Fraud Risk Assessment PDF

Summary

This document explains fraud risk assessment and audit procedures, including the Fraud Triangle for financial statement analysis. It covers the management's intentions and incentives.

Full Transcript

Chapter 6: Fraud and Cash

Fraud Risk
MANAGEMENT INTENTED to mislead the marketplace by ISSUING FRADULENT financial
statements, resulting in a higher risk of material misstatement
Misappropriation of assets is the use of fraudulent means to take money or other
property from AN EMPLOYER. It consists of three phases:
1. The fraudulent act
2. The conversion of the money or property to the fraudster’s use
3. The cover-up

Fraud Risk Assessment
Presume that improper revenue recognition is a fraud risk
Identify risks that could have led to management overriding controls
o Examine journal entries and other adjustments
o Review account estimates for biases
o Evaluate business rationale for significant unusual transactions

Audit Team Brainstorming Discussions
Required Procedure
o Incentives and pressures on management to commit fraud, opportunities for
fraud, and culture/environment that could rationalize fraud (FRAUD TRIANGLE)
o Risk of management override of controls
o Indicators of earnings management
o Importance of continuing professional skepticism
o Potential responses to these threats
Set proper tone for engagement
Discussions should be ongoing throughout the engagement

Fraud Triangle: 3 conditions that are likely to be present when a fraud occurs.
1. Incentive/Pressure (Motivation)
▪ Fraudulent Financial Reporting
Profitability of company threatened
Management under pressure to meet performance expectations
Management compensation tied heavily to performance
▪ Misappropriation of Assets
Financial obligations
Adverse relationship with company
2. Opportunity
▪ Fraudulent Financial Reporting
Organizational structure
Ineffective monitoring of management
Internal control weaknesses (or management override ability)
 ▪ Misappropriation of Assets
Access to liquid assets (cash)
Internal control weaknesses
3. Rationalization
▪ Fraudulent Financial Reporting
Trying to improve company value
Aggressive not fraudulent
Lack of ethical standards
▪ Misappropriation of Assets
“The company is big and will never miss it.”
“I’m borrowing the money and will pay it back”
“I am underpaid, so this is due compensation”
“I need to maintain a lifestyle and image.”

Audit of Cash

Cash
Cash is highly liquid, easily transportable, and not easily identifiable, and therefore is a
primary target for employee thieves
Some strong internal control activities:
o Dual custody of cash at all time
o Lockbox arrangement
o Fidelity bonds
Primary Audit Evidence Used to Test Cash
o Bank reconciliations
o Bank statements (year-end and cutoff)
o Bank confirmations
Relevant Assertions
o Existence
▪ What can go wrong? The cash balance may not exist in the company’s
bank accounts
▪ Internal Control Activity? The CFO performs a detailed review of the bank
reconciliation on a monthly basis
▪ Test of Internal Controls? For a sample of bank reconciliations, reperform
the reconciliation. Trace several reconciling items to the appropriate
supporting documentation.
▪ Substantive Tests of Detail? Test the bank reconciliation details for each
significant cash account being held. Confirm the bank balance with each
financial institution
o Valuation
 ▪ What can go wrong? The cash balance that is held in foreign countries
may not have been translated properly
▪ Internal Control Activity? The treasure reviews the cash translation
adjustment calculation monthly and independently checks that the
appropriate spot rate has been used for each foreign currency
▪ Test of Internal Controls? Inspect the monthly cash translation adjustment
calculation for evidence of the treasurer’s review
▪ Substantive Tests of Detail? For a sample of monthly cash translation
adjustment calculations, trace each foreign currency spot rate to a third
party pricing service
o Presentation and Disclosure
▪ What can go wrong? There may be restrictions on the cash balance that
were not properly disclosed
▪ Internal Control Activity? The corporate secretary reviews the cash
footnote disclosure on a quarterly basis to ensure that all legal
restrictions on the cash balance have been properly disclosed.
▪ Test of Internal Controls? For a sample of cash accounts, reperform the
work completed by the corporate secretary to ensure that all cash
restrictions have been properly disclosed
▪ Substantive Tests of Detail? For a sample of cash accounts, examine the
legal agreements with each financial institution. Based on the
examination, determine whether the audit client has properly disclosed
any legal restrictions in their footnotes

Audit of Cash Procedures
1. Obtain a bank reconciliation for each cash account and audit them in the following
manner:
a. Balance per bank
i. CONFIRM (STANDARD BANK CONFIRMATION) directly with bank
ii. Agree amount to CUTOFF BANK STATEMENT
b. Add deposits-in-transit
i. TRACE to cash receipts journal
ii. VOUCH to CUTOFF BANK STATEMENT
c. Subtract Outstanding Checks
i. VOUCH to cash disbursements journal
ii. TRACE checks cleared from cutoff bank statement
d. Add/Subtract other Debit/Credit Memos
i. Inspect bank credit/debit memo and audit for reasonableness. Examine
relevant supporting documentation.
e. Balance per books
i. FOOT the entire reconciliation for mathematical accuracy
ii. TRACE the amount to the trial balance
2. Extended Procedure to Detect Fraud: Proof of Cash
a. A proof of cash would be used in situations where controls over cash are weak
 b. It essentially combines two bank reconciliations, reconciling all transactions that
occurred during the period to the client’s Cash Receipts Journal and Cash
Disbursements Journal
3. Schedule of Interbank Transfers: Check Kiting
a. The deliberate floating of funds between two or more bank accounts to make it
appear that more cash is present and available than is really the case
b. Advances in technology and bank scrutiny has decreased this possibility in recent
years
c. A schedule of Interbank Transfers is generally used by auditors to detect check
kiting
4. Other Extended Procedures for Detecting Fraud involving Cash
a. Count and recount petty cash on the same day
b. Examine endorsements on canceled checks
c. Retrieve customer’s checks
d. Use marked coins and currency
e. Analyze the mix of cash and checks in deposits
f. Measure deposit lag time
g. Document examination
h. Inquiry
i. Covert surveillance
j. Horizontal and vertical analyses
k. Net worth analysis
l. Expenditure analysis
m. Reasonableness tests

Confirmation of Bank Balances
Standard Bank Confirmation Inquiry
o Must be mailed under auditor’s own control
o Used to confirm deposit balances and loan balances
o Also can be used to request information about contingent liabilities and secured
transactions
Electronic Confirmation Requests
o Many banks now only complete confirmation requests electronically
o Can improve the control of both delivery and receipt of the confirmation request
o Allowed by professional auditing standards

Chapter 7: Revenue and A/R

Revenue Recognition
Must be (1) realized or realizable (2) earned
SEC Guidance
o Persuasive evidence of an arrangement exists;
o Delivery has occurred or services have been rendered;
 o The seller's price to the buyer is fixed or determinable; and
o Collectability is reasonably ensured.

Revenue from Contracts with Customers → FASB 5-Step process for Revenue Recognition
1. Identify the contract(s) with a customer
2. Identify the performance obligations in the contract
3. Determine the transaction price
4. Allocate the transaction price to the performance obligations in the contract
5. Recognize revenue when (or as) the entity satisfies a performance obligation

Basic activities in the revenue / collection cycle for a typical manufacturing company include:
1. receiving and processing customer orders;
2. delivering goods and services to customers;
3. billing customers and accounting for accounts receivable; and
4. collecting and depositing cash received from customers.

Audit Evidence in Management Reports and Data Files
Pending order and back order master file
Customer master file
Price list master file
Sales detail (journal) file
Sales analysis report
Accounts receivable listing and aging
Cash receipts listing
Customer Statements

Using the Audit Risk Model
1. Set audit risk at desired levels (normally, low).
2. Assess risk of material misstatement, which incorporates inherent risk based on the
nature of the account balance or class of significant transactions and control risk based
on gaining an understanding of internal control. Note that AS 2110 indicates that the
auditor should [presume that there is a fraud risk involving improper revenue
recognition.
3. Set detection risk at the significant account and assertion level based on the level of
audit risk and risk of material misstatement.

Inherent Risks
Improper Revenue Recognition
o Cut-off
o Bill and Hold
o Channel Stuffing
Returns and Allowances
 Collectability of Receivables

Revenue and Collection Cycle: Key Control Procedures
Separation of Duties
o Separate functions for recording, authorization, custody
Authorization of Transactions
o Write-offs
o EDI transactions
o Credit checks prior to approval of sale
o Pricing
Access to Assets
o Shipping department
o Lock box account
Adequate Documents and Records
o Pre-numbered sales orders, shipping documents (bills of lading), sales invoices
o Remittance advice
Independent Checks on Performance
o A/R subsidiary ledger to general ledger
o Monthly statement to customer
Auditing Accounts Receivable
Test Accounts Receivable Aged Trial Balance
Confirm balances
Perform analytical procedures
Test sales cut-off

Analytical Procedures
Sales Revenue
o Comparisons with previous periods
o Comparisons with industry
Allowance for Doubtful Accts, Bad Debt Expense
o Bad Debt Expense as a percentage of Sales
o Allowance for Doubtful Accounts as a percentage of Gross Receivables
Accounts Receivable
o Days Sales in Accounts Receivable
o Accounts Receivable Turnover

Using Confirmations
Primarily for verifying existence
Factors likely to affect the reliability of confirmations
o Previous audit experience
o Intended recipient of the confirmation
o Type of information being confirmed
 Auditor may confirm entire balances or individual transactions
o Type of confirmation being sent

Types of Confirmations
Positive Confirmations
o Small number of accounts are involved
o Large number of errors are anticipated
Negative Confirmations
o The combined assessed level of inherent and control risk is low
o A large number of small balances is involved
o The auditor has no reason to believe that the recipients of the requests are
unlikely to give them consideration.
Blank Confirmations
o Should be used if the recipient is likely to return a positive confirmation without
verifying the accuracy of the information.

Matters Related to Confirmations
There are three sets of circumstances that could justify the omission of the confirmation
of a client's accounts receivable:
o Not material to the financial statements
o If the risk of material misstatement is low
▪ The assessed level of evidence from analytical procedures and other tests
of details is sufficient to reduce audit risk to an acceptably low level
▪ Confirmation of accounts receivable may be inefficient
o Confirmation of accounts receivable is expected to be ineffective (based on
previous years' audit experience)

Other Matters Related to Confirmations
All confirmations returned by the post office as non-deliverable must be investigated
Responses to positive and blank confirmations provide more reliable evidence than
negative non-responses
Recipients of accounts receivable confirmations might not report understatements
Auditors must have heightened professional skepticism for electronic responses (fax or
e-mail)
o Verify that the response came from an appropriate person at the employer
Non-response to Positive/blank confirmation requests
o Follow up with second and sometimes third requests.
o A lower than expected response rate could be indicative of fictitious customer
accounts
o Alternative procedures
Non-response to negative confirmation requests
o Only limited evidence concerning financial statement assertions
 o Alternative procedures are not necessary for unreturned negative confirmation
requests
Follow-up on all exceptions

Sales Cut-off Procedures
Used to verify whether Sales/Revenues recorded in the correct accounting period
o Holding the books open
Examine sales invoices and shipping documents shortly prior to and after year-end
Examine returns after year-end

Alternative Procedures
Vouch subsequent cash collections
o usually sufficient evidence of existence, valuation
Examine shipping documents
o Especially BOL (third-party evidence)
Examine client-generated supporting documentation, such as invoices
o Depends on internal controls
Inspect correspondence files

Uncollectible Accounts
Inspect customer files for collectability
Recalculate allowance and bad debt expense
Verify reasonableness of allowance and bad debt expense
Inspect documentation for appropriateness of accounts written off
o Inspect documentation for additional collection procedures
o Inspect documentation for appropriate authorization

Chapter 8: Expenditures and Accounts Payable

Basic Activities in Acquisition and Expenditure Cycle
1. Purchase goods and services
o Department requesting purchase of item(s) prepares purchase requisition
o Bidding may be required on high dollar purchases
o Purchasing prepares a purchase order approved by the appropriate person
(usually dependent on dollar amount of purchase order)
o May be done electronically by EDI
2. Receiving the goods or services
o After vendor approval, goods are received by company and evidenced by
preparing a receiving report
3. Recording the asset or expense and related liability
o Vendor bills company for goods using a vendor’s invoice
4. Paying the invoice through the cash disbursement process
Control Procedures
Information processing controls
o Compare PO number on BOL with company PO
o Compare quantities against receiving report and purchase order
o Compare prices against quoted price or catalog listing
o Recompute vendor's invoices
o Determine when to pay invoice
o Properly prepare voucher
Separation of duties
o Authorization of the purchase is done by the purchasing department.
o Custody of the inventory item(s) is held by the receiving department and,
ultimately, the requesting department.
o Transactions are recorded by general accounting (control account) and accounts
payable department (subsidiary accounts).
o Reconcile liabilities to customer statements and general ledger account.
o Bids are received by someone independent of the purchasing decision.
Physical controls
o Prepare a receiving report upon initial receipt of inventory
o Count and verify inventory quantities upon delivery to the inventory warehouse
o Restrict access to inventories by keeping them in a secured location
Performance reviews
o Compare purchases data to data from previous years or expected purchases data
o Review bids to ensure that documentation exists regarding the selection of the
vendor
Substantive Procedures in the Acquisition and Expenditure Cycle
Completeness Assertion‒search for unrecorded liabilities:
o Inquire about procedures for identifying and recording liabilities
o Review cash disbursements occurring after year-end
o Examine unmatched vendor statements or invoices
o Examine unmatched receiving reports occurring near year-end
o Scan open purchase order file
o Trace unpaid vouchers in accounts payable ledger to receiving reports
o Confirm account payables with normal suppliers (even those with zero balances)

Purchase Cutoffs
Verify cut-offs for purchases
o Examine receiving reports and vendor sales invoices occurring around year-end
to ensure inventory received is included in the appropriate period.

Other Accounts in Cycle
Prepaid Expenses
o Agree balances to prior year workpapers
o Verify payments
o Examine underlying agreements
o Recalculate amounts
▪ Agree expense accounts to trial balance
o Search for unrecorded accruals
▪ Review cash disbursements at year-end
▪ Look for expected accruals at other stages of the audit (bonds, notes,
employees paid on 15th, etc.)
o Analytical Procedures
Accrued Liabilities
o Major differences between accrued liabilities and accounts payable
▪ Examples include interest, property taxes, wages, and income taxes
payable
▪ These payables are not normally invoiced or evidenced by the receipt of
goods
o These differences may make it more difficult to detect unrecorded accruals
o Agree balances to prior year workpapers
o Verify payments
o Examine underlying agreements
o Recalculate amounts
▪ Agree expense accounts to trial balance
o Search for unrecorded accruals
▪ Review cash disbursements at year-end
▪ Look for expected accruals at other stages of the audit (bonds, notes,
employees paid on 15th, etc.)
o Analytical Procedures
 Expenses
o Extremely complex area
▪ Client may operate in multiple tax jurisdictions
o Usually requires tax specialist
o Vouch payments
o Examine correspondence with government agencies
o Follow standard for auditing estimates
Inventory
Property, Plant, and Equipment
o Small number of transactions
▪ Relatively high dollar transactions
o Authorization of Transactions (Board of Directors or approved capital budget)
takes on added importance
o Less concern for access to assets
o More concerned with unrecorded disposals
o Agree balances to prior year documentation
o Purchases of Property, Plant, and Equipment
▪ Vouch to invoice or cost records
▪ Inspect title
▪ Vouch to board minutes
o Expenditures subsequent to acquisition
▪ Vouch to invoice and work descriptions
▪ Consider propriety of classification (expense or capitalize)
o Disposal of Property, Plant, and Equipment
▪ Vouch from Property, Plant, and Equipment board minutes
▪ Vouch to cash receipts journal and validated deposit slip
▪ Recalculate gain/loss
▪ Trace from board minutes to Property, Plant, and Equipment for disposals
(completeness)
o Look for unrecorded disposals
▪ Agree balances to prior year workpapers
▪ Examine insurance policies, property tax records, etc.
▪ Physically inspect or confirm fixed assets
▪ Both existing and newly-acquired items
▪ Confirm assets leased to others under capital leases
o Depreciation Expense
▪ Recalculate using useful life, salvage value, cost, and method
▪ Evaluate reasonableness of useful life, salvage value, etc.
▪ Is depreciation consistent with company policy (half year conventions)?
o Lease Agreements
▪ Verify proper treatment (capitalized or operating)
▪ Ensure disclosure in footnotes is appropriate
Audit Costing and Expense Accounts
Analytical procedures (e.g. sales commissions)
Agree to related balance sheet account (e.g. depreciation)
Substantive tests of transactions (e.g. purchases)
Vouch detail (e.g. legal expense)

Fraud in Accounts Payable
If the review for fraud risk indicates that a potential significant risk of fraud exists in the
acquisition and expenditure cycle, auditors can use several types of searches and
matches using CAATs.
o Inspect invoices in files for photocopies
o Inspect vendor’s invoices submitted in numerical order
o Inspect vendor’s invoices that are always in round numbers
o Scan vendor’s invoices for invoices that are always slightly lower than a review
threshold
o Scan vendor invoices for vendors with only post office box addresses
o Scan vendor invoices for invoices with no listed telephone number
o Match vendor and employee address and telephone numbers
o Scan multiple vendors at the same address and telephone number
o Vouch a sample of vendor invoices to the approved vendor list
o Review invoices for addresses of the local mail drops

Inherent Risks in the Payroll Cycle
Ghost employees
Overpaying (padding) for time or production
Incorrect accounting (classification)
Failure to pay third-parties (e.g. payroll taxes, insurance)

Payroll Activities
Personnel authorization forms are used to authorize all payroll-related transactions.
Employees should record their hours worked using time sheets.
Supervisory personnel review time sheets and verify the distribution of hours worked on
various jobs.
Payroll department processes payroll and prepares a payroll register and payroll checks.
Cash disbursements/Treasurer should review the payroll register and compare it to the
payroll checks.
Payroll checks should be signed by an authorized party and distributed directly to
employees.

Payroll Control Activities
Physical Controls
o Payroll Checks and signature plates kept in a secure location
 o Payroll Checks distributed by a person not involved in processing or recording
payroll
o Payroll checks distributed to individuals with proper identification
o Unclaimed Payroll Checks stored in a secure location
Segregation of Duties
o The personnel department and the hiring/employing department authorize
payroll transactions and payroll-related changes
o Payroll is recorded by the payroll department and general accounting
o The cash disbursements department/Treasurer has custody of the payroll checks
Performance Reviews
o Payroll transaction data compared to prior-year data or budgeted/expected data
o Review of payroll register for reasonableness
o Reconcile the payroll bank account

Payroll Cycle: Management Reports and Files
Personnel files
Payroll register
Labor cost analysis
Clearing accounts
Government and tax reports
Year-to-date earnings records
W-2 reports