Which of the following is not a component of the kpmg professional judgment framework?

This paper discusses the impact of task performance, fraud risk assessment and forensic accountants and auditors’ skills and mindsets in the Nigerian public sector. It also draws the attention of the users of public sector accountants and auditors such as the Economic and Financial Crimes Commission, the Independent and Corrupt Practices Commission, Special Control Unit of Money Laundering, Terrorism Financing and white collar crimes. The objective of the study is to enhance the fraud risk assessment task performance in the Office of both Auditor General for the Federation and Accountant General of the Federation through the effective use of skills and mindsets (forensic accountant vs. auditor), which will usher in the best corporate governance practices in the Nigerian public sector. Thus, the study suggests performance measurement can be improved considering the impact of forensic accountant skills and mindsets on fraud risk assessment in the Nigerian public sector.

Organizational ethics and climate

• generally accepted principles that guide behavior in organizational contexts
• moral atmosphere and level of ethics practices within a company
• determined by leaders
• shared values, beliefs, goals, and problem solving
• focuses on issues of right and wrong

• Explicit statements of values beliefs and customs from top management

Establishing an ethical culture

• corporate culture is shared beliefs of top managers in a company about how they should manage themselves and other employees, and how they should conduct business
• tone at the top refers to the ethical environment that is created in the workplace by the organization's leadership
• corporate culture starts with an explicit statement of values, beliefs, and customs from top management

Refers to the ethical environment that is created in the workplace by the organization's leadership

What is the purpose of a code of ethics?

• it serves as a guide to support ethical decision making
• it clarifies an organization's mission, values, and principles, linking them with standards of professional conduct

Framework for understanding ethical decision making in business:

1. ethical issue intensity
2. individual factors
3. organizational factors
4. opportunity

Importance of the issue to the individual, work group, and/or organization (intensity) based on values, beliefs, and norms involved and pressures in the workplace

• values of individuals
• organizational and social forces shape behavior intentions and decision making

Organization's values have a greater influence than a person's own values

Conditions that limit or permit ethical or unethical behavior

Ethical Leadership: Leaders of good character

• possess integrity, courage, and compassion
• careful and prudent
• decisions and actions inspire employees to act in an enhancing way

Ethical Leadership: Virtues

• courage, temperance, wisdom, justice, optimism, integrity, humility, reverence, and compassion

Key makers of highly ethical organizations

• humility
• zero tolerance for individual and collective destructive behaviors
• justice
• integrity
• trust
• a focus on process
• structural reinforcement
• social responsibility
• values driven organization that encourages openness, transparency, and provides supportive environment to voice values without fear of retribution or retaliation

Organizational influence on ethical decision making: Jones-Hiltebeitel Model

• looks at the role of one's personal code of conduct in ethical behavior within an organization
• moral intensity is key
• when one's personal code is insufficient to make the necessary moral decision, the individual will look at professional and organizational influences to resolve the conflict

• interaction between the individual and the organization, based upon person-organization ethical fit at various stages of the contractual relationship in each potential ethical fit scenario

Four potential fit options:

1. High/High (high org and high individual ethics)
2. Low/Low (low org and low individual ethics)
3. High/low (high org and low individual ethics)
4. Low-high (low org and high individual ethics)

7 Signs of Ethical Collapse

Occurs when any organization has drifted from the basic principle of right and wrong

1. pressure to maintain numbers
2. fear and silence
3. young'uns and bigger than life CEO
4. weak BOD
5. conflicts of interest overlooked or unaddressed
6. innovation like no other company
7. goodness in some areas atones for evil in others

7 Signs of Ethical Collapse: Pressure to maintain numbers and fear of reprisals

• ethical collapse occurs when there is an unreasonable and unrealistic obsession with meeting quantitative goals
• AKA: financial results at all costs
• employees are reluctant to raise issues of ethical concern because they may be ignored, treated badly, transferred, or worse
• AKA: kill the messenger syndrome

7 Signs of Ethical Collapse: loyalty to the boss and weak BOD

• young people selected by the CEO for their position based on inexperience, possible conflicts of interest, and unlikelihood to question the boss's decisions
• weak board of directors characterizes virtually all of the companies with major accounting frauds in the early 2000s

Corporate governance structures and relationships: internal mechanisms

• corporate governance is shaped by internal and external mechanisms
• internal mechanisms help manage, direct, and monitor corporate activities to create sustainable stakeholder value
• EX: independent BOD, audit committee, management, internal controls and internal audit function

Corporate governance structures and relationships: External mechanisms

• they are intended to monitor company's activities, affairs, and performance to ensure that the interests of insiders (mgmt, directors, and officers) are aligned with the interests of outsiders (shareholders and stakeholders)
• EX: the financial markets, state and federal statures, court decisions, and shareholder proposals

Potential Agency Problems: executive compensation

• compensation packages are tied to firm performance and stock option plans creating an incentive to manipulate earnings
• backdating stock options and improper disclosures
• clawbacks allow a recovery of compensation from CEO and CFO's of public companies

• the degree to which an organization understands and addresses stakeholder demands

consists of:

• generational of data about stakeholder groups and assessment of the firm's effects on these groups
• distribution of this information throughout the firms
• the responsiveness of the organization as a whole to this information

• investors and shareholders, creditors, employees, customers, suppliers, government agencies, communities and others
• have a "stake" or a claim in some aspect of the company's product, operations, markets, industry, and outcome

It takes a long time to build a reputation of ____, but not very long to tear it down.

• it means to be reliable and carry through words with deeds
• trust becomes pervasive only if the organization's values are followed and supported by top management
• trust can be lost, even if once gained in the eyes of the public, if an organization no longer follows the guiding principles that helped to create its reputation for trust

an aspirational statement that encourages employees to internalize the values of the company

Ethical and legal responsibilities of officers and directors

• directors and officers are deemed fiduciaries of the corporation as their relationship with the corporation and its shareholders is one of trust and confidence

They have a duty of:

1. duty of care: act in good faith, exercise the care an ordinary prudent person would exercise in a similar situation
2. duty of loyalty: act in the best interest of corporation; loyalty can be defined as faithfulness to one's obligations and duties
3. duty of good faith: requires an honesty of purpose that leads to caring for the well being of the constituents of the fiduciary

Best practices of governance:

• independent directors enhance governance accountability
• separation of duties of CEO and BOD minimizes conflict of interest
• separate meetings between the audit committee and external auditors strengthens control mechanisms

A ____ goes beyond what is legal for an organization and provides ____ for ethical conduct. Support for ethical behavior from ____ is a critical component of fostering an ethical climate.

• code of conduct
• normative guidelines
• top management

What are 6 of the most observed types of misconduct?

1. stealing or theft
2. falsifying time reports
3. falsifying expense reports
4. falsifying and manipulating financial reporting information
5. falsifying invoices, books, and records
6. accepting gifts of kickbacks

• a deliberate misrepresentation to gain advantage over another party
• typical business loses at least 5% of annual revenues and losses up to $2.75 million due to fraud
• frauds usually last around 16 months before it is detected

• use of one's position to misappropriate organization's resources or assets for personal gain
• detected through tips, hotlines, etc
• asset misappropriation schemes is the most common type of occupational fraud
• proactive fraud prevention is vital to managing fraud risk

Frequency of anti-fraud controls:

• External audit of financial smts: 80%
• code of conduct: 80%
• internal audit department: 73%
• mgmt certification of FS: 72%
• external audit of internal controls: 67%
• management review: 66%
• hotlines: 63%
• independent audit committee: 61%

Behavioral indicators of fraud:

1. Living Beyond Means
2. Financial Difficulties
3. unusual close association with vendor or client
4. control issues, unwillingness to share duties
5. wheeler-dealer attitudes
6. divorce or family issues
7. instability, suspiciousness, or defensiveness
8. addiction problems
9. complained about inadequate pay
10. refusal to take vacation

Financial statement fraud

• AKA: management fraud
• fraud schemes occur because an employee causes a misstatement or omission of material information in the financial statements

Typical methods:

• revenue overstatement
• expense understatment
• improper asset valuation

What is the fraud triangle?

Fraud diamond?

• Triangle: perceived pressure, perceived opportunity, & rationalization
• Diamond: perceived pressure, perceived opportunity, rationalization, ability, & psyche

• requires CEO and CFO to certify financial statements contain no material misstatements
• helps protect the public against fraudulent financial statements

• independent director with one having financial expertise
• duty to have oversight of financial reporting: internal audit function, external auditors, CEO and CFO FS certification process
• Review formal announcements of earnings, significant financial reporting judgments, internal controls and risk management procedures, whistleblower and compliance program, external auditor’s independence and objectivity and effectiveness of audit process
• seen as the one body that should be able to prevent identified fraudulent financial reporting
• they meet separately with the senior executives, the internal auditors, and the external auditors

• monitor corporate governance activities and compliance with organization policies
• review effectiveness of organization's code of ethics and whistleblower provisions
• "eyes and ears" of audit committee
• assess audit committee effectiveness and compliance with regulations

• An obligation to the public interest that underlies their corporate governance responsibilities
• Protect the interests of shareholders
• Communicate effectively with the audit committee: accounting policies and procedures, estimates by management; quality of financial reporting; potential violations of laws
• Ensures accountability for financial reporting process

• prevent and detect errors and fraud
• ensure management policies are followed
• ethical systems built into corporate governance
• however, IC can be overridden by top management

COSO Internal Control - Integrated Framework

• emphasizes roles of BOD, management, internal auditors, and personnel
• designed to provide reasonable assurance
• establish systems to prevent fraudulent reporting
• sets tone at the top
• importance of strong control environment

Framework:

• control environment
• risk assessment
• control activities
• monitoring
• information and communication

Internal control weaknesses

• an effective system of internal controls is critical to establish an ethical corporate culture that should be supported by the time at the top
• Internal controls can only provide reasonable assurance, management can still override controls and cause problems

What are the 4 elements of whistleblowing?

1. the whistleblower
2. the whistleblowing act or complaint
3. the party to whom the complaint is made
4. the organization involved with the complaint

Morality of whistleblowing

• organizational policies should be designed to encourage moral autonomy, individual responsibility, and organizational structure for whistleblowers
• if pressure exists in an organization to not report wrongdoing, a rational, moral person will withstand such pressure, even with perceived retaliation, because it is a moral requirement to do so

Whistleblower: right and duties

• whistleblowers hope and believe their speaking out will achieve correction of what they perceived as the organizational wrongdoing
• when organizations establish an ethical culture and anonymous channels to report wrongdoing, it creates an environment that supports whistleblowing and whistle-blowers while controlling for possible retaliation

Compliance function: ethics officer

An organization's ethics officer:

• ensures that the organization is in compliance with the laws and regulations, including SEC laws, SOX, and Dodd Frank
• may report to the audit committee, CEO, or general counsel
• official member of the c-suit
• addresses existing requirements and anticipates regulatory changes and their likely impact

Dodd-Frank Wall St. Reform and Consumer Protection Act

• establishes benefits for whistleblowers who aid in recovery of $1 million or more
• defines a whistleblower as any individual who voluntarily provides information to the SEC relating to a violation of federal securities laws
• employees have a loyalty obligation to their employer
• internal accountants are excluded from receiving whistleblower awards

What are the most common actions people would take when they observe a violation of code of conduct?

• 78% would notify their supervisor or another manager
• 54% would try resolving the matter directly
• 53% would call the ethics or compliance hotline
• 26% would notify someone outside the organization
• 23% would look the other way or do nothing

Public watchdog function:

• public responsibility transcending any employment responsibility with the client
• ultimate allegiance to the corporation's creditors and stockholders, as well as to the investing public
• accountant must maintain total independence from the client at all times and requires complete fidelity to the public trust

Professional Judgement in Accounting:

• professional judgement is influences by personal behavioral traits such as attitudes and ethical values
• personal values link to ethical sensitivity and judgement
• ethical awareness of an ethical dilemma is a mediator of personal factors and ethical judgement relationship
• objectivity and due care are attitudes and behaviors that enable professional judgement
• professional skepticism is essential in making professional judgements; helps frame auditors mindset of independent thought

• judgement is the process of reaching a decision or drawing conclusion where there are a number of possible alternative solutions
• judgement occurs in a setting of uncertainty, risk, and often conflicts of interest

KPMG Professional Judgement Framework

Framework components revolve around one's mindset:

• clarify issues and objectives
• consider alternatives
• gather and evaluate information
• reach conclusion
• articulate and document rationale

• prescriptive framework is used but pressures, time constraints, and limited capacity may cause deviations
• auditor should approach matters with objectivity and independence, with inquiring mind and critical assessment of audit evidence

KPMG Framework and Cognitive processes

• auditors need to use system 2 thinking such as ethical awareness and application of ethical reasoning
• judgments can fall prey to cognitive traps and biases that negatively influence judgements such as group think, rush to solve problems, and judgment triggers
• judgement triggers can lead to accepting a solution before it is properly identified and evaluated

Role of professional skepticism

• links to professional judgement through the ethical standards of independent thought, objectivity and due care, which are incorporated in AICPA code of Professional conduct
• CPA firm mgmt should set an appropriate tone that emphasizes a questioning mind throughout the audit and the exercise of professional skepticism in gathering and evaluating evidence

What were the themes of investigations on firms during the 1970-2000s?

• nonaudit services impairing auditor independence
• mgmt to report on internal controls
• prevention and detection of fraud
• role of audit committee and communication between them and auditors
• peer reviews/inspections

Example:

• ZZZZ Best company created fictitious revenue that amounted to 80% of total revenue and the auditors did not disclose the fraud to the authorities

As long as the _____ of independence has been tainted by a consulting relationship, the ____ would be compromised.

• appearance
• independence standard

AICPA Revised Code: Independence for members in public practice

• conceptual framework incorporates a "threats and safeguards approach"
• Violation of the rules for a CPA to permit others acting on his behalf to engage in behavior that would have been a violation for the CPA.
• When differences exist between AICPA and those of the licensing state board of accountancy, the CPA should follow the state board’s rules.

Conceptual Framework for Independence Standards

• Independence required for audit and other attestation services; in fact and in appearance.

AICPA uses risk based approach for analyzing threats using the following steps:

• Identifying and evaluating threats to independence.
• Determining whether safeguards already eliminate or sufficiently mitigate identified threats and whether threats that have not yet been mitigated can be eliminated or sufficiently mitigated by safeguards.
• If no safeguards are available to eliminate an unacceptable threat or reduce it to an acceptable level, independence would be considered impaired.

Examples of non-audit services:

• financial information systems design and implementation
• Appraisal or valuation services, fairness opinions, or contribution-in-kind reports.
• Actuarial services.
• Internal audit outsourcing services.
• Management functions or human resources.
• Broker or dealer services, investment adviser, or investment banking services.
• Legal services and expert services unrelated to the audit.
• Any other service prohibited by BOD.
• Tax services must be pre-approved by the audit committee.

Examples of Relationships that may impair independence:

• Financial relationships - both direct or indirectly such as loans to or from a customer
• Business relationships.
• Employment or association with attest clients.
• Providing non-attest services to an attest client.
• Hosting services.
• Nontraditional forms of ownership.

Threats to independence: Employment or Association with Attest Clients

Independence may be impaired when a partner or professional employee leaves the firm and is subsequently employed by the client in a key position unless following met:

• Amounts due to the former professional are not material to the firm.
• The former professional is not in a position to influence the accounting firm’s operations or financial policies.
• The former professional employee does not participate in or appear to participate in or is not associated with the firm once the relationship with the client begins.

Threats to independence: Providing nonattest services to an attest client

• Certain lucrative nonattest services create a conflict of interests.
• A CPA should not perform management functions or make management decisions for an attest client.

Client must agree to perform the following functions:

• Assume all management responsibilities.
• Designate competent overseer of these services.
• Evaluate adequacy and results of services performed.
• Accept responsibility for the results of the services.

Threats to independence: hosting services

• Hosting services can impair independence when a CPA assume responsibility for maintaining internal control over client’s data or records.

The following services will impair independence.

• Housing an attest client website or other non-financial information on servers the firm leases.
• Keeping attest client data, records, including storage and safekeeping, on the CPA’s server.
• Maintaining the original hard copies of the client lease agreements in the CPA firm’s facility.

What are the Code of ethics for professional accountants under IFAC (international federation of Accountants)

Principles:

• Integrity.
• Objectivity.
• Professional Competence and Due Care.
• Confidentiality.
• Professional Behavior.

SEC position on independence

Emphasizes independence in fact and appearance in 3 ways:

• Proscribing certain financial interests and business relationships with the audit client.
• Restricting certain nonauditing services to audit clients.
• Subjecting all auditor conduct to a general standard of independence.

Three principles that underlie auditor independence:

• An auditor cannot function in the role of management.
• An auditor cannot audit her own work.
• An auditor cannot serve in an advocacy role for her client.

General standard of independence

• Judged by a reasonable investor with knowledge of all relevant facts and circumstances.
• Auditor must be capable of exercising objective and impartial judgment on all issues within the engagement.

Initiative by the SEC to identify auditors who neglect their duties and the required auditing standards.

Cases involve:

• Lack of due care.
• Failure to obtain competent evidential matter.
• Failure to properly assess audit risk.
• Insufficient documentation of audit procedures.
• Failure to properly assess internal controls.
• Failure to perform an engagement quality review.
• Failure to communicate information to the audit committee

Integrity and objectivity: conflicts of interest

• Conflicts of interest for public practice occur when a professional service, relationship, or specific matter creates a situation that might impair objective judgment.
• A conflict of interest creates adverse and self-adverse threats to integrity and objectivity.
• The CPA should disclose the nature of the conflict to clients and obtain their consent to perform professional services.
• If consent is not received, then the CPA should either cease performing the services or take action to eliminate or reduce the threat to an acceptable level.

AICPA Code: Ethical Conflicts

• Ethical conflicts create challenges to ethical decision making because they present barriers to meeting the requirements of the rules of conduct.
• Consider whether any departures exist to the rules, laws, or regulations and how they will be justified in order to ensure that conflicts are resolved in a way that permits compliance with these requirement.
• Any unresolved conflicts can lead to a violation of the rules of conduct which should focus the CPA’s attention on any continuing relationship with the engagement team, specific assignment, client, firm, or employer.

Subordination of judgement

• Integrity rule prohibits a CPA from knowingly misrepresenting facts or subordinating one’s judgments when performing professional services for a client or employer.
• CPA should consider any threats to integrity and objectivity, and assess their significance whenever there is a material misrepresentation of fact.
• CPA should assess if threats are at an acceptable level; if not, evaluate significance of safeguards to prevent impairment to independence/objectivity.

AICPA Code: Conceptual Framework for Members in Business

• The conceptual framework for members in business applies to integrity and objectivity, as well as other rules of conduct, but not independence.

Examples of threats:

• Adverse interest threat.
• Advocacy threat.
• Familiarity threat.
• Self-interest threat.
• Self-review threat.
• Undue influence threat.

Examples of safeguards to mitigate risk

• Tone at the top.
• Policies, procedures, implementation, and monitoring addressing ethical conduct and compliance with laws and regulations.
• Internal policies and procedures for disclosure of interests and relationships.
• Whistle-blower hotlines and reporting structure.
• Internal auditors not allowed to audit areas where they have operational responsibilities.
• Policies for promotion, rewards and enforcement of a culture of high ethics and integrity.
• Use of third-party resources for consultation as needed.

Establishes requirements for competence, compliance with professional standards, and adherence to accounting principles

Covers a broad number of actions that may bring discredit to the profession such as:

• Discrimination and harassment.
• Solicitation or disclosure of CPA examination questions and answers.
• Failure of a CPA/CPA firm to file and pay taxes.
• Negligence in preparation of financial statements or records.
• Standards relating to governmental accounting and auditing.

Contingent fees, commissions, and referral fees

• Contingent fees and commissions are permitted when performing advisory-type services for a nonattest client.
• Contingent fees are prohibited from an attest (audit) client.

Commissions and referral fees:

• Rule is similar to that for contingent fees; cannot accept commissions or referral fees from audit client.
• Commissions and referral fees require disclosures by CPAs when recommending or referring a service or product to which the commission relates.

Advertising and solicitation

Advertising and solicitation permitted under the following circumstances:

• Requires that advertising not be false, deceptive or misleading.
• Imply ability to influence official bodies.
• Contain a representation that specific services will be performed for a stated fee, when such fees would be substantially increased.
• Prohibits solicitation by use of coercion, over-reaching, or harassing conduct.
• Contain any representation that would be likely to cause a reasonable person to misunderstand or be deceived.

Confidentiality and knowing confidential information:

• CPA should not disclose confidential client information without specific consent of the client.
• Internal whistleblowing allowed; external may violate confidentiality; consult legal counsel.

Permitted disclosure of confidential client information:

• Response to validly issued subpoena or summons.
• Adherence to applicable laws and regulations (i.e., Dodd-Frank whistle-blowing provisions).
• Compliance with peer review of CPA practice under PCAOB, AICPA, state CPA society, or board of accountancy authorization.
• Defense in an investigation of the CPA.

Dr. Herron's definition of fraud:

• a scheme (not simply an act of theft)

What are the 7 parts of fraud:

1. a representation
2. about a material fact
3. which is false
4. and intentionally or recklessly (aka scienter)
5. which is believed
6. and acted upon by the victim
7. to the victim's damage

Fraud in financial statements

• primary responsibility for prevention and detection of fraud rests with both those charged with governance of the entity (BOD) and management
• an auditor conducting an audit in accordance with GAAS is responsible for obtaining reasonable assurance that the financial statements as a whole are free from material misstatements, whether by error or fraud
• an unavoidable risk still exists that some material misstatements, whether by fraud or error) of the FS may not be detected

What is necessary for all financial statement frauds?

• a plausible debit and credit
• manipulation, falsification, or altering of accounting records is the #1 scheme
• Misrepresentation of a financial statement disclosure that is not presented in conformity with GAAP or is intentionally omitted.
• Intentional misapplication of accounting principles relating to measurement, recognition, classification, presentation or disclosure.

Define difference between:

1. Error
2. Fraud
3. Illegal acts

1. error: unintentional mistakes in math, application of GAAP, or omission of information
2. Fraud: deliberate decision made to deceive others through fraudulent financial reporting or misappropriation of assets
3. illegal acts: violations of laws or regulations or bribery

Steps to be taken when suspecting illegal acts:

1. assess the impact and materiality of the acts on the financial statements
2. then, consult with legal counsel and other specialists
3. then report the acts to audit committee

• It is also important to consider client's remedial actions such as disciplinary actions, controls to safeguard against recurrence, reporting effects of the acts
• if the client doesn't take remedial actions, the auditor should always consider withdrawing from the engagement

When is the Private Securities Litigation Reform Act (PSLRA) applicable?

1. The illegal act has a material effect on financial statements.
2. Senior management and the board have not taken appropriate remedial action.
3. Failure to take remedial action may warrant departure from a standard audit opinion (or resignation of auditors).

Under PSLRA, what is the auditors responsibility?

When the illegal act has a material effect on the financial statements:

• auditors must report act to the client
• client must inform board of directors which has one to inform the SEC

Under PSLRA, what if the client doesn't report the fraud to the SEC?

If client does not inform the SEC (i.e., take appropriate remedial action):

• Auditors must furnish the report to the SEC within one day;
• Or resign from the engagement within one day;
• Ethical obligation of confidentiality is waived;

Fraud Triangle: Incentives/pressures to commit fraud

• Self-serving incentives such as bonuses or promotion.
• Pressures to meet financial numbers (Management Fraud);
• Financial distress (Personal = VICE = #1; gambling, drugs/alcohol, extra-marital/relationships = 95% of cases)*;
• Home Problems (Spousal/Partner/others’ issues*; excessive debt**);
• Health issues, etc.;

Fraud Triangle: Opportunity

• opportunity is the #1 reason fraud exists and basis for all income statement fraud
• Employees who have access to assets such as cash and inventory;
• Management override of internal controls;
• Internal controls help safeguard assets and minimize opportunity: Segregation of duties, Reconciliations

Fraud Triangle: Rationalization/justification

• Company has to make numbers to protect shareholders & EMPLOYEES!
• Lots of companies have aggressive accounting policies;
• Problems are temporary (e.g., a “one-time thing”);
• Fear losing jobs;
• Feeling of entitlement (employees feel underpaid);
• Some feel they can pay stolen money back before anyone notices it is missing;

There are 3 levels of fraud ability:

1. Departmental: lowest level of ability
2. full accounting/process knowledge: where most FS frauds originate
3. highly nuanced frauds: most difficult to detect due to creativity

• contrary to popular view, not everyone can be a career fraudster
• it requires an understanding or narcissism, sociopathy, and psychopathy
• all fraudsters are a narcissists, but not all narcissists are sociopaths or psychopaths

Red Flags from Tyco fraud:

• Board members benefitted personally from Tyco’s business.
• Directors and officers had loans from the company.
• Related party disclosures were not made.
• Other Red Flags.
• Acquired personal assets with company funds.
• Lavish parties using company funds.
• Decorating NY apartment with company funds.
• PwC partner on Tyco was issued a cease and desist order.
• Failed to follow GAAS.
• Violated antifraud provisions of securities law.

Fraud risk assessment:

What is AU-C240?

Other precautionary steps?

• AU-C240 requires the auditor to evaluate risk assessment during the audit through analytical procedures, brainstorming, etc
• perform an analysis of any red flags for the client
• communicate with the predecessor auditor (required)

Fraud risk assessment: analytical procedures

• example analytical procedures are ratio, horizontal, and vertical analysis - detecting anomalies
• 
  

For EACH of the following statements, circle the appropriate choice (within the parentheses) to make each statement seem strange or anomalous (i.e., NOT what you should expect in normal business relationships):

1. Increasing revenues would seem anomalous alongside (decreasing OR increasing) accounts receivable;
2. Decreasing revenues would seem anomalous alongside (decreasing OR increasing) cash flows;
3. Increasing inventory balances would seem anomalous alongside (decreasing OR increasing) accounts payable;
4. Decreasing production volume would seem anomalous alongside (decreasing OR increasing) costs per unit;
5. Increasing production volume would seem anomalous alongside (decreasing OR increasing) scrap materials;
6. Decreasing inventory balances would seem anomalous alongside (decreasing OR increasing) warehousing costs;

1. decreasing AR
2. decreasing CF
3. decreasing AP
4. increasing cost per unit
5. decreasing scrap materials
6. decreasing warehouse costs

What is the number 1 cause of risk?

• Change
• if there is change, make inquires about the risks of fraud
• consider unusual or unexpected relationships
• consider if more than 1 fraud risk factors exist

Internal control assessment: fight opportunity

• internal control are the best help for preventing or detecting a material misstatement towards providing reasonable assurance from fraud or error

What are the component of internal control under the COSO framework?

Think of the acronym CRIME:

1. Control activities
2. Risk assessment
3. Information and communication
4. Monitoring
5. Control Environment

COSO Guidance on Monitoring Internal Control Systems:

• Management required to monitor controls & determine whether they are operating effectively (may need to redesign when risks change)

Effective monitoring involves:

• Establishing a baseline for control effectiveness;
• Designing/executing monitoring procedures that are based on business/fraud risks;
• Assessing and reporting results, including follow-up on corrective actions;

Audit Committee Responsibilities for Fraud Risk Assessment

Audit Committee should:

• Evaluate management’s identification of fraud risks;
• Implementation of antifraud measures;
• Creation of the appropriate tone at the top;

• Audit committee’s evaluation and oversight = deterrent to senior management engaging in fraudulent activity;
• Audit committee should encourage management to provide a whistleblowing system for employees to report concerns about unethical behavior, suspected fraud, or violations of ethical codes or policies;

Auditor’s Communication with Those Charged with Governance

1. AU-C 240 requires communication by auditors about evidence of fraud to appropriate level of management, even inconsequential or minor misappropriation;
2. Fraud that causes a material misstatement should be reported directly to those charged with governance;
3. Good governance principles suggest that:

• The auditor has access to the audit committee as necessary.
• The chair of the audit committee meet with the auditor periodically.
• The audit committee meets with the auditor without management at least annually.

1. Auditors should communicate about accounting estimates - Nature of significant assumptions/degree of subjectivity/relative materiality.
2. Communicate to management/those charged with governance risks due to fraud that have continuing control implications;

Management representation and financial statement certifications

• Management = responsible for preventing and detecting fraud;
• Management can override internal controls and create deceptive accounting;
• Management representation letters from CEO, CFO, and other appropriate officers (Section 302 of SOX) – supports f/s veracity as well as I/C;

PCAOB Accounting Standards 1301: Communications with audit committee

Audit Committee should be aware of situations that may effect the audit such as:

• Significant accounting policies and practices.
• Critical accounting policies and practices.
• Critical accounting estimates.
• Significant unusual transactions.
• Quality of the company’s financial reporting.
• Disagreements with management.
• Significant difficulties encountered during the audit.

Unmodified or Unqualified Audit opinion:

1. financial statements are presented fairly in regard to financial position, results of operations, cash flows, stockholders equity
2. optional additional paragraph in regard to going concern, consistent application of accounting principles, litigation uncertainty

Modified/Qualified and Adverse Audit Opinions

Modifies the audit opinion when:

• based upon evidence, financial statements are materially misstated or auditors are unable to obtain sufficient evidence (scope limitation)

Qualified Opinion:

• Concludes misstatements, individually or in the aggregate, are material but not pervasive to the financial statements, or,
• Unable to obtain sufficient appropriate audit evidence; possible effect on financial statements could be material but not pervasive.

Adverse opinion:

• Concludes that misstatements, individually or in the aggregate, are material and pervasive

Disclaimer/Withdrawal from engagement

Disclaimer of opinion:

• unable to gather sufficient evidence to warrant the expression of an opinion on the statements as a whole (so bad that you can't form an opinion)

Withdrawal from engagement:

• If significant conflict exists with management or the auditor decides that management cannot be trusted, then a withdrawal may be justified;

• The auditor must consider whether the breakdown between management and the auditor has advanced to the point that any and all information provided by the client is suspect;
• Withdrawal triggers the filing of the SEC’s 8-K* form by management;(*8-k = report to announce major events that shareholders should know about)

Limitations of the audit report: reasonable assurance

Reasonable assurance includes:

• Due care was exercised;
• Relation of independence and client relationships existed;
• Not an absolute guarantee;
• Followed GAAS, gathering sufficient competent evidential matter;
• Failure to follow GAAS: allegation of negligence;

Limitations of the Audit Report: Materiality

• Magnitude of an omission or misstatement of accounting information that the judgment of reasonable person relying on the information would have been changed or influenced by the omission or misstatement.
• 5% is a common materiality test
• SEC wants qualitative matters to be considered as well
• unintended consequences of materiality is that it is subject to manipulation

Limitations of the Audit report: Presents fairly

Auditor’s assessment of fair presentation depends on whether:

• Accounting principles used have general acceptance;
• Accounting principles are appropriate;
• Financial statements are informative;
• Information presented is classified and summarized in a reasonable manner;
• Financial statements reflect the underlying transactions and events in a manner that is consistent with materiality and reflects economic substance;

GAAS:

• General standards (1-3)
• Standards of field work (4-6)
• Standards of reporting (7-10)

1. Adequate technical training and proficiency.
2. Independence in mental attitude.
3. Due care in the performance of the audit and preparation of the report.
4. Adequately plan the audit work and supervise assistants.
5. Obtain a sufficient understanding of internal control to adequately plan the audit and determine the nature, timing, and extent of tests to be performed.
6. Gather sufficient competent evidential matter to provide a basis for an opinion
7. The statements have been in conformity with GAAP.
8. Accounting principles have been consistently applied.
9. Adequate informative disclosures have been made.
10. Expression of an opinion on statements taken as a whole, or indication that an opinion cannot be expressed.

• MUST BE competent and sufficient;
• Management representations are not a substitute for application of proper audit procedures;
• Audit risk and materiality considered together: determination of nature, timing, and extent of procedures; evaluation of results of procedures
• assess risks of material misstatements due to fraud - AKA professional skepticism
• Audit procedures – specific acts performed to gather evidence about specific assertions;

Auditor should exercise professional judgment and skepticism:

• Determining the nature, timing, and extent of audit procedures.
• Determining the sufficiency, competency, and relevancy of evidence.
• Evaluating management’s judgments and estimates.
• Considering fraud in the audit.
• Determining the conclusions based on the audit evidence obtained.
• a state of mind and requires documentation to provide evidence that the audit was planned and performed in accordance with GAAS

Requires registered accounting firms to assess the effectiveness of internal controls

What are the internal control over financial reporting (ICFR) deficiencies:

• Testing the design of controls or effectiveness;
• Application of the top-down risk-based approach;
• Identifying technology risks (hardware, software, & people);
• Performing extensive testing of the work done by third parties in high risk areas;
• Evaluating identified control deficiencies;

Which of the following is an element of ERM?

Which group maintains the professional code of ethics to which CPAS must adhere?

Which of the following is correct regarding the concept of materiality of financial information?

What is the main fiduciary duty of the board of directors quizlet?