External Auditing

Function
CHAPTER XVII
 Chapter Objectives
• Recognize the role independent auditors play in achieving effective corporate
governance and reliable financial reports.

• Understand the history of auditing, the traditional roles of auditors, and regulations
recently placed on them.

• Address the expectation gap regarding what auditors can provide in the way of
reasonable assurance and the expectations of investors for a higher level of assurance.

• Identify the roles and responsibilities of the PCAOB, and discuss the auditing
standards published by the PCAOB.

• Demonstrate the importance of auditor independence both in fact and in appearance.

• Discuss an integrated audit of both financial statements and ICFR.

• Address the issue of a liability cap for independent auditors, and understand the
rationale on both sides of the issue.
Technical competencies. Auditors should be knowledgeable in professional
standards, rules, laws and regulations, and understand their clients’ industry and
business, corporate governance, financial reporting process, and internal controls
 Key Terms
• The Accountancy Investigation & • Integrated audit approach
Discipline Board (AIDB)
• Internal Revenue Service (IRS)
• Audit quality
• International Standards on Auditing
• Audit risk (ISAs)

• Audit strategy • PCAOB-US

• Auditor independence • PCAOB Auditing Standards

• Control risk • Professional Ethics Executive

• Detection risk • Standing Advisory Group (SAG)

• Expectation gap • Statements on Auditing Standards

• Inherent risk
 Sarbanes –Oxley Act of 2002
Was enacted in July 2002 in response to the economic downturn of the early 2000s,
several years of steady decline in the capital markets and numerous high-profile
financial scandals.

The fundamental provisions of SOX can be categorized into the following five
categories:

(1) corporate governance;

(2) financial reporting;
(3) audit functions;
(4) federal securities law enforcement; and
(5) others (e.g., legal counsel, financial analysts).

Table 7.1 Sarbaney-Oxley Act of 2002 Provisions

Page 194 - 199
Before SOX

After SOX
External Auditing and Corporate Governance
 External Auditor Responsibility
Current auditing standards require that independent auditors provide
reasonable assurance that the financial statements are free from material
misstatements, whether caused by error or fraud, to render an unqualified
opinion on the financial statements.

External auditors are not and should not be expected to provide absolute
assurance regarding reliability of financial statements, but the public
expectations concerning external auditors performance are high.

Users of audited financial statements generally expect external auditors to

detect financial statement fraud and employees’ illegal acts and fraud, which
affects the integrity of financial reports. External auditors, however, are more
concerned with material misstatements in the audited financial statements.
 Auditor Competency
1. Professional competencies. To audit public companies, auditors should
register with the PCAOB and meet all registration and inspection
requirements.
2. Technical competencies. Auditors should be knowledgeable in
professional standards, rules, laws and regulations, and understand their
clients’ industry and business, corporate governance, financial reporting
process, and internal controls.
3. Process competencies. Auditor’s ability to choose appropriate evidence-
gathering procedures (tests of controls, substantive tests) and execute
auditing procedures
4. Reporting competencies. Reporting competencies refer to the auditors’
ability and willingness to discover and report material misstatements.
 Reports Accompanying
Financial Statements
Report on financial statements and related disclosures (prepared by auditor)
◦ Are financial statements and disclosures according to GAAP?

Report on internal control over financial reporting (prepared by management)

◦ Has company maintained effective internal control over financial reporting?

Report on internal control over financial reporting (prepared by auditor)

◦ Is management’s assessment of its internal control appropriate?
◦ Has company maintained effective internal control over financial reporting?
 The Purpose of the Audit Report
Definition of auditing: “…communicating results to interested users.”
Indicate whether the FS are in accordance with GAAP
◦ Provide indication of what the FS would be like if GAAP were
followed
◦ Provide any company-omitted disclosures
Indicate any unusual aspects of the audit examination
◦ Scope limitations
◦ Division of responsibility
Indicate any unusual matters related to the Company
◦ Going concern uncertainty
◦ Consistency
◦ Emphasize a matter
 Four Categories of
Audit Reports
Standard unqualified (clean opinion)
Unqualified with explanatory paragraph or modified wording
Qualified
Adverse or disclaimer
Definitions: Webster’s New Unabridged
Dictionary
Qualified:
◦ Having met conditions or requirements set
◦ Limited, modified

Unqualified:
◦ Not having the usual or requisite talents, abilities, or accomplishments
◦ Not modified, limited, or restricted by conditions or exceptions
 Types of Audit Reports
Type of Report Interpretation
Unqualified Financial statements taken as a whole present fairly the
Opinion financial position, results of operations, and cash flows in
conformity with generally accepted accounting principles
(GAAP).
Qualified Opinion “Except for” the effects of a particular matter, the financial
statements present fairly the financial position, results of
operations, and cash flows in conformity with GAAP.

Adverse Opinion Financial statements do not present fairly the financial

position, results of operations, and cash flows in
conformity with GAAP.
Disclaimer of Auditor does not express an opinion on the financial
Opinion position, results of operations, or cash flows.
 Standard Unqualified Report
The five necessary conditions have been met:

1. All four required statements are included.

2. The three general standards have been followed in all respects on
the engagement.
3. Sufficient evidence has been accumulated and the auditor has
conducted the engagement in a manner that enables the conclusion
that the three standards of field work have been met.
4. The financial statements are presented in accordance with GAAP
(including adequate disclosures.
5. There are no circumstances requiring the addition of an
explanatory paragraph or modification of the report wording.
 Standard Unqualified Audit Report
(Nonlisted Companies)
Title Report of Independent Auditor

Address to To the Board of Directors and stockholders of Any

client company

Audit AuditWe have audited the accompanying balance

notice notice
sheets of Any company as of December 31, 1990 and
1989, and the related statements of income, retained
Identify Management
earnings, and cash flows for the year then ended.
the responsibility
These financial statements are the responsibility of the
financial company’s management. Our responsibility is to
statements express an opinion on these financial statements based Auditor
on our audits. responsibility
continued
 We conducted our audits in accordance with generally
accepted auditing standards. Those standards require that we
plan and perform the audit to obtain reasonable assurance
about whether the financial statements are free of material
misstatement. An audit includes examining, on a test basis,
evidence supporting the amounts and disclosures in the
financial statements. An audit also includes assessing the
Description of
accounting principles used and significant estimates made by
the audit management, as well as evaluating the overall financial
statement presentation. We believe that our audit provides a
reasonable basis for our opinion.

No special In our opinion, the financial statements referred to Opinion on

mention of above present fairly, in all material respects, the financial
financial
adequate position of Any company as of December 31, 1990 and 1989,
and the results of its operations and its cash flows for the
statements
disclosure or
years then ended in conformity with generally accepted
consistency accounting principles. Refer to
CPA GAAP
Signature February 28, 1991
Date
 CFE 2010 Survey of Auditor Report
72 percent of respondents said the auditor’s report is important to their analysis and use of financial
reports in the investment decision making process
69 percent think it is important to provide these communications within the auditor’s report,
91 percent agree that in cases where there is more than one auditor, the identities and specific roles
of other auditors should be disclosed.
82 percent agree that the method by which the auditor determines/assesses materiality should be
disclosed.
60 percent of respondents believe the auditor’s report should contain more information about the
audit process itself and matters related to the audited financial statements.
94 percent of respondents would like to see additional information in the auditor’s report
77 percent would like to see information about “audit materiality
72 percent would like to see information on circumstances or relationships that might bear on the
auditor’s independence.
66 percent would like to see the level of assurance actually achieved in the audit.
 Current Auditor’s Reporting Model
The current audit report approach “on or off”, “comply/do not comply”, “Black
and White”, “pass or fail” audit opinion does not have much value-relevance to
investors.
The advantages of this approach are:
1. the audit report has standardized pass/fail language that provides uniformity and
improves comparability; and
2. is commonly accepted by the investing public.
The disadvantages are:
3. the pass/fail approach does not reflect the quality of the financial statements;
4. this approach does not provide useful information to investors regarding the
quality of the company as investment or credit risks; and
5. this approach focuses on fair presentation rather than true and accurate
presentation of financial position and results of operations.
 PCAOB Final Auditing Standard on the
Auditor’s Report
In June 2017, the PCAOB adopted a new auditor reporting standard that will make the
auditor's report more relevant to investors by requiring more information about the audit.

The standard includes the communication of critical audit matters (CAMs), which will
inform investors and other financial statement users of matters arising from the audit that
required especially challenging, subjective, or complex auditor judgment, and how the auditor
responded to those matters.

The new standard requires the auditor to communicate in the auditor's report any critical audit
matters arising from the current period's audit of the financial statements, or state that the
auditor determined that there were no critical audit matters.
 Critical Audit Matters
A CAM is defined as a matter that was communicated or required to be communicated to
the audit committee and that:
1. relates to accounts or disclosures that are material to the financial statements, and,
2. involved especially challenging, subjective, or complex auditor judgment.
The communication of each CAM in the auditor's report includes:
1. identification of the CAM;
2. description of the principal considerations that led the auditor to determine that the matter
was a CAM;
3. description of how the CAM was addressed in the audit; and,
4. reference to the relevant financial statement accounts or disclosures.
 Critical Audit Matters
A key component of the proposal would be the requirement to identify and report on
critical audit matters, which are defined as matters addressed during the audit that:
Involved the most difficult, subjective, or complex auditor judgments;
Posed the most difficulty to the auditor in obtaining sufficient appropriate evidence; or
Posed the most difficulty to the auditor in forming an opinion on the financial
statements.

When critical audit matters are determined, auditors would be required in their report to:
Identify the critical audit matter.
Describe the considerations or reasons that the matter was identified as critical.
Refer to the relevant financial statement accounts and disclosures that relate to the
critical audit matter, when applicable.
 Audit Failures and Audit Quality
Following is the list of the initiatives that have been suggested to improve audit
quality, as well as transparency.

1. Publication of audit engagement letters

2. Shareholders’ rights to question auditors
3. Publication of auditor resignation statements
4. Lead audit partner’s signature on audit reports
5. Active audit committee participation in evaluating the scope and results of the
integrated audit of both ICFR and financial statements
6. Mandatory rotation of the audit firm every seven to twelve years in the context of
the quality of audit work performed by the firm and the audit efficacy
7. Mandatory shareholder vote on the ratification of the independent auditor each year
Audit Quality Indicators Suggested by the
Center for Audit Quality (CAQ).
Firm leadership and tone at the top of the audit firm.
Independence, objectivity, and skepticism.
Audit process, methodology, and performance.
Professional development and competency.
Monitoring.
Firm organization and structure
 PCAOB Audit Quality Indicators
On July 1, 2015, the Public Accounting Oversight Board (PCAOB) issued its Concept
Release seeking on a portfolio of 28 considered audit quality indicators (AQIs).
These AQIs are classified into three categories: audit professionals, audit process, and audit
results, and are intended to improve audit quality and effectiveness as well as the
mechanism to communicate audit quality to audit committees, investors, audit firms, and
regulators including the PCAOB.
The three guiding principles used by the PCAOB in the development of these 28 potential
AQIs are:
1. quantitative AQIs are desired in order to maintain consistency and objectivity;
2. considered AQIs should enable users to effectively evaluate audit quality;
3. AQIs should be viewed as a holistic, integrated, and balanced portfolio in assessing and
communicating audit quality.
The development, compilation, and distribution of AQIs data to users by firms can be
voluntary, mandatory, or monitored by the PCAOB.
 PROFESSIONAL SKEPTICISM
Professional skepticism is essential to the performance of effective audits under
Public Company Accounting Oversight Board (PCAOB) standards.
Those standards require that professional skepticism be applied throughout the
audit by each individual auditor on the engagement team.
PCAOB standards define professional skepticism as an attitude evidence. The
standards also state that professional skepticism should be exercised throughout
the audit processes.
Several suggestions have been provided to address the unethical, illegal, and
damaging actions of a few partners and provide incentives and enforcements to do
the right thing of honoring public trust in their profession.
One suggestion is to address auditors’, particularly partners’, judgment bias.
Another suggestion is to establish an independent board of directors for public
accounting firms similar to the one for public companies in overseeing the firm’s
audit quality.
 Public Company Accounting Oversight
Board
The PCAOB created by SOX to regulate the auditing
profession.

The PCAOB’s primary functions are to:

1. Register public accounting firms that audit public companies.

2. Inspect the registered public accounting firms on a regular basis.
3. Establish auditing, attestation, ethics, quality control, and independence standards.
4. Conduct investigations and disciplinary proceedings.
 PCAOB Auditing Standards
The PCAOB has issued five auditing standards as of September 2007:

1. PCAOB Auditing Standard No. 1 (audit is conducted in accordance with auditing

standards of PCAOBUS, the city and state has to be disclosed)
2. PCAOB Auditing Standards No. 2 and 5 (New PCAOB AS No. 5 superseded AS
No. 2 and requires the independent audit to opine only on the effectiveness of
ICFR, not the management processes and assessments concerning ICFR)
3. PCAOB Auditing Standard No. 3 (auditors are required to maintain the audit
documentation in a sufficient manner and keep the records for at least seven years)
4. PCAOB Auditing Standard No. 4 (voluntary engagement for the auditor’s report on
the company’s elimination of previously reported material weaknesses in its ICFR)
 Roles and Responsibilities—Internal
Control over Financial Reporting
Management: Designs and implements the system of internal control
over financial reporting; evaluates the effectiveness of the company’s
internal control over financial reporting and provides a public report on
that assessment; prepares the financial statements.
Audit Committee: Has responsibility for oversight of the company’s
financial reporting process.
Independent Auditor: Performs an audit of internal control over financial
reporting and issues a report on management’s assessment of internal
control over financial reporting and on the effectiveness of internal
control over financial reporting; also performs an audit of the company’s
financial statements.

30
 The Independent Auditor’s Opinion
The content of the auditor’s report is prescribed by the PCAOB standard. The
most common opinions on the effectiveness of internal control over financial
reporting will be:
Unqualified Opinion. An opinion that internal control over financial reporting is
effective: no material weaknesses in internal control over financial reporting
exist as of the fiscal year-end assessment date.
Adverse Opinion. An opinion that internal control over financial reporting is not
effective: one or more material weaknesses exist as of the fiscal year-end
assessment date.
Disclaimer of Opinion. A report stating that restrictions on the scope of the
auditor’s work prevent the auditor from expressing an opinion on the company’s
internal control over financial reporting.

31
 Report of Independent Registered Public
Accounting Firm
1. Introductory 2. Scope 3. Definition
Paragraph Paragraph Paragraph

6. Inherent 5. Explanatory 4. Opinion

Limitations Paragraph* Paragraph
Paragraph

7. Signature 8. City and 9. Date

State or
County
*The explanatory paragraph is required only when the auditor’s opinion is other than unqualified and may also be placed after the opinion paragraph when the
auditor issues two separate reports on the audit of financial statements and internal controls, thus making reference to opinion on the financial statement audit in
the report on the internal control audit.

32
Source: Release No. 2004-001, pages 116−137, Appendix A—Illustrative Reports, available at pcaobus.org.

33
Source: Release No. 2004-001, pages 116−137, Appendix A—Illustrative Reports, available at pcaobus.org.

34
Source: Release No. 2004-001, pages 116−137, Appendix A—Illustrative Reports, available at pcaobus.org.

35
 PCAOB Inspection Report

Auditors:
1. Did not challenge the assumptions of valuation models.
2. Allowed inadequate risk assessment of off-balance sheet transactions.
3. Did not provide early signal of financial difficulties and inability to
continue as going concern.
4. Almost all bankrupted banks received unqualified, clean audit opinion
years preceding to their failures
 PCAOB Initiatives
Analysis of Audits Affected by the Economic Crisis – The examination of audit
deficiencies inspectors uncovered in inspections during the period 2007 through 2009.
Root Cause Analysis – Identification of the root causes of audit deficiencies and actions
needed to mitigate the identified audit deficiencies.
Correction of Past Deficiencies – Implementation of adequate and effective audit quality
control policies and procedures to prevent further occurrences of identified audit
deficiencies to protect investors and to rebuild public trust and investor confidence in
financial statement audits.
Firm Management and Monitoring – Proper examination of audit firms’ management and
monitoring process (appropriate tone at the top) by determining whether the supervision
and monitoring systems are effective in detecting and preventing audit failures,
Strengthening Auditor Independence- Complying with auditor independence
requirements, and implementing performance review processes to ensure audit
effectiveness.
 PCAOB Initiatives
Supervision of Cross-border Audits of Multi-location Companies –
Investigation of the quality control system of international audit firms in the
global networks that audit multinational corporations by evaluating the quality
of cooperation, communication and coordination among affiliates in these
networks.
Increasing Access to Inspect Non-U.S. Registered Firms – Development of a
model for cross-border cooperation with regulators in the European Union and
other countries worldwide to conduct joint inspections of audit quality of
international audit firms.
Enhancing the Auditor's Reporting Model – Establishment of a more effective
audit reporting model to communicate the quality of financial statements to
improve the existing pass/fail model expressing an opinion of fair presentation
of financial statements in conformity with designated accounting standards.
 Independent Auditors Communications
with the Audit Committee
Communications from the committee to the Communications from the independent auditor
independent auditor: to the audit committee:

1. Appointment and retention approval of the independent 1. Seeking committee preapproval of all audit and nonaudit
auditor services in a timely manner
2. Formal approval of audit and permissible nonaudit services 2. The critical accounting policies and practices used by
3. Formal approval of fees for both audit and nonaudit management in the preparation of financial statements
services with a keen focus on improving the quality of audit 3. All alternative treatments of financial information within
and nonaudit services GAAP
4. Any concerns or risks threatening management’s reputation 4. Any accounting disagreements between the independent
and integrity, etc. auditor and the company’s management
5. Allegations of financial statement fraud 5. Any material, written communications between the
independent auditor and the company’s management
throughout the course of the audit
6. Significant deficiencies and material weaknesses of ICFR
7. The audit report on annual financial statements
8. The review report on quarterly financial statements
9. The audit report on management’s assessment of the
effectiveness of ICFR
10. The audit report on the effectiveness of ICFR
11. Financial risks associated with financial reports
Auditor Independence

AU D I TO R I N D E P E N D E N C E
Consolidation and Competition in Public Accounting Firms

SEC rules require public companies that change their public

accounting firms to file a Form 8-K, Item 4.01, to disclose
changes within four days, whereas auditors are required to
provide standard letters within ten days stating whether they
agree with the company’s disclosure without specifying any
reasons.
Integrated Audit Approach

Management assessment on
the effectiveness of ICFR

Effectiveness of both design

and operation of ICFR
based on control criteria
 Audit Strategy
Audit Strategy:

1. No limited tests of controls

2. No use of cycle rotation in tests of controls
3. Dual testing of controls and substantive audit procedures

Auditors should focus on prevention, detection, and correction of controls at both

the company level and the transaction level. Auditors should perform tests of
controls as a basis for forming an opinion on the effectiveness of ICFR. Auditors
should also perform substantive tests as a basis for expressing an opinion on the
fair presentation of financial statements, regardless of the identified significant
deficiencies and material weaknesses in internal controls.
 Types of Misstatements
Errors: An unintentional misstatement of the financial
statements
Fraud: An intentional misstatement of the financial statements
◦ Misappropriation of assets (defalcations)
◦ Fraudulent financial reporting
Illegal Acts: Violations of laws or government regulations

44
 Two Basic Types of Fraud
◦ Occupational fraud – fraud against the company, usually involving
misappropriation of assets
◦ Financial statement fraud – fraud to enhance the company to the
detriment of outsiders

45
 Financial Statement Fraud
Definition – Deliberate misstatements or omissions of amounts or
disclosures of financial statements to deceive financial statement users,
particularly investors and creditors.
Financial statement fraud has become a daily thing. Press reports
challenge the corporate responsibility and integrity of major companies
such as Lucent, Xerox, Rite-Aid, Waste Management, Microstrategy,
KnowledgeWare, Sunbeam, Cendent, and ZZZ Best, Enron, WorldCom,
Qwest, Madoff, Satyam, Stanford Financial, and Parmalat.
http://danariely.com/2012/10/20/the-honest-truth-about-dishonesty-rsa-a
nimate-version/
, Cheating Video

46
 Types of Fraud
Financial Statement Fraud
Misrepresentation of material
facts
Misappropriation of assets

Concealment of material
Management facts
Fraud
Illegal Acts
Bribery
Conflict of Interest

Embezzlement of money or
FRAUD property
Breach of fiduciary duty

Theft of trade secrets of

Employee intellectual property
Fraud
Illegal acts
 Misstatements
Misstatements may result from:
◦ Mathematical errors
◦ Omissions of appropriate information
◦ Misunderstandings
◦ Misapplication of GAAP
◦ Incorrect summarizations and descriptions

48
 Forensic Accounting
Forensic Accounting

Fraud Examination Litigation consulting (legal

Expert Witnessing
(investigative services) services and disputes)

Occupational fraud Valuations litigation

Legal disputes
support
Financial Statement
Fraud Shareholders and
Financial Disputes
stakeholders disputes
Asset-Theft Fraud
Bankruptcy and Assistance Lawyers
insolvency
Consumer Fraud
Assistance other
accountants (accounting
Computer Fraud (IT risk)
firms)
 Definitions
Fraud examination: a process for resolving fraud allegations, gathering,
examining evidence, writing reports and testifying to findings as to
detect, prevent, and correct fraud
Litigation consulting: using skills in accounting, auditing, financing, law
and others, to gather, analyze and evaluate evidence, as well as interpret
and communicate findings
Expert witnessing: serving as a witness to educate juror and interpret
complex accounting and financial issues
Definitions and Interrelationships
Internal and External Forensic
Auditing Accounting
Planning Accounting and
Risk Assessment Legal Matters
Internal controls
Audit Evidence
Reporting

Fraud
Prevention and Deterrence
Detection
Investigation
Remediation
 Corruption/Fraud

+ Absolute Power -Ethical Principles and Behavior

+Capability -Effective, Efficient and Scalable
Regulations
+Pressure/Incentives
-Compliance/Enforcement
+Opportunity
-Corporate Governance
+Collusion
-Accountability
+Greed
+Incompetency
 Why People Commit Fraud
Studies show that:

1. 5-10% of people are always honest (e.g., Mother Teresa), 1-10% are always
dishonest (e.g., criminals), and the rest, 80-90% are in between.

2. This majority 80-90% are likely to commit fraud when four conditions exist:
◦ PRESSING FINANCIAL NEED
◦ OPPORTUNITY
◦ REASONABLE JUSTIFICATION
◦ LACK OF MORAL PRINCIPLE
◦ http://www.youtube.com/watch?v=8ITxDjOiSm0&feature=fvwrel, VIDEO,
Madaff

53
 Profile of Fraud Perpetrators
The fraud perpetrator is more likely to be an ordinary member of the
community: intelligent, respected, never suspected of dishonesty, NOT
YOUR TYPICAL CRIMINAL TYPE.

MORE LIKELY TO BE: LESS LIKELY TO BE:

• A woman • Divorced
• Married • Alcoholic
• Church member • Tattooed
• Older
• Heavier
• Have children
• Have a higher education
• Never been arrested
• Have high self-esteem
• High achiever

54
 Common Personality Traits of Fraudsters
Wheeler and Dealer
Domineering/Controlling
Don’t like people reviewing their work
Strong Desire for Personal Gain
Have a “Beat the System Attitude”
Live Beyond Their Means
Close relationship with customers or vendors
Unable to Relax
Often have a “too good to be true” work performance
Don’t take vacation or sick time or only take leave in small amounts
Often work excessive overtime
Outwardly, appear to be very trustworthy
Often display some sort of drastic change in personality or behavior
 Changes in Behavior
• Suddenly buying more material items – • Start coming in early or staying late .
houses, cars, boats, clothes, jewelry, • Excessive documentation of “forms” over
electronics,. “substance”.
• Brags about new purchases and lifestyle. • Redo or Rewrite work to “make it neat”.
• Starts to carry unusual amounts of cash. • Repeatedly mentioning family or financial
• Creditors/Bill Collectors show up at work or problems.
call frequently . • Exhibits signs of a drug or gambling addiction
• Borrows money from coworkers. (absenteeism, become manipulative, look ill,
• Becomes more irritable or moody. inconsistent or illogical behavior, loss of sleep
• Becomes unreasonably upset when or appetite,).
questioned . • Exhibits signs of dissatisfaction (decrease in
• Becomes territorial over their area of productivity, change attire, irregular schedules,
responsibility and tasks. frequent complaining about inequities or work
• Do not take vacation or sick time or only takes issues).
it in small increments.
• Works unneeded overtime and long hours.
• Turns down promotions.
Symptoms of Financial Statement Fraud
Continuous Deterioration of Quality and Quantity of Earnings
Inadequacy of Cash Flow
Overstatement of Inventories
Overly Aggressive Accounting
Management “Short-termism”
Improper Revenue Recognition
Overstatement of Assets
 Why People Commit Fraud
Perceived Pressure

•Non-sharable
•Auditors have limited
contact
•No +
baseline
Fraud
Triangle

Perceived Opportunity Rationalization

+
Embezzlement Formula
MOTIVE +
OPPORTUNITY +
RATIONALIZATION
=CRIME [FRAUD]

59
 Why People Commit Fraud
•WITHOUT DETECTION! Perceived Pressure
•Focus: Poor Internal Controls
• Segregation of Duties
• Collusion / Management
Override
•Other:
• Poor Training
• Poor Supervision + Fraud
• Lack of Prosecution
• Weak Ethical Culture
Triangle

Perceived Opportunity Rationalization

+
 Why People Commit Fraud
Perceived Pressure

•Really?
•Fundamentally a
+
Breach of Trust
Fraud
Triangle
Rationalization
Perceived Opportunity
+
 Fraud Scale

W. Steve Albrecht, Keith R. Howe, and Marshall B. Romney, Deterring Fraud: The Internal Auditor’s Perspective.
Altamonte Springs: The Institute of Internal Auditor’s Research Foundation, 1984
The Fraud Triangle and Auditor Detection
Auditors are to develop an appropriate response for each fraud risk identified
◦ Examine journal entries and other adjustments
◦ Review accounting estimates for bias
◦ Evaluate the business rationale for significant unusual transactions
◦ TRUST BUT VERIFY
◦ IN GOD WE TRUST, EVERYTHING ELSE WE VERIFY

66
Classifications of Financial Statement Fraud
Fraudulent financial reporting such as improper revenue recognition,
overstatement of assets, understatement of liabilities
Misappropriation of assets including theft, embezzlement, payroll fraud,
counterfeiting, royalty fraud, procurement fraud
Revenue or assets gained by fraudulent or illegal acts such as deceptive
sales practices, accelerated revenue, bogus revenue, overbilling
customers
Expense or liabilities incurred from fraudulent or illegal acts such as
kickbacks, bribery
Other misconduct such as conflict of interest, insider trading,
discrimination, environmental violations, anti-trust practices, theft of
competitor’s trade secrets
 Financial Statement Fraud Schemes
Falsification, alteration, or manipulation of material financial records, supporting
documents, or business transactions
Material intentional omissions or misrepresentations of events, transactions,
accounts, or other significant information from which financial statements are
prepared
Deliberate misapplication of accounting principles, policies, and procedures used to
measure, recognize, report, and disclose economic events and business transactions
Intentional omissions of disclosures or presentation of inadequate disclosures
regarding accounting principles and policies and related financial amounts
 Fictitious Customer Revenue
•Invoices to Phony Companies
•Phony Invoices (Other Documentation)
•to Legitimate Customers
•Shipments to Customers Without an Order
•Shipments to Non-customer (e.g., warehouse location)
•Recording Accounts Receivable Collections as Revenue
•Recording Deposits as Revenue
•Recording Supplier Refunds as Revenue
•Round Trip Transactions
•Money Laundering
Premature Revenue Recognition
• “Channel Stuffing”
• Holding the Books Open to Record Customer
• Shipments After Period End
• “Bill and Hold” – Recording Revenue Prior to Shipment
• Recording Sales that are Contingent of a Future Event
• (e.g., customer financing, consignment goods, Right of
• Return, Guaranteed Return, Performance Guarantee)
• Recording Revenue when Future Service
• Commitments to the Customer Exist
• Recording Revenue when Substantial Uncertainty
• Exists about the Ability to Collect the Receivable
• Pre-Invoicing of Work-in –Process
• Partial Shipments Recorded as Full Shipments
• Over-estimating the Percentage of Completion
• Recording Long-term Contract Revenue Based on Billings
Common Theme of Financial Statement Fraud
Lack of transparency and disclosures on complex financial products, including subprime loans,
structured finance, off-balance sheet transactions, and credit derivatives
Lack of accountability, as the financial companies were not responsible through market discipline or by
regulators
Lack of governance and oversight by those responsible for overseeing corporate governance, financial
reporting, audit activities, and risk management
Lack of effective engagement of “gatekeepers”, including the board of directors, legal counsel, and
internal and external auditors
Lack of effective analysis by credit rating agencies
Conflicts of interest and conflicting incentives for corporate directors, officers, and auditors to maximize
their interests at the investors’ expense
Opportunities to engage in earnings manipulations and focus on short-term performance
Incentive structure driven by fees and a process linked to short-term performance rather than sustainable
performance
Lax regulatory environment created by regulators’ attempt to follow the “principles-based” regulatory
process used in other countries
Consequences of Financial Statement Fraud
Undermines the quality and integrity of the financial reporting process
Jeopardizes the integrity and objectivity of the auditing profession, especially auditors
and auditing firms
Diminishes the confidence of the capital markets, as well as market participants, in the
reliability of financial information
Makes the capital market less efficient
Affects adversely the nation’s economic growth and prosperity
May result in huge litigation costs
Destroys the careers of individuals involved in financial statement fraud, such as top
executives banned from serving on the board of directors of any public companies or
auditors being barred from practice of public accounting
Causes bankruptcy or substantial economic losses by the company engaged in financial
statement fraud
Encourages excessive regulatory intervention
Causes destructions in the normal operations and performance of alleged companies
 Auditor and Investigator
Responsibilities
External Auditors (CPAs)
◦ SAS 99: Consideration of Fraud in a Financial Statement Audit
◦ Design audit to provide reasonable assurance of detecting fraud that could have a
material effect on the financial statements.
◦ Perform fraud-related procedures
◦ SAS 54: Illegal Acts
◦ Focused primarily is on direct-effect illegal acts
◦ SAS 61: Communication with Audit Committees

Internal Auditors (CIAs)

◦ SIAS 3: Deterrence, Detection, Investigation, and Reporting of Fraud

Governmental Auditors
◦ Focus on laws and regulations (compliance), design audit to detect abuse and illegal
acts, report to the appropriate authority
Certified Fraud Examiners (CFEs)
◦ Assignments begin with predication (probable cause)

73
 Assessing the Risk of Fraud
Pressure or incentive to commit the fraud
◦ Direct financial gain, such as misappropriation of assets or
retaining job
◦ Indirect financial gain, such as increase in stock price
Perceived opportunity to commit the fraud
◦ Can fraud be perpetrated without detection?

74
Misappropriation of Assets
Risk Factors

Susceptibility of assets to
misappropriation
Employee relationships or pressures
Deficiencies in internal control

75
 Red Flags
Personal financial pressure
Vices (drugs, alcohol or gambling)
Extravagant lifestyles
Real or imagined grievances against company
Related parties
Increased stress
Internal pressures

76
 How Frauds Occurred
Poor internal controls
Management override of internal controls
Collusion between employees and third parties
Collusion between employees or management
Lack of control over management
Poor or nonexistent corporate ethics policy

77
 Auditor Responses to Fraud

The matter should be brought to the attention of the appropriate

level of management
Fraud involving senior management and fraud that causes a
material misstatement should be reported to the audit committee

78
 Auditor Responses to Fraud
Auditor may have to disclose to outside parties
◦ To comply with legal and regulatory requirements
◦ To a successor auditor
◦ In response to a subpoena
◦ To a governmental funding agency

79
 Illegal Acts

Direct effect on financial statements (e.g. tax fraud)

◦ Design audit to detect
◦ Inform appropriate level of management

Indirect effect on financial statements (e.g. FDA)

◦ Evaluate adequacy of disclosure
◦ If management refuses to account properly for results of illegal act,
auditor may issue qualified or adverse opinion
◦ If management refuses to allow investigation of illegal act, auditor may
issue disclaimer or withdraw from audit

80
How Were Frauds Discovered?
Notification by employees (58%)
Internal controls (51%)
Internal auditor review (43%)
Notification by customer (41%)
By accident (37%)
External auditor review (4%)

81
 Reasons Auditors Fail to Detect Fraud
Over reliance on client representations.
Lack of awareness or failure to recognize that an observed condition may indicate a
material fraud.
Lack of experience.
Personal relationships with clients.
Not being skeptical
◦ TRUST BUT VERIFY
◦ IN GOD WE TRUST, EVERYTHING ELSE WE VERIFY

82
 THE FRAUD DIAMOND

Incentive Opportunity

Rationalization Capability

Wolfe and Hermanson, December 2004 / The CPA Journal

 The Fraud Diamond

“Who Could Turn Opportunity into Reality?”

◦ Authority / Responsibility / Control
◦ Understand the Systems (Accounting and Information)
◦ Great Self-Confidence to Deal with Questions
◦ Deal Well with Stress
 PENTAGON MODEL OF FINANCIAL
REPORTING FRAUD
Pressures/ Incentives

Rationalization Opportunity

Capability Accountability
 Elements of Fraud as Proxies for
Intent/Scienter/Knowledge of Wrongdoing

Which element of fraud

is easiest to identify?
Intent The Act - Intent
- The Act
- Concealment
- Conversion
Concealment Conversion
Considering the Risk of Fraud (SAS 99)
Step 1: Staff discussion

Step 2: Identify information necessary Gather information to identify

to assess fraud risk factors
risks.
Step 3: a. Identify and Identify risks.
b. Assess fraud risk factors
Assess risks taking into account
Step 4: Respond to risk assessment entity’s programs and controls.
Respond to results of assessment.
Step 5: Evaluate audit evidence

Step 6: Communicate fraud matters

Step 7: Document

88
 Fraud Detection Techniques
Brainstorming sessions
“Red flag” lists
Regression Models
Expert system aids
Analytical Procedures from basic scanning to using multifactor regression models.
Financial ratios
Relation between financial and nonfinancial KPIs.
Benford’s Law, of comparing the actual frequency of the digits in a data set with
the expected frequency and investigate any deviations. Digits-by-digits approach
Artificial Neural Networks (ANNs) which is a tool for creating expectations for
account balances (that can be compared with actual balances.
E&Y Study
Things Are Not Always What They Seem
 Risk-Based Audit
What is a Risk?
1. A risk is an uncertain event or condition that, if it occurs, has a positive or
negative effect on a project objective
2. A risk has a likelihood (probability) and an impact (consequence)
3. Every business is exposed to some level of risk
4. Risk events are related to the business, objectives, cost, schedule, scope,
and/or resources
5. Risk management is a process of determining the relation between risk and
rewards, assessing risk appetite, taking educated and prudent risk
 Risk

Audit Risk: The risk that the auditor may unknowingly fail to appropriately
modify an opinion on financial statements that are materially misstated
Auditor’s Business Risk: The risk of financial loss resulting from audit
outcomes
◦ Litigation (regardless of whether auditor is right or wrong)
◦ Loss of reputation

95
 Relationship
Audit
of Risks
risk

Occurrence Detection
risk risk

Inherent Control Sampling Nonsampling

risk risk risk risk

96
 Audit Risk Model
AR = IR x CR x DR

where:
AR = Audit Risk
IR = Inherent Risk
CR = Control Risk
DR = Detection Risk

97
 The Audit Risk Model
Audit Risk = Inherent Risk x Control Risk X Detection Risk

Inherent Risk: The susceptibility of an account or transaction to error.

Control Risk: The risk that the control system will fail to prevent or detect a
material error.
◦ Control system designed by management based on cost/benefit
considerations.
◦ All systems have an inherent level of error occurrence.
◦ Auditor attempts to estimate inherent error level so appropriate audit
procedures can be performed.
Detection Risk: The risk that substantive procedures will fail to detect a
material misstatement.
 Assess Inherent Risk at
the Assertion Level
Number of nonroutine transactions
Degree of management judgment required
Susceptibility to misappropriation
Makeup of the population
Number of misstatements found in prior audits

99
 Assess Control Risk at
the Assertion Level
Control risk (CR) estimate is based on:
◦ An assessment of the effectiveness of the internal accounting control system.
◦ The auditor’s intention to rely on those controls in order to reduce audit effort.
If CR is less than 100%, the auditor must:
◦ Obtain an understanding of internal control.
◦ Evaluate how it should function.
◦ Test the controls for effectiveness.
Estimate of Control Risk arrived at through:
◦ Inquiry of client personnel.
◦ Observation.
◦ Compliance tests of controls.

100
 Identify Audit Procedures
Auditor has three variables that affect detection risk:
◦ Nature of procedures.
◦ Extent of procedures (i.e. number of items examined).
◦ Timing of procedures.

101
 Evaluate Control
Environment

Tests of Controls

Audit Inherent Risk X Control Risk X

= Detection Risk
Risk

Errors Errors Errors Analytical

Procedures

Misappropriation Misappropriation Misappropriation Tests of

of Assets of Assets of Assets Details

Financial Financial
Statement Statement
Financial
Fraud Fraud Forensic
Statement
Fraud Procedures

Evaluate
Management Evaluate Top
Controls Over
Integrity Management
Assets
Controls
R R
1 2
Incentive/ Opportunity
Pressure

Incentive/ Attitude/ Opportunity

Pressure Fraud Rationalization Fraud Risk
Risk Factors Fraud Risk Factors
Factors

102
 Antifraud Corporate Governance Provisions

• Rededication to ethical values • More reliable, transparent, high-quality, timely

corporate reports
• Enhanced Competency and value adding activities
• More credible and objective external audit
• Redefinition of corporate goals of profit functions
maximization to sustainable profit, people and
planet • Promotion of internal audits
• Improved accountability for all corporate • Whistleblower policies and procedures
gatekeepers
• Risk management
• Restrict compliance with all applicable laws, rules,
regulations, standards, and best practices • Effective and efficient internal controls

• Strengthen responsibility and tone at the top • Promotion of Integrated internal control and
financial reporting
• Establishment of antifraud policies and practices
• Promotion of business sustainability
• Design of new corporate governance mechanisms
 Audit of Defined Benefit Pensions
Employer-defined benefit pension reforms, as proposed by the administration
and introduced by both the House and the Senate, would require plan
sponsors to make minimum funding contributions equal to the greater of:
1. the contributions required under the plan’s funding standard account
estimated based on the plan’s actuarial accrued liability,
2. deficient reduction contributions calculated under current liability rules.

These reforms would replace the current law’s “double-barrel”

system with a single measure of assets and liabilities and
required funding method.
Auditors’ Liability Limitation Agreement
In February 2006, the Federal Financial Regulatory Agencies issued an
interagency advisory that raised concerns regarding the negative impacts on
the quality and reliability of audits when financial institutions agree to limit
their independent auditors’ liability.

The advisory, while observing an increase in the types and extent of

provisions in financial institutions’ external audit engagement letters that limit
auditor liability, informs financial institutions that they should not enter into
an audit engagement that includes unsafe and unsound limitation of liability
provisions relevant to an integrated audit of their financial statements and
ICFR.
Auditors Liability Limitation Agreement
 Chapter Summary
• Sections 201 and 202 of SOX require that all audit and permissible nonaudit services
to be performed by the company’s independent auditor be approved by the audit
committee.
• Auditor independence is the backbone of the auditing profession, affecting the
auditor’s planning, evidence-gathering procedures, findings, judgment, and credibility,
and public trust in the auditor’s opinion.
• Auditor independence is derived and guided by these three principles: (1)
independent auditors may not audit their own work, (2) independent auditors may not
function in the role of their client’s management, and (3) independent auditors may
not serve in an advocacy role for their audit clients.
• Tests of controls must be broadened to include understanding of ICFR and provide
reasonable assurance about the effectiveness of both the design and operation of
internal controls.
• Any contractual provisions that limit the external auditor’s liability or require waiving
the right to a jury trial may have detrimental effects on auditor impartiality,
objectivity, and quality.
 Key Points
• The audit function should be regarded as an external corporate governance mechanism
that serves to protect investors from receiving incomplete, inaccurate, or misleading
financial information and thus adds value to the effectiveness of corporate governance.
• SOX drastically changed the characteristics of the accounting profession by connecting
the audit function to the corporate governance structure by requiring that the audit
committee be directly responsible for not only hiring, compensating, and firing external
auditors but also overseeing their work, monitoring their independence, and avoiding
potential conflicts of interest.
• In the auditing profession, the so-called expectation gap is referred to as the difference
between: (1) what the investing public and other users of audited financial statements
believe the responsibilities of auditors are; and (2) what auditors are willing to assume
as responsibilities according to their professional standards.
• Restoration of public trust and investor confidence in financial reports and auditing
need address not only the requirements of compliance with applicable laws,
regulations, and rules but also the recognition of the existence of unconscious bias and
its devastating effects.
• New PCAOB AS No. 5 superseded AS No. 2 and requires the independent audit to
opine only on the effectiveness of ICFR, not the management processes and
assessments concerning ICFR.
Concluding Remarks and
Questions?
Thank you for your Attention