Fraud Considerations Summary of Observations And Identified Fraud Risks
advertisement
Summary of Observations And Identified Fraud Risks Fraud Considerations Entity Subsidiary or Division Financial Statement Date Prepared Approved Partner Document below the risks of material misstatement due to fraud. We expect one or more fraud risks will be identified for most engagements. Identified Fraud Risks Improper revenue recognition* * Risks associated with improper revenue should be tailored to the specific engagement (e.g. side agreements, channel stuffing, incentive to accelerate revenue recognition, past history of improper sales cut-off). Document below the key observations from the various sources of information in other parts of this form that support the identified fraud risks listed above. Observations from Part 1 – Considering the Components of Internal Control at the Entity Level Observations from Part 2.1 – Engagement Team Discussion AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Summary of Observations And Identified Fraud Risks Observations from Parts 2.2 and 2.3 – Fraud Risk Factors Observations from Part 2.4 – Planning Analytics Observations from Part 2.5 – Inquiries Observations from Part 2.6 – Other Information AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Summary of Identified Fraud Risks and Planned Responses Audit Responses to Identified Fraud Risks For each of the fraud risks identified, provide a brief description of our planned audit response. Our planned audit response can be (1) a response that has an overall effect on how the audit is conducted (e.g., assigning additional persons with specialized skills or knowledge to the engagement, performing procedures at locations on an unannounced basis) and/or (2) a specific response involving the nature, timing, or extent of our auditing procedures (i.e., tests of the operating effectiveness of programs and controls and/or substantive procedures). Because management may have the ability to override controls that otherwise appear to be operating effectively, it is unlikely that audit risk can be reduced to an appropriately low level by performing only tests of controls. Risk: Audit Response: Risk: Audit Response: Risk: Audit Response: Risk: Audit Response: Risk: Audit Response: AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Summary of Identified Fraud Risks and Planned Responses Document below our observations about the entity’s programs and controls that address or mitigate the identified risks of material misstatement due to fraud. We are required to evaluate whether such programs and controls are suitably designed and have been placed in operation. In addition, an identified risk of fraud can never be completely mitigated by programs and controls. Accordingly, we always will perform some substantive procedures to respond to the particular fraud risk, in addition to any tests of the programs and controls. Procedures to Address the Risk of Management Override 1) Review significant nonstandard journal entries through the whole year/period to identify unusual or significant (over 10% percent of TE) items that might not have been identified through other audit procedures. Consider scanning the general ledger, general journal, or other journals to identify significant postings from unusual sources. Inquire of appropriate client personnel and examine supporting documentation to determine that entries or postings identified (other than those covered by other audit procedures) were properly authorized and accounted for. Note: These procedures should be performed by at least a senior or, depending on the nature and complexity of the financial statement close process, a manager. The involvement of a TSRS professional with appropriate experience (e.g., senior or above) also may be required for clients with highly automated or complex systems. 2) Review significant accounting estimates for evidence of management biases, including a retrospective review of significant estimates recorded in the prior year. 3) Evaluate the business rationale for significant unusual transactions AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud Description and Characteristics of Fraud Two types of misstatements are relevant to our consideration of fraud: 1) misstatements arising from fraudulent financial reporting; and 2) misstatements arising from misappropriation of assets (for which the effect of the misappropriation causes the financial statements not to be presented, in all material respects, in conformity with generally accepted accounting principles). As we gather information to identify risks of material misstatement due to fraud, we consider both types of misstatements. Three conditions generally are present when fraud occurs: (1) management or other employees have an incentive or are under pressure that provides a reason to commit fraud; (2) circumstances exist —for example, the absence of controls, ineffective controls or the ability of management to override controls— that provide an opportunity for a fraud to be perpetrated; and (3) those involved are able to rationalize a fraudulent act as being consistent with their personal code of ethics. Some individuals possess an attitude, character, or set of ethical values that allow them to knowingly and intentionally commit a dishonest act. However, even otherwise honest individuals can commit fraud in an environment that imposes sufficient pressure on them. The greater the incentive or pressure, the more likely an individual will be able to rationalize the acceptability of committing fraud. Although the risk of material misstatement due to fraud may be greatest when all three fraud conditions are observed or evident, we cannot assume that the inability to observe one or two of these conditions means there is no risk of material misstatement due to fraud. Certain assertions, accounts, and classes of transactions that have high inherent risk because they involve a high degree of management judgment and subjectivity also may present risks of material misstatement due to fraud because they are susceptible to manipulation by management. For example, liabilities resulting from a restructuring may be deemed to have higher inherent risk because of the high degree of subjectivity and management judgment involved in their estimation. Similarly, revenues for software companies may be deemed to have higher inherent risk because of the subjectivity and complexities often involved in recognizing and measuring software revenue transactions. We expect that one or more risks of material misstatement due to fraud will be identified for most engagements. In particular, there is a presumption that we ordinarily will identify one or more fraud risks relating to revenue recognition. Although the fraud risk factors below cover a broad range of situations, they are only examples and, accordingly, we may wish to consider additional or different risk factors. Also, the examples of fraud risk factors are not presented in an order that might reflect their relative importance or frequency of occurrence. In addition, risk factors known to the engagement team but not included in Parts 2.2 and 2.3 should be added to the applicable sections. The relative importance of the risk factors varies among engagements from critical to insignificant. Accordingly, we exercise considerable professional judgment when considering the risk factors individually and in combination. AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 1 Engagement Team Discussion(s) In planning the audit, members of the audit team discuss the potential for material misstatement due to fraud. The objectives of this discussion are (1) to increase the overall awareness of and sensitivity to fraud by all members of the team, (2) to have an interactive exchange of ideas and sharing of information about how and where the entity’s financial statements might be susceptible to material misstatement due to fraud, and (3) for the executive in charge of the audit to emphasize the importance of maintaining the proper state of mind and level of professional skepticism throughout the audit. Refer to Procedure 4.3 of the Global Audit Methodology for additional guidance on the engagement team discussion(s) regarding participants and types of information that may be helpful to the discussion(s). Although our consideration of fraud risk is an ongoing process during the audit, at least one such engagement team discussion takes place as part of the team planning event. Document below or in a separate memorandum the engagement team discussion(s) about the susceptibility of the client’s financial statements to material misstatement due to fraud. The documentation includes how and when the discussion(s) occurred, and the team members who participated. Observations from the engagement team discussion that should be considered in identifying and assessing the risks of fraud are documented in the Summary of Observations and Identified Fraud Risks. AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud Fraud Risk Factors Associated With Fraudulent Financial Reporting and Misappropriation of Assets Identifying one or more fraud risk factors does not necessarily mean that internal control at the entity level is ineffective. However, the presence of numerous fraud risk factors should heighten our awareness, and we would give them due consideration in making our assessment of internal control at the entity level. In this regard, we pay particular attention to risk factors relating to attitudes of management or the board of directors, or opportunities resulting from inappropriate attention to, or a disregard for, internal control. 2 Risk Factors Relating to Fraudulent Financial Reporting Incentives/Pressures a. Financial stability or profitability is threatened by economic, industry, or entity operating conditions, such as (or as indicated by): b. - High degree of competition or market saturation, accompanied by declining margins. - High vulnerability to rapid changes, such as changes in technology, product obsolescence, or interest rates. - Significant declines in customer demand and increasing business failures in either the industry or overall economy. - Operating losses making the threat of bankruptcy, foreclosure, or hostile takeover imminent. - Recurring negative cash flows from operations or an inability to generate cash flows from operations while reporting earnings and earnings growth. - Rapid growth or unusual profitability, especially compared to that of other companies in the same industry. - New accounting, statutory, or regulatory requirements. Excessive pressure exists for management to meet the requirements or expectations of third parties due to: - Profitability or trend level expectations of investment analysts, institutional investors, significant creditors, or other external parties (particularly expectations that are unduly aggressive or unrealistic) including expectations created by management in, for example, overly optimistic press releases or annual report messages. - Need to obtain additional debt or equity financing to stay competitive—including financing of major research and development or capital expenditures. - Marginal ability to meet debt repayment or other debt covenant requirements. - Perceived adverse effects of reporting poor financial results on significant pending transactions, such as business combinations or contract awards. AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 2 Risk Factors Relating to Fraudulent Financial Reporting (Continued) Incentives/Pressures (Continued) c. Management or the board of directors’ personal net worth is threatened by the entity’s financial performance due to: d. - Significant personal finanical interests in the entity. - Significant portions of their compensation (e.g., bonuses, stock options) being contingent upon achieving aggressive targets for stock price, operating results, financial position, or cash flow. - Personal guarantees of debts of the entity. Excessive pressure on management or operating personnel (including those at subsidiaries or remote locations with separate systems or records) to meet financial targets set up by the board of directors or management, including sales or profitability incentive goals. Indicate any of the above or other risk factors to be considered relating to incentives/pressures associated with misstatements arising from fraudulent financial reporting: Opportunities a. The nature of the industry or the entity’s operations provides opportunities to engage in fraudulent financial reporting due to: - Significant related party transactions not in the ordinary course of business or with related entities not audited or audited by another firm. - A strong financial presence or ability to dominate a certain industry sector that allows the entity to dictate terms or conditions to suppliers or customers that may result in inappropriate or non-arm’s length transactions. - Assets, liabilities, revenues, or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to corroborate. - Significant, unusual, or highly complex transactions, especially those close to year end that pose difficult “substance over form” questions. - Significant use of derivatives and complex hedging activities. - Significant operations located or conducted across international borders in jurisdictions where differing business environments and cultures exist. - Significant bank accounts or subsidiary or branch operations in tax-haven jurisdictions for which there appears to be no clear business justification. AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 2 Risk Factors Relating to Fraudulent Financial Reporting (Continued) - The degree of decentralization and oversight of remote locations. AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 2 Risk Factors Relating to Fraudulent Financial Reporting (Continued) Opportunities (Continued) b. There is ineffective monitoring of management due to: c. d. - Domination of management by a single person or small group (in a non-owner managed business) without compensating controls. - Ineffective board of directors or audit committee oversight over the financial reporting process and internal control. - Lack of management personnel with sufficient knowledge and competence to recognize when other members of management may attempt to commit fraud. There is a complex or unstable organizational structure as evidenced by: - Difficulty in determining the organization or individuals that have a controlling interest in the entity. - Overly complex organizational structure involving unusual legal entities or managerial lines of authority. - High turnover of senior management, counsel, or board members. Internal control components are deficient due to: - Inadequate monitoring of controls, including automated controls and controls over interim financial reporting (where external reporting is required). - High turnover rates or employment of ineffective accounting, internal audit, or information technology staff. - Ineffective accounting and information systems - Reportable conditions Indicate any of the above or other risk factors to be considered relating to opportunities associated with misstatements arising from fraudulent financial reporting: Attitudes Risk factors reflective of attitudes by board members, management, or employees that allow them to engage in and/or justify fraudulent financial reporting may not be susceptible to observation. Nevertheless, if we become AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 2 Risk Factors Relating to Fraudulent Financial Reporting (Continued) aware of the existence of such information, we should consider it in identifying the risks of material misstatement arising from fraudulent financial reporting. a. Ineffective communication and support of the entity’s values or ethical standards by management or the communication of inappropriate values or ethical standards. b. Nonfinancial management’s excessive participation in, or preoccupation with, the selection of accounting principles or the determination of significant estimates. c. Known history of violations of securities laws or other laws and regulations, or claims against the entity, its senior management, or board members alleging fraud or violations of laws and regulations. d. Excessive interest by management in maintaining or increasing the entity’s stock price or earnings trend. e. A practice by management of committing to analysts, creditors, and other third parties to achieve aggressive or unrealistic forecasts. f. Management failing to correct known reportable conditions on a timely basis. g. An interest by management in employing inappropriate means to minimize reported earnings for taxmotivated reasons. h. Recurring attempts by management to justify marginal or inappropriate accounting on the basis of materiality. i. The relationship between management and us or management and the predecessor auditor is strained as exhibited by: - Frequent disputes with us or the predecessor auditor on accounting, auditing, or reporting matters. - Unreasonable demands such as excessive fee pressure, or unreasonable time constraints regarding the completion of the audit or the issuance of the auditor’s report. - Formal or informal restrictions that inappropriately limit access to people or information or the ability to communicate effectively with the board of directors or audit committee. - Domineering management behavior, especially involving attempts to influence the scope of our work or the selection or continuance of audit personnel assigned to the engagement. Indicate any of the above or other risk factors to be considered relating to attitudes associated with misstatements arising from fraudulent financial reporting: AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 3 Risk Factors Relating to Misappropriation of Assets Risk factors that relate to misstatements arising from misappropriation of assets are also classified along the three conditions generally present when fraud exists: 1) incentives/pressures, 2) opportunities, and 3) attitudes. Many of these risk factors relate to a disregard for, or inappropriate attention to, safeguarding of assets or controls over assets that are susceptible to misappropriation. Some of the risk factors related to misstatements arising from fraudulent financial reporting also may be present when misstatements arising from misappropriation of assets occur. For example, ineffective monitoring of management and weaknesses in internal control may be present when a misstatement due to either fraudulent financial reporting or misappropriation of assets exists. Incentives/Pressures a. Personal financial obligations may create pressure on management or employees with access to cash or other assets susceptible to theft to misappropriate those assets. b. Strained, difficult or adverse relationships between the entity and employees with access to cash or other assets susceptible to theft may motivate those employees to misappropriate those assets. Such relationships may be created by: - Known or anticipated future employee layoffs. - Recent or anticipated changes to employee compensation or benefit plans. - Promotions, compensation, or other rewards inconsistent with expectations. Indicate any of the above or other risk factors to be considered relating to incentives/pressures associated with misstatements arising from misappropriation of assets: AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 3 Risk Factors Relating to Misappropriation of Assets (Continued) Opportunities a. Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation. For example, opportunities to misappropriate assets increase when there are: b. - Large amounts of cash on hand or processed. - Inventory items that are small in size, of high value, or in high demand. - Easily convertible assets, such as bearer bonds, diamonds, or computer chips. - Fixed assets that are small in size, marketable, or lacking observable identification of ownership. Inadequate internal control over assets may increase the susceptibility of misappropriation of those assets. For example, misappropriation of assets may occur because there is a(n): - Inadequate segregation of duties or independent checks. - Inadequate management oversight of employees responsible for assets -- for example, inadequate supervision or monitoring of remote locations. Inadequate job applicant screening of employees with access to assets. - Inadequate recordkeeping with respect to assets. - Inadequate system of authorization and approval of transactions (for example, in purchasing). - Inadequate physical safeguards over cash, investments, inventory, or fixed assets. - Lack of complete and timely reconciliations of accounts. - Lack of timely and appropriate documentation of transactions, for example, credits for merchandise returns. - Lack of mandatory vacations for employees performing key control functions. - Inadequate management understanding of information technology, which enables information technology employees to perpetrate a misappropriation. - Inadequate access controls over automated records, including controls over and review of computer systems event logs. Indicate any of the above or other risk factors to be considered relating to opportunities assiciated with misstatements arising from misappropriation of assets: AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 3 Risk Factors Relating to Misappropriation of Assets (Continued) Attitudes Risk factors reflective of employee attitudes that enable them to justify misappropriations of assets are generally not susceptible to observation. Nevertheless, if we become aware of the existence of such information, we should consider it in identifying the risks of material misstatement arising from misappropriation of assets. a. Disregard for the need for monitoring or reducing risks related to misappropriations of assets. b. Disregard for internal control over misappropriation of assets by overriding existing controls or by failing to correct known internal control deficiencies. c. Behavior indicating displeasure or dissatisfaction with the company or its treatment of the employee. d. Changes in behavior or lifestyle that may indicate assets have been misappropriated. Indicate any of the above or other risk factors to be considered relating to attitudes associated with misstatements arising from misappropriation of assets: AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 4 Results of Analytical Procedures Performed During Planning Analytical procedures performed during planning may be helpful in identifying the risks of material misstatement due to fraud. However, because such analytical procedures generally use data aggregated at a high level, the results of those procedures only provide a broad initial indication about whether a material misstatement of the financial statements may exist. Accordingly, the results of these procedures are considered along with the other sources of information in Part 2. In planning the audit, we perform analytical procedures relating to revenue with the objective of identifying unusual or unexpected relationships involving revenue accounts or significant transactions that may be indicative of a material misstatement due to fraudulent financial reporting. Document below any unusual or unexpected observations from the results of our analytical procedures performed in planning the audit, particularly those related to revenue and related accounts. We also should document observations about financial statement amounts or key financial ratios that have not changed when such changes are expected based on our knowledge of the client’s business and industry. AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 5 Inquiries of Senior Management, the Audit Committee and Internal Audit We make inquiries of senior management about their views regarding the risks of material misstatement due to fraud, whether they are aware of any fraud or alleged fraud, and the programs and controls the entity has put in place to prevent, deter, and detect fraud. We also make certain inquiries, when applicable, of the audit committee and internal audit. When responses to inquiries are inconsistent, we obtain additional information to resolve the inconsistencies. A senior manager, principal, or partner makes inquiries of senior management (e.g., the CEO, COO, and CFO) and the audit committee on all public entities. For non-public entities, a manager or above makes such inquiries of senior management and the audit committee. A manager or above makes such inquiries of internal audit for public and non-public entities. We also consider information obtained from inquiries of others (e.g. legal counsel, sales director, operating or divisional management, lowerlevel financial or operating employees) throughout the course of the audit. Senior Management Document below the results of our fraud inquiries of senior management as well as the basis for their responses (e.g., what processes they employ to provide them with reasonable assurance that their risk assessments are appropriate). Indicate the name(s) and level(s) of the members of senior management with whom the discussions were held. Discussed with: Name(s): Title(s): Date: We inquire about: Whether senior management has knowledge of any fraud that has been perpetrated or any alleged or suspected fraud. AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 5 Inquiries of Senior Management, the Audit Committee and Internal Audit (Continued) Whether senior management is aware of allegations of fraudulent financial reporting, for example, because of “whistleblower” or other communications from employees, former employees, analysts, short sellers, or other investors. Senior management's understanding about the risks of fraud in the entity, including any specific fraud risks the entity has identified or account balances or classes of transactions for which a risk of fraud may be likely to exist. Programs and controls the entity has established to mitigate specific fraud risks the entity has identified, or that otherwise help to prevent, deter, and detect fraud, and how senior management monitors those programs and controls. For an entity with multiple locations, (a) the nature and extent of monitoring of operating locations or business segments, and (b) whether there are particular operating locations or business segments for which a risk of fraud may be more likely to exist. Whether and how senior management communicates to employees its views on business practices and ethical behavior. AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 5 Inquiries of Senior Management, the Audit Committee and Internal Audit (Continued) Whether senior management has reported to the audit committee or others with equivalent authority and responsibility on the entity’s internal control, and whether management believes internal control (including the entity’s control environment, risk assessment processes, control activities, information and communication systems, and monitoring activities) serves to prevent, deter, or detect material misstatements due to fraud. Audit Committee or Equivalent Audit committees or those charged with governance play an important role in the oversight of the entity’s assessment of the risks that can have a material effect on the financial statements, and some audit committees are assuming a more active role in the oversight of management’s assessment of the risks of fraud and the programs and controls the entity has established to mitigate those risks. We obtain an understanding of how the audit committee exercises oversight activities in that area, and we directly inquire of the audit committee (or at least its chairman) regarding the committee’s views about the risks of fraud and whether the members have knowledge of any fraud or suspected fraud. For listed companies, we inquire about matters raised from the audit committee procedures for the receipt, retention, and treatment of complaints (including ‘whistleblowers’) regarding accounting, internal accounting controls or auditing matters, including procedures for the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters. Internal Audit If the client does not have an internal audit function, consider whether its absence constitutes a fraud risk factor or affects our assessment of internal control at the entity level. For entities that have an internal audit function, we inquire of appropriate internal audit personnel about (1) their views of the risks of fraud, (2) whether they have performed any procedures to identify or detect fraud during the year, (3) whether management has satisfactorily responded to any findings resulting from these procedures, and (4) whether the internal auditors have knowledge of any fraud or suspected fraud. AF-04 (2004) Drs Joseph Susilo Registered Public Accountants Identifying Potential Risks Of Material Misstatement Due To Fraud 6 Other Information Other information that may be helpful in identifying the risks of material misstatement due to fraud might include: a. Information from the results of our procedures relating to the acceptance and continuance of clients and engagements; b. Reviews of interim financial statements; c. Our consideration of inherent risk at the individual account balance or class of transaction level; d. Prior year Summary Review Memorandum and Summary of Audit Differences; and e. Analyst reports. Document below our observations from the consideration of other information. AF-04 (2004) Drs Joseph Susilo Registered Public Accountants
