Wiley Practitioner's Guide to GAAS 2020. Joanne M. Flood
Чтение книги онлайн.
Читать онлайн книгу Wiley Practitioner's Guide to GAAS 2020 - Joanne M. Flood страница 33
Communication about Possible Fraud to Management and Those Charged with Governance
Antifraud Programs and Controls
SCOPE
AU-C 240 focuses on the auditor’s responsibility for fraud in a financial statement audit. AU-C 240 complements and expands on guidance in AU-C 315 and 330 regarding risks of material misstatements. (AU-C 240.01)
DEFINITIONS OF TERMS
Source: AU-C 240.11. For definitions related to this standard, see Appendix A, “Definitions of Terms”: Fraud, Fraud risk factors.
OBJECTIVES OF AU-C SECTION 240
The objectives of the auditor under AU-C Section 240 are to:
1 Identify and assess the risks of material misstatement of the financial statements due to fraud;
2 Obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; and
3 Respond appropriately to fraud or suspected fraud identified during the audit.
(AU-C 240.10)
REQUIREMENTS
Description and Characteristics of Fraud
Although fraud is a broad legal concept, the auditor’s interest specifically relates to fraudulent acts that cause a material misstatement of financial statements. Two types of misstatements are relevant to the auditor’s consideration in a financial statement audit.
1 Misstatements arising from fraudulent financial reporting
2 Misstatements arising from misappropriation of assets
(AU-C 240.02–.03)
Fraudulent financial reporting does not need to involve a grand plan or conspiracy. Management may rationalize that a misstatement is appropriate because it is an aggressive interpretation of accounting rules, or that it is a temporary misstatement that will be corrected later.
Fraudulent financial reporting and misappropriation of assets differ in that fraudulent financial reporting is committed, usually by management, to deceive financial statement users, whereas misappropriation of assets is committed against an entity, most often by employees.
Fraud Risk Factors. Fraud generally involves the following three conditions:
1 A pressure or an incentive to commit fraud
2 A perceived opportunity to do so
3 Rationalization of the fraud by the individual(s) committing it
(AU-C 240.A1)
However, not all three conditions must be observed to conclude that there is an identified risk. It is particularly difficult to observe that the correct environment for rationalizing fraud is present.
Although fraud usually is concealed, the presence of risk factors or other conditions may alert the auditor to its possible existence.
The auditor should be aware that the presence of each of the three conditions may vary, and is influenced by factors such as the size, complexity, and ownership of the entity. These three conditions usually are present for both types of fraud.
The Typical Fraudster
KPMG released a study of 750 fraudsters in 81 countries, “Global Profile of a Fraudster: Technology Enables and Weak Controls Fuel the Fraud,”1 regarding characteristics of people who commit fraud: They
are often experienced employees in a position to collude with people inside and outside the entity.
usually hold management or senior positions.
do not have a prior history of criminal activity.
are highly respected.
appear trustworthy.
are predominantly male between the ages of 36 and 55
Most (61%) fraudsters are employed by the entity.
In 2010, several organizations (the Center for Audit Quality Financial Executives International, the Institute of Internal Auditors, and the National Association of Corporate Directors) formed the Anti-Fraud Collaboration. The organization’s website at antifraudcollaboration.org contains resources for audits in the form of case studies, reports, videos, articles, and free CPE.
Management’s Override of Controls. The auditor should also be alert to the fact that fraudulent financial reporting often involves the override of controls, and that management’s override of controls can occur in unpredictable ways. Also, fraud may be concealed through collusion, making it particularly difficult to detect.
In recent years, one international company paid a multimillion-dollar fine to the SEC for inflating its fiscal year results to meet earnings expectations and committing other accounting-related violations over a first-year period.2 Another international company paid penalties because it was overstating revenues and assets.3 Both companies improperly accounted for write-downs under ASC 450. One company also failed to properly amortize intangible assets under ASC 350.
Responsibilities for the Prevention and Detection of Fraud. Management and those charged with governance have the primary responsibility for the prevention and detection of fraud. Management should create an atmosphere that makes fraud prevention a priority by creating a culture of ethical behavior supported by oversight. Management should consider potential inappropriate influence over the financial reporting process, such as managing earnings. Management is responsible for designing and implementing programs to prevent, deter, and detect fraud. When management and others, such as the audit committee and board of directors, set the proper tone of ethical conduct, the opportunities for fraud are significantly reduced. (AU-C 240.04)
Responsibilities of the Auditor