“Better Governance for a Changing
Environment ”
Optimising the Relationship with your Auditor
May 2013
Moore Stephens Assurance Adelaide Pty Ltd
Jim Gouskos – Audit Partner
www.moorestephens.com.au
Serious about Success®
Disclaimer
Our comments and information contained in this presentation are generic in
nature and are not purported to represent advice that can be relied upon.
You should seek your own advice for your own circumstances.
The author or any other persons involved in the preparation or distribution of
this presentation expressly disclaim all and any contractual, tortious or other
form of liability to any person in respect of this presentation and any
consequences arising from its use by any person in reliance in whole or any
part of the contents of this presentation.
The comments contains in the presentation shall not in any way constitute a
recommendation as to whether you should invest in any product discussed
in the presentation.
Overview
• Introductions
• ACNC & NDIS – Basic Overview
• The External Audit Process
• Effective use of your external auditor
• Key areas for Fraud & Misappropriation
• Case study – Not for profit
Moore Stephens
Your concerns, our solutions
• At Moore Stephens we view an organisation from the same
outlook your stakeholders do – a business perspective.
• Whether you are grappling with the risks in a global market,
starting a new business in your local market or need assurance
that your financial information is true and fair, Moore Stephens will
service your requirements.
• We realise it is essential to understand your business and so we
closely align our approach with your key business risks and
corporate governance requirements.
• With significant expertise in the NFP sector throughout Australia,
Moore Stephens will tailor an audit solution for your organisation.
NDIS - Basics
• The NDIS will provide long term, high quality support for people who have
a permanent disability that significantly affects their communication; social
interaction; learning; mobility; self-care; self-management; and capacity
for social and economic participation. It will also include intensive early
intervention, particularly for people where there is good evidence that it
will substantially improve functioning or delay or lessen a decline in
functioning.
• The NDIS will also include a comprehensive information and referral
service to help people with a disability who need access to mainstream,
disability and community supports
• From July 2013, the NDIS will be launched across South Australia
focusing on children aged birth to 5 years with significant and permanent
disability. By 2014 the age limit will be extended to 13 years and in the
third year of launch all children up to 14 years. A total of around 5,000
children with significant and permanent disability are expected to benefit
from the first stage of the scheme.
ACNC – The basics
• Commencement date – 3 December 2012
• Initially Charities only, NFP excluded
• Registration will occur automatically for currently endorsed charities
utilising the entity’s ABN. Separate registration for each ABN.
• ACNC will regulate the Charity on a range of matters including financial
reporting, governance and in the future fundraising activities.
• Reporting requirements proportional to entity size
• Commences FY2012-2013
– (i.e. from the date the ACNC Acts commence)
• Statement due 31 December 2013
– (or six months after reporting period)
ACNC Regime
Sporting Clubs etc
Schools, Community
welfare
organisations
Churches
(including
religious
congregations)
ACNC Financial reporting requirements
Reporting and auditing (Registered Charities Only)
Tier
Threshold
Requirements
Small
Annual revenue less than
$250,000.
Annual information statement
(e.g. entity’s purpose, activities,
governance, short-form financial
information)
Medium
Annual revenue less than
$1 million and not ‘small’
Annual information statement
(more detailed)
Financial report that has been
reviewed
Large
Annual revenue of $1
million or more (includes
DGRs)
Annual information statement
(more detailed)
Audited financial report
The External Audit process - General
What is the nature and purpose of audit?
• To enhance the degree of confidence that intended users may
obtain in a financial report (i.e. greater level of confidence in their
reliability and credibility)
• The purpose is achieved by the auditor expressing an opinion on
whether:
– financial report is presented fairly
– in accordance with the applicable financial reporting framework
– compliance with relevant laws and regulations
• Users of the financial reports such as shareholders, members,
investors, government agencies and the general public, rely on the
external auditor to present an unbiased and independent audit
report on the organisations state of affairs.
The External Audit process - Objectives
ASA 200 Overall Objectives of the Independent Auditor and the
Conduct of an Audit in Accordance with Australian Auditing
Standards
• Overall objectives of the auditor:
To obtain reasonable assurance (not absolute) about whether the
financial report as a whole is free from material misstatement,
whether due to fraud or error, thereby enabling the auditor to
express an opinion on whether the financial report is prepared, in
all material respects, in accordance with an applicable financial
reporting framework; and
To report on the financial report, and communicate as required by
the Australian Auditing Standards, in accordance with the auditor’s
findings to those charged with governance.
The External Audit process – Moore
Stephens Audit Methodology
The External Audit process – Audit Report
Key Aspects of the Audit report:
• Committee members’ Responsibility:
• includes preparation of the Financial Report thereof and the provision
of internal control as determined necessary to enable the preparation
of a financial report that is free from material misstatement, whether
due to fraud or error.
• Auditor’s Responsibility
• is to express an opinion on the financial report based on our audit but
not for the purpose of expressing an opinion on the effectiveness of
the entity’s internal control..
The External Audit process – Audit
findings in a Management letter
ASA 260 Communication with Those Charged with
Governance
• In entities where governance is a collective responsibility, auditor’s
communications may be directed to a subgroup of those charged with
governance, such as an audit committee.
• Auditor would determine whether there is also a need to communicate
with the entire governing body based on:
the respective responsibilities of the subgroup and the governing body
the nature of the matter to be communicated
relevant legal or regulatory requirements, and
whether the subgroup has the authority to take action in relation to the
information communicated and can provide further information and
explanations the auditor may need.
Effective use of the External Auditor
• Regular communication with your auditor (rather than subsequent to
the reporting date) about your organisations activities during the
course of the year including financial results, major transactions not in
the ordinary course of business and complex accounting issues –
recommend communicate quarterly with the external auditor providing
a snap shot of the business
• Active involvement with the auditor during the planning process of the
external audit on an annual basis – request to have the audit plan
tabled at the audit committee for due consideration, seek to provide
input and assist with the risk identification process
• Understand the external audit process and facilitate an efficient and
effective conduct of the audit by providing the necessary information
and supporting documentation for the conduct of the audit – this will
contribute towards lower audit fees and facilitate more time to focus
on risk areas
Effective use of the External Auditor
• Promote regular visits during the year by the external auditor
during the audit program to assist with early detection of errors or
irregularities or to provide recommendations for improvements with
accounting processes and internal controls of the business
operations – recommend at least 2 visits per audit year.
• Request assistance or commentary with the design and
implementation or effectiveness of key internal controls in the
accounting processes of your business organisation on a regular
basis if your business operations and activities are subject to
change due to the environment you operate in.
• Request audit findings, commentary and recommendations to be
communicated on various aspects of the business operations
including – internal controls, regulatory aspects including ,
governance and reporting requirements in a timely manner.
Effective use of the External Auditor
• Request the external auditor to provide assistance with the
preparation of the annual statutory financial statements given their
knowledge of Accounting Standards and regulatory requirements and
the need for them to be constantly up to date with reforms and
developments
• Request the auditor to provide or notify your organisation in a timely
fashion of emerging issues in the Accounting and regulatory
environment – seek to obtain their publications
• Grant Acquittals – discuss your funding arrangements required
outcomes and acquittal requirements at the commencement of your
funding arrangements so this can be factored into the audit process.
• Ensure the auditor has considered the risk of fraud and error in your
organisation and has effectively communicated to those charged with
governance it’s findings during the audit process
The External Audit process – Fraud
• Purpose of Auditing Standard ASA 240 The Auditor's
Responsibilities Relating to Fraud in an Audit of a
Financial Report
• Fraud relevant to the auditor includes misstatements
resulting from misappropriation of assets and misstatements
resulting from fraudulent financial reporting;
• auditor’s responsibility for maintaining an attitude of
professional scepticism throughout the audit, considering the
potential for management override of controls and
recognising the fact that audit procedures that are effective
for detecting error may not be effective in detecting fraud;
The External Audit process – Fraud
• Auditor is required to:
• discuss among the engagement team members how and where
the entity’s financial report may be susceptible to material
misstatement due to fraud, including how fraud might occur;
• obtain an understanding of the entity and its environment,
including the entity’s internal control and obtain information for use
in identifying the risks of material misstatement due to fraud at the
financial report level and at the assertion level; and
• determine responses to address the assessed risks of material
misstatement due to fraud;
• obtain written representations from management relating to fraud;
• communicate to management and with those charged with
governance on matters related to fraud if discovered during audit.
Key Areas for Fraud & Misappropriation
Top Ten Fraud Risk Indicators
1)Key documents missing
2)No separation of financial duties
3)Accounting systems in disarray
4)Lack of policies that establish controls
5)Inadequate monitoring to ensure these controls work as
intended
6)Ineffective accounting, information technology or internal
auditing staff
Key Areas for Fraud & Misappropriation
Top Ten Fraud Risk Indicators (continued)
7)Documentation that is photocopies or lacking essential
information
8)Unusual employee behaviour
9)Tips or complaints about fraud and unethical behaviour
10)Lack of established code of ethical conduct
Key Areas for Fraud & Misappropriation
Common Red Flags for fraud and misappropriation
• Personal financial pressure
• Vices such as substance abuse and gambling
• Extravagant purchasing or lifestyle
• Real or imagined grievances against the organisation or
management
• Increased stress, irritable, defensive and argumentative
• No vacations / sick leave / excessive overtime
• Dominant personality
• Protective of area of administration and missing documents
and files from their area
Key Areas for Fraud & Misappropriation
Type of Fraud
Controls to mitigate
Fictitious Employees (Ghosts)
•
Procedures around employment of new
staff not completed by payroll staff
•
New starters checklist completed prior
to establishing on payroll system
•
Independent review of the payroll
reports fortnightly e.g. “ Payroll Audit
Report”
How – create employees in payroll (full
time or casual) and pay salary into
controlled bank account.
Key Areas for Fraud & Misappropriation
Type of Fraud
Controls to mitigate
Misappropriation of cash
How – theft of cash by manipulating the
cash deposits prior to receipting and
banking.
•
Duel sign off of Days Sheets &
takings
•
Bank intact all takings
•
Separation of duties – receipting and
bank reconciliation process should
be separated
•
Outsource these activities and take a
rent / commission
Key Areas for Fraud & Misappropriation
Type of Fraud
Controls to mitigate
Expense Fraud – Manipulate Master File
/ Phantom Vendor / Cheque Fraud
•
Limit access to all Master Files areas
of general ledger
How – Creditors Clerk manipulates
Master File or EFT upload file prior to up
loading into bank. Manipulated pay run
then forwarded directly to a controlled
account;
•
Regular EFT “Audit Reports”
approval checking recent changes to
Master File information and by whom
•
Ensure process has restrictions on
access to EFT upload files with aba
files posted to restricted folders
•
Independent Master File reviews
back to vendor confirmations
How – Phantom vendor and invoices
created by Creditors Clerk and paid
directly to controlled account; or
How – Pass fraudulently approved
•
cheques and bank to there own account.
•
•
Limit access to all cheque stationary
Separation of duties – Creditor Clerk
should not be a cheque signatory
Ensure no signature stamps in use
Key Areas for Fraud & Misappropriation
Type of Fraud
Controls to mitigate
Expense Fraud – Staff
Reimbursement and Petty Cash
•
Clear policy for expenditure and
enforce established budgets
How – Misappropriation of monies by
submission for reimbursement of
fraudulent and or inappropriate expense
claims.
•
Strong purchase order process in
place for approval of expenditure
requests prior to ordering
•
Establish standard reimbursement
stationary with pre-set approvals by
delegated authorities
•
Require adequate substantiation for
all expenditure up for reimbursement
•
Clear policy established for
entertainment and travel expenditure
Key Areas for Fraud & Misappropriation
Type of Fraud
Controls to mitigate
Misuse of facilities and equipment for
personal benefit
•
Clear policy re appropriate use of
facilities and equipment for staff, and
executive
•
Frequent fixed asset stocktake over
portable high value assets (i.e. IT
equipment and tools and machinery)
•
High level of scepticism for the
purchase of portable high value
assets re their intended purpose
within the organisation
How – Staff use facilities or equipment
without approval and in contravention of
legitimate and ethical purposes
Questions