Audit & Assuranse 7e Louwers Ch. 4 Solutions PDF

Preview

Summary

CHAPTER 04Management Fraud and Audit RiskLEARNING OBJECTIVESReview CheckpointsMultiple ChoiceExercises, Problems, and Simulations Define audit risk and describe how it can be broken down into the three separate components of the audit risk model to help assess and respond to such risks during the au...

Description

Chapter 04 - Management Fraud and Audit Risk

CHAPTER 04 Management Fraud and Audit Risk

LEARNING OBJECTIVES

Review Checkpoints

Multiple Choice

Exercises, Problems, and Simulations

1.

Define audit risk and describe how it can be broken down into the three separate components of the audit risk model to help assess and respond to such risks during the audit planning process.

1, 2, 3, 4

25, 26, 27, 28, 37

57, 59

2.

Explain auditors’ responsibility for fraud risk assessment and define and explain the differences among several types of fraud and errors that might occur in an organization.

4, 5, 6, 7, 8

20, 21, 22, 23, 29, 48

60, 63

3.

Explain an auditor's responsibility to assess inherent risk, including a description of the type of risk assessment procedures that should be performed when assessing inherent risk on an audit engagement.

9, 10, 11, 12

24, 35, 39, 40, 47

50, 51, 52, 54, 58

4.

Understand the different sources of information and the audit procedures used by auditors when assessing risks, including analytical procedures, brainstorming, and inquiries.

13, 14, 15, 16, 17

30, 31, 32, 33, 34, 43, 44, 45, 46

49, 53, 55, 56, 61, 65, 66, 67

5.

Explain how auditors complete and document the overall assessment of inherent risk. 18

38, 41, 42

64

19

36

62

Explain auditors’ responsibilities with respect to a client’s failure to comply with laws or regulations. 7. Describe the content and purpose of an audit strategy memorandum.

6.

4-1 Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Chapter 04 - Management Fraud and Audit Risk

SOLUTIONS FOR REVIEW CHECKPOINTS 4.1

Audit risk is the probability that an audit team will express an inappropriate opinion when the financial statements are materially misstated. Audit risk is a combination of the other risks: Audit risk = Risk of material misstatement x Detection risk. Risk of material misstatement = Inherent risk x Control risk. “Audit risk in an overall sense” refers to the audit taken as a whole and the probability that the auditors will issue an inappropriate opinion on financial statements. Generally, this is the risk of giving the standard unmodified report when the financial statements contain material misstatements or the report should be qualified or modified in some manner. “Audit risk applied to individual account balances and disclosures” refers to the probability that a misstatement exists in a particular account balance or disclosure at least equal to the tolerable misstatement assigned to the audit of that balance remains. This version of audit risk is applied at the individual account balance level or disclosure and is used to help plan the procedures to be completed on the audit.

4.2

Risk of material misstatement—the likelihood that material misstatement(s) may have entered the accounting system and not been detected and corrected by the client’s internal control. It is the combination of inherent risk and control risk. Inherent risk is the probability that material errors or frauds have entered the accounting information system. This risk is expressed without regards to internal controls. Control risk is the probability that the client’s system of internal control will fail to prevent or detect material misstatements provided that they enter the accounting information system in the first place. Audit Risk is the probability that an audit team will express an inappropriate opinion when the financial statements are materially misstated. It is the combination of risk of material misstatement and detection risk. Detection risk is the probability that the auditor’s own procedures will fail to find material errors and frauds provided any have entered the system and have not been detected or corrected by the client’s internal control system.

4.3

The auditor uses the Audit Risk Model to determine the nature, timing, and extent of audit procedures by evaluating the risk of material misstatement for each relevant assertion related to each significant account and disclosure. Once the risk of material misstatement has been assessed, the auditor can determine the resulting required detection risk that can be accepted, given the assessment of the risk of material misstatement. Stated differently, the auditor will select the mix of substantive procedures that are needed to “set” detection risk at a level that is needed given the assessed level of the risk of material misstatement for each assertion.

4-2 Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Chapter 04 - Management Fraud and Audit Risk

4.4

When thinking about the nature, timing and extent of procedures to be performed, it is helpful to consider the two categories of substantive procedures. The two categories of substantive procedures are (1) tests of detail of transactions and balances and (2) substantive analytical procedures, which study plausible relationships among financial and nonfinancial data. The nature of audit procedures refers to the type of tests that the auditor plans to use to detect errors and fraud. In general tests of details are more effective than substantive analytical procedures. However, in general, the substantive analytical procedures are more efficient than tests of details. Thus, when considering the nature of tests to be performed, if an auditor wants to set detection risk lower, he/she is likely to complete more tests of details, relative to analytical procedures. The timing of audit procedures refers to when they are performed, usually at (1) interim period or at (2) year-end. However, timing may have other aspects such as surprise procedures (unannounced to client personnel) or procedures performed after the year-end. To set detection risk lower, auditors would typically complete more testing at year-end, as compared to interim. The extent of the application of procedures usually refers to the sample sizes of data examined, such as the number of customer accounts receivable to confirm or the number of inventory types to count. To set detection risk lower, the auditor would typically increase sample sizes.

4.5

An auditor must always remember that a misstatement in the financial statements may be caused by an error or a fraud. The primary difference between a material misstatement due to fraud or due to error is intent. Specifically, did a manager or employee at the client intend to commit a fraud? Or, was the misstatement due to an error made by an employee or manager? The intent of the employee or manager is the absolute key.

4.6

According to the professional standards, an auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. As a direct result, an auditor is responsible for assessing the risk of material misstatement due to an error or fraud on every engagement. However, because of the damage to the capital markets caused by fraudsters who have intentionally misstated their financial statements, auditors must carefully assess fraud risk on every audit engagement. Once fraud risk has been assessed, the nature, timing and extent of audit work should change as a result of the auditor’s fraud risk assessment. In general, the lower the risk of material misstatement due to fraud, the less persuasive the audit evidence needs to be. It therefore follows that when fraud risk factors are identified, the auditor generally must obtain more persuasive audit evidence. Most importantly, once fraud risk factors are identified, the auditor should clearly identify the fraud risks and then design and perform procedures that respond directly to fraud risks.

4-3 Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Chapter 04 - Management Fraud and Audit Risk

4.7

(a) White collar crimes are frauds perpetrated by people in a non-violent manner and are typically focused on stealing cash or assets. They are often committed by people who work in offices and steal items such as inventory, cash or other valuable assets. White collar crimes are often contrasted with violent street crimes like armed robbery, murder and kidnapping. (b) Employee fraud is the use of fraudulent means to take money or other property from an employer. It consists of three phases: (1) the fraudulent act, (2) the conversion of the money or property to the fraudster’s use, and (3) the cover-up. (c) Embezzlement is a type of fraud involving employees or nonemployees wrongfully taking funds or property entrusted to their care, custody, and control, often accompanied by false accounting entries and other forms of lying and cover-up. (d) Larceny is simple theft of an employer’s property that is not entrusted to an employee’s care, custody or control. (e) Defalcation is another name for employee fraud and embezzlement. (f) Management fraud is deliberate fraud committed by management that injures investors and creditors through materially misstated information. Because management fraud usually takes the form of deceptive financial statements, management fraud is sometimes referred to as fraudulent financial reporting. AU 240 defines fraudulent financial reporting as “intentional misstatements, including omissions of amounts or disclosures in financial statements to deceive financial statement users. It can be caused by the efforts of management to manage earnings in order to deceive financial statement users (g) Errors are unintentional misstatements or omissions of amounts or disclosures in financial statements.

4.8

There are three additional categories of fraud risk factors. Each of these categories features conditions that helped contribute to fraud in the past: Fr a udRi s kFac t o r s-Ma na g e me nt ’ sCha r a c t e r i s t i c sandI nflue nc e      

Ma n a g e me n th a samo t i v a t i o n( b o nu sc o mp e ns a t i o n ,s t o c ko p t i o n s , e t c . )t oe n g a g ei n f r a u d u l e ntr e p o r t i n g . Ma n a g e me n td e c i s i o n sa r ed o mi n a t e db ya ni n d i v i d ua lo ras ma l lg r o up . Ma n a g e me n tf a i l st od i s p l a ya na p p r o p r i a t ea t t i t u d ea b o u ti n t e r n a lc o n t r o la nd fin a n c i a lr e po r t i n g . Ma n a g e r s ’a t t i t u d e sa r ev e r ya g g r e s s i v et o wa r dfin a nc i a lr e p o r t i n g . Ma n a g e r sp l a c et o omu c he mp h a s i so ne a r n i n g sp r o j e c t i o n s . No n fin a n c i a lma n a g e me ntp a r t i c i pa t e se x c e s s i v e l yi nt hes e l e c t i o no fa c c o u n t i n g p r i nc i pl e so rd e t e r mi n a t i ono fe s t i ma t e s . 4-4

Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Chapter 04 - Management Fraud and Audit Risk

   

Th ec o mp a n yh a sah i g ht u r n o v e ro fs e n i o rma n a g e me nt . Th ec o mp a n yh a sakn o wnh i s t o r yo fv i o l a t i o n s . Ma n a g e r sa n de mp l o y e e st e n dt ob ee v a s i v ewh e nr e s po n d i n gt oa ud i t o r s ’i nq ui r i e s . Ma n a g e r se n g a g ei nf r e q u e n td i s p ut e swi t ha u d i t or s .

Fr a udRi s kFac t o r s–I ndus t r yCo ndi t i o ns     

Comp a n yp r o fit sl a gt h o s eo ft hei n d u s t r y . Ne wr e q u i r e me n t sa r ep a s s e dt h a tc ou l di mp a i rs t a b i l i t yo rp r o fit a b i l i t y . Th ec o mp a n y ’ sma r k e ti ss a t u r a t e dd u et ofie r c ec ompe t i t i o n . Th ec o mp a n y ’ si n d u s t r yi sd e c l i n i n g . Th ec o mp a n y ’ si n d u s t r yi sc h a n g i n gr a p i d l y .

Fr a udRi s kFac t o r s– Ope r a t i ngCha r a c t e r i s t i c sa ndFi nanc i a lSt a bi l i t y        

Awe a ki n t e r n a lc o n t r o le n v i r o nme n tp r e v a i l s . Th ec o mp a n yi sn o ta b l et og e n e r a t es u ffic i e n tc a s hflo wst oe n s u r et h a ti ti sag o i n g c on c e r n . Th e r ei sp r e s s u r et oo bt a i nc a p i t a l . Th ec o mp a n yo p e r a t e si nat a xh a v e nj ur i s di c t i o n . Th ec o mp a n yh a sma n ydi ffic u l ta c c o u n t i n gme a s u r e me n ta n dp r e s e nt a t i oni s s u e s . Th ec o mp a n yh a ss i g n i fic a ntt r a ns a c t i o n so rb a l a n c e st h a ta r ed i ffic u l tt oa u di t . Th ec o mp a n yh a ss i g n i fic a nta n du n u s u a l r e l a t e dp a r t yt r a n s a c t i o n s . Comp a n ya c c o u n t i n gp e r s o n n e l a r el a xo ra r en o te xp e r i e nc e di np e r f o r mi n gt h e i r d u t i e s .

4.9

Inherent risk assessment helps to guide the auditor in allocating more and stronger resources to test specific accounts and disclosures that present a higher likelihood of material misstatement and therefore present a higher level of inherent risk. In effect, inherent risk assessment provides the basis for executing an appropriate response to the risks identified. The professional standards make clear that risk assessment underlies the entire audit process. When performing risk assessment procedures to accomplish this objective, the first step taken by auditors is often to assess inherent risk for each relevant assertion related to each of the significant accounts and disclosures identified on an audit engagement.

4.10

The nature of the company includes:

    

The company's organizational structure and management personnel. The sources of funding of the company's operations and investment activities The company's significant investments. The company's operating characteristics, including its size and complexity. The sources of the company's earnings, including the relative profitability of key products and services as well as key supplier and customer relationships.

4-5 Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Chapter 04 - Management Fraud and Audit Risk

4.11

The purpose of obtaining an understanding of the company's performance measures is to be able to determine what information management and others deem to be key indicators of company performance. It also reveals items to which management might be sensitive. For example, measures used to determine management compensation or analysts’ ratings might place pressure on management to manipulate results. Also, auditors might gain a better understanding of their clients by reviewing measures that management uses to monitor operations, such as budget variances or trend analysis. Finally, those measures might be indicators of qualitative materiality factors.

4.12

Related parties include those individuals or organizations that can influence or be influenced by decisions of the company, possibly through family ties or investment relationships. Because one of the basic assumptions of historical cost accounting is that transactions are valued at prices agreed on by two independent parties, valuation of related-party transactions is particularly troublesome. Auditors also should question the persuasiveness of the evidence obtained from related parties because the source of the evidence may be biased. Finally, related party transactions have been used by companies to perpetrate fraudulent transactions. Thus, auditors need to consider such transactions as higher risk of fraud.

4.13

The purpose of obtaining an understanding of the company’s objectives, strategies, and related business risks is to identify business risks that could reasonably be expected to result in material misstatement of the financial statements. Of course the best starting point is with management whose job it is to be knowledgeable about the company’s risks, possibly by using the ERM model discussed in this chapter. In order to get understanding of a client’s business and industry, an auditor can consider:

4.14



Studying numerous sources such as AICPA industry accounting and auditing guides, specialized trade magazines and journals, registration statements and 10-K reports filed with the SEC, general business magazines and newspapers (Bloomberg Businessweek, Forbes, Fortune, Harvard Business Review, Barron’s, and The Wall street Journal).



Using inquiry of client personnel, including review of prior-year audit documentation (personnel who worked on the audit in prior years are available to convey their understanding of the business), inquiry, and interviews with the company’s management, directors, and audit committee.



Using information from client acceptance and retention evaluation, audit planning, past audits, and other engagements.



Considering the results of the audit team discussions (brainstorming), this involves sharing information among members of the engagement team.

The purpose of performing preliminary analytical procedures in the audit planning stage is to direct attention to potential problem areas so the audit work can be planned to reduce the risk of missing something important. In fact, according to auditing standards, analytical procedures must be applied in the planning stages of each audit. During this 4-6

Copyright © 2018 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Chapter 04 - Management Fraud and Audit Risk

critical point of the engagement, auditors use analytical procedures to identify potential problem areas so that subsequent audit work can be designed to reduce the risk of missing something important. Analytical procedures during planning also provide an organized approach—a standard starting place—for becoming familiar with the client’s business. Auditors need to remember that preliminary analytical procedures are based on unaudited data, so they should consider the effectiveness of controls over their reliability when deciding how much weight to place on the results. 4.15

The five steps auditors use to apply comparison and ratio analysis to unaudited financial statements when completing preliminary analytical procedures are to: (1) develop an expectation, (2) define a significant difference, (3) calculate predictions and compare them with the recorded amount, (4) investigate significant differences, and (5) document each of the first four steps.

4.16

There are a number of ratios that can be used in completing preliminary analytical procedures. Some of the ratios that can be used include current ratio, days’ sales in receivables, doubtful accounts ratio, days’ sales in inventory, receivables turnover, inventory turnover, cost of goods sold ratio, return on equity, and Altman’s financial distress ratios and discriminant score. There are a number of other ratios that can be used as well. In addition, depending on the industry of the client, there may be key performance metrics within that industry that might be useful to complete such procedures.

4.17

Analytical procedures are required (1) at the beginning of an audit—the planning stage...