Auditing審計學-基于環(huán)境變化的概念 Ritter課件 08

Chapter8AuditingforFraudFraud&AuditorResponsibilities:HistoricalEvolution"Thedetectionofmaterialfraudisareasonableexpectationofusersofauditedfinancialstatements.Societyneedsandexpectsassurancethatfinancialinformationhasnotbeenmaterialmisstatedbecauseoffraud.Unlessanindependentauditcanprovidethisassurance,ithaslittleifanyvaluetosociety"ThisstatementbythePublicCompaniesAccountingOversightBoardrepresentsadramaticchangeinauditors'responsibilityfordetectingfraudulentfinancialreportingPreviously,AICPAauditingstandardsrequiredauditorstoplanandperformanaudittoprovidereasonableassuranceofdetectingmaterialmisstatements,includingthosecausedbyfraudToday,themessageisclear:auditorsmustassumegreaterresponsibilityfordetectingfraudCommentontheMagnitudeofFraudAccordingtoa2002studybytheAssociationofCertifiedFraudExaminers(ACFE)--SixpercentofrevenueswillbelostasaresultoffraudEstimatedatlossesof$600BillionperyearTheseestimatescoveralltypesoffraud,butdonotincludethelossesinvestorsincurredonmajorfinancialreportingfraudssuchasEnronorWorldComDefineFraudIntentionalconcealmentormisrepresentationofmaterialfactsinordertodeceiveDifferentiatedfromerrorsbytheintenttodeceiveTraditionallydefinedintobroadcategories:DefalcationsFraudulentfinancialreportingWhatisdefalcation?EmployeetakesassetsfromtheorganizationforpersonalgainExamples:theft,embezzlementACFEdividesintofraudsduetoCorruptionFraudstersusetheirinfluenceinatransactiontogainpersonalbenefitExamples:kickbacks,conflictofinterest,bribery,economicextortionAssetmisappropriationTheftormisuseoforganization'sassetsCommonschemes:skimmingrevenues,cashschemes,fraudulentdisbursement,inventorytheft,payrollfraudDefalcationmaycreatemisleadingfinancialstatementsifstolenassetsarereportedonthestatementsDefineFraudulentFinancialReportingIntentionalmanipulationoffinancialstatementsTypicallycommittedbymanagementHasopportunitytooverrideinternalcontrolsOftenevaluatedandcompensatedbasedonfinancialresultsUsuallyinvolves:Manipulation,falsification,oralterationofaccountingrecordsorsupportingdocumentsMisrepresentationoromissionofevents,transactions,orsignificantinformationIntentionalmisapplicationofaccountingprinciplesThemostcommontypesareOverstateassetsandunderstateexpensesOverstaterevenuesandassetsUnderstateliabilitiesReviewLessonsLearnedFromFraudCasesAuditorstakeriskwhenevertheydonotaudittheentirecompanyAuditorsneedtolookateconomicassumptionsunderlyingacompany’sgrowthAuditorsneedtoassessriskfactorsandwhentheriskoffraudishigh,theymustdemandstrongerevidenceComputererrorsshouldbeviewedasariskfactorDominantclientscanbeaproblemAuditorsneedtoknowwhatmotivatesmanagementAuditorsshouldnotassumeallpeoplearehonestWhenfraudriskindicatorsarediscovered,theymustbethoroughlyinvestigatedDiscusstheSecondCOSOReportReportoftheCommitteeofSponsoringOrganizationsoftheTreadwayCommission(COSO)identifiedmajorcharacteristicsofcompaniesthathadperpetratedfraud:Involvedsmallercompanies-under$200millioninrevenuesBoardofdirectorsdominatedbymanagementAuditcommitteesnon-existentorinactiveOverstatedrevenuesandcorrespondingassetsinoverhalfthefraudsMostrevenuefraudsinvolvedprematurerecognitionorfictitiousrevenuesNointernalauditdepartmentPerpetratedoverrelativelylong-terms(averageperiod2years)Companieswereinlosssituationsornearbreak-evenpriortothefraudCEOand/orCFOinvolvedin83%ofthecasesAuditorsrealizedtherearesignsthatfraudmightbetakingplaceandthatauditorswouldhavetoidentifyandinvestigatethesesignsDiscusstheSecondCOSOReport(Continued)ReviewAuditingStandardsonFraudSAS99,"FraudDetectioninaFinancialStatementAudit"issuedin2002RequiresauditorstosearchforriskfactorsrelatedtofraudIftheseriskfactorsarepresent,auditorneedstomodifyaudittoActivelysearchforfraudRequiremoresubstantiveauditevidenceInsomecases,assignforensic(fraud)auditorstotheengagementEmphasizestheneedforprofessionalskepticismReviewaProactiveApproachtoFraudDetection-PlanningtheAuditTheauditmustbeplannedtodetectmaterialmisstatements-whetherthemisstatementsareduetoerrorsorfraudTheauditormustUnderstandthebusinessUnderstandhowchangesintheeconomymightaffectthebusinessUnderstandmanagement'smotivationsforcommittingafraudIdentifyopportunitiesforotheremployeestocommitdefalcationAnalyzechangesincompany'sfinancialresultsforreasonablenessIdentifyareasthatmightsuggestfraudDiscussProactiveApproachtoFraudDetection-ConductingtheAuditOverviewoftheprocesstointegratefraudriskassessmentandfraudproceduresintotheauditincludestenmajorsteps:Understandthenatureoffraud,motivationstocommitfraud,andhowfraudmaybecommittedDevelopandimplementanapproachbasedonprofessionalskepticismBrainstormandshareknowledgewithintheauditteamObtaininformationusefulinidentifyingandassessingfraudriskIdentifyspecificfraudrisksandareaslikelytobeaffectedbyfraudEvaluatethequalityandeffectivenessofcompanycontrolsinmitigatingtheriskoffraudAdjustauditprocedurestoaddresstheriskoffraudandgatherevidencespecificallyrelatedtothepossibilityoffraudEvaluatefindings;ifevidencesignalsfraudmightexist,considerwhetherspecialistsareneededfortheauditteamCommunicatepossibilityoffraudtomanagementandauditcommitteeDocumentallstepsrelatedtofraudDiscussProactiveApproachtoFraudDetection-ConductingtheAuditWhatarethemotivationstocommitfraud?ResearchconsistentlyshowsthreefactorsassociatedwithfraudThesefactorsarereferredtoasthefraudtriangleIncentivesorpressurestocommitfraudOpportunitiestocommitfraudRationalizationofthefraudasacceptableReviewMotivationstoCommitFraud–IncentivesorPressuresThepressurestocommitfraudinclude:ManagementcompensationschemesPersonalwealthtiestofinancialresultsorsurvivalofthecompanyOtherfinancialpressurestoimproveearningsorthebalancesheetExample:toavoidviolatingdebtcovenantPersonalfactors,includingpersonalfinancialneedsDiscussMotivationstoCommitFraud–OpportunitiesWarningsignsindicatingopportunitiesforfraud:Weakornon-existentinternalcontrolsComplexorunstableorganizationalstructureIneffectivemonitoringofmanagement,eitherbecauseboardofdirectorsisnoteffective,ormanagementisdominantSignificantaccountingestimatesmadebymanagementSignificantrelatedpartytransactionsIndustrydominance,includingabilitytodictatetermstosuppliersorcustomersSimpletransactionsmadecomplexthroughdisjointedrecordingprocessComplexordifficulttounderstandtransactionsCommentonMotivationstoCommitFraud–RationalizationsThenatureoffraudrationalizationoftendiffersdependingonthetypeoffraudFordefalcations,rationalizationsoftenrevolvearoundpersonalissues:PersonalfinancialproblemsMistreatmentbythecompanySenseofentitlementEveryonedoesitForfraudulentfinancialreporting,therationalizationsmayinvolvepersonalororganizationalissues:Compensationbasedonfinancialresults(personal)Ego(personal)NecessaryfororganizationtosurviveWhatisthepurposeofauditteambrainstorming?SAS99requiresmembersoftheauditteamtodiscusstheriskofmaterialmisstatementduetofraudThisbrainstormingisdesignedto:AllowexperiencedauditorstoeducatelessexperiencedauditorsSettheproperlevelofprofessionalskepticismfortheauditTopicscoveredduringthebrainstormingshouldinclude:ConsiderhowfraudcanbeperpetratedandconcealedPresumefraudinrevenuerecognitionConsiderincentives,opportunities,andrationalizationforfraudConsiderindustryconditionsConsideroperatingcharacteristicsandfinancialstabilityAuditProceduresWhenthereisapossibilityoffraud,theauditorshouldconsiderthatevidencemightnotbewhatitseemsSAS99suggeststheauditorconsiderthefollowing:GreatersusceptibilityofevidencemanipulationGreaterskepticismofmanagementresponsesJournalentriesareimportantNewtechnologyprovidesnewwaystocommitfraudRecognitionthatcollusionmaybelikelyPredictabilityofauditproceduresAnalyticalproceduresshouldtietooperationalorindustrydataObtainingInformationaboutFraudRiskTheauditorshouldspecifyproceduresthatcouldsignalthepossibilityoffraudincludingMakinginquiresofmanagementandotherstoobtaintheirviewsabouttheriskandfraudandcontrolssetuptoaddressthoserisksPerformanalyticalproceduresandconsideranyunusualrelationshipsReviewriskfactorsidentifiedearlier(pressure,opportunity,rationalization)ReviewmanagementresponsestorecommendationsforcontrolimprovementsandinternalauditreportsWhataresomeanalyticalindicatorsoffraudrisk?Someofthekeyanalyticalfactorstheauditorshoulddevelopinclude:LargerevenueincreaseattheendoftheperiodSalesincreasingfasterthanindustrysaleswhichdon'tseemjustifiedUnusuallylargeincreaseingrossmarginLargenumberofsalesreturnsafteryear-endIncreaseinnumberofday'ssalesinreceivablesIncreaseinnumberofday'ssalesininventorySignificantincreaseindebt/equityratioCashfloworliquidityproblemsSignificantchangesinnon-financialperformancemeasuresIdentifyingRisksofFraudTheauditorshouldexamineeachofthefraudriskconditions-pressure,opportunity,rationalizationDuringthisexamination,theauditorshouldconsiderThetypeoffraudthatmightoccurThepotentialsignificanceofthefraudinbothquantitativeandqualitativetermsThelikelihoodoffraudoccurringThepervasivenessoftheriskthatfraudmightoccurSAS99requirestheauditorpresumethereareriskswithrevenuerecognitionandmanagementoverrideofinternalcontrolsRelateInternalControlandFraudRiskInternalcontrolweaknessesareastrongindicatoroffraudriskTheauditorwillexamineavarietyofcontrolareasincluding:CorporategovernanceManagementcontrolandinfluenceAuditcommitteeCorporatecultureInternalauditingMonitoringcontrolsWhistleblowingCodesofethicsRelatedpartytransactionsDevelopingaRevisedAuditPlanAuditorshoulddevelophypothesesabouthowfraudcouldbecommittedandconcealedTheauditteamshouldthendevelopandimplementauditproceduresthataredirectlyresponsivetothefraudrisksDependingonthehypothesizedfraudriskstheauditormaychangetheAuditproceduresinordertogatheradditionalcorroborativeand/ordirectevidenceTimingofauditproceduresStaffingoftheengagementtoincludemoreexperienceauditorsorspecialistsExtentofauditprocedures;examplesinclude:PerformingproceduresonasurpriseorunannouncedbasisRequiringinventoriesbecountedandobservedatyear-end(insteadofataninterimdate)MakingoralinquiriesofmajorcustomersandsuppliersPerforminganalyticsusingdisaggregateddataExaminingdetailsofmajorsalescontractsExaminingfinancialviabilityofcustomersExamining,indetail,reciprocalorsimilartransactionsbetweentwoentitiesDetailedexaminationofjournalentries,particularlythoseatyear-endDevelopingaRevisedAuditPlan(Continued)DiscussEvaluatingAuditEvidenceTheauditor'sskepticismshouldbeheightenedwheneverTherearediscrepanciesintheaccountingrecordsTheauditorfindsconflictingormissingevidentialmatterTherelationshipwithmanagementisstrainedTherearesignificantorunusualtransactionsaroundyear-endReviewCommunicatingtheExistenceofFraudFraudshouldbecommunicatedtoalevelatwhicheffectiveactioncanbetakenTheauditormustcommunicatetheexistenceoffraudtomanagement,theBoard,andtheauditcommitteeIffraudinvolvestopmanagement,theauditormustassesstheactionstakenbytheBoardIfsufficientactionsarenottaken,theauditormustconsiderthecontrolenvironmentandthepossibleneedtoresigntheengagementTheauditormustdeterminethatthefinancialstatementshavebeencorrectedandthefraudadequatelydisclosedIfthestatementsarenotcorrected,theauditorshouldissueaqualifiedoradverseopinionInsomecases,theauditormayberequiredtoreportthefraudtooutsideparties,suchastomeetregulatoryrequirementsForpubliccompanies,materialfraudreflectsaweaknessininternalcontrolsandmayneedbereportedReviewCommunicatingtheExistenceofFraudCommentonAuditDocumentationTheauditteamshoulddocumentthefullextentoftheprocessdescribedThatdocumentationshouldinclude:DiscussionamongauditteammembersincludingtheassessmentoffraudriskandhowsuchfraudsmighttakeplaceDiscussionofthefactorsthataffectedtheriskassessmentAuditproceduresperformedNeedforcorroboratingevidenceEvaluationofauditevidenceandcommunicationtorequiredpartiesDiscussCharacteristicsofFinancialReportingFraudsHistorically,therearepatternsinfinancialreportingfrauds:ComplexrevenuerecognitionschemesIncorrectbillingstothegovernmentHoldingthebooksopen(acceleratedrevenuerecognition)CapitalizingexpensesTheimplicationsforauditproceduresisclear:TheauditormustunderstandcomplextransactionstodeterminetheireconomicsubstanceTheauditorcannotbepressuredtocompletetheauditearly;theremustbesufficienttimetoexamineyear-endtransactionsTheauditormustusenecessaryprocedurestogathersufficientreliableevidenceincludingWhatarethecharacteristicsofdefalcations?ACFEreports90%ofdefalcationsinvolvetheftsofcash;remaining10%weretheftsofinventoryandotherassetsCashmisappropriationschemesinclude:Larceny:stealingcashafterithasbeenrecordedonthebooksSkimming:stealingcashbeforeitisrecordedonthebooksFraudulentdisbursementsMostcommon:70%ofdefalcationschemesBilling:setupfalsevendorsandpayforfictitiousgoodsPayroll:addfictitiousemployeestopayrollExpensereimbursement:submitoverstatedreimbursementrequestsChecktampering:altercheck,e.g.changepayeeoramountAuditProcedures&EvidenceConsiderationsTheproceduresusedbytheauditorshouldreflecttheinternalcontrolweaknessesandfraudriskindicatorsfoundwiththeclientLinkingAuditProcedurestoControlDeficienciesAuditproceduresusedarebasedonspecificcontroldeficienciesLinkageprocessfromcontroldeficienciestoauditprocedures:WhaterrorsorfraudcouldoccurbecauseofthecontroldeficienciesWhataccountbalanceswouldbeaffectedandhowWhatauditprocedureswouldprovideevidenceonwhethertheaccountbalanceismisstatedDotheauditproceduresprovideobjectiveevidenceindependentofthepartieswhohaveaccesstotheassetsExampleslistedinExhibit8.11ReviewLinkingAuditProcedurestoFraudRiskIndicatorsAswithcontroldeficiencies,auditprocedureswilldependonthefraudriskindicatorsandauditor'spreliminaryanalyticalreviewofaccountbalancesExistenceoffraudriskindicatorsshouldcausetheauditortoExpandaudittestingtomoredetailedsamplingReviewallmajorsalesPlacemoreemphasisonindependentoutsideevidencePerformmoreproceduresatyear-end(insteadofinterimtesting)ExampleslistedinExhibits8.12and8.13DiscussUsingComputerstoAnalyzethePossibilityofFraudAuditsoftwarecanreadafileandperformanumberofprocedurestoanalyzethepossibilityoffraud: