Chapter 4
Management Fraud and Audit Risk
ACCT-4080
Chapter 3
1
1. Errors, Fraud, and Noncompliance


Definitions
Errors - unintentional
Fraud (irregularities) - intentional
Noncompliance with laws and regulations (Illegal acts)violations of the law
Auditor’s responsibilities

ACCT-4080
History
Errors & Fraud: SAS 1, SAS 16, SAS 53,
SAS 82, SAS 99
Illegal Acts:
SAS 54
Chapter 3
2
1. Errors, Fraud, and
Noncompliance (continued)

Errors and Fraud (AU-C 240)


design and conduct the audit to provide reasonable assurance that
material errors and fraud will be discovered, and report the
findings to appropriate parties
Noncompliance with laws and regulations (Illegal Acts) (AU-C
250)


direct effect noncompliance — same
indirect effect noncompliance —



have general level of awareness and act on those discovered
make inquiries
carry out some procedures to identify noncompliance
Questions
ACCT-4080
Chapter 3
3
1. Errors, Fraud, and
Noncompliance (continued)
Steps involved in Considering the Risk of Fraud
•
Staff discussion
•
Obtain information needed to identify risks
•
Identify risks
•
Assess identified risks
•
Respond to results of assessment
•
Evaluate audit evidence
•
Communicate about fraud
•
Document consideration of fraud
Chapter 6
4
2. Fraud
Causes of Misstatements
Causes
Errors
Fraud
Misappropriation
of Assets
ACCT-4080
Chapter 3
Fraudulent
Financial
Reporting
5
2. Fraud (continued)
EXHIBIT 3.1
ACCT-4080
Chapter 3
6
2. Fraud (continued)

Fraudulent financial reporting (cooking the
books) (management fraud)



falsification of financial statements
falsification or omissions of transactions
Misappropriation of assets (employee
fraud)


ACCT-4080
larceny
embezzlement
Chapter 3
7
2. Fraud (continued)

Overview of Fraud (outline)






ACCT-4080
costs
discovery
victims
perpetrators
common characteristics
types
Chapter 3
8
The Fraud Triangle
PRESSURE
PERCEIVED
OPPORTUNITY
ISU WU
RATIONALIZATION
Summer 2009
9
2. Fraud (continued)






Prevalence of fraud
Current frauds
Reasons to study fraud
Fraud related job opportunities
ACFE
CFE
ACCT-4080
Chapter 3
10
3. Audit Risk
ACCT-4080
Chapter 3
11
3. Audit Risk




AU-C 320 – Audit Risk
General business risks
Engagement risk
Audit Risk Model




AR = RMM x DR
AR = IR x CR x DR
AR = IR x CR x TD x AP
Audit Risk definition



ACCT-4080
the risk that the auditor may unknowingly fail to appropriately modify his or her
opinion on financial statements that are materially misstated
the danger that the auditor will fail to detect material misstatements in the financial
statements
at financial statement level; at account balance level
Chapter 3
12
3. Audit Risk (continued)

Risk of Material Misstatement



Inherent Risk



product of inherent risk and control risk
consider at entity level and account/assertion level
the susceptibility of an account balance to error assuming there are no
controls
based on auditor’s judgment considering understanding of entity, nature of
account (routine, systematic processing, complexity, etc), and fraud
considerations
Control Risk


ACCT-4080
the risk that the ICS will not prevent or detect a material error on a timely
basis
based on tests of control’s effectiveness
Chapter 3
13
3. Audit Risk (continued)

Detection Risk



the risk that the auditor’s procedures will not detect a
material error
the product of Tests of Details Risk (TD) and Substantive
Analytical Procedures Risk (AP)
Tests of Details Risk


Substantive Analytical Procedures Risk

ACCT-4080
the risk that tests of details will not detect a material error
the risk that analytical procedures (or other procedures that do
not utilize sampling) will not detect a material error
Chapter 3
14
3. Audit Risk (continued)



Risks defined in negative
Auditor’s control over risks
Relationship between


ACCT-4080
RMM and DR
DR and amount of substantive testing
Chapter 3
15
3. Audit Risk (continued)


Subjectively considering Audit Risk
Quantifying Audit Risk



not required
DR = AR / IR x CR
TD = AR / IR x CR x AP
Questions
ACCT-4080
Chapter 3
16
3. Audit Risk (continued)

General guidelines

Inherent Risk




Control Risk





ACCT-4080
High
> 60%
Moderate 40% - 60%
Low
< 40%
Maximum
High
Moderate
Low
Very Low
= 100%
> 70%
40% - 70%
< 40%
< 10%
Chapter 3
17
3. Audit Risk (continued)

Analytical Procedures Risk




ACCT-4080
High
> 50%
Moderate 20% - 50%
Low
10% - 20%
Very Low < 10%
Chapter 3
18
4. Analytical Procedures


Definition
Uses in an audit




planning stage
as a substantive test (SAP)
final review stage
Required use
ACCT-4080
Chapter 3
19
4. Analytical Procedures
(Continued)

In planning stage




ACCT-4080
enhances auditor’s understanding
identifies risk areas
uses highly aggregated data
generally financial data
Chapter 3
20
4. Analytical Procedures
(Continued)
Steps

1.
2.
3.
4.
5.
ACCT-4080
develop an expectation
define a significant difference
calculate predictions and compare with
recorded amount
investigate significant differences
document each step
Chapter 3
21
4. Analytical Procedures
(Continued)

Substantive analytical procedures




ACCT-4080
based on level of DR
based on auditor judgment
balance sheet data vs. income statement
data
often uses non-financial data
Chapter 3
22
4. Analytical Procedures
(Continued)

In final evaluation stage



uses aggregated data
usually financial data
review same data used in planning stage
Questions
ACCT-4080
Chapter 3
23
5. Review Questions for Discussion

Chapter 4
4.6
4.7
4.8
4.9
4.12
ACCT-4080
4.14
4.17
Chapter 3
24