Auditing Lecture 7 Part II. Audit process by phase: Phase IV. Reporting Content Fraud Reporting the obtained results Recommended reading Appendices: ISA 240, 330, 450, 700, 705 Nov 9, 2015 2 Fraud - types of fraud*
Types of fraud: Fraudulent reporting (FR) - is an intentional misstatement or omission of amounts or disclosures with the intent to deceive users. Most cases involve the intentional misstatement of amounts, rather than disclosures. For example, WorldCom capitalized as fixed assets billions of dollars that should have been expensed. Omissions of amounts are less common, but a company can overstate income by omitting accounts payable and other liabilities. While most cases of fraudulent financial reporting involve an attempt to overstate income (either by overstatement of assets and income or by omission of liabilities and expenses) companies also deliberately understate income. At privately held companies, this may be done in an attempt to reduce income taxes. Companies may also intentionally understate income when earnings are high to create a reserve of earnings that may be used to increase earnings in future periods. Such practices are called income smoothing Nov 9, 2015 3
Fraud - types of fraud* and earnings management. Earnings management involves deliberate actions taken by management to meet earnings objectives. Income smoothing is a form of earnings management in which revenues and expenses are shifted between periods to reduce fluctuations in earnings. One technique to smooth income is to reduce the value of inventory and other assets of an acquired company at the time of acquisition, resulting in higher earnings when the assets are later sold. Although less frequent, several notable cases of fraudulent financial reporting involve inadequate disclosure. For example, a central issue in the Enron case was whether the company adequately disclosed obligations to affiliates known as special-purpose entities. Nov 9, 2015 4 Fraud - types of fraud*
Misappropriation of assets (MA) - is fraud that involves theft of an entitys assets. In many cases, but not all, the amounts involved are not material to the financial statements. However, the theft of company assets is often a management concern, regardless of the materiality of the amounts involved, because small thefts can easily increase in size over time. The term misappropriation of assets is normally used to refer to theft involving employees and others internal to the organization. According to estimates of the Association of Certified Fraud Examiners, the average company loses five percent of its revenues to fraud, although much of this fraud involves external parties, such as shoplifting by customers and cheating by suppliers. Misappropriation of assets is normally perpetrated at lower levels of the organization hierarchy. In some notable cases, however, top management is involved in the theft of company Nov 9, 2015 5
Fraud - types of fraud* assets. Because of managements greater authority and control over organization assets, embezzlements involving top management can involve significant amounts. In one extreme example, the former CEO of Tyco International was charged by the SEC with stealing over $100 million in assets. A fraud survey conducted by the Association of Certified Fraud Examiners found that asset misappropriations are the most common fraud scheme, although the size of the fraud is much greater for fraudulent financial reporting. Nov 9, 2015 6 Fraud conditions for fraud*
Conditions for fraud three conditions for fraud arising from fraudulent financial reporting and misappropriations of assets are as fraud triangle. Incentives/pressures - management or other employees have incentives or pressures to commit fraud. Opportunities - circumstances provide opportunities for management or employees to commit fraud. Attitudes/rationalization - an attitude, character, or set of ethical values exists that allows management or employees to commit a dishonest act, or they are in an environment that imposes sufficient pressure that causes them to rationalize committing a dishonest act. Nov 9, 2015 7 Fraud conditions for fraud* Nov 9, 2015 8
Fraud conditions for fraud* Nov 9, 2015 9 Fraud conditions for fraud* Risk factors for FR - an essential consideration by the auditor in uncovering fraud is identifying factors that increase the risk of fraud. In the fraud triangle, fraudulent financial reporting and misappropriation of assets share the same three conditions, but the risk factors differ. First it is necessary to address the risk factors for fraudulent financial reporting, and then discuss those for misappropriation of assets. Incentives/pressures for FR - a common incentive for companies to manipulate financial statements is a decline in the companys financial prospects. For example, a decline in earnings may threaten the companys ability to obtain financing. Companies may also manipulate
earnings to meet analysts forecasts or benchmarks such as prior-year earnings, to meet debt covenant restrictions, or to artificially inflate stock prices. In some cases, management may manipulate earnings just to preserve their reputation. Nov 9, 2015 10 Fraud conditions for fraud* Nov 9, 2015 Opportunities for FR - although the financial statements of all companies are potentially subject to manipulation, the risk is greater for companies in industries where significant judgments and estimates are involved. For example, valuation of inventories is subject to greater
risk of misstatement for companies with diverse inventories in many locations. The risk of misstatement of inventories is further increased if those inventories are at risk for obsolescence. Attitudes/rationalization for FR - the attitude of top management toward financial reporting is a critical risk factor in assessing the likelihood of fraudulent financial statements. If the CEO or other top managers display a significant disregard for the financial reporting process, such as consistently issuing overly optimistic forecasts, fraudulent financial reporting is more likely. 11 Fraud conditions for fraud* Risk factors for MA - the same three conditions apply to misappropriation of assets. However, in assessing risk factors, greater emphasis is placed on individual incentives and opportunities for theft. Incentives/pressures for MA - financial pressures are a common incentive for employees who misappropriate assets. Employees with excessive financial obligations, or those with drug abuse or gambling
problems, may steal to meet their personal needs. In other cases, dissatisfied employees may steal as a form of attack against their employers. Opportunities for MA - opportunities for theft exist in all companies. However, opportunities are greater in companies with accessible cash or with inventory or other valuable assets, especially if they are small or easily removed. For example, casinos handle extensive amounts of cash with little formal records of cash received. Similarly, thefts of laptop computers are Nov 9, 2015 12 Fraud conditions for fraud* Nov 9, 2015 much more frequent than thefts of desktop systems. Weak internal controls create opportunities for theft.
Inadequate separation of duties is practically a license for employees to steal. Whenever employees have custody or even temporary access to assets and maintain the accounting records for those assets, the potential for theft exists. For example, if inventory storeroom employees also maintain inventory records, they can easily take inventory items and cover the theft by adjusting the accounting records. Fraud is more prevalent in smaller businesses and notfor-profit organizations because it is more difficult for these entities to maintain adequate separation of duties. However, even large organizations may fail to maintain adequate separation in critical areas. Attitudes/rationalization for MA - managements attitude toward controls and ethical conduct may allow employees and managers to rationalize the theft of assets. If 13 Fraud conditions for fraud* management cheats customers through overcharging for goods or engaging in high pressure sales tactics, employees may feel that it is acceptable for them to behave in the same fashion by cheating on expense or
time reports. Nov 9, 2015 14 Fraud assessing the risk* Assessing the risk of fraud - auditors must maintain a level of professional skepticism as they consider a broad set of information, including fraud risk factors, to identify and respond to fraud risk. The auditor has a responsibility to respond to fraud risk by planning and performing the audit to obtain reasonable assurance that material misstatements, whether due to errors or fraud, are detected. Professional skepticism - auditing standards state that, in exercising professional skepticism, an auditor neither assumes that management is dishonest nor assumes unquestioned honesty. In practice, maintaining this attitude of professional skepticism can be difficult because, despite some recent high-profile examples of
fraudulent financial statements, material frauds are infrequent compared to the number of audits of financial statements conducted annually. Most auditors will never encounter a material fraud during their careers. Also, through client acceptance and continuance evaluation Nov 9, 2015 15 Fraud assessing the risk* procedures, auditors reject most potential clients perceived as lacking honesty and integrity. Questioning mind - auditing standards emphasize consideration of a clients susceptibility to fraud, regardless of the auditors beliefs about the likelihood of fraud and managements honesty and integrity. During audit planning for every audit, the engagement team must discuss the need to maintain a questioning mind throughout the audit to identify fraud risks and critically evaluate audit evidence. There is always a risk that even an honest person can rationalize fraudulent
actions when incentives or pressures become extreme. Critical evaluation of audit evidence - upon discovering information or other conditions that indicate a material misstatement due to fraud may have occurred, auditors should thoroughly probe the issues, acquire additional evidence as needed, and consult with other team Nov 9, 2015 16 members. Auditors must be careful not to rationalize Fraud assessing the risk* or assume a misstatement is an isolated incident. For example, say an auditor uncovers a current year sale that should properly be reflected as a sale in the following year. The auditor should evaluate the reasons for the misstatement, determine whether it was intentional or a fraud, and consider whether other such misstatements are likely to have occurred. Sources of information to assess audit risk - five sources of information to assess these fraud risks are used: Communications among audit team - the audit team is
required to conduct discussions to share insights from more experienced audit team members and to brainstorm ideas that address the following: How and where they believe the entitys financial statements might be susceptible to material misstatement due to fraud. How management could perpetrate and conceal fraudulent financial reporting. Nov 9, 2015 17 Fraud assessing the risk* How anyone might misappropriate assets of the entity. How the auditor might respond to the susceptibility of material misstatements due to fraud. Inquiries of management - the auditor is required to make specific inquiries about fraud in every audit. Inquiries of management and others within the company provide employees with an opportunity to tell the auditor information that otherwise might not be
communicated. The auditors inquiries of management should address whether management has knowledge of any fraud or suspected fraud within the company. Auditors should also inquire about managements process of assessing fraud risks, the nature of fraud risks identified by management, any internal controls implemented to address those risks, and any information about fraud risks and related controls that 18 management has reported to the audit committee. Nov 9, 2015 Fraud assessing the risk* Nov 9, 2015
Risk factors - the auditor is required to evaluate whether fraud risk factors indicate incentives or pressures to perpetrate fraud, opportunities to carry out fraud, or attitudes or rationalizations used to justify a fraudulent action. The existence of fraud risk factors does not mean fraud exists, but that the likelihood of fraud is higher. Auditors should consider these factors along with any other information used to assess the risks of fraud. Other information - auditors should consider all information they have obtained in any phase or part of the audit as they assess the risk of fraud. Many of the risk assessment procedures that the auditor performs during planning to assess the risk of material misstatement may indicate a heightened risk of fraud. 19 Fraud assessing the risk* Nov 9, 2015 20
Fraud documenting the assess-t* Documenting fraud assessment - auditing standards require that auditors document the following matters related to the auditors consideration of material misstatements due to fraud: The discussion among engagement team personnel in planning the audit about the susceptibility of the entitys financial statements to material fraud. Procedures performed to obtain information necessary to identify and assess the risks of material fraud. Specific risks of material fraud that were identified, and a description of the auditors response to those risks. Reasons supporting a conclusion that there is not a significant risk of material improper revenue recognition. Results of the procedures performed to address the risk of management override of controls. Other conditions and analytical relationships indicating that additional auditing procedures or other responses were required, and the actions taken by the auditor.
Nov 9, 2015 21 Fraud specific fraud risk areas Specific fraud risk areas - depending on the clients industry, certain accounts are especially susceptible to manipulation or theft. Specific high-risk accounts are discussed next. But even when auditors are armed with knowledge of these risk areas, fraud remains extremely difficult to detect. However, an awareness of existence of these areas and fraud detection techniques increases an auditors likelihood of identifying misstatements due to fraud. Revenue and accounts receivable fraud risks - revenue and related accounts receivable and cash accounts are especially susceptible to manipulation and theft. A study sponsored by the Committee of Sponsoring Organizations (COSO) found that more than half of financial statement frauds involve revenues and
accounts receivable. Similarly, because sales are often made for cash or are quickly converted to cash, cash is also highly susceptible to theft. Fraudulent financial reporting risk for revenue - several Nov 9, 2015 22 Fraud specific fraud risk areas reasons make revenue susceptible to manipulation. Most important, revenue is almost always the largest account on the income statement, therefore a misstatement only representing a small percentage of revenues can still have a large effect on income. An overstatement of revenues often increases net income by an equal amount, because related costs of sales are usually not recognized on fictitious or prematurely recognized revenues. Another reason revenue is susceptible to manipulation is the difficulty of determining the appropriate timing of revenue recognition in many situations. Three main types of revenue manipulations are: fictitious revenues, premature revenue
recognition and manipulation of adjustments to revenues. Fictitious revenues - the most egregious form of revenue fraud. You may be aware of several recent cases involving fictitious revenues, but this type of fraud is not new. The 1931 Ultramares case involved fictitious revenue entries in the general ledger. Fraud Nov 9, 2015 23 perpetrators Fraud specific fraud risk areas Nov 9, 2015 often go to great lengths to support fictitious revenue. Fraudulent activity at Equity Funding Corp. of America, which involved issuing fictitious insurance policies, lasted nearly a decade (from 1964 to 1973) and involved dozens of company employees. The perpetrators held file-stuffing parties to create the fictitious policies.
Premature revenue recognition - companies often accelerate the timing of revenue recognition to meet earnings or sales forecasts. Premature revenue recognition is the recognition of revenue before accounting standards requirements for recording revenue have been met. In the simplest form of accelerated revenue recognition, sales that should have been recorded in the subsequent period are recorded as current period sales. One method of fraudulently accelerating revenue is a bill-and-hold sale. Sales are normally recognized at 24 Fraud specific fraud risk areas Nov 9, 2015 the time goods are shipped, but in a bill-and-hold sale, the goods are invoiced before they are shipped. Another method involves issuing side agreements that
modify the terms of the sales transaction. For example, revenue recognition is likely to be inappropriate if a major customer agrees to buy a significant amount of inventory at year-end, but a side agreement provides for more favorable pricing and unrestricted return of the goods if not sold by the customer. Manipulation of adjustments to revenues - the most common adjustment to revenue involves sales returns and allowances. A company may hide sales returns from the auditor to overstate net sales and income. If the returned goods are counted as part of physical inventory, the return may increase reported income. In this case, an asset increase is recognized through the counting of physical inventory, but the reduction in the related accounts receivable balance is not made. 25 Fraud specific fraud risk areas Companies may also understate bad debt expense because significant judgment is required to determine the correct amount. Because the required allowance
depends on the age and quality of accounts receivable, some companies have altered the aging of accounts receivable to make them appear more current. Documentary discrepancies - despite the best efforts of fraud perpetrators, fictitious transactions rarely have the same level of documentary evidence as legitimate transactions. For example, in the well-known fraud at ZZZZ Best, insurance restoration contracts worth millions of dollars were supported by one or two page agreements and lacked many of the supporting details and evidence, such as permits, that are normally associated with these types of contracts. Misappropriation of receipts involving revenue - although misappropriation of cash receipts is rarely as material as 26 Nov 9, 2015 Fraud specific fraud risk areas fraudulent reporting of revenues, such frauds can be costly to the organization because of the direct loss of assets. A typical misappropriation of cash involves failure to record a sale or an adjustment to customer accounts
receivable to hide the theft. Failure to record a sale - One of the most difficult frauds to detect is when a sale is not recorded and the cash from the sale is stolen. Such frauds are easier to detect when goods are shipped on credit to customers. Tracing shipping documents to sales entries in the sales journal and accounting for all shipping documents can be used to verify that all sales have been recorded. It is much more difficult to verify that all cash sales have been recorded, especially if no shipping documents exist to verify the completeness of sales, and no customer account receivable records support the sale. In such cases, other documentary evidence is Nov 9, 2015 27 necessary to verify that all sales are recorded. Fraud specific fraud risk areas
If the sale is not included in the cash register it is almost impossible to detect the fraud. Theft of cash receipts after a sale is recorded - it is much more difficult to hide the theft of cash receipts after a sale is recorded. If a customers payment is stolen, regular billing of unpaid accounts will quickly uncover the fraud. As a result, to hide the theft, the fraud perpetrator must reduce the customers account in one of three ways: record a sales return or allowance write off the customers account apply the payment from another customer to the customers account, which is also known as lapping. Inventory fraud risk - inventory is often the largest account on many companies balance sheets, and auditors often find it difficult to verify the existence and valuation of inventories. Thus inventory is susceptible to manipulation by management Nov 9, 2015 28
Fraud specific fraud risk areas Nov 9, 2015 29 Fraud specific fraud risk areas who wants to achieve certain financial reporting objectives. Because it is also usually readily saleable, inventory is also susceptible to misappropriation. Fraudulent financial reporting risk for inventory - fictitious inventory has been at the center of several major cases of fraudulent financial reporting. Many large companies have varied and extensive inventory in multiple locations, making it relatively easy for the company to add fictitious inventory to accounting records. While auditors are required to verify the existence of physical inventories, audit testing is done on a sample basis, and not all locations with inventory are typically tested. In some cases involving fictitious inventories, auditors informed the client in advance
which inventory locations were to be tested. As a result, it was relatively easy for the client to transfer inventories to the locations being tested. Nov 9, 2015 30 Fraud specific fraud risk areas Nov 9, 2015 31 Fraud specific fraud risk areas Purchase and accounts payable fraud risks - cases of fraudulent financial reporting involving accounts payable are relatively common although less frequent than frauds involving inventory or accounts receivable. The deliberate understatement of accounts payable generally results in an understatement of purchases and cost of goods sold and an overstatement of net income. Significant misappropriations
involving purchases can also occur in the form of payments to fictitious vendors, as well as kickbacks and other illegal arrangements with suppliers. Fraudulent financial reporting risk for accounts payable companies may engage in deliberate attempts to understate accounts payable and overstate income. This can be accomplished by not recording accounts payable until the subsequent period or by recording fictitious reductions to accounts payable. All purchases received before the end of the year should be recorded as liabilities. This is relatively easy to verify if the Nov 9, 2015 32 company accounts for prenumbered receiving reports. Fraud specific fraud risk areas However, if the receiving reports are not prenumbered or the company deliberately omits receiving reports from the accounting records, it may be difficult for the auditor to verify whether all liabilities have been recorded. In such cases, analytical evidence, such as unusual changes in ratios, may signal that accounts payable are understated.
Companies often have complex arrangements with suppliers that result in reductions to accounts payable for advertising credits and other allowances. These arrangements are often not as well documented as acquisition transactions. Some companies have used fictitious reductions to accounts payable to overstate net income. Therefore, auditors should read agreements with suppliers when amounts are material and make sure the financial statements reflect the substance of the agreements. Misappropriations in the acquisition and payment cycle the most common fraud in the acquisitions area is for the perpetrator to issue payments to fictitious vendors and 33 Nov 9, 2015 Fraud specific fraud risk areas deposit the cash in a fictitious account. These frauds can be prevented by allowing payments to be made only to approved vendors and by carefully scrutinizing documentation supporting the acquisitions by authorized personnel before payments are made. Other areas of fraud risk - although some accounts are more susceptible than others, almost every account is subject to manipulation.
Fixed assets represent a large balance sheet account for many companies, and are often based on subjectively determined valuations. As a result, fixed assets may be a target for manipulation, especially for companies without material receivables or inventories. For example, companies may capitalize repairs or other operating expenses as fixed assets. Such frauds are relatively easy to detect if the auditor examines evidence supporting fixed asset additions. Nevertheless, prior cases of fraudulent financial reporting, such as WorldCom, have involved improper Nov 9, 2015 34 Fraud specific fraud risk areas capitalization of assets. Payroll expenses - payroll is rarely a significant risk area for fraudulent financial reporting. However, companies may overstate inventories and net income by recording excess labor costs in inventory. Company employees are sometimes used to construct fixed assets. Excess labor
cost may also be capitalized as fixed assets in these circumstances. Material fringe benefits, such as retirement benefits, are also subject to manipulation. Payroll fraud involving misappropriation of assets is fairly common, but the amounts involved are often immaterial. The two most common areas of fraud are the creation of fictitious employees and overstatement of individual payroll hours. The existence of fictitious employees can usually be prevented by separation of the human resource and payroll functions. Overstatement of hours is typically prevented by use of time clocks. Nov 9, 2015 35 Fraud auditors responsibilities* Responsibilities when fraud is suspected - frauds are often detected through the receipt of an anonymous tip or by accident, internal controls, or the internal audit function. Throughout
an audit, the auditor continually evaluates whether evidence gathered and other observations made indicate material misstatement due to fraud. All misstatements the auditor finds during the audit should be evaluated for any indication of fraud. When fraud is suspected, the auditor gathers additional information to determine whether fraud actually exists. Often, the auditor begins by making additional inquiries of management and others. Use of inquiry - inquiry can be an effective audit evidence gathering technique. Interviewing allows the auditor to clarify unobservable issues and observe the respondents verbal and nonverbal responses. Interviewing can also help identify issues omitted from documentation or confirmations. The auditor can also modify questions during the interview based on the interviewees responses. Inquiry as Nov 9, 2015 36 Fraud auditors responsibilities* an audit evidence technique should be tailored to the purpose
for which it is being used. Depending on the purpose, the auditor may ask different types of questions and change the tone of the interview. Listening techniques - it is critical for the auditor to use effective listening skills throughout the inquiry process. The auditor should stay attentive by maintaining eye contact, nodding in agreement, or demonstrating other signs of comprehension. Auditors should also attempt to avoid preconceived ideas about the information being provided. Good listeners also take advantage of silence to think about the information provided and to prioritize and review information heard. Other responsibilities - when the auditor suspects that fraud may be present, the auditor is required to obtain additional evidence to determine whether material fraud has occurred audit software analysis (GAS and data mining) and expended substantial tests: Nov 9, 2015 37 Fraud auditors responsibilities*
Nov 9, 2015 Audit software analysis - auditors often use audit software such as ACL or IDEA to determine whether fraud may exist. For example, software tools can be used to search for fictitious revenue transactions by searching for duplicate sales invoice numbers or by reconciling databases of sales invoices to databases of shipping records, to ensure that all sales are supported by evidence of shipping. Similarly, these tools provide efficient searches for breaks in document sequences, which may indicate misstatements related to the completeness objective for liabilities and expense accounts. Auditors use audit software, including basic spreadsheet tools such as Excel, to sort transactions or account balances into subcategories for further audit testing. Excel may also be used to perform analytical procedures at disaggregated levels. For example, sales can be sorted to disaggregate the data by location, by product type, and across time (monthly) for
38 Fraud auditors responsibilities* Nov 9, 2015 further analytical procedure analysis. Unusual trends not observable at the aggregate level may be detected when the data is analyzed in greater detail. Expanded ST - auditors may also expand other substantive procedures to address heightened risks of fraud. For example, when there is a risk that sales terms may have been altered to prematurely record revenues, the auditor may modify the accounts receivable confirmation requests to obtain more detailed responses from customers about specific terms of the transactions, such as payment, transfer of custody, and return policy terms. In some instances, the auditor may confirm individual transactions rather than entire account balances, particularly for large transactions recorded close to year-end.
39 Reporting basic elements of AR* Basic elements of auditor report - the auditors report should include the following basic elements: title; addressee; opening or introductory paragraph: identification of the financial statements audited; a statement of the responsibility of the entitys management and the responsibility of the auditor; scope paragraph (describing the nature of an audit): a reference to the ISAs or relevant national standards or practices; a description of the work the auditor performed; opinion paragraph containing an expression of opinion on the financial statements; the date of the report; the auditors address; Nov 9, 2015 40
auditors signature. Reporting standard unqualified AR* Standard unqualified audit report - the most common type of audit report. It is used for more than 90 percent of all audit reports. US GAAS and ISA prescribe the use of three-paragraph form: introduction, scope, and opinion, where the final paragraph opinion - states the auditors conclusion based on the results of the audit examination. This paragraph is so important that the entire audit report is frequently referred to as the auditors opinion. The opinion paragraph is stated as an opinion rather than as statement of absolute fact or a guarantee. The intent is to indicate that the conclusions are based on professional judgment. Conditions for standard unqualified audit report: completeness - all statements (balance sheet, income statement, statement of change in equity and retained
earnings, and statement of cash flows) are included in the financial statements. Nov 9, 2015 41 Reporting standard unqualified AR* compliance US GAAS/SAS or ISA have been followed in all respects. This also means that adequate disclosures have been included in the footnotes and other parts of the financial statements. pervasiveness of evidence sufficient appropriate evidence has been accumulated and presented in auditors report. there are no circumstances requiring the addition of an explanatory paragraph or modification of the wording of the report. The standard unqualified audit report is sometimes called a clean opinion because there are no circumstances requiring a qualification or modification of the auditors opinion. The standard
unqualified report is the most common audit opinion. Sometimes circumstances beyond the clients or auditors control prevent the issuance of a clean opinion. However, in most cases, companies make the appropriate changes to their accounting records to avoid a Nov 9, 2015 42 qualification or modification by the auditor. Reporting extended and/or modified unqualified AR* An auditors report is considered to be modified in the two different situations: matters that do not affect the auditors opinion (which would mean adding of matter paragraph => issue of unqualified audit report with explanatory notes and/or modified wording) matters that do affect the auditors opinion (instances that call for either: (a) qualified opinion, (b) disclaimer of opinion, or (c) adverse opinion). Causes of addition of an explanatory paragraph or a modification in the wording of the standard unqualified report:
Lack of consistent application of US GAAS/SAS or ISA Substantial doubt about going concern Auditor agrees with a departure from promulgated accounting principles Emphasis of a matter Nov 9, 2015 43 Reports involving other auditors or experts Reporting departures from unqualified AR* Conditions requiring departures (matters that do affect the auditors opinion): Scope of the audit has been restricted (scope limitation) Financial statements have not been prepared in US GAAP or IFRS. Auditor is not independent Materiality (extra condition) - materiality is an essential consideration in determining the appropriate type of report for a given set of circumstances. For example, if a misstatement is
immaterial relative to the financial statements, it is appropriate to issue an un - qualified report. The situation is totally different when the amounts are of such significance that the financial statements are materially affected as a whole. In these circumstances, it is necessary to issue a disclaimer of opinion or an adverse opinion, depending on whether a scope limitation or GAAP departure is involved. In situations of lesser materiality, a qualified opinion is Nov 9, 2015 44 appropriate. Reporting decision-making process about type of AR* Making decision about type of audit reports: Deciding whether any condition exists requiring a departure from a standard unqualified report Deciding about materiality level for each condition Deciding about the appropriate type of report for the condition, given the determined materiality level
Writing of audit report Nov 9, 2015 45 Reporting qualified AR* Qualified opinion report - can result from a limitation on the scope of the audit or failure to follow US GAAP or IFRS. A qualified opinion report can be used only when the auditor concludes that the overall financial statements are fairly stated (a disclaimer or an adverse report must be used if the auditor believes that the condition being reported on is highly material) Therefore, the qualified opinion is considered the least severe type of departure from an unqualified report. A qualified report can take the form of a qualification of both the scope and the opinion or of the opinion alone. A scope and opinion qualification can be issued only when the auditor has been unable to accumulate all of the evidence required by generally accepted auditing standards. Therefore, this type of qualification is used when the auditors scope has been restricted by the client or when circumstances exist that prevent the auditor from conducting a
complete audit. The use of a qualification of the opinion alone is restricted to situations in which the financial statements are not Nov 9, 2015 46 stated in accordance with GAAP/IFRS Reporting adverse AR* An adverse opinion - is used only when the auditor believes that the overall financial statements are so materially misstated or misleading that they do not present fairly the financial position or results of operations and cash flows in conformity with GAAP. The adverse opinion report can arise only when the auditor has knowledge, after an adequate investigation, of the absence of conformity. This is uncommon and thus the adverse opinion is rarely used. Nov 9, 2015 47
Reporting disclaimer of AR* A disclaimer of opinion - is issued when the auditor has been unable to satisfy himself or herself that the overall financial statements are fairly presented. The necessity for disclaiming an opinion may arise because of a severe limitation on the scope of the audit or a nonindependent relationship under the Code of Professional Conduct (AISPA or IFAC) between the auditor and the client. Either of these situations prevents the auditor from expressing an opinion on the financial statements as a whole. The auditor also has the option to issue a disclaimer of opinion for a going concern problem. The disclaimer is distinguished from an adverse opinion in that it can arise only from a lack of knowledge by the auditor, whereas to express an adverse opinion, the auditor must have knowledge that the financial statements are not fairly stated. Both disclaimers and adverse opinions are used only when the condition is highly material.
Nov 9, 2015 48 Recommended reading Arens et al. (2015) chosen chapters will be uploaded to IS Ch. 11 (whole) Hayes et al. (2014) chosen chapters will be uploaded to IS Ch. 11-12 (whole) ISA 240, 450, 700, 705 Nov 9, 2015 49
Appendix: ISA 240 Fraud Scope: ISA 240 deals with auditors responsibilities relating to fraud in an audit of financial statements. Identifying and assessing the risks of material misstatement due to fraud. Objective: To identify and assess the risks of material misstatement of the financial statements due to fraud. To obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses. To respond appropriately to fraud or suspected fraud identified during the audit. Requirements (general): The auditor shall maintain professional skepticism throughout
the audit. Nov 9, 2015 50 Appendix: ISA 240 Fraud Where responses to inquiries of management or those charged with governance are inconsistent, the auditor shall investigate the inconsistencies. Make inquiries of management about: Management assessment of risk of that the financial statements may be materially misstated due to fraud, including the nature, extent and frequency of such assessments. Managements process for identifying and responding to the risks of fraud in the entity, including any specific risks of fraud that management has identified or that have been
brought to its attention, or classes of transactions, account balances, or disclosures for which a risk of fraud is likely to exist. Managements communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud in the entity Nov 9, 2015 51 Appendix: ISA 240 Fraud Managements communication, if any, to employees regarding its views on business practices and ethical behavior. Management, internal audit and others within the entity as appropriate, to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity. The auditor shall obtain an understanding of how those charged with governance exercise oversight of managements processes for identifying and responding to the risks of fraud in the entity and the internal control that management has
established to mitigate these risks. The auditor shall evaluate whether the information obtained from the other risk assessment procedures and related activities performed indicates that one or more fraud risk factors are present. When identifying and assessing the risks of material misstatement due to fraud, the auditor shall, based on a Nov 9, 2015presumption that there are risks of fraud in revenue 52 Appendix: ISA 240 Fraud recognition, evaluate which types of revenue, revenue transactions or assertions give rise to such risks. Auditor shall design and perform procedure that are responsive to assessed risk. Auditor shall perform following procedure due to risk of Management override of control; Test the appropriateness of journal entries, for end of period and throughout period and inquire about any unusual transaction.
Review accounting estimates for biases by evaluation and retrospective review. For significant transaction outside the normal course of business, evaluate the business rationale. Requirements (specific): Evaluation of audit evidence Evaluate the result of analytical procedure that are performed at the end of audit for consistency with Nov 9, 2015 53 assessed risk Appendix: ISA 240 Fraud Evaluate identified misstatement weather material or not, if its indicative of fraud or not. If the auditor confirms that, or is unable to conclude whether, the financial statements are materially misstated as a result of fraud the auditor shall evaluate the implications for the audit Auditor is unable to continue the engagement Determine the professional and legal responsibilities Determine its appropriate to withdraw or not
If withdraw: discuss with the appropriate level of management and those charged with governance the auditors withdrawal from the engagement and the reasons for the withdrawal; and determine whether there is a professional or legal requirement to report to the person or persons who made the audit appointment or, in some cases, to regulatory authorities, the auditors withdrawal from the engagement and the reasons for the withdrawal. 54 Nov 9, 2015 Appendix: ISA 240 Fraud Written representations the auditor shall obtain written representations from management and, where appropriate, those charged with governance that: They acknowledge their responsibility for the design, implementation and maintenance of internal control to prevent and detect fraud; They have disclosed to the auditor the results of managements assessment of the risk that the financial statements may be materially misstated as a result of fraud They have disclosed to the auditor their knowledge of
fraud, or suspected fraud, affecting the entity and its financial statements. Communications to management and with those charged with governance: If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor shall communicate these matters on a timely basis Nov 9, 2015 55 to the appropriate level of management. Appendix: ISA 450 Misstat-s Scope: ISA 450 deals with the evaluation of misstatements identified during the audit of financial statements. ISA 320, Materiality in
Planning and Performing an Audit deals with the determination of materiality and its application in planning and performing an audit of financial statements. ISA 450 explains how materiality is applied in evaluating misstatements identified during the audit. Objective: The objective of the auditor is to evaluate the effect of uncorrected misstatements on the financial statements and whether the financial statements as a whole are free of material misstatement. Requirements: Misstatement is defined as a difference between the amount, classification, presentation, or disclosure of a reported financial statement item and the amount, classification, presentation, or Nov 9, 2015 56 Appendix: ISA 450 Misstat-s disclosure that is required for the item to be in accordance with the applicable financial reporting framework. Misstatement can
arise from error or fraud. This also relates to those that require adjustments for issuing a true and fair view on the financial statements. For these kind of identified misstatements, the auditor should determine whether the nature and the circumstances of their occurrence indicate the existence of other misstatements, which could be material individually or in aggregate. These misstatements should be communicated to the appropriate level of management on a timely basis. The auditor should also consider whether there is a need to revise the audit strategy and audit plan especially when those areas are confirmed to have appropriate design, implementation and effective operation of controls, now there are identified misstatements. Does the initial conclusion need to be reconsidered? This would definitely affect the risk Nov 9, 2015assessment, audit strategy and audit plan. 57 Appendix: ISA 450 Misstat-s Uncorrected misstatements are the misstatements that the
auditor has accumulated during the audit that have not been corrected. Before evaluating the effect of the uncorrected misstatements, the auditor should confirm whether the materiality still remains appropriate. Afterwards, the auditor will determine the uncorrected misstatements are material individually or in aggregate. The auditor will consider: the size and nature of the misstatements, and the particular circumstances of the occurrence the effect of uncorrected misstatements related to the prior periods. Nov 9, 2015 58 Appendix: ISA 700 AR Scope: ISA 700 deals with the auditors responsibility to form an opinion on the financial statements. It also deals with the form and content of the auditors report issued as a result of an audit of financial statements. It is written in the context of a complete set of general purpose financial statements.
The requirements of this ISA are aimed at addressing an appropriate balance between the need for consistency and comparability in auditor reporting globally and the need to increase the value of auditor reporting by making the information provided in the auditors report more relevant to users. This ISA promotes consistency in the auditors report, but recognizes the need for flexibility to accommodate particular circumstances of individual jurisdictions. Consistency in the auditors report, when the audit has been conducted in accordance with ISAs, promotes credibility in the global marketplace by making more readily identifiable those audits Nov 9, 2015that have been conducted in accordance with globally 59 Appendix: ISA 700 AR recognized standards. It also helps to promote the users understanding and to identify unusual circumstances when they occur. Objective - the objectives of the auditor are: To form an opinion on the financial statements based on an evaluation of the conclusions drawn from the audit evidence
obtained; and To express clearly that opinion through a written report. Requirements: Auditors are required to form an opinion on the basis of sufficient appropriate audit evidence obtained and express it clearly in the form of a written report. In order to form an opinion auditor must adhere to the requirements of ISA 700 and under the circumstances of engagement appropriate select the type of opinion to be expressed i.e. qualified, adverse or disclaimer of opinion. Auditor must follow the guidelines of ISA 700 regarding the format and content of Nov 9, 2015auditors report and if any supplementary information is 60 Appendix: ISA 700 AR auditor must ensure it is consistent with audited financial statements. Forming an opinion The auditors opinion on general purpose financial statements is if they are they prepared, in all material respects, in accordance with applicable financial reporting
framework. But before auditor is able to express an opinion, he is required to gather sufficient appropriate audit evidence as only sufficient appropriate audit evidence reduces the audit risk to an acceptably low level. Audit risk is considered to have reduced to an appropriate level if auditor has obtained reasonable assurance that financial statements are free from material misstatements. To conclude that reasonable assurance has been obtained, auditor shall consider: If sufficient appropriate audit evidence has been Nov 9, 2015 61 obtained Appendix: ISA 700 AR Nov 9, 2015
Whether uncorrected misstatements are material individually or in aggregate and appropriate steps have been taken The results of evaluation in which auditor is required to evaluate: Whether financial statements are prepared in accordance with applicable financial reporting framework by evaluating if: Significant policies selected and applied are adequately disclosed Accounting policies so selected and applied are consistent frameworks requirements Managements estimates are reasonable Financial statements fulfill qualitative requirements i.e. relevance, reliability, understandability, comparability etc. Adequate disclosures accompany financial 62
Appendix: ISA 700 AR statements so that user can understand the effects of material transactions Terminology used, including title of financial statements is appropriate Appropriateness of financial statements considering: The qualitative aspects of entitys accounting process Probability of distortion in financial statements due to managements bias Whether applicable financial reporting framework has been appropriately referred to or described. Forms of opinion The auditor shall express an unmodified opinion if: Auditor concludes that financial statements are prepared, in all material respects, in accordance with applicable financial reporting framework. Nov 9, 2015 63
Appendix: ISA 700 AR Or in other words: Financial statements are giving true and fair view of the business. The auditor shall give modified opinion if: Audit evidence obtained makes auditor conclude that financial statements are not free from material misstatements; or Auditor is unable to obtain sufficient appropriate audit evidence whether financial statements are free from material misstatements. For modified opinion auditor is required to follow guidelines of ISA 705. Contents of Auditors report with unmodified opinion: Auditor expresses his opinion on entitys financial statements in the form of a written report. Oral expression cannot substitute a written report. As auditors expression enhances the credibility of financial statements therefore auditors report follows a certain
Nov 9, 2015 64 Appendix: ISA 700 AR format and comprises of specific elements and content. Local applicable laws and regulations may require auditor to change the content of auditors. However, as per ISA 700 auditors report has following elements: Title Addressee Introductory paragraph Managements responsibility for the financial statements Auditors responsibility Auditors opinion Other reporting responsibilities Signature of the auditor
Date of auditors report Auditors address Supplementary information with Financial Statements Nov 9, 2015 65 Appendix: ISA 700 AR Nov 9, 2015 If supplementary information has been included with the financial statements by the management then auditor shall evaluate if such information is consistent with the financial statements and has been differentiated from the audited financial statements. If management refuses to correct the presentation of such supplementary information that may confuse the user and
take it as part of financial statements then auditor shall clearly state that such supplementary information is not audited. 66 Appendix: ISA 705 AR modif. Scope: ISA 705 deals with the auditors responsibility to issue an appropriate report in circumstances when, in forming an opinion in accordance with ISA 700, the auditor concludes that a modification to the auditors opinion on the financial statements is necessary. Objective: The objective of the auditor is to express clearly an appropriately modified opinion on the financial statements that is necessary when: The auditor concludes, based on the audit evidence obtained, that the financial statements as a whole are not free from material misstatement; or The auditor is unable to obtain sufficient appropriate audit
evidence to conclude that the financial statements as a whole are free from material misstatement. Requirements: An opinion in the auditors report is said to be modified if it is: 67 Nov 9, 2015 Appendix: ISA 705 AR modif. Qualified opinion a conditional opinion also known as except for opinion. An opinion according to which except for certain aspect of financial statement everything else is true and fair. Adverse opinion an opinion in which auditor declares that financial statements as a whole are not giving true and fair view. Disclaimer of opinion It is not really an opinion rather a statement that no opinion can be formed due to absence of sufficient appropriate audit evidence. Auditor shall express a qualified opinion if: having obtained sufficient appropriate audit evidence, auditor concludes that misstatements in the financial statements are material but not pervasive
auditor is unable to obtain sufficient appropriate audit evidence that financial statements thus unable to form an opinion. However, concludes that undetected Nov 9, 2015 68 misstatements could be material but no pervasive Appendix: ISA 705 AR modif. Auditor shall express an adverse opinion as a result of obtaining sufficient appropriate audit evidence auditor concludes that misstatements are material but also pervasive. Auditor shall express a disclaimer if auditor is unable to obtain sufficient appropriate audit evidence and thus cannot form an opinion but concludes that undetected misstatements could be both material and pervasive.
Sufficiency and appropriateness of audit evidence - Most of the time auditor is not able to collect sufficient appropriate audit evidence due to: Limitations imposed by circumstances Limitations imposed by management Nov 9, 2015 69