an understanding of the controls related to preventing or detecting the misappropriation and testing of such controls.
● Physically inspect assets near the end of the period.
● Apply substantive analytical procedures, such as the development by the auditor of an expected dollar amount at a high level of precision to be compared with a recorded amount.
NOTE: Audit procedures may involve both substantive tests and tests of controls. However, since management may be able to override controls, it is unlikely that audit risk can be reduced to an appropriate level by performing only tests of controls.
Addressing the Risk of Management Override
The auditor should perform the following procedures to specifically address the risk for management's override of controls.
Examining journal entries and other adjustments for evidence of possible material misstatement due to fraud, and testing the appropriateness and authorization of such entries. (AU-C 240.A49-.A50) The following procedures should help the auditor in addressing possible recording of inappropriate or unauthorized journal entries or making financial statement adjustments, such as consolidating adjustments, report combinations, or reclassifications not reflected in formal journal entries. The auditor should specifically:
1. Understand the financial reporting process, understand the design of controls over journal entries and other adjustments, and determine that such controls are suitably designed and placed in operation.
2. Identify and select journal entries and other adjustments for testing, while considering the following:
● What is our assessment of the risk of material misstatement due to fraud? (The auditor may identify a specific class of journal entries to examine after considering a specific fraud risk factor.)
● How effective are controls over journal entries and other adjustments? (Even if controls are implemented and operating effectively, the auditor should identify and test specific items.)
● Based on our understanding of the entity's financial reporting process, what is the nature of evidence that can be examined? (Regardless of whether journal entries are automated or processed manually, the auditor should select journal entries to be tested from the general ledger, and examine support for those items. In addition, if journal entries and adjustments are in electronic form only, the auditor may require that an information technology [IT] specialist extract the data.)
NOTE: Computer-assisted audit techniques (CAATs) such as data extraction applications frequently are the most effective and efficient means for identifying and selecting journal entries and adjustments for testing.
● What are the characteristics of fraudulent entries or adjustments, or the nature and complexity of accounts? Illustration 3 at the end of this chapter provides a worksheet to use in identifying characteristics of fraudulent journal entries or adjustments, or accounts that may be more likely to contain inappropriate journal entries or adjustments. (When audits involve multiple locations, the auditor should consider whether to select journal entries from various locations.)
● Are there any journal entries or other adjustments processed outside the normal course of business (i.e., nonstandard or nonrecurring entries)? The auditor should consider placing additional emphasis on identifying and testing items processed outside the normal course of business, because such items may not be subject to the same level of internal control as other entries.
3. Determine the timing of testing. Fraud may occur throughout a period, so the auditor should consider the need to test journal entries throughout the period under audit. However, the auditor should also consider that fraudulent journal entries are often made at the end of the reporting period and should focus on entries made during that time.
4. Ask individuals in the financial reporting process about inappropriate or unusual activity relating to journal entries and adjustments.
NOTE: The auditor should document the results of procedures performed to address the possibility that management might override controls.
Reviewing accounting estimates for biases that could result in fraud. (AU-C 240.A52-.A53) The auditor should consider whether differences between amounts supported by audit evidence and the estimates included in the financial statements, even if individually reasonable, indicate a possible bias on the part of entity's management. If so, the auditor should reconsider the estimates taken as a whole.
The auditor should retrospectively review significant accounting estimates in prior years' financial statements to determine whether there is a possible bias on the part of management. (Significant accounting estimates are those based on highly sensitive assumptions or significantly affected by management's judgment.) The review should provide information to the auditor about a possible management bias that can be helpful in evaluating the current year's estimates. If a management bias is identified, the auditor should evaluate whether the bias represents a risk for material misstatement due to fraud.
Evaluating whether the rationale for significant unusual transactions is appropriate. (AU-C 240.A54) Personnel at the entity engaged in trying to hide a theft or commit fraudulent financial reporting might use unusual or nonstandard transactions to conceal the fraud. The auditor should understand the business rationale for such transactions and whether the rationale suggests that the transactions are fraudulent. When evaluating the transactions, the auditor should consider:
● Is the transaction overly complex?
● Has management discussed the nature and accounting for the transaction with the audit committee or board of directors?
● Is management focusing more on achieving a particular accounting treatment than the underlying economics?
● Have any transactions involving special purpose entities or other unconsolidated related parties been approved by the audit committee or board of directors?
● Do transactions involve previously unidentified related parties?
● Do transactions involve parties that cannot support the transaction without the help of the audited entity?
Evaluating Audit Evidence
The auditor should:
1. Assess the risk of material misstatement due to fraud throughout the audit.
2. Evaluate whether analytical procedures performed as substantive tests or in the overall review indicate a previously unidentified fraud risk.
3. Evaluate the risk of material misstatement due to fraud at or near the completion of fieldwork.
4. Respond to misstatements that may result from fraud.
5. Consider whether identified misstatements may be indicative of fraud, and, if so, evaluate their implications.
(AU-C 240.34-.37)
Evaluating Analytical Procedures
The auditor should consider whether analytical procedures performed as substantive tests or in the overall review stage of the audit indicate a risk of material misstatement due to fraud. The auditor should perform analytical procedures relating to revenue through the end of the reporting period, either as part of the overall review of the audit or separately. If such procedures are not included during the overall review stage of the audit, the auditor should perform analytical procedures specifically related to potentially fraudulent
