SOC, SOC Reports, CHAPTER 6/7, Audit Chapter 25, Auditing Chapter 6, Flashcards, Five components of COSO Internal control framework (CRIME), Cases, ADVANCED AUDITING FINAL PREP, ASC Judgement, Week 2 - Case 4.4: Waste Management Inc., Flashcards
PCAOB AS 1101
"Audit Risk,"
AICPA ASB Standards: AU-C 240
"Consideration of Fraud in a Financial Statement Audit,"
PCAOB AS 1015
"Due Professional Care in the Performance of Work,"
The government established the Federal National Mortgage Association (FNMA) in 1938, also known as
"Fannie Mae"
PCAOB Standards: AS 2110
"Identifying and Assessing Risks of Material Misstatement."
AICPA Code of Professional Conduct 1.200
"Independence,"
PCAOB AS 1005
"Independence,"
AICPA Code of Professional Conduction Section 1.100
"Integrity and Objectivity,"
AICPA Code of Professional Conduct Section 0.300 and Section 1.100,
"Integrity and Objectivity."
ET 0.300.040 and ET 2.100,
"Integrity and Objectivity."
What does Section 201 of the Sarbanes-Oxley Act of 2002 state
"It shall be 'unlawful' for a registered public accounting firm to provide any non-audit service to an issuer contemporaneously with the audit
AU-C Section 260,
"The Auditor's Communication with Those Charged with Governance,"
·***AS 2301,
"The Auditor's Response to the Risks of Material Misstatement."
a distinguishing characteristic of professionals who consistently exercise sound judgment is that they recognize the judgment frame they are using, and they are able to consider the situation through different frames, or what KPMG professionals refer to as a
"fresh lens."
Professional skepticism helps to frame our
"mindset."
At the very center of the KPMG framework is
"mindset." · It is important that auditors approach matters o objectively and independently o with inquiring and incisive minds.
Toby decided to apply for a _________ loan for himself using his __________________
"no income qualifier";warehouse line of credit.
Toby's situation became a _________________________
"slippery slope offense".
Xerox's earningS were reportedly overstated by ________ while Enron's earnings were reportedly overstated by __________.
$1.5 billion, 0.5 billion
HOW MUCH DID DIANN EMBEZZLE AND OVER WHAT TIME FRAME
$500,000 OVER 3 YEARS
The auditors considered Phar-Mor to be an inherently "high risk" client. List several factors at Phar-Mor that would have contributed to a high inherent risk assessment?
(a) Some of the factors that would have contributed to a high inherent risk assessment include the following: ●The accounting system was not keeping pace with the rapid expanding of Phar-Mor stores. Phar-mor is expanding in size continuously. However, the internal control system is not keeping up with the expansion. ●The management system was in lack of regulation but it is highly motivated to maintain the rapid growth on account. ●The complexity of the related parties involved with Phar-Mor made detection of improprieties and fraudulent activity difficult. During its investigation, the federal fraud examiner identified 91 related parties. It adds on the complexity to the transaction records
Section 301.4 of The Sarbanes-Oxley Act of 2002 set up requirements of internal control procedures. They are
- Audit committees of a public company are required to establish procedures for the receipt, retention, and treatment of complaints received by the company regarding accounting, internal controls, or auditing matters. - The audit committee is required to establish procedures for those complaints to be treated confidentially, and for the submission process to be anonymous for employees submitting the complaints about accounting or auditing matters. These procedures are often referred to as "whistleblowing" procedures.
Why did the Andersen partners allegedly allow Waste Management executives to avoid recording the identified accounting errors? How could this be prevented?
- Auditing is a competitive industry - Auditors might want to avoid conflicts to keep clients happy - High non-audits might compromise independence
Identity Theft
- Criminals obtain someone's personal information and use it to take mortgage financing on the victim's home. - After getting their money, the criminals then default on the loan.
Predatory Lending to Subprime Borrowers
- High-priced loans are forced on consumers who are not sophisticated enough to understand what they are getting. - Mortgage brokers and lenders conceal the true cost of the loans to the borrower. - Homebuyers were tricked into taking on loans that they could not afford and for more expensive homes than they needed.
Based on your review of the transcript about the audit committee meeting, describe whether you believe KPMG exercised due professional care in pursuing this issue with Hollinger international's Audit Committee. Did KPMG accomplish the intent of auditing standards? What could KPMG have done differently with respect to this issue during this meeting?
- KPMG did not explicitly inquire of the Audit Committee. - One might question whether KPMG exercised due professional care in pursing resolution of the non-compete payments with the Audit Committee during its meeting with them on Feb.20, 2002. - Ms. Stitt noted and interpreted " their silence as meaning that they had- they had - considered them before and they had been approved." KPMG Should have obtained audit evidence that they were approved - Au-C Section 200, "Overall Objectives of the independent Auditor and the Conduct of an Audit in Accordance with GAAS". - "Due Professional Care in the Performance of Work," both note that professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. Professional skepticism requires the auditor to use the knowledge, skill, and ability called for by the profession of public accounting to diligently perform, in good faith and with integrity, the gathering and objective evaluation of evidence. KPMG's reliance on "silence" as evidence does not appear to be consistent with concepts of a questioning mind and critical evaluation of audit evidence described in AU-C 200 and in PCAOB AS 1015.
Based on your review of the transcript about the audit committee meeting, describe whether you believe KPMG exercised due professional care in pursuing this issue with Hollinger international's Audit Committee. Did KPMG accomplish the intent of auditing standards? What could KPMG have done differently with respect to this issue during this meeting?
- KPMG did not explicitly inquire of the Audit Committee. - One might question whether KPMG exercised due professional care in pursing resolution of the non-compete payments with the Audit Committee during its meeting with them on Feb.20, 2002. - Ms. Stitt noted and interpreted " their silence as meaning that they had- they had - considered them before and they had been approved." ■ Should have obtained audit evidence that they were approved - Au-C Section 200, "Overall Objectives of the independent Auditor and the Conduct of an Audit in Accordance with GAAS". - "Due Professional Care in the Performance of Work," both note that professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. Professional skepticism requires the auditor to use the knowledge, skill, and ability called for by the profession of public accounting to diligently perform, in good faith and with integrity, the gathering and objective evaluation of evidence. KPMG's reliance on "silence" as evidence does not appear to be consistent with concepts of a questioning mind and critical evaluation of audit evidence described in AU-C 200 and in PCAOB AS 1015.
How did Enron used SPEs to hide large amounts of company debt?
- SPEs were created to sell low performing assets Thereby recording a cash inflow and removing the assets and any related liabilities from the balance sheet. - Transactions were legal so long as an outside investment of at least 3% of the value of the assets was secured. Enron pledged company stock to the outside SPE investors to remove the risk in the case that the assets were sold for a loss. The obligations were not revealed until Enron's stock began to perform poorly, making it unable to cover the losses with shares of stock. "Chewco" "LJM2" and "Whitewing" were three of Enron's most prominent SPEs.
Identify accounts whose balances were likely based on significant management estimation techniques. Why?
- Short-term investments • Accounting treatment (available-for-sale / trading security) contingent on management's assumptions about intended holding period • Market valuations (for mark-to-market) may depend on management's estimation of market values - Accounts receivable, net • Influenced by estimation of allowance for doubtful accounts - Employee receivables • Influenced by estimation of allowance for uncollectible employee receivables - Costs + Estimated Earnings in Excess of Billings • Estimation of anticipated earnings (net of billings) on uncompleted waste management services contracts - Property & Equipment • Estimation of useful lives and salvage values
IMPORTANT!!! What are the primary accounting requirements for related parties described in ASC 850? What types of information should be included in financial statements?
- The nature of the relationship(s) involved. - A description of the transactions, including transactions to which no amounts or nominal amounts were ascribed, for each of the periods for which income statements are presented, and such other information deemed necessary to understand the effects of the transactions on the financial statements. - The effects of any change in the method of establishing the terms. - Amounts due from or to related parties as of the date of each balance sheet presented and, if not otherwise apparent, the terms and manner of settlement.
Illegal Property Flipping
- Usually involves a team of insiders, such as mortgage brokers, real estate agents, appraisers, and settlement agents. How it works: - Insiders use a straw buyer to purchase a home. - Put back on the market at an artificially inflated price that is supported by a fraudulent appraisal. - The house is eventually sold to an unsuspecting home buyer and the insiders pocket the profit.
Sub-service organizations
--A third party provider used by the primary providers to outsource processes and controls --They can be part of transaction processing or the IT environment --They are identified by the service organization in their assertion and by the service auditor in their opinion REVIEWING --Evaluation of internal controls should include the impact of all identified sub-service providers --Assess the impact of sub service providers to the company's internal control over financial reporting --Identify and evaluate all sub-service providers used by in scope service organizations as part of the SSAE 16 review procedures --For in-scope sub-service providers, formally document the review of the sub-service providers' SOC report, if applicable
SOC 1 scope, systems and control domains covered
--Classes of transactions --Procedures for processing and reporting transactions --Accounting records of the system --Handling of significant events and conditions other than transactions --Report preparation for users --Other aspects relevant to processing and reporting user transactions --Transaction processing controls --Supporting information technology general controls
SOC 2 scope, systems and control domains covered
--Infrastructure --Software --Procedures --People --Data --Security --Availability --Confidentiality --Processing integrity --Privacy
Control Objectives, Control Activities and Tests Performed
--Presents the control objectives and related control activities performed by the service organization --Presents the test procedures performed and the results of control testing performed by the service auditors --Shows the exceptions or deviations noted by the service auditors --Shows management's response to the exceptions noted EVALUATING CONTROL EXCEPTIONS --Consider performing a self-assessment of the service auditor's test adequacy of the test procedures performed --Review the responses provided by the service organization and determining whether the responses are satisfactory. Management may also consider discussing the nature of the exceptions with the service auditors. --Evaluate all relevant exceptions, which include: -Exceptions relevant to control objectives that mitigate the financial reporting risks. -Exceptions related to information technology general controls (ITGC) supporting relevant applications that mitigate the financial reporting risks.
Reviewing coverage of the SOC report
--To rely on SOC reports for SOX 404, the report must generally cover at least the first nine months of the audit period --Obtain a bridge letter if there is a gap between the SOC report date and the Company's year-end date --Review the bridge letters and the evaluate the impact of changes in the service organization's controls if any --If the report coverage is less than nine months and/or there is a gap larger than three months, Management must document how it became comfortable with the small coverage period and/or gap in the reporting period
SOC 1 Type 1
-MNGT is required to provide written assertion -SOC 1 looks at design of controls (not operating effectiveness) -SOC 1 is considered only for info purpose in planning a financial statement audit -not considered significant use for purposes of reliance by user auditors -most often performed only in first year client has SOC 1
Section 404 of Sarbanes Oxley
-accept responsibility for effectiveness of company's internal control over financial reporting -evaluate the effectiveness of company's internal control over financial reporting using good control criteria -supporting its evaluation with sufficient evidence, including documentation -presenting a written assessment about the effectiveness of the company's internal control over financial reporting as of the end of the company's most recent fiscal year; managers are now responsible for their internal controls -before this rule, management was not responsible for their internal controls over financial reporting (ICFR) provides assurance regarding the reliability of financial reporting and preparation of external financial statements (includes evidential matter, documentation, to provide reasonable support for assessment of the system) -done because of ENRON and WorldComp; government said it was not an accurate defense to plead ignorance and not knowing, executives need to make sure the statements are accurate cannot get out of it if they are not accountants
Control Activities (Examples)
-approvals and signs -verification functions -reconciliation procedures -segregation of duties
SOC 1: List of Control Objectives and Controls
-list of control objectives and control activities -this info will be provided by the service organization and validated by auditors
SOC 1 Type 2
-mngt is required to provide written assertion -reports on design, implementation, and operating effectiveness of controls for a period of time -may be utilized for control reliance purposes -includes a description of the tests of operating effectiveness results***differentiating factor -comprehensive -requires more internal and external effort -more emphasis on retention of evidential matter throughout the period
SOC 1: System Description Overview
-overview of organization -description of control environment -risk assessment -info and communication -monitoring -control obj and related controls -complimentary user entity controls -changes in the service organizations controls that may have occurred since last examination
SOC 1: Mangements Assertion
-required to provide written assertion about whether: the items in the indep service auditors report are correct as of a specified date -mngt must have a reasonable basis for its assertion
Control (examples)
-risks mitigated -frequency of the them -nature of them -where the evidence of them is kept
In the areas of auditing and accounting, judgment is typically exercised in three broad areas:
1) Evaluation of evidence (e.g., does the evidence obtained from confirmations, combined with other audit evidence, provide sufficient appropriate audit evidence to determine whether accounts receivable is fairly stated) 2) Estimating probabilities (e.g, determining whether the probability-weighted cash flows used by a company to determine the recoverability of long-lived assets are reasonable) 3) Deciding between options (e.g., audit procedure choices, such as inquiry of management, inspection, or confirmation)
KPMG Professional Judgement Framework
1) Identify the problem 2) Consider all of the alternatives 3) Gather & evaluate information 4) Reach conclusion 5) Articulate & document rationale
What are the five steps in the judgment process?
1. Clarify Issues and Objectives 2. Consider Alternatives 3. Gather and Evaluate Information 4. Reach Conclusion 5. Articulate and Document Rationale
What are the five steps in the judgment process?
1. Clarify Issues and Objectives 2. Consider Alternatives 3. Gather and Evaluate Information 4. Research Conclusion 5. Articulate & Document Rationale
What are the five steps in the judgment process?
1. Clarify Issues and Objectives, 2. Consider Alternatives 3. Gather and Evaluate Information 4. Reach Conclusion 5. Articulate and Document Rationale.
What are the five interrelated components of an entity's internal controls
1. Control Environment 2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring
Professional standards indicate that an entity's internal controls consist of five interrelated components.
1. Control environment 2. Risk Assessment 3. Information & Communication 4. Monitoring 5. Control Activities
TWO MAIN CATAGORIES OF FRAUD MISTATEMENTS THAT AFFECT FINANCIAL REPORTING ARE CALLED:
1. FRUADULENT FINANCIAL REPORTING -FINANCIAL STATEMENT MISSTATEMENTS OR OMMISSIONS INTENDED TO DECEIVE USERS 2. MISAPPROPRIATION OF ASSETS -THEFTS OF ENTITY ASSETS REPORTED IN THE FINANCIAL STATEMENTS
The three potential ways to mitigate the effects of biases are
1. First way to mitigate is to make actively questioning of assumption which can include seeking more complete information. 2. Consulting with others can also help in mitigating the biases as it provides the different viewpoints that one can have. 3. One can also mitigate the effects of bias by objectively evaluate the pros and cons for each alternative as this will help an individual to consider all the possible arenas of an alternative.
What are the 6 Types of Mortgages
1. Fixed term mortgages 2. Adjustable Rate Mortgages (ARMs) 3. Buy-downs 4. Graduated Payment Mortgages 5. Negative Amortization Loans 6. Subprime mortgages
WHITE COLLAR CRIME
1. LEGITIMATE ACCESS TO THE TARGET OF THEIR ILLEGAL ACTIVITIES 2. HAVE SUPERFICIAL APPEARANCE OF LEGITIMACY 3. OFTEN SPACIALLY SEPERATED FROM THEIR VICTIMS
Toby's ability to continue his offense for several months was facilitated by two factors:
1. Little to no oversight of his actions. Neither the bank holding his warehouse credit line nor his auditors were diligent in checking the facts underlying his applications or his general financial situation. 2. Willing cooperation of others in the industry. Toby also benefited from the cooperation of people in his company and people in other companies in the real estate industry to help him prepare the supporting documents that he needed to support his applications. Because the real estate and mortgage industries were undergoing such rapid growth and change, and because shady dealings were commonplace, Toby's actions may not have appeared to be out of the ordinary.
XEROX OPPORTUNITY TO MANIPULATE BY
1. RECOGNIZED REVENUE IMMEDIATELY BY APPLYING TO EQUIPMENT, INSTEAD OF INCLUDING SERVICE AND FINANCE WHICH SHOULD HAVE BEEN DEFERRED 2. INCREASED THE RESIDUAL VALUE OF THE EQUIPMENT WHICH INCREASED REVENUE · ACCELERATION FROM REVENUE FROM RENTAL LEASE AND DIDN'T REPORT · IF LEASE NEGOTIATION INCREASES, YOU RECOGNIZE IT OVER LIFE OF LEASE BUT THEY RECOGNIZED IMMEDIATELY 3. DIDN'T RECOGNIZE TAX IN YEAR OCCURRED 4. MANIPULATED TAX INTEREST INCOME 5. DID NOT DISCLOSE FACTORING TRANSACTIONS 6. MANIPULATED RESERVES ACCOUNT 7. OTHER MISC EXPENSE INTO RESERVE SO EXPENSES WERE DEFERRED AND SO INCREASE EARNINGS
in evaluating the reasonableness of management's estimates, according to AU-C Section 540 and PCAOB AS 2501,
1. Review and test the process used by management to develop the estimate. 2. Develop an independent expectation of the estimate to corroborate the reasonableness of management's estimate. 3. Review subsequent events or transactions occurring up through the audit report date.
Two common judgment traps that can affect our judgement are
1. Rush to Solve & 2. Judgment triggers
What are two common judgment traps?
1. Rush to Solve and 2. Judgment Triggers
What are some examples of judgment traps and tendencies that likely affected the auditor's judgment when auditing CUC's financial statements?
1. Rush-to-solve - Pressure to complete the audit timely 2. Confirmation Tendency - It is likely that the auditors started with the belief that the amounts reported by the CUC were correct • Thus accepting the supporting information provided by the client as correct and used that information to "confirm" the amounts reported in the financial statements instead of considering or seeking potentially disconfirming evidence 3. Anchoring Theory - The auditors were presented with management's estimated amounts related to merger reserves, service revenues, and customer nonpayment or cancellation of services • The auditors may have anchored to those amounts and thus failed to evaluate whether other amounts were more reasonable
· Why would a company want to hire a member of its external audit team?
1. The auditor is familiar with the company; 2. The auditor is perceived as being highly motivated and competent with relevant accounting experience 3. Management has developed a strong working relationship with the auditor as a result of the audit.
1. What is fundamental to exercising professional skepticism?
1. The fundamental to professional skepticism is the attitude of the auditor to approach issues in an objective, and critical nature. Therefore assessing evidence as such, before making judgments. "The [skeptic] promotes risk awareness and is inherently an enemy of fraud." (KPMG Ch. 3 PG16) The concept of judgment framing is important because appropriately questioning management's perspective by viewing the situation through other frames is fundamental to professional skepticism. challenging management's existing frames, which is the essence of professional skepticism.
What are some key facts of the WASTE MANAGEMENT case?
1. Waste Management, Inc. provides solid waste management services consisting of collection, transfer, resource recovery, and disposal services for commercial, industrial, municipal, and residential customers 2. The company was formed in the late 1960s and had grown to be a leader in waste management services 3. Despite the success, by 1996 the company was feeling pressures from the effects of changes occurring in its markets and the environmental industry.
What are WHITE COLLAR CRIME CHARACTERISTICS?
1. White-collar offenders have legitimate access to the target of their illegal activities because of their occupational positions. - because of Toby's role as a mortgage banker with a warehouse line of credit, it was easy for Toby to submit a fraudulent application for a loan. 2. The illegal actions of a white-collar offender have a superficial appearance of legitimacy. -Because of his occupational position and his experience with the mortgage banking and loan application process, Toby could prepare an application that looked normal and legitimate 3. White-collar offenders are often spatially separated from their victims. - the victim was the bank that held Toby's warehouse line of credit, and Toby never had to meet with the owners of the bank to get his loan.
what impedes professional judgement?
1. in a world of pressure, time constraints, and limited capacity, there are a number of judgment traps we can fall into. 2. In addition, we can be subject to biases caused by self-interest or by unknowingly applying mental shortcuts.
AICPA Code of Professional Conduct Section 0.300 and Section 1.100, "Integrity and Objectivity."
1.100 a member shall maintain objectivity and integrity, shall be free of conflicts of interest, and shall not knowingly misrepresent facts or subordinate his or her judgment .300 overall principle of due care: A member should observe the profession's technical and ethical standards, strive continually to improve competence and the quality of services, and discharge professional responsibility to the best of the member's ability.
How much time did Diann serve in prison? Select one: a. 2 years b. 3 years c. 1.5 years d. 1 year
1.5 years
• Kirk Sheldon, CUC's COO, sentenced to
10 years, pay $3,275 billion
• Walter A, Forbes, chairman and CEO of CUC, sentenced to
12 years, seven months, pay $3,275 billion
What tendency is most likely manifest in the following situation? An engagement team performed a substantive analytical procedure over an expense account. When investigating a significant difference, the team was satisfied with limited evidence to support the client's plausible explanation (which was in fact incomplete) for the difference. a. Confirmation tendency b. Limited resources c. Overconfidence tendency d. Time pressure
A
Which of the following is NOT recommended when trying to mitigate the risk of bias attributable to the availability tendency? a. Consider the most unusual case b. Make the opposing case c. Consult with others d. Get objective data
A
Why would a company want to hire a member of its external audit team?
A company could gain insight into the auditor's process and better devise methods of hiding fraud.
What is a white knight?
A friendly investor that acquires a corporation at a fair consideration with support from the corporation's board of directors and management.
Ethical Fading
A process by which a person does not realize that the decision he or she is making has ethical implications.
Qualified opinion
A report issued when the auditor believes that the overall financial statements are fairly stated but that either the scope of the audit was limited or the financial data indicated a failure to follow GAAP
SOC 1 Report
A report on controls at a service organization which are relevant to user entities' internal control over financial reporting. An example of a service organization that may need a SOC 1 report is a company that provides payroll processing services to user entities. User entities that use the payroll processing company realize the material impact of payroll on their financial statements and request some independent assurance that their payroll is being handled in accordance with their expectations. A SOC 1 report provides user entities of the payroll processing company reasonable assurance that the internal controls of the payroll processing company are suitably designed (Type I report) or suitably designed and operating effectively (Type II report) to provide the payroll services. Because SOC 1 reports may contain sensitive information about service organizations, they are considered restricted use reports and should only be shared with management of the service organization (the company who has the SOC 1 performed), user entities of the service organization (the service organization's clients) and the user entities' financial auditors (user auditors). The report can assist the user entities' financial auditors with laws and regulations like the Sarbanes-Oxley Act. There are numerous service organizations that may receive SOC 1 reports. The common theme between the service organizations should be the potential impact on user entities' internal controls over financial reporting (ICFR). Some examples of organizations who may receive SOC 1 reports include: Payroll processors Medical claims processors Loan servicing companies Data center companies Software-as-a-Service (SaaS)
Type 1 Report
A report on the design and implementation of a service organization's controls and their suitability
Type 2 Reports
A report that documents a service organization's controls and documents their suitability and effectiveness
Detective Controls
A requirement to prepare bank reconciliations
a warehouse line of credit is
A revolving line of credit used by mortgage brokers in order to fund loans
Sub service organizations
A subservice organization is an entity that is used by the service organization to perform some of the services provided to customers (user entities). An example of a common service provided by a subservice organization would be a company that offers their data center to a cloud provider (the service organization). The service organization relies on processes and controls implemented at the subservice organization to meet the Control Objectives or Trust Services Principles of the SOC report. When a subservice organization is utilized by the service organization, there are two methods for reporting on the processes and controls at the subservice organization. --First, the processes and controls can be included as a part of the report. --This is the Inclusive method. --Second, the processes and controls can be excluded from the report. --This is the Carve Out method. Each method requires that the service organization take steps to determine whether controls are in place and operating effectively to meet the needs of the end user (customer).
Complementary user entity controls (CUECs)
AKA User Control Considerations (UCCs) Controls that the vendor has included within its system and rely on the user entity (you) to implement in order to achieve the vendor's control objectives. In most cases, the control objectives stated in the description can be achieved only if these complementary user entity controls are suitably designed and operating effectively (by you), combined with the controls at the service organization (the vendor). **Common Placement of Complementary User Entity Controls in a SOC Report** --Specific subsection of the description - You can often find the CUECs listed out in the service description section with details on how exactly they relate to the control objectives laid out in the report. --As part of the tested controls section - You can also find the CUECs right in the testing section. They're usually documented along with the control objectives they align with. **Common Examples of CUECs in a SOC Report** --Logical Access: Account provisioning General IT controls and policies Account management --Separation Procedures: Timely account removal Regular assessment of accounts --Authorization Policies and Procedures: Policies and procedures that ensure transactions are appropriately authorized and transactions are secure, timely and complete --Data Transmission Policies and Procedures: When sending data, it must be protected by appropriate methods such as encryption Knowing about CUECs still isn't enough. As part of your vendor risk management process, you have to map them back to your own policies and procedures to ensure that you have controls in place that properly align with your vendor's expectations. Part of comprehending a vendor's value in providing a product or service is making sure you can effectively execute your responsibilities.
Bridge letter
AKA a gap letter --Obtain a bridge letter if there is a gap between the SOC report date and the Company's year-end date --Review the bridge letters and the evaluate the impact of changes in the service organization's controls if any
SOC 1, Type 1
AKA point in time report Type 1 reports test the design of a service organization's controls, but not the operating effectiveness. As of a particular date, includes a description of a service organization's system as well as tests to help determine whether a service organization's controls are designed appropriately.
DIANN CANTTANI EMBEZZLED BY: a. ABUSING EXPENSE REIMBURSEMENT POLICIES: Submitting personal expense; ski trips as business expense; misclassifying expense; personal dinner as business b. Altered her salary by duplicating bonus checks c. duplicating expenses; turned in her CC statement & receipt; reimbursed for both d. Creating dummy vendors e. A & C f. all of the above
ALL OF THE ABOVE
ETHICALLY BOUNDED
AN INDIVIDUAL'S MORALITY IS OFTER CONSTRAINED IN WAYS THAT FAVOR SELF-SERVING PERCEPTIONS THAT CAN RESULT IN BEHAVIORS THAT CONTRADICT OUR INTENDED EHTICAL STANDARDS
WHY DID KPMG STILL HERE AND ANDERSON GONE
ANDERSON HAD MORE PREVILENT FRUAD THEN KPMG MOST OF ANDERSONS WERE HIGH PROFILE CASES
OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR & THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH GAAS
AU-C SECTION 200, DUE PROFESSIONAL CARE
Based on requirements in auditing standards related to auditor documentation why must auditors prepare audit documentation?
AU-C Section 230 and PCAOB AS 1215 require that the audit documentation record who performed the audit work and the date such work was completed and who reviewed specific audit documentation and the date of such review. Each working paper does not need to include specific evidence of review. But, it should be clear from the audit documentation who reviewed specified elements of the audit work
WHAT RESPONSIBILITY DOES AN AUDITOR HAVE TO DETECT MATERIAL MISTATEMENTS DUE TO ERRORS AND FRAUD?
AUDITORS ARE REQUIRED TO PLAN AND PERFORM AUDIT ENGAGEMENTS TO PROVIDE REASONABLE ASSURANCE THAT THE FINANCIAL STATEMENTS ARE FREE OF MATERIAL MISSTATEMENT, WHETHER THE RESULT OF ERROR OR FRAUD. THE AUDITOR PROVIDES REASONABLE ASSURANCE OF DETECTING FRAUDS LEADING TO MATERIAL MISSTATEMENTS BY EVALUATING THE LIKELYHOOD OF FRAUD AND EXPANDING AUDIT TESTS WHEN THERE IS A HIGHER LIKELYHOOD OF FRAUD.
Should auditors have equal responsibility to detect material misstatements due to errors and fraud?
According to the PCAOB AU110.02 and 03 "The auditor has no responsibility to plan and perform the audit to obtain reasonable assurance that misstatements, whether caused by errors or fraud, that are not material to the financial statements are detected." However, The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.
Q2) Describe why accounts involving significant management estimation are generally viewed as inherently risky
Accounting estimates needed if: 1. the measurement of some amounts or the valuation of some accounts is uncertain, pending the outcome of future events; or 2. relevant data concerning events that have already occurred cannot be accumulated on a timely, cost-effective basis Risk of material misstatement varies with: - Complexity, subjectivity, availability and reliability of relevant data, number of assumptions required, and degree of uncertainty associated with those assumptions
Which are characteristics of subprime loans? Select one: a They are more expensive than prime loans. b. They pose a greater risk for default. c. They are designed to be made to borrowers who could not qualify for regular loans. d. All of the above
All of the above
According to Oliver Halle, what is an example of an internal pressure that causes people people to commit fraud? Select one: a. Drug addiction b. Underemployment c. Gambling addiction d. All of the above.
All of the above.
Distinguish the 3 types of service organization reports.
An SOC 1 report, Report on Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting, is intended to meet the needs of entities (known as user entities) that use service organizations and their auditors, who are responsible for understanding internal controls over financial reporting at service organizations. SOC 1 reports are used to plan and perform audits of the user entity's financial statements by their auditors, who are referred to as user auditors. There are two types of reports on controls at the service organization relevant to user entities' internal control over financial reporting: 1. Report on management's description of a service organization's system and the suitability of the design of controls (referred to as a Type 1 report). 2. Report on management's description of a service organization's system and the suitability of the design and operating effectiveness of controls (referred to as a Type 2 report). An SOC 2 report, Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, is intended to meet the needs of a broad range of users who need information and assurance about controls at a service organization that affect the security, availability, and processing integrity of the systems the service organization uses to process users' data and the confidentiality and privacy of the information processed by these systems. For example, customers of a service organization may seek an SOC 2 report as part of their vendor risk management considerations. Similar to SOC 1 reports, there are two types of reports (Type 1 and Type 2). Use of these reports is generally restricted to specified parties, such as management of user entities, customers of the service organizations, regulators, suppliers, and business partners. An SOC 3 report, Trust Services Report for Service Organizations, is similar to an SOC 2 report except that the SOC 3 report is intended for wide distribution to current or potential users of the service organization. SOC 3 reports are prepared using the Trust Services principles and criteria shown in Table 25-2. While the distribution of an SOC 2 report is generally restricted, an SOC 3 report is a general-use report, which allows the service organization to share the report to current or prospective customers or to use it as a marketing tool demonstrating that they have appropriate controls in place to mitigate risks, such as those related to security or privacy.
One component of internal control is the entity's control environment. What factors should an auditor consider when evaluating the control environment?
An auditor should consider the culture of the firm. This includes the role played by upper management, in order to ascertain if pressure is being placed on low level employees. An auditor must also identify incentives and opportunities that management has to commit fraud, such as relationship with auditing practices and the audit committee.
Which of the following best describes a judgment trigger?
An issue/problem stated in terms of a particular alternative
Describe how reflection applies to the KPMG Professional Judgment Framework.
Answer: Reflection is often the best way to identify whether a judgment has been influenced by a judgment trap or bias, like a judgment trigger that could have led the decision maker down a "garden path" toward a narrow set of alternatives.
Diann's theft from her company is an example of what kind of workplace crime? Select one: a. Corporate b. Fraud triangle c. Pro-organizational d. Anti-organizational
Anti-organizational
Stakeholders
Anyone who has a responsibility for, an expectation from or some other interest in the enterprise.
An auditor will use the IT test data method in order to gain certain assurances with respect to the
Application controls contained within the program.
Who served as WorldCom's external auditor and who replaced them
Arthur Andersen, LLP, served as WorldCom's external auditor until June 2002 replaced by KPMG after the Enron Scandal Author Anderson was part of
What are the risks associated with allowing former auditors to work for a client in key accounting positions?
Associated risks: - Familiarity with nature and timing of audit procedures - Potential to influence audit procedures - Potential to mislead auditors - Potential to influence the likelihood that auditors follow up on detected misstatements
Using hindsight, identify factors present at Waste Management that are indicative of each of the three fraud conditions: incentives, opportunities, and attitudes (continued 2)
Attitude: > Management not concerned with quality of financial reporting as evidenced by refusal to make adjustments suggested by auditor > Secret agreement with auditor to write off accumulated errors in future periods
"Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with GAAS".
Au-C Section 200,
What makes the intentional misstatement of inventory difficult to detect? How was Phar-Mor successful in fooling Coopers & Lybrand for several years with overstated inventory?
Auditors are in Lack of experience For inventory checking, only small samples was tested It was hard to detect the fraud because the high level management were involved. They have the common interest on hiding the loss. Also, Phar More is a subsidiary under the Giant Eagle. The inventory could be transferred flexibly within the corporation among different subsidiaries. When auditors prepare the financial statements for the corporation, they normally do not pay close attention to the inventory reports of the individual firm
What responsibility does an auditor have to detect material misstatements due to errors and fraud?
Auditors are required to plan and perform audit engagements to provide reasonable assurance that the financial statements are free of material misstatement, whether the result of error or fraud.
What responsibility does an auditor have to detect material misstatements due to errors and fraud?
Auditors maintain a responsibility to provide reasonable assurance that financial statements are free of material misstatement due to fraud or errors. The auditors must maintain an attitude of professional skepticism throughout an audit, while maintaining independence in appearance and in fact. However, auditors cannot guarantee there will be no material misstatements but they do provide reasonable assurance
an example of the confirmation bias
Auditors may be prone to over rely on management's explanation for a significant difference between the auditors expectation and managements recorded value, even when the clients explanation is inadequate
What types of factors should auditors consider when assessing the likelihood of material misstatements due to fraud?
Auditors must take two main things into account: the inherent risks of the client, and the control risks. Inherent risks are those directly related to the business and business operations, while control risk is what the company puts in place to reduce errors and fraud.
What is the most important factor in avoiding traps or reducing bias?
Awareness of potential traps and conditions that lead to bias is the most important factor.
True or False
Awareness, coupled with the terminology to identify and label the potential traps and biases, is key to improving judgment.
The confirmation bias is a subconscious tendency to do which of the following? a. Seek evidence that confirms a biased judgment b. Seek evidence that confirms a previously held view c. Underutilize confirmations in the testing of accounts receivable d. Seek evidence that disconfirms a previously held view
B
What best describes the relationship between diversity of thought and group judgments? a. Differences in opinions indicate internal conflict, which team members should avoid. b. Diversity in thought should be fostered in group judgment and typically improves judgment quality. c. Team members should always work together to reach an early consensus. d. GroupThink is a pitfall that teams may fall into as a result of encouraging expression of different ideas within the group.
B
Which of the following best describes a technique to mitigate the confirmation bias? a. Consider the most unusual case b. Make the opposing case c. Consult with others d. Get objective data
B
Which of the following best describes the relationship between professional skepticism and professional judgment? a. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is separate and apart from the process of exercising professional judgment. b. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is part of the process in forming professional judgments. c. Professional skepticism is synonymous with professional judgment. d. There is no relationship between professional skepticism and professional judgment.
B
Which of the following is on of the keys for effectively preparing for a brainstorming session? a. The engagement team should participate in a pre-meeting to assess the objectivity of the participants attending the meeting in order to avoid bias. b. The individual team members should generate ideas before the meeting with an understanding their ideas will be shared. c. The leader should send out an agenda of important topics and preliminary conclusions for the participants to consider before the meeting in order to expedite the process. d. The purpose of the meeting should not be communicated prior to the meeting in order to avoid individual pitfalls and biases.
B
Which of the following statements about judgment frames is correct? a. A situation cannot have more than one appropriate frame. b. There is often no single best frame for a given situation. c. Frames are not used by risk averse individuals. d. Professionals should eliminate the use of frames from their judgment processes.
B
THIS COULD BE ON EXAM!!!!! SATYAM LIKE 53 MILLION DOLLOR QUESTION BOTH MADE
BANK ACCOUNTS
Which of the following is considered a general control
Back up and disaster recovery controls. Password protection on the central server. Requiring change authorization forms on all program software.
"rule-based" accounting standards are
Based on specific and detailed rules
Which of the following is a consequence of the housing boom of the 1990s? Select one: a. Home values appreciated rapidly. b. New loan products were being offered to buyers. c. Both A and B d. None of the above
Both A and B
"Due Professional Care in the Performance of Work,
Both AU-C 200 and PCAOB AS 1015 both note that professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. Professional skepticism requires the auditor to use the knowledge, skill, and ability called for by the profession of public accounting to diligently perform, in good faith and with integrity, the gathering and objective evaluation of evidence
WHAT IS THE SIMILARITY BETWEEN ENRON AND XEROX CASE?
Both Enron and Xerox were large publicly traded companies that were required to restate their financial statements because of massive accounting manipulations. BOTH USED AGGRESIVE ACCOUNTING & COMPLICATED METHODS Both companies were heavily financed with debt obligations and were experiencing significant challenges to their core business operations.
(a) how was Enron Corporation's situation similar or dissimilar to Xerox's situation? (b) How did the financial and business sectors react to the two situations when the accounting issues became public? (c) If the financial or business sectors reacted differently, why did they react differently?
Both companies were heavily financed with debt obligations and were experiencing significant challenges to their core business operations. The major difference is in the nature of their core business. At the time of the restatement, Enron was predominately a speculative energy and commodity trading company while Xerox was the producer of copier and printing devices. At the end, Enron no longer had physical products it produced and sold. Rather, Enron acted as an intermediary service provider between producers and buyers. Buyers and sellers were no longer interested in using Enron's services when the integrity of management was brought into question, causing its business to basically disappear over night. Xerox on the other hand, was still perceived to produce quality products it could sell to its customers.
Diann Canttini graduated from which university? Select one: a. University of Southern California b. UCLA c. Utah State University d. Brigham Young University
Brigham Young University
FASB Accounting Standard Codification (ASC) 805
Business Combinations
Which of the following best describes a judgment trigger? a. An alternative stated in terms of a judgment objective b. A technique for making effective judgments quickly c. An issue/problem stated in terms of a particular alternative d. A technique for more effectively evaluating another's judgment
C
Which of the following is not a step in reframing a situation? a. Challenge the current frame b. Generate alternative frames c. Justify the current frame d. Understand the current frame
C
Which of the following is not a technique to help an auditor mitigate possible bias stemming from use of judgment shortcut? a. Be aware of the bias and when you might be vulnerable to it b. Seek disconfirming evidence c. Seek the advice of someone who agrees with your position d. Identify and acknowledge personal preferences
C
CUC + HFS COMBINED TO CREATE
CEDANT CORPORATION
Finally wrapping around "mindset" in the Framework is
CONSULTATION which includes with o engagement team members, o specialists, or other professionals
Which is NOT one of the three elements of the fraud triangle? Select one: a. Consequences b. Opportunity c. Motivation/Pressure d. Rationalization
Consequences
FASB Accounting Standard Codification (ASC) 810
Consolidation
The most important Internal Control is
Control Environment
5 major components of internal control
Control environment Communication Risk Assessment Control Activities Monitoring
Which of the following controls would most likely be tested during an interim period?
Controls that operate on a continuous basis.
Entity-level controls can have a pervasive effect on the entity's ability to meet the control criteria. Which one of the following is not an entity-level control?
Controls to monitor the inventory taking process.
"Fannie Mae"
Created the secondary mortgage market.
Who reported WordComs fraud and what was their position?
Cynthia Cooper from their internal audit staff
In December 2002, Time magazine named WorldCom's ___________ as one of its "Persons of the Year" along with two other whistleblowers: _____________of Enron and _________ of the FBI.
Cynthia Coopers, Sherron Watkins & Colen Rowley
Which of the following describes how the availability tendency is most likely to affect auditors? a. Auditors may first consider different potential causes for an observed fluctuation before seeking the client's explanation with regards to analytical procedures. b. Auditors may rely on information provided by client staff who is most knowledgeable about an audit area rather than the staff most easily accessible. c. Auditors may seek evidence that supports their belief of how a transaction should be accounted for. d. Auditors may weigh more heavily the information that was received most recently from a client relative to information received earlier during the audit.
D
Which of the following is an example of the confirmation bias? a. An auditor improperly concludes on a complex revenue recognition matter without having the appropriate technical accounting background. b. An auditor improperly concludes on the valuation of an investment security by looking at only the most recent sale of the security. c. An auditor improperly concludes on the accounts receivable balance because negative confirmations were sent instead of positive confirmations. d. An auditor improperly concludes a contingent liability is properly stated after examining only the evidence that supported the amount accrued in the financial statements.
D
Which of the following is true with respect to the overconfidence bias? a. Overconfidence is always a conscious bias. b. Overconfidence could result in the consideration of too many alternatives. c. Overconfidence usually decreases with experience. d. Overconfidence could result in engagement team members performing audit procedures that are beyond their skill sets.
D
Which of the following statements is false regarding group judgment? a. Good judgment principles are similar for individuals and groups. b. Groups can fall into judgment traps and biases. c. Groups are prone to making quick decisions in order to avoid conflict. d. Groups are not prone to judgment traps and biases.
D
ACCODING TO AU-C SECTION 230 AND PCAOB AS 1215 EACH WORKING PAPER DOES
DOES NOT NEED TO INCLUDE SPECIFIC EVIDENCE OF REVIEW. BUT SHOULD BE CLEAR FROM THE DOCUMENTATION WHO REVIEWED SPECIFIC ELEMENTS OF THE AUDIT WORK PERFORMED AND WHEN
Independent service auditor's report
Describes the scope, service organization's responsibilities, service auditor's responsibilities, inherent limitations, opinion, description of test of controls, restricted use. It also describes the service auditor's opinion of management's presentation of its system of internal control, the suitability of the design of the system, the opinion on the operating effectiveness of the controls (Type II reports only). REVIEWING THIS SECTION --Verify the report coverage is adequate, if it is insufficient or the date does not coincide with the client's year end, verify how management was able to gain acceptance of the coverage exceptions. --Verify the type of report issued and whether it is appropriate for use --Verify whether service providers are being used by the service organization and determine whether the service auditor's evaluation included sub-service providers --Determine the type of opinion issued
Who was the White Knight in the Enron Case?
Dynegy
Which company engaged in aggressive accounting approaches, including SPEs, to move debt off the balance sheet and enhance profits.
ENRON
Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective
Effectiveness and efficiency of operations.; Reliability of financial reporting; Compliance with applicable laws and regulations.
(d) How was KPMG's situation similar or dissimilar to Andersen's situation?
Enron's restatement of its financial statements had a much more profound effect on Andersen than did Xerox's restatements of its financial statements on KPMG. The number of high profile fraud cases Andersen was involved with (Waste Management, Global Crossing, Sunbeam, Qwest Communications, and Enron) helped it to quickly lose its credibility with the investment markets and federal government. More importantly, Andersen's criminal conviction for document shredding in the midst of an SEC investigation forced Andersen to stop performing audits of public companies. In the end, Andersen's loss of public trust rendered its services useless. KPMG fortunately, has not been involved in as many high profile fraud cases. Nevertheless, the demise of Andersen has brought about a significant re-evaluation and re-structuring of all public accounting firms to prevent similar situations in the future.
What could Diann's company have done to best safeguard itself from fraud? Select one: a. Ensured segregation of duties. b. Performed a background check on Diann. c. Implement more internal controls. d. Both A and C.
Ensure segregation of duties & implement more internal controls
Who was CUC's auditor prior to Cedant
Ernst & Young
SOC 3 Report
Established as a general use report alternative to the SOC 2 report, a summary that can be provided to the public. An examination on controls relevant to the applicable Trust Services Principles The report includes only the auditor's opinion and limited description of controls (narrative)
How can considering multiple judgment frames enhance an auditor's professional skepticism? Explain and give an example.
Evaluating issues and objectives from different frames, or what we at KPMG would call looking at an issue through a "fresh lens," can help auditors to understand a variety of different perspectives. Considering multiple frames can bring additional insights or ways to understand a situation.
indicate one audit procedure the auditor could have used to detect False coding of services sold to customers
Examine documents supporting cash receipts.
Which fraud scheme is described in the Diann Cantinni case as one of the easiest fraud schemes to commit against a company? Select one: a. Forging management signatures b. Duplicating checks c. Expense reimbursement d. Sneaking office supplies
Expense reimbursement
TRUE OR FALSE DIANN'S HUSBAND WAS ALSO IMPLICATED IN THE FRAUD
FALSE
TRUE OR FALSE; ACCORDING TO AU-C SECTION 230 AND PCAOB AS 1215 EACH WORKING PAPER NEEDS TO INCLUDE SPECIFIC EVIDENCE OF REVIEW.
FALSE: ACCORDING TO AU-C SECTION 230 AND PCAOB AS 1215 EACH WORKING PAPER DOES NOT NEED TO INCLUDE SPECIFIC EVIDENCE OF REVIEW. BUT SHOULD BE CLEAR FROM THE DOCUMENTATION WHO REVIEWED SPECIFIC ELEMENTS OF THE AUDIT WORK PERFORMED AND WHEN
AU SECTION 240
FRAUD TRIANGLE
A reliance strategy is used when control risk has been set at high. True or False
False
Diann rationalized her fraud by saying that she needed money to care for a sick child. True or False
False
The home mortgage industry experienced a decrease in white-collar crime during the housing boom of the 1990s. Select one: True False
False
True or False: You cannot teach judgment; either you have it or you don't.
False. Experience is important; however, gaining knowledge and skill relating to exercising good judgment can help elevate and improve judgment maturity.
True or False: It is essential to carefully apply each step in the judgment process in the KPMG Professional Judgment Framework for all judgements.
False. For easy, low-stakes judgments, common sense and quick consideration of one or two steps in the judgment process may be enough to make a good judgment.
True or False: You just cannot teach judgment; either you have it or you do not.
False. While experience is important, gaining knowledge and skill relating to exercising good judgment can help elevate and improve students' and professionals' judgment maturity.
True or False: People are simply hardwired to sue judgment shortcuts, and as such, there is no way to avoid the related biases.
False. While reliance on judgment shortcuts does come naturally, awareness of conditions that can lead to bias provides decision makers the ability to identify logical methods to reduce the bias.
true or false ; People are simply hardwired to use judgment shortcuts, and as such, there is no way to avoid the related biases.
False. While reliance on judgment shortcuts does come naturally, awareness of conditions that can lead to bias provides decision makers the ability to identify logical methods to reduce the bias.
True or False: At the time Cynthia Cooper discovered the accounting fraud, WorldCom had whistleblower hotline process in place
False: At the time Cynthia Cooper discovered the accounting fraud, WorldCom did not have whistleblower hotline process in place
True or False: Mangagement should be involved in the Whistleblower program
False; Management should never be involved
Groves said his fraud scheme was motivated by what? Select one: a. Greed b. Resentment c. Ignorance d. Fear of failing
Fear of failing
___________concentrated on buying loans from savings and loan association institutions a. Fanny Mae b. Freddy Mac
Freddie Mac
An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus?
General controls.
SOC 3
General use report whose purpose is to report on controls related to compliance or operations (security, availability, processing integrity, confidentiality or privacy)
Why is lack of expression of disagreement a sign of potential problems in group judgment?
Groups tend to do better than individuals because of the different perspectives and insights that are brought up and considered by the group. If expression of disagreement is stifled, one of the key benefits of group judgments is eliminated. The tendency to reach quick consensus is more likely to come into play, bringing with it the dangers of GroupThink.
Groves committed which of the following crimes? Select one: a. Groves wrote unauthorized checks to himself .b. Groves made false statements on loan applications. c. Groves lied on his expense reimbursement report. d. Groves gave himself duplicate pay checks.
Groves made false statements on loan applications.
An entity's IT infrastructure refers to:
Hardware components
Why did the Andersen partners allegedly allow Waste Management executives to avoid recording the identified accounting errors? How could this be prevented? (continued)
How to prevent this? - Keep focus on public's interest - Assess performance evaluation: focus on quality instead of fee revenues - Require national level approval for local office partners to sign off on complex or aggressive accounting positions - Strengthen position audit committee
Review professional auditing standards to describe the auditor's responsibilities for examining management-generated estimates.
ISA 540: Auditing Accounting Estimates (Par 9) The auditor shall evaluate, based on the audit procedures performed and the audit evidence obtained, whether the accounting estimates and related disclosures are reasonable in the context of the applicable financial reporting framework, or are misstated.
HARLEY DAVIDSON CASE
Identifying eBusiness Risks and Related Assurance Services for the eBusiness Marketplace
Describe the key difference between a type 1 and type 2 SOC 1 report.
In a Type 1 SOC 1 report, the accountant provides an opinion about the fairness of the description of the service organization's system and opinion about the suitability of the design of the controls in that system. In a Type 2 report, the accountant provides the opinions contained in a Type 1 report, plus an opinion on the operating effectiveness of controls at the service organization.
Using hindsight, identify factors present at Waste Management that are indicative of each of the three fraud conditions: incentives, opportunities, and attitudes
Incentives: > Pressure on management to maintain company's reputation and stature in the industry > Internal pressure from CEO on other members of the management team to find ways to reach the targets > Greed and desire to retain corporate positions and status in the business and social communities > Bonuses based on company performance
Service organization's description of the system
Includes the service organization's explanation of the system and descriptions of: --Services provided --Entity-level controls relating to the control environment, risk assessment processes, monitoring activities and information and communication processes --Procedures by which services are provided and transactions are accounted for, and related accounting records --Significant events other than transactions --Report preparation processes --Control objectives and related control activities --Complementary user entities controls --Description of sub-service provider controls REVIEWING --Verify the services provided are consistent with the services received --Understand if there are any significant events that impact the services relied upon
Which of the following audit techniques would most likely provide an auditor with the least assurance about the effectiveness of the operation of a control
Inquiry of entity personnel.
Which of the following audit techniques would most likely provide an auditor with the most assurance about the effectiveness of the operation of a control?
Inquiry of entity personnel.
Identify accounts whose balances were likely based on significant management estimation techniques. Why? (continued)
Intangible assets - goodwill, net • Original value of goodwill was directly impacted by estimates of the underlying market values of assets acquired • Annual assessment of goodwill was impaired Accrued expenses • Expenses incurred, but not yet paid • Mainly estimated reserves for environmental clean-up costs Unearned revenues • Estimation of services that may not yet have been performed by the company even though proceeds were already collected from customers Deferrals • Management assumptions and estimates were necessary to establish end-of-period balances
AICPA Code of Professional Conduct Section 0.300 and Section 1.100 deals with
Integrity and Objectivity
ICFR
Internal Control over Financial Reporting
How are SOC reports evaluated?
Inventory -- Inventory existing outsourced vendor relationships to determine whether third-party assurance may be required Assess -- Assess the key financial reporting risks associated with significant outsourced vendors & identify in-scope service organizations Identify -- Identify relevant reports that have been obtained and determine appropriateness. Identify any additional reports or documents needed to complete the assessment (e.g., bridge letter, management's discussion with the service provider, etc.) Test and conclude -- Assess the adequacy of the SSAE 16 report scope and perform review procedures to evaluate the operational effectiveness of controls relied upon at the service organization
Is it appropriate for auditors to trust executives of a client?
It is not appropriate for auditors to trust executives of a client. AU section 230, auditors should exercise "due professional care in the performance of work", hence apply professional skepticism. The auditor should be impartial to the level of management's honesty and pursue factual evidence to support findings and conclusions.
If the client has hired former auditors, would this affect the independence of the existing external auditors?
It would greatly compromise and possibly impair the existing external auditor's ability to remain independent. On top of having knowledge about the auditor's practice, preexisting relationships could cause bias in the audit outcome.
Which conditions, attitudes, and motivations at Phar-Mor created an environment conducive for fraud could have been identified as red flags by the external auditors?
It's Unwillingness to allow the shortfalls to damage Phar-Mor's appearance of success. They have a great motivation on hiding Phar-Mor's cash flow problems, attracting investors, and making the company look profitable. e.g.,Monus and Finn altered Phar-Mor's accounting records to understate costs of goods sold and overstate inventory and income. In addition to the financial statement fraud, internal investigations by the company estimated an embezzlement in excess of $10 million.
CATCH US IN THE EARLY STEPS OF THE JUDGMENT
Judgement Traps
It is a situation when a particular alternative is used to define a problem in place of a well thought out problem.
Judgement Trigger
Which of the following is not a step in reframing a situation?
Justify the current frame
WHO WAS XEROX'S AUDITOR?
KPMG
• The purported accounting manipulations also engulfed -------, Xerox's auditor, in this scandal.
KPMG
The SEC outlines in Accounting and Auditing Enforcement Release No. 2234 its assessment of the Xerox fraud.
KPMG did not conduct its audits in accordance with GAAS and that it subordinated its judgments to the judgments of Xerox management. KPMG should have exercised more professional skepticism and required stronger evidence from the client to support the accounting assumptions and methods used by Xerox. auditors should take a step back from the details of the audit to question whether the accounting assumptions and methods used by a client in totality fairly represent the economic performance of the company. An auditor should not allow clients to employ accounting assumptions and methods that systematically portray a biased representation of the company's economic performance.
KPMG encourages experienced professionals to take time to coach less experienced professionals through the process of making critical judgments rather than just making those judgments themselves, even though it may take more time to do so. Why is this important?
KPMG takes seriously the development of our people, and on-the-job coaching and mentoring is an essential part of developing the professional judgment of less experienced people. Walking through critical judgments with less experienced professionals enables the less experienced professionals to better understand the elements of a judgment process and how they are applied in difficult accounting and auditing contexts. The KPMG Professional Judgment Framework provides a shared conceptual understanding of good judgment and it facilitates coaching and mentoring and training by providing a common understanding and vocabulary relating to the elements of good judgment as well as the traps and biases that can threaten good judgment.
Hollinger's external audit team was
KPMG, MARYLYN STIT
WHAT CAN WE DO TO DETECT XEROX FRUADULENT ACTIVITIES/HOW DO I KNOW IF CLASSIFIED CORRECTLY
LOOK AT ASSETS AND MAKE SURE THEY HAVE RIGHT DOCUMENTS A SCHEDULE? HOW RECORDED LEASES IN PREVIOUS YEARS AND COMPARE OUTSIDE RESOURCE; LOOK AT HOW A THIRD-PARTY HANDLES LEASES
What is meant by the term level of assurance? How does the level of assurance differ for an audit of historical financial statements, a review, a compilation, and a preparation engagement?
Levels of assurance represent the degree of certainty the practitioner has attained, and wishes to convey, that the conclusions stated in his or her report are correct. Audits of historical financial statements prepared in accordance with accounting standards are one type of examination. They are governed by auditing standards. An audit results in a conclusion that is in a positive form. In this type of report, the practitioner makes a direct statement as to whether the presentation of the assertions, taken as a whole, conforms to the applicable criteria. The level of assurance is high. In a review, the practitioner provides a conclusion in the form of a negative assurance. In this form, the practitioner's report states whether any information came to the practitioner's attention to indicate that the assertions are not presented in all material respects in conformity with the applicable criteria. The level of assurance is limited. A compilation is defined in SSARS as presenting, in the form of financial statements, information that is the representation of management without undertaking to express any assurance on the statements. A preparation engagement is defined in SSARS as a service where the CPA is engaged by the client to prepare or assist in preparing financial statements, but the CPA does not provide any assurance on the financial statements or issue a report, even if the financial statements are expected to be used by, or provided to, a third party.
How can considering multiple judgment frames enhance an auditor's professional skepticism? Explain and give an example.
Looking at an issue through a fresh lens gives auditors the opportunity to look at a situation from a different perspective.
Corrective Control
Maintaining backups of data
Management's written assertion
Management's assertion may be in a separate section of the report or included in the section containing the description of the system. Management's written assertion covers: --The fair presentation of the description of the system --The suitability of the design of controls and verification that they were implemented as of a specific date (type 1) or throughout the period (type 2) --The operating effectiveness of the controls throughout the period (Type II) --The relevant changes to the system throughout the period (Type 2) REVIEWING --Verify management's written assertion in this section mirrors the service auditor's opinion --Verify that there are no qualification in the assertions/modification in the language (i.e., use of "except for" or other exclusionary language --Verify that there are no omissions in description criteria outlined by the aicpa relative to the services provided
What is the name of the mayor who pled guilty to stealing $201,000 from her town? Select one: a. Mary Ella Hixon b. Jane Lewis c. Roberta Green d. Margo Reed
Mary Ella Hixon
Name two other high profile cases where a company has committed fraud by misstating inventory.
McKesson & Robbins Company. There was an non-existing inventory recorded on the financial statement because the auditors did not physically count the inventory on-site. . Crazy Eddie Company.The company went bankrupt because of the overestimation on inventory
What role do metaphors and analogies play in judgment framing, and how can they be used to improve your ability to examine issues through multiple frames?
Metaphors and analogies both play a powerful role in judgment framing. General Barry McCaffrey; general in the united states army, successfully changed the tone toward drug trafficking from changing the metaphor "The War on Drugs" to "Drugs are the Cancer to the Nation." The first metaphor creates a different frame which denotes the combat against drugs; while "drugs are the cancer to the nation" suggest that the drug problem in america is a sickness. This creates a different attitude and hence, different frame.
How can considering multiple judgment frames enhance an auditor's professional skepticism? Explain and give an example.
Multiple judgment frames enhance an auditor's professional skepticism because better judgments can be made from considering the fact that other frames exist; different points of view. "For example, doctors and patients tend to select riskier treatment options when a condition is framed in terms of the odds of dying than when the identical situation is framed in terms of the likelihood of surviving—same situation, but different frames." (KPMG Ch. 3 PG17) If we consider both frames, the odds of dying vs the odds of surviving we can make a better judgment. Hence, the importance of multiple frames.
ENRON STARTED AS A
NATURAL GAS PIPELINE COMPANY
Did KPMG do their Due Diligence when auditing Hollinger International?
NO, however the did minimum requirement
Which of the following statements regarding auditor documentation of the entity's internal control is correct
No one particular form of documentation is necessary, and the extent of documentation may vary. Correct
MISCALCULATION
OVERESTIMATING THE EXTENT TO WHICH THEY WOULD ENGAGE IN SOCIALLY DESIRABLE BEHAVIORS.
What are two common judgment traps?
One of the most common judgment traps is "rush to solve" the tendency to want to immediately solve a problem by making a quick judgment. In addition, judgment triggers; an assumed or inherited issue that can lead the decision maker to skip the crucial early steps in the judgment process.
An audit client has engaged a third-party service organization to host its payroll software package on servers located at the service organization .what options do you have to obtain assurance about the controls embedded in the payroll application?
One option would be for you to visit the service organization to obtain evidence about the design and operating effectiveness of internal controls at the service organization. However, a more efficient option may be for the service organization to engage its auditor to provide a Type 1 report that provides an opinion about the fairness of the description of the service organization's system and opinion about the suitability of the design of the controls in that system. Or, the service organization may engage its auditor to provide a Type 2 report that provides the opinions contained in a Type 1 report, plus an opinion on the operating effectiveness of controls at the service organization.
Unqualified opinion
Opinion issued by a certified public accountant that means the company's financial statements are, in all material respects, in compliance with GAAP; the auditor has no reservations. Contrast with qualified opinion.
Using hindsight, identify factors present at Waste Management that are indicative of each of the three fraud conditions: incentives, opportunities, and attitudes (continued 1)
Opportunities: > Possibility to abuse inherent subjectivity in development of key assumptions to compute depreciation charges • Useful lives & salvage values > Took advantage of judgment-based estimates by failing to reflect known decreases in the value of landfills • Ignored landfill capacity constraints and failed to write-off costs of unsuccessful and abandoned landfill development projects > Took advantage of subjectivity in determination of environmental and other reserve accounts
PCAOB GUIDANCE RELATED TO AUDITOR COMMUNICATION WITH AUDIT COMMITTEES
PCAOB AUDITING STANDARD NO. 1301
Guidance related to auditor communications with audit committees is contained in
PCAOB Auditing Standard No. 1301, "Communication with Audit Committees."
Guidance related to auditor communications with audit committees is contained in PCAOB Auditing Standard.....
PCAOB Auditing Standard No. 1301, "Communication with Audit Committees."
Summarize the key ways to enhance the effectiveness of groups in the context of a fraud risk assessment meeting.
Participants should be asked to prepare ahead of the meeting by generating their own ideas, with the expectation that they will be asked to share their ideas at the meeting.To enhance participation and a sharing of ideas, group members present the ideas they have prepared prior to the meeting with little or no discussion. There should be little or no criticism or evaluation of ideas at this point. Once the ideas are on the table, an open discussion should be facilitated, encouraging those with different or opposing viewpoints to speak up.
Which of the following was NOT one of Diann Canttini's "hobby" jobs after graduating college? Select one: a. Managing a bike shop b. Testing snow skis c. Pet sitting d. Both A and B
Pet sitting
A reliance strategy is chosen when the auditor:
Plans on conducting tests of controls and Has set the control risk at a lower level.
How did Conrad & Radler commit fraud?
Portions of the proceeds due to the Hollinger International shareholders were diverted to Black and Radler through their actions without explicit approval of the board and shareholders.
List OTHER MORTGAGE RELATED CRIMES
Predatory Lending to Subprime Borrowers Illegal Property Flipping Identity Theft
► Are there dangers in removing "bright-line" rules? What difficulties might be associated with such a change?
Problems. Human judgment and discretion are involved.
Within an auditing context, what is professional judgment?
Professional judgment is the process of using relevant training, knowledge, and experience to reach a decision or draw a conclusion in evaluating evidence, estimating probabilities, or selecting between options.
Which of the following statements is true with respect to judgment framing?
Professional skepticism can be seen in terms of challenging a client's judgment frame
Which of the following best describes the relationship between professional skepticism and professional judgment?
Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is part of the process in forming professional judgments.
What are possible reasons why the Andersen partners allegedly allowed Waste Management executives to avoid recording the identified accounting errors.
Public accounting is a highly competitive service-oriented business. - partners may sometimes feel pressure to avoid taking tough stands on a client's accounting choices. - Making a lot of money and want to please their clients , - risk of losing clients to other accounting firms.
What could be the consequences of whistleblowing?
REPERCUSSION FROM SUPERIORS COMPANY WENT BANKRUPT EMPLOYEES LOST THEIR JOBS EVERYBODY MAD LEGAL ISSUES, MEDIA COULD BE HARDER TO GET FUTURE WORK, DON'T WANT THE ATTENTION TEACH SAYS; IN REALITY MOST WHISTLE BLOWERS WILL LOSE THEIR JOB AND WON'T GET HIRED WITHIN THE SAME INDUSTRY PRESSURE FACED BY WHISTLE BLOWER
Miscalibration
Refers to a behavioral bias that results in overconfidence.
Accounting Standard Codification (ASC) No. 850
Related Party Disclosures - requirements for related party disclosures in financial statements.
How could Arthur Andersen assess the reasonableness of those estimates used to create Waste Management's financial statements.
Request information about the sources of data and factors that management used to form assumptions about salvage values and useful lives • Estimate reasonableness of those assumptions Compare information about the useful lives for depreciating classes of assets to similar estimates used by competitors in the waste management industry Analyze disposed assets • Verify if management's estimates of salvage values and useful lives were realistic Rely on judgments by independent experts
Section 404 of Sarbanes Oxley
Requires an SEC reporting company and its internal auditor to test the internal controls that are relevant to its financial reporting. Ie. Stress test
What are some key facts of the WASTE MANAGEMENT case?
Restatements principally related to the calculation of vehicle, equipment, and container depreciation expense and capitalized interest costs related to landfills
indicate one audit procedure the auditor could have used to detect Irregular charges against merger reserves
Review for unusual journal entries and obtain related support
What are two common judgment traps?
Rush to Solve and Judgment Triggers
HOW DID THE COMPANY FIND OUT ABOUT DIANN'S FRAUD
SHE TOLD THEM
1. Independent Service Auditors' Report 2. Management Assertion 3. System Description Overview 4. List of Control Objectives and Controls 5. Other information provided by service organiztion
SOC 1: 5 sections
How did the Sarbanes-Oxley Act of 2002 and related rulings by the PCAOB, SEC or AICPA affect a public company's ability to hire members of its external audit team?
Sarbanes-Oxley Act 2002 limits the ability of corporations to hire employees of their external audit firms. Sox requires a "cooling-off" period of one year, after the audit commencement date, before a member of the auditing team can begin work in a key position with the client.
What Act's procedures were referred to as whistle blowing procedures?
Section 301.4 of The Sarbanes-Oxley Act of 2002
AICPA Trust Services Principles
Security Availability Processing integrity Privacy Confidentiality
Toby Groves worked in which of the following industries?
Select one: a. Banking b. Hedge Fund c. Mortgage d. None of the above
If the financial reporting risks for a location are low and the entity has good entity-level controls, management may rely on which of the following for its assessment?
Self-assessment processes in conjunction with entity-level controls.
SOC Report
Service Organization Control Report
SOC Report scope
Services included
What caused Diann Catinni to finally confess to her employer? Select one: a. Diann wanted to set a good example for her new baby. b. She believed the stress from hiding her fraud was causing her to get sick. c. Diann's husband told her it was the right thing to do. d. Diann's boss held an improptu meeting with her because he noticed money was missing.
She believed the stress from hiding her fraud was causing her to get sick
The auditor must report the following to the audit committee or others charged with governance:
Significant deficiencies and material weaknesses.
How do perceptual biases relate to judgment biases?
Similar to how our minds can be deceived by optical illusions or perceptual biases, there are times when our intuitive judgment falls prey to systematic traps and biases.
How did Toby Grove get caught?
Someone blew the whistle on Toby in 2006.
SOC 2 Report
Sometimes referred to as AT101/performed under standard AT101. Report on Controls at a Service Organization related to compliance or operations and based on Trust Services Principles and Criteria. SOC2 service organization controls must meet the specified Trust Services Principles defined by the AICPA (you can choose one or many), which include: Security Availability Processing Integrity Confidentiality Privacy Reports more on the underlying IT environment
SOC 1 Report key ideas
Sometimes referred to as SSAE16 A report on controls at a service organization which are relevant to user entities' internal control over financial reporting (ICFR) Most applicable when the service provider performs financial transactions processing or supports transaction processing systems Independent assurance that their ____ is being handled in accordance with their expectations. Service organizations determine control objectives and controls to meet the appropriate objectives. Control objectives are defined by the service provider and vary based on the service provided. They are considered restricted use reports and should only be shared with management of the service organization (the company who has the SOC 1 performed), user entities of the service organization (the service organization's clients) and the user entities' financial auditors (user auditors).
Section 201 of the Sarbanes-Oxley Act of 2002:
Statutory insurance company regulatory audits are treated as an audit service, and thus do not require pre-approval.
TRUE OR FALSE: THE RELATED PARTY TRANSACTIONS were approved by Hollinger International's board of directors. these transactions were disclosed in the financial statements
THE RELATED PARTY TRANSACTIONS were never approved by Hollinger International's board of directors. Many of these transactions were not disclosed in the financial statements and they attempted to disguise these transactions from their auditors, KPMG LLP
Judgment is the process of reaching a decision or drawing a conclusion where there are a number of possible alternative solutions TRUE OR FALSE
TRUE
TRUE OR FALSE: AU-C SECTION 230 AND PCAOB AS 1215 REQUIRE THE AUDIT DOCUMENTATION RECORD WHO PERFORMED THE AUDIT WORK AND THE DATE SUCH WORK WAS COMPLETED AND WHO REVIEWED THE DOCUMENTATION
TRUE
TRUE OR FALSE: SEC WANTED KPMG TO CHANGE AUDITING PRACTICES
TRUE
TRUE OR FALSE; · Some of the members of CUC's financial management team were former auditors for Ernst & Young, LLP.
TRUE
TRUE OR FALSE; • The fraud occurred at CUC prior to its merger
TRUE
indicate one audit procedure the auditor could have used to detect · Delayed recognition of membership cancellations and bank rejection of charges made to members' credit card accounts -
Test year-end bank reconciliations.
Complementary sub service organization controls (CSOCs)
The CSOCs need to be specific to the services provided by the service organization's system. The description of the service organization's system needs to describe the subservice organization's responsibility for implementing CSOCs and indicate that the service organization can only achieve the specific control objectives or applicable trust services criteria if the CSOCs are suitably designed and, in a type 2 examination, operating effectively throughout the period.
SOC 1 Report Structure
The Opinion Letter (SOC 1 Qualified Opinion vs. Unqualified) --The first section contains the opinion letter (aka Independent Auditor's Report). The opinion letter outlines the scope of the report (services included), test period (Type 2), or report as-of-date (Type 1) and type of opinion being issued. Management's Assertion --The second section contains an assertion written by management of the service organization that makes a number of management statements including the following: 1) An assertion that the description of the system fairly presents the system 2) The control objectives were suitably designed (Type 1) or suitably designed and operating effectively (Type 2) 3) Discussion of the criteria used to make the assertion. Description of the System --The description of a service organization's system is a description of the services provided that are relevant to user entities ICFR (Internal Control Over Financial Reporting). --The description includes the supporting processes, policies, procedures, personnel, and operational activities that constitute the service organization's services that are relevant to user entities. Description of Tests of Controls and Results of Testing --This is the section that a SOC auditor uses to describe the controls that were tested as part of the examination, the test procedures used for testing the controls and the results of testing. --When reviewing a SOC 1 report, the opinion and the results of testing sections contain the key information necessary to determine whether a service organization's system of internal controls is suitably designed and operating effectively to provide the services. Other Information --Some SOC 1 reports include a section used by service organizations to provide additional information about relevant processes that were not tested within the report such as disaster recovery and business continuity information. The SOC auditor will not express an opinion on the statements made by management within this section.
The tendency of decision makers to make assessments by starting from an initial numerical value and then to adjust insufficiently away from that initial value in forming a final judgment.
The anchoring tendency
service auditor
The auditor of a service organization.
Which of the following statements concerning control deficiencies is true?
The auditor should communicate to management, in writing, all control deficiencies in internal control identified during the audit.
Which of the following is not true?
The auditor should not communicate with management until the audit of internal control over financial reporting is finished.
The Sarbanes-Oxley Act of 2002 requires management to include a report on the effectiveness of ICFR in the entity's annual report. It also requires auditors to report on the effectiveness of ICFR. Which of the following statements concerning these requirements is false?
The auditor should provide recommendations for improving internal control in the audit report.
The tendency for decision makers to consider information that is easily retrievable from memory as being more likely, more relevant, and more important for a judgment.
The availability tendency
What was the goal of Toby's mortgage lending business?
The business made loans to home buyers with the goal of selling the closed loans at a profit on the secondary mortgage market.
What factors in the auditor-client relationship can put the client in a more powerful position than the auditor?
The client can be in a more powerful position than the auditor in the auditor-client relationship if the auditor is trying to sell the client additional services
Who was the external auditor for WASTEMANAGEMENT
The company's financial statements were audited by Arthur Andersen.
What is fundamental to exercising professional skepticism?
The concept of judgment framing or appropriately questioning a client's perspective by viewing the situation through other frames is fundamental to exercising professional skepticism.
The tendency for decision makers to seek for and put more weight on information that is consistent with their initial beliefs or preferences.
The confirmation tendency · once people have adopted a preference or an opinion, they tend to consider and gather information that supports and agrees with their preference. · people tend to seek confirmatory evidence, rather than looking for something inconsistent with their opinions or preferences.
Which of the following statements about internal control is correct
The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system.
Which of the following statements about internal control is correct?
The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system.
Which factors existed during the 1995 through 1997 audits of CUC that created an environment conducive for fraud?
The ethics of upper management played a crucial role in creating an environment of fraud. The CFO, Cosmo Corigliano, believed that the fraudulent way they operated was just what they did in their business, while lower level accountants believed they were simply doing their jobs. The executives also put pressure on employees to maintain earnings and growth to keep stock prices high. Upper level executives were also intimately involved in the reporting process, which allowed them to bypass controls in order to report fraudulent information.
To help prevent or detect the overstatement of inventory, what are some audit procedures that could be effectively employed?
The external audit team should file a physical count report on the inventory. The audit team should have conduct an analytical procedure on the reasonability of the inventory reported. The sample size should be properly adjusted.
Which of the following is not a factor that might affect the likelihood that a control deficiency could result in a misstatement in an account balance?
The financial statement amounts exposed to the deficiency.
What are the risks associated with allowing former auditors to work for a client in key accounting positions? (continued)
The firm shall ensure that no significant connection remains between the firm or a network firm and: a) a former partner who has joined an audit client of the firm; or b) a former audit team member who has joined the audit client if either has joined the audit client as: (i) a director or officer; (ii) an employee in a position to exert significant influence over the preparation of the client's accounting records or the financial statements on which the firm will express an opinion
Describe the 5 Trust Services principals.
The five Trust Services principles include the following: 1. Security - Security practices ensuring that the system is protected against authorized access (both physical and logical). 2. Availability - Availability practices, ensuring that the system is available for operation and use as committed or agreed. 3. Processing Integrity - Processing integrity, ensuring that system processing is complete, accurate, timely, and authorized. 4. Online Privacy - Online privacy practices, ensuring that personal information obtained as a result of e-commerce is collected, used, disclosed, and retained as committed or agreed. 5. Confidentiality - Confidentiality practices, ensuring that information designated as confidential is protected as committed or agreed
What responsibility does an auditor have related to each of these five components?
The five components related to internal controls are: control environment, risk assessment, control activities, information and communications, and monitoring activities. Auditors cannot directly change the control environment, however, they can maintain ethics and values which will show management that they intend to audit correctly, which may scare management straight. Auditors play a large role in risk assessment by identifying inherent and control risks associated with the business. Through this assessment, they decide the nature, extent, and timing of audit activities. Auditors must test control activities to ensure they exist and work in the proper way. Auditors must document extensively throughout an audit, and ensure engagement team members are in constant communication to ensure a complete audit. The auditors must also constantly monitor activities, such as journal entry recording and valuation processes, while communicating deficiencies with upper management.
How did WorldCom perpetrate their fraud?
The fraud at WorldCom involved the erroneous capitalization of billions of dollars of network expenses as assets. · Normal lease operating expenses related to fees paid by WorldCom to local telephone companies for use of their telephone networks were capitalized on the balance sheet.
Monitoring is a major component of the COSO Internal Control—Integrated Framework. Which of the following is not correct in how the company can implement the monitoring component
The independent auditor can serve as part of the entity's control environment and continuous monitoring.
Monitoring is a major component of the COSO Internal Control—Integrated Framework. Which of the following is not correct in how the company can implement the monitoring component?
The independent auditor can serve as part of the entity's control environment and continuous monitoring.
Description of the System
The narrative which includes: -identifying the control environment factors -identifying sub-service providers -identifying user entity control considerations
The tendency for decision makers to overestimate their own abilities to perform tasks or to make accurate diagnoses or other judgments and decisions.
The overconfidence tendency
Control Activities
The policies and procedures that help ensure management directives are carried out (to achieve the defined control objectives)
Which of the following is a proper reason for not conducting tests of controls for nonpublic companies
The procedures require more audit effort than the projected benefits to be obtained from lowering the control risk.
What is the purpose of MANAGEMENT OVERRIDE OF INTERNAL CONTROLS: The Achilles' Heel of Fraud Prevention document
The purpose of this document is to offer guidance to audit committees in addressing the risk of fraud through management override of internal control over financial reporting.
What type of report might a service organization use as a marketing tool to provide potential customers information about the internal controls related to security at the service organization?
The service organization would engage the accountant to issue an SOC 3 report, Trust Services Report for Service Organizations. The SOC 3 report is intended for wide distribution to current or potential users of the service organization. SOC 3 reports are prepared using the Trust Services principles and criteria shown in Table 25-2. Because an SOC 3 report is a general-use report, the service organization is allowed to share the report to current or prospective customers and use it as a marketing tool to demonstrate they have appropriate controls in place to mitigate risks, such as those related to security or privacy.
Which of the following most likely represents a weakness in internal control of an IT system:
The systems analyst reviews output and controls the distribution of output from the IT department.
Describe the availability tendency in your own words, and give an example of how the tendency could result in auditor bias.
The tendency for decision makers to consider information that is easily retrievable from memory as being more likely, more relevant, and more important for a judgment.
Describe the availability tendency in your own words, and give an example of how the tendency could result in auditor bias.
The tendency for decision makers to consider information that is easily retrievable from memory as being more likely, more relevant, and more important for a judgment. An illustrative example would be: An auditor who identified a significant amount of liabilities not recorded on a prior audit is likely to overestimate the likelihood of unrecorded liabilities on a subsequent audit.
Describe the confirmation tendency in your own words, and give an example of how the tendency could result in auditor bias.
The tendency for people making judgments to seek for, and put more weight on, information that is consistent with their initial beliefs or preferences.
Describe the confirmation tendency in your own words, and give an example of how the tendency could result in auditor bias.
The tendency for people making judgments to seek for, and put more weight on, information that is consistent with their initial beliefs or preferences. An illustrative example would be: If management has taken a particular stance in accounting for a complex transaction, and the authoritative standards are not very clear on the subject, the auditor may be likely to find evidence that supports or "confirms" management's treatment of the transaction.
What two main categories of fraud affect financial reporting?
The two main categories of fraud related to financial reporting are fraudulent financial reporting and misappropriation of assets
Which of the following statements about judgment frames is correct?
There is often no single best frame for a given situation.
What red flags were present during the 1995 through 1997 audits of CUC that may have suggested weaknesses in CUC's control environment?
There were many red flags that an auditor should have noticed. These include irregular charges to reserve account, inaccurate coding of services, and adjusting between deferred revenue accounts and immediate revenue accounts. They also established a reserve liability for construction costs and fictitious recording of revenues. All of these red flags show that the controls put in place were not effective in reducing the risk of fraudulent financial reporting.
What happened when Toby and his company moved into mortgage banking?
They were not prepared for the move · Many of the loans that they wanted to sell on the secondary market had problems, such as missing or incorrect documentation. · The loans could not be sold on the market for a profit.
mortgage brokers became short-term lenders
They would borrow from their warehouse line of credit and fund a mortgage loan for a home buyer, and then sell the loan on the secondary market (e. g., to Fannie Mae) for a profit.
What is the primary purpose of the monograph?
To help readers understand professional judgment and to help them improve their judgment abilities.
What is the primary purpose of the KPMG monograph?
To help readers understand the nature of professional judgment and to give them a head start in developing and improving their own professional judgment abilities.
"Fannie Mae" was created for what purpose? Select one: a. To increase liquidity in the market. b. To provide funding for low-income families. c. To provide funding for young adults with student loan debt. d. To provide funding for home buyers in need of a down payment.
To increase liquidity in the market.
What was Toby's motivation for his fraud?
Toby was motivated by a fear of failing.
An offender does not have a plan to engage in a large-scale criminal offense in a slippery slope offense. Select one: True False
True
Internal control includes monitoring of controls. True or False
True
Most public companies must follow Sarbanes-Oxley requirements. True or False
True
One of the risks associated with internal control from IT is potential loss of data. True or False
True
Predatory lending is defined as having high priced loans being marketed to consumers who typically do not have the educational background knowledge to understand the dangers of these types of loans. Select one: True False
True
The establishment of "Fannie Mae" created the secondary mortgage market. Select one: True False
True
True or False Professional skepticism helps to appropriately frame an auditor's mindset.
True
True or False KPMG Professional Judgment Framework provides a good representation of the process we should follow when applying professional judgment, but o it is not necessarily an accurate representation of the processes people follow consistently.
True
True or False: 14 former Anderson employees worked for Waste Management.
True
True or False: To continue to get loans, Toby also had to rely on other people and companies in the real estate industry to help him falsify documents as he began to create documents to get loans on entirely fictitious homes.
True
When auditing a public company, the auditor must form an opinion on the effectiveness of internal control over financial reporting, or issue a disclaimer in the event of a scope limitation. True or False
True
White-collar crimes are either facilitated or inhibited by particular configurations of social, economic, and regulatory conditions. Select one: True False
True
True or False · Not all white-collar crimes are motivated by a desire for gain.
True: They are often motivated by a desire to avoid a loss.
Soc 1, Type 2
Type 2 reports cover a period of time (usually 12 months), include a description of the service organization's system, and test the design and operating effectiveness of key internal controls over a period of time.
•***AU-C 315:
Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
The SEC outlines in Accounting and Auditing Enforcement Release No. 2234 five "undertakings" for KPMG to alter or amend its audit practices.
Undertaking 1 - Oversight of Engagement Partner Changes. Undertaking 2 - Whistle-blowing" Channels of Communication. Undertaking 3 - Consultation Documentation. Undertaking 4 - Audit Evidence Training. Undertaking 5 - Reassessing Departures from GAAP.
Carve out method
Used for sub-service organizations, the process and controls are excluded from the report. The following considerations must be evaluated: --What services are performed by the subservice organization that are relevant to the services offered to the customer? Normally, these services are explained briefly as part of the carve out language within the SOC report. --Does the subservice organization issue a SOC report on the services not included as part of the service organization report? --Does the service organization report or the subservice organization reports contain any exceptions in it? If so, what compensating or mitigating controls are in place to eliminate or reduce the risk associated with the exception? --Have you reviewed the service organization CUEC's to determine whether there are controls within the subservice organization report that address the CUEC's? If not, what additional controls are in place at the user entity (customer) that would mitigate the absence of controls for all of the CUEC's?
Inclusive method
Used for sub-service organizations, the processes and controls are included as part of the report The following considerations must be evaluated: --Is the subservice organization assertion letter included along with the service organization assertion letter? --Are there any exceptions noted within the report? If so, what compensating or mitigating controls are in place to eliminate or reduce the risk associated with the exception?
THE DISTINGUISHING FEATURE BETWEEN ERRORS AND FRAUD IS
WHETHER THE MISSTATEMENT IS INTENTIONAL OR UNINTENTIONAL. ERRORS ARE UNINTENTIONAL MISSTATEMENTS WHILE FRAUDS ARE INTENTIONAL MISTATEMENTS.
What company used depreciation expense to commit fraud
Waste Management
Author Andersen's failure was a result of the firm's loss of reputation as a result of a long string of audit failures. Which companies in our cases was AA the auditor
Waste Management, Enron, and World Com
What role do metaphors and analogies play in judgment framing, and how can they be used to improve your ability to examine issues through multiple frames?
We adopt metaphors or analogies as part of our judgment frames to help us make sense of complex situations. For example: "the war on drugs" versus "a cancer on the nation." Identifying these helps us recognize the frames we are processing our perspectives and judgments in. After understanding our current frame, we can consider alternative frames.
Control Objective
What the service organization wants to achieve
What makes white collar crime difficult to detect and control
White-collar crimes are almost always based in or part of legitimate business activities.
Which company was Bernie Ebbers from who was convinced for his role in the fraud and sentenced to over 20 years in prison. Currently, he is appealing his verdict.
WorldCom
which company had the largest bankruptcy in U.S. history.
WorldCom
What company was a Mississippi- based telecommunications company that grew through aggressive mergers and acquisitions
WorldCom Inc.
which companies used the fraud tactic of capitalizing expenses
WorldCom,
WHY DID ENRON GO BANKRUPT BUT XEROX SURVIVED
XEROX DID NOT LOSE A LOT OF CLIENTS LIKE ENRON DID (THEY DID DIFFERENT TYPE OF BUSINESS)
HOW WAS XEROX FRAUD DETECTED?
XEROX MANIPULATED EARNINGS 1997.1998, 1999. AFTER MANIPULATED 3 YEARS, THEY DIDN'T HAVE RESOURCES FOR PROFIT AFTER THREE YEARS & IN 2000 HAD TO REPORT A LOSS
The accounting manipulations for Xerox centered around its accounting for __________________________ while Enron's centered around its accounting for ______________________________.
XEROX;lease transactions (specifically its estimates of lease revenues), ENRON; investment transactions (specifically its accounting for Special Purpose Entities)
Is Ms. Stitt's testimony about initialing working papers is consistent with the spirit of AU-C 230 and PCAOB AS 1215
Yes, she performed minimum requirement. As Mr. Stitts noted, a reviewer should not initial a working paper until that person is comfortable with the work performed and conclusions reached as documented on the working paper.
DO YOU THINK IF AN ACCOUNTING FIRM PROVIDES AUDIT SERVICE, CAN THEY PROVIDE TECH SERVICE
Yes, they can
Hollinger International case dealt with
a newpaper company with related party transactions that were not disclosed
Service Auditor Report
a report that communicates information about a service organization's controls. Intent is to address various needs and reporting requirements by service organization and provide valuable information to address user needs.
Why did Groves' scheme end? Select one: a. A whistleblower alerted the FBI. b. He confessed to police due to extreme guilt. c. His wife threatened to divorce him if he didn't turn himself in. d. None of the above
a whistleblower alerted the fbi
Which Company had perpetrated fraud prior to combining with Cedant? a. CUC b. HFS
a. CUC
What tendency is most likely manifest in the following situation? An engagement team performed a substantive analytical procedure over an expense account. When investigating a significant difference, the team was satisfied with limited evidence to support the client's plausible explanation (which was in fact incomplete) for the difference. a. Confirmation tendency b. Limited resources c. Overconfidence tendency d. Time pressure
a. Confirmation tendency
Which of the following is NOT recommended when trying to mitigate the risk of bias attributable to the availability tendency? a. Consider the most unusual case b. Make the opposing case c. Consult with others d. Get objective data
a. Consider the most unusual case
Which of the 5 internal controls includes methods and records established to record, process, summarize, and report transactions and events and maintain accountability for assets, liabilities, and equity a. Information and Communication b. Control Environment c. Risk Assessment d. Monitoring e. Control Activities
a. Information and Communication
Within an auditing context, what is professional judgment? a. Professional judgment is the process of using relevant training, knowledge, and experience to reach a decision or draw a conclusion in evaluating evidence, estimating probabilities, or selecting between options. b. Professional judgment is professional skepticism, which is an attitude that includes a questioning mind and a critical assessment of audit evidence. c. Professional judgment is the application of one's experience to make a judgment in the absence of supporting evidence, based on the facts and circumstances of the audit engagement. d. Professional judgment is the construction of a logical justification to support an outcome or conclusion that is otherwise not supported by the available evidence.
a. Professional judgment is the process of using relevant training, knowledge, and experience to reach a decision or draw a conclusion in evaluating evidence, estimating probabilities, or selecting between options.
Fixed Term Mortgages a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.
a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate).
KPMG Professional Judgment Framework includes a. mindset, b. consultation, c. knowledge and professional standards, d. influences and biases, e. refection & coaching f. all above
a. mindset, b. consultation, c. knowledge and professional standards, d. influences and biases, e. reflection & coaching f. all above
Toby Groves expanded into a. mortgage lender b. mortgage broker
a. mortgage lending.
WHAT COULD BE THE SOLUTION (CONTROL) for the following risk of Harley Davidson integrating the suppliers into their system: Suppliers may manipulate the system and take advantage of their increased access to Harley D's purchasing schedules, including increased chance of fraud by suppliers. a. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely b. Requiring suppliers to stay up to date on current technology by purchasing and maintainina. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely b. Requiring suppliers to stay up to date on current technology by purchasing and maintaining hardware and software that is compatible with the new supply chain system that is compatible with the new supply chain system c. The implementation of a system where every transaction is stored electronically, with backups, in a secure area so transactions are available for later review. d. The use of firewalls and such security measures to protect from those attempting to corrupt the integrity of the system.
a. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely
A primary advantage of using generalized audit software packages to audit the financial statements of an entity that uses an IT system is that the auditor may:
access information stored on computer files while having a limited understanding of the entity's hardware and software features.
If auditors conduct substantive procedures as of 10/31 for an entity with a 12/31 year-end:
additional tests likely will be performed in the remaining period.
An auditor's primary consideration regarding an entity's internal controls is whether they:
affect the financial statement assertions
An auditor's primary consideration regarding an entity's internal controls is whether they:
affect the financial statement assertions.
Agreed-upon procedures engagement
an engagement in which the procedures to be performed are agreed upon by the CPA, the responsible party making the assertions, and the intended users of the CPA's report; the degree of assurance provided by the CPA will vary based on procedures agreed to and performed
Service organization control (SOC) report
an engagement where a service organization's auditor reports on internal controls at the service organization, with a type 1 report including information about management's description of the service organization's system and the suitability of the design of the organization's controls while the type 2 report also includes information about the operating effectiveness of those controls
Assessing control risk below high involves all of the following
analyzing the achieved level of control risk after performing tests of controls. Identifying specific controls to rely on. Performing tests of controls.
SOC 1, Type 2 reports issued by the service organization's auditor typically:
assess whether the service organization's controls are suitably designed and operating effectively.
The most important step in avoiding judgment traps and reducing bias caused by subconscious mental shortcuts or self-interest is
awareness
What measures has and/or can the profession take to reduce the potential consequences of this power imbalance?
b) SOX prohibits external auditors from providing certain services to clients including: • bookkeeping or other services relating to the accounting records or financial statements of the audit client; • financial information systems design and implementation; • appraisal or valuation services, fairness opinions or contribution-in-kind reports; • actuarial services; • internal audit outsourcing services; • management functions or human resources; • broker or dealer, investment advisor, or investment banking services; • legal services and expert services unrelated to the audit;
Which sets the tone of the organization towards controls? a. Information and Communication b. Control Environment c. Risk Assessment d. Monitoring e. Control Activities
b. Control Environment
Which of the following best describes a technique to mitigate the confirmation bias? a. Consider the most unusual case b. Make the opposing case c. Consult with others d. Get objective data
b. Make the opposing case
Which of the following best describes the relationship between professional skepticism and professional judgment? a. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is separate and apart from the process of exercising professional judgment. b. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is part of the process in forming professional judgments. c. Professional skepticism is synonymous with professional judgment.
b. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence that is part of the process in forming professional judgments.
WHAT COULD BE THE SOLUTION (CONTROL) for the following risk of Harley Davidson integrating the suppliers into their system: · Suppliers may lack the necessary hardware/software tools to be compatible with HD's system · Suppliers may not know how to operate the system · The suppliers system may lack integrity or quality and may provide inaccurate info to hd's system a. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely b. Requiring suppliers to stay up to date on current technology by purchasing and maintaining hardware and software that is compatible with the new supply chain system c. The implementation of a system where every transaction is stored electronically, with backups, in a secure area so transactions are available for later review. d. The use of firewalls and such security measures to protect from those attempting to corrupt the integrity of the system.
b. Requiring suppliers to stay up to date on current technology by purchasing and maintaining hardware and software that is compatible with the new supply chain system
The confirmation bias is a subconscious tendency to do which of the following? a. Seek evidence that confirms a biased judgment b. Seek evidence that confirms a previously held view c. Underutilize confirmations in the testing of accounts receivable d. Seek evidence that disconfirms a previously held view
b. Seek evidence that confirms a previously held view
· Adjustable Rate Mortgages (ARMs) a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.
b. The interest rate on the loan is adjustable depending on various economic indicators.
Toby began working as a a. mortgage lender b. mortgage broker
b. mortgage broker.
After obtaining an understanding of an entity's internal control system, an auditor may set control risk at high for some assertions because the auditor
believes the internal controls are unlikely to be effective.
After obtaining an understanding of an entity's internal control system, an auditor may set control risk at high for some assertions because the auditor:
believes the internal controls are unlikely to be effective.
In the 1800s-1900s, home buyers were required to put down what percent of the cost of a home, which many could not afford a. 25% b. 33% c. 50% d. 80%
c. 50%
Which of the following best describes a judgment trigger? a. An alternative stated in terms of a judgment objective b.A technique for making effective judgments quickly c. An issue/problem stated in terms of a particular alternative d.A technique for more effectively evaluating another's judgment
c. An issue/problem stated in terms of a particular alternative
WHAT COULD BE THE SOLUTION (CONTROL) for the following risk of Harley Davidson integrating the suppliers into their system: The risk of fraudulent transactions may increase as a result of switching from a paper based supply chain system to an electronic system. Hiding fraudulent transactions may be easier since there is no paper trail of transactions to be reviewed by internal or external auditors. a. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely b. Requiring suppliers to stay up to date on current technology by purchasing and maintaining hardware and software that is compatible with the new supply chain system c. The implementation of a system where every transaction is stored electronically, with backups, in a secure area so transactions are available for later review. d. The use of firewalls and such security measures to protect from those attempting to corrupt the integrity of the system.
c. Control - The implementation of a system where every transaction is stored electronically, with backups, in a secure area so transactions are available for later review.
Which of the following is NOT a step in reframing a situation? a. Challenge the current frame b. Generate alternative frames c. Justify the current frame d. Understand the current frame
c. Justify the current frame
What is the process used by management to identify, analyze, and manage risks relevant to the preparation of the financial statements a. Information and Communication b. Control Environment c. Risk Assessment d. Monitoring e. Control Activities
c. Risk Assessment
Which of the following is not a technique to help an auditor mitigate possible bias stemming from use of a judgment shortcut? a. Be aware of the bias and when you might be vulnerable to it b. Seek disconfirming evidence c. Seek the advice of someone who agrees with your position d. Identify and acknowledge personal preferences
c. Seek the advice of someone who agrees with your position
· Buy-downs a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.
c. The seller subsidizes the borrower for short period of time.
substantive procedures to restrict detection risk for significant transaction classes.
concluding that controls are ineffective.
Control environment
consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance.
a Judgement Trigger can cause people to
create triggers because they are in such a hurry to solve the problem and their judgments are often based on the incomplete facts or understanding. ex. executives clarified the decision problem as "how to get larger quantities of snack products into consumers' homes."
Which of the following is an example of the confirmation bias? a. An auditor improperly concludes on a complex revenue recognition matter without having the appropriate technical accounting background. b.An auditor improperly concludes on the valuation of an investment security by looking at only the most recent sale of the security. c. An auditor improperly concludes on the accounts receivable balance because negative confirmations were sent instead of positive confirmations. d.An auditor improperly concludes a contingent liability is properly stated after examining only the evidence that supported the amount accrued in the financial statements.
d. An auditor improperly concludes a contingent liability is properly stated after examining only the evidence that supported the amount accrued in the financial statements.
WHAT COULD BE THE SOLUTION (CONTROL) for the following risk of Harley Davidson integrating the suppliers into their system: switching to an internet system increases chance of hackers breaking into the system a. · The performance of random audits by outside company to monitor the use of confidential information by suppliers · The implementation of a procedure to discard information after it has been used or to store it securely b. Requiring suppliers to stay up to date on current technology by purchasing and maintaining hardware and software that is compatible with the new supply chain system c. The implementation of a system where every transaction is stored electronically, with backups, in a secure area so transactions are available for later review. d. The use of firewalls and such security measures to protect from those attempting to corrupt the integrity of the system.
d. Control - The use of firewalls and such security measures to protect from those attempting to corrupt the integrity of the system.
What internal control includes management's process to assess the quality of controls a. Information and Communication b. Control Environment c. Risk Assessment d. Monitoring e. Control Activities
d. Monitoring
For any related-party transaction that is required to be disclosed or that is determined to be a significant risk, PCAOB auditing standards dealing with related party issues require the auditor to do each of the following, EXCEPT for a. Evaluating the financial capability of the related parties with respect to their significant responsibilities in connection with the transaction. b. ascertaining that the transaction has been authorized and approved in accordance with the company's established policies. c. Reading applicable underlying documents for consistency with explanations about the business purpose obtained from inquiries and other procedures performed. d. Obtaining a written representation for the company's lawyer that the related-party transaction complies with all applicable laws and regulations.
d. Obtaining a written representation for the company's lawyer that the related-party transaction complies with all applicable laws and regulations.
Which of the following is true with respect to the overconfidence bias? a. Overconfidence is always a conscious bias. b. Overconfidence could result in the consideration of too many alternatives. c. Overconfidence usually decreases with experience. d. Overconfidence could result in engagement team members performing audit procedures that are beyond their skill sets.
d. Overconfidence could result in engagement team members performing audit procedures that are beyond their skill sets.
· Graduated Payment Mortgages a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.
d. Start with low payments that rise over time.
Which of the following describes how the availability tendency is most likely to affect auditors? a. Auditors may first consider different potential causes for an observed fluctuation before seeking the client's explanation with regards to analytical procedures. b.Auditors may rely on information provided by client staff who is most knowledgeable about an audit area rather than the staff most easily accessible. c. Auditors may seek evidence that supports their belief of how a transaction should be accounted for. d.Auditors may weigh more heavily the information that was received most recently from a client relative to information received earlier during the audit.
d.Auditors may weigh more heavily the information that was received most recently from a client relative to information received earlier during the audit.
A control deviation caused by an employee performing a control procedure that he or she is not authorized to perform is always considered a:
deficiency in operation.
· Negative Amortization Loans a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.
e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time.
-approval emails -change tickets -screenshots -reports
evidence documentation includes:
· Subprime mortgages a. Required a certain sized down payment in relation to the value of the loan (called the loan to value rate). b. The interest rate on the loan is adjustable depending on various economic indicators. c. The seller subsidizes the borrower for short period of time. d. Start with low payments that rise over time. e. The payment is less than is needed to pay off the loan over time and so, the loan gradually gets larger over time. f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.
f. Loans made to people who would not normally qualify for regular loans because of their inadequate credit.
True or False Professional skepticism is synonymous with professional judgment
false; it is an important component or subset of professional judgment.
Which industry suffered the greatest losses according to the 2011 Marquet Report on Embezzlement? Select one: a. nonprofit b. government c. financial d. healthcare
financial
Which of the following actions did Groves participate in to continue to get loans for himself and his business? Select one: a. Groves falsified documents. b. Groves signed unauthorized checks. c. None of the above d. Groves created shell companies.
groves falsified documents
Documentation to evidence the Operating Effectiveness of the Controls
identifying whether documentation is maintained to evidence the operating effectiveness of controls
Waste Management used
incorrect vehicle and container salvage values and useful lives assumptions.
· Known as "Fannie Mae" was designed to · $1 billion in funding · Designed to increase liquidity in the mortgage market. · Created the secondary mortgage market. · Created an efficient, fair, and stable system for home loans that worked well for decades.
increase liquidity in the mortgage market.
SOC 1: Other information Provided by the Service Organization
info provided by service organization that is not part of description of controls and is not covered by auditors opinion
Information and communication
initiate, record, process, and report the entity's transactions and to maintain accountability for the related assets
Federal Housing Administration (FHA) was created to
insure mortgage lenders against losses from defaults.
Risk assessment
management's assessment of the risk factors related to the preparation of the financial statements in conformity with appropriate accounting standards. 1. Identify factors that may increase risk, (2) estimate the significance of the risk, (3) assess the likelihood of the risk occurring, (4) determine actions necessary to manage the risk
Monitoring
management's ongoing and periodic assessment of the quality of internal control performance to determine whether controls are operating as inteded
rules requiring accounting firms to retain for seven years certain records relevant to their audits and reviews of issuers' financial statements. Records to be retained include an accounting firm's workpapers and certain other documents that contain conclusions, opinions, analyses, or financial data related to the audit or review.
mandated by section 802 of the Sarbanes-Oxley Act of 2002
He applied for the "no income qualifier" loan and
misstated his income
After the investigation, CUC's 95, 96, 97 earnings were reduced by
more than one-third
How was fraud perpetrated in Hollinger Case
non compete payments paid to Conrad Black & David Radler, part of Hollinger Internationals executive team.
Which is NOT an example of a mortgage fraud? Select one: a. Illegal property flipping b. Predatory lending c. Identity Theft d. None of the above
none of the above
To overcome rush to solve or judgment triggers ask
o "what" and "why" questions. o invest in clarifying the fundamental issues and objectives.
What are the auditor independence issues surrounding the provision of external auditing services, internal auditing services, and management consulting services for the same client? · · Why should auditors NOT be allowed to perform these services?
o Could impair auditor judgment to maintain consulting and/or audit services o Internal audit is best performed by in-house personnel o Multiple viewpoints from different parties will provide benefits to the Company
What are the auditor independence issues surrounding the provision of external auditing services, internal auditing services, and management consulting services for the same client? · Why should auditors be allowed to perform these services for the same client?
o Efficiencies by completing both external and internal audit services o Inefficiencies identified during audit work can be utilized in providing consulting services to improve weaknesses o Familiarity with company policies and procedures
What are "principle-based" accounting standards?
o General guidelines that cover the intent of the standard
In the Rush to Solve Trap
o having a tendency to immediately solve the problem by making a quick judgment. o an individual can sometimes end up in solving the wrong problem. o in rush to solve their problem as soon as possible and often choose the easily available alternative. o settle for a suboptimal outcome because we did not consider a full set of alternatives.
Mindset requires that auditors approach things
o objectively and independently o with inquiring and incisive minds.
The highest-quality and most reliable audit evidence that segregation of duties is properly implemented is obtained by:
observation by the auditor of the employees performing control activities.
Judgement Triggers are
one of the biggest traps we run into during the first couple of steps of the judgment process, which is under-investing in defining the fundamental issue
service organization
perform data processing/computer/IT services, like payroll processing, for various clients
Control activities
policies and procedures that help ensure that management directives are carried out. ex: (1) performance reviews, (2) information processing, (3) physical controls, (4) segregation of duties
Judgement Frames
provide one view that might be quite different from the view through another window facing a different direction.
Section 201 of the Sarbanes-Oxley Act of 2002:
provides that "a registered public accounting firm may engage in any non-audit service, including tax services," that is not expressly prohibited, after audit committee pre-approval.
SOC Report
reports designed to help service organizations build trust and assurance in their service delivery processes and controls. They are used for when one company outsources some portion of their business or technology to another.
Section 302 of the Sarbanes-Oxley Act of 2002 requires
requires a CEO and CFO to certify in each annual and quarterly financial statement report filed with the SEC
SOC 1
restricted use report whose purpose is to report on controls for F/S audits
SOC 2
restricted use report whose purpose is to report on controls related to compliance or operations (security, availability, processing integrity, confidentiality or privacy)
During the three-year period ending December 31, 1996, consolidated _______ were increasing , consolidated _____________ was decreasing in both dollar and percentage terms.
revenues, net income
Bright Line Rules are
rule based
SEC Release No. 33-8180 ''Retention of Records Relevant to Audits and Reviews."
rules requiring accounting firms to retain for seven years certain records relevant to their audits and reviews of issuers' financial statements. Records to be retained include an accounting firm's workpapers and certain other documents that contain conclusions, opinions, analyses, or financial data related to the audit or review.
Preventive Controls
segregation of duties
SOC 1: Independent Service Auditors' Report
service auditors opinion about whether: -mngt description of service organization system is fairly presented -controls included in the description are suitably designed and implemented
Significant deficiencies and material weaknesses must be communicated to an entity's audit committee because they represent
significant deficiencies in the design or operation of internal control.
Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent:
significant deficiencies in the design or operation of the internal control.
What are control activities?
specific policies and procedures established by management
Regardless of the assessed level of control risk, an auditor would perform some:
substantive procedures to restrict detection risk for significant transaction classes.
What did President Roosevelt established as a result of the Great Depression.
the Federal Housing Administration (FHA)
ASB's Auditing Standards (AU-C) Section 540 and the PCAOB's AS 2501
the auditor is responsible for evaluating the reasonableness of accounting estimates made by management in the context of the financial statements taken as a whole.
PCAOBS AS 2410 describes
the auditor's responsibilities with respect to identifying related party relationships and transactions.
How did Author Anderson aid in the Waste Management fraud?
the auditors who secretly signed an agreement with company management to cover the fraudulent actions over time
Why did Waste Management perpetrate fraud?
the company was feeling pressure from the effects of changes that were occurring in its markets and in the environmental industry. intense competition, primarily in the pricing and rendering of services
Management philosophy and operating style most likely would have a significant influence on an entity's control environment when:
the entity does not have sound personnel policies for hiring, training, and evaluating competent individuals.
By 1970, there was a concern about lack of competition in the mortgage industry, so..
the federal government created the Federal Home Loan Mortgage Corporation (Freddie Mac) to provide for more competition in the secondary mortgage market.
Service Organization
the host of companies that provide critical, third-party outsourcing services to other companies
What is management override of internal controls
the intervention by managers in the approval and/or processing of transactions that is contrary to an entity's internal control system.
What is auditor's objective when evaluating accounting estimates under (AU-C) Section 540 and the PCAOB's AS 2501
to obtain sufficient appropriate evidential matter to provide reasonable assurance that: 1. All accounting estimates that could be material to the financial statements have been developed. 2. Those accounting estimates are reasonable in the circumstances. 3. The accounting estimates are presented in conformity with applicable accounting principles and are properly disclosed.
A walkthrough is one procedure used by an auditor as part of the internal control audit. A walkthrough requires an auditor to:
trace a transaction from each major class of transactions from origination through the entity's information system until it is reflected in the entity's financial reports.
In order to help his business, Groves applied for a "no income qualifier" loan when he started losing his clients' money. Select one: True False
true
In order to help his business, Groves applied for a "no income qualifier" loan when he started losing his clients' money. Select one:True or False
true
true or false: Toby Groves was Founder and president of Groves Funding Corp
true
An auditor's flowchart of an entity's accounting system is a diagrammatic representation that depicts the auditor's:
understanding of the system.
SOC 1 Type 2*
user entities requesting which type of SOC report as the industry norm
CUC
was a direct marketing company with shopping, travel, automobile, and entertainment clubs serving over 68 million members worldwide.
HFS
was a franchisor of hotel, rental car, and real estate franchises such as Ramada, Days Inn, Avis, and Century 21.
• WHO RAISED Concerns about the XEROX accounting manipulations
were raised internally by Xerox managers and KPMG.
Asset misappropriation fraud happens
when people who are entrusted to manage the assets of an organization steal from it.
"Fannie Mae"
with $1 billion in funding, Fannie Mae, created an efficient, fair, and stable system for home loans that worked well for decades.
The Professional Judgment Framework depicts constraints, influences, and biases that threaten good judgment with
with the box on the outer rim of the Framework labeled "Environment" and the triangle at the top labeled "Influences/Biases."
Au-C Section 200, "Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with GAAS" requires
· "Due Professional Care in the Performance of Work," both note that professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. Professional skepticism requires the auditor to use the knowledge, skill, and ability called for by the profession of public accounting to diligently perform, in good faith and with integrity, the gathering and objective evaluation of evidence. KPMG's reliance on "'silence" as evidence does not appear to be consistent with concepts of a questioning mind and critical evaluation of audit evidence described in AU-C200 and in PCAOB AS 1015.
Based on your understanding of the concept of "related transactions" why would the non-compete payments describe in the Hollinger case be considered a "related party transaction ?"
· ASC No. 850 includes an entity's management as a related party. - Conrad Black's service as Chairman and Chief Executive Officer of Hollinger International and David Radler's service as Chief Operating Officer mean that both Black and Radler would be considered related parties.
Based on your review of requirements in auditing standards related to auditor documentation why must auditors prepare audit documentation ?
· AU-C Section 230 and PCAOB AS 1215 require that the audit documentation record who performed the audit work and the date such work was completed and who reviewed specific audit documentation and the date of such review. Each working paper does not need to include specific evidence of review. But, it should be clear from the audit documentation who reviewed specified elements of the audit work performed and when. · Ms. Stitt's testimony about initialing working papers is consistent with the spirit of AU-C 230 and PCAOB AS 1215. As she noted, a reviewer should not initial a working paper until that person is comfortable with the work performed and conclusions reached as documented on the working paper.
What changes should the profession make to eliminate these obstacles of auditor making tough decisions that may be contrary to their clients position?
· Auditors need to be committed to putting the public interest first. · Need to be upfront with each client. · Reformulate their performance evaluation and compensation practices. · Require national approval for complex or aggressive accounting positions. · SOX 2002 prohibits non-audit service.
Section 201 of the Sarbanes-Oxley Act of 2002 makes it 'unlawful' for a registered public accounting firm to provide any non-audit service to an issuer contemporaneously with the audit including:
· BOOKING OR OTHER SERVICE RELATED TO THE ACCOUNTING RECORDS OR FINANCIAL STATEMENTS OF THE AUDIT CLIENT · FINANCIAL INFORMATION SYSTEMS DESIGN AND IMPLEMENTATION · APPAISAL OR VALUATION SERVICES, FAIRNESS OPINIONS OR CONTRIBUTION IN KIND REPORTS · ACTUARIAL SERVICES · INTERNAL AUDIT OUTSOURCING SERVICES · MANAGEMENT FUNCTIONS OR HUMAN RESOURCES · INTERNAL AUDIT OUTSOURCING SERVICES · LEGAL SERVICES AND EXPERT SERVICES UNRELATED TO THE AUDIT
GIVEN THE TECHNOLOGY LINKAGES BETWEEN BUSINESS PARTNERS IN EBUSINESS SYSTEMS, HOW MIGHT AN EBUSINESS SYSTEM LIKE HD'S INCREASE BUSINESS RISKS FOR ITS BUSINESS PARTNERS?
· COSTS TO BE A PARTNER MAY MAKE DOING BUSINESS WITH HD LESS PROFITABLE · INFORMATION FROM HD MAY NOT PROVIDE RELIABLE FORCASTS FOR SUPPLIERS TO MANAGE THEIR INVENTORIES EFFICIANTLY · HD MAY TAKE ADVANTAGE OF ITS DOMINANCE IN THE NEGOTIATION POSITION AND THE INTERNET ARRANGEMENT MAY INCREASE COMPETITIVE PRESSURES ON SUPPLIERS · BUSINESS RELATIONSHIPS WITH OTHER CUSTOMERS MAY SUFFER DUE TO LACK OF RESOURCES (TIME, ENERGY & RESOURCES FOCUSED ON MEETING HD'S REQUIREMENTS o DEPENDANCE ON HD AS A KEY CUSTOMER-LESS DIVERSIFIED CUSTOMER BASE · COULD LOSE SOME AUTONOMY AND FREEDOM AS HD MAY EXCERCIZE INFLUENCE OVER THEIR BUSINESS DECISIONS o SPECIALIZING IN HD PARTS MAY CREATE THE NEED FOR BUSINESS PARTNERS TO DEPART FROM BUSINESS PLANS AND STRATAGIES THAT WERE ONCE SUCESSFUL o PARTNERS MAY FIND THE NEED TO SPECIALIZE AND DROP SOME LINES OF BUSINESS IN ORDER TO PRODUCE THE QUANTITY OF PARTS NEEDED BY HD
If the client has hired former auditors, how might this affect the independence of the existing external auditors?
· Close personal relationship between former and current auditor · Current auditors may rely too much on the representations made by their former colleague · Former auditor will be intimately familiar with audit procedures and approaches • Increases the potential for successfully hiding an accounting fraud or mismanagement of funds
• ***AU-C 240: Consideration of Fraud in a Financial Statement Audit
· Fraud definition · Fraud risk factors (incentive to perpetrate , opportunity, rationalization to justify) · Basic requirement: professional skepticism (identify & assess the risk of material misstatement, obtain sufficient evidence, respond appropriately to fraud)
How did Toby's company lose money that belonged to his clients.
· Funds that had been placed into escrow to cover insurance premiums and taxes was being used to cover ordinary business expenses. · Resulted in approximately $250,000 losses to the clients.
For each misstatement identified in CUC, indicate one management assertion that was violated.
· Irregular charges against merger reserves - Occurrence or accuracy of revenues, Completeness or accuracy of expenses, Valuation or existence of merger reserves. · False coding of services sold to customers - Classification of revenues Valuation of deferred revenues. · Delayed recognition of membership cancellations and bank rejection of charges made to members' credit card accounts - Occurrence of revenues Existence or valuation of cash.
what is run on the bank? Did this occur with Enron and Arthur Anderson?
· It occurs when customers/institutions panic that their bank will go bankrupt, losing the funds they deposited. As a result, many customers will withdraw their savings within a very narrow time frame resulting in the bank becoming insolvent. Yes
Based on your review of the transcript about the audit committee meeting, describe whether you believe KPMG exercised due professional care in pursuing this issue with Hollinger International's Audit Committee. Did KPMG accomplish the intent of auditing standards? What could KPMG have done differently with respect to this issue during this meeting?
· KPMG did not explicitly inquire of the Audit Committee. · One might question whether KPMG exercised due professional care in pursing resolution of the non-compete payments with the Audit Committee during its meeting with them on Feb.20, 2002. · Ms. Stitt noted and interpreted " their silence as meaning that they had- they had - considered them before and they had been approved." o Should have obtained audit evidence that they were approved
LIST OF KPMG'S FAILURES IN XEROX CASE
· KPMG failed to inform Xerox's Board of Directors or its Audit Committee about illegal acts that had or may have occurred or that otherwise came to its attention. · KPMG's U.S. audit partners received warnings from member KPMG firms in Europe, Brazil, Canada, and Japan that some of the accounting assumptions and methods used by Xerox were not based on adequate evidentiary support. KPMG also received warnings from KPMG's Rochester, NewYork office. · KPMG recommended that Xerox test the accounting assumptions underlying the recording of sales- type leases but Xerox management did not test and KPMG did not require Xerox management to test the underlying assumptions. · KPMG did not require Xerox management to provide competent corroborating evidence to support the assumptions used to record the sales-type leases. · KPMG did not adequately test the assumptions underlying the sales-type leases recorded by Xerox's management. · KPMG did not identify as a material internal control deficiency Xerox management's inability to estimate the fair value of its products for sales-type leases. · KPMG did not require Xerox management to disclose material changes in accounting estimates used to report sales-type leases. · The discount rates used by Xerox management to calculate fair value of sales-type leases were not supported by market rates. · KPMG partners concluded Xerox's margin normalization method was not consistent with GAAP and that there was not adequate corroborative evidence to support the margin normalization approach. · KPMG partners concluded that Xerox management used the margin normalization method to engage in quarter-end transactions to "bridge the gap" (between reported earnings and analyst earnings expectations) and made last minute adjustments to the normalization method to limit KPMG's ability to review and test changes. · Xerox management had imposed restrictions on the discussions that KPMG staff could have with Brazil and Europe managers regarding the margin normalization method. · KPMG partners knew that Xerox management had reduced the non-GAAP revenue recognition of lease price increases and extensions to below materiality for the consolidated statements for 1999 and allowed Xerox management to recognize revenue for the non-GAAP application in prior years because it was "an immaterial misapplication of GAAP."
• What red flags were present during the 1995 through 1997 audits of CUC that may have suggested weaknesses in CUC's control environment?
· Lack of appropriate board oversight. · The aggressive management philosophy and operating style. o Aggressive accounting practices o Emphasis on meeting analyst expectations
When assessing the likelihood fraud the auditor should consider:
· Management's incentives/PRESSURE (are there industry conditions or operating characteristics putting pressure on management to perpetuate a fraud?) THIS IS INSIDE FACTOR · Management's opportunity (are there significant accounts requiring subjective estimates, is the control environment weak, are controls inadequate?) · Management's attitude (is or has management exhibited questionable behavior in the past?) - UPPER LEVEL BUSINESS INCENTIVES BASED ON REVENUE - CREDIT IMPORTANT - OUTSIDE PRESSURE TO MAINTAIN
IMPORTANT!!! SUMMARIZE THE PRIMARY AUDITOR RESPONSIBILITIES IN THE PCAOB'S AS 2410 REGARDING THE AUDITORS RESPONSIBILITIES WITH REPECT TO IDENTIFYING RELATED PARTY RELATIONSHIPS AND TRANSACTIONS.
· OBTAINING AN UNDERSTANDING OF THE COMPANY'S PROCESS FOR IDENTIFYING, AUTHORIZING, APPROVING, ACCOUNTING FOR AND DISCLOSING RELATED PARTY TRANSACTIONS · PERFORMING INQUIRIES OF MANAGEMENT REGARDING THE NAMES OF RELATED PARTIES AND THEIR KNOWLEDGE OF THE EXISTENCE OF RELATIONSHIPS AND TRANSACTIONS WITH RELATED PARTIES · COMMUNICATING WITH THE AUDIT ENGAGEMENT TEAM AND OTHER AUDITORS ABOUT INFORMATION CONCERNING RELATED PARTIES AND THE NATURE OF RELATIONSHIPS WITH RELATED PARTIES TRANSACTIONS WITH THOSE PARTIES.
What is the overall purpose of an auditor's communications with those charged with governance?
· Obtain certain information from the audit committee relevant to the audit · Establish an understanding of the terms of the audit engagement with the audit committee and to record that understanding in an engagement letter.
What is the overall purpose of an auditor's communications with those charged with governance?
· Obtain certain information from the audit committee relevant to the audit. · Establish an understanding of the terms of the audit engagement with the audit committee and to record that understanding in an engagement letter. · Encourage two-way communication between the auditors and the audit committee.
What are the auditor's responsibilities with respect to identifying related party relationships and transactions according to AS 2410?
· Obtaining an understanding of the company's process for identifying, authorizing, approving, accounting for and disclosing related party relationships and related party transactions. · Performing inquires of management regarding the names of related parties and their knowledge of the existence of relationships and transactions with related parties. · Communicating with the audit engagement team and other auditors about information concerning related parties and the nature of relationships with related parties and transactions with those parties.
Why do audit partners struggle with making tough decisions that may be contrary to their client's position on an issue?
· Public accounting is a highly competitive, service-oriented business. · In the business of making money.
Provide an example where management override occurred in the Cendant fraud.
· Recording irregular charges against merger reserves. · Recording cash received from customers for deferred revenue recognition programs as cash received from customers for immediate revenue recognition programs. · Delaying the recording of membership cancellations and bank rejection of charges made to customer's credit cards.
What has been done, and what more do you believe should be done to restore the public trust in the auditing profession and in the nation's financial reporting system?
· SOX 2002 Act. Attempts to restore confidence. · PCAOB creation. End self-regulation. Audit auditors. · NYSE and NASDAQ instituted several reforms to strengthen corporate government.
WHAT ARE SOME NEW BUSINESS RISKS FACING HARLEY DAVIDSON AS A RESULT OF INTEGRATING EBUSINESS INTO ITS SUPPLY CHAIN MANAGEMENT SYSTEM AND BY ALLOWING SUPPLIERS TO HAVE ACCESS TO THE COMPANY'S INTRANET?
· SUPPLIERS MAY VIOLATE CONFIDENTIALITY AGREEMENTS AND LEAK INFORMATION TO COMPETITORS · SUPPLIERS MAY NOT EFFECTIVELY INTERPRET THE INFORMATION BEING PROVIDED TO PROPERLY SCHEDULE THE DELIVERY OF PARTS · AN EMPLOYEE OF ONE OF THE SUPPLIERS MAY HAVE CONFLICTING JOB RESPONSIBILITIES THAT CREATE AN INCENTIVE TO COMMIT FRAUD · SUPPLIERS MAY MANIPULATE THE SYSTEM AND TAKE ADVANTAGE OF THE INCREASED ACCESS TO HD'S PURCHASING SCHEDULES, INCLUDING INCREASED POSSIBILITY OF FAUDULENT ACTIONS BY SUPPLIERS · SUPPLIERS MAY NOT BE UP TO PAR IN TERMS OF BEING COMPATIBLE WITH HD'S INTERNET BASED SYSTEM (THEY MAY LACK THE NECESSARY HARDWARE & SOFTWARE TOOLS. IN ADDITION, SUPPLIERS MAY NOT HAVE THE "KNOW HOW" TO OPERATE THE SYSTEM. FINALLY, A SUPPLIERS SYSTEM MAY LACK INTERGRITY & QUALITY, AND MAY PROVIDE INACCURATE INFORMATION TO HD'S SYSTEM · THE RISK OF FRAUDULENT TRANSACTIONS MAY INCREASE AS A RESULT OF SWITCHING FROM A PAPER BASED SUPPLY CHAIN MANAGEMENT SYSTEM TO AN ELECTRONIC SYSTEM. HIDING SUCH TRANSACTIONSMAY BECOME EASIER SINCE THERE IS NO PAPER BASED AUDIT TRAIL OF TRANSACTIONS TO BE REVIEWED BY INTERNAL OR EXTERNAL AUDITORS · SWITCHING TO AN INTERNET BASED SYSTEM INCREASES THE RISK OF HACKERS BREAKING INTO THE SYSTEM
Based on your overview of the auditor's communication responsibilities, why was it appropriate for KPMG to discuss related party transaction with Hollinger International's Audit Committee?
· Significant event (involving CEO & COO) · Material transactions (more than $85 million) · Disagreement between Hollinger International's management team and KPMG as to whether the transactions constituted related party transactions.
Based on your overview of the auditor's communication responsibilities, why was it appropriate for KPMG to discuss the related party transactions with Hollinger International's Audit Committee?
· Significant event (involving CEO & COO) · Material transactions (more than $85 million) · Disagreement between Hollinger International's management team and KPMG as to whether the transactions constituted related party transactions.
What does PCAOB AS 2410, Related Parties, say about communications with audit committees?
· The identification of related parties or relationships or transactions with related parties that were previously undisclosed to the auditor · The identification of significant related party transactions that ha ve not been authorized or approved in accordance with the company's established policies or procedures. · The identification of significant related party transactions for which exceptions to the company's established policies or procedures were granted. · The inclusion of a statement in the financial statements that a transaction with a related party was conducted on terms equivalent to those prevailing in an arm's length transaction and the evidence obtained by the auditor to support or contradict such an assertion · The identification of significant related party transactions that appear to lack a business purpose.
In the "slippery slope offense"
· The offender does not have a grand plan to engage in a large scale criminal offense. · The initial offense is viewed as a temporary and short term solution to a crisis that the offender is experiencing.
WHAT KIND OF ITEMS DID XEROX USE TO CREATE FRAUD
· USED LEASE TO MANIPULATE RECOGNITION · USING LEASING BUNDLES AND RECOGNIZING THE SERVICE AND FINANCE RECOGNIZE UP FRONT TO INCREASE REVENUES UP FRONT o LEASES ARE MORE COMPLICATED/ RULES KEEP CHANING SO EASIER TO MANIPULATE · BECAUSE OF COMPLICATION OF RULES, MANAGERS CAN MANIPULATE THE LEASE
Describe areas in which the CUC EXTERNAL auditors needed to exercise professional judgment?
· Whether they had sufficient and appropriate evidence in regards to: Recognition of charges against merger reserves Recognition of revenues related to services purchased by customers Recognition of customer nonpayment or cancellation of services Type of future expenditures included in a merger reserve Time frame that should be used to recognize different types of service revenues · The level of reserve needed at year-end related to customer service cancellation or nonpayment.
Who should oversee Whistleblower programs and how it is handled?
· Whistleblowers programs should be overseen by the board's audit committee. Confidentiality and trust. e.g., culture: valuable contribution · Submission of complaints are automatically and directly submitted to the audit committee. Role of third-party vendors to administer the whistleblowing program. o Can provide telephone or internet-based hotline for reporting complaints • Internal audit is an effective monitor of the whistleblower program
Professional skepticism is
· an objective attitude that includes a questioning mind and · a critical assessment of audit evidence.
At the bottom of the Professional Judgment Framework, you will see Knowledge and Professional Standards,
· as these factors are foundational to quality judgments.
Which of the following statements about judgment frames is correct? · a. A situation cannot have more than one appropriate frame. · b. There is often no single best frame for a given situation. · c. Frames are not used by risk averse individuals. · d. Professionals should eliminate the use of frames from their judgment processes.
· b. There is often no single best frame for a given situation.
Judgment Frames are
· mental structures that we use, · usually subconsciously, · to simplify, organize, and · guide our understanding of a situation. They shape our perspectives and determine the information that we will see as relevant or irrelevant, important or unimportant.
What are the four common judgment tendencies that are most applicable and important for audit professionals:
· the availability tendency, · the confirmation tendency, · the overconfidence tendency, and · the anchoring tendency.
Could the board of directors at Enron-especially the audit committee—have prevented the fall of Enron through Corporate Governance
·yes Board of Directors take steps to: o Strengthen Oversight o Strengthen Independence
ASC 805/810: Business combinations
• Acquisition method • Identifiable assets & liabilities, non-controlling interest • Gain/goodwill from a bargain purchase • Reverse acquisition • Common control • Taxation issues
► ASC 805/810: Business combinations
• Acquisition method • Identifiable assets & liabilities, non-controlling interest • Gain/goodwill from a bargain purchase • Reverse acquisition • Common control • Taxation issues
Would the provisions of Section 302 of the Sarbanes-Oxley Act of 2002 have deterred the actions of Scott Sullivan, CFO at WorldCom?
• Alerted senior management to the importance of the financial reporting process. • The penalties issued by the SEC in its final rules issued to implement the provisions of Section 302 significantly extend the criminal penalties associated with violating the provisions of Section 302.
Under Section 302 of the Sarbanes-Oxley Act of 2002, The signing officers are required to disclose to its auditors and the audit committee:
• All significant deficiencies in the design or operation of internal controls and all material weaknesses identified • Any fraud, whether or not material, that involves management or other employees who have a significant role in the company's internal controls. The signing officers have indicated in the report whether there were any significant changes in internal controls that could significantly affect internal controls subsequent to the date of their evaluation.
Section 406/407 of Sarbanes Oxley: code of ethics
• At least one "audit committee financial expert" serving on its audit committee, whether she is independent from the management team • Whether it has adopted a code of ethics that applies to primary executive
• What responsibility does an auditor have to detect material misstatements due to errors and fraud?
• Auditors are required to plan and perform audit engagements to provide reasonable assurance that the financial statements are free of material misstatement, whether the result of error or fraud.
HOW DID CUC PERPETRATE THE FRAUD
• CUC inflated their earnings by recording fictitious revenues and reducing expenses • CUC made irregular charges against merger reserves, falsely coded cash, delayed recognition of membership cancellations and credit card rejections • CUC encouraged employees to conceal information from the auditors
Factors that existed during the 1997 through 2000 audits of Xerox that created an environment conducive to fraud include:
• Changing business environment for document processing products (transition to color documents, digital technology, network connected devices, and electronic documents), • Increasing competition from foreign competitors, • Investment climate of the 1990s for public companies to continuously report revenues and earning growth, • Need for Xerox to maintain high credit rating to obtain the funds necessary to internally finance customer purchases, • Linkage of senior management compensation to increasing revenues and earnings, • Negative operating cash flows. • Complexity and subjectivity of accounting related to lease transactions. • Management's use of aggressive accounting practices to increase revenues and earnings, • Senior management's view of accounting manipulations as accounting opportunities, • Senior management's disregard for accounting concerns raised by non-senior managers.
Steps to Strengthen Independence include
• Director independence. Outside director free of material financial ties to the company. • Audit committees. Oversee financial statements and accounting practices and hire and fire the outside auditor. • Auditors. Prohibit external auditors providing non-audit services.
WHO DISCOVERED THE FRAUD BY CUC?
• Discovered by HFS personnel early in 1998
What obstacles do Whistleblowers face as a result of bringing the inappropriate actions of others to light
• Doubt as to whether their claims are accurate. • Disgruntled individuals responding to an emotional reaction • Consequences of whistleblowing • Personal losses • Legal issues
What are the things to consider when thinking of bringing forward a potential fraud?
• Ensure a clear understanding of the facts give rise to the concern. Avoid premature "claims". • Gather evidence. • Consider approaching his or her superiors for a chance of additional information. • Follow established company procedure. • If necessary, outside legal counsel
Which factors existed during the 1995 through 1997 audits of CUC that created an environment conducive for fraud?
• Excessive emphasis of CUC management on meeting analyst expectations. • Management's focus on maintaining a strong stock price • Provide opportunities to use CUC stock to acquire and merge with other companies. • The use of overly aggressive accounting practices. • CUC's rapid growth • Lack of board oversight because of the close financial ties of four of the directors with Walter Forbes, chairman and chief executive officer.
Describe techniques Andersen auditors could have used to assess the reasonableness of those estimates used to create Waste Management's financial statements.
• First, the auditors could have requested information about the sources of data and factors that management used to form the assumptions about salvage values and useful lives to evaluate the reasonableness of those assumptions. • Second, the auditors could have compared information about the useful lives for depreciating classes of assets to similar estimates of useful lives used by competitors in the waste management industry. • Third, the auditors could have performed an analysis of recent property and equipment disposals to determine whether asset disposals were consistently occurring within time periods shorter than the estimated useful lives and at disposal amounts less than salvage value assumptions. Such a retrospective analysis of management's estimates of salvage values and useful lives may have identified a consistent bias in management's assumptions of those items. • Fourth, given the specialized nature of many of the property and equipment items used in the waste management industry, the auditors may have benefited from the judgments of independent specialists knowledgeable of those kinds of assets.
What two main categories of fraud affect financial reporting?
• Fraudulent financial reporting • Misappropriation of assets.
What factors should an auditor consider when evaluating the control environment?
• Integrity and ethical values • Commitment to competence • Board of directors and audit committee participation • Management's philosophy and operating style • Organizational structure • Assignment of authority and responsibility • Human resource policies and practices
According to professional standards, what are the organizational reporting lines of authority appropriate for an effective internal audit function within an organization?
• International Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors (www.theiaa.org, section 1110): "The chief audit executive should report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. The chief audit executive must confirm to the board, at least annually, the organizational independence of the internal audit activity" (see Section 1110 of those standards). Those standards note in the Interpretation of Section 1110 that "Organizational independence is effectively achieved when the chief audit executive reports functionally to the board." • Most recommend that internal audit report directly to the audit committee of the board of directors. Because of its independence from top management, the audit committee can effectively ensure that internal audit's scope is not restricted by top management and that the findings are addressed appropriately by top management. While internal audit reports functionally to the audit committee on matters related to audit scope and findings, often internal audit reports administratively to the CEO.
What are Pitfalls of a whistleblower hotline?
• Occur whenever the perception of confidentiality or anonymity is breached. • Employees don't believe that appropriate follow-up actions will be taken. • Management's over-involvement in the process.
WHO PARTICIPATED IN THE CUC FRAUD?
• Over twenty CUC employees participated in the fraud including Cosmo Corigliano, CFO and Anne Pember, controller
Steps to Strengthen Oversight include;
• Prohibit high risk accounting practices. • Prohibit off-the books activity. • Prevent excessive executive compensation. • Prohibit external auditors to provide internal auditing or consulting services.
Section 404 of Sarbanes Oxley requires the following reporting on Internal Controls
• Scope & adequacy of internal control structure, procedures • Assessment on the effectiveness of them • In the same report, auditor(s) attest and report on their assessment of internal control structure and procedure
SOX section 802: Criminal penalties for altering documents
• Seven years record (workpapers, conclusions, opinions, analyses, financial data) • Fines and/or up to 20 years jail time
HOW DID XEROX PERPETRATE FRAUD?
• The accounting manipulations used by Xerox centered primarily around its lease transactions. XEROX overstated revenues by $3 billion and pre-tax earnings by $1.5 billion over the reporting period 1997 through 2000.
What are the (AU)240 Section procedures required by auditors to further address the risk of management override of internal controls?
• The three mandated procedures required by (AU) Section 240. 1. Examine journal entries and other adjustments for evidence of possible material misstatement due to fraud. 2. Review accounting estimates for biases that could result in material misstatement due to fraud. 3. Evaluate the business rationale for significant unusual transactions to determine whether the transactions may have been entered into to engage in fraudulent financial reporting.
Under Section 302 of the Sarbanes-Oxley Act of 2002, the CEO & CFO must
• They have reviewed the report • That, based on the signing officer's knowledge, the report does not contain any untrue statements of material fact or omit any material fact necessary to make the report misleading. • The financial statements, based on the officer's knowledge, are fairly presented. • The signing officers: • Are responsible for establishing and maintaining internal controls • Have designed such internal controls to ensure that material information related to the company and its subsidiaries is made known to those officers by others in the entity. • Have evaluated the effectiveness of internal controls as of a date within 90 days prior to the report • Have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.
What are the required auditor responses to further address the risk of management override of internal controls?
• Three mandated procedures required by (AU) Section 240. 1. Examine journal entries and other adjustments for evidence of possible material misstatement due to fraud. 2. Review accounting estimates for biases that could result in material misstatement due to fraud. 3. Evaluate the business rationale for significant unusual transactions to determine whether the transactions may have been entered into to engage in fraudulent financial reporting.
WHAT WAS HAPPENING IN XEROX INDUSTRY?
• Xerox was experiencing significant technological change in the document industry (including changes from black and white to color capable devices, from stand alone to network-connected devices, from light- lens and analog technology to digital technology, and from paper to electronic documents.) • Xerox was experiencing increased competition from foreign competitors. • The investment market exuberance of 1990s created high expectations for all companies to report revenue and earnings growth. • The credit market and Xerox's compensation system was creating pressure to report revenues and earning growth.
ASC850 defines related parties as:
■ Affiliates of the enterprise ■ Entities for which investments are accounted for by the equity method by the enterprise ■ Trusts for the benefit of employees, such as pension and profit-sharing trusts that are managed by or under the trusteeship of management ■ Principal owners of the enterprise; its management; members of the immediate families of principal owners of the enterprise and its management; and other parties with which the enterprise may deal if one party controls or can significantly influence the management or operating policies of the other to an extent that one of the transacting parties might be prevented from fully pursuing its own separate interests. ■ Another party is also is related party if it can significantly influence the management or operating policies of the transacting parties or if it has an ownership interest in one of the transacting parties and can significantly influence the other to an extent that one or more of the transacting parties might be prevented from fully pursuing its own separate interests.
How did Waste Management commit fraud?
■ Avoided depreciation expenses on their garbage trucks by both assigning unsupported and inflated salvage values and extending their useful lives, ■ Assigned arbitrary salvage values to other assets that previously had no salvage value, ■ Failed to record expenses for decreases in the 'value of landfills as they were filled with waste, ■ Refused to record expenses necessary to write off the costs of unsuccessful and abandoned landfill development projects, ■ Established inflated environmental reserves (liabilities) in connection with acquisitions so that the excess reserves could be used to avoid recording unrelated operating expenses, ■ Improperly capitalized a variety of expenses, and ■ Failed to establish sufficient reserves (liabilities) to pay for income taxes and other expenses.
What are the responsibilities of a company's board of directors?
► Ensure a firm's management act in the best interest of the firm's owners. ► As such, directors can be held liable by shareholders and others if they are negligent in their duties.
What was the impact of business risks on Enron's financial statements?
► Many deals including SPEs depended on a high and rising stock price because the company had guaranteed its obligations with stock. ► Nature of business required the confidence to meet its future obligations; otherwise, partners might begin to question the company's ability to meet its obligations. ► Pressure to report healthy financial results
What were the business risks Enron faced, and how did those risks increase the Likelyhood of material misstatements in Enron's financial Statements?
► Risk by energy company. Price instability and foreign currency risks. ► Enron as a broker of speculative energy futures magnified price risks. ► It offered financial hedges, exposing risk of interest rate and amplified foreign exchange risks. ► Transacted over the Internet, risk of technological failure. ► Change of business
What is an SPE?
► SPEs are separate legal entities set up to accomplish specific company objectives