Читать книгу Wiley Practitioner's Guide to GAAS 2017 - Flood Joanne M. - Страница 22

Illustration 1. Risk Factors – Fraudulent Financial Reporting

The following are examples of risk factors, reproduced with permission from AU-C Section 240 Appendix A, relating to misstatements arising from fraudulent financial reporting:

Incentives/Pressures

a. Financial stability or profitability is threatened by economic, industry, or entity operating conditions, such as (or indicated by):

● High degree of competition or market saturation, accompanied by declining margins.

● High vulnerability to rapid changes, such as changes in technology, product obsolescence, or interest rates.

● Significant declines in customer demand and increasing business failures in either the industry or overall economy.

● Operating losses making the threat of bankruptcy, foreclosure, or hostile takeover imminent.

● Recurring negative cash flows from operations or an inability to generate cash flows from operations while reporting earnings and earnings growth.

● Rapid growth or unusual profitability, especially compared to that of other companies in the same industry.

● New accounting, statutory, or regulatory requirements.

b. Excessive pressure exists for management to meet the requirements or expectations of third parties due to the following:

● Profitability or trend level expectations of investment analysts, institutional investors, significant creditors, or other external parties (particularly expectations that are unduly aggressive or unrealistic), including expectations created by management in, for example, overly optimistic press releases or annual report messages.

● Need to obtain additional debt or equity financing to stay competitive – including financing of major research and development or capital expenditures.

● Marginal ability to meet exchange listing requirements or debt repayment or other debt covenant requirements.

● Perceived or real adverse effects of reporting poor financial results on significant pending transactions, such as business combinations or contract awards.

● A need to achieve financial targets required in bond covenants.

● Pressure for management to meet the expectations of legislative or oversight bodies or to achieve political outcomes, or both.

c. Information available indicates that management's or the board of directors' personal financial situation is threatened by the entity's financial performance arising from the following:

● Significant financial interests in the entity.

● Significant portions of their compensation (for example, bonuses, stock options, and earn-out arrangements) being contingent upon achieving aggressive targets for stock price, operating results, financial position, or cash flow.10

● Personal guarantees of debts of the entity.

d. There is excessive pressure on management or operating personnel to meet financial targets set up by the board of directors or management, including sales or profitability incentive goals.

Opportunities

a. The nature of the industry or the entity's operations provide opportunities to engage in fraudulent financial reporting that can arise from the following:

● Significant related-party transactions not in the ordinary course of business or with related entities not audited or audited by another firm.

● A strong financial presence or ability to dominate a certain industry sector that allows the entity to dictate terms or conditions to suppliers or customers that may result in inappropriate or non-arm's-length transactions.

● Assets, liabilities, revenues, or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to corroborate.

● Significant, unusual, or highly complex transactions, especially those close to period end that pose difficult “substance over form” questions.

● Significant operations located or conducted across international borders in jurisdictions where differing business environments and cultures exist.

● Significant bank accounts or subsidiary or branch operations in tax-haven jurisdictions for which there appears to be no clear business justification.

b. There is ineffective monitoring of management as a result of the following:

● Domination of management by a single person or small group (in a nonowner-managed business) without compensating controls.

● Ineffective board of directors or audit committee oversight over the financial reporting process and internal control.

c. There is a complex or unstable organizational structure, as evidenced by the following:

● Difficulty in determining the organization or individuals that have controlling interest in the entity.

● Overly complex organizational structure involving unusual legal entities or managerial lines of authority.

● High turnover of senior management, counsel, or board members.

d. Internal control components are deficient as a result of the following:

● Inadequate monitoring of controls, including automated controls and controls over interim financial reporting (where external reporting is required).

● High turnover rates or employment of ineffective accounting, internal audit, or information technology staff.

● Ineffective accounting and information systems, including situations involving reportable conditions.

● Weak controls over budget preparation and development and compliance with law or regulation.

Attitudes/Rationalizations

Risk factors reflective of attitudes/rationalizations by board members, management, or employees that allow them to engage in and/or justify fraudulent financial reporting may not be susceptible to observation by the auditor. Nevertheless, the auditor who becomes aware of the existence of such information should consider it in identifying the risks of material misstatement arising from fraudulent financial reporting. For example, auditors may become aware of the following information that may indicate a risk factor:

● Ineffective communication, implementation, support, or enforcement of the entity's values or ethical standards by management or the communication of inappropriate values or ethical standards.

● Nonfinancial management's excessive participation in or preoccupation with the selection of accounting principles or the determination of significant estimates.

● Known history of violations of securities laws or other laws and regulations, or claims against the entity, its senior management, or board members alleging fraud or violations of laws and regulations.

● Excessive interest by management in maintaining or increasing the entity's stock price or earnings trend.

● A practice by management of committing analysts, creditors, and other third parties to achieve aggressive or unrealistic forecasts.

● Management failing to correct known reportable conditions on a timely basis.

● An interest by management in employing inappropriate means to minimize reported earnings for tax-motivated reasons.

● Low morale among senior management.

● The owner-manager making no distinction between personal and business transactions.

● Dispute between shareholders in a closely held entity.

● Recurring attempts by management to justify marginal or inappropriate accounting on the basis of materiality.

● Strained relationship between management and the current or predecessor auditor, as exhibited by the following:

● Frequent disputes with the current or predecessor auditor on accounting, auditing, or reporting matters.

● Unreasonable demands on the auditor, such as unreasonable time constraints regarding the completion of the audit or the issuance of the auditor's report.

● Restrictions on the auditor that inappropriately limit access to people or information or the ability to communicate effectively with the board of directors or audit committee.

● Domineering management behavior in dealing with the auditor involving attempts to influence the scope of the auditor's work or the selection or continuance of personnel assigned to or consulted on the audit engagement.

Illustration 2. Risk Factors – Misappropriation of Assets

The following are examples of risk factors, reproduced with permission from AU-C Section 240, Appendix A, relating to misstatements arising from misappropriation of assets:

Incentives/Pressures

a. Personal financial obligations may create pressure on management or employees with access to cash or other assets susceptible to theft to misappropriate those assets.

b. Adverse relationships between the entity and employees with access to cash or other assets susceptible to theft may motivate those employees to misappropriate those assets. For example, adverse relationships may be created by the following:

● Known or anticipated future employee layoffs.

● Recent or anticipated changes to employee compensation or benefit plans.

● Promotions, compensation, or other rewards inconsistent with expectations.

Opportunities

a. Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation. For example, opportunities to misappropriate assets increase when there are the following:

● Large amounts of cash on hand or processed.

● Inventory items that are small in size, of high value, or in high demand.

● Easily convertible assets, such as bearer bonds, diamonds, or computer chips.

● Fixed assets that are small in size, marketable, or lacking observable identification of ownership.

b. Inadequate internal control over assets may increase the susceptibility of misappropriation of those assets. For example, the misappropriation of assets may occur because there is the following:

● Inadequate segregation of duties or independent checks.

● Inadequate oversight of senior management expenditures, such as travel and other disbursements.

● Inadequate management oversight of employees responsible for assets; for example, inadequate supervision or monitoring of remote locations.

● Inadequate job applicant screening of employees with access to assets.

● Inadequate record keeping with respect to assets.

● Inadequate system of authorization and approval of transactions (for example, in purchasing).

● Inadequate physical safeguards over cash, investments, inventory, or fixed assets.

● Lack of complete and timely reconciliations of assets.

● Lack of timely and appropriate documentation of transactions, for example, credits for merchandise returns.

● Lack of mandatory vacations for employees performing key control functions.

● Inadequate management understanding of information technology, which enables information technology employees to perpetrate a misappropriation.

● Inadequate access controls over automated records, including controls over and review of computer systems events logs.

Attitudes/Rationalizations

Risk factors reflective of employee attitudes/rationalizations that allow them to justify misappropriation of assets are generally not susceptible to observation by the auditor. Nevertheless, the auditor who becomes aware of the existence of such information should consider it in identifying the risks of material misstatement arising from misappropriation of assets. For example, auditors may become aware of the following attitudes or behavior of employees who have access to assets susceptible to misappropriation:

● Disregard for the need for monitoring or reducing risks related to misappropriation of assets.

● Disregard for internal control over misappropriation of assets by overriding existing controls or by failing to correct known internal control deficiencies.

● Behavior indicating displeasure or dissatisfaction with the company or its treatment of the employee.

● Changes in behavior or lifestyle that may indicate assets have been misappropriated.

● The belief by some government or other officials that their level of authority justifies a certain level of compensation and personal privileges.

● Tolerance of petty theft.

Illustration 3. Worksheet to Identify Fraudulent Entries or Adjustments (Adapted from AU-C 240.49)

Inappropriate journal entries and other adjustments often have certain unique characteristics. The auditor should use the following questions to help identify characteristics of inappropriate journal entries and other adjustments:

● Is the entry made to an unrelated, unusual, or seldom-used account?

● Is the entry made by an individual who typically does not make journal entries?

● Is the entry made at closing of the period or postclosing with little or no explanation or description?

● Do entries made during the preparation of financial statements lack account numbers?

● Does the entry contain round numbers or a consistent ending number?

The auditor should use the following questions to identify journal entries and adjustments made to accounts that have the following characteristics:

● Does the account consist of transactions that are complex or unusual in nature?

● Does the account contain significant estimates and period-end adjustments?

● Has the account been prone to errors in the past?

● Has the account not been regularly reconciled on a timely basis?

● Does the account contain unreconciled differences?

● Does the account contain intercompany transactions?

● Is the account otherwise associated with an identified risk of material misstatement due to fraud?

Illustration 4. List of Circumstances That May Indicate the Possibility of Fraud (from AU-C 240 Appendix C)

Conditions may be identified during fieldwork that change or support a judgment regarding the assessment of the risks, such as the following:

● Discrepancies in the accounting records, including:

● Transactions that are not recorded in a complete or timely manner or are improperly recorded as to amount, accounting period, classification, or entity policy.

● Unsupported or unauthorized balances or transactions.

● Last-minute adjustments that significantly affect financial results.

● Evidence of employees' access to systems and records inconsistent with that necessary to perform their authorized duties.

● Tips or complaints to the auditor about alleged fraud.

● Conflicting or missing evidential matter, including:

● Missing documents.

● Documents that appear to have been altered.

● Unavailability of other than photocopies or electronically transmitted documents when documents in original form are expected to exist.

● Significant unexplained items on reconciliations.

● Unusual balance sheet changes, or changes in trends or important financial statement ratios or relationships; for example, receivables growing faster than revenues.

● Inconsistent, vague, or implausible responses from management or employees arising from inquiries procedures.

● Unusual discrepancies between the entity's records and confirmation replies.

● Large numbers of credit entries and other adjustments made to accounts receivable records.

● Unexplained or inadequately explained differences between the accounts receivable subledger and the control account, or between the customer statements and the accounts receivable subledger.

● Missing inventory or physical assets of significant magnitude.

● Unavailable or missing electronic evidence, inconsistent with the entity's record retention practices or policies.

● Fewer responses to confirmations than anticipated or a greater number of responses than anticipated.

● Inability to produce evidence of key systems development and program change testing and implementation activities for current-year system changes and deployments.

● Problematic or unusual relationships between the auditor and management, including:

● Denial of access to records, facilities, certain employees, customers, vendors, or others from whom audit evidence might be sought.

● Undue time pressures imposed by management to resolve complex or contentious issues.

● Complaints by management about the conduct of the audit or management intimidation of audit team members, particularly in connection with the auditor's critical assessment of audit evidence or in the resolution of potential disagreements with management.

● Unusual delays by the entity in providing requested information.

● Unwillingness to facilitate auditor access to key electronic files for testing through the use of computer-assisted audit techniques.

● Denial of access to key IT operations staff and facilities, including security, operations, and systems development personnel.

● An unwillingness to add or revise disclosures in the financial statements to make them more complete and transparent.

● An unwillingness to address identified deficiencies in internal control on a timely basis.

Illustration 5. Example Program for Management Override of Internal Control