Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Ethics

a. Assessing management integrity should be considered before

advertisement 
4-20 a. Assessing management integrity should be considered before accepting the audit
engagement. Some considerations are:

check references from other professionals

does the client deal ethically with outside parties
b.
If during the assessment of management it is suspected that integrity is lacking the
auditor would not put much reliance on management’s assertions but would increase the amount
of evidence and collect more from external sources.
c.
The normal responsibility is to carry out the audit with professional skepticism. It is not
the auditor’s job to find criminal activity. The auditor will carry out procedures necessary to
support his work and at the same time if anything comes to his attention that needs further
investigation, will pursue it to its conclusion.
d.
When management or directors are involved in criminal activity, their credibility is
minimal at best. This indicates a larger risk of material misstatement of the financial statements.
Where there is evidence of criminal activity, the auditor should consult a lawyer and consider
resigning from the audit engagement.
e.
If it were found that a prudent person (other auditors) would have gathered more
evidence that would have led to the discovery of the fictitious sales, then it would be considered
negligence.
10-24
Risk of error or fraud
Inaccurate data could be entered for a sale,
resulting in incorrect or unauthorized prices or
quantities.
Payment type or amount could be incorrect,
resulting in incorrect payments being
processed, or the wrong type of payment being
tracked, resulting in inability to reconcile cash,
and the potential for cash theft.
Sales might not be recorded, staff could take
the cash.
Sales could be processed and goods given for
fictitious or stole credit cards, and the store
would have to return the funds.
Unauthorized individuals could change prices,
or access systems and introduce viruses or
unauthorized program changes.
Potential control (type of control)
- automated comparison of shoe code number
to number in master file to see if it is on file
(application control)
- retrieval of price for that shoe code from
price in master file (application control)
- reasonableness check on quantity (e.g.
requiring re-entry if greater than 1) (application
control)
- display back of data entered for visual
check/warning message if there is an error
(application control)
- all fields must be entered before a sale is
processed (application control)
- valid code for type of payment (must be one
of the valid types, cash, debit or credit card)
(application control)
- compare Debit card, credit card and cash
totals to POS total, i.e. cash drawer
reconciliation (application control)
- sequentially numbered sales receipts
(automatic, by the information system)
(application control)
- sign requesting all customers to ask for a
receipt/gift certificate if not given (application
control)
- if credit card payment code is entered, sale is
not processed until authorization code from the
credit card terminal is received (application
control)
Proper control over passwords, i.e.
* new user/passwords approved in writing by
the store manager or assistant manager or
implemented by same (application control)
* passwords not available to others (by
displaying or talking about them, etc.)
(application control)
* passwords for terminated employees deleted
immediately (application control)
* password should clear after each transaction
(or timeout) (application control)
- exception report of price overrides kept
electronically or printed for review by head
office (application control)
- shoe code master file numbers should be
entered by supervisor (or downloaded from
head office) (application control)
Systems might be unavailable and sales
Alternative procedures should be available for
processed, for example in the event of a power all systems in the event of unavailability,
failure or other disruption.
adequately tested, and employees trained in
these procedures (general control)
Information systems may not meet the needs of All new systems should be approved by the
the business.
information systems steering committee, after
appropriate analysis and involvement by users
(corporate governance and general controls)
11-31 a.
There are many fraud risk factors indicated in the dialogue. Among the fraud risk
factors are the following:
 A significant portion of Mint’s compensation is represented by bonuses and stock options.
Although this arrangement has been approved by SCS’s Board of Directors, this may be a
motivation for Mint, the new CEO, to engage in fraudulent financial reporting.
 Mint’s statement to the stock analysts that SCS’s earnings would increase by 30% next year
may be both an unduly aggressive and unrealistic forecast. That forecast may tempt Mint to
intentionally misstate certain ending balances this year that would increase the profitability of
the next year.
 SCS’s audit committee may not be sufficiently objective because Green, the chair of the
audit committee, hired Mint, the new CEO, and they have been best friends for years.
 One individual, Mint, appears to dominate management without any compensating controls.
Mint seems to be making all the important decisions without any apparent input from other
members of management or resistance from the Board of Directors.
 There were frequent disputes between Brown, the prior CEO, who like Mint apparently
dominated management, and the Board of Directors, and Jones, the predecessor auditor. This
fact may indicate that an environment exists in which management will be reluctant to make
any changes that the current PA firm suggests.
 Management seems satisfied with an understaffed and ineffective internal audit department.
This situation displays an inappropriate attitude regarding the control environment.
 Management has failed to properly monitor and correct a significant deficiency in its internal
controlthe lack of segregation of duties in cash disbursements. This disregard for the
control environment is also a risk factor.
 Information about anticipated future layoffs has spread among the employees. This
information may cause an increase in the risk of material misstatement arising from the
misappropriation of assets by dissatisfied employees.
b.
To help detect the potential for financial statements misstatement, the auditor would do
additional cut-off testing, particularly for revenues, and carefully review journal entries to ensure
that there is adequate support. Also, accounts that are susceptible to judgment, such as accounts
receivable allowances, should be carefully audited.
If the auditor intends to rely upon the work of the internal audit department, the auditor
may need to reperform audit procedures, particularly if there is inadequate independence.
c.
Kent has many misconceptions regarding the consideration of fraud in the audit of SCS’s
financial statements that are contained in the dialogue. Among Kent’s misconceptions are the
following:
 Kent states that the auditor does not have specific duties regarding fraud. In fact, an auditor
has a responsibility to specifically assess the risk of material misstatement due to fraud and to
consider that assessment in designing the audit procedures to be performed.
 Kent is not concerned about Mint’s employment contract. Kent should be concerned about a
CEO’s contract that is based primarily on bonuses and stock options because such an
arrangement may indicate a motivation for management to engage in fraudulent financial
reporting.






Kent does not think that Mint’s forecast for fiscal 2010 has an effect on the financial
statement audit for 2009. However, Kent should consider the possibility that Mint may
intentionally misstate the 2009 ending balances to increase the reported profits in 2010.
Kent believes the audit programs are fine as is. However, the audit programs should be
modified because of the many risk factors that are present in the SCS audit.
Kent is not concerned that the internal audit department is ineffective and understaffed. In
fact, Kent should be concerned that SCS has permitted this situation to continue because it
represents a risk factor relating to misstatements arising from fraudulent financial reporting
and/or the misappropriation of assets.
Kent states that an auditor provides no assurances about fraud because that is management’s
job. In fact, an auditor has a responsibility to plan and perform an audit to obtain reasonable
assurance about whether the financial statements are free of material misstatement, whether
caused by error or fraud.
Kent is not concerned that the prior year’s material weakness in internal control has not been
corrected. However, Kent should be concerned that the lack of segregation of duties in the
cash disbursements department represents a risk factor relating to misstatements arising from
the misappropriation of assets.
Kent does not believe the rumours about big layoffs in the next month have an effect on audit
planning. In planning the audit, this risk factor should be considered, because it may cause an
increase in the risk of material misstatement arising from misappropriation of assets by
dissatisfied employees.
d.
Auditing standards require that auditors document the following matters related to the
auditor’s consideration of material misstatements due to fraud:
 The discussion among engagement team personnel in planning the audit about the
susceptibility of the entity’s financial statements to material fraud.
 Procedures performed to obtain information necessary to identify and assess the risks of
material fraud.
 Specific risks of material fraud that were identified, and a description of the auditor’s
response to those risks.
 Reasons supporting a conclusion that there is not a significant risk of material improper
revenue recognition.
 Results of the procedures performed to address the risk of management override of controls.
 Other conditions and analytical relationships that indicated that additional auditing
procedures or other responses were required, and the actions taken by the auditor.
 The nature of communications about fraud made to management, the audit committee, or
others.
After fraud risks are identified and documented, the auditor should evaluate factors that reduce
fraud risk. The auditor should then develop appropriate responses to the risk of fraud.
14-22
a.
1.
Occurrence
Accuracy
2.
Occurrence
Accuracy
3.
Occurrence
b. Misstatement or Error
Prevented
Sales may be recorded for
invalid or non-existent
products.
Sales may be processed on
inaccurate price information.
Sales may be recorded for
invalid or non-existent
products.
Sales may be processed for
existing products using
quantities ordered, even when
ordered quantities are not on
hand.
Sales may be processed for
customers who are unable to
pay.
4.
Occurrence
Shipments may be made to
persons making an
unauthorized credit card
purchase (e.g., with a stolen
credit card).
5.
Accuracy
Sales may be processed
inaccurately (e.g., wrong
product, wrong price, wrong
quantity).
6.
Occurrence
Sales may be recorded even
though shipment has not
occurred.
Sales may be recorded in the
wrong time period.
Timing
c. General Control
Needed
Access controls: only
authorized individuals
may access master files
(e.g., use passwords).
d. Audit Test
Program change
controls: only
authorized changes
should be made to
programs that perform
calculations (e.g.,
reducing inventory for
shipped orders).
Access controls: only
secure information
should be sent/received
to or from credit card
companies.
Use computer-assisted
audit techniques to scan
inventory files for
inventory quantities that
are less than zero.
Review password access
tables to ensure that only
authorized individuals
can access master files.
Computer-assisted audit
techniques should be
used to list any accounts
receivable amounts for
internet sales that have
been outstanding for
more than 30 days.
Segregation of duties:
Use computer-assisted
only authorized
audit techniques to list
personnel should have
any customers where the
access to physical media credit card billing
(e.g., hard drives) on
address is different from
which data is stored.
the shipping address.
Program change
Complete a test order on
controls: only
the internet to ensure
authorized changes
that the accept and reject
should be made to
buttons are functioning
programs that perform
correctly.
calculations, e.g.,
calculating invoice
totals.
Access controls: only
Use computer-assisted
authorized individuals
audit techniques to list
should be allowed to
the pending file as of the
enter shipping
year end date. Trace to
information.
subsequent sales
documents.
18-27
a. Type of
Exception
b.
Transactionrelated Audit
Objective Not
Met
1.
Acquisition
Monetary
transactions are
error or
properly
irregularity classified
(classification).
c. Audit
Importance
d. Follow-up
e. Effect on
Audit
f.
Preventive
Controls
Indicates that
no one is
effectively
reviewing the
accounting
distribution.
Auditor must
consider the
effect of the
errors in
determining
the amount of
reliance
which he or
she may
place on the
system.
Determine the
significance of
the
misclassifications
and plan any
required
additional steps
that are deemed
appropriate.
Have a
second
person
review the
account
distribution
of invoices
that enter the
system.
2. Control
deviation
Recorded
acquisitions are
for goods and
services
received,
consistent with
the best
interests of the
client
(existence).
Acquisition
transactions are
authorized
(authorization).
Determine
whether or not
the controller is
effectively
reviewing
invoices and
other supporting
documents.
3.
Monetary
error or
irregularity
Acquisition
transactions are
recorded on a
timely basis
(timeliness).
Indicates that
the controller
is not
following the
procedure of
initialling
invoices. This
may indicate
that he is not
effectively
reviewing
invoices and
other
supporting
documents
prior to
payment.
At the date of
the physical
inventory,
this situation
will prove
If considered
significant,
the errors
could prevent
reliance on
the system of
internal
controls and
require the
auditor to
perform
additional
tests of the
classification
of items
within the
financial
statements.
If
determination
is made that
controller
does not
review
supporting
documents,
the audit tests
will require
extension to
determine the
significance
of the
weakness.
Require
expansion of
purchase
cutoff work
at physical
Require that
copies of all
receiving
reports be
routed
Determine
whether or not
this situation
persists
throughout the
Internal
audit
department
could review
supporting
documents
for approval
of controller
and test
items to
determine
effectiveness
of
controller’s
review.
4.
Monetary
error or
irregularity
Recorded cash
disbursements
are for goods
and services
actually
received
(existence).
5.
Monetary
error or
irregularity
Recorded
acquisition
transactions are
correctly
valued
(existence).
critical in that
any items
counted in
physical
inventory and
not recorded
in the
purchase
journal will
cause an
inventory
overage and
understated
cost of sales.
It could be a
fraudulent
payment or it
could result
in an
overstatement
of perpetual
inventory
records. The
situation is
wasteful of
company
assets and
must be
brought to the
client’s
attention.
year or whether it inventory
is rectified at
date and
physical
year-end.
inventory date
and year-end.
directly to
accounting
for
numerical
sequencing
of receiving
reports on a
regular
basis.
Investigate the
frequency of
occurrence of
duplicate
payments to
determine their
significance.
All duplicate
invoices are
marked
“duplicate”
upon receipt.
Invoices
must be
matched
with an
original
receiving
report and
purchase
order prior
to approval
for payment.
Results in
$100 liability
that may or
may not be
recorded on
the books.
Investigate the
occurrence rate
of the error to
determine the
possible effect of
unrecorded
liabilities on the
financial
statements.
The duplicate
payments
result in
recording of
nonexistent
inventory. If
the company
performs an
interim
physical
inventory, the
auditor could
experience a
problem
relying on
internal
control
between the
physical
inventory
date and
year-end.
Probably
none, since
occurrence
rate is low. If
amount is
significant,
then
expansion of
reconciliation
of vendor
statements
Compare
cheques to
invoice
amount prior
to signing
cheques.
may be
appropriate.
6. Control Existing cash
The cheque
Have the
Auditor
deviation
disbursement
may not
company issue a should
transactions are actually have stop payment for scrutinize the
recorded
been voided, the missing
bank cutoff
(completeness). it could
cheque to prevent statement for
represent
its cashing.
the
disbursement
possibility
of cash if the
that cheque
cheques were
may have
completed.
been issued
and cashed.
7. Control Recorded
Absence of
Obtain bill of
If either of
deviation
acquisitions are receiving
lading copy from the problems
and
for goods and
reports
vendor to
is considered
Monetary
services
prevents the
determine
significant to
error or
received,
auditor from
whether or not
the auditor,
irregularity consistent with determining
the merchandise he should
the best
whether or
was received.
expand the
interests of the not the goods Determine if the scope of his
client
were received absence of
or her tests of
(existence).
and
receiver indicates transactions
Recorded
processed on that they are not
to determine
acquisition
a timely
compared to the
the effect on
transactions are basis. The
invoice.
the financial
correctly
extension
Determine the
statements.
valued
error
error rate by
(accuracy).
indicates that expanding the
the clerical
tests if the error
accuracy of
noted is
invoice tests
considered
is ineffective. significant.
Require all
voided
cheques be
properly
voided and
saved.
Require that
copies of
receiving
reports must
be present
before
invoices are
approved for
payment.
Have
internal
auditors test
extensions to
determine
that the
clerical tests
are effective.
19-25 a.
Supplier master file changes (such as supplier address, email contact and banking
information) should only be changed based upon authorized information provided by the
supplier. This could be an email, fax, or letter that is clearly from the supplier. In particular,
information such as banking information (used for electronic payments) or mailing address used
for payments should be independently verified by a second person.
b.
Potential risk of misstatements could arise because of incorrectly recorded vendor
volume bonuses or variable pricing. These risks could be mitigated by having clear
documentation explaining how these pricing methods are used and which suppliers they apply to.
Calculations should also be independently checked. The company should also consider
estimating these amounts and applying to inventory as estimated amounts.
c.
[Note that these calculations would vary based upon the assumptions made.]
Tangible costs and benefits:
[Note, this analysis does not consider the time value of money. Net present value calculations
could be used.]
Tangible costs:
(1) Initial outlay. $200,000
(2) Additional tangible costs would include maintenance costs associated with the
hardware/software and hardware/software licensing costs.
Tangible benefits [per year]:
(1) One employee, time saving, minimum of 50% of time [Say, $40,000 per year plus benefits],
estimated at $25,000.
(2)
Other employees dealing with queries, say 30 minutes per query. Reduced from 7,250 to
3,300 = 3,950. 3,950 x 0.5 hours = 1,975 hours or 56.4 person-weeks per year (based upon 35
hours per week); or 1.13 person-years, based upon 50 work weeks per year. Salary levels of
individuals answering these queries would vary, estimated at $50,000 per year x 1.13 =
$56,500.
Annual tangible savings:
The sum of the benefits listed above, $25,000 plus $56,500 = $81,500.
These figures would indicate that the payback of this system is less than three years,
($200,000/$81,500 = 2.45) and that CC has already recovered the system costs in increased
efficiency.
Intangible costs and benefits:
Intangible costs include:
 Ongoing training costs
 Set-up costs of suppliers/vendors in the new systems
Intangible benefits include:
 Fewer interruptions for employees who normally deal with these questions
 Improved employee morale; not having to deal with repetitive questions
 Faster response time to queries for suppliers who use iSupplier
 Increased supplier satisfaction for those suppliers who use iSupplier
 Marketing tool to attract new suppliers
 Ability to handle larger numbers of transactions with the same employees
Related documents
Auditor Reporting ppt
Auditor Reporting ppt
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Chapter 7
Chapter 7
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Electronic Data Processing * Audit Sistem Informasi
Electronic Data Processing * Audit Sistem Informasi
Non-Profit Revitalization Act (2010 version) -good
Non-Profit Revitalization Act (2010 version) -good
Mr. Ky Sophan_Internal Audit Roles
Mr. Ky Sophan_Internal Audit Roles
KEYS TO A SUCCESSFUL AUDIT - Donna Denker & Associates
KEYS TO A SUCCESSFUL AUDIT - Donna Denker & Associates
Audit Plan
Audit Plan
Download
advertisement