AAS4/ SA 240

1

• AAS4/ SA 240
• Auditors Responsibility as regards Fraud Error

2
Bookkeeping scandals
June 20, 2002
March 28, 2002
September, 2003
October 16, 2001
Issue Financial Reporting Fraud Impact 9
billion in unreported expenses
Issue Financial Reporting Fraud and
embezzlement Impact 2.5 billion of hidden
debt
Issue Financial Reporting Fraud and
inappropriate consolidation Impact millions
in overstated earnings
Issue Off-Balance Sheet Accounting and
Financial Reporting Fraud Impact 3 billion in
undisclosed losses
3
What is Fraud?

• Fraud is an intentional act by one or more
  individuals among management, those charged with
  governance, employees, or third parties,
  involving the use of deception to obtain an
  unjust or illegal advantage.
• Although fraud is a broad legal concept, the
  auditor is concerned with fraud that causes a
  material misstatement in the financial
  statements.
• Two types of misstatements relevant to the
  auditors consideration of fraud
• Misstatements resulting from fraudulent financial
  reporting
• Misstatements resulting from misappropriation of
  assets.

4
Introduction to Fraud

• Fraudulent Financial Reporting
• Misrepresentation in, or intentional omission
  from, the financial statements of events,
  transactions, or other significant information
• Manipulation, falsification or alteration of
  records or documents from which financial
  statements are prepared
• Intentional misapplication of accounting
  principles relating to amounts, classification,
  manner of presentation, or disclosures.
• Misappropriation
• Misappropriation of assets often accompanied by
  false or misleading records in order to conceal
  that the assets are missing
• Examples include
• Embezzling receipts
• Stealing physical assets or intellectual property
• Recording of transactions without substance

5
Introduction to Fraud

• There are three conditions generally present when
  fraud occurs.

Attitudes/Rationalizations
Fraud Triangle
Opportunities
Incentive/Pressures
6
Error

• Unintentional mistakes in financial information
  such as
• mathematical or clerical mistakes in the
  underlying records and accounting data
• Incorrect accounting estimate arising from
  oversight or misinterpretation of facts or
• misapplication of accounting policies.

7
Distinguishing Factor

• The distinguishing factor between fraud and
  error is whether the underlying action that
  results in the misstatement in the financial
  statements is intentional or unintentional.
  Unlike error, fraud is intentional and usually
  involves deliberate concealment of the facts.
  While the auditor may be able to identify
  potential opportunities for fraud to be
  perpetrated, it is difficult, if not impossible,
  for the auditor to determine intent, particularly
  in matters involving management judgment, such as
  accounting estimates and the appropriate
  application of accounting principles.

8
Responsibility for Prevention Detection

• Management Responsibility
• Although AAS4 focuses on the auditor's
  responsibilities with respect to fraud and error,
  the primary responsibility for the prevention and
  detection of fraud and error rests with both
  those charged with governance and the management
  of an entity. The respective responsibilities may
  vary from entity to entity.
• The management is responsible for establishing a
  control environment and maintain policies and
  procedures by implementing and ensuring continued
  operation of accounting and internal control
  systems, which are designed to prevent fraud and
  error.
• Such systems reduce but do not eliminate the risk
  of misstatements, Accordingly, management assumes
  responsibility for any remaining risk.

9
Responsibility for Prevention Detection

• Auditors Responsibility
• As regards the auditors, the standard states
  that when planning and performing audit
  procedures and evaluating and reporting the
  results thereof, the auditor should consider the
  risk of material misstatements in the financial
  statements resulting from fraud or error.
• Inherent Limitations of an audit
• An auditor cannot obtain absolute assurance that
  material misstatements in the financial
  statements will be detected. The auditor is able
  to obtain only a reasonable assurance that
  material misstatements in the financial
  statements will be detected.
• The risk of not detecting a material
  misstatement resulting from fraud is higher than
  the risk of not detecting a material misstatement
  resulting from error.

10
Auditors Tackling Fraud Error

• Increased Professional Skepticism in their
  attitude- matters that increase risk of
  misstatement, circumstances that arouse
  suspicion, evidences obtained that are
  contradictory to management assertions or
  representations.
• Professional Skepticism is an attitude implying
  that the auditor makes a critical assessment,
  with a questioning mind, of the validity of audit
  evidence obtained and is alert to audit evidence
  that contradicts or brings into question the
  reliability of documents or management
  representations.

11
Auditors Tackling Fraud Error

• While planning an audit, the auditor should
  discuss with the audit team members the
  susceptibility of the entity to material
  misstatements in the financial statements.
• While planning an audit, the auditor should make
  inquiries of management, so as to be able to
  understand managements assessment of risk and the
  systems in place to address the risk, to
  determine whether management is aware of any
  known or suspected fraud, and to determine
  whether management has discovered any material
  errors. This will provide useful information
  regarding risk of material misstatements
  resulting from management fraud
• Discussions with those charged with governance
• Continual assessment of Fraud assessment
• Documentation

12
Risk

• Inherent Risk
• Control risk
• Detection risk
• When assessing inherent risk and control risk in
  accordance with AAS 6 (Revised), Risk
  Assessments and Internal Control, the auditor
  should consider how the financial statements
  might be materially misstated as a result of
  fraud or error. In considering the risk of
  material misstatement resulting from fraud, the
  auditor should consider whether fraud risk
  factors are present that indicate the possibility
  of either fraudulent financial reporting or
  misappropriation of assets.

13
Fraud Risk Factors

• Auditor may identify events or conditions that
  provide an opportunity, a motive, or a means to
  commit fraud, or indicate that fraud may have
  already occurred.
• Such events or conditions are called fraud risk
  factors.
• Accordingly, the auditor exercises professional
  judgment when considering fraud risk factors
  individually or in combination and whether there
  are specific controls that mitigate the risk. The
  auditor uses professional judgment when assessing
  the significance and relevance of fraud risk
  factors and determining the appropriate audit
  response.
• The presence of fraud risk factors may indicate
  that the auditor will be unable to assess control
  risk at less than high for certain financial
  statement assertions. On the other hand, the
  auditor may be able to identify internal controls
  designed to mitigate those fraud risk factors
  that the auditor can test to support a control
  risk assessment below high.

14
Fraud Risk Factors

• Some examples of Fraud Risk Factors Relating to
  Misstatements resulting from Fraudulent Financial
  Reporting can be grouped into
• Managements Characteristics and Influence over
  control environment compensation, stock
  options, increasing stock price or earnings
  trend, management commitments to third parties
  like creditors or analysts, taxation issues, no
  ethics policies, domination, non monitoring of
  controls, failure to correct material weaknesses,
  aggressive targets, disregard for regulatory
  matters, high turnover of management personnel,
  relationship with previous auditor, history of
  claims against the entity or violations, weak
  corporate structure
• Industry Conditions new accounting, statutory
  or regulatory requirements, high degree of
  competition or market saturation, decline in
  demand, technological obsolescence
• Operating Characteristics and Financial Stability
  cash flows generation, pressure to obtain
  additional capital, assets or liabilities or
  revenues or expenses based on significant
  estimates, significant related party
  transactions, significant number of unduly
  complex transactions, complex organizational
  structure, interest rates, dependency on debt

15
Fraud Risk Factors

• Examples of Fraud Risk Factors Relating to
  Misstatements resulting from Misappropriation of
  assets can be grouped into
• Susceptibility of assets to misappropriation
  large amounts of cash on hand, easily convertible
  assets like bearer bonds, small inventory or
  fixed assets items of high value
• Lack of Controls poor physical safeguards, lack
  of appropriate segregation of duties, inadequate
  record keeping, lack of inadequate management
  supervision, lack of appropriate system of
  authorization and approval of transactions

16
Detection Risk

• Based on the auditor's assessment of inherent
  and control risks (including the results of any
  tests of controls), the auditor should design
  substantive procedures to reduce to an acceptably
  low level the risk that misstatements resulting
  from fraud and error that are material to the
  financial statements taken as a whole will not be
  detected. In designing the substantive
  procedures, the auditor should address the fraud
  risk factors that the auditor has identified as
  being present.

17
Impact

• AAS 6 (Revised) Risk Assessments and Internal
  Control, explains that the auditor's control
  risk assessment, together with the inherent risk
  assessment, influences the nature, timing and
  extent of substantive procedures to be performed
  to reduce detection risk to an acceptably low
  level.
• In some cases, even though fraud risk factors
  have been identified as being present, the
  auditor's judgment may be that the audit
  procedures, including both tests of control, and
  substantive procedures, already planned, are
  sufficient to respond to the fraud risk factors.
• In other circumstances, the auditor may conclude
  that there is a need to modify the nature, timing
  and extent of substantive procedures to address
  fraud risk factors present.
• In these circumstances, the auditor considers
  whether the assessment of the risk of material
  misstatement calls for an overall response, a
  response that is specific to a particular account
  balance, class of transactions or assertion, or
  both types of response. The auditor considers
  whether changing the nature of audit procedures,
  rather than the extent of them, may be more
  effective in responding to identified fraud risk
  factors.

18
Procedures when circumstances indicate possible
misstatement

• To perform procedures to determine whether the
  financial statements are materially misstated
• Use of professional judgment to assess the type
  of fraud or error and likelihood of its
  occurrence
• Use of professional judgment to assess the
  likelihood that a particular fraud or error could
  have a material effect on the financial
  statements
• Consider impact on audit risk and the nature,
  timing and extent of substantive procedures
• Consider the assessment of effectiveness of
  internal controls if control risk was assessed
  below high
• Assignment of team members and work allocation/
  reallocation

19
Procedures to consider whether an identified
misstatement indicates fraud

• The auditor should assess whether an identified
  misstatements may be indicative of fraud- use
  professional judgment
• If there is an indication then the auditor should
  consider the implications of misstatement in
  relation to the other aspects of the audit with
  particular emphasis on management
  representations.

20
Evaluation and Disposition of Misstatements and
Effect on Audit Report

• When the auditor confirms that, or is unable to
  conclude whether, the financial statements are
  materially misstated as a result of fraud or
  error, the auditor should consider the
  implications for the audit.
• If a significant fraud has occurred or the fraud
  is committed by those charged with governance the
  auditor should consider the necessity for a
  disclosure in the financial statements. If
  disclosure is not made then the auditor should
  consider an appropriate disclosure in his report

21
Documentation

• Auditors should document all fraud risk factors
  identified as being present and document the
  auditors response to such factors. If during the
  performance of the audit, if such factors
  indicate that additional audit procedures are
  necessary, the auditor should document these and
  his response to these factors.
• Auditor must document matters which are important
  in providing evidence to support the audit
  opinion and the working papers must include the
  auditors reasoning on all matters which required
  use of professional judgment.

22
Management Representations

• The auditor should obtain written representations
  that
• it acknowledges its responsibility for the
  implementation and operation of accounting and
  internal control systems that are designed to
  prevent and detect fraud and error
• it believes the effects of those uncorrected
  financial statement misstatements aggregated by
  the auditor during the audit are immaterial, both
  individually and in the aggregate, to the
  financial statements taken as a whole. A summary
  of such items should be included in or attached
  to the written representation
• it has disclosed to the auditor all significant
  facts relating to any frauds or suspected frauds
  known to management that may have affected the
  entity and
• it has disclosed to the auditor the results of
  its assessment of the risk that the financial
  statements may be materially misstated as a
  result of fraud.

23
Communication

• When the auditor identifies a misstatement
  resulting from fraud, or a suspected fraud, or
  error, the auditor should consider the auditor's
  responsibility to communicate that information to
  management, those charged with governance and, in
  some circumstances, when so required by the laws
  and regulations, to regulatory and enforcement
  authorities also.
• Communication on a timely basis is necessary to
  initiate action.
• Determination of the level of management to
  which the communication should be made is a
  matter of professional judgment, and factors like
  nature, magnitude and frequency of misstatement
  should be considered.

24
Communication Error

• If the auditor has
• identified a material misstatement from error,
  then the auditor should communicate to the
  appropriate level of management and consider the
  need to report to those charged with governance.
• Uncorrected misstatements considered immaterial
  individually or in the aggregate should be
  informed to those charged with governance of
  those uncorrected misstatements after taking into
  consideration materiality limits.

25
Communication Fraud

• If the auditor has
• identified a fraud, whether or not it results in
  a material misstatement in the financial
  statements or
• obtained evidence that indicates that fraud may
  exist (even if the potential effect on the
  financial statements would not be material)
• the auditor should communicate these matters to
  the appropriate level of management on a timely
  basis, and consider the need to report such
  matters to those charged with governance.

26
Communication- Fraud

• If the auditor has concluded that the
  misstatements is or may be, arising from fraud
  and has determined that the effect could either
  be material or has not been able to evaluate
  whether the effect is material then he should
  consider
• discuss the matter and the approach for further
  investigation if required with a level in the
  management higher than those involved and with
  the management at the highest level
• If appropriate, suggest the management to seek
  legal opinion

27
Communication- Material Weaknesses in Internal
Control

• Material Weaknesses identified by
• Auditor the auditor should communicate to
  management all material weaknesses in internal
  control related to the prevention and detection
  of fraud and error and the auditor should be
  satisfied that those charged by governance have
  been informed of any weaknesses related to the
  prevention and detection of fraud (Note not
  error)
• Management the auditor should be satisfied that
  those charged by governance have been informed of
  any weaknesses related to the prevention and
  detection of fraud

28
Communication- Exceptional Circumstances

• If the auditor has reason to doubt the integrity
  or honesty of management or those charged with
  governance, the auditor should consider seeking
  legal advice.
• If the statutory regulatory framework requires
  that the auditor should report adverse or
  unfavorable remarks, the auditor may consider
  seeking legal advice. eg. NBFC

29
Communication

• Examples
• Questions regarding management competence and
  integrity
• Fraud involving management communicate with
  Parent company, BOD, Audit Committee
• Other frauds resulting in material misstatement
  CFO, Audit committee
• Material Misstatements resulting from an error-
  CFO or audit coordinator. Further consider the
  need to inform those charged with governance.
  Uncorrected misstatements considered immaterial
  individually or in the aggregate should be
  informed after taking into consideration
  materiality limits.
• Misstatements indicating material weaknesses in
  internal controls including design or operation
  of the financial reporting Management letter,
  CFO, Audit committee or parent company
• Misstatements that may cause future financial
  statements to be materially misstated Audit
  committee, CFO

30
Non Continuance

• If the auditor concludes that it is not
  possible to continue performing the audit as a
  result of a misstatement resulting from fraud or
  suspected fraud, the auditor should
• consider the professional or legal
  responsibilities applicable in the circumstances
• consider the possibility of withdrawing from the
  engagement
• If the auditor withdraws
• Discuss the same with appropriate level of
  management and those charged with governance, and
  the reasons for the withdrawal
• Consider if there is a professional or legal
  requirement to report
• When contacted, inform the incoming auditor of
  the professional reasons why the appointment
  should not be accepted. Only facts should be
  communicated to the incoming auditor and not the
  auditors conclusions.

31
Non Continuance

• Such an event may be triggered by such
  circumstances
• Entity does not take remedial action regarding
  fraud
• Auditors consideration of the risk of material
  misstatement resulting from fraud and the results
  of audit tests indicate a significant risk of
  material or pervasive fraud or
• Auditor has significant concern about the
  integrity or competence of the management or
  those charged with governance

32
Fraud Risk Assessment
Identify Capture Fraud Risk Factors

• Consider Available Information
• External - news, analyst reports, significant
  developments, litigation)
• Inquiries
• Preliminary analytical review
• Engagement team discussions

• Fraud Risks
• Industry-specific
• Revenue recognition
• Management override
• Company-specific fraud schemes

Evaluate Fraud Risk Factors Identify Fraud Risks

• Execute Plan
• Test mitigating controls
• Test journal entries and estimates
• Perform substantive procedures
• Evaluate evidence

Design Execute Tests of Controls Substantive
Procedures