Topic Auditor Responsibility (week 2)
2002, the Auditing Standards Board approved a new standard, Statement on Auditing Standard No
99: Considerations of Fraud in a Financial Statement Audit
Detection and Prevention of a Fraud Task Force was created by
AICPA's SEC Practice Section
Which of the following were explicitly reiterated in SAS No. 99 from No. 82? Maintain professional skepticism Making extensive inquiries of management whenever necessary Fraud detection has become an ongoing process, not just a piece in the planning process All of the above
All of the above
Soon after the issuance of the Treadway Commission's report, the AICPA's Auditing Standards Board (ASB) issued Statement
Auditing Standards No. 53, The Auditor's Responsibility to Detect and Report Errors and Irregularities.
SAP 30 said that auditors had to be aware of what? Also that auditors had what can of responsibility?
Be aware of the possibility that fraud may exist. Auditor held no responsibility beyond the minimum duty to design tests that would detect fraud
Which of the following now needs to be documented (but wasn't required in the past) in audit work papers, according to SAS No. 99? Brainstorming session of possible fraudulent areas Testing of journal entries Testing of internal controls All questions and answers asked of and answered by management
Brainstorming session of possible fraudulent areas
Detection and Prevention of a Fraud Task Force issued a document in 1994 entitled,
Client Acceptance and Continuance Procedures for Audit Clients -document emphasized that understanding the components of engagement risk is critical to deciding whether to accept new clients and continue old ones. And how to manage the "audit risk" that accompanies those decisions.
SAS No. 16 was the first official statement changing auditors' responsibilities so that they have some obligation to actually look for irregularities. What did it NOT require auditors to do? Plan an examination to search for (material) errors and irregularities Be aware the fraud could exist Search for fraud Detect fraud
Detect fraud
The AICPA has had one major goal in issuing auditing standards about fraud, but never really met its goal until SAS No. 99. What was that goal? Eliminate the gap between financial statement users' expectations and auditors' assurances. Eliminate the need for auditors to detect fraud and focus on evaluating internal controls and verify that all GAAP rules and regulations have been followed. Establish a formula or solution identifying potential red flags so that auditors, if doing their job properly, can't fail to detect fraud. Create consultatory standards for auditors to follow; an excellent consultant, when given the reins to improve the company, will undoubtedly uncover the well-hidden cases of fraud.
Eliminate the gap between financial statement users' expectations and auditors' assurances.
It took this even to determine that SAP 30 was inadequate? This event highlighted the expectation gap between auditors and investors
Equity Funding Case in the 1970s. lost 300m
If fraud risk is higher, the auditor should never incorporate spontaneity or any form of unpredictability in the audit. T or F
FASLE The controller of HealthSouth drew on his audit experience and knew the regular processes and procedures to know how to hide hundreds of thousands of fraudulent transactions that easily avoided auditor scrutiny.
Asking several simple questions of management at the beginning of the audit is now sufficient under SAS No. 99. T or F
False
One of the unique, yet key, provisions of SAS 99 establishes that auditors refrain from trying to think like a "fraudster" and think more analytically. T or F
False
SAS No. 99 classified that auditors ARE required to detect, at the very least, cases of forgery and collusion. T or F
False
At the beginning of the 20th century, everyone believed that the main purpose of audits was to detect fraud. However, at this time, Standards on Audit Procedures (SAPs) began to come forth, making it official that auditors really were responsible for fraud and that fraud detection was a priority second to none. T or F
False SAP No. 1 actually began to define audits as more than just fraud detection. Since then, the principal purpose of audits has never been fraud detection.
SAP 30 was viewed as responsive to user concerns? T or F
False it was unresponsive. Added no new responsibility to detect fraud .
What is one key paradigm shift reiterated by SAS No. 99? Every client needs to be viewed as a devious fraudster, always attempting to deceive. Fraud detection is an ongoing process, not just a step in planning the audit. Instead of searching for fraud, auditors are now required to only look for obvious red flags; fraudsters have become too creative to make it cost effective to search for fraud.
Fraud detection is an ongoing process, not just a step in planning the audit.
When brainstorming possible fraud risks, it is important to avoid what kind of group dynamic? Free-flowing ideas Nonhierarchical system where everyone's ideas count Groupthink
Groupthink
AICPA and the Cohen Commission (the commission on auditors' responsibilities) fought over something specific concerning the fall of Equity Funding in the 1970s. This conflict highlighted a major communication issue between auditors and financial statement users during much of the 20th century. What was this conflict about?
How much responsibility the auditor should take when endeavoring to detect (or having failed to detect) fraud
the Public Oversight Board of the AICPA SEC Practice Section (the POB) issued a Special Report entitled
In the Public Interest: Issues Confronting the Accounting Profession.
SAP No. 30 was issued to inform the public on auditors' increased responsibility regarding fraud. How did auditors' responsibility to detect fraud really change? The auditor's sole role became finding and documenting fraud during audits. Auditors now had to actively look for fraud, but not document what they had to do. Auditors now had to BOTH actively look for fraud AND document what they did to find it. It didn't change; it stayed exactly the same—auditors just need to be aware that the possibility of fraud exists.
It didn't change; it stayed exactly the same—auditors just need to be aware that the possibility of fraud exists. did stress that an auditor was obliged to "be aware of the possibility that fraud may exist," it also clarified that an auditor held no responsibility beyond the minimum duty to design tests that would detect fraud.
What did Audit Standard No. 99 do that previous standards didn't? It established black-and-white standards to evaluate whether an auditor did their job correctly, especially in their search for fraud. It established the purpose of audits to be more consultatory in nature rather than verifying GAAP rules and detecting fraud. It created a special SEC task force to aggressively investigate all high-risk public companies. It required all auditors to publish their work papers so financial statement users can evaluate for themselves whether the auditors were thorough enough.
It established black-and-white standards to evaluate whether an auditor did their job correctly, especially in their search for fraud.
How did SAP No. 1 change auditors' responsibilities regarding fraud? It recognized that defalcations occur, but auditors don't have any real responsibility regarding them. It effectively placed responsibility on the shoulders of auditors to seek out and find fraud. It stated that auditors are to actively plan for and document their processes for searching for fraud. It was about accounting practices, not auditing procedures.
It recognized that defalcations occur, but auditors don't have any real responsibility regarding them.
in 1993, the AICPA's Board of Directors issued its report
Meeting the Financial Reporting Needs of the Future: A Public Commitment from the Public Accounting Profession.
SAS No. 53, The Auditor's Responsibility to Detect and Report Errors and Irregularities, issued by the AICPA's Auditing Standards Board (ASB) modified the auditor's responsibility to "design the audit to provide reasonable assurance of detecting errors and irregularities." What was the principal goal in the release of this statement? Put financial statement users at ease by placing the responsibility to detect fraud solely on the shoulders of the auditors Narrow the expectation gap between auditor efforts and public expectations regarding fraud Inform the public that there are other sources, beyond the auditor, that are responsible for preventing "irregularities and errors" Provide specific guidance and metrics that auditors can use in their search to detect fraud
Narrow the expectation gap between auditor efforts and public expectations regarding fraud
SAS No. 53, The Auditor's Responsibility to Detect and Report Errors and Irregularities, issued by the AICPA's Auditing Standards Board (ASB) modified the auditor's responsibility to "design the audit to provide reasonable assurance of detecting errors and irregularities." What was the principal goal in the release of this statement? Put financial statement users at ease by placing the responsibility to detect fraud solely on the shoulders of the auditors Narrow the expectation gap between auditor efforts and public expectations regarding fraud Inform the public that there are other sources, beyond the auditor, that are responsible for preventing "irregularities and errors" Provide specific guidance and metrics that auditors can use in their search to detect fraud
Narrow the expectation gap between auditor efforts and public expectations regarding fraud
SOX (Sarbanes-Oxley Act) created a private-sector, non-profit organization to help auditors concerning their responsibilities to detect fraud. What is the name of this organization?
PCAOB (Public Company Accounting Oversight Board)
What level of assurance must an auditor provide regarding the absence of fraud after the issuance of SAS 53?
Reasonable assurance
SAS No. 82 offered instruction for financial statement auditors on how the 10 GAAS standards should be interpreted and followed regarding the detection of fraud. What guidance or requirement did it LEAVE OUT? Guidance as to how to plan an audit Requirement for auditors to detect all material financial statement frauds Instructions to gather sufficient, competent matter to support the audit opinion Caution in exercising due professional care
Requirement for auditors to detect all material financial statement frauds
Because of the attacks on SAP 1 the AICPA issues what sap in the 1960s?
SAP No. 30, Responsibilities and Functions of the Independent Auditor in the Examination of Financial Statements
This standard recognized that GAAS auditors cannot detect all material financial statement frauds, especially frauds involving forgery or collusion. Which SAS?
SAS 82
The POB's Special Report called for improved guidance beyond that in SAS ?
SAS NO 53
1997, the AICPA responded to various calls for improved auditing guidance relating to the detection of material misstatements due to fraudulent financial reporting by issuing
SAS No. 82, Consideration of Fraud in a Financial Statement Audit (AICPA Professional Standards).
This SAS (x) that auditors are not and need not be trained as fraud investigators but are required to have a working knowledge of fraud prevention and detection issues in order to apply this SAS (X).
SAS82
SAS 99 only establish standards and provide guidance to auditors in fulfilling that responsibility, as it relates to fraud. Does not change their responsibility to plan / perform audit to obtain reasonable assurance. T or F
T
SAS No. 53 modified the auditor's responsibility to require the auditor to design the audit to provide reasonable assurance of detecting errors and irregularities. T or F
T
Cohen commission reached a different conclusion to the conclusion the AICPA concluded to.
The AICPA committee concluded that "no substantive change in the degree of responsibility was necessary." Cohen concluded has a duty to search for fraud, and should be expected to detect those frauds that the examination would normally uncover. And provide reasonable assurance F/s are not materially fraud
Why has there been so much frustration between the general public and auditors regarding fraud detection? Auditors have been taking short cuts and trying to make as large a profit as possible and therefore haven't been performing as they should be. The public wants all cases of fraud detected, while auditors have felt they only need to be "reasonably certain" of its absence. Auditors have not been sufficiently trained in GAAP rules and regulations to identify fraud risks properly. The public has felt that searching for fraud is pointless and is costing their investments too much money; if fraudsters want to hide things, they will succeed.
The public wants all cases of fraud detected, while auditors have felt they only need to be "reasonably certain" of its absence.
While it appeared that SAS No. 16 was placing (at least in part) part of the responsibility on the shoulders of auditors to search for fraud, how did auditors take responsibility for detecting fraud? They were indifferent to detecting or searching for fraud; they are to examine financial statements and ensure their fair presentation. They willingly accepted the responsibility to detect fraud. They grudgingly accepted that the auditing profession is the public's asset for detecting fraud. They were unwilling to accept or acknowledge a substantial responsibility for detecting fraud
They were unwilling to accept or acknowledge a substantial responsibility for detecting fraud. required auditors to search for fraud, (which it called irregularities) it did not require them to detect fraud
Audit standards involving auditors' responsibility in fraud detection has been to "reasonably assure" the lack of fraud in financial statements, but didn't clearly articulate the breadth and scope of their responsibility until SAS No. 99, thus causing the "expectation gap" between the public and CPA auditors. T or F
True
Despite many attempts to close the "expectation gap" between auditors and the public, the AICPA wasn't successful in doing this until SAS No. 99. T or F
True
During the early part of the 20th century, there was universal agreement, even among auditors, that the detection of fraud was one of the primary purposes for conducting an audit of financial statements. True or False?
True
Research shows that many fictitious entries occur through the override of management controls. SAS No. 99 now requires testing these types of entries for every public company that has them. T or F
True
Since SAP 1 was issues the profession has struggled to articulate its position in detecting Fraud? T or F
True
Statement on Auditing Standards No. 99 establishes standards and provides guidance to auditors in fulfilling their responsibility as it relates to fraud in an audit of financial statements conducted in accordance with generally accepted auditing standards (GAAS). T OR F
True
The idea of "fraud" was not explicitly addressed until the 1990s. Fraud was addressed as "errors and irregularities." T or F
True
Prior to the Sarbanes-Oxley regulations and according to SAS 16, under what circumstances can auditors rely upon the truthfulness of records obtained from the client? Until there is evidence to suggest otherwise After a thorough internal control investigation After management has taken polygraph examinations Once substantial testing on the reliability of records has been conducted
Until there is evidence to suggest otherwise
SAS No. 53 was designed to narrow the expectation gap? Yes or No
Yes but it did not do it
Extensions of Auditing Procedure. SAP No. 1 described auditors responsibility as
certified public accountant is not designed to discover all defalcations, because that is not its primary objective
In the Public Interest: Issues Confronting the Accounting Profession. was issued primarily in response to
continuing signs of failing public confidence in public accountants and auditors, particularly the widespread belief that auditors have a responsibility for detecting management fraud which many viewed auditors as not meeting
Like all previous standards, SAS 82 did not require GAAS auditors to
detect all material financial statement frauds
SAS 82 was written to help reduce the
expectation gap" that exists between financial statement auditors and users of financial statements.
Meeting the Financial Reporting Needs of the Future: A Public Commitment from the Public Accounting Profession expressed what?
expressed its determination to keep the U.S. financial reporting system the best in the world, supporting the recommendations and initiatives of others to assist auditors in the detection of material misstatements in financial statements resulting from fraud, encouraged every participant in the financial reporting process - management, their advisors, regulators, and independent auditors - to share in this responsibility.
What are the key provisions addressed in SAS 82
first-ever auditing standard that solely addressed fraud. Previous standards addressed "errors" and "irregularities," but not fraud. SAS 82 was the first GAAS auditing standard to use the term fraud. clear that the auditor's responsibilities with respect to fraud extend throughout the entire audit and does not end when the planning phase is finished. GAAS auditors to document how they assessed the risk of fraud in their audits. Previous fraud standards did not require specific documentation required GAAS auditors to document how they responded to the risks of fraud they discovered when conducting their audits. Previous standards hardly mentioned emphasized the need for "professional skepticism" in dealing with clients. specific guidance to auditors about the kind of risks they must consider GAAS auditors to ask management specifically about the risks of fraud, what they perceive to be the company's greatest fraud exposures, and whether they have knowledge that fraud that has been perpetrated on or within the company.
National Commission on Fraudulent Financial Reporting (Treadway Commission) issued a landmark report
helped refocus the business community on the problem of fraudulent financial reporting. Considered an update to the Cohen Commission report
In the 1930s their was a visible change on auditor responsibility. Which culminated the issuance of what?
issuance of Statement on Auditing Procedure (SAP) No. 1, Extensions of Auditing Procedure. SAP No. 1 contained the following statement:
Based on the POB's belief that the integrity and reliability of audited financial statements are critical to the U.S. economy, the POB's Special Report contained
specific recommendations for improving and strengthening the accounting profession's performance by enhancing its capacity and willingness to detect fraud and improve the financial reporting process.
The ASB issued SAS No. 53 to
strengthen the auditor's responsibility relating to the detection of instances of material fraudulent financial reporting.
SAS No. 16, The Independent Auditor's Responsibility for the Detection of Errors or Irregularities, was issued, stating
that auditors have some obligation to search for fraud in the normal course of a GAAS audit . Required to search for fraud but not detect Fraud.
SAS No. 53 required the auditor to provide reasonable assurance that material irregularities would be detected, which extended the auditor's responsibility beyond (what SAP previously )
what was required by SAS No. 16.