Risk of MM Due to Fraud WBL

RMM vs fraud risk factor

A fraud risk factor may exist related to a "high degree of competition and declining margins" at a company. This risk factor presumably could create an "incentive/pressure" for management to commit fraud. A fraud risk factor by itself does not necessarily mean a risk of material misstatement due to fraud or an actual fraud exists. Using all of the information gathered during our planning phase of the audit, including information related to fraud risk factors, we identify a specific list of "risk of material misstatement due to fraud" that will need to be addressed as part of our audit. In this example, we might have concluded a "risk of material misstatement due to fraud" exists related to revenue overstatement/cut-off at period end based upon our understanding of fraud risk factors and the information gathered through inquiries, analytical procedures and other procedures. As a result of this risk of material misstatement due to fraud, we would need to develop responses/audit procedures that address the specific risk (e.g., change the nature of our revenue cut-off testing and increase the extent of our revenue testing at period end).

general responses

A general response to risks of material misstatement due to fraud has an overall effect on how the audit is conducted. Such responses may include: Involving more experienced personnel and professionals (such as IT professionals) during the audit and increasing the extent of supervision over audit team members Focusing on the entity's selection and application of accounting principles Incorporating an element of unpredictability in the selection of audit procedures from period-to-period, such as testing accounts in the current period not normally tested due to their immateriality or low risk

identification of fraud risk factors

Although fraud is usually well-concealed, an auditor with a thorough knowledge of the business may identify events or conditions that provide an incentive/pressure or opportunity to commit fraud, or that indicate fraud may have already occurred. Although they may not be susceptible to observation, the auditor might also identify risk factors reflective of attitudes by management or the board of directors that could allow them to engage in or justify fraudulent financial reporting. Such events, conditions, or risk factors are referred to as "fraud risk factors." These conditions may be the result of circumstances other than fraud. Therefore, fraud risk factors do not necessarily indicate the existence of fraud; however, they often have been present in circumstances where fraud has occurred.

inherent limitations of an audit

An auditor cannot obtain absolute assurance that risks of material misstatement at the financial statement level (resulting from fraud or error) will be identified. An audit does not guarantee that all risks of material misstatement at the financial statement level will be uncovered. Such a guarantee is not possible because of such factors as: The use of judgment The use of sampling during the audit The inherent limitations of internal control (i.e., there is always the possibility of management override of controls or employee collusion) The fact that much of the evidence available to the auditor is persuasive rather than conclusive For these reasons, the auditor is able to obtain only reasonable assurance that risks of material misstatement at the financial statement level will be identified

output list of risk of material misstatement due to fraud

At the end of the planning phase of the audit, the auditor should gather the information obtained and use the information to identify the risks of material misstatement due to fraud. The audit team should consider the following sources of information: Results of the TPE and the discussion of fraud and errors Results of inquiries of management, the internal audit function, those charged with governance and others within the entity Identified fraud risk factors Results of analytical procedures during planning Other information available, such as information from reviews of interim financial statements, the prior period summary review memorandum (SRM), and summary of audit differences (SAD) lists. There is a presumption that the audit team will identify one or more risks of material misstatement due to fraud relating to revenue recognition since material misstatements due to fraudulent financial reporting often result from an overstatement of revenues (e.g., premature revenue recognition or recording fictitious revenues) or an understatement of revenues (e.g., improperly shifting revenues to a later period). If we do not identify a risk of material misstatement due to fraud relating to revenue recognition we document the reason(s) supporting this conclusion. Identified risks of material misstatement due to fraud are always significant risks; therefore, we understand and evaluate whether the programs and controls have been suitably designed and placed into operation to prevent or detect misstatements

fraud

Both fraud and error result in misstatements in the financial statements; the primary factor that distinguishes fraud from error is whether the underlying action that caused the misstatement is intentional. The two types of fraud relevant to the auditor are: --Misstatements resulting from fraudulent financial reporting --Misstatements resulting from the misappropriation of assets (i.e., theft or defalcation) For purposes of a financial statement audit, fraud is defined as an intentional act performed by one or more individuals among management, employees or third parties that results in a material misstatement in the financial statements. An error is defined as an unintentional misstatement in the financial statements.

internal communications

Communication within the engagement team is key to identifying risks of material misstatement due to fraud. During the audit, all members of the engagement team will gather evidence and potentially make observations about identified risks of material misstatement due to fraud. We document identified risks and perform audit procedures in response to those risks. Communication within the engagement team is a critical success factor in ensuring that the team adequately identifies risks of material misstatement due to fraud and performs appropriate audit procedures in response to those risks. Such communication should take place not only during the TPE, but also throughout the audit process.

inquiries of internal audit

For entities that have an internal audit function, the auditor should also inquire of appropriate internal audit personnel about: Their views on the risk of material misstatement due to fraud Whether they have performed any procedures to identify or detect fraud during the period Whether management has satisfactorily responded to any findings resulting from these procedures Whether the internal auditors have knowledge of any fraud or suspected fraud

specific responses

In addition to considering the general responses to the risks of material misstatement due to fraud, the auditor will need to consider specific responses, such as changing the nature, timing and extent of the procedures to be performed in order to address the identified risk of material misstatement due to fraud. Nature: The auditor may change the nature of the planned audit procedures to obtain more reliable evidence or to obtain additional corroborative information. More audit evidence may be needed from independent sources, such as third-party confirmations, physical inspection of assets or public-record information about key customers. The auditor may also employ more computer-assisted audit techniques to gather more evidence about electronic transaction files Timing: The auditor may change the timing of planned audit procedures to perform more substantive procedures at or near period-end, or to perform substantive tests on transactions occurring throughout the reporting period Extent: The auditor may change the extent of the planned audit procedures to increase sample sizes or perform analytical procedures at a more detailed level using disaggregated data

mandatory responses

In addition to overall responses and specific responses to the risks of material misstatement due to fraud, we perform other procedures to further address the risk of management override of controls. --Examining journal entries and other adjustments for evidence of possible material misstatement due to fraud. Determining the appropriate strategy for identifying and selecting journal entries to test requires a good understanding of the financial statement close process and the types of journal entries recorded. --Reviewing accounting estimates for evidence of management biases that could result in material misstatement due to fraud. --Evaluating the business rationale for significant unusual transactions.

engagement team brainstorming

In order to achieve our objective of identifying a list of risks of material misstatement due to fraud, we perform a number of steps during the audit. The first step is to hold an engagement team "brainstorming" discussion during the Planning phase of the audit, such as during the TPE. During the Planning phase of the audit, the audit team must discuss the potential for risks of material misstatement at the financial statement level resulting from fraud or error. The discussion should represent a "brainstorming" session that increases the overall awareness of and sensitivity to fraud by all team members. The discussion should be led by the executive in charge of the audit, but there should be an interactive exchange of ideas from both the "top down" (i.e., thoughts from the executives) and the "bottom up" (i.e., input from less-experienced team members). The engagement team should share their thoughts and ideas about how and where they believe the financial statements are susceptible to risks of material misstatement at the financial statement level due to fraud. The discussion during planning provides the foundation for our team communications throughout the audit whenever we encounter things that are unusual. All key members of the audit team should participate. Professional judgment should be used to determine who else should participate. One might include key members of the audit team from other significant locations (on a multinational audit) or other professionals (ITRA, Tax, etc.).

analytical procedures

In performing analytical procedures as part of planning the audit, we develop expectations about plausible relationships that are reasonably expected to exist. When the results of our overall analytical procedures do not meet our expectations about relationships that are reasonably expected to exist, we consider these results in identifying risks of material misstatement due to fraud. Because revenue recognition issues frequently are the source of identified instances of fraud, we normally perform analytical procedures relating to revenue with the objective of identifying unusual or unexpected changes in the revenue or related accounts. Examples of such analytical procedures relating to revenue accounts include: Comparison of sales volume, as determined from recorded revenue amounts, with production capacity; an excess of sales volume over production capacity may be indicative of the recording of fictitious sales. A trend analysis of revenues by month and sales returns by month during and shortly after the reporting period; unusual return activity after period-end could be an indicator, for instance, of undisclosed side agreements with customers that allow the customers to return goods at a later date. Because our analytical procedures generally use data aggregated at a high level, the results of the analytical procedures provide only a broad initial indication about whether risks of material misstatement due to fraud are present. Accordingly, the results of analytical procedures performed during planning should be considered along with other information gathered by the auditor in identifying the risks of material misstatement due to fraud.

inquiries of management

Management has the primary responsibility to prevent, deter and detect fraud. Therefore, the audit team should make inquiries of management during the planning phase of the audit to determine: Whether management has knowledge of any fraud or any alleged or suspected fraud Whether management is aware of any allegations of fraudulent financial reporting; for example, because of "whistleblower" actions Management's understanding about the risks of material misstatement due to fraud in the entity Programs and controls the entity has established to mitigate risks of material misstatement due to fraud and how management monitors those programs and controls For an entity with multiple locations, (a) the nature and extent of monitoring of locations and (b) whether there are particular locations where the risk of material misstatement due to fraud may be more likely to exist Whether management communicates to employees its views on business practices and ethical behavior Whether management believes internal control sufficiently serves to prevent, deter and detect fraud

misappropriation of assets

Misstatements arising from misappropriation of assets (sometimes referred to as defalcations) involve theft of an entity's assets, causing the financial statements not to be presented in conformity with generally accepted accounting principles (GAAP). Misappropriation can include embezzling receipts, stealing assets or causing an entity to pay for goods or services not received. Misappropriation of assets might be accompanied by false or misleading records or documents and could involve one or more individuals among management, employees or third parties

unpredictability in audit procedures

The auditor may incorporate an element of unpredictability in the selection, from period-to-period, of auditing procedures to be performed, such as the following: Performing substantive tests of selected account balances and assertions not otherwise tested due to their low materiality or risk Adjusting the timing of testing from that otherwise expected Using different sampling methods Performing procedures at different locations or on an unannounced basis

inquiries of those charged with governance

The auditor should also inquire directly of those charged with governance about the audit committee's views of the risks of material misstatement due to fraud and whether they have knowledge of any fraud or suspected fraud affecting the entity An entity's audit committee sometimes assumes an active role in oversight of the entity's assessment of the risks of material misstatement due to fraud and the programs and controls the entity has established to mitigate these risks. The auditor should obtain an understanding of how the audit committee exercises oversight activities in that area. Template Options Center Title Text Swap Layout Display Optional Graphic Please wait for media to finish

review selection and application of accounting principles

The auditor should consider management's selection and application of significant accounting principles, particularly those related to subjective measurements and complex transactions. In this respect, the auditor may have a greater concern about whether the accounting principles selected and policies adopted are being applied in an inappropriate manner to create a material misstatement of the financial statements. In developing judgments about the quality of such principles, the auditor should consider whether their collective application indicates a bias that may create such a material misstatement

inquiries of others within the entity

The auditor should inquire of others within the entity about the existence or suspicion of fraud. The auditor should use professional judgment to determine to whom inquiries should be directed and the extent of such inquiries. In making this determination, the auditor should consider whether others within the entity may be able to provide information that will be helpful in identifying risks of material misstatement due to fraud; for example, this might include others who have additional knowledge of or may be able to corroborate risks of material misstatement due to fraud identified in the discussions with senior management or those charged with governance (audit committee). Usually, the extent of inquiries of "others" is to be determined during the TPE. Examples of "others" we may inquire with include operating personnel not directly involved in the financial reporting process and non-managerial employees who process complex or unusual transactions. We might also inquire of administrative personnel who support senior management in order to determine if they have observed any unusual or potentially fraudulent activity by the individuals in senior management (e.g., has senior management asked the administrative personnel to perform tasks that are considered unusual or abnormal, such that they may be indicative of fraudulent financial activity?).

professional skepticism

The auditor should maintain an attitude of professional skepticism while planning and performing an audit. Professional skepticism is an attitude that includes: A questioning mind and a critical assessment of audit evidence obtained A mindset that recognizes the possibility that fraud could be present, regardless of any past experience with the entity and regardless of the auditor's belief about management's honesty and integrity Alertness to any audit evidence that contradicts or brings into question the reliability of documents or management representations Willingness to challenge and follow up on items that do not make sense The auditor should not be satisfied with less-than-persuasive evidence because of a belief that management is honest

involve more experienced personnel and professionals

The knowledge, skill and ability of personnel assigned significant engagement responsibilities should be commensurate with the auditor's assessment of the risks of material misstatement due to fraud for the engagement The auditor may respond to an identified risk of material misstatement due to fraud by assigning additional persons with specialized skill and knowledge, such as IT professionals or forensic professionals, or by assigning more experienced personnel to the engagement. The extent of supervision should also reflect the assessment of the risks of material misstatement due to fraud.

responsibility of auditor and entity

The primary responsibility for the prevention and detection of fraud and error rests with management, along with those who have responsibility for oversight of the financial reporting process (such as the audit committee, board of directors, etc.). Management and those responsible for the oversight of financial reporting must set the proper tone, create and maintain a culture of honesty and ethics, and establish appropriate programs and controls to prevent, deter and detect fraud and error within the entity. The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.

communication within the engagement team for the TPE

the TPE is a unique and mandatory opportunity for the engagement team to brainstorm on where and when fraud may be likely to occur on a specific engagement. Since all key members of the engagement team are involved in the TPE, communication among team members is essential. As covered in the previous lessons, risk of material misstatement due to fraud is addressed not only during the TPE, but also throughout the audit process. Therefore, at any time between the TPE and the sign-off of the auditor's report, communication within the engagement team should be encouraged. Such communications include consultation with professionals (such as forensic professionals in our firm), if necessary

fraud triangle

the three factors that contribute to fraudulent activity by employees: 1) opportunity, 2) incentive/pressure, 3) and rationalization