Kế toán, kiểm toán - Chapter 04: Management fraud and audit risk

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.Chapter 04Management Fraud and Audit RiskProfit is the result of risks wisely selected. Frederick Barnard Hawley, American economist Risk comes from not knowing what you’re doing. Warren Buffett, widely regarded as one of the most successful investors in the world.3-2Auditor’s Risk ResponsibilitiesAudit Risk—auditor will give unqualified opinion on misstated financial statementsManagement Fraud Risk—management intentionally misstates financial statementsFraudulent financial reportingErrors are unintentional misstatements or omissions of amounts or disclosures in financial statements. Auditors’ primary responsibility is to design procedures to provide reasonable assurance that material frauds that materially misstate the financial statements are detected.4-3General Categories of Errors and FraudsInvalid transactions are recorded.Valid transactions are omitted from the accounts.Unauthorized transactions are executed and recorded. Transaction amounts are inaccurate.Transactions are classified in the wrong accounts.Transaction accounting and posting is incorrect.Transactions are recorded in the wrong period.4-4Identify Risk Factors Related to Fraudulent Financial ReportingManagement’s characteristics and influenceIndustry conditionsOperating characteristics and financial stabilityRisk Factors: Management’s Characteristics and InfluenceManagement has a motivation to engage in fraudulent reporting.Management decisions are dominated by an individual or a small group.Management fails to display an appropriate attitude about internal control.Managers’ attitudes are very aggressive toward financial reporting.Managers place too much emphasis on earnings projections.Nonfinancial management participates excessively in the selection of accounting principles or determination of estimates.The company has a high turnover of senior management.The company has a known history of violations.Managers and employees tend to be evasive when responding to auditors’ inquiries.Managers engage in frequent disputes with auditors.4-5Risk Factors: Industry conditionsCompany profits lag the industry.New requirements are passed that could impair stability or profitability.The company’s market is saturated due to fierce competition.The company’s industry is declining. The company’s industry is changing rapidly. Risk Factors: Operating CharacteristicsA weak internal control environment prevails.The company is not able to generate sufficient cash flows to ensure that it is a going concern.There is pressure to obtain capital.The company operates in a tax haven jurisdiction.The company has many difficult accounting measurement and presentation issues.The company has significant transactions or balances that are difficult to audit.The company has significant and unusual related-party transactions.Company accounting personnel are lax or inexperienced in their duties. 4-6The AUDIT RISK MODEL (ARM)Audit risk (AR) is the risk (likelihood) that the auditor may unknowingly fail to modify the opinion on financial statements that are materially misstated (e.g., an unqualified opinion on misstated financial statements.)The AUDIT RISK MODEL decomposes overall audit risk into three components: inherent risk (IR), control risk (CR), and detection risk (DR):AR = IR x CR x DR(IR x CR = Risk of Material Misstatement (RMM))4-7Inherent RiskFactors affecting account inherent risk include: Dollar size of the accountLiquidityVolume of transactionsComplexity of the transactions New accounting pronouncementsSubjective estimates4-8Control RiskControl Risk (CR) is the likelihood that a material misstatement would not be caught by the client’s internal controls.Factors affecting control risk include:The environment in which the company operates (its “control environment”).The existence (or lack thereof) and effectiveness of control activities.Monitoring activities (audit committee, internal audit function, etc.).4-9Detection RiskDetection risk (DR) is the risk that a material misstatement would not be caught by audit procedures.Factors affecting detection risk include:Nature, timing, and extent of audit proceduresSampling riskRisk of choosing an unrepresentative sample.Nonsampling riskRisk that the auditor may reach inappropriate conclusions based upon available evidence4-10Factors Affecting Overall Inherent RiskCompany and its environmentNature of CompanyRelated partiesAccounting Principles and DisclosuresObjectives and StrategiesMeasurement and Analysis of Financial Performance4-11Preliminary Analytic ProceduresRECORDED ACCOUNT BALANCEESTIMATED ACCOUNTBALANCEAttention directing Identify potential problem areasAn organized approachA standard starting place to start examining the financial statementsDescribe the financial activities Identify unusual changes in relationships in the dataAsk relevant questionsWhat could be wrong?What legitimate reasons are there for these results? Cash flow analysis4-12Analytic Procedure StepsDevelop an expectation. Define a significant difference. Calculate predictions and compare them with the recorded amount. Investigate significant differences.Document each of the above steps. 4-13Audit team discussions (brainstorming)Required procedureObjectivesGain understanding ofPrevious experiences with clientHow a fraud might be perpetrated and concealed in the entityProcedures that might detect fraudSet proper tone for engagementDiscussions should be ongoing throughout the engagement4-14Required Risk AssessmentsPresume that improper revenue recognition is a fraud risk.Identify risks of management override of controls.Examine journal entries and other adjustments.Review accounting estimates for biases.Evaluate business rationale for significant unusual transactions.Identify Significant Risks4-15Respond to Assessed RisksRespond to Significant RisksAssignment of personnelChoice of accounting principlesPredictability of auditing proceduresExamination of journal entries and other adjustmentsRetrospective review of prior year accounting estimatesAccumulated Results of ProceduresExtended procedures4-16Evaluate Audit EvidenceDiscrepancies in the accounting records.Conflicting or missing evidential matter.Problematic or unusual relationships between the auditor and management.Results from substantive of final review stage analytical procedures.Vague, implausible or inconsistent responses to inquiries.4-17Communicate Fraud MattersEvidence that fraud may exist must be communicated to appropriate level of management.Sarbanes Oxley: Significant deficiencies must be communicated to those charged with governance.Any fraud committed by management (no matter how small) is material.4-18Document Fraud MattersDiscussion of engagement personnel.Procedures to identify and assess risk.Specific risks identified and auditor response.If revenue recognition not a risk—explain why.Results of procedures regarding management override.Other conditions causing auditors to believe additional procedures are required.Communication to management, audit committee, etc.4-19Noncompliance With Laws and RegulationsDirect-effect noncompliance produce direct and material effects on the financial statements . The law or regulation can be identified with a specific account or disclosure (e.g., income tax .evasion). Auditor’s responsibility--design procedures to provide reasonable assurance Indirect-effect noncompliance are not related to specific accounts or disclosures on the financial statements (e.g., violations relating to insider securities trading, occupational health and safety, food and drug administration, environmental protection, and equal employment opportunity). Auditor's responsibility—Follow up on suspected violations material to the financial statements4-20Red Flags of Potential NoncomplianceUnauthorized transactions.Government investigations.Regulatory reports of violations.Payments to consultants, affiliates, or employees for unspecified services.Excessive sales commissions and agents’ fees.Unusually large cash payments.Unexplained payments to government officials.Failure to file tax returns or to pay duties and fees.4-21Audit Strategy MemorandumIdentify significant accounts and disclosuresEstablish overall audit strategy for each relevant assertionTake into account Reporting objectives and communications requiredAuditor’s risk assessment. Other requirements of laws or regulations. Nature, timing, and extent of necessary resourcesPlanned tests of controls, substantive procedures, and other planned audit procedures Memo is basis for preparing detailed audit plans (often called audit programs)Written audit plan documenting audit strategy is required4-22