AUDIT CH 6- EMPLOYEE FRAUD AND THE AUDIT OF CASH
extended procedures to detect fraud
"specific responses to fraud risk factors." -schedule of interbank transfers -proof of cash -count and recount cash on the same day -retrieve customers' checks -use marked coins and currency -analyze the mix of cash and checks in deposits -measure deposit lag time -document examination -inquiry -covert surveillance -horizontal and vertical analyses -net worth analysis -expenditure analysis -reasonableness tests
employee fraud
-(often referred to as misappropriation of assets) is the use of fraudulent means to take money or other property from an employer. -It usually involves falsifcations of some kind—false documents, lying, exceeding authority, or violating an employer's policies. -generally consist of (1) the fraudulent act itself, (2) the conversion of assets to the fraudster's use (very easy if cash is involved), and (3) the cover-up. -Catching people in the fraudulent act is diffcult to accomplish. -The act of conversion is equally diffcult to observe because it typically takes place in secret away from the entity's offces (e.g., selling stolen inventory). -By noticing signs and signals of fraud and then following the trail of missing, mutilated, or false documents that are part of the accounting records cover-up, alert auditors uncover many frauds.
bank statements
-A report sent by the bank to a depositor showing the status of his or her account. (report of deposits, withdrawals, and bank balances) -auditors should not overlook the usefulness of some of the information: The number and dollar amount of deposits and checks can be compared to the detail data on the bank statement; the account holder's federal business identifcation number is on the statement, and this can be used in other databases; and the statement itself can be studied for alterations.
test of controls over cash
-Auditors can perform tests of controls to determine whether company personnel are properly performing controls that are said to be in place. In general, the procedures used in tests of controls are inquiry, observation, inspection, and reperformance. Understand that if a control is missing or ineffective, the risk of a material misstatement increases, but an error or fraud may or may not exist. Thus, if controls are not in place or personnel in the organization are not performing their control activities effectively, auditors need to design substantive procedures to try to detect whether control failures have produced material misstatements in the fnancial statements. -existence- the cash balance may not exist in the company's bank accounts -Internal control activity (ICA)-the CFO performs a detailed review of the bank reconciliation on a monthly basis -test of internal control (TIC)- for a sample of bank reconciliations, reperform the reconciliation. Trace several reconciling items to the appropriate supporting documentation. -valuation- the cash balance that is held in foreign countries may not have been translated properly -ICA- the treaseurer reviews the cash translation adjustment calculation monthly and independently checks that the appropriate spot rate has been used for each foreign currency. -TIC- inspect the monthly cash translation adjustment calculation for evidence of the treasurer's review -presentation and disclosure- there may be restrictions on the cash balance that were not properly disclosed -ICA- the corporate secretary reviews the cash footnote disclosure on a quarterly basis to ensure that all legal restrictions on the cash balance have been properly disclosed -TIC- for a sample of cash accounts, reperform the work completed by the corporate secretary to ensure that all cash restrictions have been properly disclosed
Inquiry
-Be careful not to discuss fraud possibilities with the managers who might be involved. It gives them a chance to cover up their fraud or even resign from the organization prior to detecting the fraud. -Described as a nonaccusatory method of asking key questions of personnel during a regular audit, fraud audit questioning provides employees an opportunity to furnish information about possible misdeeds. -Fraud possibilities are addressed in a direct manner, so this approach must have the support of management. -Example questions are: "Do you think fraud is a problem for business in general?" "Do you think this company has any particular problem with fraud?" "In your department, who is beyond suspicion?" "Is there any information you would like to furnish regarding possible fraud within this organization?"7
canceled checks
-Checks that the bank has paid and deducted from the depositor's account. -Although companies do not receive the actual check back, a scanned image obtained of the check front is generally included with most bank statements and can be used to test for payees, amounts, or dates that do not match the cash disbursements journal. -Further, check fronts obtained directly from a bank statement can be used to verify appropriate use of certain important internal controls, such as dual signatures for expenditures greater than a certain amount. -Individuals engaging in fraudulent schemes involving cash often try to conceal their crimes by removing canceled checks they made payable to themselves or endorsed on the back with their own names. -Missing canceled checks are a red fag. -However, banks no longer return the canceled checks to their customers. Instead, copies of the front of the checks are included with the bank statement, often received electronically. -This information is sufficient for reconciling an account, but it does not provide the information that may assist a company or auditor in detecting or investigating possible frauds. -Other banks retain images of checks (generally only the front) on their websites. -Given the reduction in ability to detect fraud through canceled check documentation, auditors, controllers, and CFOs should strongly recommend that their client or company pay close attention to the information that is available, and an increased emphasis on internal controls over checks is warranted.
Schedule of Interbank Transfers
-Due to the nature of the cash balance, auditors also will sometimes, although rarely because of decreased float times, prepare a schedule of interbank transfers to determine whether transfers of cash from one bank to another were recorded properly (correct amount and correct date). -The audit team should also be alert to the possibility of a company's practice of illegal "kiting." -Check kiting is the deliberate foating of funds between two or more bank accounts in order to make it appear that more cash is present than is really the case. -When a check is deposited in one bank, the cash receipts journal immediately includes that deposit. -At the same time, the check, drawn on a different bank account, does not appear in the cash disbursements journal for several days. -By this method, an entity can use the time required for checks to clear to inflate the cash amount on the entity's books. -Advances in information technology and increased bank scrutiny have reduced the incidences of check kiting dramatically in recent years. -However, auditors must still be aware of the possibility; and the schedule of interbank transfers is a technique designed to detect the practice. -sticky note -Today, banks have implemented the Check Clearing for the 21st Century Act, referred to as "Check 21." In this system, checks are converted to digital images, allowing for a dramatic increase in speed in check clearing. The beneft is that the "foat" on the check is virtually eliminated, and kiting becomes diffcult to perform and conceal. However, in the Check 21 system, the paper check is usually destroyed, a hard copy of the check is never returned to the customer or its bank, and consequently, the nature of the audit trail is signifcantly different. In investigating possible fraud, the audit team is able to obtain only an electronic copy of the front of the check and the controls over the safeguarding of the imaging fles will be of great importance.
employee fraud red flags
-Experience sleeplessness. -Drink too much. -Take drugs. -Become irritable easily. -Can't relax. -Get defensive, argumentative. -Can't look people in the eye. -Sweat excessively. -Go to confession (e.g., priest, psychiatrist). -Find excuses and scapegoats for mistakes. -Work standing up. -Work alone. -Work late frequently. -Don't take vacations.
Horizontal and Vertical Analysis
-Horizontal analysis refers to changes of fnancial statement numbers and ratios across several years. -Vertical analysis refers to fnancial statement amounts expressed each year as proportions of a base such as sales for the income statement accounts and total assets for the balance sheet accounts. -Auditors look for relationships that do not appear logical as indicators of potential large misstatement and fraud.
Tests of Controls Over Cash Disbursements
-IC- checks are not printed until voucher packets are prepared; an employee compares amounts on printed checks with voucher packets prior to submission for signature; only authorized signers are permitted to sign checks -TC- (1) for a sample of recorded cash disbursements from the cash disbursements journal, inspect supporting documentation for evidence of mathematical accuracy, correct classification, proper approval, authorized signature and then compare the date on the check with the date recorded in the disbursements journal -IC- checks are prenumbered and accounted for -TC- (2) scan checs for sequence. look for gaps in sequence and duplicate numbers -IC- bank reconciliations are prepared on a timely basis -TC- (3) review bank reconciliations to ensure that they were prepared on a timely basis
Count and Recount Cash on the Same Day
-If a client maintains a signifcant amount of cash on hand, such as a financial institution or some retailers, a second cash count is unexpected. -Auditors might catch an embezzling employee who incorrectly believes that "the auditors are gone, so now it's safe!" -Auditors should always make sure a client employee is present during the count and that the employee signs for the returned cash so the auditor cannot be blamed for any shortages. -Another "trick of the trade" is to make sure that the auditor's pockets are empty (leave wallets locked up safely elsewhere) when counting client cash on hand. -This is especially important when counting cash at a fnancial services client such as a bank or credit union. -All cash should be counted simultaneously to prevent embezzling employees from substituting cash from other places. -If this is not possible (e.g., the employee claims that he or she does not have the safe combination), there is audit tape (similar to police tape) to seal the safe until it can be opened with the auditor present. If the seal is broken, the auditor's suspicions should be raised.
Retrieve Customers' Checks
-If an employee has diverted customer payments for his or her own use, the canceled checks and deposits to a bank where the company has no account are not available because they are returned to the issuing customer. Ask the customer to give copies of the front of the check or provide access for examination.
Reasonableness Tests
-Often, auditors become so involved in ticking and tying numbers that they forget to ask themselves the simplest questions: Where is the cash going? For what purpose? Is this reasonable? -The answers to these questions often motivate the auditor to ask more penetrating questions of management and to dig for more evidence.
Test of Controls Over Cash Receipts
-The first step in testing the controls over both cash receipts and cash disbursements (discussed later) is to gain an understanding of the controls and document that understanding. Information about a company's internal control activities can be gathered in different ways, which may include completing an internal control questionnaire. -Another more common way to obtain general information about controls can be achieved by conducting a walkthrough. In conducting walkthroughs, the auditors select examples of a transaction (in this case, customer remittance advices) and "walk them through" the information processing system from their initial receipt all the way to their recording in the accounting records. Sample documents are collected, and employees in each department are questioned about their specific duties. -However, a walkthrough is too limited in scope to provide evidence of whether the client's control activities were operating effectively during the period under audit. -An entity should establish input, processing, and output control activities to prevent, detect, and correct accounting errors. Auditors can perform tests of controls to determine whether the internal control activities related to the correct handling of cash receipts are operating effectively. If the internal control activities are not operating effectively (e.g., because personnel in the organization are not performing the cash control activities very well), auditors may need to expand substantive audit procedures to ensure that the cash balance is not materially misstated and to identify possible fraudulent acts related to cash.
management reports and data files in the audit of cash
-There are a number of different management reports, documents, and data fles that are typically used by auditors when completing work on the cash account. -These include the cash receipts journal, the cash disbursements journal, bank reconciliations, canceled checks, and bank statements
Expenditure Analysis
-This analysis is similar to net worth analysis except the data are the suspect's spending for all purposes compared to known income. -If spending exceeds legitimate and explainable income, the difference may be the amount of a theft.
Net Worth Analysis
-This analysis is used when fraud has been discovered or strongly suspected and the information to calculate a suspect's net worth can be obtained (e.g., asset and liability records, bank accounts). -The method involves calculating the suspect's net worth (known assets minus known liabilities) at the beginning and end of a period (months or years) and then trying to account for the difference as (1) known income less living expenses and (2) unidentifed difference. -The unidentifed difference may be the best available approximation of the amount of a theft.
existence vs completeness for cash
-When auditing reconciling items that decrease cash (i.e., outstanding checks) listed on the bank reconciliation and because the audit team is most concerned about the existence of cash (i.e., overstatement) rather than the completeness of cash (i.e., understatement), the completeness of the outstanding checks listing is more critical than to support the existence of such checks. -Comparably, when auditing reconciling items that increase cash (i.e., deposits in transit) listed on the bank reconciliation, the existence of the deposits-in-transit on the reconciliation is more critical than their completeness because the audit team is most concerned about the existence of cash (i.e., overstatement) rather than the completeness of cash (i.e., understatement). -As a result, the audit team traces outstanding checks that cleared on the cutoff bank statement (and were either returned with that statement or identifed in that statement) to the client's list of outstanding checks for evidence that all checks that were written prior to the reconciliation date were included on the list of outstanding checks. -Additionally, canceled checks should be traced to the cash disbursements listing (journal). For large outstanding checks not clearing in the cutoff period, other documentation supporting the disbursement may be used.
bank reconiliation
-When auditing the bank reconciliation, the auditor should begin by confrming the account balance listed as the "balance per bank" on the top of the bank reconciliation for each bank account from each bank that the client utilizes in the business. The auditor is required to send a confrmation request, and each bank should respond directly to the public accounting frm's offce. This procedure is important because the auditor needs to make sure that the confrmation request was actually completed by an independent professional at a third-party bank. -Once the "balance in the bank" has been confrmed and cross-referenced to the balance in the bank reconciliation, the following additional procedures are typically used in auditing the bank reconciliation: -Test the mathematical accuracy of the reconciliation, including the listing of outstanding checks and deposits in transit. -Examine reconciling items to ensure they are appropriately classifed (e.g., that they were legitimate outstanding checks that were written but not paid by the bank at the statement date). -Reconcile the book balance to the trial balance, which has been traced to the general ledger.
bank reconiliation confirmation
-When auditing the bank reconciliation, the auditor should begin by confrming the account balance listed as the "balance per bank" on the top of the bank reconciliation for each bank account from each bank that the client utilizes in the business. The auditor is required to send a confrmation request, and each bank should respond directly to the public accounting frm's offce. This procedure is important because the auditor needs to make sure that the confrmation request was actually completed by an independent professional at a third-party bank. -there are diffculties auditors can have with authenticating the source of confrmations. The use of third-party electronic information intermediaries, such as Confrmation (formerly called Confrmation.com), has changed the process of cash confrmation greatly over the past decade, but it has not reduced the auditor's responsibility to authenticate the source of the information. -It is rare for a bank to respond to a paper request for confrmation, and thus nearly all audit frms confrm bank balances through a third-party intermediary, often Confrmation. -the key issue with confrmations of any kind is the reliability of the response. The use of electronic confrmation through an intermediary such as Confrmation provides many benefts to the auditor. It allows information to be transmitted in a safe and secure manner, and most importantly, it allows for validation of the authenticity of the bank employee responding to the confrmation request, an issue which was previously a major concern for auditors. Before an auditor can rely on an electronic confrmation, the auditor must obtain an understanding of the intermediary's internal control system. In most situations, the auditor relies upon a report provided by another auditor who audited the design and operating effectiveness of the intermediary under SSAE 16, and provided a Service Organization Controls (SOC) report, most commonly a SOC report. -The confrmation process through an online intermediary generally requires the registration of the auditor, the client, and the fnancial institution, although in some situations, the intermediary will make paper confrmation requests on behalf of an auditor. Clients must provide electronic authorization in order for the auditor to request confrmation. Upon authorization, the auditor will initiate a confrmation request. Unlike traditional paper confrmations which often take multiple weeks for completion, electronic confrmation requests are often completed in a matter of days. -Although fnancial institutions may note exceptions to the information requested in a confrmation and may confrm items omitted from it, the AICPA warns auditors that sole reliance on a confrmation to satisfy the completeness assertion for cash and liabilities is inappropriate.
risk of material misstatement (what could go wrong)
-When considering WCGW for cash, auditors consider three primary concerns: (1) Does the reported cash balance really exist? (2) Is the cash balance valued properly? (3) Is the reported cash balance presented properly and have the appropriate disclosures been made? -existence- the cash balance may not exist in the company's bank accounts -valuation- the cash balance that is held in foreign countries may not have been translated properly -presentation and disclosure- there may be restrictions on the cash balance that were not properly disclosed
evaluating the design and operating effectiveness of internal controls over cash
-When evaluating the design of internal controls related to cash, an auditor must always consider whether the controls have been designed to mitigate the risk of material misstatement for each relevant assertion identifed for the cash balance. -In addition, because cash is so frequently a favorite target of employee thieves, controls over cash must be unusually strong and include special considerations related to employee fraud. -As a consequence, when evaluating the design of internal controls related to cash, an auditor must also consider whether the controls have been designed to mitigate the risk of employee fraud. -Clearly, there is overlap between these two goals (i.e., mitigating the risk of material misstatement and preventing employee fraud), meaning that certain control activities may help to achieve objectives at an audit client.
Document Examination
-When performing this procedure, auditors will look for erasures, alterations, and photocopies where originals should be fled, telltale lines from a copier when a document has been pieced together, handwriting, and other oddities. Auditors should always insist on seeing original documents instead of photocopies. -Importantly, while professional document examination is a technical activity that requires special training (e.g., training by the IRS, FBI), crude alterations may still be observed by the auditor when performing procedures, which should lead to a consultation with a professional document examiner when deemed necessary.
Covert Surveillance
-When performing this procedure, auditors will observe activities while not being seen. -For example, audit team members might watch employees as they punch in to a work shift, observing whether they use only one time card. -Casino auditors actually get paid to gamble so they can observe cash-handling procedures. Traveling hotel auditors may check in unannounced, use the restaurant and entertainment facilities, and observe employees to determine if they are stealing cash receipts or tickets. (Trailing people on streets, undercover surveillance, and maintaining a "stake-out" should be left to trained investigators.)
Proof of Cash
-a reconciliation in which the bank balance, the bank report of cash deposited, and the bank report of cash paid are all reconciled to the corresponding records maintained in the entity's general ledger, cash receipts journal, and cash disbursements journal. -another method to discover unrecorded cash transactions. -The proof of cash attempts to reconcile the deposits and payments reported by the bank to the deposits and payments recorded in the cash receipts and cash disbursements journals, respectively, as well as the fnal general ledger totals. -The proof of cash is a very effective procedure to verify cash transactions but is usually used only when controls over cash are weak, which is rarely the case. Thus, a proof of cash is not always performed in an audit of cash.
embezzlement
-a type of fraud involving employees' or non-employees' wrongfully taking money or property entrusted to their care, custody, and control, often accompanied by false accounting entries and other forms of lying and cover-up. -typically involves an employee wrongfully stealing assets that were entrusted to his or her care, custody, or control. In many situations, it is accompanied by false accounting entries or lying to try to cover up the crime.
opportunity
-an open door that enables a would-be fraudster to violate some type of trust. -The violation may be a circumvention of existing internal control activities, or it may be simply taking advantage of an absence or lapse of a control activity in an entity. -In general, the higher the position in an organization, the higher the degree of trust, the more likely that controls can be overridden, and, hence, the greater the opportunity for larger frauds. Here are some examples: -Inventory is not counted on a regular basis, so inventory shortages and losses are not known. -Proper separation of duties related to cash receipts or payments is compromised because of a termination or retirement. -The vice president of finance has investment authority without review. -Frequent emergency jobs leave a lot of excess material in a manufacturing plant just lying around.
Internal Control Evaluation for Preventing or Detecting Employee Fraud
-because cash is highly liquid, not easily identifiable as company property, and portable, it tends to be a favorite target of employee thieves. -Thus, controls over cash must be unusually strong and include special considerations related to employee fraud. -In that spirit, it is essential that an audit client implement control activities for both cash receipts and disbursements that are designed to help "fraud-proof" the organization. -Of course, many of the control activities that we are about to discuss are also designed to help mitigate material misstatements in the fnancial statements. -control activities for cash receipts -tests of controls over cash receipts -control activities for cash disbursements -tests of controls over cash disbursements
lapping scheme
-concealing the theft of cash by means of a series of delays in posting collections to accounts receivable -Suppose that the cashier who prepares the remittance list had stolen and converted Customer A's checks to personal use. It might work for a short time until Customer A complained that the entity had not credited the account for payments. The cashier, of course, knows this. So, the cashier later puts Customer B's check in the bank deposit but shows Customer A on the remittance list; thus, the accountants give Customer A credit. So far, so good for preventing Customer A's complaint. But now Customer B needs to be covered. To detect this type of lapping scheme, a detailed audit should include a comparison of the checks listed on a sample of deposit slips (Customer B) to the detail of customer remittances recorded to customer accounts (Customer A). Doing so is an attempt to fnd credits given to customers for whom no payments were received on the day in question.
fraud
-consists of knowingly making material misrepresentations of fact with the intent of inducing someone to believe the falsehood and act upon it and, thus, suffer a loss or damage. -This definition encompasses all ways by which people can lie, cheat, steal, and deceive other people.
cash receipts journal
-contains all of the detailed entries for all receipts of cash by the entity (debits to the cash account), including cash deposits. It contains the population of credit entries that should be refected in the credits to accounts receivable for customer payments. -It also contains the adjusting and correcting entries that can result from the bank account reconciliation. These entries are important because they may signal the types of accounting errors or manipulations that occur in the cash receipts accounting.
Significant Accounts and Relevant Assertions—Cash
-existence -valuation -presentation and disclosures -For example, if an audit client has worldwide operations, valuation may be relevant because certain cash balances may be denominated in foreign currencies, necessitating a translation adjustment. -Although different companies may have other risks, in general the most signifcant risks relate to the existence of cash and the presentation and disclosure of cash.
substantive tests over cash
-existence- -ICA- the CFO performs a detailed review of the bank reconciliation on a monthly basis -TIC- for a sample of bank reconiliations, reperform the reconiliation. Trace several reconciling items to the appropriate supporting documentation -possible substantive test of detail- test the bank reconiliation detailed for each significant cash account being held. confirm the bank balance with each financial institution -valuation- -ICA- the treasurer reviews the cash translation adjustment calculation monthly and independently checks that the appropriate spot rate has been used for each foreign currency -TIC- inspect the monthly cash translation adjustment calculation for evidence of the treasurer's review -possible substantive tests of detail- for a sample of monthly cash translation adjustment calculations, trace each foreign currency spot rate to a third-party pricing service -presentation and disclosure- -ICA- the corporate secretary reviews the cash footnote disclosure on a quarterly basis to ensure that all legal restrictions on the cash balance have been properly disclosed -TIC- for a sample of cash accounts, reperform the work completed by the corporate secretary to ensure that all cash restrictions have been properly disclosued -possible substantive tests of detail- for a sample of cash accounts, examine the legal agreements with each financial institution. based on the examination, determine whether the audit client has properly disclosed any legal restrictions in their footnotes
motivation--incentive/pressure
-gives rise to a motive to commit fraud. -A motive, in the fraud context, is essentially a reason for a person to take a fraudulent action that is believed to be un=shareable with friends and confidants. -Actual or perceived need for money (Economic motive) (by far the most common motivations in business fraud) -"Habitual criminal" who steals for the sake of stealing (Psychotic motive) -Committing fraud for personal prestige (Egocentric motive) -Cause is morally superior, justified in making others victims (Ideological motive)
list of test of controls over cash receipts
-internal control (IC)- cash receipts are deposited intact and daily -test of control (TC)- (1) observer the opening of the mail and ensure that: a. two employees are opening the mail, remittance advice is received, and checks are properly endorsed b. a listing of all checks is being prepared and compared to the total of the deposit ticket for the total of checks c. the total amount of the deposit listed in the bank statement was recorded in the proper period -IC- deposits are reconciled with totals posted to the accounts receivable -TC- (2) for a sample of daily postings to the accounts receivable subsidiary ledger, trace the amount tot eh amount of cash subsidiary ledger
Control Activities for Cash Receipts
-lock box arrangement -In many situations, an individual employee initially receives cash and checks and thus has custody of the physical cash for a short time. Because this initial custody cannot be avoided, it is always a good control to (1) have two people open the mail containing customer receipts, if possible, resulting in joint custody; (2) endorse the checks immediately after removing them from the envelope; (3) prepare a list of the cash receipts as early in the process as possible; and then (4) separate the actual cash from the record-keeping documents. The cash should be sent to the cashier or treasurer's offce where a bank deposit is prepared and the money is sent to the bank daily and intact. (No money should be withheld from the deposit.) The list of remittance advices go to the accountants (controller's offce), who record the cash receipts. (You have prepared a "remittance advice" each time you write the amount enclosed on part of your credit card bill, tear it off, and enclose it with your check.) -The accountants who record cash receipts and credits to customer accounts should never handle the cash. They should use the remittance list or remittance advice to make the entries to the cash and accounts receivable control accounts and to the customers' accounts receivable subsidiary account records. A good internal control activity is to have the control account and subsidiary account entries made by different people, and later the accounts receivable entries and balances can be compared (reconciled) to determine whether they agree in total. -At the end of the day, an independent employee should receive (1) a copy of the cash remittance listing, (2) a report of payments recorded in accounts receivable, and (3) a copy of the deposit slip from the bank. Commercial deposit slips have multiple copies. -Employees outside the normal cash operations (recording and custody) should prepare bank account reconciliations on a timely basis. Deposit slips should be compared to the details on cash remittance lists, and the total should be traced to the general ledger accounts receivable entries. (This reconciliation would reveal whether money was withheld from the deposit.) This care is required to establish that all the receipts recorded in the books were deposited and that credit was given to the right customer. -A common feature of cash management is to require that persons who handle cash be insured under a fidelity bond, which is an insurance policy that covers most kinds of cash embezzlement losses. Fidelity bonds do not prevent or detect embezzlement, but the failure to carry the insurance exposes the company to complete loss if embezzlement occurs. Moreover, bonding companies often perform their own background checks of employees before bonding them. Auditors often recommend fidelity bonding to small companies that might not know about such coverage.
cutoff bank statement
-normally a complete bank statement for the month following the date of the fnancial statements. -The auditors' information source for validating the bank reconciliation items -important because it (1) is received directly by the auditors (which qualifes as external evidence) and (2) documents important bank transactions occurring early in the subsequent period. -These transactions subsequent to the date of the fnancial statements are important for testing the completeness of the client's outstanding check list as well as the existence of any deposits in transit. The bank cutoff statement can also be used in a search for unrecorded liabilities -Deposits in transit should be vouched from the bank reconciliation to the bank cutoff statement (existence) and should have been recorded by the bank in the frst business days of the cutoff period. If recorded later, the inference is that the deposit may have been composed of receipts of the period after the date of the fnancial statements.
cash disbursements journal
-the company's detailed record of entries for checks written and electronic payments made during the period being audited (cash disbursements). -Because all cash disbursements (other than those from a petty cash or payroll account) should be made via check or electronic transfer, the cash disbursements journal contains the cash credit entries that provide a population for testing cash disbursements. -It also contains the adjusting and correcting entries that can result from the bank account reconciliation. -These entries are important because they may signal the types of accounting errors or manipulations that occur in the cash disbursements accounting. -The cash disbursements journal is usually inspected for suspect items such as checks made out to "cash" or "bearer" or electronic payments made to unauthorized vendors. -In addition, company procedures should require that "voided" checks be retained and auditors should review these checks to ensure they were in fact actually voided and have not been recorded in bank statements.
bank reconciliation
-the primary document used to test the cash balance in the fnancial statements. -The amount of cash in the bank is almost always different from the amount in the general ledger (fnancial statements), and the reconciliation is designed to explain the difference between these two amounts. -In addition, a bank account reconciliation that compares the book cash balance to the bank cash balance provides management with an opportunity to monitor the separation of duties for cash receipts and cash disbursements. -The timely preparation of bank reconciliations is, therefore, an important element of a company's internal control activities over cash.
substantive procedures
-the primary reason for evaluating the internal control system at an audit client is to reach an overall assessment of risk of material misstatement for each relevant assertion. In fact, the assessment of risk of material misstatement is completed to help form the basis for determining the nature, timing, and extent of substantive testing. Risk of material misstatement at the assertion level is comprised of both inherent risk and control risk for each relevant assertion. -Due to the nature of cash, the majority of audit clients have strong controls over cash, and tests of controls often support a reduction in control risk. This reduction in control risk reduces the auditor's assessment of the risk of material misstatement over cash. However, regardless of the final assessment of the risk of material misstatement, as with any signifcant account, the auditor will perform at least some substantive procedures over cash. -there are two types of substantive tests: analytical procedures and tests of detail and balances -Due to the lack of predictability of the cash balance, auditors rarely, if ever, use substantive analytical procedures to test cash. Rather, auditors typically rely exclusively on tests of detail. For example, auditors will generally test the bank reconciliations in detail, including sending confrmations to all banks in order to substantiate the existence of cash. -Without question, the most important test of detail completed on cash is to test the details of the entity-prepared and reviewed bank reconciliation for each signifcant banking relationship, including confrmation of the balance with the fnancial institution. -In effect, the auditor needs to obtain the bank reconciliation for each signifcant account and audit the details contained on each of them. In a well-functioning control environment, auditors should never have to perform the company's internal control activity of preparing the bank reconciliation. Always remember that the timely completion of the bank reconciliation is the responsibility of the client and is a critical element of internal control over cash
professional standard requirements
-whenever a fraud risk exists, the professional standards require that auditors gain an understanding of the internal controls that are in place to mitigate the assessed fraud risk. -At a minimum, auditors are required to document that understanding in the audit documentation. In fact, auditors are also likely to evaluate the design, implementation, and operating effectiveness of identified internal control activities related to fraud risks that exist. -Although the professional auditing standards concentrate on fraudulent financial reporting—the production of materially false and misleading fnancial statements—the standards also require auditors to pay particular attention to employee fraud perpetrated against a client for several reasons. -First, it is possible that employee fraud can result in a material fnancial statement misstatement to the extent that a crime was covered up using the fnancial statements. -Second, employee fraud can be indicative of control defciencies which can infuence the auditor's assessment of control risk. -Finally, audit clients always want to know if they are being robbed by their employees, regardless of the amount being stolen!
Measure Deposit Lag Time
Compare the date of the deposit slip to the date recorded as a debit in the general ledger to the date the deposit was credited in the account by the bank. Someone who takes cash and then holds the deposit for the next cash receipt to make up the difference causes a delay between the date of recording and the bank's date of deposit.
Use Marked Coins and Currency
Plant marked money in locations where cash collections should be gathered and turned over for deposit.
Internal Control Evaluation for Mitigating the Risk of Material Misstatement
Professional standards require auditors to frst gain an understanding of the internal controls that have been designed to mitigate the risk of material misstatement for each relevant assertion identifed by the auditor. In a well-designed system, the internal control activity should be explicitly designed to be aligned with this relevant assertion that was identifed in a WCGW analysis. In effect, the question an auditor should ask is, "Has the audit client designed and implemented a control that, if operating effectively, would mitigate the identifed risk of material misstatement? Would it prevent or detect the material misstatement?" Importantly, we have already discussed how auditors would gain an understanding of the internal controls related to cash earlier in this chapter, including the control environment and tone at the top. This discussion remains relevant when auditing the cash balance. -However, when auditing the cash balance, for each WCGW identifed, the auditor seeks to identify a control activity that has been placed in operation to mitigate the identifed risk of material misstatement. -In order to rely on the design of the client's internal controls and support a reduction in control risk, the auditor must determine if each identifed control is operating as designed and whether the person operating the control has the authority and competence to do so. The auditor's ultimate responsibility is to document enough support to conclude whether the control activity was operating effectively to mitigate the risk of material misstatement for the relevant assertion identifed. -Auditors can perform tests of controls to determine whether company personnel are properly performing controls that are said to be in place.
separation of duties for cash disbursement (control activities for cash disbursement)
Similar to cash receipts, for cash disbursements, effective internal control begins with making sure that appropriate separation of duties has been achieved in an organization. Proper separation involves different people and different departments handling custody of blank documents (checks), cash disbursement authorization, record keeping for paterm-35yments, and bank reconciliation: -Custody. Blank documents such as blank checks should be kept secure at all times. If unauthorized persons can obtain a blank check, they can be in another country before an embezzlement is detected. -Authorization. Cash disbursements are typically authorized by an accounts payable department's assembly of purchase orders, vendor invoices, and internal receiving reports to demonstrate a valid obligation to pay. This assembly of supporting documents is called a voucher (Accounts payable obligations usually are recorded when the purchaser receives the goods or services ordered.) A person authorized by management signs the checks. A company may have a policy to require two signatures on checks over a certain amount (e.g., $50,000). Vouchers should be marked "PAID" or otherwise stamped to show that they have been processed completely so they cannot be paid a second time. -Recording. When checks are prepared, entries are made to debit accounts payable and credit cash. Someone without access to the check-writing function should always perform the recording function. -Reconciliation. Monitoring of the internal control over cash can be provided by timely bank reconciliations made by individuals outside of the normal cash operations. -If combinations of two or more of these responsibilities are completed by one person or within the same offce, there may be an opportunity for a fraudster to commit a crime. In addition, and almost more important in today's environment, is the fact that the computerized information processing system must also provide for proper separation of duties. In practice, this is often accomplished by assigning the proper functional "permissions" to the appropriate employees through their password access credentials. Simply stated, in a computerized environment, proper separation of duties is dependent on proper password access controls.
Audit of Cash
The first procedure in an audit of cash is to obtain a bank reconciliation for each cash account and audit them in the following manner: •Balance per bank -CONFIRM (ELECTRONIC BANK CONFIRMATION) directly with bank -Agree amount to CUTOFF BANK STATEMENT •Add deposits-in-transit -TRACE to cash receipts journal -VOUCH to CUTOFF BANK STATEMENT •Subtract Outstanding Checks -VOUCH to cash disbursements journal -TRACE checks cleared from cutoff bank statement •Add/Subtract other Debit/Credit Memos -Inspect bank credit/debit memo and audit for reasonableness. Examine relevant supporting documentation. •Balance per books -FOOT the entire reconciliation for mathematical accuracy -TRACE the amount to the trial balance
the fraud triangle
There are three conditions that are likely to be present when a fraud occurs. They are: •Motivation/incentive/pressure •Opportunity •Rationalization/attitude
Analyze the Mix of Cash and Checks in Deposits
This procedure is most effective for retail operations in which cashiers receive signifcant amounts of both cash and checks. Unless there is a marked change in consumer behavior, one should expect the mix of cash and checks to be relatively consistent over time. A decrease in the proportion of cash in the mix is often a sign that employees may be stealing cash.
management fraud
an intentional deception that is orchestrated by management and is designed to injure investors and creditors by providing materially misleading information.
internal control activities and employee monitoring
internal control activities may include job descriptions and performance specifcations that help people know the specifc tasks they are supposed to accomplish. An entity whose only control is "trustworthy employees" has no control.6 The possibility of being detected by a control activity can be an effective deterrent to a potential fraudster. Stated simply, control activities often take away the opportunity for a fraudster to commit a fraud. -concealment of the crime is a distinguishing attribute of a fraud. Often, the audit team's first indication of a fraud is the identifcation of a control violation. Cover-up attempts generally appear in the accounting records. The key for an auditor is to be aware of and notice exceptions and oddities such as the following: -Transactions recorded at unusual times of the day, month, or year. An unusual (either large or small) number or dollar amount of transactions. -Transactions for "round" dollar amounts (e.g., $50,000). -Transactions associated with unusual branches or locations of a multilocation entity. -Cash shortages and overages. -Excessive voids and credit memos. -General ledgers that do not balance. -An increase in past due receivables. -Inventory shortages. -Unexplained adjustments to inventory or accounts receivable balances, especially without adequate supporting documentation. -Increased scrap or waste in a manufacturing plant. -Alterations on official documents. -Duplicate payments made to the same vendor. -Employees who cannot be identified. -Use of copies instead of originals for supporting documentation. -Missing documentation to support transactions. - Unusual endorsements on checks. - Unusual patterns in deposits in transit. -Common names or addresses for refunds. -Consistent customer complaints about account balances or missing shipments -separation of duties and responsibilities -Discrepancies in the accounting records, conficting evidence, and missing documentation are all symptomatic of fnancial statement fraud. When the audit team identifes such instances, members must follow up with management to identify the source of the problems. Management's response is a key source of evidence; vague, implausible, or inconsistent responses to inquiries can be a key indicator of the pervasiveness of the fraud. Similarly, problematic or unusual relationships between the audit team and management are often present in fnancial statement frauds.
Be Aware of Exceptions
oMissing documents. oAlterations on documents. oPhotocopied documents. oSecond endorsements on checks. oUnusual endorsements. oOld outstanding checks. oUnexplained adjustments to accounts receivable and inventory balances. oUnusual patterns in deposits in transit. oGeneral ledgers that do not balance. oCash shortages and overages. oExcessive voids and credit memos. oCustomer complaints. oCommon names or addresses for refunds. oIncreased past due receivables. oInventory shortages. oIncreased scrap. oDuplicate payments. oEmployees that cannot be found. oDormant accounts that have become active.
errors
unintentional misstatements or omissions of amounts or disclosures in financial statements.
direct-effect illegal acts
violations of laws or government regulations by the company, or its management or employees, that produce direct and material effects on dollar amounts in financial statements.
fraud prevention
•A strong control environment and tone at the top -Can have a pervasive effect on fraud prevention -Business activity is built on the trust that people at all levels will do their jobs properly. •Managing people pressures in the workplace -From time to time, people experience financial and other pressures. The pressures cannot be eliminated, but forums and facilities for sharing such pressures can and have been created by leading organizations -Counseling services -Anonymous hotlines -Ethics officers •Internal control activities and employee monitoring -Segregation of duties and responsibilities for transaction authorization, record keeping, custody of or access to assets, and reconciliation of actual assets to the accounting records. •Tone at the top and integrity by example and enforcement -Management establishes commitment to integrity and high ethical standards -Accountability -Codes of conduct -Hiring and firing policies -Background checks prior to hiring -Prosecution of fraudsters
internal controls over cash
•Cash is highly liquid, easily transportable, and not easily identifiable, and therefore is a primary target for employee thieves. •Some strong internal control activities: -Dual custody of cash at all times -Lockbox arrangement -Fidelity bonds
Audit Evidence Used to Test Cash
•Cash receipts journal •Cash disbursements journal •Bank reconciliations -Year-end bank statement -Cutoff bank statement •Bank confirmations •Schedule of interbank transfers
characteristics fo fraudsters
•Has education beyond high school •Is likely to be married •Is member of a mosque, temple, or church •Ranges in age from teens to over 60 •Is socially conforming •Has an employment tenure from 1 to 20 years (although the scale of the fraud typically increases with tenure as the employee becomes more trusted) •Has no arrest record •Usually acts alone (70 percent or more of incidents) Unfortunately, a fraudster looks like most everybody else! Older individuals (usually over 50) who hold high executive positions, have long tenure, and are respected and trusted employees have often gained the trust and confdence of others and, therefore, are in a position to commit the largest frauds. After all, these are the people who have access to the largest amounts of money and have the power to give orders and override controls. When managers minimize the signifcance of a weak or missing control by rationalizing that the employee involved is a "long-time trusted employee," most experienced auditors will actually escalate their level of fraud risk awareness. You should as well.
Cash Receipts and Disbursements: Key Control Activities
•INFORMATION PROCESSING -Voucher packet (Purchase requisition, purchase order, receiving report, invoice) matched prior to cash disbursement authorization -Deposits reconciled to amounts credited to accounts receivable ledger -Bank reconciliation •PHYSICAL CONTROLS OVER THE SECURITY OF ASSETS -Deposit cash and checks daily and intact -Lock box account -EDI transactions -Dual custody over cash -Unused checks secured -Check imprinting machine •SEGREGATION OF DUTIES -Separate custody, authorization, recording, execution •PERFORMANCE REVIEWS •RECONCILIATIONS
Cash Receipts: Process Activities
•Receive cash and remittance advice in mail •Prepare remittance listing •Enter total from remittance listing (or remittance advice) in cash receipts journal •Prepare deposit slip and deposit cash receipts in bank (intact and daily) •Record update to subsidiary accounts receivable using remittance advice •Reconcile remittance listing, subsidiary accounts receivable, and deposit slip daily
attitude/rationalization
•When people do things that are contrary to their personal beliefs - outside their normal behavior - they provide an argument to make the action seem like it is in line with their moral and ethical beliefs. -Some of the most frequent rationalizations are: •I need it more than the other person. •I'm borrowing the money and will pay it back. •Everybody does it. •The company is big and will never miss it. •Nobody will get hurt. •I am underpaid, so this is due compensation. •I need to maintain a lifestyle and image.