CHAPTER FOUR: MANAGEMENT FRAUD & AUDIT RISK

WHEN ARE ANALYTICAL PROCEDURES REQUIRED & WHEN ARE THEY OPTIONAL?

*ANALYTICAL PROCEDURES ARE REQUIRED:* *[1]* at the beginning of an audit—the planning stage by applying analytical procedures discussed in this chapter *[2]* at the end of an audit when the partners in charge review the overall quality of the work and look for apparent problems. they are optional as substantive audit procedures since test of details can be used instead when gathering evidence about each relevant financial statement assertion about each significant account and disclosure.

DEFINE AUDIT RISK.

*AUDIT RISK* is the probability that an audit team will express an inappropriate opinion when the financial statements are materially misstated. *AUDIT RISK IS A COMBINATION OF THE OTHER RISKS:* AUDIT RISK = RISK OF MATERIAL MISSTATEMENT x DETECTION RISK. RISK OF MATERIAL MISSTATEMENT = INHERENT RISK x CONTROL RISK. *"audit risk in an overall sense"* refers to the audit taken as a whole and the probability that the auditors will issue an inappropriate opinion on financial statements. generally, this is the risk of giving the standard unmodified report when the financial statements contain material misstatements or the report should be qualified or modified in some manner. *"audit risk applied to individual account balances and disclosures"* refers to the probability that a misstatement exists in a particular account balance or disclosure at least equal to the tolerable misstatement assigned to the audit of that balance remains. this version of audit risk is applied at the individual account balance level or disclosure and is used to help plan the procedures to be completed on the audit.

WHAT IS THE MAJOR CONCERN FOR AUDITORS RELATED TO EVIDENCE OBTAINED FROM RELATED PARTIES?

*RELATED PARTIES* include those individuals or organizations that can influence or be influenced by decisions of the company, possibly through family ties or investment relationships. because one of the basic assumptions of historical cost accounting is that transactions are valued at prices agreed on by two independent parties, valuation of related-party transactions is particularly troublesome. auditors also should question the persuasiveness of the evidence obtained from related parties because the source of the evidence may be biased. related party transactions have been used by companies to perpetrate fraudulent transactions. thus, auditors need to consider such transactions as higher risk of fraud.

WHAT ARE THE COMPONENTS OF THE RISK OF MATERIAL MISSTATEMENT (RMM)? WHAT ARE THE COMPONENTS OF THE AUDIT RISK MODEL?

*RISK OF MATERIAL MISSTATEMENT:* the likelihood that material misstatement(s) may have entered the accounting system and not been detected and corrected by the client's internal control. it is the combination of inherent risk and control risk. *INHERENT RISK:* the probability that material errors or frauds have entered the accounting information system. this risk is expressed without regards to internal controls. *CONTROL RISK:* the probability that the client's system of internal control will fail to prevent or detect material misstatements provided that they enter the accounting information system in the first place. *AUDIT RISK:* the probability that an audit team will express an inappropriate opinion when the financial statements are materially misstated. it is the combination of risk of material misstatement and detection risk. *DETECTION RISK:* the probability that the auditor's own procedures will fail to find material errors and frauds provided any have entered the system and have not been detected or corrected by the client's internal control system.

WHAT IS MEANT BY THE NATURE OF THE COMPANY & WHY IS IT IMPORTANT TO INHERENT RISK ASSESSMENT?

*THE NATURE OF THE COMPANY INCLUDES:* •• the company's organizational structure and management personnel. •• the sources of funding of the company's operations and investment activities •• the company's significant investments. •• the company's operating characteristics, including its size and complexity. •• the sources of the company's earnings, including the relative profitability of key products and services as well as key supplier and customer relationships.

WHAT ARE THE FIVE STEPS INVOLVED WITH THE USE OF PRELIMINARY ANALYTICAL PROCEDURES?

*[1]* develop an expectation *[2]*define a significant difference *[3]*calculate predictions and compare them with the recorded amount *[4]*investigate significant differences *[5]* document each of the first four steps

IDENTIFY THREE DIFFERENT CATEGORIES OF FRAUD RISK FACTORS. NEXT, FOR EACH CATEGORY, WHAT ARE SOME OF THE CONDITIONS THAT CAN HELP CONTRIBUTE TO A HIGHER LIKELIHOOD OF FINANCIAL STATEMENT FRAUD?

[1] *MANAGEMENT'S CHARACTERISTICS AND INFLUENCE* •• management has a motivation (bonus compensation, stock options) to engage in fraudulent reporting. •• management decisions are dominated by an individual or a small group. •• management fails to display an appropriate attitude about internal control and financial reporting. •• managers' attitudes are very aggressive toward financial reporting. •• managers place too much emphasis on earnings projections. •• nonfinancial management participates excessively in the selection of accounting principles or determination of estimates. •• the company has a high turnover of senior management. •• the company has a known history of violations. •• managers and employees tend to be evasive when responding to auditors' inquiries. •• managers engage in frequent disputes with auditors. [2] *INDUSTRY CONDITIONS* •• company profits lag those of the industry. •• new requirements are passed that could impair stability or profitability. •• the company's market is saturated due to fierce competition. •• the company's industry is declining. •• the company's industry is changing rapidly. [3] *OPERATING CHARACTERISTICS AND FINANCIAL STABILITY* •• a weak internal control environment prevails. •• the company is not able to generate sufficient cash flows to ensure that it is a going concern. •• there is pressure to obtain capital. •• the company operates in a tax haven jurisdiction. •• the company has many difficult accounting measurement and presentation issues. •• the company has significant transactions or balances that are difficult to audit. •• the company has significant and unusual related-party transactions. •• company accounting personnel are lax or are not experienced in performing their duties.

WHAT ARE THE DEFINING CHARACTERISTICS OF [A] WHITE-COLLAR CRIME, [B] EMPLOYEE FRAUD, [C] EMBEZZLEMENT, [D] LARCENY, [E] DEFALCATION, [F] MANAGEMENT FRAUD & [G] ERRORS?

[A] *WHITE-COLLAR CRIMES* are frauds perpetrated by people in a non-violent manner and are typically focused on stealing cash or assets. they are often committed by people who work in offices and steal items such as inventory, cash or other valuable assets. often contrasted with violent street crimes like armed robbery, murder and kidnapping. [B] *EMPLOYEE FRAUD* is the use of fraudulent means to take money or other property from an employer. it consists of three phases: [1] the fraudulent act, [2] the conversion of the money or property to the fraudster's use, and [3] the cover-up. [C] *EMBEZZLEMENT* is a type of fraud involving employees or nonemployees wrongfully taking funds or property entrusted to their care, custody, and control, often accompanied by false accounting entries and other forms of lying and cover-up. [D] *LARCENY* is simple theft of an employer's property that is not entrusted to an employee's care, custody or control. [E] *DEFALCATION* is another name for employee fraud and embezzlement. [F] *MANAGEMENT FRAUD* is deliberate fraud committed by management that injures investors and creditors through materially misstated information. because management fraud usually takes the form of deceptive financial statements, management fraud is sometimes referred to as fraudulent financial reporting. AU 240 defines fraudulent financial reporting as "intentional misstatements, including omissions of amounts or disclosures in financial statements to deceive financial statement users. it can be caused by the efforts of management to manage earnings in order to deceive financial statement users [G] *ERRORS* are unintentional misstatements or omissions of amounts or disclosures in financial statements.

WHAT IS THE AUDITOR'S RESPONSIBILITY REGARDING FRAUD RISK?

according to the professional standards, an auditor has a responsibility to design procedures and plan/perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. as a direct result, an auditor is responsible for assessing the risk of material misstatement due to an error or fraud on every engagement. because of the damage to the capital markets caused by fraudsters who have intentionally misstated their financial statements, auditors must carefully assess fraud risk on every audit engagement. once fraud risk has been assessed, the nature, timing, and extent of audit work should change as a result of the auditor's fraud risk assessment. in general, the lower the risk of material misstatement due to fraud, the less persuasive the audit evidence needs to be. it follows that when fraud risk factors are identified, the auditor generally must obtain more persuasive audit evidence. once fraud risk factors are identified, the auditor should clearly identify the fraud risks and then design and perform procedures that respond directly to fraud risks.

WHAT THE PRIMARY DIFFERENCE BETWEEN A MATERIAL MISSTATEMENT DUE TO FRAUD OR ERROR?

an auditor must always remember that a misstatement in the financial statements may be caused by an error or a fraud. *the primary difference between a material misstatement due to fraud or due to error is intent.* specifically, did a manager or employee at the client intend to commit a fraud? or, was the misstatement due to an error made by an employee or manager? the intent of the employee or manager is the absolute key.

HOW DO PROFESSIONAL STANDARDS DIFFER FOR [A] ERRORS, [B] FRAUDS, [C] DIRECT-EFFECT NONCOMPLIANCE & [D] INDIRECT-EFFECT NONCOMPLIANCE?

auditors are required to plan their procedures to detect material misstatements due to errors, fraud, and noncompliance with laws and regulations having a direct effect on financial statements. for laws and regulations having an indirect effect on financial statements, auditors are limited to performing specified audit procedures that may identify noncompliance with those laws and regulations that may have a material effect on the financial statements, inquiry of management and those charged with governance, and inspection of correspondence with relevant licensing or regulatory authorities. if auditors become aware of the possibility of indirect-effect noncompliance, they are required to follow up to ensure there is no material effect on the financial statements.

WHY IS IT IMPORTANT FOR AN AUDITOR TO CAREFULLY ASSESS INHERENT RISK ON EACH AUDIT ENGAGEMENT?

inherent risk assessment helps to guide the auditor in allocating more and stronger resources to test specific accounts and disclosures that present a higher likelihood of material misstatement and therefore present a higher level of inherent risk. in effect, inherent risk assessment provides the basis for executing an appropriate response to the risks identified. the professional standards make clear that risk assessment underlies the entire audit process. when performing risk assessment procedures to accomplish this objective, the first step taken by auditors is often to assess inherent risk for each relevant assertion related to each of the significant accounts and disclosures identified on an audit engagement.

WHAT IS THE PURPOSE OF AN AUDIT STRATEGY MEMORANDUM? WHAT INFORMATION SHOULD IT CONTAIN?

the *AUDIT STRATEGY MEMORANDUM* is the basis for preparing the detailed audit plans (often called "audit programs") for each significant account and disclosure on the audit. the audit plans list the audit procedures to be performed by auditors to gather sufficient appropriate evidence on which to base their opinion on the financial statements. the audit strategy memorandum sets the scope, timing, and direction for auditing each relevant assertion. if the auditors identified fraud risk or significant risks of noncompliance with laws and regulations, these areas will be specifically addressed in the strategy, including the possibility of adding fraud specialists to the team or expanding testing.

WHAT IS MEANT BY THE TERMS NATURE, TIMING & EXTENT OF FURTHER AUDIT PROCEDURES?

the *NATURE* of audit procedures refers to the type of tests that the auditor plans to use to detect errors and fraud. in general tests of details are more effective than substantive analytical procedures. however, in general, the substantive analytical procedures are more efficient than tests of details. thus, when considering the nature of tests to be performed, if an auditor wants to set detection risk lower, he/she is likely to complete more tests of details, relative to analytical procedures. the *TIMING* of audit procedures refers to when they are performed, usually at [1] interim period or at [2] year-end. however, timing may have other aspects such as surprise procedures (unannounced to client personnel) or procedures performed after the year-end. to set detection risk lower, auditors would typically complete more testing at year-end, as compared to interim. the *EXTENT* of the application of procedures usually refers to the sample sizes of data examined, such as the number of customer accounts receivable to confirm or the number of inventory types to count. to set detection risk lower, the auditor would typically increase sample sizes.

HOW IS THE AUDIT RISK MODEL USED TO PLAN THE AUDIT?

the auditor uses the audit risk model to determine the nature, timing, and extent of audit procedures by evaluating the risk of material misstatement for each relevant assertion related to each significant account and disclosure. once the risk of material misstatement has been assessed, the auditor can determine the resulting required detection risk that can be accepted, given the assessment of the risk of material misstatement. the auditor will select the mix of substantive procedures that are needed to "set" detection risk at a level that is needed given the assessed level of the risk of material misstatement for each assertion.

WHAT ARE SOME TYPES OF KNOWLEDGE & UNDERSTANDING ABOUT A CLIENT'S BUSINESS & INDUSTRY THAT AN AUDITOR IS EXPECTED TO OBTAIN? WHAT ARE SOME OF THE METHODS & SOURCES OF INFORMATION FOR UNDERSTANDING A CLIENT'S BUSINESS & INDUSTRY?

the purpose of obtaining an understanding of the company's objectives, strategies, and related business risks is to identify business risks that could reasonably be expected to result in material misstatement of the financial statements. the best starting point is with management whose job it is to be knowledgeable about the company's risks. *OBTAINING AN UNDERSTANDING OF THE CLIENT'S BUSINESS INCLUDES UNDERSTANDING...* •• industry, regulatory, and other external factors •• nature of the company and related parties •• effect of client's computerized processing accounting principles and related disclosures •• company objectives, strategies, and related business risks •• company performance measures and analysis *IN ORDER TO GET UNDERSTANDING OF A CLIENT'S BUSINESS AND INDUSTRY, AN AUDITOR CAN CONSIDER:* •• studying numerous sources such as AICPA industry accounting and auditing guides, specialized trade magazines and journals, registration statements and 10 k reports filed with the sec, general business magazines and newspapers •• using inquiry of client personnel, including a review of prior-year audit documentation (personnel who worked on the audit in prior years are available to convey their understanding of the business), inquiry, and interviews with the company's management, directors, and audit committee. •• using information from client acceptance and retention evaluation, audit planning, past audits, and other engagements. •• considering the results of the audit team discussions (brainstorming), this involves sharing information among members of the engagement team.

WHY SHOULD AUDITORS UNDERSTAND THEIR CLIENT'S PERFORMANCE MEASURES WHEN ASSESSING INHERENT RISK?

the purpose of obtaining an understanding of the company's performance measures is to be able to determine what information management and others deem to be key indicators of company performance. it also reveals items to which management might be sensitive. for example, measures used to determine management compensation or analysts' ratings might place pressure on management to manipulate results. also, auditors might gain a better understanding of their clients by reviewing measures that management uses to monitor operations, such as budget variances or trend analysis. finally, those measures might be indicators of qualitative materiality factors.

WHAT IS THE PURPOSE OF PERFORMING PRELIMINARY ANALYTICAL PROCEDURES IN AUDIT PLANNING?

the purpose of performing preliminary analytical procedures in the audit planning stage is to direct attention to potential problem areas so the audit work can be planned to reduce the risk of missing something important. according to auditing standards, analytical procedures must be applied in the planning stages of each audit. during this critical point of the engagement, auditors use analytical procedures to identify potential problem areas so that subsequent audit work can be designed to reduce the risk of missing something important. analytical procedures during planning also provide an organized approach — a standard starting place — for becoming familiar with the client's business. auditors need to remember that preliminary analytical procedures are based on unaudited data, so they should consider the effectiveness of controls over their reliability when deciding how much weight to place on the results.

WHAT ARE SOME OF THE RATIOS THAT CAN BE USED IN PRELIMINARY ANALYTICAL PROCEDURES?

•• current ratio ••days' sales in receivables ••doubtful accounts ratio ••days' sales in inventory •• receivables turnover •• inventory turnover •• cost of goods sold ratio •• return on equity •• altman's financial distress ratios and discriminant score. in addition, depending on the industry of the client, there may be key performance metrics within that industry that might be useful to complete such procedures.