for merchandise returns.
● Lack of mandatory vacations for employees performing key control functions.
● Inadequate management understanding of information technology, which enables information technology employees to perpetrate a misappropriation.
● Inadequate access controls over automated records, including controls over and review of computer systems events logs.
Attitudes/Rationalizations
Risk factors reflective of employee attitudes/rationalizations that allow them to justify misappropriation of assets are generally not susceptible to observation by the auditor. Nevertheless, the auditor who becomes aware of the existence of such information should consider it in identifying the risks of material misstatement arising from misappropriation of assets. For example, auditors may become aware of the following attitudes or behavior of employees who have access to assets susceptible to misappropriation:
● Disregard for the need for monitoring or reducing risks related to misappropriation of assets.
● Disregard for internal control over misappropriation of assets by overriding existing controls or by failing to correct known internal control deficiencies.
● Behavior indicating displeasure or dissatisfaction with the company or its treatment of the employee.
● Changes in behavior or lifestyle that may indicate assets have been misappropriated.
● The belief by some government or other officials that their level of authority justifies a certain level of compensation and personal privileges.
● Tolerance of petty theft.
Illustration 3. Worksheet to Identify Fraudulent Entries or Adjustments (Adapted from AU-C 240.49)
Inappropriate journal entries and other adjustments often have certain unique characteristics. The auditor should use the following questions to help identify characteristics of inappropriate journal entries and other adjustments:
● Is the entry made to an unrelated, unusual, or seldom-used account?
● Is the entry made by an individual who typically does not make journal entries?
● Is the entry made at closing of the period or postclosing with little or no explanation or description?
● Do entries made during the preparation of financial statements lack account numbers?
● Does the entry contain round numbers or a consistent ending number?
The auditor should use the following questions to identify journal entries and adjustments made to accounts that have the following characteristics:
● Does the account consist of transactions that are complex or unusual in nature?
● Does the account contain significant estimates and period-end adjustments?
● Has the account been prone to errors in the past?
● Has the account not been regularly reconciled on a timely basis?
● Does the account contain unreconciled differences?
● Does the account contain intercompany transactions?
● Is the account otherwise associated with an identified risk of material misstatement due to fraud?
Illustration 4. List of Circumstances That May Indicate the Possibility of Fraud (from AU-C 240 Appendix C)
Conditions may be identified during fieldwork that change or support a judgment regarding the assessment of the risks, such as the following:
● Discrepancies in the accounting records, including:
● Transactions that are not recorded in a complete or timely manner or are improperly recorded as to amount, accounting period, classification, or entity policy.
● Unsupported or unauthorized balances or transactions.
● Last-minute adjustments that significantly affect financial results.
● Evidence of employees' access to systems and records inconsistent with that necessary to perform their authorized duties.
● Tips or complaints to the auditor about alleged fraud.
● Conflicting or missing evidential matter, including:
● Missing documents.
● Documents that appear to have been altered.
● Unavailability of other than photocopies or electronically transmitted documents when documents in original form are expected to exist.
● Significant unexplained items on reconciliations.
● Unusual balance sheet changes, or changes in trends or important financial statement ratios or relationships; for example, receivables growing faster than revenues.
● Inconsistent, vague, or implausible responses from management or employees arising from inquiries procedures.
● Unusual discrepancies between the entity's records and confirmation replies.
● Large numbers of credit entries and other adjustments made to accounts receivable records.
● Unexplained or inadequately explained differences between the accounts receivable subledger and the control account, or between the customer statements and the accounts receivable subledger.
● Missing inventory or physical assets of significant magnitude.
● Unavailable or missing electronic evidence, inconsistent with the entity's record retention practices or policies.
● Fewer responses to confirmations than anticipated or a greater number of responses than anticipated.
● Inability to produce evidence of key systems development and program change testing and implementation activities for current-year system changes and deployments.
● Problematic or unusual relationships between the auditor and management, including:
● Denial of access to records, facilities, certain employees, customers, vendors, or others from whom audit evidence might be sought.
● Undue time pressures imposed by management to resolve complex or contentious issues.
● Complaints by management about the conduct of the audit or management intimidation of audit team members, particularly in connection with the auditor's critical assessment of audit evidence or in the resolution of potential disagreements with management.
● Unusual delays by the entity in providing requested information.
● Unwillingness to facilitate auditor access to key electronic files for testing through the use of computer-assisted audit techniques.
● Denial of access to key IT operations staff and facilities, including security, operations, and systems development personnel.
● An unwillingness to add or
