Fraud Risk Assessment PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document explains fraud risk assessment and audit procedures, including the Fraud Triangle for financial statement analysis. It covers the management's intentions and incentives.
Full Transcript
Chapter 6: Fraud and Cash Fraud Risk MANAGEMENT INTENTED to mislead the marketplace by ISSUING FRADULENT financial statements, resulting in a higher risk of material misstatement Misappropriation of assets is the use of fraudulent means to take money or other property from A...
Chapter 6: Fraud and Cash Fraud Risk MANAGEMENT INTENTED to mislead the marketplace by ISSUING FRADULENT financial statements, resulting in a higher risk of material misstatement Misappropriation of assets is the use of fraudulent means to take money or other property from AN EMPLOYER. It consists of three phases: 1. The fraudulent act 2. The conversion of the money or property to the fraudster’s use 3. The cover-up Fraud Risk Assessment Presume that improper revenue recognition is a fraud risk Identify risks that could have led to management overriding controls o Examine journal entries and other adjustments o Review account estimates for biases o Evaluate business rationale for significant unusual transactions Audit Team Brainstorming Discussions Required Procedure o Incentives and pressures on management to commit fraud, opportunities for fraud, and culture/environment that could rationalize fraud (FRAUD TRIANGLE) o Risk of management override of controls o Indicators of earnings management o Importance of continuing professional skepticism o Potential responses to these threats Set proper tone for engagement Discussions should be ongoing throughout the engagement Fraud Triangle: 3 conditions that are likely to be present when a fraud occurs. 1. Incentive/Pressure (Motivation) ▪ Fraudulent Financial Reporting Profitability of company threatened Management under pressure to meet performance expectations Management compensation tied heavily to performance ▪ Misappropriation of Assets Financial obligations Adverse relationship with company 2. Opportunity ▪ Fraudulent Financial Reporting Organizational structure Ineffective monitoring of management Internal control weaknesses (or management override ability) ▪ Misappropriation of Assets Access to liquid assets (cash) Internal control weaknesses 3. Rationalization ▪ Fraudulent Financial Reporting Trying to improve company value Aggressive not fraudulent Lack of ethical standards ▪ Misappropriation of Assets “The company is big and will never miss it.” “I’m borrowing the money and will pay it back” “I am underpaid, so this is due compensation” “I need to maintain a lifestyle and image.” Audit of Cash Cash Cash is highly liquid, easily transportable, and not easily identifiable, and therefore is a primary target for employee thieves Some strong internal control activities: o Dual custody of cash at all time o Lockbox arrangement o Fidelity bonds Primary Audit Evidence Used to Test Cash o Bank reconciliations o Bank statements (year-end and cutoff) o Bank confirmations Relevant Assertions o Existence ▪ What can go wrong? The cash balance may not exist in the company’s bank accounts ▪ Internal Control Activity? The CFO performs a detailed review of the bank reconciliation on a monthly basis ▪ Test of Internal Controls? For a sample of bank reconciliations, reperform the reconciliation. Trace several reconciling items to the appropriate supporting documentation. ▪ Substantive Tests of Detail? Test the bank reconciliation details for each significant cash account being held. Confirm the bank balance with each financial institution o Valuation ▪ What can go wrong? The cash balance that is held in foreign countries may not have been translated properly ▪ Internal Control Activity? The treasure reviews the cash translation adjustment calculation monthly and independently checks that the appropriate spot rate has been used for each foreign currency ▪ Test of Internal Controls? Inspect the monthly cash translation adjustment calculation for evidence of the treasurer’s review ▪ Substantive Tests of Detail? For a sample of monthly cash translation adjustment calculations, trace each foreign currency spot rate to a third party pricing service o Presentation and Disclosure ▪ What can go wrong? There may be restrictions on the cash balance that were not properly disclosed ▪ Internal Control Activity? The corporate secretary reviews the cash footnote disclosure on a quarterly basis to ensure that all legal restrictions on the cash balance have been properly disclosed. ▪ Test of Internal Controls? For a sample of cash accounts, reperform the work completed by the corporate secretary to ensure that all cash restrictions have been properly disclosed ▪ Substantive Tests of Detail? For a sample of cash accounts, examine the legal agreements with each financial institution. Based on the examination, determine whether the audit client has properly disclosed any legal restrictions in their footnotes Audit of Cash Procedures 1. Obtain a bank reconciliation for each cash account and audit them in the following manner: a. Balance per bank i. CONFIRM (STANDARD BANK CONFIRMATION) directly with bank ii. Agree amount to CUTOFF BANK STATEMENT b. Add deposits-in-transit i. TRACE to cash receipts journal ii. VOUCH to CUTOFF BANK STATEMENT c. Subtract Outstanding Checks i. VOUCH to cash disbursements journal ii. TRACE checks cleared from cutoff bank statement d. Add/Subtract other Debit/Credit Memos i. Inspect bank credit/debit memo and audit for reasonableness. Examine relevant supporting documentation. e. Balance per books i. FOOT the entire reconciliation for mathematical accuracy ii. TRACE the amount to the trial balance 2. Extended Procedure to Detect Fraud: Proof of Cash a. A proof of cash would be used in situations where controls over cash are weak b. It essentially combines two bank reconciliations, reconciling all transactions that occurred during the period to the client’s Cash Receipts Journal and Cash Disbursements Journal 3. Schedule of Interbank Transfers: Check Kiting a. The deliberate floating of funds between two or more bank accounts to make it appear that more cash is present and available than is really the case b. Advances in technology and bank scrutiny has decreased this possibility in recent years c. A schedule of Interbank Transfers is generally used by auditors to detect check kiting 4. Other Extended Procedures for Detecting Fraud involving Cash a. Count and recount petty cash on the same day b. Examine endorsements on canceled checks c. Retrieve customer’s checks d. Use marked coins and currency e. Analyze the mix of cash and checks in deposits f. Measure deposit lag time g. Document examination h. Inquiry i. Covert surveillance j. Horizontal and vertical analyses k. Net worth analysis l. Expenditure analysis m. Reasonableness tests Confirmation of Bank Balances Standard Bank Confirmation Inquiry o Must be mailed under auditor’s own control o Used to confirm deposit balances and loan balances o Also can be used to request information about contingent liabilities and secured transactions Electronic Confirmation Requests o Many banks now only complete confirmation requests electronically o Can improve the control of both delivery and receipt of the confirmation request o Allowed by professional auditing standards Chapter 7: Revenue and A/R Revenue Recognition Must be (1) realized or realizable (2) earned SEC Guidance o Persuasive evidence of an arrangement exists; o Delivery has occurred or services have been rendered; o The seller's price to the buyer is fixed or determinable; and o Collectability is reasonably ensured. Revenue from Contracts with Customers → FASB 5-Step process for Revenue Recognition 1. Identify the contract(s) with a customer 2. Identify the performance obligations in the contract 3. Determine the transaction price 4. Allocate the transaction price to the performance obligations in the contract 5. Recognize revenue when (or as) the entity satisfies a performance obligation Basic activities in the revenue / collection cycle for a typical manufacturing company include: 1. receiving and processing customer orders; 2. delivering goods and services to customers; 3. billing customers and accounting for accounts receivable; and 4. collecting and depositing cash received from customers. Audit Evidence in Management Reports and Data Files Pending order and back order master file Customer master file Price list master file Sales detail (journal) file Sales analysis report Accounts receivable listing and aging Cash receipts listing Customer Statements Using the Audit Risk Model 1. Set audit risk at desired levels (normally, low). 2. Assess risk of material misstatement, which incorporates inherent risk based on the nature of the account balance or class of significant transactions and control risk based on gaining an understanding of internal control. Note that AS 2110 indicates that the auditor should [presume that there is a fraud risk involving improper revenue recognition. 3. Set detection risk at the significant account and assertion level based on the level of audit risk and risk of material misstatement. Inherent Risks Improper Revenue Recognition o Cut-off o Bill and Hold o Channel Stuffing Returns and Allowances Collectability of Receivables Revenue and Collection Cycle: Key Control Procedures Separation of Duties o Separate functions for recording, authorization, custody Authorization of Transactions o Write-offs o EDI transactions o Credit checks prior to approval of sale o Pricing Access to Assets o Shipping department o Lock box account Adequate Documents and Records o Pre-numbered sales orders, shipping documents (bills of lading), sales invoices o Remittance advice Independent Checks on Performance o A/R subsidiary ledger to general ledger o Monthly statement to customer Auditing Accounts Receivable Test Accounts Receivable Aged Trial Balance Confirm balances Perform analytical procedures Test sales cut-off Analytical Procedures Sales Revenue o Comparisons with previous periods o Comparisons with industry Allowance for Doubtful Accts, Bad Debt Expense o Bad Debt Expense as a percentage of Sales o Allowance for Doubtful Accounts as a percentage of Gross Receivables Accounts Receivable o Days Sales in Accounts Receivable o Accounts Receivable Turnover Using Confirmations Primarily for verifying existence Factors likely to affect the reliability of confirmations o Previous audit experience o Intended recipient of the confirmation o Type of information being confirmed Auditor may confirm entire balances or individual transactions o Type of confirmation being sent Types of Confirmations Positive Confirmations o Small number of accounts are involved o Large number of errors are anticipated Negative Confirmations o The combined assessed level of inherent and control risk is low o A large number of small balances is involved o The auditor has no reason to believe that the recipients of the requests are unlikely to give them consideration. Blank Confirmations o Should be used if the recipient is likely to return a positive confirmation without verifying the accuracy of the information. Matters Related to Confirmations There are three sets of circumstances that could justify the omission of the confirmation of a client's accounts receivable: o Not material to the financial statements o If the risk of material misstatement is low ▪ The assessed level of evidence from analytical procedures and other tests of details is sufficient to reduce audit risk to an acceptably low level ▪ Confirmation of accounts receivable may be inefficient o Confirmation of accounts receivable is expected to be ineffective (based on previous years' audit experience) Other Matters Related to Confirmations All confirmations returned by the post office as non-deliverable must be investigated Responses to positive and blank confirmations provide more reliable evidence than negative non-responses Recipients of accounts receivable confirmations might not report understatements Auditors must have heightened professional skepticism for electronic responses (fax or e-mail) o Verify that the response came from an appropriate person at the employer Non-response to Positive/blank confirmation requests o Follow up with second and sometimes third requests. o A lower than expected response rate could be indicative of fictitious customer accounts o Alternative procedures Non-response to negative confirmation requests o Only limited evidence concerning financial statement assertions o Alternative procedures are not necessary for unreturned negative confirmation requests Follow-up on all exceptions Sales Cut-off Procedures Used to verify whether Sales/Revenues recorded in the correct accounting period o Holding the books open Examine sales invoices and shipping documents shortly prior to and after year-end Examine returns after year-end Alternative Procedures Vouch subsequent cash collections o usually sufficient evidence of existence, valuation Examine shipping documents o Especially BOL (third-party evidence) Examine client-generated supporting documentation, such as invoices o Depends on internal controls Inspect correspondence files Uncollectible Accounts Inspect customer files for collectability Recalculate allowance and bad debt expense Verify reasonableness of allowance and bad debt expense Inspect documentation for appropriateness of accounts written off o Inspect documentation for additional collection procedures o Inspect documentation for appropriate authorization Chapter 8: Expenditures and Accounts Payable Basic Activities in Acquisition and Expenditure Cycle 1. Purchase goods and services o Department requesting purchase of item(s) prepares purchase requisition o Bidding may be required on high dollar purchases o Purchasing prepares a purchase order approved by the appropriate person (usually dependent on dollar amount of purchase order) o May be done electronically by EDI 2. Receiving the goods or services o After vendor approval, goods are received by company and evidenced by preparing a receiving report 3. Recording the asset or expense and related liability o Vendor bills company for goods using a vendor’s invoice 4. Paying the invoice through the cash disbursement process Control Procedures Information processing controls o Compare PO number on BOL with company PO o Compare quantities against receiving report and purchase order o Compare prices against quoted price or catalog listing o Recompute vendor's invoices o Determine when to pay invoice o Properly prepare voucher Separation of duties o Authorization of the purchase is done by the purchasing department. o Custody of the inventory item(s) is held by the receiving department and, ultimately, the requesting department. o Transactions are recorded by general accounting (control account) and accounts payable department (subsidiary accounts). o Reconcile liabilities to customer statements and general ledger account. o Bids are received by someone independent of the purchasing decision. Physical controls o Prepare a receiving report upon initial receipt of inventory o Count and verify inventory quantities upon delivery to the inventory warehouse o Restrict access to inventories by keeping them in a secured location Performance reviews o Compare purchases data to data from previous years or expected purchases data o Review bids to ensure that documentation exists regarding the selection of the vendor Substantive Procedures in the Acquisition and Expenditure Cycle Completeness Assertion‒search for unrecorded liabilities: o Inquire about procedures for identifying and recording liabilities o Review cash disbursements occurring after year-end o Examine unmatched vendor statements or invoices o Examine unmatched receiving reports occurring near year-end o Scan open purchase order file o Trace unpaid vouchers in accounts payable ledger to receiving reports o Confirm account payables with normal suppliers (even those with zero balances) Purchase Cutoffs Verify cut-offs for purchases o Examine receiving reports and vendor sales invoices occurring around year-end to ensure inventory received is included in the appropriate period. Other Accounts in Cycle Prepaid Expenses o Agree balances to prior year workpapers o Verify payments o Examine underlying agreements o Recalculate amounts ▪ Agree expense accounts to trial balance o Search for unrecorded accruals ▪ Review cash disbursements at year-end ▪ Look for expected accruals at other stages of the audit (bonds, notes, employees paid on 15th, etc.) o Analytical Procedures Accrued Liabilities o Major differences between accrued liabilities and accounts payable ▪ Examples include interest, property taxes, wages, and income taxes payable ▪ These payables are not normally invoiced or evidenced by the receipt of goods o These differences may make it more difficult to detect unrecorded accruals o Agree balances to prior year workpapers o Verify payments o Examine underlying agreements o Recalculate amounts ▪ Agree expense accounts to trial balance o Search for unrecorded accruals ▪ Review cash disbursements at year-end ▪ Look for expected accruals at other stages of the audit (bonds, notes, employees paid on 15th, etc.) o Analytical Procedures Expenses o Extremely complex area ▪ Client may operate in multiple tax jurisdictions o Usually requires tax specialist o Vouch payments o Examine correspondence with government agencies o Follow standard for auditing estimates Inventory Property, Plant, and Equipment o Small number of transactions ▪ Relatively high dollar transactions o Authorization of Transactions (Board of Directors or approved capital budget) takes on added importance o Less concern for access to assets o More concerned with unrecorded disposals o Agree balances to prior year documentation o Purchases of Property, Plant, and Equipment ▪ Vouch to invoice or cost records ▪ Inspect title ▪ Vouch to board minutes o Expenditures subsequent to acquisition ▪ Vouch to invoice and work descriptions ▪ Consider propriety of classification (expense or capitalize) o Disposal of Property, Plant, and Equipment ▪ Vouch from Property, Plant, and Equipment board minutes ▪ Vouch to cash receipts journal and validated deposit slip ▪ Recalculate gain/loss ▪ Trace from board minutes to Property, Plant, and Equipment for disposals (completeness) o Look for unrecorded disposals ▪ Agree balances to prior year workpapers ▪ Examine insurance policies, property tax records, etc. ▪ Physically inspect or confirm fixed assets ▪ Both existing and newly-acquired items ▪ Confirm assets leased to others under capital leases o Depreciation Expense ▪ Recalculate using useful life, salvage value, cost, and method ▪ Evaluate reasonableness of useful life, salvage value, etc. ▪ Is depreciation consistent with company policy (half year conventions)? o Lease Agreements ▪ Verify proper treatment (capitalized or operating) ▪ Ensure disclosure in footnotes is appropriate Audit Costing and Expense Accounts Analytical procedures (e.g. sales commissions) Agree to related balance sheet account (e.g. depreciation) Substantive tests of transactions (e.g. purchases) Vouch detail (e.g. legal expense) Fraud in Accounts Payable If the review for fraud risk indicates that a potential significant risk of fraud exists in the acquisition and expenditure cycle, auditors can use several types of searches and matches using CAATs. o Inspect invoices in files for photocopies o Inspect vendor’s invoices submitted in numerical order o Inspect vendor’s invoices that are always in round numbers o Scan vendor’s invoices for invoices that are always slightly lower than a review threshold o Scan vendor invoices for vendors with only post office box addresses o Scan vendor invoices for invoices with no listed telephone number o Match vendor and employee address and telephone numbers o Scan multiple vendors at the same address and telephone number o Vouch a sample of vendor invoices to the approved vendor list o Review invoices for addresses of the local mail drops Inherent Risks in the Payroll Cycle Ghost employees Overpaying (padding) for time or production Incorrect accounting (classification) Failure to pay third-parties (e.g. payroll taxes, insurance) Payroll Activities Personnel authorization forms are used to authorize all payroll-related transactions. Employees should record their hours worked using time sheets. Supervisory personnel review time sheets and verify the distribution of hours worked on various jobs. Payroll department processes payroll and prepares a payroll register and payroll checks. Cash disbursements/Treasurer should review the payroll register and compare it to the payroll checks. Payroll checks should be signed by an authorized party and distributed directly to employees. Payroll Control Activities Physical Controls o Payroll Checks and signature plates kept in a secure location o Payroll Checks distributed by a person not involved in processing or recording payroll o Payroll checks distributed to individuals with proper identification o Unclaimed Payroll Checks stored in a secure location Segregation of Duties o The personnel department and the hiring/employing department authorize payroll transactions and payroll-related changes o Payroll is recorded by the payroll department and general accounting o The cash disbursements department/Treasurer has custody of the payroll checks Performance Reviews o Payroll transaction data compared to prior-year data or budgeted/expected data o Review of payroll register for reasonableness o Reconcile the payroll bank account Payroll Cycle: Management Reports and Files Personnel files Payroll register Labor cost analysis Clearing accounts Government and tax reports Year-to-date earnings records W-2 reports