4080

Chapter 3 20

4. Analytical Procedures(Continued)

In planning stage enhances auditor’s understanding identifies risk areas uses highly aggregated data generally financial data

ACCT-4080

Chapter 3 21

4. Analytical Procedures(Continued)

Steps1. develop an expectation2. define a significant difference3. calculate predictions and compare

with recorded amount 4. investigate significant differences5. document each step

ACCT-4080

Chapter 3 22

4. Analytical Procedures (Continued) Substantive analytical procedures

based on level of DR based on auditor judgment balance sheet data vs. income

statement data often uses non-financial data

ACCT-4080

Chapter 3 23

4. Analytical Procedures(Continued)

In final evaluation stage uses aggregated data usually financial data review same data used in planning

stage

Questions

ACCT-4080

Chapter 3 24

5. Review Questions for Discussion Chapter

44.64.74.84.94.12

ACCT-4080

4.144.17