Professional Documents
Culture Documents
Chap 003
Chap 003
My actions are inexcusable…. I'm sorry for the hurt that has been caused
by my cowardly behavior.
-- Scott Sullivan, former WorldCom CFO, at his sentencing.
"It takes 20 years to build a reputation and five minutes to ruin it. If you
think about that, you'll do things differently."
- - Warren Buffet, billionaire investor
McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
3-2
Exhibit 3.1
Management Fraud Overview
3-3
Financial Statements:
Errors, Frauds and Illegal Acts
• Errors are unintentional misstatements or omissions of amounts or
disclosures in financial statements.
• Management Fraud is intentional misstatements or omissions of
amounts or disclosures in financial statements.
• Direct-effect illegal acts are violations of laws or government
regulations by the company or its management or employees that
produce direct and material effects on dollar amounts in financial
statements.
– "Illegal acts" (far-removed) are violations of laws and regulations that are
far removed from financial statement effects (for example, violations
relating to insider securities trading, occupational health and safety, food
and drug administration, environmental protection, and equal employment
opportunity).
3-4
Overview of Auditors’ and Other
Professionals’ Responsibilities
• External Auditors (CPAs)
– SAS 99: Consideration of Fraud in a Financial Statement Audit
• Design audit to provide reasonable assurance of detecting fraud that could have a
material effect on the financial statements.
• Perform fraud-related procedures
– SAS 54: Illegal Acts
• Focused primarily is on direct-effect illegal acts
– SAS 114: “The Auditor’s Communication with Those Charged with Governance”
• Other Professional’s Responsibilities (Discussed later in Module D)
– Internal Auditors (CIAs)
• Internal auditors support management's efforts to establish a culture that embraces ethics,
honesty, and integrity. They assist management with the evaluation of internal controls
used to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and
are involved in any fraud investigations.
– Governmental Auditors
• Focus on laws and regulations (compliance), design audit to detect abuse and illegal acts,
report to the appropriate authority
– Certified Fraud Examiners (CFEs)
• Assignments begin with predication (probable cause)
Exhibit 3.2 3-5
Considering the Risk of Fraud (SAS 99)
Step 1: Audit team discussion
(“brainstorming”)
• Type of risk
• Significance of risk
• Likelihood of risk
• Pervasiveness of risk
• Assess controls and programs
3-13
Illegal Acts
• Unauthorized transactions.
• Government investigations.
• Regulatory reports of violations.
• Payments to consultants, affiliates, or employees
for unspecified services.
• Excessive sales commissions and agents’ fees.
• Unusually large cash payments.
• Unexplained payments to government officials.
• Failure to file tax returns or to pay duties and fees.
Exhibit 3.4 3-21
Auditor Responsibility for Detecting
Errors, Frauds, and Illegal Acts
Responsible for Must Communicate Findings?
Detection?
Accounting
Events, Financial
Information
Statements
Transactions System Substantive
Procedures
INHERENT RISK
The likelihood that, CONTROL RISK
in the absence of The likelihood that an error DETECTION RISK AUDIT RISK
internal controls, or fraud will not get caught by the The likelihood that The likelihood that
an error or fraud client’s internal controls. an error or fraud an error or fraud will occur,
will enter the accounting will not be caught and not get caught
information system by the auditor’s by either the internal controls
procedures. or auditor’s procedures.
Risk of Material Misstatement (RMM)
3-24
ARM Concepts
Inherent Risk
• Competition
• Economy
• Nature of Industry
• Management Style
• Leverage
3-27
Inherent Risk:
General Categories of Errors and Frauds
• Invalid transactions are recorded.
• Valid transactions are omitted from the accounts.
• Unauthorized transactions are executed and
recorded.
• Transaction amounts are inaccurate.
• Transactions are classified in the wrong accounts.
• Transaction accounting and posting is incorrect.
• Transactions are recorded in the wrong period.
3-28
Inherent Risk:
General Categories of Errors and Frauds
Error Examples Fraud Examples
Invalid transactions are recorded A computer malfunction causes a sales transaction to Fictitious sales are recorded and charged to
be recorded twice nonexistent customers
Valid transactions are omitted from the Shipments to customers are never recorded because Shipments are made to an employee’s friend
accounts of problems in the company’s information processing and purposely never recorded
system
Unauthorized transactions are executed A customer’s order is not approved for credit yet the Unauthorized purchases are made and
and recorded goods are shipped, billed, and charged to the shipped to an employee’s house
customer without requiring payment in advance
Transaction amounts are inaccurate An employee calculates depreciation incorrectly A company “short ships” a shipment to a
customer and bills the customer for the full
amount ordered
Transactions are classified in the wrong Sales to a subsidiary company are recorded as sales A loan to the company’s CEO (not permitted
accounts to outsiders instead of intercompany sales or the under Sarbanes-Oxley) is classified as an
amount is charged to the wrong customer account account receivable to conceal the transaction
receivable record
Transaction accounting and posting are Sales are posted in total to the accounts receivable Capital leases are accounted for as operating
incorrect control account, but some are not posted to individual leases in order to keep related liabilities off
customer account records the balance sheet
Transactions are recorded in the wrong The company fails to record a shipment that was sent Shipments made in January (of the next
period by a supplier FOB shipping point in December, but fiscal year) are backdated and recorded as
the shipment was not received (or recorded) until sales in December
January
3-29
Control Risk
Detection Risk
Control Risk
More Examples
AR IR CR DR?
Materiality
• Materiality refers to an amount (or transaction) that
would influence the decisions of users (i.e., an amount
(or event) that would make a difference). The emphasis
is on user, rather than management or the audit team.
• Materiality Criteria:
Quantitative Criteria: Qualitative Criteria
– Absolute size – Nature of the item or issue
– Relative size – Circumstances
– Cumulative effects – Uncertainty
Vouching/Tracing
Q: Did all Summary Listing
recorded sales [Sales Journal]
actually occur?
Tracing
Vouching
(Completeness)
(Existence or Occurrence)
Audit Programs