Audit Engagement Developments - CourseWebs

Audit Engagement Developments

Author: Steven Fustolo, CPA


1

This publication is designed to provide accurate and authoritative information in regard to the

subject matter covered. It is sold with the understanding that the author and sponsor are not

engaged in rendering legal, accounting, or other professional service. If legal advice or other

expert assistance is required, the services of a competent professional person should be sought-

- From a Declaration of Principles jointly adopted by a Committee of the American Bar

Association and a Committee of Publishers and Associations.

© Copyright 2012: Steven C. Fustolo, All rights reserved.

© Copyright 2012: AICPA Audit Risk Alerts: 2011, 2010, 2009, 2008, 2007, 2006, and 2005. All

rights reserved.

Copies of this document may not be made without expressed written permission from the author.


2

ABOUT THE AUTHOR

STEVEN C. FUSTOLO, CPA

Mr. Fustolo is a partner with the Boston CPA firm of James J. Fox & Company. He is a frequent

lecturer and author of numerous tax and accounting issues affecting closely held businesses. An

AICPA author, Mr. Fustolo’s articles are regularly featured in The Practical Accountant and other

publications. He is the author of Practice Issues: Compilation and Review, Accounting and Auditing

Reference Guide, Everything You Never Wanted to Know About GAAP, Enron: Fraud, Deception and

the Aftermath, FASB Review for Industry, Current Developments: Accounting and Financial

Reporting, Making Money with Special Engagements, Understanding the Variable Interest Entity

Rules, and FASB, SSARS and SAS Update and Review and numerous other books and manuals that

have been published by Practitioners Publishing Company (PPC) and Commerce Clearing House

(CCH). He is the recipient of several Outstanding Discussion Leader awards from many professional

organizations including the New York and Florida Societies of CPAs. Mr. Fustolo’s course entitled

FASB, SSARS and SAS Update and Review continues to receive accolades and is regarded as one of the

top live CPE programs in the country today with ratings that average 4.91 on a scale of 5.0. He speaks

regularly for professional groups including being a guest lecturer at the AICPA Advanced Accounting

and Auditing Technical Symposium. Mr. Fustolo is the recipient of the Elijah Watts Sells Award

(AICPA) and Silver Medal (Massachusetts) for scores received on the CPA Examination.


3


The latest developments affecting audit engagements are addressed in this course. Part of

planning an audit involves consideration of the business and economic environment in which

the client operates. Thus, auditors need to be aware of the various types of fraud that clients

and employees may be committing, especially in light of myriad lawsuits against auditors and

accountants. In addition to applying techniques to limit their liability to their clients and third

parties, auditors are confronting other major problems facing the accounting field, including

compliance with the Sarbanes-Oxley Act. The peer review comments and new auditing

statements provide further guidance on current issues. To deal with the volatility in the

business climate, auditors should focus their efforts in key areas and should take lessons from

litigation. Additionally, in this course, auditors will learn how to perform more efficient

engagements, assess going concerns, advise clients on insurance, audit lease agreements, and

lastly, a section on the issuance of SAS Nos. 122-125 as part of the ASB’s Clarity Project, and

much more.

Section 1:

After reading the Section 1 course material, you will be able to:

Identify the factors that an auditor may consider in assessing overall business risks

Explain specific risks that are important to the auditor

Explain the types of fraud and the three conditions in the fraud triangle

Discuss the primary types of fraudulent cash receipts and cash disbursements

List the symptoms of a high- and low-fraud environment and the specific signs of fraud

Understand the specific audit requirements that deal with fraud that are found in SAS No.

99

Section 2:


Discuss the specific recommendations made by the Chamber of Commerce to save the

audit profession

Explain the recommendations made by the Big Four report on how to change to global

financial reporting and public company audit procedures

List the AICPA’s top 10 technology issues affecting auditors

Identify the problems growing with Sarbanes including the significant costs, proposed

changes, and its specific impact on small businesses

Discuss the impact changes made by Dodd-Frank will have on auditors

Understand how new laws are driving a new profession of whistleblowers

List the key deficiencies found in peer review


4

Section 3:


Identify key areas in which an auditor should focus to deal with volatility in the business

climate

Compute the four working capital ratios on which an auditor should focus

List the common pitfalls that continue to expose accountants to loss in litigation

Identify the top ten actions to minimize the risk of being sued

Apply suggestions on how a firm can reduce time and increase audit efficiency in an audit

engagement

Identify factors that might raise doubt about an entity’s ability to continue as a going

concern

Understand provisions in a commercial lease that should be eliminated from the tenant’s

perspective

Discuss the auditors’ responsibility for subsequent events

List the requirements that should be followed in a reaudit engagement

Apply to requirements of SAS No. 84 in changing auditors

Understand the public’s perception of accountants and auditors.

Discuss the changes to auditors of service organizations made by SSAE No. 16

Section 4:


Review the major changes made to auditing standards by the issuance of SAS Nos. 122-

125.

Understand the new audit opinion

Learn about the new modified opinion rules

Identify special purpose financial statements

Use the new engagement letter and management representation letter

Understand the new rules for group audit engagements


5

Category: Auditing

Recommended CPE Hours: 16

Level of knowledge: Overview

Prerequisite: None

Advanced Preparation: None

Publication Date: March 31, 2012


6

How to use the Materials

You can review these materials on line and then use the Next and Previous buttons or you can print

the materials and read it in that format if you prefer.

There is also a Review/Feedback section(s) in the EBook that reviews the materials at the end of each

significant chapter. The Review/Feedback questions are not graded. They are simply included to assist

you in understanding the material better. The answers to the Review/Feedback sections are located in

the EBook- immediately following the questions. A copy of the exam is at the end of the EBook.

You may find it helpful to print out the paper exam which is located in the back of the EBook and

review it as you go through the course materials. The paper exam and the on-line exam have the

same questions. The advantage of using the online courseware is that your exam is graded instantly.

If you wish to go to the on-line exam go to http://takeexams.cpaselfstudy.com and login using the student id and password you created at your time of purchase. An alternative way to get to the exam is to go to cpaselfstudy.com and simply click on the Student Login icon located towards the top of the webpage and then login

http://takeexams.cpaselfstudy.com/


7


Table of Contents

Description Page

SECTION 1: Auditing Developments (Including the Audit Risk Alerts)

9

General Developments 9

Introduction 9

Implications of the Current Economic Environment 9

Status of the U.S. Economy in 2012 and Its Impact on Auditors 11

Review Questions and Suggested Solutions 32

Client and Employee Fraud 36

General 36

2010 Report to the Nations on Occupational Fraud and Abuse 37


Types of Fraud 53

Small Business Fraud 63

Evaluating an Entity’s Fraud Environment 69


Time Theft 79

Employee Background Checks and Credit Reports 80

The Auditor’s Role in Dealing with Fraud 81

Specific Fraud Issues 91

Anti-Fraud Measures 105

A Fraud Scorecard 109

Computer Crime and Theft 112

Integrity Survey 113

Correlation Between Bankruptcy and Fraud 115

The CFO Perspective on Their Outside Auditors and Fraud 116

Madoff and the Single Auditor Issue 116



130

Attempting to Limit Auditor’s Liability 130

The Viability of the Big Four 146

PCAOB Audit Rotation Proposal 151


Retaliation Against Auditors Who Issue Adverse Opinions 158

AICPA’s Top 10 Technology Issues-2011 158

Anti-Sarbanes-Oxley Continues After Ten Years 159

The Impact of Dodd-Frank on Auditors 183

Whistleblowing- The New Profession Acts Like to Oldest Profession 187


Peer Review 197


SSAE No. 16: Report on Controls at a Service Organization 218



8

SECTION 3: Accounting and Auditing in Volatile Times

231

Key Focus Areas for the Auditor 231


Lessons from Litigation 249


Efficient Engagements-Reduce Time, Make More Money Without Increasing Risk 273

Assessing Going Concern 281

The Risk of Vicarious Liability Among CPA Firm Alliance 283

Advising Clients on Insurance-Auditor’s Responsibility 288

Auditing Lease Agreements 290

Practice Issues Relating to Auditing 294

Reaudit Engagements 300

Effectively Using Dual Dating of Reports 301

Changing Auditors 302

Study on Public Perception of Accountants in Jury Trials 303


SECTION 4: The ASB’s Clarity Project

314

SAS Nos. 122-125 314

Introduction 314

New SASs With Substantive Changes 317

AU-C 250- Consideration of Laws and Regulations in an Audit of Financial

Statements

318


AU-C 265- Communicating Internal Control Related to Matters Identified in an Audit 325


AU-C-700- Forming an Opinion and Reporting on Financial Statements 331

AU-C 705- Modifications to the Opinion in the Independent Auditor’s Report 336


AU-C- 706- Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs in the

Independent Auditor’s Report

344


AU-C 600- Special Considerations- Audits of Group Financial Statements (Including

the Work of Component Auditors)

354

AU-C-800- Special Considerations- Audits of Financial Statements Prepared in

Accordance With Special Purpose Frameworks

363

AU-C 210- Terms of Engagement 380

AU-C 580- Written Representations 383


Other SASs Issued in the Clarity Project as Part of SAS Nos. 122-125 392

Glossary

394

Index 397

Exam 398


9

Auditing Developments (Including the Audit Risk Alerts)

SECTION 1:

General Developments

I. Introduction:

Throughout the audit process, auditors should consider overall engagement risk.

The three components of engagement risk are as follows:

Client business risk: The risk associated with the entity's survival and profitability.

Auditor’s audit risk: The risk that the auditor may unknowingly fail to appropriately modify

his or her opinion on financial statements that are materially misstated.

Auditor’s business risk: The risk of potential litigation costs from an alleged audit failure

and the risk of other costs such as fee realization and reputational effects from association

with the client.

II. Implications of the Current Economic Environment- Economic

Issues Peculiar to Auditors

In planning an audit, the auditor is required to comply with SAS No. 108, Planning and

Supervision.1 SAS No. 108 requires that the auditor establish an overall audit strategy and

develop an audit plan.

As part of its planning, an auditor must follow SAS No. 109, Understanding the Entity and Its

Environment and Assessing the Risks of Material Misstatement.2 SAS No. 109 requires an

auditor to perform risk assessment procedures to gather information and gain an understanding

of the entity and its environment, including its internal control.

Each industry is subject to specific business risks arising from the nature of the business.

Business risks arise from certain conditions, events and circumstances.

Factors that an auditor may consider in understanding the entity and its environment include:

1 Effective December 31, 2012, SAS No. 108 is replaced by AU-C 300, Planning an Audit.

2 Effective December 31, 2012, SAS No. 109 is replaced by AU-C 315, Understanding the Entity and Its Environment and

Assessing the Risks of Material Missatement.


10

1. Industry, regulatory, and other external factors, such as:

The market and competition

Cyclical or seasonal activity

Product technology

Supply availability and cost

Accounting principles and industry-specific practices

Legislation and regulation affecting the entity’s operations

General economic level

Interest rates, financial, inflation and currency revaluation issues

Relevant accounting pronouncements

The legal and political environment

General economic conditions

Competitive and technical conditions

Social conditions

2. Nature of the entity including:

Ownership

Entity’s operations

Governance

Financing sources and structure

Related party transactions

3. Objectives and strategies and related business risks

4. Measurement and review of the entity’s financial performance

5. Internal control, including the selection and application of accounting principles

Any of the above factors can affect several aspects of the audit including going concern, fraud,

internal control, use of accounting estimates, and analytical procedures, to name a few.

Although most risks eventually affect the financial statements, not all such risks result in

material misstatements to the financial statements. Consequently, the auditor is not responsible

for identifying or assessing all business risks.

The seeds are sewn during the good times!

The seeds of accounting and business problems that sprout during an economic downturn are

often planted during stronger economic times. Then, they are reversed during a downturn.

Given the flat economic climate, it is likely that clients laid the groundwork for accounting

issues five years ago during the last boon.


11

More specifically, during stronger times:

There is continued pressure on management to generate stronger financial results

commensurate with the stronger economy and stock market.

Management may enter into riskier business ventures during stronger economic times to

fuel continued expectations to improve performance.

Auditors may “let their guard down” during times of economic growth as there is

evidence that a company is doing well and the purported risk of business failure is

relatively low.

Businesses are more likely to set up “rainy day” funds such as inflating liabilities,

allowances and reserves beyond the amounts that are needed, with the plan to reverse

the excess amounts during a downturn.

In the following section, the author discusses several key business and economic conditions

that exist and are expected to exist through 2012 and into 2013.

1. Status of the U. S. economy in 2012 and its impact on auditors:

In general the U. S. economy is still flat, with some limited signs of recovery. Although there

is relatively low inflation and real interest rates, unemployment is still relatively high, hovering

around 8 to 8.5 percent. The real estate market is still in shambles and the capital markets have

not recovered. Consumer confidence is modest as Congress has passed trillions of dollars of

recovery funding over the past few years with little benefit to show for it.

Economic trends that auditors should be aware of include the following:

The real estate market, particularly in the residential housing sector, has not yet

bottomed out as foreclosures continue at a brisk pace.

The delinquency rate of subprime mortgages is still high, driving values in other real

estate downward.

Americans are carrying record levels of personal debt.

The reported unemployment rate continues at around 8 to 8.5 percent.

Although interest rates are still low, credit is difficult to obtain as banks are out of

balance on their capital structures, and underwriting is extensive.

There are a few positive signs that suggest certain segments of the economy are experiencing a

recovery despite the laggard overall economy:


12

The stock market has rebounded from a its low level in early 2009, and

There are signs that factory orders have increased in some industries.

Despite the fact that certain segments have rebounded, the inconsistency and volatility of the

overall economy continues to drive concern as investors are unwilling to make significant

investments in capital formation.

2. Specific accounting risks:

In this section, the author identifies certain accounting risks that are a byproduct of the existing

economy, some of which are noted in the previously issued AICPA’s Audit Risk Alert, as

modified by the author.

Risks of inadequate liquidity:

Some entities are more sensitive than others to negative changes in economic conditions,

which can lead to the risk of a going concern issue. In particular, companies that have

significant concentrations in major customers and suppliers are at the greatest risk. Although a

company may have experienced strong growth over the past few years, its major customers and

suppliers may not. The loss of a major customer or supplier could disrupt an otherwise

financially healthy client and, in some cases, result in its demise.

SAS No. 59, The Auditor's Consideration of an Entity's Ability to Continue as a Going

Concern3 provides guidance on evaluating the adequacy of going concern disclosure in

audited financial statements.

As a general rule, auditors should always be mindful about going concern. Factors they should

consider in every audit include:

Negative trends and recurring operating losses or working capital deficiencies

Financial difficulties such as loan defaults or denial of trade credit from suppliers

Concentrations such as reliance on one product line

Legal proceedings or loss of a principal supplier

Ability to obtain external financing, and

Reliance on external financing, rather than internally generated income, as a source of

cash.

Auditors may have to consider whether there is substantial doubt of an entity's ability to

continue as a going-concern for one year from the balance sheet date and whether the auditor

must seek factors that mitigate this fact.

3 Under the Auditing Standards Board’s Clarity Project, SAS No. 59 is expected to be replaced with a new standard

sometime in 2012.


13

Ratios to consider in evaluating liquidity

In assessing going concern, an auditor may wish to perform certain cash flow analyses to

assess an entity’s liquidity. Typically, assessing cash flow is more important than evaluating an

entity’s financial position or statement of income.

In particular, two cash flow ratios are effective in assessing liquidity:

Funds Flow Coverage (FFC) Ratio

EBITDA

= Funds Flow Coverage (FFC) Ratio Interest paid + tax-adjusted debt

repayments + tax-adjusted preferred

dividends

Cash Interest Coverage Ratio

Cash from operations + interest paid

= Cash Interest Coverage Ratio Interest paid

The cash interest coverage ratio should always be at least 1.0 resulting in the company having

enough cash to fund its interest.

Risks of collectibility of accounts receivable:

Currently, both consumers and businesses are carrying very high levels of debt that have

resulted in significant increases in business and personal bankruptcies. Receivables could

quickly deteriorate if the economic climate declines.

The quality of accounts receivable due from both domestic and foreign customers, including

the collectibility of amounts due and the adequacy of the allowance for doubtful accounts and

possible loan impairment should be reviewed. Even customers who are showing signs of

recovery may still have severe cash flow problems that may result in the inability to fund

payment of obligations due to their vendors.

Audit procedures with respect to receivables and, in particular, the adequacy of the allowance

for doubtful accounts, include the following:

1. Test the aging, including the reliability of the aging report, review past due accounts,

the client’s history of collecting past due balances, and customer files and credit reports.

2. Obtain publicly available information on major customers to determine their ability to

honor outstanding obligations of the company.


14

3. Investigate unusual credit limits or nonstandard payment terms given to customers.

4. Test the realization of receivables (e.g., subsequent collections).

5. Test to ensure that the cash payments credited to an accounts receivable account

actually came from that customer.

6. Perform analytical procedures such as:

Receivables turnover

Bad debts as a percentage of net credit sales

Allowance balance to accounts receivable

Number of days sales in receivables

7. Review revenue and receivables transactions and fluctuations after the balance sheet

date for sales returns and unusual items.

8. Review the collectibility of vendor financing given to customers.

9. Evaluate the reasonableness of the allowance for doubtful accounts by following the

guidance in SAS No. 57, Auditing Accounting Estimates.4

Review and test the process used by management to develop the estimate

Develop an independent expectation of the estimate to corroborate the

reasonableness of the estimate

Review subsequent events or transactions occurring before the completion of field

work, including returns, chargebacks, and payments by customers, and

Perform a retrospective review (as required by SAS No. 99) of the allowance

balance last year by comparing that allowance balance estimate to the actual bad

debt writeoffs after year-end.

Note: SAS No. 99 requires an auditor to perform a retrospective review of significant

estimates to determine whether there was management bias in establishing those

estimates. In performing the retrospective review, the auditor compares the prior

year’s estimate to the actual outcome related to that estimate. For example, in

performing a retrospective review of an allowance for doubtful accounts, the auditor

would compare the prior year’s allowance balance (the estimate) to the actual bad debt

writeoffs recorded after year end. In doing so, the auditor can determine the degree of

4 Effective December 31, 2012, SAS No. 57 is replaced by AU-C 540, Auditing Accounting Estimates, Including Fair

Value Accounting Estimates and Related Disclosures.


15

accuracy used in establishing the prior year’s estimate and whether there was

management bias in establishing that prior year’s estimate. Information about the

results of the prior year will assist the auditor in assessing the current year’s estimate.

Risks of inventory writedowns and obsolescence:

In recent years as a whole, companies have efficiently lowered their inventory levels as

demand for their products decreased. Some still have excess inventories that have been held for

a long period of time leading to the question of whether such inventories are salable or

obsolete, requiring a writedown to lower of cost or market value. In addition, if the economy

does slow down, even typically high turnover items may become slow moving.

In auditing companies with significant inventories, auditors should consider the following:

1. An unusual increase in inventory balances, reduced turnover, increased backlog and a

deterioration in the aging of inventories may be signs that there is excess inventory on

hand.

2. Reduced prices and profit margins may cause inventories to be valued over market

value.

3. Idle capacity at a manufacturing facility may result in an overcapitalization of overhead

and a valuation in excess of market value.

4. Certain factors may lead to obsolescence of existing inventory such as:

There may be changes in the product design.

A competitor may introduce a newer, more advanced version of a product.

New products promoted by the industry may have features that are superior to those

of the company’s existing products.

Lower-priced imports may affect the value of existing inventories.

Specific auditing procedures should be performed to determine if inventories are properly

valued and to identify slow moving, excess or obsolete inventories. Suggestions of effective

audit procedures are noted below.

1. Specific auditing procedures to determine if inventories are properly valued include

reviewing:

Product sales trends and expected future demand

Sales forecasts for products in comparison to industry demand

Anticipated technological changes that could affect the value of inventories

New product lines planned by management and the effect of those lines on

existing inventories


16

New product announcements by competitors

Economic conditions in markets in which the products are sold

The impact of changes in the regulatory environment on demand for the products

Changes in raw materials prime costs that might affect the pricing of the finished

goods inventories

Pricing trends of products

Changes in the standards used by the industry to value inventories

2. Specific auditing procedures that can be performed to identify slow-moving, excess,

or obsolete inventories include:

Examine and test the inventory turnover, by product, by comparing sales volume

with inventory balances

Review industry trends

Tour the facility to inspect inventories that appear to be obsolete or damaged

Ask personnel about items that may be obsolete

Review sales cancellations and returns after year end

If significant obsolete inventories exist, it may be appropriate to include the matter in the

management representation letter.

Note: ASC 330, Inventory (formerly FASB No. 151), amended guidance for inventory cost

capitalization found in ARB No. 43, Chapter 4, Inventory Pricing. ASC 330 made two changes

to ARB No. 43. First, it requires that abnormal amounts of idle facility expense, freight,

handling costs, and wasted materials (spoilage) be recognized as current period charges and not

capitalized as part of production overhead. Normal amounts of idle facility expense, freight,

handling costs, and wasted materials (spoilage) continue to be capitalized as part of overhead.

The second change is that fixed production overhead should be allocated to inventories based

on normal capacity of the production facilities. Normal capacity is the production expected to

be achieved over a number of periods or seasons under normal circumstances, taking into

account the loss of capacity resulting from planned maintenance. Variable production

overheads continue to be allocated to each unit of production based on actual use of the

production facilities (e.g., actual production volume).

A key change made by ASC 330 is that it requires companies to capitalize fixed overhead

using the greater of normal capacity or actual production in the denominator. In making this

change, the FASB eliminates the risk during an economic downturn, that a company could

overcapitalize fixed overhead by allocating overhead using a lower actual production level.

Risk of impairment of assets:

ASC 360, Property, Plant and Equipment (formerly included FASB No. 144), and ASC 350,

Intangibles-Goodwill and Other (formerly FASB No. 142), encompass the impairment rules


17

for long-lived assets. Specifically, ASC 360 applies to fixed assets, real estate, and intangible

assets with finite lives, and requires a company to test such assets for impairment if factors

indicate an impairment may exist. On the other hand, ASC 350 applies to the impairment of

goodwill and intangible assets with indefinite lives, and requires that an annual test for

impairment be performed regardless of the conditions that exist.

Regardless of the trend in the economic cycle, there is the risk that long-lived assets can be

impaired. For example, regardless of whether demand expands or contracts, there is still the

concern that long-lived assets such as equipment may become impaired due to technological

obsolescence.

In addition to equipment, an auditor should focus on the risk that real estate values have

declined due to numerous factors including an overall building glut (supply exceeds demand)

and a slight uptick in interest rates. The result is that companies may have real estate that is

impaired and needs to be tested for that impairment.

Specifically, ASC 360 states that an impairment loss exists when the carrying amount of real

estate or other long-lived assets exceeds its fair value.

Real estate is tested whenever events or changes in circumstances indicate that its carrying

amount may not be recoverable. Examples of events and changes in circumstances that might

warrant a test include:

Significant decline in the market price of the real estate or similar real estate

Continued decline in rental rates and increased vacancies

Failure to meet debt service on a regular basis

Change in the use of the property

Known environmental contamination

Legal changes such as rent control or use restrictions

Auditors should consider whether ASC 360 applies if any of the above factors are present.

Risk of investment writedowns:

ASC 320, Debt and Equity Securities (formerly FASB No. 115) deals with the accounting for

securities. ASC 320 places securities into three categories as follows:

1. Debt securities held-to-maturity: Debt securities that management plans to hold until

maturity.

2. Trading securities: Both debt and equity securities that are bought and held for the

purpose of selling them in the near term (generally within one year).


18

3. Available-for-sale securities: Both debt and equity securities that are not categorized as

either held-to-maturity or trading securities, are automatically categorized as available-

for-sale. In this category, management has essentially not decided what it plans to do

with the securities.

The following table summarizes the accounting treatment for investments.

--------------------------Securities------------------------ Non-securities

Debt securities

held to maturity

Trading

securities

Available for

sale securities

All non-security

investments

Type Debt Debt and

equity

Debt and equity Debt and equity

Intent Hold to maturity Sell in the near

term

Undecided Not applicable

Record at Cost Fair value Fair value Cost

Unrealized

gains or losses

Not applicable Presented on

income

statement

Presented in

stockholders’

equity, net of tax

Not applicable

Balance sheet

classification

(current vs.

long-term)

Based on maturity

date

Current even if

sale is expected

beyond one

year

Based on

management’s

intent at year end

Current or non-

current based on

management’s

intent

Other than

temporary

losses

Investment written down and unrealized loss is recognized

An auditor should be aware of several important accounting issues related to the accounting for

investments:

1. Unrealized losses on equity securities: There is the risk that equity security values may

decline in value, resulting in unrealized losses having to be recorded in accordance with

ASC 320 (formerly FASB No. 115). Management may attempt to classify such investments

as available for sale, so that unrealized losses will be presented as part of stockholders’

equity. ASC 320 has strict rules precluding management from shifting between investment

categories except in rare instances.

2. Accounting for held-to-maturity investments: In accordance with ASC 320, an entity must

classify securities into one of three categories: a) held-to-maturity, b) trading, and c)

available for sale. Held-to-maturity securities are recorded at amortized cost, and include

those debt securities that management has the positive intent and ability to hold to maturity.

a. When debt securities decline in value, management may take steps to avoid having to

record the unrealized losses on the income statement. One way is to classify debt

securities as held to maturity so that the investment is recorded at carrying value and the

loss is not recorded. Such an investment may have previously been recorded as


19

available for sale thereby requiring management to change the classification of the

investment.

ASC 320 provides a list of changes in circumstances that shall not be considered to be

inconsistent with the original intent of holding the security to maturity. That is, an entity

may change the classification to held-to-maturity.

3. Other than temporary losses: Companies may be holding equity or debt investments

(publicly or non-publicly held), that have significant unrealized losses. Some of the losses

have recovered, while others have not. The accounting for these investments depends on

numerous factors including whether the investments are securities (publicly held), and the

intent of management.

Existing GAAP generally assumes that investments will fluctuate over time and, therefore,

unrealized gains and losses may reverse. However, there are instances in which an

investment has an unrealized loss that management believes will not reverse. That is, the

loss is other-than-temporary and is not likely to recover over time. In such instances,

GAAP provides an overall rule requiring the unrealized loss to become realized and

recognized on the income statement.

Risk of manipulation of estimates and accruals:

It is common for management to use estimates as a means to manage earnings. So called

“rainy-day” or “cookie-jar” funds are used to set aside extra reserves to be reversed to income

when needed in future periods.

Auditors should be aware of the risks associated with management’s use of overly aggressive

estimates; that is, those estimates that may either under- or over-state earnings. Because

estimates are subjective and may be correct within a range, auditors should be able to ascertain

as to whether management’s estimates are reasonable within an acceptable range. Of particular

concern should be changes in estimates that are not supported by reasonable assumptions.

In auditing estimates, an auditor should do the following:

1. Follow the guidance of SAS No. 57, Auditing Accounting Estimates, which provides that in

auditing estimates, the auditor should:

Identify the circumstances that require the estimate

Consider internal control related to developing the estimate

Evaluate the reasonableness of the estimate by reviewing and testing the process

used and the assumptions made, and


20

Perform an independent expectation of the estimate.

2. There should be a preponderance of information to support each significant assumption.

The weight of available evidence supports the assumption. In evaluating the assumptions,

an auditor’s consideration should be given as to whether:

The sufficiency of the sources of information about the assumptions has been

considered

The assumptions are consistent with the sources from which they were obtained

The assumptions are consistent with each other and with management’s plans

The information used to develop the assumptions is reliable, and

The logical arguments or theory considered as a whole, are reasonable.

3. Changes in estimates may be acceptable if such a change is supported by real economic

facts. Changes that are not supported by the underlying economics of the business are

inappropriate.

4. Unrealistic pension and other postretirement and postemployment plan assumptions:

Assumptions used to measure pension, postretirement and post-employment liabilities

must be evaluated including discount rates, participation rates, and other factors that

affect the liabilities.

5. Auditors should consider the effects of post-balance-sheet events on the estimation process.

Such events may require adjustment or disclosure in the financial statements.

6. Auditor should comply with the requirements of SAS No. 99, Consideration of Fraud in a

Financial Statement Audit,5 by performing a review of significant estimates for

management bias:

a. The auditor should consider whether there are differences between the best

supported estimates and the estimates included by management in the financial

statements that suggest a possible bias.

b. The auditor also should perform a retrospective review of significant accounting

estimates reflected in the financial statements of the prior year to determine whether

5 Effective December 31, 2012, SAS No. 99 is replaced by AU-C 240, Consideration of Fraud in a Financial Statement

Audit.


21

management judgments and assumptions relating to the estimates indicate a possible

bias on the part of management.

Certain estimates likely will be subject to performance of a retrospective review,

including:

Allowance for uncollectible accounts

Reserve for obsolete inventory

Accruals for post-employment and post-retirement benefit obligations

Contingency liabilities and those related to environmental remediation

obligations

Risk of improper revenue recognition:

Revenue recognition continues to head the list of areas subject to fraudulent financial

reporting. In particular, many frauds have focused on the premature recognition of revenue,

such as in the case of several software vendors who have prematurely recognized revenue to

satisfy revenue targets. Common approaches used to prematurely recognize revenue range

from recognizing revenue before it is earned, to actually falsifying sales that do not exist.

According to various sources, revenue recognition issues account for approximately 50 percent

of all financial statement frauds. Some of the more important revenue issues include the

following:

1. Recognition of revenue prematurely such as:

“Channel stuffing” (shipping inventory in excess of orders, or giving customers incen-

tives to purchase more goods than they need in exchange for future discounts or other

benefits)

Reporting revenue after goods are ordered but before they are shipped

Reporting revenue when significant services have not been performed

Improper use of the percentage-of-completion method, and

Improper year-end cutoff procedures.

2. Recognition of revenue that has not been earned including:

Recognizing revenue on bill and hold transactions, consignment sales, sales subject to

contingencies, and those with the right to return goods, sales coupled with purchase

discounts or credits, and other side agreements.


22

3. Reporting sales to fictitious or nonexistent customers

4. Sales to related parties in excess of market value

5. Recognizing transactions at fair value that relate to exchanges of non-monetary assets that

should be accounted for at carrying value

6. Reporting peripheral or incidental transactions, such as nonrecurring gains6

In addition to traditional revenue manipulation strategies, there are numerous methods that a

company can use to recognize revenue, subject to certain limitations, including:

Traditional sales method

Percentage completion method

Completed contract method

Installment sales method

Thus, it is clear that there are simply too many variations in both methods and applications

related to such a key financial statement item such as revenue.

Multiple-element arrangements

Many sales transactions have multiple elements or deliverables, each with its own delivery date

and performance requirements. For example, the sale of an appliance may include three

deliverables bundled under one contract: the sale of the appliance itself, installation, and a

warranty contract. Because most multiple element sales arrangements are bundled together

under one contract with one aggregated price for all deliverables, there are challenges as to

how to allocate the sales price among the deliverables and when to recognize each portion of

revenue related to a particular deliverable.

ASC 605-25, Revenue Recognition-Multiple Element Arrangements (formerly EITF 08-1),

provides guidance on how to account for such multiple deliverable arrangements.

Because multiple deliverable arrangements are complex and subject to manipulation, auditors

must be familiar with the ASC requirements. In particular, auditors must be able to test such

arrangements to make sure:

Revenue is not misallocated to those deliverables that are performed first, thereby

resulting in the premature recognition of revenue, and

Revenue allocated to a particular deliverable is not recognized prior to performance of

all activities required to earn that revenue.

6 Financial Statement Fraud, Integrity of Financial Information Continue to Be Burner Issues (AICPA)


23

Note: The FASB currently has a revenue recognition project that will address multiple element

arrangements.

Risk of having underfunded pension plans:

Many companies with defined benefit pension plans are experiencing a major challenge in that

they have significant underfunded pension plans. These plans have actuarial liabilities that

exceed the fair value of the assets in the plans. Under the ERISA rules, these companies must

continue to fund these plans, thereby requiring sizeable amounts of cash paid now to fund

future retirees. More specifically, the Pension Benefit Guaranty Corporation (PBGC) is facing

growing deficits due to the continued failings of pension plans.

Reasons for the current pension plan deficiencies include:

Stock market values have declined over the past few years even though there was a

recovery in 2011 into 2012.

Interest rates have declined resulting in companies having to calculate higher pension

liabilities as pension liabilities are discounted at lower interest rates.

Higher pension obligations and lower fair value of assets together have created the

current pension deficiencies.

Companies with unfunded pension liabilities face certain repercussions from such deficiencies

in that:

Companies can have a cash flow crunch from having to fund the unfunded liabilities to

satisfy legal ERISA requirements.

Under ASC 715, Defined Benefit Plans (formerly FASB No. 158), an entity that

sponsors one or more defined benefit plans is required to record the funded status of a

benefit plan, measured as the difference between the fair value of plan assets and the

benefit obligation, in its balance sheet.

If the fair value of the plan assets is less than the benefit obligation, the company must

record an additional liability with the debit offset to accumulated other comprehensive

income (part of stockholders’ equity). The combination debit to stockholders’ equity

and credit to a liability account may result in violations of loan covenants, including

debt-equity ratios being out of formula.

Management must continue to monitor and change the key assumptions used to measure

pension benefit obligations, returns on assets, and periodic pension cost, to reflect changes in

the economy. The primary actuarial assumptions used include:


24

Discount rates

Participation rates

Factors affecting the amount and timing of future benefit payments

In addition, if activity within the existing plan has a material effect on the company’s liquidity,

capital resources, or results of operations, the activity must be discussed in the MD&A for SEC

companies.

The impact of the PPA of 2006:

Congress passed the Pension Protection Act of 2006 (PPA or Act) which expanded and

improved defined benefit plans such as 401(k) plans, and strengthens the federal pension

insurance program.

Management and its auditors should understand its general provisions that include:

An increase in premiums for underfunded plans and for termination of plans

A requirement for accurate measurement and reporting of benefit obligation liabilities

A prohibition against employers promising additional benefits to employees until they

are actually funded, and

A prohibition against deferral of contributions to under-funded plans.

Auditor concerns:

Auditors of companies with defined benefit plans must consider the following auditing

procedures in connection with the plan:

When auditing estimates, the auditor should give close attention to the underlying

assumptions used by management and the risk that aggressive assumptions may

understate the pension liability.

When there are significant underfunded pension plans, the auditor should consider

whether the company has a going concern problem.

Risk of understated expenses:

Management may be motivated to understate expenses to hide losses or sub-par profits.

Methods that can be used to understate expenses include:


25

Capitalizing expenses that provide no future benefit, and

Understating accounts payable at year end.

History has shown that management can beat the auditors by understating or hiding expenses a

little at a time over several periods.

Audit procedures that should be employed to test for under-recorded expenses include:

Search for unrecorded liabilities through examination of post-balance sheet transactions

Confirm payable balances with major vendors, and

Examine transactions involving the capitalization of assets to ensure that those assets

provide future benefits.

Risk of internal control issues and the impact of staffing shortages:

Typically one of the first departments to be trimmed is the accounting workforce, resulting in

companies running their operations at less than optimal staffing levels. Sizeable layoffs can

adversely affect the effectiveness of an entity’s internal control for several reasons:

Employees who are overloaded with work may not have the time to properly complete

the necessary tasks, resulting in errors being performed.

With less staff, there is the greater likelihood that there is a weakness in the segregation

of duties.

The overworking of employees can result in lower employee morale.

Layoffs of MIS personnel may have an adverse effect on the entity’s ability to initiate,

process, or record its transactions, or maintain the integrity of the information system.

Changes to the control environment may alter the control effectiveness and possibly

result in a material control weakness.

With weakened internal control, poor segregation of duties, and lower employee morale

due to layoffs and staff reductions, there is greater opportunity for fraud to be

committed.

In performing its review of internal control, an auditor must assess the likelihood that a

purported internal control system is defective and breached due to a lack of adequate staffing.

In particular, emphasis should be placed on weaknesses in key financial and accounting

positions and the lack of an appropriate separation of duties.


26

Risk of outsourcing of certain functions:

U.S. businesses continue to outsource segments of their operations as a means to reduce costs

and improve the quality of their business processes. Markets receiving the most U.S.

outsourcing include China, Thailand, India, Vietnam, and Mexico, although China has been

losing business to the less expensive Cambodia and Laos.

With increasing employee benefit costs, many companies have no choice but to outsource to

remain competitive within the U. S. market. In fact, one survey suggests that the decision to

outsource is being driven more by significant increases in benefit costs and not labor costs.

All segments of U.S. businesses are susceptible to outsourcing with predominate areas most

prone including accounting, human resources, procurement, claims processing, customer

service, R&D, manufacturing and other functions. In fact, if you call the customer support

department for a software company, odds are that you will be speaking with a person in India

rather than the United States.

If a client uses a service organization, transactions that affect the user organization’s financial

statements are subject to controls that are both physically and operationally apart from the user

organization. With the expansion of outsourcing comes certain risks that the auditor should

consider including:

There is less control of business functions, resulting in weaker internal control and

security over the system.

Training at the entity handling the outsourced work may be inadequate.

Privacy of customer financial information and other data may be compromised thereby

exposing the user organization to liability.

Management’s and auditors’ understanding and assessment of internal control may need

to reflect controls located at the service organization’s location at which it does the

work.

As a result, the user organization may not be able to administer the internal controls of the

service organization. Consequently, in planning the audit of the service organization, the

auditor may be required to gain an understanding of the internal control at the service

organization that may affect the user organization’s financial statements. Part of that

understanding is to assess the significance of the service organization’s controls to the user

organization’s internal control. If the user auditor determines that the service organization’s

controls are significant as compared with the user organization’s internal control, the user

auditor should gain a sufficient understanding of the service organization’s controls to plan the

audit.

Factors that may affect the significance of the service organization’s controls include:


27

The nature and materiality of the transactions or accounts affected by the service

organization, and

The degree of interaction between internal control at the user organization and the

service organization’s controls.

If a user organization outsources a significant process to a service organization, and the user

organization is unable to, or elects not to, implement effective internal control over the

processes performed by the service organization (e.g., there is a low degree of interaction), the

auditor will need to obtain an understanding of the internal controls of the service organization

that affect those transactions. That understanding can be obtained in one of two ways:

1. The service auditor can document its understanding of the internal control of the service

organization as it relates to the outsourced transactions, or

2. The user auditor can obtain a service auditor’s report, which documents the service

organization’s internal controls.

If, instead, the process outsourced is insignificant or the user organization has implemented an

effective internal control over the service organization’s processes related to the outsourced

transactions, the user auditor is not required to obtain an understanding of the service

organization’s internal controls. Instead, the user auditor’s responsibility is limited to

understanding the user organization’s internal controls over the processes performed by the

service organization.

SAS No. 70, Service Organizations, as amended by SAS No. 88, addresses the auditing issues

related to the audits of financial statements of an entity (the user organization) that obtains

services from another organization (the service organization). The ASB has finalized a

statement that replaces SAS No. 70 under its clarification project. The replacement statement,

AU-C 402, entitled, Audit Considerations Relating to an Entity Using a Service Organization,

expands how a user auditor audits the financial statements of a user entity, The new statement

is effective for audits of financial statements for periods ending on or after December 15,

2012.

Further, in 2011, the ASB issued SSAE No. 16, Reporting on Controls at a Service

Organization, which provides guidance to service auditors who audit service organizations.

SSAE No. 16 removes the requirements found in SAS No. 70 that relate to a service auditor’s

audit of a service organization, and places them in the attestation standards as SSAE No. 16.

SSAE No. 16 is addressed further on in this course.

Risk of misapplication of accounting issues related to mergers and acquisitions:

Auditors should become familiar with some of the accounting and auditing issues related to

mergers and acquisitions (business combinations).


28

GAAP for M&A: ASC 805: Business Combinations (ASC 805) (formerly FASB No. 141R)

replaced previously issued FASB No. 141 with respect to business combinations. ASC 805

requires use of the acquisition method of accounting for dealing with business combinations.

The pooling method was eliminated under the previously issued FASB No. 141. Goodwill and

other intangible assets should be recognized in a business combination. Once recorded,

intangible assets are accounted for under ASC 350, Intangibles- Goodwill and Other (formerly

FASB No. 142).

The key change in ASC 805 that auditors need to be familiar with is that ASC 805 changes

from a cost approach to measure a business combination to a fair value of assets and liabilities

approach. Under this approach, the assets and liabilities of a business combination are recorded

at fair value even if it differs from the cost of the transaction. If the collective net fair value of

assets and liabilities exceeds their cost, a gain is recorded on the income statement for the

bargain purchase discount. This means there is greater risk that companies will attempt to

inflate the fair value of net assets so that they create an income statement gain at the time of

recording a business combination.

Target entity weaknesses in internal control: Just prior to being acquired, a target entity may

trim administrative expenses by eliminating positions and functions. In doing so, there may be

greater risk of deficiencies in internal control at the date the acquisition is consummated.

Auditors should consider such deficiencies when evaluating internal control and assessing

control risk.

Greater risk of fraud during a merger: There is a heightened risk that employees will commit

fraud when entities merge for several reasons, such as:

There are typically breakdowns in internal control, a lack of segregation of duties, and

reduction in supervision, that provide an opportunity for employees to commit fraud.

Certain employees may be bitter after the merger, providing the rationalization to

commit fraud.

Distorting financial performance during the pre-merger period: Sometimes the entity

acquiring another entity may try to manipulate the financial performance of the target entity

during the pre-acquisition period. If a target shows a poor financial performance prior to the

acquisition, management will find it easier to report improved performance after the

acquisition with the resulting spike in reported earnings and stock price. The practice is

commonly referred to as “spring-loading.”

Auditors should be aware of ways in which entities may attempt to apply spring-loading tactics

such as:

1. Writing down investments and fixed assets


29

2. Accelerating the purchased company’s payment of payables

3. Inflating reserves and allowances including:

Reserves for merger costs

Reserves for inventory obsolescence

Pension allowances

Restructuring reserves

Reserves for workers’ compensation and medical insurance

Reserves for plant closings and employee terminations

Allowance for doubtful accounts on receivables

Some of the above tactics may not necessarily violate GAAP, while others do involve the

deliberate inflation of reserves and allowances in direct violation of GAAP.

Concern over compliance with Sarbanes-Oxley Act: A public company may encounter a

challenge from the SEC if it acquires a non-public entity that has not complied with Sarbanes-

Oxley. For example, the non-public entity may not have the necessary internal controls in place

at the time of acquisition.

Risk of information system attacks and internal control:

Corporations are experiencing rising attacks on corporate information technology systems

consisting of viruses, Distributed Denial of Service (DDoS), worms, zombie spam, and other

attacks. There is no indication that these attacks are likely to decline in the future. An auditor

should focus on a client’s internal control over its IT systems in assessing internal control. In

many cases, management needs to improve its IT security system.

In performing his or her audit, an auditor should consider performing the following procedures:

1. An auditor should assess whether the company has taken steps to protect against:

Inadvertent disclosure of sensitive information to unauthorized parties

Computer or transmission disruption

Hackers and viruses

Electronic frauds

2. An auditor should consider using Computer-Assisted Audit Techniques (CAATs).

3. The auditor may want to test control features that deny unauthorized individuals from

being able to authorize or initiate a transaction or to change information already in the

system.

Risk of improper recording of restructuring charges:


30

Entities are constantly undergoing restructurings and some may be inclined to increase their

liabilities to establish a “rainy day fund” for future periods. Restructuring costs may be

incurred in connection with a consolidation, move, relocation, business combination or change

in a strategic plan.

Authority for accounting for certain costs associated with exiting an activity, including

termination costs, is found in ASC 420, Exit of Disposal Cost Obligations (formerly FASB No.

146).

Under ASC 420, costs associated with an exit activity include, but are not limited to:

Termination benefits

Costs to terminate a lease

Costs to consolidate facilities or relocate employees

The general rules of ASC 420 state that a liability for a cost associated with an exit or disposal

activity shall be recognized and measured initially at its fair value in the period in which the

liability is incurred. Fair value is the amount at which the liability could be settled in a current

transaction between willing parties other than in a forced liquidation. If the fair value cannot

be reasonably estimated, the liability is recognized when it can be reasonably estimated.

ASC 420 defines termination benefits as one-time termination benefits and occurs when all of

the following criteria have been met:

Management, having the authority to approve the action, commits to a plan of

termination.

The plan identifies the number of employees to be terminated, their job classifications or

functions and their locations, and expected completion date.

The plan establishes the terms of the benefit arrangement, including the benefits that

employees will receive upon termination (including cash payments) in sufficient detail to

enable employees to determine the type and amount of benefits they will receive if they

are involuntarily terminated.

Actions required to complete the plan indicate that it is unlikely that significant changes

to the plan will be made or that the plan will be withdrawn.

If employees are not required to render service until they are terminated in order to receive

termination benefits, or if employees will not be retained to render service beyond the

minimum retention period, a liability for the termination benefits shall be recognized and

measured at its fair value at the communication date.


31

If employees are required to render service until they are terminated in order to receive the

termination benefits and will be retained to render service beyond the minimum retention

period, a liability for the termination benefits shall be measured initially at the communication

date based on the fair value of the liability as of the termination date.

The liability is recognized ratably over the future service period.

Any change from a revision to either the timing or amount of estimated cash flows over

the future service period shall be measured using the credit-adjusted risk-free rate that

was used to measure the liability initially. The cumulative effect of the change shall be

recognized as an adjustment to the liability in the period of change.

Present value is appropriate to determine fair value.

Example 1: A company plans to cease operations in a particular location and determines that it

no longer needs the 100 employees that currently work in that location. The entity notifies the

employees that they will be terminated immediately. Each employee will receive as a

termination benefit a cash payment of $6,000.

Conclusion: Because the employees are not required to render service beyond their

termination date in order to receive their termination benefits, a liability shall be recognized

and measured at the fair value at the communication date. In this case, the amount is $600,000

($6,000 x 100 employees).

Auditors should be aware of how to account for restructuring charges and the risks associated

with over- and under-valuing the liabilities associated with those charges.


32

REVIEW QUESTIONS

Under the NASBA-AICPA self-study standards, self-study sponsors are required to present

review questions intermittently throughout each self-study course. Additionally, feedback must

be given to the course participant in the form of answers to the review questions and the reason

why answers are correct or incorrect.

To obtain the maximum benefit from this course, we recommend that you complete each of the

following questions, and then compare your answers with the solutions that immediately

follow. These questions and related suggested solutions are not part of the final examination

and will not be graded by the sponsor.

1. What component of engagement risk is associated with the entity’s survival and

profitability?

a. Auditor’s audit risk

b. Auditor’s business risk

c. Client audit risk

d. Client business risk

2. Which of the following actions is required by SAS No. 99:

a. Establish an independent expectation of an estimate

b. Complete a retrospective review of significant estimates

c. Review and test management’s process used to develop an estimate

d. Review subsequent events and transactions

3. What factor may lead to obsolescence of existing inventory:

a. Changes in product design

b. Idle capacity

c. Reduced prices and profit margins

d. Reduced turnover

4. ASC 330, Inventory, (formerly FASB No. 151), made what change to ARB No. 43, Chapter

4:

a. Abnormal amounts of idle facility expense, freight, handling costs, and waste materials

(spoilage) are recognized as current period charges

b. Normal amounts of idle facility expense, freight, handling costs, and waste materials

(spoilage) are recognized as current period charges

c. Fixed production overhead is allocated to each unit of production based on actual

facility usage

d. Companies must capitalize fixed overhead using the greater of actual production or

normal capacity in the numerator


33

5. The Pension Protection Act of 2006:

a. Expands and improves defined benefit plans

b. Prohibits contributions to under-funded plans from being deferred

c. Requires an entity that sponsors one or more defined benefit plans to record the funded

status of a benefit plan in its balance sheet

d. Requires employers to promise additional benefits to employees regardless of whether

they are actually funded

6 Which of the following is a method that can be used to understate expenses?

a. channel stuffing

b. report peripheral or incidental transactions

c. set aside extra reserves to be reversed to income in future periods

d. understate accounts payable at the end of the year

7. How can sizeable layoffs adversely influence the effectiveness of an entity’s internal

control?

a. customers’ financial information may be compromised

b. there is less opportunity for fraud to be committed

c. training becomes inadequate

d. an expanded work overload may result in more errors


34

SUGGESTED SOLUTIONS

1. What component of engagement risk is associated with the entity’s survival and

profitability:

a. Incorrect. Auditor’s audit risk is the risk that the auditor may unknowingly fail to

appropriately modify his or her opinion on financial statements that are materially

misstated.

b. Incorrect. Auditor’s business risk is the risk of potential litigation costs from an alleged

audit failure and the risk of other costs such as fee realization and reputational effects

from association with the client.

c. Incorrect. Engagement risk consists of client business risk, auditor’s audit risk, and

auditor’s business risk. Client audit risk is not part of engagement risk.

d. Correct. Client business risk is the risk associated with the entity’s survival and

profitability.

2. Which of the following actions is required by SAS No. 99:

a. Incorrect. The requirement to establish an independent expectation of an estimate is

found in SAS No. 57, Auditing Accounting Estimates. SAS No. 57 requires that audit

procedures include developing an independent expectation of an estimate to corroborate

the reasonableness of the estimate.

b. Correct. SAS No. 99 requires an auditor to perform a retrospective review of

significant estimates to determine whether there was management bias in

establishing those estimates. In performing the retrospective review, the auditor

compares the prior year’s estimate to the actual outcome related to that estimate.

c. Incorrect. SAS No. 57, Auditing Accounting Estimates, not SAS No. 99, requires that an

auditor review and test the process used by management to develop the estimate.

d. Incorrect. SAS No. 57, Auditing Accounting Estimates, states that audit procedures must

include reviewing subsequent events or transactions occurring before the completion of

field work. This requirement is not found in SAS No. 99 which deals with certain

procedures related to fraud.

3. What factor may lead to obsolescence of existing inventory:

a. Correct. A factor that may lead to obsolescence of existing inventory is change in

the product design that may lead to a revised product that has limited demand in

the marketplace.

b. Incorrect. Idle capacity at a manufacturing facility may result in an overcapitalization of

overhead and a valuation in excess of market value, but does not result in obsolescence.

c. Incorrect. Reduced prices and profit margins may cause inventories to be valued over

market value, but does not lead to obsolescence.

d. Incorrect. An unusual increase in inventory balances, reduced turnover, increased

backlog and a deterioration in the aging of inventories may be signs that there is excess

inventory on hand but not that it is necessarily obsolete.


35

4. ASC 330, Inventory, (formerly FASB No. 151), made what change to ARB No. 43,

Chapter 4:

a. Correct. ASC 330 requires that abnormal amounts of idle facility expense, freight,

handling costs, and waste materials (spoilage) be recognized as current period

charges and not capitalized as part of production overhead.

b. Incorrect. Capitalizing normal amounts of idle facility expense, freight, handling costs,

and waste materials (spoilage) is not a new change under ASC 330.

c. Incorrect. A change made by ASC 330 is that fixed production overhead is allocated to

inventories based on the production facilities’ normal capacity.

d. Incorrect. A key change made by ASC 330 is that it requires companies to capitalize

fixed overhead using the greater of normal capacity or actual production in the

denominator, not the numerator.

5. The Pension Protection Act of 2006:

a. Incorrect. In 2006, Congress passed the Pension Protection Act of 2006 which expands

and improves defined contribution plans (such as 401(k) plans) and not defined benefit

plans, and strengthens the federal pension insurance program.

b. Correct. A key provision of the Act is that it includes the prohibition against

contributions to under-funded plans from being deferred.

c. Incorrect. ASC 715, Defined Benefit Plans (formerly FASB No. 158), not the PPA

2006, requires an entity that sponsors one or more defined benefit plans to record the

funded status of a benefit plan, measured as the difference between the fair value of plan

assets and the benefit obligation, in its balance sheet.

d. Incorrect. PPA 2006 prohibits employers from promising additional benefits to

employees until they are actually funded.

6. Which of the following is a method that can be used to understate expenses?

a. Incorrect. Channel stuffing is a method to recognize revenue prematurely, not

understate expenses.

b. Incorrect. Reporting peripheral or incidental transactions, such as nonrecurring gains, is

one way that companies may recognize revenue that has not been earned.

c. Incorrect. Extra reserves overstate expenses in year one. Ultimately expenses are

understate if an when the reserves are reversed in subsequent years.

d. Correct. Understating accounts payable results in understated expenses.

7. How can sizeable layoffs adversely affect the effectiveness of an entity’s internal control?

a. Incorrect. Outsourcing could affect privacy of customer financial information and other

data, but not layoffs.

b. Incorrect. There is greater opportunity for fraud, not less, due to weakened internal

control, poor segregation of duties, and lower employee morale from layoffs and staff

reductions.

c. Incorrect. There is no correlation between training and layoffs.

d. Correct. Employees who are overloaded with work may not have the time to

properly complete the necessary tasks, resulting in errors being performed.


36

III. Client and Employee Fraud

1. General

Regardless of whether the U. S. economy is in a growth phase or a recession, there continues to

be a record number of frauds being committed either in the form of fraudulent financial

reporting cases involving management, or misappropriation of assets (theft) involving

employees. As management continues to have pressure to produce earnings to satisfy its

shareholders and other third parties, fraudulent financial reporting has flourished. Similarly,

employee fraud continues to victimize all industries and companies, regardless of whether in

the public or nonpublic sectors. Employees use fraud as a means to solve their personal

financial pressures from being strapped with record amounts of personal debt and to reimburse

themselves for allegedly being overworked in understaffed businesses.

Although the recent cases of fraudulent financial reporting are not as public as Enron, they are

just as pervasive. Examples where management has committed fraud include erroneous

adjustments made to financial statements, overstated sales and accounts receivable, fabricated

inventories and misapplication of generally accepted accounting principles. There have also

been cases of side agreements made in which management modified the terms and conditions

of billings as a means to conceal overstated sales. Then, of course, there are the high profile

cases of Enron, WorldCom and others, that involved use of off-balance sheet entities and

overly aggressive capitalization policies.

The reality is that fraud occurs all of the time, regardless of the economy's cycle, and is

committed for many different reasons. For example, because of strong economic times, a

company may be more inclined to be overly optimistic in connection with earnings estimates.

When those estimates do not materialize, management may attempt to artificially inflate

earnings.

What we also know is that there is a direct correlation between the tone that management sets

at the top of the organization, and the degree of fraud that is committed. Consider the

conclusion of the Report of the National Commission on Fraudulent Financial Reporting:

"The tone set by top management- the corporate environment or culture within

which financial reporting occurs, is the most important factor contributing to

the integrity of the financial reporting process......if the tone set by

management is lax, fraudulent financial reporting is more likely to occur."

With respect to SEC companies, companies continue to employ several practices to manage

earnings.

Here are the ways in which managed earnings occur:


37

Restructuring charges are accelerated or overstated to understate net income.

Major components of acquisition costs are expensed such as research and development.

Reserves and allowances are established for a rainy day in years where earnings exceed

expectations.

There are misapplications of accounting principles.

There is early recognition of revenue.

2. 2010 Report to the Nations on Occupational Fraud and Abuse

In 2010, the Association of Certified Fraud Examiners, issued it bi-annual report entitled 2010

Report to the Nations on Occupational Fraud and Abuse. This report follows similar reports

issued by the Association in 1996, 2002, 2004, 2006 and 2008. Although the previous reports

focused on fraud within the United States, the 2010 Report represents the first global fraud

survey.

Although numerous other reports on fraud have been issued in recent years, this 2010 Report is

particularly important for two reasons. First, it represents the first global fraud survey while the

previous reports focused on United States fraud only. Further, the 2010 report represents the

fourth report issued since the passage of Sarbanes-Oxley, thereby offering a series of reports

that can follow trends in the post-Sarbanes environment.

The study was based on 1,843 cases of occupational fraud Occurring in more than 100

countries, with more than 43 percent took place in the United States.

Once key observation noted within the 2010 Report was that the patterns of fraud seemed to operate

similarly whether it occurs in Europe, Asia, South America or the United States.

Before looking at the Report, the author asks that the reader take a quick fraud quizzer by

answering the following questions:

FRAUD QUIZ: (answers are at the end of the quiz)

1. Which of the following is the most frequent way in which fraud is detected?

a. Tip hotline

b. External audit

c. Internal audit

d. By chance


38

2. Most fraudsters ___________________.

a. Have a criminal record

b. Have no criminal record

c. Have bad credit and behavioral problems

d. Have both criminal records and bad credit

3. Which of the following is a key behavioral characteristic of a fraudster?

a. Living beyond one’s means

b. Instability

c. Complaining about lack of authority

d. Past legal problems

4. Which of the following is the most common type of asset misappropriation (theft) in a

company?

a. Billing schemes

b. Expense reimbursements

c. Skimming

d. Payroll schemes

5. Who commits more frauds?

a. Male

b. Female

c. Either male or female as the percentages are the same

d. Male or female dog

6. Which of the following is the profile of the typical fraudster?

a. Lower paid male or female employee

b. Male, age 20-25, uneducated, with a short-term tenure at the company

c. Male, age 41-50, college-educated, with a tenure of one to five years or more.

d. Female, age 30-35, uneducated, divorced, with a tenure of more than 10 years.

ANSWERS:

1. a

2. b

3. a

4. a

5. a

6. c


39

Now let’s look at the report entitled 2010 Report to the Nations on Occupational Fraud and

Abuse.

Details published in the 2010 Report follow:7

a. The term occupational fraud encompasses three categories of fraud:

Misappropriation of assets (theft): Involving the theft or misuse of an organization’s

assets, such as skimming revenues, stealing inventory, or payroll fraud.

Fraudulent financial reporting: Falsifying an entity’s financial statements, such as

overstating revenues and understating expenses and liabilities.

Corruption: Wrongfully using influence in a business transaction to procure some

benefit for the fraudster or others, contrary to their duties to their employer or the rights

of another. Example: Kickbacks, and engaging in conflicts of interest.

Note: SAS No. 99 has only two categories of fraud, consisting of misappropriation of

assets and fraudulent financial reporting. Corruption falls into either category depending on

whether the corruption leads to theft of assets or fraudulent financial reporting.

b. The typical Global organization loses 5 percent of its annual revenues to fraud which

translates into approximately $2.9 trillion in total losses for the entire global economy.

1) Total losses for U. S. organizations were estimated at $994 billion.8

c. There continues to be the fact that occupational frauds were much more likely to be

detected by a confidential reporting mechanism being in place (tip or employee hotline)

than from other sources such as internal or external auditors, internal controls, etc:

1) More than 50 percent of frauds committed by owners and executives were detected by

a confidential reporting mechanism (e.g., hotline, tip, etc.).

2) Fraud detection increases significantly if hotlines are made available to both third

parties and employees.

3) All companies are encouraged to include third-parties in confidential reporting (tip)

mechanisms, along with employees.

7 Certain statistics are based on the 2008 ACFE Report as this information was not published in the 2010 Report.

8 The U. S. losses are based on the 2008 ACFE Report as this information was not published in the 2010 Report.


40

d. Small businesses suffer disproportionately large losses from occupational fraud:

1) Median cost of losses by small businesses (fewer than 100 employees) was $150,000,

which was much higher than the median loss by all but the very largest entities

($84,000).

2) Small businesses generally do a poor job of proactively detecting fraud.

e. The amount of fraud loss incurred is directly related to the position of the fraud perpetrator.

1) The median loss of frauds committed by owners and executives was $723,000, which

was more than three times the losses from managers, and 9 times greater than those

committed by employees.

f. Companies were less likely to take legal action against owners and executives who

perpetrate fraud, than they were against managers and employees.

g. Criminal and employment background checks may be helpful in making informed hiring

decisions but generally will not detect fraud perpetrators:

1) Most frauds are committed by otherwise apparently honest employees.

2) Most fraud perpetrators were first-time criminal offenders and had never been

terminated from previous employment.

h. The most effective type of background check on employees is a credit check:

1) There is a direct correlation between employee behavior and the commitment of fraud,

with a high correlation between personal financial difficulties and perpetrating fraud.

2) 45% of the fraud cases involved an employee who was either living beyond his or her

means or having other financial difficulties.

3) Only 23% of the companies who were victims of fraud conducted credit checks of their

employees.

i. The most effective way to deal with fraud is to take actions to prevent it:

1) Few organizations fully recover their losses from fraud.

2) The median loss recovery was only 20 percent of the original loss.

3) Almost 40 percent of victim organizations recovered nothing from the loss.


41

j. A large percentage of fraud schemes involving misappropriation of assets (theft) were

committed by someone either in the accounting department or upper management:

22% of the cases were committed by employees in the accounting department.

14% were committed by upper management or executive-level employees.

14% were committed by the sales department.

k. More than 88% of the frauds were committed by individuals in one of six departments:

Accounting

Operations

Sales

Executive/upper management

Customer service

l. More than 85% of fraudsters had never been previously charged or convicted of a fraud-

related offense.

Following are details from the 2010 ACFE Report:

Fraudulent by Type of Organization

2010

Company type

% cases

Median

loss

Private companies 42% $231,000

Public companies 32% 200,000

Government 16% 100,000

Not-for-profits 10% 90,000

Fraudulent by Type of Organization

2010

Number of employees

% cases

Median

loss

<100 (small cap) 31% $150,000

100- 999 22% 150,000

1,000- 9,999 26% 60,000

10,000 plus 21% 84,000

Smaller companies continue to be the largest group of victims of fraud

and incur the highest median loss.


42

Median Duration of Time of Fraud Until Detected

# months

Employee 13

Manager 18

Owner 24

Frauds by Method

2010

%

cases

Median loss

Asset misappropriation (theft) 90% $100,000

Corruption schemes 22% 175,000

Fraudulent financial statements 5% 1,730,000

Categories of fraudulent cash disbursements noted in the Report include:

1. Billing schemes: Employee submits invoices for payment by the organization that is for

fictitious goods or services, inflated amounts, or for personal purchases.

2. Check tampering: Employee or other perpetrator converts an organization’s funds by

forging or altering a check on one of the organization’s bank accounts, or steals a check

that was issued to another payee.

3. Expense reimbursement schemes: Employee makes a false claim for reimbursement of

fictitious or inflated business expenses.

4. Payroll schemes: Employee has the victim organization issue payment for false

compensation or to a fictitious employee.

5. Register disbursement schemes: Employee makes false entries on a cash register to

conceal the fraudulent removal of currency.

6. Cash on hand misappropriations: Employee fraudulently voids a sale on the cash

register and steals cash.


43

Methods of Fraud: Small Businesses vs. All Business Cases

(Small Business = < 100 Employees)

% of small

business

% of

all cases

Corruption

26% 22%

Asset misappropriations

Skimming 22% 16%

Cash larceny 12% 10%

Billing schemes 29% 27%

Check tampering 26% 17%

Expense reimbursements 17% 15%

Payroll schemes 13% 11%

Cash register disbursement schemes 2% 3%

Cash on hand misappropriations 15% 12%

Non-cash misappropriations including

inventory theft

15% 16%

Fraudulent financial statements 6% 4%

Asset Misappropriations - By Type

% of all

cases

Median

loss

Involving Cash Receipts

Skimming 15% $60,000

Cash larceny 10% 100,000

Involving Fraudulent cash disbursements

Billing schemes 26% 129,000

Check tampering 13% 131,000

Expense reimbursements 15% 33,000

Payroll schemes 9% 72,000

Cash register disbursement schemes 3% 23,000

Cash on hand misappropriations 13% 23,000

Involving non-cash assets:


inventory theft

16% 90,000


44

Type of Fraud by Department

Accounting

department

Operations

department

Sales

department

Executives/

Upper

mgmt

Customer

service

department

Corruption

10% 31% 34% 49% 22%

Asset misappropriations

Skimming 18% 15% 16% 14% 19%

Cash larceny 16% 9% 9% 12% 9%

Billing schemes 31% 22% 14% 41% 8%

Check tampering 33% 11% 4% 14% 8%

Expense

reimbursements

11% 16% 16% 30% 3%

Payroll schemes 16% 9% 2% 16% 1%

Cash register

disbursement schemes

2% 9% 8% 1% 8%

Cash on hand

misappropriations

13% 13% 9% 13% 18%

Non-cash

misappropriations

including inventory

theft

6% 15% 24% 18% 18%

Fraudulent financial

statements

4% 3% 4% 14% 2%

Ranking of Controls Most Effective in Detecting or Limiting Financial

Statement Fraud Schemes

Action

Ranking in

effectiveness

Reward whistleblowers 1

Internal audit/fraud dept 2

Fraud hotline 3

Surprise audit 4

Mandatory job rotation/vacations 5

Audit of FS 6

Management review of IC 7

Audit of internal control 8


45

Primary Weakness that Existed During the Fraud % cases

Lack of internal controls 38%

Override of existing controls 19%

Lack of management review 18%

Poor tone at the top 8%

Lack of competent personnel in oversight role 7%

Lack of independent audit/ checks 5%

Initial Method of Fraud Detection

% cases

Tips (whistleblowing) from all sources 38%

Management review 17%

Internal audit 14%

By accident 9%

Account reconciliation 6%

Document examination 6%

External audit 4%

Internal controls 1%

Observation: The number of fraud cases detected by an external audit was only 4% in the

2010 Report while it was 9% in 2008. This fact supports the conclusion that it is difficult for

an external auditor to detect fraud based solely on the audit procedures performed. In countries

other than the United States, the primary method of detection was tips, which represented close

to 50% of those cases, as compared with only about 38% of the U. S. cases.

Source of Tips

% cases

Tip from employees 49%

Tip from customer 18%

Anonymous tip 13%

Tip from vendor 12%

Other 8%

Internal Controls Modified After the Fraud

% cases

Increased segregation of duties 61%

Enhanced management review 51%

Surprise audits 23%

Fraud training 16%

Job/rotation/ mandatory vacations 14%

Internal audit 12%

Anti-fraud policy 12%

Had external audits 9%


46

Anti-Fraud Measures in Place at the

Time Fraud was Committed

< 100

employees

100 +

employees

External audit 52% 88%

Code of conduct 41% 83%

Internal audit 30% 83%

External audit of internal control (Section 404) 29% 73%

Management certification of financial statements 32% 71%

Independent audit committee 23% 67%

Management review 31% 64%

Anonymous hotline- whistleblowing 15% 64%

Fraud training for managers/executives 16% 53%

Fraud training for employees 13% 51%

Surprise audits 11% 36%

Job rotation 6% 18%

Note: A key distinction in the types of anti-fraud measures found in larger versus

smaller companies is the use of an employee hotline. 64 percent of larger companies

had employee hotlines to report fraud, while only 15 percent of smaller companies had

a hotline.

Initial Method of Detection of Fraud-

Private Companies

< 100

employees

100 +

employees

Tips (whistleblowing) from all sources 33% 43%

Management review 15% 16%

Internal audit 8% 16%

By accident 12% 6%

Account reconciliation 9% 5%

Document examination 8% 4%

External audit 7% 3%

Note: Tips have less of an effect on detecting fraud in private companies. Further, a

higher percentage of frauds in private companies are detected by accident. Lastly, it is

obvious that the external audit provides little assistance in detecting fraud as

evidenced by such a low percentage (3% and 7%, respectively) of detecting for all

companies.


47

Median Loss Reduction Based on Existence of Anti-Fraud Controls

Control in effect

% cases

implemented

control

Median

fraud loss

with control

in effect

Median

fraud loss

without

control in

effect

%

reduction

Tip hotline/whistleblowing 49% $100,000 $245,000 59%

Employee support programs 45% 100,000 244,000 59%

Surprise audits 29% $97,000 $200,000 52%

Fraud training for

managers/executives

42% 100,000 200,000 50%

Fraud training for employees 40% 100,000 200,000 50%

Job rotation/mandatory vacation 15% 100,000 188,000 47%

Code of Conduct 70% 140,000 262,000 47%

Management review of IC 53% 120,000 200,000 40%

Anti-fraud policy 39% 120,000 200,000 40%

External audit of ICOFR 59% 140,000 215,000 35%

Internal Audit 66% 145,000 209,000 31%

Independent audit committee 53% 140,000 200,000 30%

External audit of FS 76% 150,000 200,000 25%

Management certification of FS 59% 150,000 200,000 25%

Rewards to whistleblowers 7% 119,000 155,000 23%

The most effective anti-fraud controls include surprise audits, job rotation/mandatory vacations,

employee support programs, and use of a tip hotline, all four of which resulted in a reduction in the

median loss of 60% or more.

Position of Fraud Perpetrator

Position

2010

% cases Median loss

Owner/executive 16% $723,000

Manager 42% 200,000

Employee 42% 80,000


48

Correlation Between Perpetrator’s Tenure,

Frequency, and Median Fraud Loss

Tenure

%

cases

Median

fraud loss

Less than one year 6% $47,000

1-5 years 46% 114,000

6-10 years 23% 231,000

> 10 years 25% 289,000

Note: There is a direct correlation between the tenure of the perpetrator and

the amount of fraud loss. The correlation is likely to be the result of 1) the

perpetrator being in a higher level of authority and 2) the employee having a

greater degree of trust with his/her superiors and co-workers.

Frequency and Median Loss of Fraud Based on Gender of Perpetrator

Gender

2010

% of

cases

Median

loss

Male 67% $232,000

Female 33% 100,000

Note: One would think that there would be a shift in the number of fraud cases

from the male to the female gender as more women rise to higher positions of

authority. In fact, the opposite result occurred from 2008 to 2010. In 2008, 59%

of fraud cases involved men with a median loss of $250,000, while 41% of the

cases involved women with a median loss of $110,000. In 2010, the percentage

of men increased to 67% while the percentage of women declined to 33%. The

median loss was about the same for each sex.

Frequency and Median Loss of Fraud Based on Age of Perpetrator

Age

2010

% of

cases

Median

loss

> 60 2% $974,000

51-60 15% 375,000

41-50 33% 268,000

36-40 19% 127,000

31-35 16% 120,000

26-30 10% 60,000

<26 5% 15,000


49

Effect of Education on Frequency and Median Loss

Education

2010

% of

cases

Median

Loss

Postgraduate 14% $300,000

Bachelor degree/ some college 56% 203,000

High school or less 30% 100,000

Note: The previous charts, collectively suggest that the factors of a perpetrator most highly

correlated with committing fraud are income, tenure, gender and age. The profile of a person

most likely to perpetrate fraud is this: a male, age 41-50, college-educated, with a company

tenure of one to five years or more.

Perpetrator’s Department

% cases

Median

loss

Accounting 22% $190,000

Executive/upper management 14% 829,000

Operations 18% 105,000

Sales 14% 95,000

Customer service 7% 46,000

Finance 4% 450,000

Purchasing 6% 500,000

Marketing/PR 2% 248,000

Board of directors 1% 800,000

Perpetrators’ Criminal Histories % cases

Had never been charged or convicted of a crime 86%

Had prior convictions 7%

Charged but not convicted 7%

Perpetrators’ Employment Histories % cases

Had never been punished or terminated 82%

Had previously been punished 10%

Previously terminated 8%


50

Behavioral Red Flags Present During Fraud Scheme- United States

Behavioral red flag: % cases

Living beyond means 45%

Financial difficulties 44%

“Wheeler-dealer” attitude 20%

Control issues, unwillingness to share duties 23%

Divorce/family problems 23%

Unusual close association with vendor/customer 16%

Irritability, suspiciousness, defensiveness 15%

Addiction problems 14%

Past legal problems 9%

Past employment related problems 10%

Complaining about inadequate pay 7%

Refusal to take vacations 8%

Excessive pressure from within organization 6%

Instability 6%

Excessive family/peer pressure for success 5%

Complaining about lack of authority 4%

Note: Signs of a fraud perpetrator include an employee who is under financial

pressure by living beyond his/her means or having other financial difficulties,

among other signs.

Types of Background Checks % cases

Employment history check 51%

Criminal check 39%

Credit check 23%

Note: Companies continue to perform the wrong kind of checks consisting of

employment and criminal checks. The Study shows that most perpetrators had

not been terminated previously nor did they have a criminal record. Instead, the

greatest correlation of behavior and committing fraud is that many of the

fraudsters were under personal financial stress which may be uncovered by

doing a credit check. Conducting a credit check is the least common check that is

done by companies of their employees, but perhaps, the most effective.


51

REVIEW QUESTIONS









1. What category of fraud consists of wrongfully using influence in a business transaction to

procure some benefit for the fraudster or others, contrary to their duties to their employer or

the rights of another?

a. corruption

b. fraudulent financial reporting

c. misappropriation of assets

d. payroll schemes

2. According to the 2010 Report to the Nation on Occupational Fraud and Abuse, what

category of fraudulent cash disbursements involves the employee submitting invoices for

payment by the organization that are for fictitious goods or services, inflated amounts, or

for personal purchases:

a. billing schemes

b. check tampering

c. expense reimbursement schemes

d. register disbursement schemes

3. In the 2010 Report to the Nation on Occupational Fraud and Abuse, it was reported that

the external auditor initially detected fraud in ______ of the cases.

a. 14%

b. 4%

c. 17%

d. 38%


52

SUGGESTED SOLUTIONS

1. What category of fraud consists of wrongfully using influence in a business transaction to

procure some benefit for the fraudster or others, contrary to their duties to their employer or

the rights of another?

a. Correct. Corruption is defined as the wrongful use of influence in a business

transaction to procure a benefit for the fraudster or others, contrary to their duties

to their employer or the rights of another.

b. Incorrect. Fraudulent financial reporting is falsifying an entity’s financial statements,

such as overstating revenues and understating expenses and liabilities.

c. Incorrect. Misappropriation of assets (theft) involves the theft or misuse of an

organization’s assets, such as skimming revenues, stealing inventory, or payroll fraud.

d. Incorrect. Payroll schemes is a category of fraudulent cash disbursements, which falls

under the category of cash misappropriation.

2. According to the 2010 Report to the Nation on Occupational Fraud and Abuse, what

category of fraudulent cash disbursements involves the employee submitting invoices for

payment by the organization that are for fictitious goods or services, inflated amounts, or

for personal purchases:

a. Correct. Billing schemes involve the employee submitting invoices for payment by

the organization that is for fictitious goods or services, inflated amounts, or for

personal purchases.

b. Incorrect. Check tampering involves an employee or other perpetrator converting an

organization’s funds by forging or altering a check on one of the organization’s bank

accounts or by stealing a check that was issued to another payee.

c. Incorrect. Expense reimbursement schemes involve an employee making a false claim

for reimbursement of fictitious or inflated business expenses.

d. Incorrect. Register disbursement schemes involve an employee making false entries on

a cash register to conceal the fraudulent removal of currency.

3. In the 2010 Report to the Nation on Occupational Fraud and Abuse, it was reported that the

external auditor initially detected fraud in ______ of the cases.

a. Incorrect. In 14% of the cases, the fraud was detected through internal audit, not

external audit, making the answer incorrect.

b. Correct. Only in 4% of the cases did the external auditor initially detect the fraud.

This fact supports the conclusion that it is difficult for an external auditor to detect

fraud based solely on the audit procedures performed.

c. Incorrect. In 17% of the cases, the fraud was detected by management review, and not

the external audit, making the answer incorrect.

d. Incorrect. In 38% of the cases, fraud was detected by a tip, and not by external audit,

making the answer incorrect.


53

3. Types of Fraud

Fraud is a legal concept that expands well beyond the responsibilities of auditors. An auditor

is only responsible for material misstatements to the financial statements, whether caused by

error or fraud. Thus, an auditor is not responsible for immaterial fraud, that is, fraud that has

no material impact on the financial statements.

What differentiates fraud from an error is intent. Fraud is an intentional misstatement, while an

error is unintentional.

Fraud = Intentional Misstatement

Error = Unintentional Misstatement

SAS No. 99 defines “fraud” as:

“An intentional act that results in a material misstatement in financial statements

that are the subject to an audit.”

Effective December 21, 2012, AU-C 240, Consideration of Fraud in a Financial Statement

Audit, replaces SAS No. 99 and changes the definition of fraud to the following:

“An intentional act by one or more individuals among management, those

charged with governance, employees, or third parties, involving the use of

deception that results in a misstatement in financial statements that are the

subject of an audit.”

Other than change the definition of fraud, AU-C 240 does not make any substantive changes to

SAS No. 99.

Observation: Intent may be difficult to determine, particularly in situations involving

accounting estimates or use of accounting principles. For example, is the use of an

unreasonable estimate or aggressive accounting principle intentional or simply poor judgment?

Technically, the auditor is not concerned about intent. The key in the end is whether there is a

material misstatement in the financial statements, regardless of whether it was done

intentionally (fraud) or unintentionally (an error). Yet, if a material misstatement is deemed to

be intentional, instead of an isolated unintentional error, this information should enhance the

auditor’s professional skepticism to the fact that other intentional misstatements might exist.

There are two types of misstatements due to fraud:

Fraudulent financial reporting (“cooking the books”)

Misappropriation of assets (theft or defalcation)


54

Note: In recent years, there have been a significant number of highly publicized cases of

alleged or actual management fraud. Reasons for fraud depend on the type of fraud involved.

Fraudulent financial reporting is likely to be performed by higher-level management who has a

stake in altering the financial statement results. Alternatively, misappropriation of assets (e.g.,

theft) can be performed at all levels from the lowest employment position to the highest.

Statistically, 80% of all fraud involves the misappropriation of assets, while only 20% consists

of fraudulent financial reporting. Regarding employee theft, reasons for committing the crime

vary from employee revenge for corporate restructurings, to changes in technology making it

easier to conceal fraud.

Conditions needed for fraud - the fraud triangle:

Three conditions usually are present when a fraud occurs. These three conditions are

commonly referred to by fraud examiners as the fraud triangle.

1. Incentive or Pressure: Management or other employees have an incentive or are under

pressure (financial or otherwise), which provides a reason to commit fraud.

2. Opportunity: Circumstances exist, such as the absence of controls, ineffective controls,

or the ability of management to override controls, that provide an opportunity for a

fraud to be perpetrated.

3. Rationalization or attitude: Individuals involved in the fraud are able to rationalize

committing the fraud. Some individuals possess an attitude, character, or set of ethical

values that allow them to knowingly and intentionally commit a dishonest act.

Fraud Triangle

Incentive or

Pressure

Opportunity

(poor

internal

controls)

Rationalization

or Attitude

FRAUD


55

Although the three conditions of the fraud triangle are typically present in a perpetration of a

fraud, there are circumstances when only one, or even two of the conditions may be present.

Examples:

1. An employee who is under personal financial pressure and is able to rationalize

committing a fraud, is able to perpetrate a fraud even though there is a strong system of

internal control. The employee used a narrow breach in the system of internal control.

2. A company that has a poor system of internal control is victimized by an employee

fraud. The employee, who has no incentive/pressure to commit the fraud and appears

not to possess a rationalization/attitude to commit a fraud, perpetrates a fraud because

he or she is tempted by his or her ability to commit the fraud within a poor system of

internal control.

3. A manager/owner has an incentive/pressure to achieve a certain income level to avoid

triggering a loan default, where there is no indication of the presence of the other two

conditions.

The three conditions of fraud need to be considered in light of the size, complexity and

ownership attributes of the entity.

For example a larger entity might have controls that constrain improper conduct by

management including:

Existence of an audit committee

Use of an internal audit function

Existence and enforcement of a formal code of conduct

Conversely, a smaller, usually closely held entity will not have any of the same constraints

placed on the management of a larger entity, as noted above. Rarely is an audit committee or

internal audit function in use. Moreover, a formal code of conduct is not only non-existent, but

also may be discouraged for stifling the entrepreneurial environment. Instead of having formal

controls, a smaller entity might have other attributes such as developing a culture that

emphasizes integrity and ethical behavior.

In such situations, the auditor should be careful not to be fooled into a sense of security.

Notes: An otherwise honest individual can still commit fraud in an environment that imposes

sufficient pressure on him or her. The greater the incentive or pressure, the more likely an

individual will be able to rationalize the acceptability of committing fraud.

Although all three conditions of the fraud triangle may help contribute to the perpetration of

fraud, the most important condition is opportunity. Where there is incentive and rationalization

to commit a fraud, such a fraud cannot occur unless the system of internal control allows it to


56

happen. The number one reason why fraud occurs is due to poor internal controls9, thus

creating the opportunity for it to occur.

The fraud triangle in the 2012 economic climate:

The 2012 economic climate is ripe for fraud in that the three conditions of the fraud triangle

exist in many organizations.

Incentive or pressure: Today there is tremendous incentive and pressure to commit fraud. In

particular, high layoffs coupled with the pressure for organizations to achieve more output with

fewer staff, creates pressure on employees. Along with the incentive and pressure on the job,

those same employees may feel personal pressure from high levels of personal debt and

defaulted mortgages.

Opportunity: With smaller accounting and other staffs, clearly internal business environments

may provide the opportunity for employees and management to commit fraud.

Rationalization or attitude: It is easier for an employee to rationalize the perpetration of a

fraud when he or she is being squeezed inside as well as outside the organization. Pressure to

increase earnings means the employee is performing extraordinary efforts for the benefit of the

shareholders with little to trickle down to the employees. Moreover, with the elimination of

bonuses and contributions to retirement plans within some organizations, employees feel

betrayed and can more easily justify committing a fraud.

a. Fraudulent financial reporting:

Fraudulent financial reporting involves the intentional misstatements or omissions of amounts

or disclosures in financial statements designed to deceive financial statement users where the

effect causes the financial statements not to be presented in accordance with GAAP (or an

other comprehensive basis of accounting, if used).

Fraudulent financial reporting is accomplished in several ways:

Manipulation, falsification, or alteration of accounting records or supporting documents

from which financial statements are prepared

Misrepresentation in or intentional omission from the financial statements of events,

transactions, or other significant information, and

Intentional misapplication of accounting principles relating to amounts, classification,

manner of presentation, or disclosure.

9 According to the Report to the Nation, Occupational Fraud and Abuse (Association of Certified Fraud Examiners), in

57% of the frauds examined, either poor internal controls or controls that were in place but were overridden, were cited as

the primary reason why the fraud occurred.


57

Fraudulent financial reporting need not occur as some sort of grand scheme or conspiracy.

Instead, it may be the result of management rationalizing the appropriateness of a material

misstatement as merely an aggressive, rather than an indefensible, interpretation of complex

accounting rules. Or, management might argue that a misstatement is temporary and will

reverse or correct itself in future reporting periods.

Example: Company X is having a terrible year and expects to incur a sizeable loss.

Management believes the loss is temporary due to the economic downturn. X has already

discussed the expected loss with the bank who accepts it as an aberration for one year only.

The bank expects a Company turnaround next year.

Historically, in computing its allowance for bad debts for its trade receivables, the Company

has computed the allowance balance based on 100% of receivables over 90 days old. This year,

management wished to place a “cushion” in the allowance by including not only 100% of over-

90-day balances, but another 20% of over-60-day balances.

When the auditor asks management why they are computing the allowance to include a portion

of the over-60-day receivables, management states that it wants to “clean up” its balance sheet

by being conservative in the event some of the over-60-day balances are uncollectible. At the

balance sheet date, there is no indication that any of the over-60-days receivables are

uncollectible even though a large percentage has not been collected under dated payment

terms.

The auditor likes the fact that management is being prudent by including a higher-than-needed

balance in the allowance account.

Does the above scenario include a misstatement due to fraudulent financial reporting?

Response: Yes. This is a subtle example of fraudulent financial reporting involving managed

earnings. Yet, on the surface, one might argue that it is merely an aggressive use of an

estimate.

The easiest way for management to manipulate earnings is by over-inflating reserves and

allowance accounts, such as the allowance for bad debts and reserves for obsolete inventory.

By being “conservative” with an inflated allowance account with full knowledge of the fact

that the balance is excessive, management is doing nothing more than setting up a “rainy day

fund.” That is, management has in its allowance account excess that can be reversed in future

years to augment earnings. The most likely time for managed earnings to occur is in a loss year

in which management chooses not to reduce the loss incurred and, instead, to shift income to

future years in which it might need it.

The signs of possible fraudulent financial reporting


58

Even in a growing economy, there is pressure on management to achieve and maintain

financial results to appease analysts, banks, investors and other third parties. As a result, there

may be heightened risk that fraudulent financial reporting might exist and not be detected by

the auditors.

Auditors have the responsibility to obtain reasonable evidence that the financial statements are

free from material misstatements, including those resulting from fraud. SAS No. 99,

Consideration of Fraud in a Financial Statement Audit, provides a list of risk factors that an

auditor should consider in assessing fraud risk. The list includes:

A highly leveraged entity is in violation of loan covenants

An entity is dependent on an IPO to obtain funding

An entity is unable to obtain and maintain financing

There is evidence of liquidity problems

There are changes in accounting policies and assumptions to less conservative ones

There are profits but no cash flow

A high percentage of management’s compensation is linked to earnings and stock

appreciation

There has been a significant change in members of senior management or the board of

directors

Auditors should have heightened skepticism that fraud might exist in situations in which some

of the previous factors are present.

In the AICPA Audit Risk Alert, reference is made to some of the more common types of

financial statement fraud schemes encountered by the FBI in recent cases which include:

Common Types of Financial Statement Fraud Noted by the FBI

Type of Fraud Description

Phony Sales Creating invoices for products that were never sold, often

made to foreign companies so that auditors have difficulty

verifying the legitimacy of the sale.

Parked Inventory Sales Loading trucks full of inventory on the last day of the year

and “parking” the inventory in a nearby parking lot.

Because the goods have been “shipped” away from the

building, the company fraudulently records a sale. In

reality, the customer has merely ordered the product for

shipment at a later date.

Channel Stuffing Shipping products that are not needed by customers. Later

on, when the customer complains that the goods were not

ordered, the customer is given deep discounts or returns are

authorized. The returns or rebates are recorded in the

future period while revenue is overstated in the current

period. The transactions are repeated in the next period to

offset the reversal of the returns and rebates given from the

previous period.


59

Swap Transactions Two companies exchange their products and payments for

the sole purpose of increasing each other’s revenues.

Side Letter Agreements A sales transaction in which a company issues a right of

return or contingency letter to a customer as a condition of

sale. The letters usually give the customer the right to

return any products it cannot sell. A fraud exists because

the sale must be reversed and the auditor has not been

informed about the side letter.

Accelerated Revenue Recording sales in the current period even though they

relate to future periods. In some cases, the scheme is

consummated by backdating sales contracts or other

agreements.

Source: AICPA Audit Risk Alert, as modified by the Author.

When it comes to fraudulent financial reporting, in many instances companies “cook the

books” with more finesse than simply altering financial statements. In fact, manipulating

financial statements can be done with such subtlety that the auditor may not even know it is

being done.

Let’s look at three ways in which management can “cook the books.”

Most extreme way: Actually commit fraudulent financial reporting such as overstating

inventories or revenues- illegal.

Moderate way: Stretch accounting rules to the limit- may or may not be illegal.

Very modest way: Follow the accounting rules, but seek ambiguous loopholes in the

GAAP rules- legal but may not be ethical.

Many auditors may look for the obvious most extreme means by which management commits

fraudulent financial reporting, such as by overstating revenue and/or inventories. Yet, the

more subtle ways of simply stretching accounting rules or finding GAAP loopholes can have

just as great an impact on distorting financial statements. There is also a greater incentive for

management to simply stretch the accounting rules in that they are unlikely to be charged with

fraud either civilly or criminally.

By way of example, following are some of the balance sheet accounts that management can

manipulate by over- or understanding them, without committing fraud:

Allowance accounts and liabilities that can be easily overstated:

Allowance for doubtful accounts

Allowance for obsolete inventory

Liability for uncertain tax positions (FIN 48)

Deferred income tax asset valuation account


60

Asset valuations that can easily be manipulated:

Goodwill- impairment writedowns

Intangible assets with indefinite lives- impairment writedowns

Observation: The FASB continues to move GAAP toward a principles-based system under

which GAAP will be determined based on broader principles and fewer rules. It will be

interesting to see how auditors are able to function in such an environment. Without the current

rules-based GAAP, management will be able to stretch the rules or find numerous GAAP

loopholes to justify their interpretation of GAAP. In such an environment, auditors will be

placed in the difficult position of not having the authoritative tools (e.g., specific GAAP rules)

to challenge management’s position.

The Crazy Eddie Ripoff

In the 1980s, Eddie Antar, better known as Crazy Eddie was a consumer electronics retailer in

New York, New Jersey and Connecticut who engineered a $120 million theft with his family

members. Eddie fooled the auditors and was ultimately caught, spending time behind bars.

In his article, So That's Why It's Called a Pyramid Scheme, author Joseph T. Wells uses the

Crazy Eddie case to illustrate the different types of fraud commonly committed. He breaks

them down into five categories:

Most common fraud

method

What Crazy Eddie did How the auditor could have

caught it

1. Fictitious revenues: Companies create

fictitious revenues for

sales that did not occur.

Eddie created fictitious invoices

showing merchandise sales to three

major suppliers who colluded in the

transaction. When the auditors

confirmed the receivables, the

suppliers confirmed that the

balances were accurate.

Analytical procedures might

have caught this fraud including

an analysis of sales at the end of

the year and shipping

documents.

2. Fraudulent

inventory valuations: Inflating inventories that

do not exist or

overvaluing inventories

that do exist are two of

the most common

methods of committing

inventory fraud.

Eddie overvalued his inventory by

$80 million by borrowing

merchandise from suppliers to

increase the year-end inventory.

The suppliers were the same ones

who confirmed the phony

receivables. The goods were shipped

to the stores and billing was held

back until after the auditors left the

premises. Goods were also shipped

from one store to another and double

counted. Finally, management got

hold of the auditors' inventory test

A comparison of year-end

receiving documents to

accounts payable. If goods were

received prior to year-end, it is

unlikely that this test would

have been performed and the

fraud would have gone

undetected.

Gross profit test would have

resulted in too high a

percentage.


61

count sheets and changed them to

increase the numbers.

Number of days in inventory

would have been high.

3. Timing differences: Using the accounting

cutoff period to increase

sales and/or reduce

liabilities and expenses.

Eddie instructed his stores to hold

the books open past the end of the

year to increase sales.

Liabilities were not recorded until

the next period.

Sales cutoff test.

Analytical procedures on end of

year sales, by day.

4. Conceal liabilities

and expenses: Not

recording liabilities that

exist at year end.

Eddie instructed his nephew to

remove unpaid invoices from the

files until the auditors left the

premises.

Analytical procedures such as

gross profit test and comparison

of operating expenses from year

to year might have caught the

fraud.

Comparison of accounts

payable from year to year and

number of days purchases in

accounts payable might have

shown unusually low accounts

payable level relative to

purchases.

5. Improper

disclosures:

Changing accounting

principles or omitting

other key disclosures.

Eddie changed the footnotes with

respect to revenue and the auditors

did not notice it.

A comparison of the footnotes

from year to year would have

caught this intentional error.

b. Misappropriation of assets (theft):

Misappropriation of assets involves the theft of an entity’s assets where the effect of the theft

causes the financial statements not to be presented in conformity with GAAP.

Misappropriation of assets is usually accomplished by false or misleading records or

documents, possibly created by circumventing controls.

Misappropriation of assets is accomplished in several ways, including:

Embezzling receipts

Stealing assets, and

Causing the entity to pay for goods or services not received.

Note: An auditor is only concerned with a misappropriation of assets (theft or defalcation) that

results in a material financial statement misstatement. Immaterial theft, for example, is not

important to the auditor, per se. However, if an immaterial theft has occurred, the auditor

should be concerned about the bigger picture and whether the occurrence of the theft suggests

a deficiency in internal control.

Why do employees commit fraud for their own benefit?


62

Studies have profiled why employees commit fraud for their own benefit; that is,

misappropriation of assets. An article by Joseph T. Wells, entitled Why Employees Commit

Fraud, gives some insight into the lessons learned about employees who have committed

fraud.

In the article, the author references a 20-year-old study by Hollinger and Clark in which

12,000 employees where profiled. The results are startling:

90% of the employees committed "workplace deviance" such as workplace slowdowns,

sick time abuses, and pilferage.

33% of the employees actually stole money or merchandise.

There is a direct correlation between employee dissatisfaction and fraud: employees

who commit fraud do so by justifying it as “wages in kind."

Example: A loyal bookkeeper was denied a $100 monthly raise and stole for the next

20 years. The amount stolen was exactly $100 per month.

Lessons from research disclose the following:

1. Employee and executive profiles are important to consider:

a. Employees and executives who feel unfairly treated believe they are justified in

committing occupational fraud.

b. Employees and executives facing embarrassing financial difficulties are more

likely to commit fraud.

2. Auditors should discuss with management the importance of improving internal

controls even if the auditor does not rely on internal controls in performing the audit.

3. Auditors should ask individual employees whether they suspect fraud. The studies

reveal that auditors rarely ask the employees whether they believe any fraud is being

committed.

Another study analyzed frauds by the three conditions of the fraud triangle: Incentive/pressure,

opportunity, and rationalization.

The Study concluded that all three conditions drive an employee to commit fraud as noted in

the following chart:


63

% of frauds

committed

INCENTIVE/PRESSURE:

Expensive lifestyle to maintain 43%

Dissatisfaction with the company 8%

Career disappointment 10%

Layoff/redundancy 4%

OPPORTUNITY:

Insufficient internal control 28%

External collaboration/collusion 24%

Management over ride 26%

Internal collaboration/collusion 18%

Anonymity with the company 16%

Foreign business customers 2%

RATIONALIZATION:

Lacked awareness of wrongdoing 40%

Low temptation threshold 36%

Self-denial of consequences to company 23%

Source: Crisis Management- Economic Crime, PWC.

From the Survey chart, it is obvious that the maintenance of an expensive lifestyle has been the

greatest subcondition that drives incentive/pressure with it existing in 43% of the frauds

committed.

Also, rationalization is a critical condition driving fraud with the primary subcondition of

rationalization being a lack of awareness of wrongdoing (40% of frauds surveyed), and a low

temptation threshold (36% of the cases).

4. Small Business Fraud

Based on the report published by the Association of Certified Fraud Examiners entitled, Report

to the Nation on Occupational Fraud and Abuse, smaller privately held businesses are the

greatest victims of occupational fraud. Specifically:

42% of all frauds occur in private companies, resulting in median losses of $231,000

31% of frauds occur in companies with fewer than 100 employees.

From the Report, the frequency and median loss of cash frauds is broken down in the following

table:


64

Asset Misappropriations- By Type % of all

cases

Median

loss

Involving Cash Receipts

Skimming 15% $60,000

Cash larceny 10% 100,000

Involving Fraudulent cash disbursements

Billing schemes 26% 129,000

Check tampering 13% 131,000

Expense reimbursements 15% 33,000

Payroll schemes 9% 72,000

Cash register disbursement schemes 3% 23,000

Cash on hand misappropriations 13% 23,000

Involving non-cash assets:


inventory theft

16% 90,000

a. Fraudulent disbursements:10

The greatest percentage of cash frauds involves some form of fraudulent disbursement.

Following is a table that summarizes the common types of fraudulent disbursements and

examples of each.

10

Excerpts from this segment were extracted from: How to Prevent Small Business Fraud, Association of Certified Fraud

Examiners.


65

Examples of fraudulent disbursements

Type of fraudulent disbursements Example

Phony vendor: Invoices are paid

for fictitious goods or services,

inflated invoices or goods or

services related to the perpetrator.

A secretary sets up a phony vendor and submits faxed

copies of invoices to the accounts payable department for

payment. The fraud was discovered four years later when

a manager identified a large variation in the budget.

Phony employee: Payment is

made to a phony employee.

A controller who believes she should be earning more

compensation adds a phony employee to the payroll

records. Because she manages both the bank accounts

and general ledger, she wrote a check to the phony

employee and direct deposited the funds into her

personal account.

After three years, the fraud was detected during a

surprise payroll audit.

Expense reimbursements: An

employee submits a claim for

reimbursement of fictitious or

inflated business expenses.

John, a sales employee, submits on his expense report

phony invoices for meals and entertainment.

Check tampering: A perpetrator

forges, alters or steals a check.

The administrative assistant, who is also the company’s

bookkeeper, prepares and delivers checks to the CEO for

payment on a weekly basis. The CEO quickly signs the

checks. The assistant prepares the checks with erasable

ink and changes the payee on the checks after they are

signed, and posts the checks to various general ledger

accounts. When the checks are returned the assistant

changed the payee back to the original payee. She is

caught when, in haste, she altered checks related to the

CEO’s personal expenses. Total cost to the company

was more than $500,000.

Register disbursement: An

employee makes false entries on a

cash register to conceal the

removal of cash.

A service station attendant learns that a cash sale can

disappear altogether if he presses the “hold” button on

the register for a few seconds. When a customer pays

cash, the attendant pockets the cash and does not record

the sale. The fraud was discovered when there was a

significant difference between the fuel level and sales.

Total cost to the company was $132,000.

Source: Small Business, Big Losses, Joseph T. Wells, Journal of Accountancy, AICPA


66

Fraud involving cash receipts:

Fraud involving cash receipts can be segregated into two categories:

Cash larceny

Skimming

Cash larceny and skimming collectively represent 25% of all misappropriations of assets.11

Cash larceny:

Cash larceny occurs when an employee steals cash from a daily cash deposit.

Typical forms of cash larceny are summarized in the following table:

Ways to conceal cash larceny

Internal controls to mitigate the concealment

Deposit lapping: An employee steals

a deposit from one day and replaces it

with a deposit from the next day. The

second day’s deposit is replaced with

the third day’s deposit, etc. The

deposits are always one day behind.

Insist that deposits be made on a daily basis with

an independent person verifying the dates and

amounts of each deposit from the deposit slip and

bank statement.

Deposits in transit: An employee

steals a deposit and carries the

missing deposit as a deposit in transit

on the bank reconciliation.

Make sure there is a separation of duties between

those that make the deposit and the one that

reconciles the bank statement.

Source: How to Prevent Small Business Fraud, Association of Certified Fraud Examiners.

Skimming:

Skimming involves removing cash from an entity before the cash is recorded. It is commonly

known as “off-the-books” fraud because there is no direct audit trail to detect the fraud.

Typically, skimming involves an employee receiving a payment from a customer, pocketing

that deposit and not recording the receipt of that payment.

Following is a chart that summarizes the common types of skimming schemes:

11

Cash larceny (10%) and skimming (15%).


67

Common Types of Skimming Schemes

Skimming Scheme Comments

Skimming sales: Theft of incoming

sales.

Easier to conceal than theft

of receivables as payment

for the sale is not expected

while the receivable is.

On-site employees: Most skimming occurs at the cash

register by low-paid employees subject to a high-degree

of temptation.

Typically involves ringing in “no sale” or another non-

cash transaction in the register.

Remote salespeople: Unsupervised off-site employees

sell goods, retain the cash, and do not record the sale.

Off-hours sales: Employees conduct sales during off-

hours without the knowledge of the owners.

Mailroom theft: Employees who open the mail steal

incoming checks.

Check-for-cash substitutions: An employee receives

unexpected revenue such as a rebate or refund. The

employee sets aside the check. When an equal amount of

currency is received, the employee takes the currency

and replaces it with the check.

Example: An unexpected rebate check is received for

$1,000. An employee steals $1,000 of cash and replaces

it with the rebate check.

Skimming receivables: Theft of

income receivable payments.

Experienced fraudsters avoid

skimming receivables in lieu of

skimming sales. Receivable

payments represent a payment

from a customer expected to be

received resulting in it much more

likely that the fraudster will get

caught. Unpaid receivables show

up on the past due listing.

The fraudster uses several concealment

techniques:

Forced account balances: Employee posts the payments

to the customer receivable accounts even though they

have not been received. The difference is posted as a

plug to cash.

Fraudulent write offs: Fraudster authorizes bad debt

writeoff for an account skimmed.

Debits to aging or fictitious accounts: Improperly

debiting the accounts of other customers (or fictitious

customers) to account for the false credit to the skimmed

customer account.

Lapping: Applying the payments of one account to

another to conceal a skimming.

Example: Check for Customer A is stolen.

Check for Customer B is posted to account of Customer

A to conceal theft, and so on.


68

Stolen statements: The fraudster intercepts the

customer’s account statement and late notices or changes

the customer’s address to ensure the customer does not

receive a statement from the victim organization.

Destroying records: The fraudster destroys all records

that can implicate him/her in the skimming.

Source: How to Prevent Small Business Fraud, Association of Certified Fraud Examiners.

Note: With respect to sales skimming, one way to detect such skimming is through inventory

shortages. An employee who skims a cash sale still must accommodate the customer who

placed the sale. The employee will have to ship the customer goods for which sales have not

been recorded, resulting in an inventory shortfall. Now the employee must conceal the

inventory shortfall to cover up the sales skimming. Ways to conceal the inventory shortfall

include writing off inventory as obsolete and adjust the perpetual inventory to reflect the

removal of the goods.

In reality, it is usually easier for a perpetrator to hide the inventory shortfall than the skimmed

sales. If the sales skimming is relatively small, the inventory shortfall is not likely to be

discovered and will wash through as normal shrinkage. Conversely, a large sales skimming

could yield a significant inventory shortage.

Which is the best type of fraud to commit if you are a fraudster?

Let’s look at fraud from the perspective of the fraudster. In performing any fraud, the fraudster

must take action on two fronts:

1. Conceal the fact that the crime has been committed, and

2. Conceal the identity of the fraudster.

For some frauds, concealing the fact that the crime has been committed may be easy, but

concealing the identity of the fraudster may be difficult. Conversely, others may be difficult to

conceal but easy to hide the identity of the fraudster.


69

Comparison of Types of Frauds: Ease of Concealing

Crime and Identity of Fraudster

Ease of

concealing crime

Ease of concealing

identity of fraudster

Fraud involving cash receipts:

Cash larceny Low High

Skimming sales High High

Skimming receivables Low Low

Fraud involving cash disbursement:

Phony vendors Moderate Low

Phony payroll Moderate Low

Expense reimbursement Moderate Low

Check tampering Moderate Low

Register disbursement Moderate High

From the chart, one can see that there is a wide difference between the risks of concealment

and being caught based on types of frauds. In general, skimming of sales still continues to be

the most attractive type of fraud to commit in that it is usually difficult to detect and, if

detected, there is a lower probability that the perpetrator will get caught. Conversely, most

fraud involving cash disbursements have the risk that, if the fraud is discovered, the perpetrator

will be caught.

5. Evaluating an Entity’s Fraud Environment

No organizations are exempt from their exposure to fraud. Consequently, it is important that

they evaluate their risk and exposure to fraud by considering the entity’s culture and fraud risk

factors.

Following is a chart that looks at variables (fraud risk factors) that might exist in high- and

low-fraud risk environments.

Environmental and Cultural Comparison of Organizations

with High Fraud and Low Fraud Potential

Variable High-Fraud Potential Low-Fraud Potential

Management style Autocratic Participative

Management orientation Low trust

Power-driven

High trust

Achievement-driven

Distribution of authority Centralized, reserved by top

management

Decentralized, dispersed to all

levels, delegated

Planning Centralized and short range Decentralized and long range

Performance Measured quantitatively and

on a short-term basis

Measured both quantitatively and

qualitatively and on a long-term

basis

Business focus Profit-focused Customer-focused

Management strategy Management by crisis Management by objectives


70

Reporting Reporting by routine Reporting by exception

Policies and rules Rigid and inflexible, strongly

policed

Reasonable, fairly enforced

Primary management

concern

Capital assets Human, then capital and

technological assets

Reward system Punitive and penurious Generous, reinforcing, and fairly

administered

Feedback on performance Critical and negative Positive and stroking

Interaction mode Issues and personal

differences are skirted or

repressed

Issues and personal differences are

confronted and addressed openly

Payoffs for good behavior Mainly monetary Recognition, promotion, added

responsibility, choice assignments,

plus money

Business ethics Ambivalent, rides the tide Clearly defined and regularly

followed

Internal relationships Highly competitive, hostile Friendly, competitive, supportive

Values and beliefs Economic, political, self-

centered

Social, spiritual, group-centered

Success formula Works harder Works smarter

Human resources Burnout, high turnover,

grievances

Not enough promotional

opportunities for all the talent

Low turnover

High job satisfaction

Company loyalty Low High

Major financial concern Cash flow shortage Opportunities for new investment

Growth pattern Sporadic Consistent

Relationship with

competitors

Hostile Professional

Innovativeness Copy cat, reactive Leader, proactive

CEO characteristics Swinger, braggart, self-

interested, driver, insensitive

to people, feared, insecure,

gambler, impulsive, tight-

fisted, numbers- and things-

oriented, profit-seeker, vain,

bombastic, highly emotional,

partial, pretend to be more

than they are.

Professional, decisive, fast-paced,

respected by peers, secure risk-

taker, thoughtful, generous with

personal time and money, people-

products- and market-oriented,

builder, helper, self-confident,

composed, calm, deliberate, even

disposition, fair, know who they

are, what they are and where they

are going.

Management structure,

systems and controls

Bureaucratic, regimented,

inflexible, and imposed

controls

Collegial, systematic, open to

change, self-controlled

Source: The CPA’s Handbook of Fraud and Commercial Crime Prevention, AICPA.


71

Signs that Fraud May be Present

If you are looking for the signs of fraud in a small business environment, consider whether any

of the following factors are present:

Signs of Potential Fraud

Symptom in the Books Possible Sign of Fraud

An increase in overall sales returns

Removes customer accounts receivable to conceal

skimmed accounts receivable payment

Unusual bad debt write offs Removes customer accounts receivable to conceal

skimmed accounts receivable payment

Slow collections Skimmed accounts receivable

Decline or unusually small increase in cash

or credit sales

Sales are not being recorded

Inventory shortage Sign of fictitious purchases, unrecorded sales, and

employee theft

Source: Small Business Administration’s Crime Prevention Series

Not only should a company look at the technical signs of fraud noted in the previous table,

companies should look at the psychological aspects of fraud and the symptoms that exist in

changes in employee behavior. Examples of suspicious employee behavior include:

Symptoms of Employee Fraud

Behavior Explanation

A suddenly enriched, extravagant lifestyle

that is unsubstantiated by normal wages

Embezzlers need to demonstrate they can buy items

with the money to improve their lifestyle.

Frequent requests for cash advances or

delayed repayment of prior loans

Requests are indicators of expenses exceeding

income, which may indicate an employee theft

exists.

Telephone calls at work from creditors Calls from a collection agency are typically the

agency’s last resort to collect, noting a severe

personal cash flow problem.

Wage garnishment Wage garnishment is typically a sign that

embezzlement may already be in place.

Significant change in behavior, attitude, or

performance

Embezzlement becomes a full-time, all

encompassing job the deeper the employee gets

involved. Irritability, drastic mood swings and

frequent mistakes all can be evidence of a larger

problem.

Refusing to take time off Embezzlers must hide their tracks and cannot give

anyone else the chance to discover their fraud.

Gambling Employees with a gambling, alcohol, or drug

addiction find ways to finance their habit.

Source: Dana Turner, Security Education Systems, San Antonio, Texas


72

Employee background checks- do they work?

There are mixed opinions as to whether background checks on employees really work in

predicting whether a prospective employee will be a fraudster. Fraud surveys indicate that most

fraudsters are first-time offenders.

However, the background check that may be the most effective, is not one limited to contacting

the previous employer since that employer would be reluctant to disclose a fraud anyway.

Instead, a more expansive background check is most effective and costs about $1,500 and

should include:12

Do a database check to:

1. Verify address and previous employment

2. Look for civil claims related to:

a. Liens and judgments against the potential employee

b. Bankruptcy filings and litigation records

3. Hand search at local county courthouses in the counties where the person has held

previous positions.

Note: Searching criminal records is useful but may not be effective for first-time offenders. In

many states, a guilty plea for a first-time offender may be expunged from his or her record

after one year.

In addition, all businesses should:

1. Prosecute even the smallest of frauds to set the tone for the company and to stop the

embezzler of the next employer, and

2. Nurture an environment where employees can share information about potential frauds.

12

Forensic Investigative Associates, NY, NY.


73

50 Honest Truths About Employee Dishonesty

The Employee and Your Company

Employers can create an atmosphere that fosters honesty, or dishonesty by the way they conduct

business.

If you ask an employee to steal for you, don’t be surprised when he steals from you.

Theft is the ultimate sign of employee disrespect toward you and your company. That disrespect

is usually predictable, based on prior behavior.

Employees involved in theft have usually been involved in other prior misconduct at the company.

Employee theft is far more costly to your business than just the value of the goods stolen.

The employee who steals is more insidious than the outsider because that employee violated your

trust.

No employee who steals is a “good employee” no matter how hard they otherwise work.

Psychology of Employee Theft

Need and opportunity are critical elements for theft to occur.

Need can be very superficial and at times difficult to understand.

An employee’s ethical make up will temper the temptation to steal.

Virtually every employee who steals has rationalized his or her dishonesty.

Most employees would not steal if they couldn’t rationalize it.

Employees who steal believe that everyone steals and that most steal more than they do, no matter

how much they have actually stolen.

A thief learns to lie before he learns to steal.

Tolerance of Theft

No theft, no matter how minor, should be tolerated or ignored.

Employees who know of unreported theft are as bad as the thief.

Theft is like a cancer- if left untreated it will continue to grow and spread.

In regard to your attitude towards dishonesty, most employees mistake kindness for weakness.

Most employees appreciate a second chance- to steal from you again.

Detection and Prevention

No one ever gets caught the first time.

The employee who is closest to the loss is usually the one who did it.

Be careful of the employee who discovered the loss.

When the person’s explanation sounds suspicious, be suspicious.

Your so-called sixth sense is usually pretty accurate- it’s actually a consolidation of your senses.

Employees who deny guilt, but are willing to perform restitution, are guilty.

When a number of employees suspect one person there’s usually a pretty good reason.

Controls Over Theft

Virtually every theft situation could have been prevented by better management.

Nothing you own is immune from theft, and no business is theft proof.

Most businesses are loath to put controls over theft for a variety of reasons, which are invalid.

For some reason, companies are more eager to detect theft after the fact, than prevent it from

happening, even though it is much cheaper to prevent it in the first place.


74

The best way to avoid employee theft is to not hire a thief.

The best way to not hire a thief is to investigate a potential employee’s background.

If a person has stolen from a previous employer, why do you think he or she won’t steal from you?

Constant and eclectic vigilance is required to prevent theft- there is no magic.

Isolating the responsibility is a critical theft prevention topic.

Never let the employee be his or her own check and balance.

Asset protection is in everyone’s job description.

Effective security measures are not oppressive or burdensome.

Asset protection is an insurance. The cost should be weighed against the risk.

Crime and Punishment

There is no perfect resolution. Each case must be considered independently, the most just and

intelligent disposition.

You cannot rely on the criminal justice system to protect your assets, investigate theft, or bring the

culprit to justice.

If you want to understand the physics of a black hole, bring your employee fraud case to the

typical big city court.

The employee who says he is sorry usually is- sorry to have been caught.

The employee who is remorseful today will be spiteful tomorrow.

If the only punishment the employee receives is termination, the proceeds of theft are his golden

parachute.

If the dishonest employee offers to resign, accept it and avoid the urge to be vindictive.

Of the three “shuns” (termination, prosecution, restitution) restitution while the most difficult,

does the victim the most good.

Source: Honest Truths About Employee Dishonesty, Steven Kirby, DFE

Associate Editor, Fraud Section, PI Magazine.


75

REVIEW QUESTIONS









1. As noted by the FBI, what type of financial statement fraud involves a sales transaction in

which a company issues a right of return or contingency letter to a customer as a condition

of sale:

a. Accelerated revenue

b. Phony sales

c. Side letter agreements

d. Swap transactions

2. In the Crazy Eddie Rip-Off, how could the auditor have caught the fraudulent inventory

valuations?

a. Compare accounts payable from year to year and number of days purchases in accounts

payable

b. Compare the footnotes from year to year

c. Perform gross profit test and number of days in inventory

d. Perform sales cutoff test

3. Which type of fraud involves an employee stealing cash from a daily cash deposit?

a. Cash larceny

b. Phony vendor

c. Register disbursement

d. Skimming

4. What is a common concealment technique used by a fraudster who is skimming

receivables:

a. Check-for-cash substitutions

b. Fraudulent writeoffs

c. Mailroom theft

d. Off-hours sales


76

5. Which organization has the highest fraud potential?

a. A customer-focused organization

b. An organization that has decentralized authority, dispersed to all levels

c. An organization that measures performance quantitatively, on a short-term basis

d. An organization with a collegial, systematic, self-controlled management structure


77

SUGGESTED SOLUTIONS

1. As noted by the FBI, what type of financial statement fraud involves a sales transaction in

which a company issues a right of return or contingency letter to a customer as a condition

of sale:

a. Incorrect. Accelerated revenue is the recording of sales in the current period even

though they relate to future periods. In some cases, the scheme is consummated by

backdating sales contracts or other agreements.

b. Incorrect. Using phony sales involves creating invoices for products that were never

sold, often made to foreign companies so that auditors have difficulty verifying the

legitimacy of the sale.

c. Correct. Side letter agreements involve a sales transaction in which a company

issues a right of return or contingency letter to a customer as a condition of sale.

The letters usually give the customer the right to return any products it cannot sell.

d. Incorrect. Swap transactions involve two companies exchanging their products and

payments for the sole purpose of increasing each other’s revenues.

2. In the Crazy Eddie Rip-Off, how could the auditor have caught the fraudulent inventory

valuations?

a. Incorrect. A comparison of accounts payable from year to year and determined number

of days purchases in accounts payable would have caught the concealment of liabilities

and expenses, but not the fraudulent inventory valuations.

b. Incorrect. If the auditor had compared the footnotes from year to year, Crazy Eddie’s

intentional changes to the disclosure footnotes would have been detected, but not the

fraudulent inventory valuations.

c. Correct. If the auditor had performed a gross profit test, it would have resulted in

too high a percentage. In addition, the number of days in inventory would have

been high. Both tests might have uncovered the fraudulent inventory valuations.

d. Incorrect. The sales cutoff test might have detected timing differences in recording

sales, but was unlikely to uncover the fraudulent inventory valuations.

3. Which type of fraud involves an employee stealing cash from a daily cash deposit?

a. Correct. Stealing from a daily cash deposit is referred to as cash larceny.

b. Incorrect. The creation of phony vendors is a type of fraudulent disbursement. In this

type of fraud, invoices are paid for fictitious goods or services, inflated invoices or

goods or services related to the perpetrator.

c. Incorrect. Register disbursements is a type of fraudulent disbursement that has nothing

to do with stealing daily cash deposits. In this type of fraud, an employee makes false

entries on a cash register to conceal the removal of cash.

d. Incorrect. Skimming is one of the two categories of fraud involving cash receipts, but

does not involve stealing cash from the daily cash deposit (cash larceny). Unlike cash

larceny, skimming involves removing cash from an entity before the cash is recorded. It


78

is commonly known as “off-the-books” fraud because there is no direct audit trail to

detect the fraud.

4. What is a common concealment technique used by a fraudster who is skimming

receivables:

a. Incorrect. Substituting checks for cash might be an effective technique when skimming

sales, but not skimming receivables. Using this technique, the employee receives

unexpected revenue such as a rebate or refund, which is set aside. When an equal

amount of currency is received, the employee takes the currency and replaces it with the

check.

b. Correct. Fraudulent writeoffs is an effective concealment technique with fraud

involving receivables. The fraudster skims receivable collections and then

authorizes a bad debt writeoff for an account skimmed.

c. Incorrect. A fraudster who is skimming sales might open the mail in the mailroom and

steal incoming checks. However, this technique does not work well for skimming

receivables because ultimately the customer who sent in the check will question why he

or she has not been credited for the payment sent.

d. Incorrect. A fraudster who is skimming sales might conduct sales during off-hours

without the knowledge of the owners. This approach does not involve skimming

receivables.

5. Which organization has the highest fraud potential?

a. Incorrect. In general, a customer-focused organization has low-fraud potential, whereas

a profit-focused organization has high-fraud potential.

b. Incorrect. An organization that has decentralized authority, dispersed to all levels, has

low-fraud potential, whereas an organization that has centralized authority, reserved by

top management, has high-fraud potential.

c. Correct. An organization that measures performance quantitatively and on a

short-term basis has higher fraud potential. On the other hand, an organization

that measures performance both quantitatively and qualitatively and on a long-

term basis has lower fraud potential. Incorrect. An organization with a collegial, systematic, self-controlled management

structure that is open to change has low-fraud potential, not high-fraud potential.


79

6. Time Theft

There are indirect ways in which employees can steal from their employer. One such way is

time theft. Companies are coming to the realization that time theft can be just as severe as

embezzlement and no one goes to jail.

One study13

concludes that the average employee steals approximately 54 minutes per day (4.5

hours per week), from his or her employee, for a total of six full work weeks per year- more

than 10 percent of total payroll.

1. Examples of time theft forms include:

Late arrival or early departure

Requesting paid sick days for inappropriate reasons

Excessive socializing and personal telephone calls

Using company time and facilities to operate another business

Taking long lunch breaks

Slowing down the workload

Handling personal business during work hours.

2. Time theft applies to all business whether white or blue collar based.

3. Permanent employees steal more time than temporary employees.

4. The greater the seniority, the greater the chance they will steal time from their employer.

5. Office personnel steal more time than manufacturing personnel.

6. Employees under age 30 steal more time than employees age 30 or older.

The following chart quantifies the impact of time theft on a typical business:

Assumptions:

20 minutes per day time theft as follows:

Arrival at work 5 minutes late, leave 5 minutes early (10 minutes lost per day)

5 minutes early for lunch, and 5 minutes late for lunch (10 minutes lost per day)

250 working days per year

13

Acroprint- Is Time Theft Robbing You Blind?


80

Computation of Time Theft

Hourly

rate

Hourly

including

fringes

30%

Lost profit

# employees

10 25

$7.25 $9.50 $(7,916) $(19,790)

9.00 12.00 (9,996) (24,990)

11.00 14.30 (11,912) (29.780)

15.00 19.50 (16,245) (40.610)

18.00 23.40 (19,500) (48,750)

Source: Carpoint as modified by the Author.

How to reduce time theft?

Employee time and attendance systems can be used to significantly reduce time theft by

eliminating the ability to come in early and leave early, as well as taking additional time at

lunch.

Time and attendance systems can be used to reward or penalize employees during the

employment reviews.

7. Employee background checks and credit reports

Should an employer do a background check (including an employee’s credit report) in

deciding whether to hire that employee?

More companies are performing detailed background checks, including obtaining a credit

report, on prospective hires and using that information as part of the decision to hire.

Typically, such checks are useful in uncovering information on an employee that might not

otherwise be extracted toward the performance of other traditional efforts. According to one

report, 40 percent of employers now run credit reports.14

It is estimated that 40 percent of resumes, contain false or inaccurate information.15

So, why perform a detailed background check including a credit report?

There are several reasons for performing a detailed background check, including obtaining a

credit report:

a. It could protect the employer from a future negligence claim based on the actions of

that employee while employed.

14

U. S. News & World Report 15

InfoLink Screening Services, Inc.


81

b. It may uncover a criminal record.

c. It may help evaluate the employee’s ability to manage financial affairs. “If he or she

cannot mange his or her own financial affairs, why could he or she do so for our

organizations?”

d. Hiring the right employees may avoid high turnover costs which can run as high as

$10,000 per employee position.16

Not only is the background check useful in assessing the way in which an employee manages

his or her financial affairs, but also may be necessary to protect the company from a future

liability claim due to the actions of that employee. Not only can an employee be negligent

during his or her employment, but there is also risk that an employee has an undisclosed

criminal record. One study noted that employers lost 79 percent of all negligent hiring suits

with the average jury plaintiff award that exceeds $1.6 million. In some cases, damages are

assessed against an employer because an employer fails to perform a background check on an

employee prior to hiring.

If an employer does obtain a credit report, there are certain requirements that must be met

under the Fair Credit Reporting Act (FCRA) including disclosure to the employee of his or her

rights under that Act.

8. The Auditor's Role in Dealing with Fraud

a. General:

In reviewing the incidents of fraudulent financial reporting found in the COSO Report, there

are some facts that the auditor should consider. Among these is the fact that even the strongest

of internal control systems can be circumvented by collusion or management override.

Moreover, a weak internal control system tempts not only dishonest employees but also those

who are on the fringe--the person who does not plan to steal but does so when tempted.

Test the one-dollar bill rule to see if someone is honest:

Drop a dollar bill and see if the person walking directly behind you gives it back. Do

the same for $5, $10, $50, and finally $100, if you dare.

What does this test tell you about human nature?

In this hypothetical situation, some individuals would give the money back and some,

unfortunately, would not. In most instances, the person who keeps the bill would otherwise be

an honest person and certainly not one scheming to steal from another. In fact, the person did

not reach into your pocket or grab your wallet or pocketbook. But when the temptation was

16

William M. Mercer, Inc.


82

presented (e.g., a bill lying on the ground), he or she committed the theft. A parallel exists with

an employee who commits fraud (theft). Most employees who steal from their employer do not

scheme to commit the fraud. Similarly, management generally does not plan to commit

fraudulent financial reporting. But when the temptation presents itself through a weak internal

control system coupled with other factors (such as financial pressures), the employee that is on

the fringe might steal and management may possibly commit financial statement fraud.

The moral of the story is for companies to strengthen their internal control. Take the

temptation away from the weak and weary!

b. The auditor's role in dealing with fraud- SAS No. 99 requirements:

SAS No. 99, Consideration of Fraud in a Financial Statement Audit, establishes expanded

requirements for auditors to consider fraud in a financial statement audit. It applies to audits of

both public and non-public entities.

The primary actions auditors must take in complying with SAS No. 99 are as follows:

Emphasizes that an auditor must:

1. Exercise professional skepticism during the audit including:

Having a questioning mind and performing a critical assessment of all audit evidence

received

Possessing a “show me” mindset that recognizes the distinct possibility that a material

misstatement due to fraud could be present

Evaluating information received by management without any bias to past experience

with the entity and regardless of the auditor’s belief about management’s honesty and

integrity

Conducting ongoing questioning of whether the information and evidence obtained

suggests that a material misstatement due to fraud has occurred, and

Probing evidence more thoroughly and critically.

Note: Professional skepticism does not assume that management or employees are guilty

or innocent of committing fraud. Instead, it is based on a degree of neutrality.

2. Conduct a brainstorming session with audit engagement personnel to discuss the risks of

material misstatement due to fraud and set the tone of the audit.


83

3. Make greater inquiries of management and other personnel within the entity about the risks

of fraud.

Inquiries include those of management, internal auditors, audit committee chairman,

and others (such as sales and marketing, and receiving personnel)

4. Perform analytical procedures including specific procedures on revenue.

Examples of analytical procedures related to revenue follow:

Comparison of recorded sales volume with production capacity - an excess of sales

volume over production capacity may indicate the recording of fictitious sales.

Trend analysis of revenues by month and sales return by month during and shortly after

the reporting period. Variations may indicate the existence of undisclosed side

agreements with customers to return goods that would preclude revenue recognition.

Compare revenue to variable expenses (cost of sales, commissions, etc.) for significant

fluctuations.

Review bad debt writeoffs in relation to sales.

5. Consider an expanded list of fraud risk factors: SAS No. 99 expands the list of fraud risk

factors that need to be considered in planning the audit. The list is not included in this

section but is part of the appendix to SAS No. 99.

6. Perform three additional procedures to deal with the risk of management override of

internal controls:

a. Examine journal entries and other adjustments for evidence of possible material

misstatement due to fraud.

b. Review accounting estimates for biases that could result in material misstatement due

to fraud.

The auditor also should perform a retrospective review of significant accounting

estimates reflected in the financial statements of the prior year to determine

whether management judgments and assumptions relating to the estimates indicate

a possible bias on the part of management.

c. Evaluate the business rationale for significant unusual transactions.

7. Change the language in the management representation letter.


84

The following language must be included in the management representation letter for an audit:

We acknowledge our responsibility for the design and implementation of

programs and controls to prevent and detect fraud.

We have no knowledge of any fraud or suspected fraud affecting the entity

involving:

a. Management

b. Employees who have significant roles in internal control, or

c. Others where the fraud could have a material effect on the

financial statements.

We have no knowledge of any allegations of fraud or suspected fraud affecting

the entity received in communications from employees, former employees,

analysts, regulators, short sellers, or others.

c. Look for the warning signs of fraud before and during the audit:

One of the key elements emphasized in SAS No. 99 is for an auditor to have heightened

professional skepticism in conducting his or her audit. The AICPA’s Audit Risk Alert

identifies a list of “circumstances and observations” that should catch the attention of the

auditor.

1. A company that has a culture of arrogance: The “tone at the top” sets a company’s culture

and values. A culture of arrogance provides an atmosphere in which bad behavior can

flourish. Management that engages in fraudulent financial reporting often demonstrates:

A high degree of arrogance, pride, greed, and hubris

A reputation for being extremely aggressive in taking excessively high risks, and

living “on the edge”

2. Accounting policies that appear to be too aggressive or rely heavily on management’s

judgment: The method by which accounting principles are selected affects the manner in

which the financial statements are presented to third-party users and the accuracy,

transparency, and understandability of those statements. Management has the ability and

temptation to manipulate financial reporting in instances where GAAP permits different

alternatives of principles that can be used to account for a transaction, where there is a high

degree of subjectivity in using estimates or judgment, or if GAAP is unclear in an existing

or evolving area. By abusing the selection and use of accounting principles, management


85

can alter earnings and manipulate various accounts and transactions to report distorted

financial statements and conceal certain important information.

3. An ineffective audit committee and board governance: An ineffective audit committee and

board of directors result in a lack of monitoring of the financial reporting process.

a. An ineffective audit committee is one that:

Lacks independence

Fails to meet regularly

Lacks members who have financial expertise

Does not interface directly with the internal or external auditors

Does not monitor important company programs

Note: The Sarbanes-Oxley Act of 2002 increased the responsibilities of audit committees

and limits the conflicts of interest that have existed on such boards for years. Although the

requirements of Sarbanes-Oxley apply only to public companies and their auditors, the

restrictions that it places on audit committees can be followed by non-public entities.

4. An overly centralized control over the financial reporting process: Internal control is

compromised when one member of senior management or a small group of management

retains control over the financial reporting process.

a. The opportunity and likelihood for fraudulent financial reporting exists in situations in

which management controls the reporting process and takes steps to restrict access to

important information required by third party users and auditors.

5. Ratios and benchmarks that significantly vary from industry averages: A company that has

ratios and benchmarks that differ from other companies within the industry may be a sign

of financial statement fraud. Benchmarking research and analysis may be useful in

pinpointing possible business problems including signs that the company could be in

financial difficulty or that there is a manipulating of the financial reporting process.

6. A cash flow from operations that has little relationship to GAAP earnings: A sign of

possible financial statement fraud is where reported GAAP earnings do not correspond with

the actual cash flows of the company.

a. If management is manipulating earnings, there may be a sign of such actions in a

disparity between cash from operations and GAAP earnings.

b. An entity with negative cash flows may be a sign of a going concern problem.

7. Compensation plans that reward management for achieving aggressive financial goals or

are geared toward enriching executives rather than generating profits:


86

a. In situations in which management’s compensation is linked to certain operating or

financial targets, management may put pressure on employees to meet overly aggres-

sive goals.

b. A high-pressure environment can provide the need to establish overly aggressive

practices and the motivation to operate beyond acceptable practices.

c. Auditors should be aware of the power of greed in motivating management and other

employees to take actions they might not otherwise take.

8. The existence of significant insider trading: When senior management has a sizeable sell-

off of their company stock, such an action may be a sign that they believe the stock value is

overstated and that the financial reporting does not purport the real economic value of the

company.

9. There is confusion and difficulty in understanding how a company actually makes its

money: A sign of fraud may be that an entity is involved in many businesses and complex

transactions coupled with a difficulty by third-parties in understanding how a company

actually makes its money and generates cash.

10. Forecasts and predictions by management that are inconsistent with industry trends:

Management may develop accounting estimates, make business decisions, or make

predictions and forecasts that contradict with actual industry trends and other evidence

about what other companies within the industry are doing or forecasting.

11. Unchecked acquisition growth: Management may acquire businesses for the sake of

accumulating assets rather than for the good of the company. Overly aggressive growth by

acquisitions can create havoc in a company in ways such as:

Creating difficulties in merging different operations and internal control processes

Stressing the abilities of the existing internal control system to accommodate the

additional operations and transactions, and

Limiting the entity’s liquidity and access to additional capital.

12. Turnover of key management personnel: The resignation or termination of key personnel

may be a sign that there are future troubles at the entity and that they knew something about

the company’s financial future that outsiders are unaware of.

13. Declining relationships and credibility with customers, creditors, and other third parties:

The deterioration of company third-party relationships may be a sign of financial

difficulties or inappropriate activities by the company.


87

14. Continued periods in which the company experiences success: Entities that have had a

prolonged period of financial success may have difficulty envisioning a financial downturn.

Management may not have a clear perspective about the condition of the economy,

company and industry in which the company operates. As a result, management may

inappropriately make decisions without taking into account the typical peaks and troughs in

the business cycle.

15. Management that does not listen to the comments of key employees: Key management may

be so focused on achieving a self-serving purpose, such as an increase in stock price, that

it may fail to listen to the suggestions of employees and notice the warning signs that the

company is in trouble.

16. Receivables that are growing faster than sales: If sales are declining, management may

attempt to inflate receivables to improve its financial position. Also, growing receivable

balances relative to sales may indicate that the quality of receivables has deteriorated and

that sales are being made to higher-risk customers thereby increasing the risk that

receivables may not be collectible.

17. Unusual changes in gross profit: Changes in gross profit may suggest a mismatch between

sales and cost of sales including cutoff problems or over and under-stated sales.

18. Sizeable decline in stock price: A decline in stock price may be indicative that the

investment community knows something about the financial deterioration of the company.

19. Failure to satisfy past-due obligations: The inability to pay past-due obligations is a sure

sign of liquidity problems.

20. Inability to obtain financing: A sure sign of a deteriorating financial position is when

lenders are reluctant to provide financing to a client or the company is required to pay a

higher interest rate to reflect the lender’s perception of higher risk from lending to the

company.

21. Evidence that management has previously committed dishonest or illegal acts: If a client

has been dishonest in the past, he or she is more inclined to conduct similar acts in the

future.

22. Net income that is growing disproportionate to revenue growth: A red flag exists when net

income grows at a faster or slower pace than revenue. In doing so, there is the possibility

that some aspect of the income statement is distorted.

23. The company engages in transactions that lack economic substance: A transaction that

lacks economic substance may suggest that fraud is involved, particularly where there are

complex, one-time transactions including those that occur near year end.


88

24. The company is obsessed with meeting earnings targets: Management that is under

pressure to meet earnings targets is more likely to commit fraud.

25. A large company that continues to have a small business mentality: A large company’s

management may still retain control of the internal control environment even as the

company continues to grow. The centralized control of operations creates a greater risk

that management might override internal controls.

d. Remember that analytical procedures are the key:

The auditor is only concerned about material fraud, that is, fraud that results in a material

misstatement to the financial statements. Although finding fraud may be synonymous with

finding a needle in a haystack, numerous cases against auditors points to one conclusion--

fraud was right under the auditor's nose and he or she didn't even see it. The reason why it was

not discovered was because the auditor forgot to perform certain analytical procedures that

would have pointed to an obvious problem.

Also, if there is litigation against the auditor, the plaintiff will no doubt point to SAS No. 56,

Analytical Procedures and the fact that the auditor did not perform adequate analytical

procedures that might have uncovered fraud.

e. Auditors need to corroborate evidence:

Weak audit procedures increase the risk that deficiencies in internal control and poor

accounting practices will not be noticed. Examples of audit procedures that enhance the risk

that fraud might not be detected include:

Accepting verbal or written representations by company management and personnel

without obtaining independent corroborating evidence of such representations.

Accepting confirmations sent directly to the company being audited instead of the

auditor.

Failure to confirm unusual transactions with third parties.

Has SAS No. 99 worked in reducing fraud?

Unequivocally, no. One of the greatest disappointments and wasted efforts of the Auditing

Standards Board (ASB) has been the requirement for auditors of non-public entities to spend

additional time and effort complying with the requirements of SAS No. 99.

Consider a few facts:


89

SAS No. 99 was effective for audits of financial statements for periods beginning on or after

December 15, 2002.

According to the Reports to the Nation, published by the Association of Certified Fraud

Examiners (ACFE), the percentage of frauds discovered by external audits was as follows for

each of the ACFE’s bi-annual reports:

Report to the Nation

Before/after SAS No. 99

% of frauds

initially

detected by

the external

audit

By accident

1996 study Before SAS No. 99 NA NA

2002 study Before SAS No. 99 11% 19%

2004 study After SAS No. 99 11% 21%




Source: Report to the Nation, Association of Certified Fraud Examiners.

By some estimates, auditors have had to expend 5-10 percent additional time to comply with

SAS No. 99’s requirements. What is most troubling is that the additional effort has resulted in

little benefit in uncovering material misstatements in financial statements.

In looking at the chart consider the following conclusions:

a. There has been no increase in the percentage of frauds detected due to the external audit.

In 2002, the percentage of frauds detected due to the external audit was approximately 11

percent prior to the implementation of SAS No. 99. Since that time, in the post-SAS No.

99 environment, the percentage has actually declined to a low of 4 percent in the 2010

study.

b. More than double the percentage of frauds were detected “by accident” as compared with

through the external audit. In fact, the 2008 study revealed that 25 percentage of frauds

were detected “by accident” as compared with 9 percent detected through the external

audit. A similar relationship applies to the other reports.

What this suggests is that the overall goal of SAS No. 99, which was to provide the auditor

with the tools to detect material misstatements to the financial statements due to fraud, has

failed. Instead, it has resulted in wasted auditor time-some of which cannot be passed on to

the client in terms of higher audit fees. After all, few non-public clients see any benefit in an

auditor performing an extra 5-10 percent audit time to perform certain procedures under SAS

No. 99, when those procedures do not translate into uncovering fraud. Will that client agree to

pay an audit fee that is 5-10 percent higher when there is no measureable benefit?


90

Why did the auditing standards board issue SAS No. 99 in the first place?

A primary reason for the ASB’s issuance of SAS No. 99 was political. Previously, the ASB

had issued SAS No. 82 to address the auditor’s responsibility for detecting fraud. SAS No. 82,

which was issued in 1997, was complex, and not very functional. SAS No. 99 was issued to

replace SAS No. 82, and to provide clearer and more comprehensive requirements.

Another point relates to the timing at which SAS No. 99 was issued and its effective date of

2002 year-end audits. Prior to 2003, the ASB was responsible for issuing auditing standards

that pertained to all audits; public and nonpublic companies, alike.

In 2002 and 2003, events changed.

During 2002, in light of the Enron and WorldCom frauds, among others, the ASB was under

significant criticism by Congress and pressure to clean up auditing standards. In particular,

Congress criticized the accounting profession for performing non-attest services for its audit

clients and for the profession’s overall failure to detect the Enron and WorldCom frauds,

among others. The issuance of SAS No. 99 was one of several efforts by the ASB to

demonstrate that the auditing profession could continue to self-regulate and was serious about

fraud.

Ultimately, Congress took the responsibility for issuing auditing standards for public

companies away from the ASB, giving that responsibility to the then newly created Public

Company Accounting Oversight Board (PCAOB), effective in 2003. The result at that time

was that the ASB had issued a voluminous SAS No. 99 for all auditors in hope of appeasing

the SEC community. When the responsibility for issuing auditing standards for SEC

companies was taken away from the ASB in 2003, only auditors of nonpublic companies were

left having to deal with the aftermath of SAS No. 99. It is fair to say that ten years later, SAS

No. 99 has been a flop, and the burden of having to comply with this standard has fallen on the

shoulders of auditors of nonpublic companies, who continue to have difficulty having to pass

on the cost of implementing SAS No. 99 onto smaller nonpublic companies, with little benefit

in terms of detecting more fraud.

The issuance of SAS No. 99 is nothing more than an example of a long string of poorly

drafted, arduous auditing standards issued by the ASB.

The reality is that the percentage of material frauds affecting non-public companies is de

minimis according, the several major malpractice carriers. In general, financial statement

fraud was not a major problem with nonpublic companies before the issuance of SAS No. 99,

and continues not to be a problem.


91

9. Specific Fraud Issues

The types of assets and transactions subject to fraud vary depending on whether the fraud

involves fraudulent financial reporting (cooking the books) or misappropriation of assets

(theft).

It also depends on whether the company is large or small, and closely held versus publicly

held.

The following table compares the two types of frauds:

Description Fraudulent Financial

Reporting

Misappropriation of Assets

(Theft)

Types of assets or transactions

Inventories, receivables and

revenue

Cash –90% 17

Inventories and other assets –

10%

Typical perpetrator Management All levels of employees and

management

Primary reason for actions

Incentive/pressure

Opportunity

Rationalization/attitude

Incentive/pressure

Opportunity and

rationalization/attitude

Size of transaction Usually material to the

financial statements

Usually immaterial to the

financial statements

Type of entity more likely

to be victimized

Larger entity with

sophisticated financial

management

Closely held businesses with

poor internal controls

a. Inventory fraud issues:

Inventory typically represents a major asset of many companies and one that can be easily

manipulated. For example, a company with high sales can overstate inventory by a sizeable

amount and the difference may not appear as a material difference in the gross profit

percentage.

Consider the following example:

Facts: Sales $50,000,000

Gross profit 10,000,000 20%

Net income (loss) before taxes (100,000)

Assume that management fraudulently increases ending inventory by $500,000, the impact on

the gross profit would be as follows:

17

Report to the Nation, Occupational Fraud and Abuse (the Report), Association of Certified Fraud Examiners.


92

Actual Fraudulent

Gross profit 20% 21%

NIBT (loss) $(100,000) $400,000

If management can devise a method to conceal the $500,000 inventory overstatement from the

auditor, the 1 percent increase in gross profit would most likely be accepted by the auditors as

a reasonable change. Yet, the change converts a $(100,000) loss to $400,000 profit, making its

effect dramatic in the eyes of the financial statement users. This example represents a

challenge to auditors whereby a standard analytical procedure, such as a gross profit

percentage test, does not uncover a material fraud.

Unfortunately, in many cases of inventory fraud, client personnel at various levels knowingly

participate and assist in the scheme. The following are examples of inventory frauds that have

occurred in recent years. The source is from individual members of the AICPA task force and

matters obtained from litigation and peer review.

Types of inventory fraud:

1. Nonexistent items recorded as inventory:

Empty boxes or "hollow squares" in stacked goods

Mislabeled boxes containing scrap, obsolete items or lower value materials

Consigned inventory, inventory that is rented, or traded-in items for which credits

have not been issued, and

Diluted inventory so that it is less valuable (e.g., adding water to liquid substances).

2. Management increased or otherwise altered the inventory counts for those items the auditor

did not test count or client obtained auditor's test counts and changed counts on items that

were not tested.

3. Management programmed the computer to produce fraudulent physical quantity

tabulations or priced inventory listings.

4. Management manipulated the inventory counts/compilations for locations not visited by the

auditor.

5. There was double-counting inventory in transit between locations.

6. Inventory was physically moved and counted in two locations.

7. Inventory included merchandise recorded as sold, but not yet shipped to a customer ("bill-

and-hold sales").

8. Management arranged for false confirmations of inventory held by others.


93

9. There was a mismatch between inventory being recorded without the corresponding

payables.

10. The stage of completion of work-in-process was overstated.

11. Management reconciling physical inventory amounts to falsified amounts in the general

ledger.

12. Management manipulated the "roll forward" of an inventory taken before the financial

statement date.

13. There were inadequate reserves for slow-moving and obsolete inventory.

Audit considerations- inventory fraud:

Even though there are numerous ways inventory frauds can be orchestrated, a well-planned

audit can mitigate many inventory fraud schemes.

1. At the planning stage:

Use analytical procedures such as:

- Comparison of high to low inventory value listings or year to year quantities

- Identify material items that represent high dollar value as a percentage of

estimated inventory

Understand the client's business, its products, computer processing applications and

relevant controls and cutoff procedures before physical counts are taken.

Multi-location observations: Observe inventories simultaneously, if possible, to

ensure that goods are not double counted.

Interim date observations: When a client plans an observation at a date other than

year end, the auditor must consider the effectiveness of internal controls, cutoff

procedures and other issues that may impact the auditor’s ability to audit the “roll

forward” of the inventory value to year end.

2. During the physical count:

Test some counts at all locations to ensure items are not double counted.

Apply analytical procedures to the final priced-out inventory.

Make test counts in areas in which the auditor has not historically focused.


94

Record counts of some items that the auditor did not actually count for comparison

with final inventory listing.

Open containers checking for "hollow squares" or empty containers.

For WIP inventories, consider the reasonableness of the stage of completion.

When incorrect counts are observed, the auditor needs to consider whether to increase

test counts or expand other procedures.

Scan inventory tags or count sheets for unusual or unreasonable quantities and

descriptions.

Monitor the client's control procedures over physical count tags or sheets.

3. Inventory at multiple locations:

Take the physical inventory at all significant locations at the same time.

When the physical count at a significant location will not be observed, notify

management that observations will be performed at some locations without advance

notice, to discourage management's manipulation of the inventory.

Note: Where multiple locations, each geographically apart, make it difficult for a

small firm to audit all of them, the firm may consider hiring a local CPA firm at each

remote location to perform the inventory observation.

4. Inventories held for or by others:

Review client procedures to segregate consigned goods from the inventory.

Outside warehouses: If material, the auditor should consider observing the goods

held in an outside warehouse or, obtain written confirmation from the warehouse

in accordance with Inventories (AU 331).18

5. Use of specialists in inventory valuation:

In certain situations, an auditor may not possess the expertise with respect to properly

assess the client's inventories. In these cases, an auditor may need the work of a

specialist and should follow SAS No. 73, Use of a Specialist19

guidance.

6. Post-observation matters:

The extent of audit procedures required normally increases when the inventory

observation is performed at a date other than the balance sheet date.

An auditor should assess audit risk and key controls to ensure that the inventory can be

properly valued at the balance sheet date.

18

Effective December 31, 2012, AU 331 is replaced by AU-C 501, Audit Evidence- Specific Considerations for

Selected Items. 19

Effective December 31, 2012, SAS No. 73 is replaced by AU-C 620, Using the Work of an Auditor’s Specialist.


95

b. Revenue fraud issues:

In the recent years, there have been several high-profile cases involving improper revenue

recognition that should wake up auditors to the risks associated with this area. Of particular

concern is the accounting for high-risk transactions such as those that are unusual and complex

in nature and significant year-end transactions. Even if transactions are not unusual and

complex in nature, auditors should consider the risk that revenues may be misstated whether

intentional or unintentional.

The general rule for revenue recognition is found in FASB Concept Statement No. 6, Elements

of Financial Statements. Statement 6 defines revenues as “inflows or other enhancements of

assets of an entity or settlements of its liabilities from delivering or producing goods, render-

ing services….”

SAB No. 101, Revenue Recognition in Financial Statements, offers four criteria that need to

be met in order to recognize revenue:

1. There is persuasive evidence that an arrangement exists.

2. A delivery of goods has occurred or services have been rendered.

3. The seller’s price to the buyer is fixed and determinable.

4. Collectibility of the sale or service is reasonably assured.

Although the above four criteria appear easy to understand, their application can be difficult.

Many sales transactions may satisfy some, but not all, of the four criteria. Others, in form, may

appear to satisfy the criteria, but in substance, do not.

Types of revenue fraud:

The following are examples of revenue-related areas that pose a high risk:

A dramatic increase in sales, receivables and gross profit margins totally inconsistent with

past experience or industry averages

Certain sales of merchandise that are billed to customers prior to delivery and held by the

seller (bill-and-hold transactions)

Significant transactions with one or a few transactions near year end:

a. Unusually large increases in year-end sales to a single or a few customers,

particularly to new customers

b. Significant returns from a single or a few customers after year end

Sales in which the customer has the right to return the goods

Partial shipments in which the portion not shipped is a key component of the product,

(e.g., shipping of computer peripherals without the CPU)

Shipments to and held by a freight forwarder pending return to the company for required

customer modifications


96

Sales of merchandise shipped in advance of the scheduled shipment date without the

customer’s agreement or assent

Pre-invoicing of goods in process of being assembled or invoicing prior to, or in the

absence of, actual shipment

Shipments made after the end of the period (e.g., the books are kept open to record

revenue for products shipped after period end)

Transactions involving the application of the percentage-of-completion method of

accounting in which overly optimistic estimates are used

Sales not based on actual firm orders to buy

Transactions involving related parties

Sales involving dated payment terms or installment receivables

Sales with terms outside the normal credit policies of the entity

Contingent sales in which payment depends on:

- Buyer receiving financing from another party

- Buyer reselling the product to another party

- Fulfillment by the seller of certain terms and conditions

- Acceptance of the product by the buyer after a certain evaluation period

Sales that require continued seller involvement after the sale such as installation, or other

significant support (e.g., software sales requiring installation, debugging, extensive modi-

fications, or other significant support commitments, etc.)

Sales that are shipped to customers without customer authorization

Shipments of goods to company-owned warehouses

Sales to fictitious customers

Sales based on shipments made on canceled or duplicated orders

Invoicing goods in advance of being assembled

Invoicing goods prior to shipment (bill-and-hold goods)

Complex and unusual sales transactions in which the accounting or finance department

has no involvement

Sales in which substantial uncertainty exists about either collectibility or the seller’s

ability to comply with performance guarantees

Barter transactions

Sales booked on cost overruns before the customer agrees to pay for them

Auditors may want to approach the following two areas with skepticism:

a) Last minute sales

b) Sudden changes in the way the business is conducted

Audit considerations- revenue fraud:

Consider the effect of revenue side agreements:


97

Improper revenue recognition continues to be a major cause of financial statement

misstatements, whether intentional or unintentional. Of particular focus is the presence of side

agreements in which hidden agreements are used to alter the terms and conditions of recorded

sales transactions to entice customers to accept delivery of goods or services. The result is that

certain obligations and contingencies may be created such as financing arrangements or

product installation or customization that may relieve the customer of the typical risks and

rewards of ownership. In such situations, the transaction is not complete and the sale should

not be recorded.

Examples of arrangements that may result in the improper recognition of revenue include:

Shipping goods to customers without customer authorization

Shipping goods to company-owned warehouses and billing fictitious customers, and

Making sales arrangements that obligate the customer to pay only if the goods are

resold or dating payment terms well into the future.

In these cases, traditional audit tests make it difficult to uncover special customer arrangements

consisting of aggressive payment and shipping terms. Consequently, the auditor is most

vulnerable in those cases because:

Receivables are not collected prior to the end of the audit, or

Goods are returned after the auditor completes his or her field work.

Given the creative deal-making between sellers and their aggressive buyers, the auditor should

be aware of transactions where the sale, in essence, is not deemed complete and should not be

recorded. In these situations, the auditor must be familiar with the accounting treatment

covered in ASC 605-15-25, Revenue Recognition-Products- Recognition (formerly FASB No.

48).

ASC 605-15-25 (formerly FASB No. 48), states that if an entity sells its product but gives the

buyer the right to return the product, the revenue shall be recorded only if all of the following

conditions have been met:

a. The seller's price to the buyer is substantially fixed or determinable at the date of sale.

b. The buyer has paid the seller, or the buyer is obligated to pay the seller, and the

obligation is not contingent on resale of the product.

c. The buyer's obligation would not change in the event of theft or physical destruction or

damage of the product.

d. The buyer has economic substance apart from the seller.

e. The seller does not have any significant obligations for future performance to

directly bring about resale of the product by the buyer.


98

f. The amount of future returns can be reasonably estimated.

Observation: Most sellers give their buyers the right to return the product for reasonable

cause. In these traditional cases, the sale is recorded in the year of sale, and the sales returns

are recorded in the period in which the goods are returned. If returns are material, a more

appropriate method is to record an annual allowance for returns in order to properly match the

returns with the revenue in the same period in accordance with ASC 450, Contingencies

(formerly FASB No. 5). However, ASC 605-15-25 (formerly FASB No. 48) goes well beyond

the traditional situations. This Statement essentially refers to transactions that are conditional

in nature, and, thus, not really complete. For example, if the seller must perform future services

after the sale has been made, then, in substance, has a sale really occurred? If the criteria of

ASC 605-15-25 have not been met, the sale is not deemed complete and the sales and related

cost of sales should be deferred until the transaction becomes complete.

If side agreements or special customer arrangements do exist, usually few individuals within

the entity will be aware of them. Consequently, it may be difficult for the auditor to uncover

their existence. Use of standard management representations and other audit procedures

relating to the revenue and accounts receivable areas usually will not be adequate audit

procedures. In this case, the auditor should consider the use of additional audit procedures that

may include:

1) Obtain a sufficient understanding of the client’s industry and business: including its

products, its internal control structure over revenue, and its accounting policies and

procedures.

2) Assign experienced personnel: who can effectively deal with unusual and complex

sales contracts and transactions.

3) Expand confirmation procedures: In addition to confirming account balances and

material revenue transactions, the auditor should confirm relevant terms with custom-

ers to obtain assurance that side agreements do not exist. Confirmations should be ad-

dressed to a person or persons who would be familiar with the terms of any side

agreements such as a person who may be a contract signer and not in the accounts

payable department.

The auditor should consider designing confirmations to identify:

Sales terms and the sales contracts

Side agreements

Liberal rights of return

Note: The standard confirmation request (confirming only the outstanding balance)

alone does not always provide sufficient audit evidence to determine that only ap-

propriate revenue transactions have been recorded.


99

4) Withhold issuance of the audit report until receivables are realized: The auditor may

wish to withhold issuing his or her report until a majority of receivables have been

realized or a reasonable period of time has lapsed (60-90 days) after year end during

which no significant sales have been returned.

5) Include a representation in the management’s representation letter: Although not

providing a great degree of comfort, management’s representation letter should inc-

lude a representation that either identifies known side arrangements or, indicates that

there are no known side arrangements.

6) Make inquiries of relevant personnel: The auditor may wish to make inquiries of

marketing, inventory control, legal and other personnel who would be familiar with

side agreements.

7) Analytical procedures: Effective analytical procedures can be used to identify

situations that warrant additional audit procedures. Examples include sales volume

analyses by the week and month from year to year.

8) Read and understand contracts: The auditor should not only understand the entity’s

normal terms and conditions of sales, but should also read and understand contracts

related to those significant transactions that are unusual and complex.

Applying analytical procedures to revenue:

SAS No. 99 requires that an auditor perform analytical procedures on revenue. The AICPA’s

Audit Issues in Revenue Recognition, a non-authoritative paper, provides assistance in auditing

revenue. In this Paper, the AICPA emphasizes the need to apply analytical procedures to

revenue as part of the audit. The degree to which analytical procedures are used depends on the

amount of fraud risk factors identified in the fraud assessment planning stage. SAS No. 56,

Analytical Procedures,20

requires that the auditor evaluate significant unexpected differences

that are identified by analytical procedures. The following is a list of those analytical

procedures that are suggested in the Paper:

Compare monthly and quarterly sales by location and by product line with sales of the

preceding comparable periods.

Analyze the ratio of sales in the last month or week to total sales for the quarter or year.

Compare revenue recorded daily for periods shortly before and after the end of the audit

period for unusual fluctuations.

Compare the gross profit ratio, overall and by product line, to previous years and to

budget and consider it in the context of industry trends.

20

Effective December 31, 2012, SAS No. 56 is replaced by AU-C 520, Analytical Procedures.


100

Compare details of units shipped with revenues and production records and consider

whether revenues are reasonable compared to levels of production and average sales

price.

Compare the number of weeks of inventory in distribution channels with prior periods

for unusual increases that may involve channel stuffing.

Compare percentages and trends of sales into the distributor channel with industry and

competitors' sales trends, if known.

Compare revenue deductions, such as discounts and returns and allowances, as a

percentage of revenues with budgeted and prior period percentages for reasonableness

in light of other revenue information and trends in the business and industry.

Compare sales credits for returns subsequent to year end with monthly sales credits

during the period under audit to determine whether there are unusual increases that may

indicate contingent sales or special concessions to customers.

Analyze the ratio of returns and allowances to sales.

Compare the aging of accounts receivable in the current and prior periods for buildup of

accounts receivable.

Compare monthly cash receipts for the period under audit to cash receipts subsequent to

year end to determine whether receipts subsequent to year end are unusually low

compared to the collection history during the months under audit.

SAS No. 99’s requirement for special analytical procedures on revenue:

SAS No. 99 requires that an auditor must perform analytical procedures related to revenue.

The objective of these procedures is to identify unusual or unexpected relationships involving

revenue accounts that may indicate a material misstatement due to fraudulent financial

reporting.

Examples of analytical procedures related to revenue follow:

Comparison of recorded sales volume with production capacity-an excess of sales

volume over production capacity may indicate the recording of fictitious sales.

Trend analysis of revenues by month and sales return by month during and shortly after

the reporting period - Variations may indicate the existence of undisclosed side

agreements with customers to return goods that would preclude revenue recognition.

Compare revenue to variable expenses (cost of sales, commissions, etc.) for significant

fluctuations.

Review bad debt writeoffs in relation to sales.

Typically, auditors perform tests to consider whether revenue is overstated when the opposite

understatement of revenue is just as important. In some instances, management or owners

might be motivated to understate revenue because management seeks to reduce taxable income


101

or to shift income to the next period. Auditors should consider management’s or owner’s

motivation in planning the audit in the area of revenue.

Revenue cutoff tests and other procedures:

If sales transactions involve the shipment of a product, revenue cutoff tests are used to test the

revenue recognition. To be effective, revenue cutoff tests should be performed in connection

with inventory cutoff tests. Examples of effective cutoff tests are as follows:

Large quantities of merchandise awaiting shipment should be noted during the year-

end inventory observation. Example: The auditor should inspect the shipping dock and

document large orders that await shipment.

Significant in-transit inventory at year end and/or significant changes from the prior

year.

An unusual increase in sales in the last few days of the audit period followed by an

unusual decrease in the first few days after the audit period.

Numerous shipping locations.

Scan the general ledger, sales journal, and accounts receivable for unusual activity.

Compare operating cash flows to sales by sales person, location, or product.

c. Overstated expenses and liabilities:

Another common financial statement misstatement is to understate expenses and liabilities.

Examples include:

Improperly deferring expenses and recording them in later periods.

Failing to record liabilities related to prepaid dues and repayment obligations.

Audit considerations- understated expenses and liabilities:

An auditor might consider performing the following audit procedures to deal with the

possibilities that expenses and liabilities could be understated:

Search for unrecorded liabilities and expenses by examining unrecorded invoices and

unmatched receiving reports for a period after the end of the period audited.

Correlate recorded expenses with the corresponding balance sheet amounts.

Read minutes of board of directors, shareholders and committee meetings to identify

contracts and commitments that may exist.

Examine contracts, leases, and other agreements and documents for unrecorded

liabilities.


102

Examine unusual and unexplained trends in accounts payable and accrual balances.

d. Overstated assets:

Another way by which management can commit financial statement fraud is to overstate

assets. Examples include:

Recording non-existent assets, such as cash or receivables

Overstating oil and gas reserves and intangible assets.

Audit considerations- overstated assets:

Auditors should consider performing some or all of the following procedures to deal with the

risk that assets could be overstated:

To the extent possible, confirm cash balances directly with banks and financial

institutions, or use alternative procedures to confirm the cash balance.

Perform a detailed review of management’s bank reconciliations.

If needed, use the work of a specialist to deal with certain assets such as oil and gas

reserves, and intangible assets.

e. Auditing undisclosed related-party transactions:

There are indicators of undisclosed related-party transactions that may be symptoms of

fraudulent financial reporting. Examples of indicators of potential related-party transactions

include:

Highly complex business practices that may disguise the true economic substance of the

transactions

The existence of unusual, highly complex, and material transactions that may lack a

valid business purpose

Entities that conduct material intercompany transactions with each other and are audited

by different CPA firms

A complex and secretive corporate structure that restricts disclosure of the identity of

the shareholders

Significant and unusual transactions occurring at or near year end that result in

significant income recognized


103

Significant purchases from new suppliers or sale to new customers during the year that

seem peculiar as to their location, quantity, price or terms

Specific borrowings at below-market terms from unusual sources including unknown

private parties

Guarantees of indebtedness

Loans made without repayments terms

Related vendors and customers

Real estate transactions for amounts different from the appraised value

Sales or nonmonetary exchanges of recently purchased noncurrent assets at significant

gains such as works of art, wine, or other similar artwork.

f. Money laundering:

The AICPA's Audit Risk Alert (the Alert) makes reference to the auditor's role in dealing with

fraud through money laundering.

Money laundering is defined as: the funneling of cash or other funds generated from illegal

means through legitimate businesses to legitimize the cash or funds. The Alert notes that the

gross money laundering product is between $500 billion and $1 trillion annually. Businesses

that are vulnerable to money laundering include banks and non-banking entities such as

gaming and import-export businesses.

Laundering involves three stages explained as follows:

1. Placement: The process of transferring the actual criminal proceeds into the financial

system in such a manner as to avoid detection by financial institutions and government

authorities.

Examples include:

a. Structuring cash deposits into legitimate bank accounts, converting cash into

monetary instruments, and then using the instruments to make investments.

b. Customers making large deposits and investments with laundered proceeds in the

form of monetary instruments, bearer securities, or third-party checks.

2. Layering: The process of generating a series of layers of transactions to distance the

proceeds from their illegal source and to blur the audit trail. Examples include:


104

a. Electronic funds transfers through a bank secrecy haven.

b. Withdrawals of already-placed deposits in the form of highly liquid investments.

c. Account transfers or checks payable to third parties with whom the holder appears to

have no obvious relationship.

3. Integration: In this stage, the funds are reinserted into the economy through spending,

investing, lending and cross-border, legitimate-appearing transactions.

Audit considerations for money laundering include:

a. Money laundering is less likely to be detected in a financial statement audit than other

types of fraud.

b. Assets are more likely to be overstated than understated.

c. There is likely to be short-term fluctuations in account balances rather than cumulative

changes.

d. Money laundering is considered an illegal act with an indirect effect on the financial

statements.

Audit requirements- money laundering:

If an auditor becomes aware of the possibility of illegal acts that could have a material indirect

effect on the financial statements, the auditor should apply audit procedures specifically aimed

at determining whether an illegal act has occurred. Laundered funds and their proceeds are

subject to asset seizure and forfeiture by law enforcement agencies that could result in material

contingent liabilities during prosecution and adjudication cases.

Periodically, the OECD's Financial Action Task Force (FATF) and the U.S. Treasury

Department issue blacklists of governments that are non-cooperative in combating money

laundering.

Possible factors of money laundering include transactions that appear inconsistent with a

customer’s known legitimate business or personal activities or means, and unusual deviations

from normal account and transaction patterns.

Examples of suspicious transactions that may indicate that money laundering is occurring

include:

Unauthorized or improperly recorded transactions with inadequate audit trails


105

Large currency transactions made in exchange for negotiable instruments or for the

direct purchase of funds transfer services

Structuring currency transactions to avoid the $10,000 reporting requirement

Businesses that seek investment services when the source of funds is not available or

difficult to determine

Premature redemption of investment vehicles with requests to remit proceeds to

unrelated third parties

The purchase of large cash value investments followed by heavy borrowing against

them

Large payments received from foreign locations

Purchases of goods, services and currency at below-market prices

Using multiple-auditors and advisors for related entities and businesses

Using companies, trusts and LLCs/partnerships that have no apparent business purpose

10. Anti-Fraud Measures

According to the Report to the Nation on Occupational Fraud and Abuse, published by the

Association of Certified Fraud Examiners, only 23 percent of frauds are initially detected

through effective internal controls. Yet, strong internal control measures continue to be an

entity’s first line of defense against fraud. What is apparent is that there is a significant gap

between companies’ need for effective internal controls and their actual use in preventing

fraud.

In its report entitled Fraud Risk in Emerging Markets21

, the authors note the following based

on a survey conducted of their clients:

a. Respondents rated strong internal controls as the number one factor in preventing fraud.

b. Since the last survey was first conducted, the prevalence of anti-fraud policies has not

significantly increased:

c. 58% of surveyed companies have a formal anti-fraud policy.

21

Fraud Risk in Emerging Markets, Ernst & Young.


106

d. Companies that have anti-fraud policies communicate them to their employees but fail to

communicate them to their suppliers and customers, agents, intermediaries and joint

venture partners.

e. Training is key to the success of an anti-fraud policy yet companies are not devoting

enough fraud training for their employees.

Note: 72% of those surveyed do not provide their employees with training to implement

their entity’s anti-fraud policy.

f. Fraud is more prevalent in emerging markets with corruption and bribery being

disproportionately higher in those markets that all other markets.

Frauds that pose the greatest risk

Type of fraud

% of respondents

Emerging

markets

All

markets

Corruption and bribery 48% 20%

Fraud due to collusion with third parties 20% 31%

Financial statement fraud 10% 20%

Theft 14% 18%

Note: The survey states that emerging markets are far more susceptible to fraud due to

several factors including a) the rapid growth, b) the immature fraud prevention and

detection systems, and c) the limited understanding of fraud risks that typically exist in

those markets.

The survey also notes that many companies do not include the greater risk of fraud in their

list of risk factors used to evaluate their investment decision in emerging markets.

Moreover, 20 percent of entities that consider investments in emerging markets choose not

to make such an investment based primarily on their fraud risk assessment.

Conclusions reached by the survey:

The authors of the survey reach the following conclusions:

Building around a focus of internal controls, companies need to develop anti-fraud

controls into a formal, documented anti-fraud program.

Compliance and enforcement are key elements of an effective anti-fraud program, while

paper programs that exist only for documents are of no use.

An effective anti-fraud program must align closely with the most significant fraud risk

factors facing an entity.


107

Companies must move from a mere notification and education of policies and standards

approach to fraud prevention, toward a corporate culture that lives its ethical values

worldwide.

The tone at the top is critical to the success of any anti-fraud program.

Companies need to quickly implement anti-fraud controls in all new operations in

emerging markets in order to offset the effect of different local business practices.

Companies must establish criteria to govern the escalation of allegations of fraud to help

assure the appropriate oversight and composition of investigative teams.

What about employee hotlines?

It is quite clear that the most effective method by which to catch employee fraud is through a

fraud hotline. Anonymous tips given through fraud hotlines accessible by employees,

customers and suppliers are very effective in reducing fraud.

In fact, despite the legal protection given to whistleblowers, their use and effectiveness is

minute as compared with an anonymous tip hotline. One reason is that employees do not want

the disruption and risk associated with being a known whistleblower. The threat of retaliation

from management makes whistle-blowing a risky and least attractive option.

Here are some suggestions on how to set up a hotline:22

Demonstrate and communicate support for the hotline from the top of management.

Link the recovery from fraud to a reward system under which recovered losses will be

distributed or donated to a charity.

If applicable, involve trade union representatives with the hotline.

Advertise the hotline through company intranets, posters, training programs.

Make sure all hotline reports are handled sensitively and anonymously.

Train specialists in both audit and security to handle the reports or even outsource it.

Make sure that immediate and strict disciplinary action is taken against those found to

abuse the system.

22

Making Employee Hotlines Work, Charles Carr, Kroll Global Fraud Report.


108

What is the appropriate sentence for fraud- 6 months, 24 years or death?

With all the frauds that have been prosecuted in the past few years, there is a debate going on

as to what is the appropriate punishment for one who commits fraud. The range of sentences

worldwide is expansive.

On one end of the spectrum is Michael Resnick, CFO of Royal Ahold NV’s U. S. Foodservice

Inc. He pleaded guilty to playing a key role in the huge fraud committed, but was sentenced

only to six months of home detention and three years of probation.

On the other end is Jeffrey Skilling, former Enron CFO who was sentenced to 24 years in

federal prison even though he has appealed to have certain portions of his case thrown out in

light of the U. S. Supreme Court’s recent ruling on “honest services.”

So, what is the “right” sentence?

The Chinese may be taking fraud more seriously than their U. S. counterparts, particularly in

the case of a fraud committed at the China Construction bank. In this case, Zhou Limin, the

former head of the Bank and its accountant, Lui Yibing stole approximately $30 million from

30 organizations and 400 individuals, of which only $900,000 has been recovered. A Chinese

court sentenced both of them to the death penalty. They lost their appeal.

U. S. sentences for fraud are getting longer:

Although the U.S. courts have yet to elevate fraud cases sentences to death, the tide is certainly

turning as courts look at white-collar fraud crime far more seriously than they used to. The

days of spending five years in a “country-club” prison for committing fraud, apparently are

gone.

In the past few years, in some cases, the courts have issued sentences for fraud that exceed

those for first-degree murder. (On average, murders serve seven years of their sentences.)

We all know that Bernie Madoff got 150 years for his massive $60 billion fraud. But 150 years

is certainly not the longest issued in the past few years. In one 2008 case, the federal court

handed out a sentence to 72-year old Norman Schmidt for 330 years for an investment scheme.

330 years was the longest sentence issued in a federal white-collar case in Colorado, and most

likely anywhere else.

In another case, Virginia authorities sought a 400-year sentence against Edward Hugh Okun in

a $126 million fraud case. Okun used more than $40 million of escrow funds held for clients

involved in a Section 1031 (like-kind exchange) transactions. Although the authorities wanted

400 years, in the end, the 58-year old Okun received a sentence of 100 years. Why such a long

sentence? A key factor that that influenced the long sentence was the fact that Okun stole risk-

free escrowed funds as compared with Madoff investors who were fully aware that their funds

were invested.


109

In another high profile case, New York attorney Marc Dreier received only a 20-year sentence

for his $400 million Ponzi scheme, even though prosecutors sought 145 years.

Even though the sentencing guidelines for fraud are between 5-15 years, the courts appear

willing to punish fraudsters with much longer sentences as a deterrent against future frauds

being perpetrated.

11. A Fraud Scorecard

What if a company could be rated for its susceptibility to fraud; that is, get a fraud scorecard?

Would it help predict future frauds?

A research report was published entitled Predicting Material Accounting Manipulations23

addresses how one can calculate a “fraud score” for public companies. The study and its

conclusions were based on a sample of 680 companies with alleged financial statement fraud.

Specifics from the Report follows:

1. General characteristics of firms committing financial statement fraud (financial statement

manipulation):

a. Most companies manipulate more than one income statement line item with revenue

being the most common as follows:

Revenue: 55% of the cases

Inventory and cost of goods sold: 25% of the cases

Allowances: 10% of the cases

b. Most common industries for manipulations are:

Computers and computer services

Retail

Telecom and healthcare

c. 15% of the manipulations occur in the largest companies.

2. Elements found in financial statements of manipulating firms:

a. Companies have shown strong performance prior to the manipulation.

The manipulations appear to have been motivated by managements’ desire to

disguise a moderating financial performance.

23

Predicting Material Accounting Manipulations, Patricia M. Dechow, et al.


110

In years leading up to a manipulation:

Stock returns outperformed the overall market

In the year of the manipulation:

Stock returns underperform the overall market

Rates of return were declining

There are unusually high PE ratios and market to book ratios

with investors having high expectations for returns.

High issuance of debt and equity

Cash profit margins decline

Earnings growth declines

Accruals increase

Sales order backlog declines

Employee headcount declines

Demand for product declines

Abnormal increases in leasing activity to provide financing flexibility

Example: In 20X1, 20X2 and 20X3, Company X has excellent performance and

its stock price outperforms the market. In 20X4, the performance and stock price

appear to sliding downward.

Conclusion: In 20X4, Company X manipulates its financial statements to disguise

the downward trend from excellent years in 20X1, 20X2 and 20X3.

3. The fraud (manipulation) prediction model- the F Score:

The manipulation prediction model is based on the characteristics of companies along five

dimensions that are used to develop the “F Score.”

The F Score is a predictor of financial statement manipulation. The higher the score, the higher

the likelihood that a company will manipulate its financial statements. An F Score of 1.00 or

higher represents a candidate with a high probability to manipulate its financial statements

while less than 1.00 is a lower probability. According to the Study, 50 percent of manipulating

companies have F-Scores in the top 20 percent of all companies. In creating an F Score, the

model uses five factors.

a. Accrual quality:

Combination of several formulas (see discussion below)

b. Financial performance:


111

Rates of return decline

Earnings growth rates decline

c. Non-financial measures:

Sales backlog decline indicating a weaker product demand

Abnormal reduction in number of employees24

d. Off-balance sheet activities:

Use of operating leases to eliminate debt and improve cash flow

Higher than usual returns on pension plans to reduce pension expense

e. Market-based measures:

PE ratios and market-to-book ratios decline

Observation: The accrual quality measurement is a function of several formulas including:

Sloan accruals: Change in current assets (excluding cash) less changes in current liabilities

(excluding short-term debt), less depreciation.

RSST accruals: Changes in long-term operating assets and long-term operating liabilities.

Change in receivables: Manipulation of receivables improves sales growth which is an

important metric looked at by investors.

Changes in inventories: Manipulation of inventory levels improves gross margin.

Observation: The study performed a retrospective look at Enron in year 2000 and found that

Enron would have had an F Score of 1.85 which is almost twice the probability of being a

fraud firm.

Conclusion of the Study: The Study correctly identified 60% of manipulating firms in

advance. In the year a company is performing financial statement manipulation, certain key

factors are typically present in order to hide a slowdown in financial performance and maintain

high stock price:

Accrual quality is low

Financial and non-financial measures of performance are deteriorating

24

An abnormal decline in the number of employees occurs when the % reduction in employees exceeds the % reduction in

total assets.


112

Financing activities and off-balance sheet transactions are more active

Because the Study correctly predicted 60% of manipulation cases, the F-Score can be used as

an effective measurement and predictor of fraud in an audit.

12. Computer crime and theft

Many companies focus on safeguarding their tangible assets such as inventory and fixed assets.

Yet, perhaps right in front of them is their most critical asset; their computer data and other

proprietary information.

According to the CSI/FBI Computer Crime and Security Survey, the four most expensive

computer crimes that account for 74% of all losses were:

Viruses

Unauthorized access

Laptop and mobile hardware theft, and

Theft of proprietary information.

Who is most likely to commit computer crime?25

Company employees are most likely to engage in computer theft than external parties. The

primary reason is access. Employees already have access inside firewalls, intrusion detection

devices, and other detection systems.

The concern is not only with existing employees, but also previous ones. In one report,

consider the fact that 33% of computer fraud was committed by existing internal employees

while 28% was committed by former employees and their partners who still had access to

information.26

Moreover, often disgruntled employees are the perpetrators of computer and information fraud

and typically use of the following techniques:

Email: 80% of employees admit to sharing confidential information with outsiders

through email.

Instant messaging: Employees use IM tools to transfer files and send small amounts of

text.

CDs or DVDs: Significant volumes of data can be transferred via disks in a short period

of time.

25

From Protecting Data Sources From Internal Theft, Alan Brill. 26

The Global State of Information Security, PWC.


113

Digital cameras: Employees can take pictures of sensitive information and documents.

Other small data storage devices: Other devices such as Palm Pilots and BlackBerries

can be used to carry data outside the organization.

Radio-based gadgets: Wireless routers and networks and Bluetooth dongles allow an

employee to connect a cell phone or PDA to a computer and transfer date.

The lesson is that an effective information fraud program must deal with everyone who has

access to sensitive information including current and past employees, part-timers and

temporary employees, and outsourcing companies that deal with confidential data.

13. Integrity Survey

Corporate integrity has become more important as companies, regulators, and investors look

for a better understanding of factors that may have contributed to the various economic issues

that existed in the marketplace along with corporate fraud and misconduct.

In 2009, KPMG issued its 2008-2009 Integrity Survey based on a population of 5,000

employees nationwide. The Survey has not been updated since its issuance in 2009, but its

results appear to be relevant almost three years later.

According to the Survey, employees are facing greater pressure to meet revenue and cost

targets that may drive them to using improper means to do so, particularly if they believe their

jobs would be in jeopardy.

Based on the survey:

1. Misconduct in corporate America remains high with 74 percent of the employees surveyed

reporting that they have personally observed or have firsthand knowledge of wrongdoing

within their organizations during the past year.

2. 46% reported that if the misconduct were to be discovered, it would cause a significant loss

of public trust in the organization. 60% of employees from the banking and finance

industry noted a significant misconduct.

3. Major drivers of fraud and misconduct were:

a. 59% feel pressure to do whatever it takes to meet business targets.

b. 52% believe they will be rewarded for results regardless of the means to achieve them.

c. 50% lack resources to get their jobs done without cutting corners.

d. 49% fear losing their jobs if they do not meet their targets.

4. Although whistleblowing actions have increased, it remains a risk that boards and

management may not hear from employees until it is too late.


114

a. 57% stated they would feel comfortable using a hotline to report misconduct, which is

an increase from the previous survey which had only 40% of the respondents.

b. 53% believed they would be protected from retaliation.

c. 39% believed they would be satisfied with the outcome if they reported misconduct to

management.

5. Types of misconducts included:

From the survey, respondents identified the following misconducts as those they had either

engaged in or witnessed being committed within their organizations.

Types of Misconducts Perpetrated or Witnessed

Type of misconduct committed % of respondents

Violating workplace health and safety rules 47%

Discriminating against employees 47%

Wasting, mismanaging, or abusing organization resources 44%

Engaging in sexual harassment 38%

Violating employee wage, overtime, and benefit rules 28%

Breaching employee privacy 28%

Engaging in false or deceptive sales practices 27%

Entering into supplier contracts that lack proper terms,

conditions and approvals

26%

Abusing drugs and/or alcohol at work 26%

Mishandling confidential or proprietary information 24%

Violating or circumventing supplier selection rules 24%

Fabricating product quality or safety test results 23%

Violating environmental standards 23%

Breaching computer, network, or database controls 22%

Falsifying time and expense reports 21%

Engaging in activities that pose a conflict of interest 20%

2008-2009 Integrity Survey, KPMG, 2009

The respondents suggested that the following actions could be taken to mitigate the effects of

misconduct and provide an environment of a high-integrity organization.

a. Have a tone at the top with local managers and supervisors, and CEOs and other senior

executives that are positive role models.

b. Create a team culture and work units that are motivated and empowered to do the right

thing.


115

c. Have channels within which employees can feel comfortable to report misconduct

without retaliation.

Observation: In today’s litigious environment, it is important the companies and their boards

establish an ethics and compliance program and that they exercise regular oversight of that

process. There have been several recent cases where shareholders have sued their companies

and their boards for damages resulting from employee misconduct. The fact that a company

has an ethics compliance program and that the board exercises reasonable oversight over that

program generally have shielded the board from personal liability in recent cases.27

14. Correlation Between Bankruptcy and Fraud

Is there a high correlation between a company that goes bankrupt and one that commits fraud?

Is an entity that has fraud perpetrated more likely to file bankruptcy?

A study published by Deloitte Touche addresses these issues.

The Study28

is based on a review of the bankruptcy filings of more than 1,000 publicly traded

companies over a six-year period, and approximately 400 companies that had been issued SEC

Accounting and Auditing Enforcement Releases (AAERs) over an eight-year period.

The results concluded:

1. Bankrupt companies were three times more likely to be issued financial statement fraud

AAERs by the SEC subsequent to the bankruptcy filing.

a. The fact that a large publicly traded company files for bankruptcy is an event that

attracts the SEC’s attention.

b. 69% of the SEC’s AAERs were issued within three years after the entity filed

bankruptcy.

c. Bankrupt companies were twice as likely to have more than 10 fraud schemes in their

history.

2. Companies issued financial-statement-fraud AAERs were more than twice as likely to file

bankruptcy as those not issued one.

a. One in seven AAERs was issued against companies prior to those companies filing for

bankruptcy, suggesting that AAERs may be a warning sign for filing a future

bankruptcy.

27

See Stone v. Ritter, C. A. (Delaware, November 6, 2006) as noted in the KPMG report. 28

Ten Things About Bankruptcy and Fraud, Deloitte Forensic Center.


116

b. Company morale at troubled companies along with pressure to reach lofty budgets can

create an environment to perpetrate fraud.

c. The most common types of financial statement fraud for bankruptcy companies were

revenue recognition, manipulation of expenses, and improper disclosures.

15. The CFO Perspective on Their Outside Auditors and Fraud

One recent survey of CFOs demonstrates the challenges auditors have in discovering fraud. In

the survey, the majority of CFOs stated that they believe it would be possible to intentionally

misstate their financial statements with their auditor not discovering the misstatement.

62% believe it would be possible to intentionally misstate their company’s financial

statements.

Only 17% believe it is possible for auditors to detect any and all corporate fraud.29

The results of the CFO survey are somewhat disturbing in light of the psychology of fraud. In

general, the fraud triangle provides that typically, three elements exist in a fraud:

incentive/pressure, opportunity, and rationalization/attitude. If a CFO believes he or she can

commit a financial statement fraud that is not likely to be detected by the outside auditor, that

assumption creates a heightened environment with respect to the existence of one of the three

elements: the CFO perceiving that he or she has an opportunity to commit fraud.

16. Madoff and the single auditor issue

Four years after Bernie Madoff turned himself in to the Authorities, the cases involving

Madoff, his family, and the hundreds of victims and perpetrators, are still in their infancy.

In hindsight, commentators assert that there were numerous “red flags” that supported a

conclusion that Madoff was perpetrating a massive fraud and that various parties should have

read those signals to avoid the fraud from occurring in the first place.

Some of the signs identifying that fraud existed include:30

All key players in the Madoff organization were family members.

The Madoff funds allegedly earned returns significantly higher than the market for

similarly risked investments.

The investment returns were too consistent for an otherwise volatile equity market.

Madoff’s investment funds had poor transparency.

Madoff used a sole auditor.

29

Survey by Grant Thornton, LLP 30

Bernard Madoff and the Sole Auditor Red Flag, Fuerman, Journal of Forensic & Investigative Accounting.


117

Of particular focus in recent articles and studies is the fact that Madoff’s auditor, Friehling &

Horowitz (F&H), had a very small operation when compared with the scope of Madoff’s

operations. In essence, the F&H operation was a sole practitionership with a second partner

retired in Florida.

Since the Madoff scandal broke, numerous CPA firms that represented “feeder funds” have

been sued. Although these feed funds had reputable CPA firms and investment advisors, the

underlying investment assets were held by Madoff. Consequently, there are two questions that

are now at the forefront of the Madoff audit controversy:

1. Are the auditors of a capital-management (feeder fund) firm required to audit the

underlying investments of the funds (Madoff, for example) that it invests in?

2. Is the use of a sole practitioner who audits a disproportionately larger company

(Madoff) a red flag that would require the auditors of the capital-management

company to perform additional procedures?

Before addressing the two previous questions, the author presents a general outline of the

current rules found in SAS No. 1, AU Section 543, Part of Audit Performed by Other

Independent Auditors below:

AU Section 54331

applies to a principal auditor who uses the work and reports of other

independent auditors who have audited the financial statements of one or more subsidiaries,

divisions, branches, components, or investments included in the financial statements presented.

The Standard also provides the form and content of the principal auditor's report in these

circumstances.

AU Section 543 allows a principal auditor (of a feeder fund) to issue an auditor’s report that

either:

a) references the other auditor, or

b) does not reference the other auditor.

If the other auditor is not referenced in the principal auditor’s report (option (a)), the principal

auditor is required to perform additional audit procedures.

Decision not to reference the other auditor in the principal auditor’s report:

1. If the principal auditor is able to satisfy himself (or herself) as to the independence and

professional reputation of the other auditor, and takes steps he considers appropriate to

satisfy himself (herself) as to the audit performed by the other auditor, he or she may be

31

AU Section 543 is superseded by AU-C 600, Special Considerations Audits of Group Financial Statements (Including

the Work of Component Auditors), started for calendar year 2012 audits.


118

able to express an opinion on the financial statements taken as a whole, without making

reference in his or her report to the audit of the other auditor.

2. If the principal auditor decides not to reference the other auditor in his or her report, he or

she should not state in his report that part of the audit was made by another auditor because

to do so may cause a reader to misinterpret the degree of responsibility being assumed.

3. Ordinarily, the principal auditor would be able to make the decision not to reference the

other auditor in his or her report when any one of the following occurs:

a. Part of the audit is performed by another independent auditor which is an associated or

correspondent firm and whose work is acceptable to the principal auditor based on his

knowledge of the professional standards and competence of that firm.

b. The other auditor was retained by the principal auditor and the work was performed

under the principal auditor's guidance and control.

c. The principal auditor, whether or not he selected the other auditor, nevertheless takes

steps he considers necessary to satisfy himself as to the audit performed by the other

auditor and accordingly is satisfied as to the reasonableness of the accounts for the

purpose of inclusion in the financial statements on which he is expressing his opinion,

or

d. The portion of the financial statements audited by the other auditor is not material to the

financial statements covered by the principal auditor's opinion.

Decision to make reference to the other auditor in the principal auditor’s report:

1. Alternatively, the principal auditor may decide to make reference to the audit of the other

auditor when he expresses his opinion on the financial statements.

Note: In some situations, it may be impracticable for the principal auditor to review the

other auditor's work or to use other procedures which in the judgment of the principal

auditor would be necessary for him to satisfy himself as to the audit performed by the other

auditor.

Also, if the financial statements of a component audited by another auditor are material in

relation to the total, the principal auditor may decide, regardless of any other

considerations, to make reference in his report to the audit of the other auditor.

2. When the principal auditor decides that he will make reference to the audit of the other

auditor, his report should indicate clearly the following:


119

a. In both the introductory, scope and opinion paragraphs, the division of responsibility

should be identified as between that portion of the financial statements covered by his

own audit and that covered by the audit of the other auditor.

b. The report should disclose the magnitude of the portion of the financial statements

audited by the other auditor. This may be done by stating the dollar amounts or

percentages of one or more of the following: total assets, total revenues, or other

appropriate criteria, whichever most clearly reveals the portion of the financial

statements audited by the other auditor.

c. The other auditor may be named but only with his express permission and provided his

report is presented together with that of the principal auditor.

Note: Reference in the report of the principal auditor to the fact that part of the audit

was made by another auditor is not to be construed as a qualification of the opinion, but

rather as an indication of the divided responsibility between the auditors who conducted

the audits of various components of the overall financial statements.

Procedures that must be performed under both methods of reporting:

1. Whether or not the principal auditor decides to make reference to the other auditor in the

principal auditor’s report, he of she should make inquiries concerning the professional

reputation and independence of the other auditor.

2. The principal auditor also should adopt appropriate measures to assure the coordination of

his activities with those of the other auditor in order to achieve a proper review of matters

affecting the consolidating or combining of accounts in the financial statements.

3. Inquiries and other measures made by the principal auditor may include procedures such as

the following:

a. Make inquiries as to the professional reputation and standing of the other auditor to one

or more of the following:

The American Institute of Certified Public Accountants

The applicable state society of certified public accountants and/or the local chapter,

or in the case of a foreign auditor, his corresponding professional organization

Other practitioners

Bankers and other credit grantors, and

Other appropriate sources.

b. Obtain a representation from the other auditor that he or she is independent under the

requirements of the American Institute of Certified Public Accountants and, if approp-

riate, the requirements of the Securities and Exchange Commission (SEC).


120

c. Ascertain through communication with the other auditor:

(i) That he or she is aware that the financial statements of the component which he is

to audit are to be included in the financial statements on which the principal

auditor will report and that the other auditor's report thereon will be relied upon

(and, where applicable, referred to) by the principal auditor.

(ii) That he or she is familiar with accounting principles generally accepted in the

United States of America and with the generally accepted auditing standards

promulgated by the American Institute of Certified Public Accountants and will

conduct his or her audit and will report in accordance therewith.

(iii) That he or she has knowledge of the relevant financial reporting requirements for

statements and schedules to be filed with regulatory agencies such as the Securities

and Exchange Commission, if appropriate.

(iv) That a review will be made of matters affecting elimination of intercompany

transactions and accounts and, if appropriate in the circumstances, the uniformity

of accounting practices among the components included in the financial

statements.

Note: Inquiries as to matters under a, and c (ii) and (iii) ordinarily would be

unnecessary if the principal auditor already knows the professional reputation and

standing of the other auditor and if the other auditor's primary place of practice is in the

United States.

If the results of inquiries and procedures by the principal auditor lead him or her to the

conclusion that he or she can neither assume responsibility for the work of the other

auditor insofar as that work relates to the principal auditor's expression of an opinion on

the financial statements taken as a whole, nor report with reference to the other auditor,

he or she should appropriately qualify his opinion or disclaim an opinion on the

financial statements taken as a whole. The reasons for the qualification or disclaimer

should be stated, and the magnitude of the portion of the financial statements to which

his qualification extends should be disclosed.

Additional procedures under decision not to reference to the other auditor in the principal

auditor’s report:

1. When the principal auditor decides not to make reference to the audit of the other

auditor, in addition to being satisfied as to the matters “procedures that must be

performed under both methods of reporting,” the principal auditor should also consider

whether to perform one or more of the following procedures:

a. Visit the other auditor and discuss the audit procedures followed and results thereof.


121

b. Review the audit programs of the other auditor. In some cases, it may be appropriate to

issue instructions to the other auditor as to the scope of his audit work, and

c. Review the working papers of the other auditor, including the understanding of internal

control and the assessment of control risk.

Note: In some circumstances, the principal auditor may consider it appropriate to

participate in discussions regarding the accounts with management personnel of the

component whose financial statements are being audited by other auditors and/or to make

supplemental tests of such accounts. The determination of the extent of additional

procedures, if any, to be applied rests with the principal auditor alone in the exercise of his

professional judgment and in no way constitutes a reflection on the adequacy of the other

auditor's work. Because the principal auditor in this case assumes responsibility for his

opinion on the financial statements on which he is reporting without making reference to

the audit performed by the other auditor, his judgment must govern as to the extent of

procedures to be undertaken.

Should the auditors of the feeder funders have audited the work of the Madoff auditor under

AU 543?

Now that the reader has reviewed the general requirements of AU 543, what responsibility did

the feeder fund auditors have to audit or review the work of Madoff’s auditor, F&H?

Regardless of whether reference is made to the Madoff auditor in the feeder fund auditor’s

reports, at a minimum, AU Section 543 requires the feeder-fund auditors to perform certain

procedures that include:

1. Make inquiries concerning the professional reputation and independence of the Madoff

auditor

2. Obtain a representation letter from the Madoff auditor that he is independent under the

requirements of the AICPA and, if appropriate, the requirements of the Securities and

Exchange Commission (SEC), and

3. Ascertain through communication with the other auditor:

(a) That the Madoff auditor is aware that the financial statements of the component

which he is to audit are to be included in the financial statements on which the

principal auditor will report and that the other auditor's report thereon will be

relied upon by the principal auditor.

(b) That the Madoff auditor is familiar with GAAP and will conduct his or her audit

and will report in accordance therewith.


122

(c) That the Madoff auditor has knowledge of the relevant financial reporting

requirements for statements and schedules to be filed with regulatory agencies

such as the Securities and Exchange Commission, if appropriate.

(d) That a review will be made of matters affecting elimination of intercompany

transactions and accounts and, if appropriate in the circumstances, the uniformity

of accounting practices among the components included in the financial

statements.

Once the above work is done by the feeder-fund auditor, that auditor must decide whether or

not to refer to the Madoff auditor in his or her report. According to one report, all of the

feeder-fund auditors did not reference to the work of the Madoff auditor and, consequently,

relied on the Madoff auditor’s audit and report thereon.

AU Section 543 states that if the feeder-fund auditor does not make reference to the audit of

the Madoff auditor, he or she should consider whether to perform additional procedures

including:

a. Visit the Madoff auditor and discuss the audit procedures followed and results thereof

b. Review the audit programs of the Madoff auditor and, possibly issue instructions to the

Madoff auditor as to the scope of his audit work, and

c. Review the working papers of the Madoff auditor, including the understanding of

internal control and the assessment of control risk.

If the feeder fund auditor did not perform some or all of the above procedures, they may not

have followed GAAS. Time will tell whether some or all of the feeder fund auditors complied

with GAAS under AU Section 543.

Another issue has to do with the “red flag” of the reputation and experience of the Madoff

auditor. Although some commentators states that the fact that the Madoff auditor was a sole

practitioner was, in and of itself, a red flag, nothing in GAAS states that the size of a CPA

firm has anything to do with the quality of the audit work and the experience of the auditor.

There were, however, several key signs that should have been observed in assessing the

Madoff auditor that included:

He was not registered with the Public Company Accounting Oversight Board (PCAOB),

which was required by the SEC in connection with the Madoff investment funds.

He had not been subject to New York state peer review.

Regardless of whether it is valid, the Madoff fraud has brought to the forefront a debate as to

whether sole practitioners have the ability to perform a quality audit for larger organizations.


123

In a report entitled, Bernard Madoff and the Sole Auditor Red Flag,32

the author of the Report

performed an investigation as to whether a company’s use of a “solo auditor” is a red flag. The

Report was based on a study of 396 non-Big 4 litigations occurring during the period 1996 to

2008. The data was separated by size of CPA firm based on Medium (six largest non-Big 4

CPA firms), small CPA firms, very small CPA firms (2-9 accountants), and solo practitioners.

From the sample, the author of the Report evaluated the percentage of lawsuits against audit

clients, in which the CPA-auditor was also named as a defendant. The assumption was that if

an audit client is sued but the CPA–auditor is not sued, the audit quality must be high.

Conversely, if the CPA-auditor is also sued along with the audit client, the audit quality must

be low.

Conclusions reached by the Report and other studies include:

a. Audit quality is positively associated with CPA firm size. The larger the CPA firm, the

more it will invest in monitoring its partners because the firm’s reputation capital is so

valuable.

b. A solo auditor raises a red flag, although like any red flag, it proves nothing, and

requires further investigation.

Where a principal auditor is required to make inquiries concerning the professional

reputation and independence of the other auditor, such inquiries have heightened

important whenever the other auditor is a solo auditor.

Observation: Although the previous Report suggests that audit quality is lower in smaller

firms, in particular sole practitioners, one cannot apply this conclusion across the entire

population of sole practitioners. The reality is that most sole practitioners do an excellent job

in performing their engagements, including audits. Like all professionals, there are always

examples of professionals that miss the mark and perform sub-par engagements. Certainly,

the failure of the Madoff audit should not be construed as a reliable example of how other sole

practitioners perform their engagements. Instead, the Madoff auditor had other signs of

deficiency including his failure to register under the PCAOB and not going through peer

review.

What were the warning signs that Madoff was a fraudster?

The smartest people in the room can identify a list of early warning signs that suggested that

Madoff was engaged in a fraud. Using hindsight to identify fraud warning signs is like looking

at Nostradamus’s predictions after the events occur. After the fact, it is easy to see the obvious.

32

Bernard Madoff and the Solo Auditor Red Flag, Ross D. Fuerman.


124

There are extensive studies, reports, and analyses that have been published since the Madoff

fraud was uncovered, each with its own twist as to how obvious the fraud signs were. Yet,

those same authors were nowhere to be found during the twenty years in which Madoff

perpetrated his fraud. The SEC, analysts, family members, accountants (most), lawyers, and

others were all conned over an extensive span of twenty years. Only one analyst, Harry

Markopolos, CPA, had the analysis and conviction to determine that Madoff could not be

legitimately generating the above-market returns over an extended period of time. When

Markopolos contacted the SEC about his fraud theory, the SEC ignored him. Exclusive of

Markopolos, other professionals were fooled by Madoff in a scam that seems obvious in

hindsight, but was not identified during the period in which the fraud was committed.

One particular analysis looks into the psychological profile of Madoff as a predator, who fed

off the people around him.

According to this one study, Madoff had the profile of a predator, based on the following

attributes:33

It is likely that Madoff’s family (wife and two sons) were kept in the dark about the

fraud.

Madoff had the need to look successful, with expensive suits, private jets, yachts, etc.

Madoff had a lack of trust and engaged in secrecy with cameras in his office, lack of

access to his 17th

floor.

People around Madoff feared him and his temper.

Madoff lied on a regular basis to the SEC, bankers and analysts.

Madoff was dishonest, including having several affairs for which he had to pay out

“hush money.”

Madoff had several obsessions including obsessive compulsive disorder (OCD) such as

obsessive cleanliness and orderliness.

Madoff had odd, eccentric behaviors including extensive blinking, elimination of email

access, dropping his pants in public, etc.

Madoff was unwilling to apologize for his fraud.

There were stress cracks in Madoff’s mask of appearance including temper tantrums.

33

Bernie Madoff: Predator of His Own Kind, Terry A. Sheridan, Ph.D. , 2010.


125

Madoff continued with the facade even after he was caught.

Madoff had a superiority complex.

Madoff was a sociopath in that he was capable of lying, manipulation, the ability to

deceive, feelings of grandiosity and callousness toward his victims.

Observation: As previously discussed in this course, the fraud triangle includes three

elements: incentive or pressure, opportunity, and rationalization or attitude. Madoff’s profile

as a predator is an example of how a fraudster can rationalize his fraud. Studies have

confirmed that many fraudsters rationalize their fraud as representing compensation that is

owed to them. In general, they do not see themselves as committing a fraud. Madoff was able

to rationalize his fraud and certainly demonstrated no remorse with his failure to apologize to

his victims. In fact, in prison, Madoff was quoted as stating that he carried his investors for 20

years and he was now doing 150 years in prison.


126

REVIEW QUESTIONS









1. According to the recent study, Is Time Theft Robbing You Blind, who is more likely to

steal time from their employer?

a. employees age 30 and older

b. employees in high-ranking positions

c. manufacturing personnel

d. temporary employees

2. According to the AICPA’s Audit Risk Alert, what “circumstance and observation” might

serve as a warning sign of fraud:

a. a small company that has a large company mentality

b. compensation plans that are established to help generate profits

c. the company experiences success over continued periods

d. sales are growing faster than receivables

3. To help mitigate inventory fraud schemes, at the planning stage the auditor should

perform certain procedures. Which of the following are examples of such procedures?

a. make test counts in areas in which the auditor has traditionally focused in past audits

b. review client procedures to integrate consigned goods from the inventory

c. take the physical inventory at all significant locations at the same time

d. become familiar with the client’s business and its products or services

4. Which of the following is an indicator of potential related-party transactions?

a. a single CPA firm audits entities that conduct material intercompany transactions with

each other

b. the appraised value of real estate is different from the real estate transaction

c. significant transactions occurring throughout the year that result in significant income

recognized

d. specific borrowings at market terms


127

5. In what stage of money laundering are the funds reinserted into the economy through

spending, investing, lending and cross-border, legitimate-appearing transactions:

a. funneling

b. integration

c. layering

d. placement


128

SUGGESTED SOLUTIONS

1. According to the recent study, Is Time Theft Robbing You Blind, who is more likely to

steal time from their employer?

a. Incorrect. The study found that employees under age 30 steal more time than employees

age 30 and older.

b. Correct. The study found that employees in a greater position of seniority have a

greater chance of stealing time from their employer.

c. Incorrect. Manufacturing personnel do not steal as much time as other types of

personnel. For example, the study found that office personnel steal more time than

manufacturing personnel.

d. Incorrect. The study found temporary employees do not steal significant time.

Permanent employees steal more time than temporary employees.

2. According to the AICPA’s Audit Risk Alert, what “circumstance and observation” might

serve as a warning sign of fraud:

a. Incorrect. A “circumstance and observation” that might serve as a warning sign of fraud

is a large company that continues to have a small business mentality. A large company’s

management may still retain control of the internal control environment even as the

company continues to grow. The centralized control of operations creates a greater risk

that management might override internal controls.

b. Incorrect. A “circumstance and observation” that might serve as a warning sign of fraud

is compensation plans that reward management for achieving aggressive financial goals

or are geared toward enriching executives rather than generating profits. Auditors

should be aware of the power of greed in motivating management and other employees

to take actions they might not otherwise take.

c. Correct. A “circumstance and observation” that might serve as a warning sign of

fraud is continued periods in which the company experiences success. Management

may inappropriately make decisions without taking into account the typical peaks

and troughs in the business cycle.

d. Incorrect. A “circumstance and observation” that might serve as a warning sign of fraud

is when receivables grow faster than sales, not the other way around. If sales are

declining, management may attempt to inflate receivables to improve its financial

position.

3. To help mitigate inventory fraud schemes, at the planning stage the auditor should:

perform certain procedures. Which of the following are examples of such procedures?

a. Incorrect. During the physical count, the auditor should make test counts in areas in

which the auditor has not historically focused to surprise the client. Taking physical

accounts in areas historically focused on by the auditor allows the client to predict

where and when the auditor will perform audit procedures.

b. Incorrect. When inventories are held for or by others, the auditor should review client

procedures to segregate, not integrate, consigned goods from the inventory.


129

c. Incorrect. When inventory is at multiple locations, the auditor should take the physical

inventory at all significant locations at the same time to avoid the risk of double

counting the same inventory.

d. Correct. An important part of planning for inventory observation is for the

auditor to understand the client’s business, its products, computer processing

applications and relevant controls, and cutoff procedures before physical counts

are taken.

4. Which of the following is an indicator of potential related-party transactions?

a. Incorrect. An indicator of potential related-party transactions is entities that conduct

material intercompany transactions with each other and are audited by different CPA

firms.

b. Correct. An indicator of potential related-party transactions is real estate

transactions for amounts different from the appraised value, suggesting there is

related-party bias in the valuation.

c. Incorrect. An indicator of potential related-party transactions is significant and unusual

transactions occurring at or near year end that result in significant income recognized.

Significant transactions occurring throughout the year by themselves are not an

indication of related-party transactions.

d. Incorrect. An indicator of potential related-party transactions is specific borrowings at

below-market terms from unusual sources including unknown private parties. Market

value borrowings do not indicate the existence of related party transactions.

5. In what stage of money laundering are the funds reinserted into the economy through

spending, investing, lending and cross-border, legitimate-appearing transactions:

a. Incorrect. The term “funneling” is part of the definition of money laundering and is not

a stage. Money laundering is defined as the funneling of cash or other funds generated

from illegal means through legitimate businesses to legitimize the cash or funds.

b. Correct. In integration, the third stage of laundering, the funds are reinserted into

the economy through spending, investing, lending and cross-border, legitimate-

appearing transactions. c. Incorrect. Layering, the second stage of laundering, is the process of generating a series

of layers of transactions to distance the proceeds from their illegal source and to blur the

audit trail.

d. Incorrect. Placement, the first stage of laundering, is the process of transferring the

actual criminal proceeds into the financial system in such a manner as to avoid detection

by financial institutions and government authorities.


130


IV. Attempting to Limit Auditor’s Liability

Auditors on both sides of the Atlantic are trying techniques to limit their liability to their

clients and third parties.

Europe is moving ahead with liability limits:

In Europe, auditors have had much greater success with limiting liability than those in the

United States. In particular, the Big Four have won several battles to limit their liability, with

the most recent victories occurring in the U.K. and Belgium. The goal appears to be to win

Europe-wide limits on liability and then attempt a similar cap in the United States. With the

demise of Andersen in Enron and WorldCom, any one of the Big Four is one major claim away

from going out of business.

The U.K. government has passed legislation that allows auditors to negotiate with companies

for liability caps and provide for proportionate responsibility for losses incurred. The result is

that damages against auditors are limited to only a portion of the total amount of loss deemed a

direct result of the audit, with management and others absorbing the remainder. Presently,

auditors can be liable for all damages if other defendants are insolvent.

In the United States, auditors have been unable to push legislation that would limit liability. As

a result, auditors are limiting liability contractually by placing liability caps in their

engagements letters. Although the liability cap approach may protect auditors against their

clients who are a party to the engagement letter contract, it does not help such U.S. auditors

shield themselves against third-party liability.

Why use liability caps in the first place?

Placing liability caps and indemnification clauses in engagement letters is nothing new. Firms

in all industries, from architects to CPAs have used them to limit liability. In the wave of a

series of sizeable liability claims against the Big 4, liability caps provisions have given the Big

4 and other firms partial liability protection by limiting the claim settlement due to the client in

the event of a lawsuit. Because all of the Big 4 use liability cap provisions to some extent,

management and audit committees have little choice but to accept them. This is the risk that

exists when there are only four major national accounting firms to perform the majority of SEC

audits.

Liability caps are an effective and secretive way for auditors to limit liability since engagement

letters are generally not published in proxy reports. Thus, any liability limits inside the

engagement letter may go unnoticed by shareholders and third parties.


131

Critics of liability limitations claim that auditors should be required to disclose the liability

caps and indemnifications in their proxy statements. Recently, the SEC has challenged use of

certain types of liability caps used by the Big 4, asserting they taint independence.

To date, the AICPA and SEC have different opinions as to whether an auditor taints his or her

independence if he or she enters into an agreement with a client that indemnifies the

accountant against losses due to the accountant’s or client’s negligence. The following table

compares each organization’s current position on the matter:

Type of Indemnification Clause Independence Impaired?

SEC (1) AICPA (2)

Indemnity against accountant’s negligence Yes Yes

Indemnity against client making false misrepresentations Yes No

(1) Application of the Commissioner’s Rules on Auditor Independence Frequently Asked

Questions, Other Matters, Question 4 (SEC, Office of the Chief Accountant)

(2) AICPA Ethics Ruling No. 94.

Previously, the SEC ruled that an accountant’s independence would be impaired if he or she

enters into an agreement with an SEC client that indemnifies the accountant for either the

accountant’s or client’s negligence. The SEC’s reasoning is based on the argument that the

existence of an indemnity agreement may “easily lead to the use of less extensive or thorough

procedures that would otherwise be followed.”34

The AICPA has taken a different tact as noted in Ethics Ruling No. 94, Indemnification Clause

Engagement Letters. Specifically, in Ethics Ruling 94, the AICPA has concluded that a clause

in which the client indemnifies the auditor from any liability and costs resulting from knowing

misrepresentations by management does not impair auditor independence. However, an

indemnification of the auditor for client negligence or auditor negligence would impair

independence.

Current status

With myriad law suits against auditors and accountants, firms are becoming quite aggressive in

insisting on indemnification clauses in their engagement letters as a condition of performing

the engagement. In particular, with only four major accounting firms to perform the majority of

SEC audits, the Big 4 are forcing the indemnification issue. Their actions have trickled down

to regional and local firms that perform work primarily for non-SEC companies.

In response to the more active use of indemnification clauses, the Federal Financial Institutions

Examination Council (FFIEC) published a document entitled, Interagency Advisory on the

Unsafe and Unsound Use of Limitation of Liability Provisions and Certain Alternative Dispute

Resolution Provisions in External Audit Engagement Letter.

34

Application of the Commission’s Rules on Auditor Independence- Frequently Asked Questions, Other Matters


132

The FFIEC advisory was published in response to the use of indemnification clauses in

agreements with various financial institutions. In the Advisory, the FFIEC challenged the use

of such clauses stating that such clauses are unsafe and unsound. Further,

1. Agreements by financial institutions to limit external auditor liability may weaken the

external auditors’ objectivity, impartiality, and performance, thereby reducing the

ability to rely on external audits.

2. Entering into such indemnity agreements, in connection with either auditor or client

negligence, is an unsafe and unsound practice.

3. Financial institutions should be aware that their insurance policies may not cover them

if such clauses are included.

4. Financial institutions should be careful not to enter into agreements that mandate

Alternative Dispute Resolution (ADR) or waive jury trials.

In response to recent concerns that liability cap and indemnification clauses may impair

independence, the AICPA ethics division included in its Omnibus Proposal of Professional

Ethics Division Interpretations and Rulings, rules that would have defined those liability cap

provisions that would and would not impair independence. Subsequently, the AICPA withdrew

its Omnibus Proposal as it relates to indemnification clauses.

AICPA Ethics Interpretation No. 501-8, Failure to Follow Requirements of Governmental

Bodies, Commissions, Or Other Regulatory Agencies on Indemnification and Limitation of

Liability Provisions in Connection With Audit and Other Attest Services, further deals with this

issue.

Following is Ethics Interpretation 501-8:

Ethics Interpretation 501-8:

Certain governmental bodies, commissions, or other regulatory agencies (collectively, regulators)

have established requirements through laws, regulations, or published interpretations that prohibit

entities subject to their regulation (regulated entity) from including certain types of indemnification

and limitation of liability provisions in agreements for the performance of audit or other attest

services that are required by such regulators or that provide that the existence of such provisions

causes a member to be disqualified from providing such services to these entities. For example,

federal banking regulators, state insurance commissions, and the Securities and Exchange

Commission have established such requirements.

If a member enters into, or directs or knowingly permits another individual to enter into, a contract

for the performance of audit or other attest services that are subject to the requirements of these

regulators, the member should not include, or knowingly permit or direct another individual to

include, an indemnification or limitation of liability provision that would cause the regulated entity


133

or a member to be in violation of such requirements or that would cause a member to be disqualified

from providing such services to the regulated entity. A member who enters into, or directs or

knowingly permits another individual to enter into, such an agreement for the performance of audit

or other attest services that would cause the regulated entity or a member to be in violation of such

requirements, or that would cause a member to be disqualified from providing such services to the

regulated entity, would be considered to have committed an act discreditable to the profession.

Members should also consult Ethics Ruling No. 94, "Indemnification Clause in Engagement

Letters," of ET section 191, Ethics Rulings on Independence, Integrity, and Objectivity (AICPA,

Professional Standards, vol. 2, ET sec. 191 par. .188–.189) under Rule 101, Independence and

Ethics Ruling No. 102, "Indemnification of a Client," of ET section 191, Ethics Rulings on

Independence, Integrity, and Objectivity (AICPA, Professional Standards, vol. 2, ET sec. 191 par.

.204–.205) under Rule 101, Independence, for guidance related to use of indemnification clauses in

engagement letters and the impact on a member's independence.

What impact does Ethics Interpretation 501-8 have on the auditor?

Ethics Interpretation 501-8 states that an indemnification and/or limited liability clause may

not be used if it is prohibited by applicable law or regulation, or violates ethics rulings. Thus,

if use of such a clause violates the rules of a regulated entity that would result in the auditor

being disqualified from providing the services to that regulated entity, the indemnification

clause would be prohibited.

This result does not impact the use of certain indemnification clauses for a non-regulated entity

such as a traditional manufacturing or distribution entity. In such a case, use of the

indemnification clause would be subject to AICPA Ethics Ruling 94 which is addressed above.

If an entity is non-public, and not subject to SEC or any other regulatory rulings, an indemnity

clause that protects the auditor against known misrepresentations by management does not

impair independence.

Examples of clauses and comments: Assume the client is a nonpublic, non-

regulated entity.

1. Auditor Indemnified Against Claims Based on Knowing Misrepresentations by

Audit Client’s Management:

Company X hereby indemnifies Joe Auditor, his partners, principals and employees

and holds them harmless from all claims, liabilities, losses and costs arising in

circumstances where there was a misrepresentation by the audit client’s

management, regardless of whether such person was acting in Company X’s

interests.

Conclusion: Would not impair independence as it indemnifies auditor against all claims due to

client’s knowing misrepresentation.

http://www.aicpa.org/about/code/et_191.html#et_191.188




134

What if the clause indemnifies the auditor for claims based on the auditor’s negligence?

Example:

Company X hereby indemnifies Joe Auditor, his partners, principals, and employees,

and holds them harmless from all claims, whether a claim be in tort, contract, or

otherwise, from any damages relating to services provided under this engagement

letter, or

Company X hereby indemnifies Joe Auditor, his partners, principals, and employees,

and holds them harmless from all claims, whether a claim be in tort, contract, or

otherwise, for any damages relating to services provided under this engagement

letter, except to the extent finally determined to have resulted from the gross

negligence, willful misconduct or fraudulent behavior of Joe Auditor related to such

service.

Conclusion: The above clause would impair independence because it indemnifies the auditor

against all claims based on auditor’s negligence.

Observation: By indemnifying the auditor for client misrepresentations, there is a significant

deterrent to management committing fraud as it shifts to the client the responsibility for

making proper representations to the auditor. This type of clause encourages management to

completely and accurately disclose and communicate all pertinent matters to the auditor.

The SEC has been quite clear that when an accountant who enters into “an agreement of

indemnity which seeks to provide the accountant immunity from liability for his or her own

negligent acts… the accountant is not independent.”35

If ethics permitted such an

indemnification clause, an auditor would be encouraged to perform sub-par work knowing he

or she had an insurance policy in the indemnification clause.

Will limited liability be successful in the United States?

With the current movement in the United States to limit liability claims against the medical

field, caps on claims against auditors could be coming, particularly in light of the significant

claims that are likely to be brought against auditors in the next few years after the financial

markets meltdown.

35

SEC, Office of the Chief Accountant, Application of the Commission’s Rules on Auditor Independence Frequently

Asked Questions, Other Matters- Question 4.


135

U. S. Chamber of Commerce Proposal- Auditor Liability Limitations

“None of us regulators has a clue what to do if one of the Big Four

failed…. If one of the Big Four were to collapse, the best accountants

could choose to quit the profession.”

William McDonough, former chair of PCAOB

The U. S. Chamber of Commerce came to the rescue of auditors by publishing a report that

proposed limiting auditor liability. In its policy paper entitled, Auditing: A Profession at Risk,

the Chamber developed a framework to ensure long-term viability of the auditing profession,

outlined in a three-point plan that:

1. Assists the profession in becoming insurable

2. Clarifies PCAOB standards, including those related to internal control audits, and

3. Supports expansion and competition of the Big 4 firms.

Conclusions published in the Report follow:

a. Sarbanes-Oxley has greatly increased the role of auditing in public companies.

b. The pressure for auditors to do more when conducting audits means that the auditor-client

relationship is becoming more involved and continuous, with much more frequent

interactions, rather than simply holding periodic discussions.

c. The auditing profession faces a number of significant legal challenges:

1. Auditors continue to be the target of a difficult litigation and regulatory enforcement

environment.

Business losses by a client can result in lawsuits.

A single indictment, even without a conviction, can result in the destruction of

thousands of jobs, such as in the case with Arthur Andersen.

Over-litigation and unfair enforcement are so dire that the profession is essentially

uninsurable.

Because of the personal financial risk of being an auditor, it is becoming

increasingly difficult to attract and retain high-quality personnel to the profession.

Audit firms feel they are caught in the middle between the demands of regulators,

law enforcement, the plaintiff’s bar, and their clients.


136

2. The process of developing and interpreting accounting principles remains in flux as

business transactions become more complex.

There remains significant misunderstanding about the meaning and nature of

accounting principles which can translate into significant litigation risk.

Changes of one or two cents per share may drive a litigation claim even though such

changes indicate nothing about the financial health of the company’s underlying

business.

3. The Profession is severely contracted, with only four major accounting firms serving a

large majority of the listed and actively traded public companies in the United States.

Any further contraction in the accounting industry would present a major challenge

to the viability of the profession.

Recommendations made by the Chamber of Commerce:

In its Report, the Chamber of Commerce recommended that the following actions be taken to

save the audit profession.

1. Help the profession become insurable

a. Better define auditor procedures and responsibility for fraud detection and limit the

auditor’s responsibility to it.

Develop a safe harbor standard for fraud detection that clearly defines the nature

and extent of procedures an auditing firm must perform to detect fraud.

The safe harbor would be developed and approved by both the PCAOB (for public

companies) and the ASB for nonpublic entities.

Firms that performed under the safe harbor would be protected against legal liability.

b. Create an Alternative Dispute Resolution (ADR) system for dispute about audits.

Juries and non-expert judges cannot properly evaluate arcane accounting judgments

and auditing methodologies.

A specialized accounting court could also be considered as part of the ADR system.

c. Permit parties to agree to ADR and reasonable limits on litigation.

The SEC and banking regulators need to accept the ability of auditors and their

clients to agree to limitations on damages and indemnification provisions.


137

d. Regulate threats of indictment against audit firms.

The inappropriate indictment of Andersen led directly to the loss of 28,000 jobs in

the United States and more than 80,000 worldwide, even though the indictment was

subsequently withdrawn.

Criminal indictments should be made against the individuals involved in the

purported crime and not the firm as a whole.

Individuals within the firm who had no knowledge of the criminal activity should

not be punished.

Congress needs to reign in the Justice Department and other regulatory authorities

and establish clear rules under which firms may be criminally indicted.

Firms need a chance to be heard before indictments are issued.

2. Clarify PCAOB standards

a. The PCAOB has created the environment for overauditing and has the responsibility to

clarify its standards and provide safe harbors for auditors allowing them some measure

of predictability and freedom from being second guessed.

Example: Previously, the PCAOB issues PCAOB Standard No. 2 (as superseded by

PCAOB Standard No. 5), as the primary implementation standard for Section 404 of

Sarbanes. PCAOB Standard No. 2 was considered too broad, and principles-based.

PCAOB Standard No. 2 also used broad terms as “significant” and “relevant” which

needed more explanation. Consequently, auditors were “overauditing” their clients.

Ultimately, the PCAOB issued PCAOB Standard No. 5, which superseded PCAOB No.

2 and simplified and clarified the requirements for auditors to deal with Section 404 of

Sarbanes Oxley.

3. Support expansion and competition among top-tier firms

a. The SEC should reexamine regulations that prohibit the Big Four firms from competing

for audit assignments when they have performed disqualifying services in prior years.

b. Remove nonmarket barriers that impede competition with the Big Four.

The SEC and PCAOB, among others, should support policies that help the entire

profession become insurable since risk management is a huge barrier to growth for

any firm seeking to audit public company clients.


138

Clarify and streamline the accounting standards to make it less expensive for firms

to stay current with the latest pronouncements.

The FASB needs to address the problem of infinite complication in accounting rules,

which makes it almost impossible for even the most knowledgeable and well-

intentioned accountants to keep up.

SEC needs to include non-Big Four firms in the GAAP debate.

All parties should encourage public companies to consider high-quality firms outside

the Big Four by encouraging Wall Street underwriters and the investing public to

accept other choices such as those in the second-tier of national or regional firms.

Can there ever be a Big Five accounting firm?

Although the Chamber of Commerce report has merit, the third recommendation, of creating

competition to expand the Big Four, is least likely to happen. Two reports reach the same

conclusion; that is, it is virtually impossible to create a fifth national firm the size of the Big

Four.

In a GAO report published entitled, Continued Concentration in Audit Market for Large Public

Companies Does Not Call for Immediate Action (the Report).

The Report reached several conclusions as to the concentration of the Big Four firms and

whether action should be taken to increase concentration among them.

1. The Big Four audit more than 98 percent of all U. S. public companies with more than

$1 billion of sales.

Midsize and smaller firms audit approximately 80 percent of the smallest public

companies with sales of less than $100 million.

2. Internationally, the Big 4 dominate the market for audit services.

3. Only 40 percent of large companies noted that the number of accounting firms from

which they could choose was adequate.

In contrast, 75 percent of the smallest public companies stated their number of audit

choices was sufficient.

4. 90 percent of large public companies would not use a non Big Four firm. Reasons

noted included:

There is lack of capacity for non Big-Four firms to perform the audit.


139

Selecting a Big Four auditor is a prudent and safe move.

There is a reputational requirement of using the Big Four by shareholders, banks,

lenders, and underwriters

5. More than 70 percent of midsize and smaller accounting firms have no interest in

obtaining large public company audits.

6. There is no evidence that the market concentration among the Big Four has any

bearing on the significant increase in audit fees in the post-Sarbanes era: Other factors

were noted as causing the increase in fees including:

Increased complexity of accounting and financial reporting standards that has driven

a greater need for technical expertise.

Additional auditing standards that have increased the amount of work required

Additional work required to prepare for PCAOB inspections.

Additional work to comply with Sarbanes-Oxley and Section 404 requirements.

7. Because of the barriers to entry, market forces are not likely to result in the expansion of

the current Big 4. Smaller accounting firms face significant barriers to entry into the

audit market for large multinational public companies for several reasons including:

Smaller firms generally lack the staff, technical expertise, and global reach to audit

large and complex national and multinational public companies.

The Big 4 had more than five times as many partners and over seven times as many

staff as the average for the next four largest firms.

Big Four

Next four

largest firms (1)

Partners 8,487 1,588

Professional staff 79,607 11,403

Offices 354 227

Public company clients 5677 919

(1): McGladrey and Pullen, Grant Thornton, BDO Seidman, and Crowe Chizek.

Source: GAO Report

8. The results of a further concentration in the Big Four (down to Big Three) would

significantly increase the concentration in the audit market. The Report cited several

risks that could result in a loss of a Big Four firm including:


140

A sizeable civil litigation claim in excess of insurance coverage

Criminal prosecution, such as in the case of Arthur Andersen

A merger of two of the Big Four firms

What would happen if a Big Four firm goes under?

In the report entitled The Future of the Accounting Profession: Auditor Concentration,

participants were asked to assess the risks of reducing the Big Four to the Big Three due to the

potential loss of one of the Big Four firms.

1. There was significant concern about the potential loss of another Big Four Firm.

The current degree of concentration raises the specter that the collapse of the Big

Four firm would be a threat to the continued existence of the profession.

An environment with only three firms would be too small to maintain audit quality

and independence, and would call into question the viability of the survivors.

2. The consequences of losing another member of the Big Four to civil or criminal

litigation could potentially include the end of the public company audit profession and

the takeover of that function by the Government.

Government taking over the audit process would lead to qualified professionals

leaving the profession.

3. The greatest risk to the Big Four is the omnipresent threat of litigation and regulators

must take immediate steps to address it:

Because the current pattern of litigation involves huge claims (e.g., one Big Four

that faced a damages claim of $12.4 billion), firms cannot take the risk of bringing

the case to trial.

The real problem with litigation is that it increases transaction costs and results in

difficult and complex accounting issues being presented to unsophisticated juries.

The tempo of litigation against accountants has picked up substantially with each of

the Big Four having significant claims in excess of capital.

There is widespread agreement that the profession in the United States needs to

move away from what is called a rules-based system to a principles-based one,

which will lead to greater litigation against auditors.


141

Investors today are suing companies and their auditors for earnings downturns on a

regular basis.

Audit partners are leaving the profession in fear of losing their personal assets.

4. There is a profound disconnect between investors’ expectations and what an audit can

actually accomplish, and the profession must reconcile the disconnect.

It is impossible for auditors to identify all problems, fraud, or account for all

contingencies in the audited financial statements.

Although auditors convey their limitations to audit committees and boards, they fail

to communicate to the public thereby resulting in the expectation gap.

5. The Big Four are unable to obtain a comprehensive catastrophic risk insurance policy,

thereby requiring them to self insure.

Because of the limitations on obtaining comprehensive insurance, the current LLP

legal structure may not provide the Big Four with enough legal protection.

How bad are the litigation claims?

In 1995, Congress passed the Private Securities Litigation Reform Act of 1995 (the Act). The

Act was designed to curb previous abusive securities litigation, and provides requirements for

companies and their auditors involved in securities including rules for:

1. Dealing with forward-looking statements including a safe harbor provision

2. Filing complaints for securities fraud including class action claims

3. An approach for quantifying damages under a litigation claim, including determining

proportionate liability

4. Mandatory sanction provision, and

5. Specific requirements for outside auditors including procedures designed to provide

reasonable assurance of detecting illegal acts that would have a material effect on the

financial statements, identify related party transactions, and evaluating going concern.

In March 2012, a report published by Cornerstone Research noted the dollar level of securities

class action settlements (exclusive of Enron and WorldCom settlements) reached a record level

of $18.2 billion in 2006, then leveled off with steady declines in 2007 and 2008. In 2009

through 2011, settlements fell sharply to 2011’s level which was the lowest number of

settlements in ten years.


142

On average, GAAP violations were alleged in 45% of the settled cases in 2011 as compared

with approximately 70% of the settled cases in 2010 and prior years.

A summary of claims noted in the report are follows:

Year

Total

settlements

(millions)

Number

of cases

Average

settlement

(millions)

Average

estimated

damages

claimed

(millions)

# cases

settled

in excess of

$1 Billion

Settlements

as % of

estimated

damages

2011 $1,362 65 $21.0 $2,033 0% 1.0%

2010 $3,116 86 36.3 2.731 0% 1.3%

2009 3,793 101 37.2 2,270 0% 1.6%

2008 $2,798 97 $31.2 2,062 20% 1.5%

2007 7,600 (3) 108 62.7 3,064 25% 2.5%

2006 18,603 (2) 90 105.0 8,382 35% 1.3%

2005 10,182 (1) 119 28.5 2,783 31% 1.0%

2004 3,626 110 21.1 2,843 28% .07%

2003 2.,693 94 22.2 2,271 18% 1.0%

2002 3,008 111 24.7 1,266 17% 2.0%

(1) Includes $12.7 million of claims from WorldCom and Enron.

(2) Includes a $7.1 million settlement from Enron in 2006.

(3) Includes Tyco settlement.

Source: Securities Class Action Settlements: 2011 Review and Analysis, (Cornerstone

Research, March 2012)

A summary of the conclusions reached from the Report follow:

1. Claims against auditors were included in 10% of all securities action cases in 2011, as

compared with approximately 30% of cases in 2010 and earlier years. Cases where the

accountant was named as a defendant continue to settle for the highest percentage of

estimated damages where there were accounting allegations.

a. The median settlement as a percentage of estimated damages increased from 3.1% of

the original claim amount (without an auditor being named), to 4.3% when the auditor

was named as a co-defendant because accountants settle their cases for risk that a loss

of one sizeable case could result in the demise of the accounting firm.

2. The average settlement has declined to $21 million in 2011 from an average high of $105

million in 2006.

a. The inventory of cases waiting to be settled has depleted and awaits the next batch of

suits to come from the Wall Street meltdown.

b. Four significant settlements in excess of $1 billion distorted the average in 2006.

Without those four settlements, the 2006 average was $45 million.


143

3. Although there was a decline in 2008, plaintiffs continue to make high damages claims

against companies and their auditors with the average estimated damages claim being

$2.033 billion in 2011.

4. Although the ultimate settlement is only 1% to 3% of the total estimated damages claims

(1.0% in 2011), the estimated damages are so high that companies and their auditors are

coerced to settle or risk a sizeable loss putting them out of business.

5. The number of large settlements at more than $1 billion declined to zero in 2009 through

2011, down from 20% in 2008 and 35% in 2006.

6. Settlements are higher when the following factors exist:

High estimated damages

Higher defendant asset size

There has been a restatement or corresponding SEC action

An accountant is named as a co-defendant

An underwriter is named as co-defendant

There is a corresponding derivative action

An institution is a lead plaintiff

There is a restatement of financial statements

There is a derivative involved in the claim

Amount of reported assets of defendant

There is also an SEC action against the defendant

A public pension fund is the plaintiff

7. Restatement of financial statements significantly increases the settlement amount as a

percentage of the damages claim. In 2011, the settled claim as a percentage of the actual

claim increased to 3.9% from 3.0% without a restatement.

8. Top cited accounting issues in lawsuits include:

Estimates

Overstated assets

Understated liabilities and expenses

Revenue recognition

Lawsuits in 2012 and beyond

In 2012, a report was published that compared the number of securities class action filings (not

settlements) in 2011 versus prior years.36

Interestingly, the number of federal securities fraud

36

Securities Class Action Filings, 2011: A Year in Review (Cornerstone Research, 2012).


144

class action suits filed declined to 169 in 2009, 176 in 2010, and 188 in 2011, as compared

with 223 in 2008. Understand that the number of cases filed does not necessarily line up with

the number of cases settled in a given year because of the many years required to litigate and

settle such cases. Nevertheless, the fact that the number of cases filed in 2009 through 2011

declined means there are fewer cases in the pipeline that will ultimately lead to few settlements

being made.

On average, 3.2 percent of S&P 500 companies were defenders in class action cases in 2011,

representing 5.1 percent of the total market capitalization of the S&P 500.

The decline in the number of filings in 2009 through 2011 was based on a parallel decline in

the market volatility for stock prices during both years. Moreover, the relatively low number

of 2009 through 2011 filings was further evidence by the fact that some of the 2009 filings

were due to non-traditional stock volatility claims such as those related to Ponzi schemes and

mortgage-backed securities frauds. Those same non-traditional stock volatility claims that

existed in 2009 were not as evidence in 2010 and 2011.

Another issue that is on the horizon involves TARP-funded companies and the impact on

lawsuits against these companies. Because the taxpayer is an owner of certain TARP-funded

companies, some of the settlements from future lawsuits against such TARP-funded companies

may drive an interesting public policy issue; that is, what happens to the securities litigation

claim amounts when the taxpayers are required to fund huge settlements against TARP

companies?

Because many of the upcoming lawsuits will include the auditors as defendants, the amount of

damages claimed and settlements are likely to be enormous in cases such as AIG, Lehman

Brothers and Bear Stearns, to name a few. Query whether any of the Big Four firms can

absorb one gargantuan claim against them and still survive as a going concern.

The unknown impact of the Lehman Brothers bankruptcy

In March 2010, an exhaustive, nine-volume report37

was issued in connection with the U.S.

bankruptcy case involving Lehman Brothers Holdings, LLC (Lehman).

In this report, the examiner reached conclusions as to the culpability of Ernst & Young in

committing malpractice in the Lehman case. The report was a prelude to sizeable litigation and

fraud claims against E&Y.

Specifically, the examiner concluded there is sufficient evidence to support colorable claims

against Ernst & Young, LLC for professional malpractice arising from E&Y’s failure to follow

professional standards of care with respect to communications with Lehman’s Audit

Committee, investigation of a whistleblower claim, and audits and reviews of Lehman’s public

37

Report of Anton R. Valukas, Jenner & Block, LLP, Examiner, United States Bankruptcy Court Southern District of

New York (Lehman Brothers Holdings, LLC, et al, Debtors) Chapter 11 Case No. 08-13555.


145

filings. The communications involved Lehman’s use of the so-called “Repo 105” approach to

value securities inventory on its balance sheet.

In December 2010, New York State filed a lawsuit against Ernst & Young, alleging the firm

assisted Lehman Brothers in a “massive accounting fraud.”

The complaint against E&Y includes fraud charges, based on allegations that E&Y approved

Lehman’s use of Repo 105 to value its securities, and that E&Y ignored whistleblowers who

voiced concern over use of Repo 105.

This case will take years to sort out and billions of dollars of litigation claims to come.

Limited liability in the U.K.

To date, attempts by auditors to limit liability or to assert shared liability with the client have

not been successful.

The U.K. has dealt with the auditor liability issue under the Companies Act of 2006 which

provides that companies can agree to limit auditor liability through an agreement that is

authorized by the shareholders and that waives liability only for any claim amount that is in

excess of what is “fair and reasonable.”

For U.K. companies that are also registered in the U.S. stock exchange, such limited liability

agreements require approval from the SEC, which has not been granted. Auditors of U.S.

companies have had no success getting any limited liability agreements accepted by the SEC.

Interestingly, another issue in the U.K. has been getting directors and their shareholders to sign

a limited liability agreement with the auditors. Directors have been reluctant to sign such an

agreement in fear that they will commit negligence and getting shareholders to sign such an

agreement has proven to be difficult. To date, not one major public company in the U.K. has

signed a limited liability agreement.

Is Congress adding to auditor’s risk?

It appears to be an uphill battle for auditors of public companies. Although the number of

class-action claims made in 2009 through 2011, declined by approximately 24 percent from the

2008 level, current regulatory and legislative reform may drive securities class-action claims

upward again, and with that move will be more lawsuits filed against auditors.

One bill introduced by the Senate Banking Committee would have expanded liability beyond

the company to the company’s auditors, suppliers, and banks, among others.

Specifically, the proposed bill entitled, Investors Rights and Corporate Accountability Act of

2009 (S 2813), would have amended the Securities Exchange Act of 1934 and the Investment

Advisers Act of 1940 to expand liability to any person involved in aiding and abetting in


146

providing substantial assistance to another person with reckless disregard for whether the

substantial assistance is in violation of either Act. Recently, the bill was removed from the

docket and will not be passed by Congress. Nevertheless, one has to question whether

additional bills will be proposed that have as their core, expanded liability for accountants and

auditors.

Observation: Questions continue to rise as to whether an audit report is meaningful in today’s

financial environment. After all, most investors have looked at audited financial statements as

nothing more than an insurance policy under which they would have a deep-pocketed

international accounting firm to sue in the event of stock loss. Given the size of today’s

litigation claims as compared with the net worth of any one of the Big Four, is that insurance

policy really sufficient to fund one sizeable litigation claim? Although any one of the Big Four

should be able to fund a $500 million claim, there is a question as to whether any firm could

absorb a claim beyond that amount and still remain viable. If there are multiple lawsuits, that

maximum amount has to be shared among plaintiffs.

V. The Viability of the Big Four

Since the demise of Arthur Andersen, there have been numerous reports and recommendations

issued to address the Big Four and what many consider to be a risky and unhealthy

concentration among these four accounting firms.

The Big Four, along with two second-tier firms issued a report entitled, Serving Global Capital

Markets and the Global Economy.

The Report is written with a focus on changes to global financial reporting and public company

audit procedures that need to adapt to those changes.

Recommendations made by the Report include:

a. The world’s accounting and auditing standards must be harmonized and based on a

principles-based system rather than a rules-based one.

The World’s financial transactions are far too complex to account for under a rules-

based system.

If there is a convergence toward one set of Global standards, that set should be very

close to those principles-based standards dictated by the International Financial

Reporting Standards (IFRS).

b. Auditing standards should be established at the international level in lieu of the PCAOB.


147

One set of global auditing standards would provide global markets and other

stakeholders the same quality of audits regardless of where they are conducted.

c. There should be one set of global enforcement and governing rules for auditors including

those related to independence.

d. Address the expectation gap regarding fraud detection.

There are inherent limits as to what fraud auditors can reasonably uncover in and audit

yet many investors, policy makers and the media believe that the auditor’s main

function is to detect all fraud. When fraud materializes and the auditor did not find it,

the auditors are presumed to be at fault.

There needs to be a constructive dialogue among investors, other stakeholders, policy

makers and auditors as to what can be done to both narrow the expectation gap and

enhance fraud detection. Ideas for fraud detection include:

1) Subject all public companies to a forensic audit on a regular basis (e.g., every three

or five years) and/or on a random basis.

2) Let shareholders decide the intensity of the fraud detection effort they want their

auditors to perform.

e. Enable networks to integrate further to strengthen audit quality.

The quality of the audit may be enhanced if the Big Four were able to be structured as

one single global operation instead of a network of segments of the firm.

The current environment limits an audit firm ownership in some countries which require all

owners or partners of the firm conducting audits in a jurisdiction to be licensed to practice in

that jurisdiction.

Some countries, including the United States, discourage national firms and their

partners or members from being part of a single legal enterprise.

f. Address the concentration in the audit profession.

The global enforcement markets recognize that the loss of another major audit firm

would have a significant impact on the capital markets.

In order for there to be alternatives to the Big Four, the market must lower the risks

within the profession so that networks will make the investment needed to serve the

very largest of companies.


148

Enforcement authorities must focus penalties for any auditor wrongdoing or negligence

on those directly implicated in such activities, rather than on the entire firm that

employs them.

There needs to be liability reform that limits audit firms’ exposure to liability so that all

firms, even smaller ones, would be willing to take on larger company audit assignments.

The national governments need to relax the non-attest services performance restrictions

for auditors so that there is a greater choice of auditors.

g. Change the financial reporting model.

A new financial reporting model should be driven by the wants of investors and other

users of the financial information.

Securities regulations should be changed so that financial and non-financial information

is reported in real-time over the Internet.

Information should be forward-looking even though it may be historical in fact.

Non-financial drivers should include disclosure of measures that include customer

satisfaction, product or service defects and awards, and employee satisfaction.

h. The audit industry should be permitted to offer consulting and tax advice to their audit

clients so that those firms can attract and retain individuals with the necessary skills and

talent to service the profession.

Observation: The markets have looked upon the Big Four report with mixed views. Some

commentators consider the suggestions to be self-serving that will result in expanded future

business for the national firms. Others consider the report to be forward looking and an

essential basis for reinventing the accounting profession.

Report of the Advisory Committee on the Auditing Profession to the U. S. Department

of the Treasury

In 2008, the U. S. Department of Treasury established an Advisory Committee on the Auditing

Profession to deal with the various issues facing firms that audit public companies including

the condition, sustainability and future of the auditing profession in light of the fact that the

Big Four audit 98 percent of all public companies.

In September 2008, a report entitled Report of the Advisory Committee on the Auditing

Profession to the U. S. Department of the Treasury, was issued by an Advisory Committee, the

purpose of which is to provide recommendations to enhance the sustainability of a strong

public company auditing profession.


149

The Report makes the following observations:

a. Litigation-related expenses are a significant component of auditing firms’ cost structures

but are not at a level that significantly affects their ability to recruit talent or grow their

practices.

b. Audits of large public companies are concentrated among a limited number of auditing

firms and the largest of these firms are not able to use third-party insurance in a cost-

effective manner to manage their litigation costs.

c. The largest U. S. public companies have enormous market capitalization so that if a large

cap company were to become insolvent or suffer a significant decline in value, such a

market loss would often exceed the total capital of the auditing firm.

d. Auditing firms often feel pressure to settle mega or catastrophic claims even if they believe

they have meritorious defenses due to the risk that a loss could threaten the firm’s survival.

e. Auditing firms are also at risk for other claims against them including criminal indictment

that could threaten survival.

The Report recommends the following changes be made, among many others noted with the

Report:

1. Large auditing firms should issue audited financial statements to the PCAOB and should

have audit committees.

2. There should be a move toward a national professional liability regime for public

company auditing firms.

Auditing firms that are faced with litigation claims that threaten their survival should

have reasonable opportunity to litigate and appeal such matters.

3. Congress should consider the creation of a federally chartered audit firm structure that

would include limits on liability for audits of public companies, mandatory public reporting

of audited financial statements, and required capitalization levels, among other

requirements.

4. Because of the risk of loss of any of the Big Four firms, the PCAOB should monitor auditor

conduct that might present a risk to sustainability of any of the Big Four auditing firms.

Observation: From the tone of the Report, it appears that in order for the Big Four to get

some form of limited liability protection from claims; those firms will have to provide greater

transparency in terms of the firms’ operations and profitability. Query whether that is an

acceptable tradeoff.


150

The current risky environment for the Big Four

One report indicates that the six largest auditing firms (the Big 4 plus Grant Thornton and

BDO Seidman) are defendants in ninety private actions related to audits of both public and

private companies (either shareholder class actions or actions brought by companies or

bankruptcy trustees) with damage claims against the auditors in each case in excess of $100

million.38

Forty-one of the ninety cases seek damages in excess of $500 million.

Twenty-seven cases seek damages in excess of $1 billion, and

Seven cases seek damages over $10 billion.

In looking at the high percentage of claims that exceed $1 billion, the Big Four are one large

lawsuit away from becoming the Big Three, or Big Two. The highly aggressive litigious

environment coupled with a lack of liability caps on lawsuits, exposes any one of the Big Four

to the risk that a huge litigation claim puts them out of business.

In a January 2010 letter to the International Organization of Securities Commissions, Grant

Thornton stated that the current audit market is unsustainable and that new rules must be

created to develop greater competition. In its letter, Grant Thornton noted that in the event of

the demise of any one of the Big Four, 20 percent of the 7,200 largest businesses in the G20

would be left without an auditor.39

In general, it is unlikely that any one of the Big Four could sustain a litigation claim in the $1-2

billion range.

The latest example of a single lawsuit that can bring down one of the Big Four is the series of

lawsuits that have been filed against several of the Big Four and other CPA firms involved in

the Madoff scandal. Previously in this course, the auditor discussed the litigation that continues

against many of the auditors of the feeder funds that invested in Madoff’s funds.

In general, each of these lawsuits was filed by feeder funds that were audited by the Big Four

and that had money invested with Madoff.

For example:

KPMG was sued for $3.3 billion by Tremont Group, a feeder fund invested with

Madoff.

PWC’s United States, Bermuda, and U.K. arms are being sued by parties in connection

with Fairfield Sentry, a feeder fund that had $7.2 billion of assets invested with Madoff.

38

Treasury Advisory Committee on the Auditing Profession, Final Report 39

January 2010 letter: Grant Thornton as published in accountancyage.com.


151

Ernst & Young is being sued in Luxembourg by a group of investors involved in the

LuxAlpha Fund that once had $1.4 billion invested with Madoff.

At the heart of most of these lawsuits is whether the auditor for the feeder fund had a

responsibility to audit and verify the existence of the fund’s assets invested with Madoff. None

of the Big Four were Madoff’s auditors.

In the PWC case, the plaintiffs alleged that PWC did meet with Madoff and accepted his

assertions about the existence of funds without verifying the existence of the funds. PWC

alleges that it had no responsibility to audit the underlying fund assets held by Madoff given

the fact that PWC was not Madoff’s auditor.

The plaintiffs also observed that PWC did nothing to investigate the credentials of the small

audit firm, Friehling & Horowitz, that audited the Madoff funds.

Given the size of the lawsuits against the Big Four in the Madoff scandal, most, if not all of

them will be settled as the Big Four cannot take the risk of losing any one of these multi-billion

dollar claims.

The allegations made that the feeder fund auditor must look through and audit the underlying

assets of the core fund (Madoff in this case) could have chilling effects on how investment

funds get audited. Many auditors of feeder funds may be reluctant to audit the feeder fund

unless they are also auditing the core investment fund.

VI. PCAOB’s Auditor Rotation Proposal

Should auditors of SEC companies be required to rotate?

This issue has been discussed for years leading to the Public Company Oversight Board

(PCAOB) using a concept release on August 16, 2011 that seeks public comment on

mandatory audit firm rotation and other ways in which auditor independence, objectivity, and

professional skepticism could be improved.

The Release noted the following observations by the PCAOB:

1. In response to the financial scandals at Enron, WorldCom and others, the Sarbanes-Oxley

Act (the "Act") included a number of significant provisions designed to bolster the auditor's

independence from the company under audit.

a. Congress established independent oversight of the auditing profession by the PCAOB

for audits of issuers.


152

b. Sarbanes puts the audit committee, rather than management, in charge of hiring the

auditor and overseeing the engagement.

c. Sarbanes prohibits auditors from providing certain nonaudit services to clients and

imposes mandatory audit partner rotation.

2. Since its creation, the PCAOB has conducted hundreds of inspections of registered public

accounting firms each year. Based on this insight, the Board believes that the reforms in

Sarbanes have made a significant, positive difference in the quality of public company

auditing.

3. The PCAOB continues to find instances in which it appears that auditors did not approach

some aspect of the audit with the required independence, objectivity and professional

skepticism. The Board addresses audit failures on a case-by-case basis through its

inspection and enforcement programs.

4. The PCAOB is considering whether other approaches could foster a more fundamental shift

in the way the auditor views its relationship with its audit client. One possible approach

that might promote such a shift is mandatory audit firm rotation, which has been

considered at various times since the 1970s.

The Concept Release asks a series of questions regarding mandatory auditor rotation including:

a. Would audit firm rotation enhance auditor independence, objectivity and professional

skepticism?

b. What are the advantages and disadvantages of mandatory audit firm rotation?

c. Because there appears to be little or no relevant empirical data directly on mandatory

rotation available, should the Board conduct a pilot program?

d. What effect would a rotation requirement have on audit costs?

Note: According to a previously issued GAO Report, large firms estimated that a rotation

requirement would increase initial year audit costs by more than 20 percent.

e. Are there alternatives to mandatory rotation that the Board should consider that would

meaningfully enhance auditor independence, objectivity and professional skepticism?

f. If the Board determined to move forward with development of a rotation proposal, what

would be an appropriate term length?

g. Should different term lengths for different kinds of engagements be considered? If so, what

characteristics, such as client size or industry, should this differentiation be based on?


153

h. To what extent would a rotation requirement limit a company's choice of an auditor?

In response to a requirement of Sarbanes Oxley, the GAO did a study and issued a report,

Mandatory Audit Firm Rotation Study, based on a survey of larger auditing firms and Fortune

1000 companies.

In the Study, respondents made the following comments and suggestions regarding mandatory

auditor rotation.

54% stated that initially, a new auditor would have less knowledge of a client’s

operations and financial reporting practices.

93% stated that initially, the new auditor is likely to have greater risk of there being a

material misstatement.

Estimated initial-year audit costs would increase by more than 20%.

The PCAOB will be holding public roundtables on the concept release in 2012.

Europe takes action in auditor rotation

While the PCAOB considered auditor rotation in the U.S., Europe is following a similar path.

In particular, the European Commission has proposed regulations that would, if approved,

trigger major changes in the relationships between European public companies and their

auditors.

Currently, the Big Four audit approximately 85% of the top European public companies.

The changes would do the following:

Limit to six years the period that an outside auditing firm can perform audits for a

company. A cooling-off period of four years would be imposed before a firm could

audit again for the same client. Companies that opt for a voluntary joint audit would be

allowed a nine-year window.

Prohibit audit firms from providing nonaudit consultancy services to their audit clients,

and require large audit firms to separate audit activities from nonaudit activities.

Create a single market for statutory audits by introducing a European passport for the

audit profession, allowing firms to provide services across the European Union.

Require public-interest entities (public companies) to have an “open and transparent

tender procedure” when picking a new auditor.


154

One key difference between the present rules for U.S. and European companies is that auditors

of European companies are allowed to provide consulting services (nonattest services) to a

public company that they also audit, while the U.S. prohibits that action under Sarbanes-Oxley

Act of 2002.

The European proposal would dramatically change the mixing of nonattest and attest services

by auditors by requiring European auditors to separate their audit and nonaudit activities.

Moreover, just like the proposal in the U.S., the European proposal has received claims that it

will increase audit fees and enhance risk of material misstatement in the early years of a new

auditor.


155

REVIEW QUESTIONS









1. In “Auditing: A Profession at Risk,” which of the following recommendations was not

made by Chamber of Commerce to save the audit profession:

a. Expand accounting rules and move toward a principles-based system

b. Better define auditor procedures and responsibility for fraud detection

c. Create an alternative dispute resolution system

d. Explain Section 404 of Sarbanes-Oxley

2. According to the report, The Future of the Accounting Profession: Auditor Concentration,

which of the following is not a factor contributing to the threat of litigation against Big

Four auditors:

a. Firms cannot take the risk of bringing a case to trial

b. The increase in transaction costs with litigation

c. Audit fees are not commensurate with the risk

d. Investors are suing companies and their auditors for earnings downturns

3. Cornerstone Research reported that settlements are higher when which factor exists:

a. Lower defendant asset size

b. There has been no restatement

c. A corresponding derivative action has been taken

d. There is no co-defendant

4. Which recommendation was made in the Big Four report, Serving Global Capital Markets

and the Global Economy:

a. The PCAOB should establish auditing standards

b. International standards should determine the effort level that auditors should expend in

detecting fraud

c. The Big Four should be able to work together further to strengthen audit quality

d. The world’s accounting and auditing standards should be rules-based


156

SUGGESTED SOLUTIONS

1. In “Auditing: A Profession at Risk,” which of the following recommendations was not

made by Chamber of Commerce to save the audit profession:

a. Correct. The Chamber of Commerce made a recommendation that the FASB

needs to address the problem of infinite complication in accounting rules, which

makes it almost impossible for even the most knowledgeable and well-intentioned

accountants to keep up. Nothing was mentioned about a principles-based system.

b. Incorrect. The Chamber of Commerce did recommend that, to help the profession

become insurable, auditor procedures and responsibility for fraud detection should be

better defined and the auditor’s responsibility to it should be limited.

c. Incorrect. The Chamber of Commerce did recommend that an alternative dispute

resolution system should be created for dispute about audits to avoid litigation.

d. Incorrect. The Chamber of Commerce did recommend that PCAOB standards be

clarified. Section 404 of Sarbanes-Oxley needed better explanation to save auditors

from “overauditing” due to vague, nebulous guidance.

2. According to the report, The Future of the Accounting Profession: Auditor Concentration,

which of the following is not a factor contributing to the threat of litigation against Big

Four auditors:

a. Incorrect. One major problem with the Big Four going to trial is that they cannot take

the risk that they lose, resulting in the demise of the firm. Thus the answer is correct.

b. Incorrect. Because of the complexity of audit evidence, the costs of defending a lawsuit

are significant, forcing auditors to settle, making the answer correct.

c. Correct. There is no reference in the report to audit fees not being commensurate

with the risk. Thus, the answer is not a factor.

d. Incorrect. The report notes that investors are suing companies and their auditors for

earnings downturns on a regular basis, thereby exposing auditors to extensive litigation

risk. This answer represents one of the identified factors.

3. Cornerstone Research reported that settlements are higher when which factor exists:

a. Incorrect. The report concluded that settlements are higher when the defendant asset

size is higher.

b. Incorrect. The report concluded that settlements are higher when there has been a

restatement, and a corresponding SEC action.

c. Correct. The report concluded that settlements are higher when there is a

corresponding derivative action, which yields a higher overall risk.

d. Incorrect. The report concluded that settlements are higher when there is either an

accountant or an underwriter named as a co-defendant. The reason is because

accountants and underwriters are more likely to quickly settle the case due to the risk of

losing in court.


157

4. Which recommendation was made in the Big Four report, Serving Global Capital Markets

and the Global Economy?

a. Incorrect. One of the Big Four’s recommendations was that auditing standards should

be established at the international level in lieu of the PCAOB.

b. Incorrect. One of the Big Four’s ideas for fraud detection was to let shareholders decide

the intensity of the fraud detection effort they want their auditors to perform.

c. Correct. One of the Big Four’s recommendations was that networks should be

enabled to integrate further to strengthen audit quality. The report suggests that

the current environment limits an audit firm’s ownership in some countries which

requires all owners or partners of the firm conducting audits in a jurisdiction to be

licensed to practice in that jurisdiction.

d. Incorrect. One of the Big Four’s recommendations was that the world’s accounting and

auditing standards must be harmonized and based on a principles-based system rather

than a rules-based one.


158

VII. Retaliation Against Auditors Who Issue Adverse Opinions

Few audits result in the auditor issuing an adverse opinion. But when it happens, the question

is whether the client retaliates by replacing the auditor in the next year.

Although there is no study involving adverse opinions on financial statements, there is a study

that looks at the correlation between adverse auditors’ opinions on a client’s internal control

over financial reporting (ICFR) as required by Section 404 of Sarbanes-Oxley.

Conclusions reached by the Study include:40

a. Companies receiving adverse opinions on their ICFR are consistently more likely to

dismiss their auditor in the following year.

An adverse ICFR opinion is the most consistently significant variable associated

with dismissals in a four year post-Sarbanes period.

b. Companies that dismiss their auditor after receiving an adverse ICFR opinion are more

likely to hire a larger firm and industry specialist auditors than companies dismissing

after receiving an unqualified opinion.

c. Companies that receive an adverse ICFR opinion switch auditors as part of an effort to

improve their overall financial reporting quality, or as a signal of such activities.

Observation: The results of this study are no surprise. A company’s management and board of

directors/audit committee are in a difficult position when an adverse opinion is issued on ICFR

or, for that matter, on its financial statements. In such a situation, the company has to take

action to remedy the situation. One way is to change auditors and get a fresh perspective on the

audit, suggesting that the previous auditor was somehow responsible for the deficiencies that

lead to the adverse opinion in the first place.

VIII. AICPA's Top 10 Technology Issues-2011

In 2011, based on the results of a survey of more than 2,000 AICPA members from a list of

various technologies, the AICPA announced its list of 2011 AICPA Top Technology Initiatives

Survey Results, which includes several new items that were not on the 2010 list. To no

surprise, information security continued to be at the top of the list, along with data retention

policies and structure.

40

Auditor Realignments Accompanying Implementation of SOX 404 ICFR Reporting Requirements, Michael Ettredge et al,

September 2010


159

1. Control and Use of Mobile Devices

2. Information Security

3. Data Retention Policies and Structure

4. Remote access

5. Staff and Management Training

6. Process Documentation and Improvements

7. Saving and Making Money With Technology

8. Technology Cost Controls

9. Budget Processes

10. Project Management & Deployment of New Implementations

XIX. Anti Sarbanes-Oxley Continues After Ten Years

More than ten years after the passage of Sarbanes-Oxley, third parties continue to evaluate

whether Sarbanes has been effective in restoring public confidence in the financial results

reported by public companies.

Companies within and outside the United States complain about Sarbanes-Oxley. Although the

merits of Sarbanes may have been positive in terms of cleaning up some of the abuses within

public companies, the results have, in some cases, been extreme for several reasons. In

particular, Section 404 internal control compliance requirements have been burdensome for all

companies.

In one particular survey, one third of 186 executives of Fortune 1,000 companies surveyed

favor repeal of Sarbanes, while 94 percent of CEOs surveyed stated that the cost of Section

404 compliance exceeds its benefits.41

Additionally, one survey states that Sarbanes-Oxley has resulted in a $1.4 trillion (that’s

trillion) loss in stock-market value due to the demands of implementing and maintaining the

Act’s requirements.42

1. The cost of compliance is exceeding estimates, particularly the cost of the

Section 404 certification of internal controls:43

Perhaps more has been written and promulgated about the Section 404 internal control

reporting certifications than any other section of the Sarbanes-Oxley Act.

Section 404 of the Act requires the following:

41

FEI Survey. 42

Economic Consequences of the Sarbanes-Oxley Act of 2002, Xiying Zhang, University of Rochester. 43

Surveys published by FEI and AMR.


160

a. Section 404(a) of Sarbanes: Management of a public company must assess the

effectiveness of the company’s internal control over financial reporting as of the end of the

company’s most recent fiscal year.

1) Management must include in the company’s annual report to shareholders,

management’s conclusion, as a result of its assessment, about whether the company’s

internal control is effective.

b. Section 404(b) of Sarbanes: The company’s auditor must evaluate management’s assess-

ment of internal control by taking certain steps that include:

1) Perform a walkthrough of the company’s significant processes.

2) Obtain evidence about the operating effectiveness of internal control for all relevant

assertions and significant accounts or disclosures.

3) Test and evaluate the effectiveness of the design and operating effectiveness of

internal controls.

4) Identify control deficiencies and categorize them into two categories:

Significant deficiency: A deficiency that, by itself or in combination with other control

deficiencies results in more than a remote likelihood that a misstatement of a

company’s financial statements that is more than inconsequential, will not be

prevented or detected.

Material weakness: A deficiency that, by itself or in combination with other control

deficiencies, results in more than a remote likelihood that a material misstatement of a

company’s financial statements will not be prevented or detected.

c. The auditor must issue an opinion on the effectiveness of internal control over financial

reporting, that is included in the company’s published financial statements along with the

audit report on those statements:

1) An auditor may express an unqualified opinion if the auditor has identified no material

weaknesses in internal control.

An auditor is permitted to issue a qualified or disclaimer opinion if all the

procedures considered necessary are not performed. If the overall opinion cannot be

expressed, the reasons why should be disclosed.

2) The report may disclose only material weaknesses and not significant deficiencies.

An adverse opinion is required if one or more material weaknesses in internal

control exists. The adverse opinion would apply to both management’s assertion

and the effectiveness of internal control over financial reporting.


161

What are the costs of Sarbanes-Oxley?

There have been numerous surveys conducted to determine the true cost of complying with

Sarbanes-Oxley. In general, most studies evaluate the total cost as consisting of three

components: a) audit fee, b) Section 404 compliance costs, and c) other internal/external costs

of compliance.

Although external fees to outside auditors and consultants can be quantified, determining the

internal costs can be difficult and distortive depending on what assumptions are made.

Here is what appears to be the best information on costs:

Estimated Cost of Sarbanes-Oxley Compliance

Market capitalization Estimated total costs*

Less than $75 million $850,000

$75 million to $699 million 2.5 million

$700 million or greater 5.5 million

* Consists of external audit costs, Section 404 costs, and other internal/external costs.

Source: FEI Audit Fee Survey.

Further statistics:44

1. Audit fees for 2010 increased by only 2% from 2009, further indicating that audit fees are

flat since 2007. Information on 2011 audit fees was not available at time of publication

but was expected to be similar to 2010 levels.

2. Average audit fee for all public companies in 2010 was $3.3 million and took 12,540 man

hours, for an average fee per man hour of $264.

3. The average relationship of a public company and its auditor was 21 years.

The cost of complying with Sarbanes has stabilized. This leveling off of costs suggests that the

implementation issues of Sarbanes and Section 404 compliance have been worked through by

the companies and their auditors. In general, audit fees have been very cyclical over the past

decade. During the period 2003-2006, audit fees soared in the wake of Sarbanes Oxley and

Section 404 compliance. Since 2007, audit fees have declined each year and leveled off with a

slight increase of 2% in 2010, and a small increase for 2011.

44

FEI Audit Fee Survey: Companies Report Modest Changes in Audit Fees in 2010 (June 2011)


162

Observation: Although overall Section 404 costs may have leveled off, total annual costs far

exceed the amount that was estimated by the SEC at the inception of Sarbanes to be $91,000

per year for each public company. If one uses a rough average estimated cost of $3.0 million

per public company and there are 18,000 public companies, the total annual cost of Sarbanes is

approximately $54 billion. Now, assuming Sarbanes has been in effect for nine years (2003-

2011), the estimated total cost of compliance, since inception, has been $486 billion ($54

billion x 9 years). Of course, a portion of the Sarbanes costs consist of audit fees that the

companies would incur anyway. Nevertheless, query whether the public receives anything

close to $432 billion of benefit from companies having to comply with Sarbanes-Oxley. Did

Sarbanes protect the public from the Madoff scandal or the financial crisis with Lehman

Brothers and AIG?

In September 2009, the SEC completed a study of the costs of Sarbanes-Oxley entitled, Study

of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over Financial Reporting

Requirements.

The Study is based on a six-month survey conducted by the SEC of SEC company respondents

and noted the following results in assessing the cost of Section 404 compliance, only:

Estimated Cost of Section 404 Compliance

Market capitalization Estimated total costs*

Less than $75 million $581,000

$75 million to $699 million 935,000

$700 million or greater 3.6 million

Overall average $1,783,000

* Consists of external and internal costs of compliance.

Source: Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over

Financial Reporting Requirements, SEC, September 2009.

Although the SEC study was issued in September 2009, there is little evidence that the results

have changed significantly from 2009 to 2012. In particular, by 2009, most companies had

already complied with Section 404 for several years and had resolved and corrected any

significant internal control issues.

On average, estimated costs of Section 404 compliance were $1,783,000 of which $1.2

million consisted of internal control costs and the remainder $583,000 were audit costs.

Even though the cost of complying with Section 404 is high, respondents to the SEC report

had mixed views as to whether Sarbanes is worthwhile:

72 percent that Section 404 improved their companies’ internal control structure.


163

Only 38 percent of respondents though that Sarbanes boosted their confidence in other

companies’ financial reports.

Only 22 percent stated that Section 404 raised investor confidence.

In summary, companies recognize that Section 404 compliance may improve the quality of

their companies’ internal control. However, they do not see that benefit translating into a

benefit to the investors in terms of increasing confidence in the quality of financial reports.

Dodd-Frank exempts smaller SEC companies from compliance with Section 404

Since the adoption of Sarbanes-Oxley in 2002, there has been criticism of the requirement for

small issuers (market capitalization of $75 million or less (non-accelerated filers) to comply

with Section 404 of Sarbanes.

To address some concerns, in October 2009, the SEC announced what it calls its last extension

of Section 404(b) auditor compliance certification for smaller public companies. The six-

month extension requires small public companies with a market capitalization of $75 million

or less (non-accelerated filers) to start complying with Section 404(b) auditor’s certification

report when it filed its annual report for the fiscal year ending on or after June 15, 2010.

Previously, the implementation date was December 15, 2009.

In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) was

passed. Section 989G of Dodd-Frank includes an exemption for nonaccelerated filers.

Specifically, Dodd-Frank exempts non-accelerated filers (public companies with a market

capitalization of $75 million or less) from having to comply with Section 404(b) (the auditor

certification) of the Sarbanes-Oxley Act. Section 989G also requires the SEC to conduct a

study to determine how to reduce the burden of compliance with Section 404 for companies

with capitalizations of between $75 million and $250 million. On September 15, 2010 the SEC

issued final rule 33-9142 that permanently exempts public companies with less than $75

million market capitalization from Section 404(b) internal control audit requirement.

Although smaller public companies are now exempt from the auditor certification under

Section 404(b) of Sarbanes (the auditor certification), small public companies ($75 million or

less) would still have to comply with Section 404(a) which consists of the requirement that

management assess the effectiveness of internal controls over financial reporting and include

that assessment in the company’s annual report.

2. Has the issuance of PCAOB AS No. 5 alleviated some of the concerns about

overauditing?

Prior to the issuance of AS No. 5, Section 404 of Sarbanes requires companies and their

auditors to report on internal control, and to disclose material weaknesses in internal control.


164

At that time, companies were complaining that their auditors were taking a literal view of

Sarbanes compliance, particularly as it relates to the Section 404 certification. This fact

resulted in disclosures of a record number of material weaknesses in internal control in years

through 2006. Prior to the issuance of PCAOB Auditing Standard No. 5, auditors had noted

that they were simply following the requirements of PCAOB Auditing Standard No. 2, An

Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of

Financial Statements.

It appears that relief has come in the form of a replacement standard with the issuance of

Auditing Standard 5, which superseded AS 2. Further discussion of AS 5 is noted below.

In the PCAOB’s Policy Statement Regarding implementation of Auditing Standard No. 2, the

PCAOB and others noted a list of criticisms against auditors in applying Standard No. 2:

1. Auditors were focusing too much on documentation and paperwork flow even if the

internal control was functioning.

2. There was redundancy in performing an audit for Section 404 compliance and for

reporting on the financial statements.

a. Auditors did not have a single integrated audit approach under which evidence was

gathered and tests performed that satisfied both audit objectives.

3. Auditors were using one-size-fits-all audit programs with standardized checklists that

had little to do with the unique issues and risks associated with a particular client’s

financial reporting process.

4. Auditors were not applying a risk-based approach to test for compliance with Section

404.

a. Auditors were performing too much work in low-risk areas

5. Auditors were taking too literal of a stance in not offering advice to clients in terms of

Section 404 compliance.

Note: The PCAOB notes that auditors were taking extreme positions on not giving any

advice to clients. In some instances, auditors were unwilling to give technical advice on

GAAP, and would not accept draft financial statements for review. In its Policy

Statement, the PCAOB stated that auditors were permitted to give advice on the

application of GAAP and could look at draft financial statements.

6. Auditors were applying arbitrary standards to determine when a company had reached

the threshold of having “material weaknesses” in internal control.


165

PCAOB Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting

That Is Integrated with An Audit of Financial Statements

Under PCAOB Standard 2 (AS2), an auditor of a public company was required to issue two

opinions on a company’s financing statements: Opinion 1 was on management’s assessment of

internal control, while Opinion 2 was on the effectiveness of internal control.

Since AS2’s issuance, there had been two fundamental criticisms of the Statement’s

application:

1. Although there have been significant benefits to the Statement, they have come at a far

greater cost than anticipated.

2. There has been considerable confusion as to how to apply AS2 so that auditors have

sided on overauditing.

In response to criticisms about AS2, the PCAOB issued Auditing Standard No. 5, (AS5), An

Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of

Financial Statements. AS5 superseded AS2.

AS5 is a principles-based standard designed to focus the auditor on the most important matters,

increasing the likelihood that material weaknesses will be found before they cause material

misstatement of the financial statements. The standard also eliminates audit requirements that

are unnecessary to achieve the intended benefits, provides direction on how to scale the audit

for a smaller and less complex company, and simplifies and significantly shortens the text of

the standard.

Specific requirements of the statement include the following:

a. Auditors focus on those areas that present the greatest risk that a company’s internal control

will fail to prevent or detect a material misstatement in the financial statements.

b. Auditors no longer have to opine on whether management’s assessment of its internal

controls is fairly stated (Opinion 1). Auditors issue an opinion on whether the internal

controls are effective.

AS5 eliminated AS2’s detailed requirements to evaluate management’s own evaluation

process and clarifies that an internal control audit does not require an opinion on the

adequacy of management’s process.

c. Auditors now have flexibility to make their audits more scalable for smaller companies so

that the cost of the internal-control audit is more proportionate to the size and complexity of

the company. Materiality is factored into the auditor’s audit to eliminate the current too

detailed focus on internal control.


166

d. Auditors apply a top-down approach to the audit of internal control under which the auditor

identifies the controls to test by starting at the top at the financial statements and company-

level controls.

e. The standard requires risk assessment at each of the decision points in the top-down

approach and requires a risk-based approach to multi-location testings.

f. Auditors are no longer precluded from referencing the work of the internal auditor in the

internal control opinion.

g. The standard makes clear that the auditor should use the same consideration of account-

level materiality in determining the nature, timing, and extent of his or her procedures in

the audit of internal control as used in the financial statement audit.

h. The standard eliminates procedures that the Board believes are unnecessary to an effective

audit of internal control including allowing the auditor to reduce procedures in areas of

lower risk.

i. The standard allows the auditor to utilize the direct assistance of others when performing

walkthroughs of all major classes of transactions.

AS5 was effective for all audits of internal control for fiscal years ending on or after November

15, 2007.

Observation: The SEC asserts that AS5 has made dramatic improvement in simplifying the

application of Section 404. In its report, the SEC noted that estimated total costs of compliance

for those companies that had already been complying with Section 404(b) dropped 19 percent

from $2.8 million before AS5 to $2.3 million after AS5 had been implemented.45

Does the market still punish companies that have restatements?

In the early 2000s, after Enron and other financial frauds, investors appeared less forgiving

about earnings restatements. At that time, a restatement was considered a red flag for financial

statement fraud, regardless of whether the restatement was a result of an intentional or an

unintentional (voluntary) misstatement. There was evidence that suggested that the market had

no tolerance for restatements and actually punished companies on both a short- and long-term

basis, if they did issue restatements.

In a one study, published by Min Wu of the New York University Stern School of Business,46

the Study reached conclusions such as:

45

Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over Financial Reporting Requirements, SEC,

September 2009. 46

A Review of Earnings Restatements (Min Wu- New York University Stern School of Business).


167

A restatement is generally considered bad news by the market.

The market reacts quite negatively to a restatement by penalizing the stock price for the

three-day period after the restatement announcement.

Restated companies lose credibility in the marketplace as investors rate their earnings as

being a lower quality after the announcement is made.

Since the Min Wu Report was published, the market has become used to restatements with

several years of significant restatements. The question is whether the market still punishes

those companies that restatement their financial statements or has the market become exposed

to “restatement fatigue.”

Another study was published that suggests that the public has not changed its reaction to

restatements as follows:47

The magnitude of the market reaction to restatement filings has not diminished with the

increased frequency of restatements.

How an entity discloses its restatement (with or without filing an 8K) suggests how the

market will react to a restatement. Change in stock price and trading volume was

significant if an entity filed an 8K versus if it did not.

Evidence also exists that the markets look upon material weaknesses unfavorably and can

severely punish a company with a drop in its stock price for a 60-day period after the

deficiency is announced. Consider the following chart that illustrates this point:

Impact of Reported Weaknesses on Stock Price

Type of deficiency

% Decline in Stock Price

Days after restatement filing

One day 7 days 30 days 60 days

All deficiencies (.72%) (.71%) (1.35%) (3.75%)

Material weakness:

Financial systems/procedures (.34%) (.71%) (1.35%) (3.75%)

Insufficient accounting staffing (.92%) (1.19%) (2.31%) (4.80%)

Documentation (.14%) (.12%) (.41%) (5.29%)

Revenue recognition (1.04%) (.12%) (.41%) (5.29%)

Lease accounting (1.39%) (.71%) (.13%) (.86%)

Tax accounting (.27%) (1.20%) (4.22%) (5.77%)

Other (2.59%) (2.15%) (.06%) (3.31%)

All material weaknesses (.67%) (.90%) (1.96%) (4.06%)

Qualified opinion (.23%) (.66%) (2.30%) (3.56%)

Source: Glass Lewis & Co., FactSet

47

Restatements: Investor Response and Firm Reporting Choices, Plumlee and Lonbardi Yohn.


168

Observation: The table data illustrates that the market is particularly sensitive to material

weaknesses by punishing companies with a drop in market value of approximately 3 to 5% by

60 days after the deficiency announcement. Material weaknesses due to personnel issues,

documentation, revenue recognition, and tax accounting have the most significant effect on

stock price, all driving stock price down by approximately 5% by 60 days after the restatement

announcement.

Based on the Glass Lewis study previously noted, material weaknesses in internal control due

to tax-related issues have yielded a 5.77% decline in the company’s stock value 60 days later.

Clearly, that fact is an incentive to tighten up a tax department’s internal control.

Companies have lost important advisors

One criticism of Sarbanes is that auditors are reluctant to give advice in fear that they may taint

their independence. This cautious approach is resulting in criticism of the Big 4 by their

clients. Specifically,

a. Companies are concerned that they no longer share strategies, ideas and proposals with

their auditors, particularly those related to tax issues.

b. Companies can no longer consider the Big 4 as trusted advisors and are reluctant to ask

them for advice.

c. There is more of an adversarial relationship between the auditors and their clients.

3. Some European companies are delisting from the U. S. exchanges:

There are 470 non-U. S. companies listed on the NY Stock Exchange, with a combined market

capitalization of $3.8 trillion, or 30% of the total exchange’s capitalization. Many are ques-

tioning whether it makes sense to stay listed in the United States.

4. Smaller companies are fed up and going private:

The significant cost of complying with Sarbanes has resulted in many small companies going

private and has held off several public offerings of small businesses.

According to a Wall Street Journal report,48

400 U.S. public companies have “deregistered”

their stock and gone private since Sarbanes. A survey of some of those companies suggested

that many of the advantages of staying public no longer exist including:

1. Access to public market capital is no longer important: Private capital is abundant from

sources including venture capital companies due to the availability of real time information;

48

As published in So, Why Be Public? (CFO)


169

investors can provide private capital to companies without the need of the public markets to

monitor those companies.

2. Smaller public companies do not benefit from the public markets like the larger companies

do: Larger companies such as General Electric and Microsoft benefit from the public

markets through liquidity and coverage from analysts. Smaller to mid-sized companies do

not receive the needed liquidity from the public markets as institutional investors ignore

them, and analysts and banks do not give them adequate coverage due to lack of significant

investment banking fees.

3. Private companies can now attract top executive talent as many CEOs and CFOs would

prefer to work for a private company in the wake of the Sarbanes requirements: Many

CEOs and CFOs are concerned about the personal legal liability and risks to personal

reputation associated with working for a public company.

4. The direct and indirect costs of staying public exceed the benefits: Both the financial and

regulatory costs of staying public continue to increase with Sarbanes. Because most public

investors do not understand the financial information they receive from public companies,

they are more inclined to sue the companies upon being injured.

According to Grant Thornton, the number of U. S. public companies announcing privatization

plans increased 30 percent since Sarbanes-Oxley Act became effective.49

The typical successful going private transaction that has occurred involves:

a. A relatively small company with revenues around $80 million and a market

capitalization of $40 million

b. Fairly inexpensive price per earnings ratio (5.5 times EBITDA)

c. A company in the consumer, information technology, or industrials sectors

d. An acquisition by management using private capital

In the SEC’s recent report50

, respondents were asked a serious of questions related to Section

404 compliance. 69.7 percent stated that they somewhat or very seriously considered going

private and 77 percent stated they considered delisting, due to Section 404.

These results are consistent with other surveys which demonstrate that smaller SEC companies

are disenchanted with the additional compliance required by Sarbanes with particular

frustration with Section 404 requirements.

49

More Small to Mid-Size Public Companies Contemplating Going Private (Grant Thorton) 50

Study of the Sarbanes-Oxley Act of 2002 Section 404 Internal Control over Financial Reporting Requirements, SEC,

September 2009.


170

What is the cost to stay public?

According to one study, the estimated total costs of a company with less than $1 billion of total

sales staying public was $2.8 million and more than $11 million for a company with more than

$1 billion of sales.

Key elements of total costs were audit fees and lost productivity from Sarbanes as summarized

in the following chart:

Cost of Staying Public Annual sales level

Under $1

billion

$1 billion

or more

D&O insurance $356,000 $1,820,000

Audit fee 1,184,000 5,800,000

Legal fees 200,000 226,000

Board fees 371,000 743,000

Lost productivity compensation 290,000 2,460,000

Other Sarbanes costs 177,000 222,000

Corporate governance set up costs 241,000 226,000

Estimated total costs $2,819,000 $11,497,000

Source: The Cost of Being Public in the Era of Sarbanes-Oxley, Foley and Lardner, LLP

Observation: The table illustrates the significant cost of being public in the Sarbanes

environment. Although overall Sarbanes-Oxley costs have leveled off, the total cost calls into

question whether it is worth it to remain or become a public company.

For the smallest of public companies, those with annual sales of less than $250 million, the

burden of staying public is most great and disproportionate to sales. In particular, one study

showed that the cost of complying with Section 404 costs a company with sales of less than

$250 million is disproportionately high at $1.56 million, while that cost increases to only $2.4

million for companies with sales in the $1 to 2 billion range.51

5. Board members are concerned about Sarbanes and now Dodd-Frank

If you were asked to become a member of the Board of Directors of an SEC company, would

you? Would you accept a position on that company’s audit committee?

Many existing board and audit committee members are asking this question in light of the

recent changes made by the Sarbanes-Oxley Act. In the post-Act environment, serving as a

board member or on a company’s audit committee may not be worth it for several reasons:

51

A.R. C. Morgan study


171

1. Under the Act, in the wake of the recent scandals, board and audit committee

members are required to spend much more time in their capacity focusing on the new

corporate governance rules and examining more data. Board members are finding it

difficult to find adequate time to serve on multiple boards at the same time.

2. The Act precludes board and audit committee members from receiving any personal

benefit from the company that it serves. The days of receiving consulting fees or

contracts from the company that is served are gone.

3. Liability claims against board and audit committee members have risen.

4. Additional travel requirements are playing a toll on board and committee members.

5. Directors and Officers (D&O) insurance coverage is lacking.

For some board and audit committee members, the additional effort and risk relative to the

compensation is simply not worth it. Consequently, many companies are having trouble

attracting the best and brightest to serve on their boards. In a recent Wall Street Journal article,

one board member noted that he would spend an additional 100 to 200 hours per year (total of

300 hours) serving as a board member as compared with prior years.52

What is the basis for lawsuits against board members?

Under Sarbanes, lawsuits have focused on three sections of the Act, including:

1. Section 404: Directors’ and officer’s assessment of internal controls

2. Section 204: Auditor’s reports to audit committees

3. Section 302: Corporate responsibility for financial reports

Observation: One particularly disturbing case related to Cray, Inc. Management notified the

SEC that it uncovered material deficiencies in eight of its internal controls. Deloitte & Touche

noted the material weaknesses in its Section 404 report. The shareholders filed a class-action

lawsuit alleging that the audit committee violated sections of Sarbanes and that they knew

about the problem and did not take action. The company’s management denied wrongdoing in

response to the suit.

What about D&O insurance?

“I lie awake sleepless at night worried that I might lose my house due to some stupid

class-action suit and there’s not enough insurance to cover claims against the Board.

Frankly, I would rather resign and play golf!”

Worried Board Member of SEC Company

52

Meetings, Meetings, Meetings (Wall Street Journal)


172

In recent years, the scope of D&O insurance coverage has shrunk while its cost has risen. The

greatest risk for board members is that a claim will not be covered by the D&O policy thereby

exposing members to personal liability. This risk is real and has resulted in many qualified

persons choosing not to accept positions on boards of public companies. One recruitment firm

noted that close to 30 percent of 1,000 respondents to an annual directors’ survey had turned

down board member invitations as compared with only 13 percent in the pre-Sarbanes years.53

One example was the settlement of WorldCom in which $55 million of claims were funded by

only $35 million of D&O insurance coverage, leaving board members with $20 million of

personal liability.

The result is that board members are paying more attention to the coverage found in the

company’s D&O policy.

Those looking into their D&O insurance coverage are startled by what they find:

1. No major insurance carrier offers compliance-specific insurance products such as those

required by Sarbanes-Oxley’s section 404.

2. Some policies exclude coverage for negligent acts under Sarbanes while others include

such coverage if there is a compliance-related claims coverage provision.

3. Some policies pay for compliance-related claims, such as those from section 404, but do

not include the SEC and other penalties and fines that relate from such claims.

4. Some policies cover claims initiated based on acts occurring during the covered period.

Example: An act that occurs in 2011 and brought in 2013 might not be covered by a

policy in effect for 2011.

5. Some policies include a “defense allocation” provision that allows the insurance

company to pay only a portion of legal defense costs when a litigant alleges both

covered and non-covered claims.

In some cases, directors are required to spend their own money to pay for a portion

of the legal bills in court cases.

In the post-Sarbanes era, the cost of D&O insurance has actually increased right after

Sarbanes-Oxley in 2002 and 2003, and then has decreased each year through 2011: 54

In

particular:

53

Survey conducted by Korn/Ferry, a recruitment firm. 54

Directors and Officers Liability: Survey, Tillinghast/Towers Perrin, and Quarter D&O Insurance Pricing Index, Aon

Insurance Company.


173

D&O insurance premiums rose by approximately 33 percent from 2002 to 2003.

Premiums dropped by 46 percent from 2004 to 2006 and dropped another 5 to 7 percent

in 2007 and 2008.

Premiums declined slightly in 2009 and 2010 as the number of lawsuits filed declined.

In 2011, premiums continued to decline by approximately 2 percent55

.

The risk of shortfall in D&O insurance

There are two types of D&O insurance: Side A which covers the directors and Side B which

covers the company. Many companies increase Side A coverage because the company may not

be able to indemnify the directors itself due to a lack of net assets or due to state law

precluding companies from doing so. Additionally, if shareholders bring a suit against directors

and officers on behalf of the company, the company is precluded from indemnifying the

directors and officers for legal-defense costs. Thus, the directors get their own Side A

insurance and the company pays the premium. According to one insurance company, only 9

percent of directors and officers received partial or no indemnification from their companies

when charged in securities-litigation cases.56

Few directors and officers have had to fund claims personally. Perhaps the most shocking

exception is WorldCom where eleven former board members settled a claim against them that

resulted in their paying $20.2 million out of their own pockets. The D&O insurance paid the

remainder of the claim in the amount of $35 million. Other third parties, including more than a

dozen banks have already agreed to settlements aggregating $6 billion in total. There may also

be additional claims against directors and officers at Enron.

What every director needs to know about the post-Sarbanes environment

The landscape for directors has changed in the post-Sarbanes environment. Not only are

directors having to invest more time into their duties, but they also face the unknown of having

to be responsible for a set of rules under Sarbanes-Oxley, that have not been clarified by the

SEC, PCAOB and the courts.

In one article entitled, What Every Director Should Know About the New Environment, the

author makes the following observations about directors operating in today’s business climate.

1. The Board’s role in setting the tone for an organization’s culture and its ethics has

become increasingly more important.

55

Advisen, Ltd. 56

Tillinghast Co.


174

2. With greater emphasis being placed on Sarbanes compliance, board members need to be

concerned about applying a “check the box” approach and reading the rules too

narrowly.

3. The courts, in particular those in Delaware, are now shaping a new set of rules defining

the “good-faith obligation” of directors.

4. There are generally two parts to the good-faith obligation:

a): Duty of loyalty and care.

5. Courts are looking at directors’ behavior more closely than ever.

a) Board members need to:

Come to board meetings prepared

Have thorough discussions in the boardroom

Ask hard questions of management

Apply sound judgment to make the right decisions.

6. Board members must be actively engaged to search for outside information about their

company.

Note: The courts are holding that simply relying on company-generated information is

insufficient.

7. Board members need to be educated on important “hot” topics such as executive

compensation, etc.

8. There is greater pressure being placed on ensuring there is a separation between the

CEO and chairman of the board.

9. There is greater importance on boards establishing a strong succession plan for its CEO

and other executives.

What do the directors think about the new environment?

PWC published a study entitled, What Directors Think. The study was based on interviews of

more than 1,200 corporate directors about how they are coping with the new demands on their

time and talent.

Excerpts from the study follow:

a. Director compensation has increased for 60% of the respondents over the past 12

months.


175

b. 92% believe the audit committee chairman should receive additional compensation.

c. 77% believe that Congress should revisit Sarbanes-Oxley Act and correct some of the

unintended consequences.

d. 82% believe their companies are ready for Section 404 of Sarbanes-Oxley.

e. 75% state their former CEO should not sit on the board.

f. 68% state that they believe their risk as a director has increased over the past 12 months.

In an article entitled “Things to Do When Asked to Serve as a Director/Audit Committee

Member (Besides Saying “No”), the author provides some valuable insights into the future

roles of audit committee and board members:

1. Audit committees bear increasingly greater responsibilities and public exposure these

days, and committee members’ duties are becoming more complex.

2. Audit committee members have greater exposure to litigation than Board members, yet

do not get paid as much or not at all.

3. Audit committees should take several actions to protect themselves:

a. Always meet prior to each quarterly release to oversee the process.

b. Make sure the audit committee and board are involved in reviewing the MD&A.

c. Meet with the auditors.

4. Indemnification, exculpation and D&O insurance:

a. Make sure that the company has adequate insurance and that the duties and functions

are limited.

The challenges of the audit committee

A role of greater risk than serving on the company’s board is serving on its audit committee.

In fact, the role of the audit committee chairman is by far, the riskiest of all board members.

Historically, in the pre-Sarbanes environment, the audit committee, in particular its chairman,

is responsible for safeguarding the integrity of the company’s financial controls and

disclosures. Now, under the Act, that responsibility has been enhanced with new corporate

governance rules. In particular, audit committees must do the following:

a. Select and hire the external auditors


176

b. Review internal controls

c. Resolve accounting disputes and monitor disclosures

d. Select one audit committee member to be a designated “financial expert” who is

familiar with GAAP.

Another study asked board members to identify those areas of concern. The respondents listed

the following risks (other than financial risks) as being most important.

Type of risk

%

Respondents

Regulatory compliance risk 68%

Reputational risk 54%

IT risk 33%

Product risk 32%

Fraud risk 27%

Concerns About Risks Confronting Boards, Eisner, LLP

6. CEOs and CFOs beware- the “deer in headlights” defense does not work

In a criminal case, is an effective defense strategy for the CEO or CFO to claim he or she did

not know what was going on inside the company? Apparently this approach is not work as

evidenced by recent cases.

First there was Bernie Ebberts, former WorldCom CEO. Ebberts was found guilty of securities

fraud, conspiracy, and seven counts of filing false statements with the SEC and received a life

sentence.

What is most important about this case is not the verdict but rather the fact that the jury

repudiated the “aw shucks” defense made by Ebbers. Others may call it the “deer in

headlights” defense.

Specifically, Ebbers asserted that he was not aware of the billions of dollars of improper

accounting adjustments being made and that as the CEO of a sizeable company, he was not

responsible for the details that occurred below his position. 57

The fact that Ebbers was such a

detail-oriented executive that kept track of the cost of office coffee filters did not help his

defense.

CEOs are on notice that basing a defense on the fact that the CEO did not know the details

might not be sufficient to persuade a jury of the CEO’s innocence.

57

AccountingWeb.Com.


177

A second involved the high-profile Kenneth Lay, former CEO of Enron. Lay took a similar

defense during his trial during which he claimed not to know what was going on inside his own

company. He also was found guilt of various securities laws. Lay died before being sentenced.

What is the moral of the story? It appears that juries want executives to be responsible for

what goes on in their companies. Claiming that a company is too large and that other

executives and employees are responsible for the details is not a sufficient defense in the event

of a criminal securities law violation.

7. The continued trickle down effect of Sarbanes on nonpublic entities

When Sarbanes was adopted in 2002, the Congressional record stated that it was not intended

to be applied to any organization other than public companies. Yet, the opposite effect is

occurring.

As expected, Sarbanes has indirectly impacted accountants and auditors at all levels for several

reasons:

a. There has been and continues to be a major increase in the number of new GAAP and

GAAS statements being issued that apply to all entities, public and nonpublic, alike. For

example, FIN 46R dealing with consolidation of variable interest entities is a direct result

of requirements under Sarbanes Oxley focused on public companies.

b. Many states have adopted portions of the Sarbanes-Oxley Act in their accountancy acts

with those provisions applying to all auditors, including those that audit nonpublic entities.

1) At least 25 states have passed some legislation that applies some portions of Sarbanes to

nonpublic entities and their auditors.

2) New York, California, Connecticut and New Jersey have been the most active in

proposing or passing portions of Sarbanes for their states.

c. With the increase in audit and accounting rules, auditors continue to be required to perform

more audit work the cost for which may be difficult to pass on to clients in fixed-fee

engagements.

d. 87% of respondents to a survey felt that Sarbanes had impacted their organization. (97%

of non-profits were impacted).


178

The Trickle Down Effect of Sarbanes-Oxley to Auditors of Non-Public Companies

At the state level, several states have introduced legislation that adopts portions of the

Sarbanes-Oxley Act into their state accountancy acts. Although the Sarbanes-Oxley Act affects

SEC auditors only, many states are applying its provisions across the board to all auditors,

including those who audit nonpublic entities.

Many states have adopted several elements of Sarbanes applicable to all accountants and

auditors, including those for private companies. Some of the more common changes either

passed or pending include:

Requiring a mandatory workpaper retention policy of seven years

Changing financial statement fraud from a misdemeanor to a felony

Changing the accountancy board makeup so that CPAs make up a minority of the board

members

Restricting accountants and auditors from performing certain nonattest work for their

attest clients

In addition, the changes made by the PCAOB to auditing standards at the public company

level, has resulted in a more aggressive Auditing Standards Board issuing numerous new

auditing standards affecting only nonpublic company auditors.

Some private companies have voluntarily adopted some Sarbanes provisions

Sarbanes-Oxley Act of 2002

More GAAP and GAAS

pronouncements issued

by the FASB and ASB

State Accountancy

Acts being changed to

include certain

Sarbanes-Oxley

provisions for ALL

auditors

More audit work in a

fixed-fee environment


179

One survey suggested that some private companies have chosen to adopt certain segments of

Sarbanes for various reasons. Some outside auditors, board members and third parties have put

pressure on companies to adopt portions of Sarbanes.

Following is a summary of one survey noting the source of pressure on private companies to

adopt certain provisions of Sarbanes:

Observation: The results of the survey illustrate that in approximately one third of the cases,

outside auditors were the source of pressure on private companies to adopt portions of

Sarbanes.

Another point made by the survey and not included on the above-noted table is that non-profits

are more likely to voluntarily implement portions of Sarbanes (80%) as compared with private

for-profit organizations (64%).

Which Sarbanes provisions have been adopted by private companies?

In general, private companies have adopted the least expensive provisions of Sarbanes which

were estimated to be approximately $159,000 for for-profits and $104,000 for non-profit

organizations. Few, however, have adopted the stringent Section 404 compliance requirements.

The most popular Sarbanes provisions adopted include:

Private Companies Adopting Provisions of Sarbanes:

Source of Pressure

Party % of cases

Customers 14%

Lenders 13%

Insurance companies 5%

Investors 4%

Outside auditors 36%

Board members 46%

Self-imposed 70%

Source: The Impact of Sarbanes-Oxley on Private &

Nonprofit Companies, Foley & Lardner LLP


180

Sarbanes Provisions Adopted by Private Companies

%

respondents

Implement

Audited financial statements 93%

Establish a corporate ethical code 88%

Disclosure of critical accounting policies and estimates 73%

Disclosures of off-balance sheet and contingent liabilities 81%

Establish independent directors 82%

Establish an audit committee 84%

Board approval of non-audit services 71%

Establish whistle-blower procedures 70%

CFO/CEO financial statement certification 59%

Note: The above percentages represent an entire pool of private companies surveyed. A closer

look suggests that Sarbanes is more important to larger private companies ($300 million and

more of sales) than smaller ones (less than $300 million). For example, 94 percent of larger

private companies either have or plan to establish an independent board of directors while only

72 percent of smaller companies do.

Additionally, there is more action to implement segments of Sarbanes among non-profits

where there are a greater number of stakeholders.

8. CFOs want to change Sarbanes

CFOs and other financial executives were asked to respond to the following questions in a

recent survey.

Which of the following statements about Sarbanes-Oxley are true for you?

Complying with Sarbanes has made my job less satisfying 49%

Sarbanes has significantly increased my workload 75%

Sarbanes has made me consider a career outside of finance 16%

Sarbanes has elevated the stature of my job within the company 26%

Sarbanes will be good for my career 29%

None of the above 8%

If Congress were to revisit Sarbanes-Oxley, what three provisions would you like to see

substantially revised or repeated?

Section 404 internal control assessment 74%

Section 409 real-time issuer disclosures 43%

Section 201 limits on services audit partner can provide 41%

Section 203 audit-partner rotation 28%

Section 302 executive certification of financial reports 24%

Section 406 senior executive code of ethics 10%

Section 806 whistle-blower protection 10%

None 19%


181

How would you revise Section 201 limits on services audit partner can provide?

Allow audit partners to provide a client with unlimited services 8%

Allow audit partners to provide some additional consulting services, but

not tax

33%

Drop it 7%

Leave as is 48%

How would you revise Section 203 audit partner rotation every 5 or 7 years?

Require audit-partner rotation later (such as every 10 years) 18%

Require audit partner rotation every 3 years 9%

Drop it 18%

Leave as is 57%

How would you revise Section 302 executive certification of Financial report?

Lessen penalties for violations 8%

Require board members to also certify financial reports 15%

Allow executives to certify to best of knowledge and belief 55%

Have quarterly certifications apply only to charges in disclosure controls

and procedures

26%

Drop it 2%

Leave as is 29%

How would you revise Section 404 and its related Auditing Standard No. 2?

Require attestation/remediation of internal controls less often, such as

every 3-5 years

46%

Allow for greater input from independent auditor before attestation

phase

48%

Drop requirements that auditors review management’s assessment of

internal control

22%

Allow auditors to rely more on work of internal auditors 60%

Raise threshold of what constitutes a significant deficiency 70%

All costs of Section 404 to be capitalized 11%

Drop it 12%

Leave as is 5%

Would you favor or oppose a proposal to require the rotation of audit firms?

Favor 20%

Oppose 64%

Not sure 15%

What one provision of Sarbanes has been the most beneficial to your company/

shareholders?

Section 404 internal-control assessment 35%



Section 806 whistle blower protection 7%


182




None 23%

What one provision of Sarbanes has been the least beneficial to your company/

shareholders?

Section 404 internal-control assessment 24%




None 11%

Section 806 whistle blower protection 8%



Do you think having to comply with Sarbanes has affected your company’s

earnings performance?

Yes 67%

No 33%

If yes, by what percentage?

All companies (2.9%)

Companies under $500 million in revenue (4.5%)

Companies with $500 million or more in revenues (2.1%)

CFO Magazine survey of 237 financial executives

9. The move to dump the PCAOB fails

Sarbanes-Oxley established the Public Company Accounting Oversight Board (PCAOB)

which acts as overseer of public company audits. Since its inception in 2003, much of the

criticism of Sarbanes has rested with the PCAOB and the issuance of its strict overreaching

auditing standards For auditors of SEC companies.

Until recently, it appeared payback was in the works with a court case that could have

eliminated the PCAOB, altogether.

In December 2009, the United States Supreme Court heard a critical case involving an attempt

to dissolve the PCAOB on the grounds that it is unconstitutional.

The case started in 2006 with The Free Enterprise Fund and a Nevada CPA firm, Beckstead

and Watts, LLP, filing a lawsuit that challenged the legal authority of the PCAOB. Although

several legal arguments were made, the crux of the case was that the PCAOB violates Article

II of the U. S. Constitution, referred to as the appointments clause. The plaintiff asserted that

the PCAOB comes under Article II and therefore must be appointed by the President of the


183

United States with the consent of the U. S. Senate, and not the SEC. Under the current system,

the PCOAB is a non-governmental body that is appointed by and reports to the SEC, with the

President having no direct control over the PCAOB. The only way that the President can

assert control over the PCAOB is the threaten to fire the SEC Chairman if he or she does not

exert pressure over the PCAOB.

What initiated the litigation was criticism by the PCAOB of a CPA firm’s inspection report.

The firm alleged that the PCAOB was not a legal body and had no right to perform any

inspections of public company auditors.

A second underlying issue that drove the lawsuit was the claim that the costs for small public

companies to operate under Sarbanes and the PCAOB are unreasonably high and force such

small companies out of business, delist, or move to a foreign country exchange.

The plaintiffs lost the case as well as the appeal in the U. S. Court of Appeals (in D. C.),

leading to the ultimate showdown in the United States Supreme Court.

Finally, in 2010, the Supreme Court ruled 5 to 4 retained the legitimacy of the PCAOB by

confirming that the President has “adequate control” over board-member appointments at the

PCAOB. The Court ruling also confirmed that the SEC’s commissioners can remove PCAOB

board members.

XX. The Impact of Dodd-Frank on Auditors

In 2010, the President signed into law the Dodd-Frank Wall Street Reform and Consumer

Protection Act. The two primary goals of Dodd-Frank are to lower the systemic risks to the

financial system and enhance consumer protections.

Dodd-Frank makes monumental changes to many aspects of the financial services industry.

Embedded in Dodd-Frank is a series of disclosures that public companies will be required to

disclose in many of their public reports including those issues quarterly, annually and proxy

statements. Obviously, auditors and board members must be aware of the disclosures:

1. Section 951: Shareholder vote of executive compensation: Not less frequently than once

every three years, there shall be a shareholder vote to approve the compensation of

executives

2. Section 952:

a. Independence of compensation committee members: Each member of the

compensation committee of the board of directors of an issuer must be a member of

the board of directors and be independent.


184

b. Independence of compensation committee advisers: The compensation committee of

an issuer (public company) may only select a compensation consultant, legal

counsel, or other adviser to the compensation committee who is independent.

3. Section 982: Makes auditors of broker-dealers subject to Public Company Accounting

Oversight Board (PCAOB) oversight.

In addition, Dodd-Frank provides a series of required disclosures that auditors and board

members should understand. Following is a chart that summarizes those disclosures.

New Disclosures Under Dodd-Frank Act

Section and required disclosure When required Section 942: Requires issuers of asset-backed securities, at a

minimum, to disclose asset-level or loan-level data, including:

data having unique identifiers relating to loan brokers

or originators

the nature and extent of the compensation of the broker

or originator of the assets backing the security, and

the amount of risk retention by the originator and the

securitizer of such assets.’’

Registration statements

Section 951: Requires disclosure of:

any agreements that a company has with its executive

officers concerning any compensation that a company

will pay out to its executive officers that is based on

the acquisition, merger, consolidation, sale, or

disposition of substantially all of the assets, and

the total compensation that may be paid and the

conditions upon which it will be paid

Proxy or consent material

Section 952: Requires disclosure of whether:

a company’s compensation committee retained or

obtained the advice of a compensation consultant, and

the work of the compensation consultant has raised any

conflict of interest and, if so, the nature of the conflict

and how the conflict is being addressed.


Section 953: Require disclosure of:

the median of the annual total compensation of all

employees of the issuer, except the chief executive

officer (a)

the annual total compensation of the chief executive

officer (or any equivalent position) of the issuer (b),

and

the ratio of (a) to (b).



185

Section 955: Requires disclosure as to whether any employee

or member of the board of directors is permitted to purchase

financial instruments that are designed to hedge or offset any

decrease in the market value of equity securities:

granted to the employee or member of the board of

directors as part of the company compensation, or

held, directly or indirectly, by the employee or member

of the board of directors.


Section 1502: Requires disclosure when a company uses

“conflict minerals” (gold, wolframite, columbite-tantalite, etc.)

that are necessary to the functionality or production of its

product (such as jewelry manufacturing, etc.):

whether conflict minerals originated in the Democratic

Republic of the Congo (DRC) or an adjoining country.

Note: If “conflict minerals” did originate in the DRC,

the company must submit an audited report to the SEC

that includes a description of the measures taken to

exercise due diligence on the source and chain of

custody of such minerals.

a description of the products manufactured that are not

DRC conflict free, the entity that conducted the

independent private sector audit, the facilities used to

process the conflict minerals, the country of origin of

the conflict minerals, and the efforts to determine the

mine or location of origin with the greatest possible

specificity.

Note: “DRC conflict free” means products that do not

contain minerals that directly or indirectly finance or

benefit armed groups in the Democratic Republic of the

Congo or an adjoining country).

Annual reports and filings

Section 1503: If a company or its subsidiary is an operator of

a coal or other mine, the company must disclose the

following:

1. For each coal or other mine:

the total number of violations of mandatory health or

safety standards that could significantly and

substantially contribute to the cause and effect of a coal

or other mine safety or health hazard for which the

operator received a citation from the Mine Safety and

Health Administration

the total number of orders

Quarterly and 8K reports


186

the total number of citations and orders for

unwarrantable failure of the mine operator to comply

with mandatory health or safety standards

the total number of flagrant violations

the total number of imminent danger orders issued

the total dollar value of proposed assessments from the

Mine Safety and Health Administration

the total number of mining-related fatalities

the receipt of an imminent danger order issued by the

Federal Mine Safety and Health Act, and

the receipt of written notice from the Mine Safety

and Health Administration that the coal or other mine

has a pattern of violations of mandatory health or

safety standards that are of such nature as could have

significantly and substantially contributed to the cause

and effect of coal or other mine health or safety

hazards, or the potential to have such a pattern.

2. A list of such coal or other mines, of which the company or

its subsidiary is an operator, that receive written notice

from the Mine Safety and Health Administration of:

a pattern of violations of mandatory health or safety

standards that are of such nature as could have

significantly and substantially contributed to the cause

and effect of coal or other mine health or safety

hazards, or

the potential to have such a pattern.

3. Any pending legal action before the Federal Mine Safety

and Health Review Commission involving such coal or

other mine.

Section 1504: Requires each resource extraction company (oil,

natural gas, or minerals) to disclose any payment made by the

company (directly or indirectly) to a foreign government or the

Federal Government for the purpose of the commercial

development of oil, natural gas, or minerals, including:

the type and total amount of such payments made for

each project of the resource extraction issuer relating to

the commercial development of oil, natural gas, or

minerals, and

the type and total amount of such payments made to

each government.

Annual reports and filings

Source: Dodd-Frank Wall Street Reform and Consumer Protection Act (2010)


187

There are other bills pending that would require companies to disclose information ranging

from political contributions to details about business dealings with Iran.

Observation: As you look at the list of disclosures required in Dodd-Frank, few of them have

anything to do with providing meaningful information to investors. Instead, information such

as the purchase of conflict minerals in the Democratic Republic of Congo, or the safety record

of coal mine operators, are politically charged and most likely forced into the Dodd-Frank law

by constituents with an agenda. Because Congress funds the SEC, it can use the SEC to force

public companies to adopt certain actions to avoid being “shamed” through public disclosure.

For example, shareholders of a diamond company may not care whether the company

purchases diamonds from the Congo as long as the company is profitable and stock price

remains high. Now change that fact as the company is required to disclosure that it purchases

certain materials from the Congo. Once that disclosure becomes public, stakeholders may

place pressure on the company to change its policy to avoid the publicity that may result from

the disclosure. Similarly, it should be irrelevant how much a company pays its executives in

relation to its employees as executive compensation is generally the responsibility of a

company’s board of directors who, in turn, represent the shareholders. Section 953 of Dodd-

Frank adds a new disclosure in which a company is required to disclosure the ratio of

compensation made to its employees as a multiple of executive compensation. Why is this

information relevant if the company has a board of directors? The answer is that it is not

relevant and is required solely to appease certain groups that believe executives are overpaid.

In light of the recent expansion of company disclosures lead by Dodd-Frank, one has to ask

where disclosures are headed and whether Congress, through the SEC, will continue with its

effort to expand company disclosures as a means to promote a political agenda instead of doing

its job, which is to protect investors within the marketplace.

XXI. Whistleblowing- The New Profession Acts Like the Oldest

Profession

As the author discussed earlier in this course, one of the most effective ways in which a

company can prevent fraud is to have a tip hotline of whistleblowing mechanism within the

organization.

In the 2010 Report to the Nation, by the Association of Certified Fraud Examiners supports the

effectiveness of a company having an employee hotline and/or whistleblowing mechanism:

1. In 38% of the cases reported, the initial method of fraud detection was tips or

whistleblowing from various sources.


188

2. In those cases where companies had implemented a tip hotline and whistleblowing

mechanism, the median fraud loss declined from $245,000 to $100,000, or a 59%

reduction.

3. Granting rewards for whistleblowing is ranked as the number one most effective control

in detecting and limiting financial statement fraud schemes, while having a fraud hotline

is ranked number three.

There is heightened pressure on public companies to establish effective anonymous hotlines

and whistleblowing systems, including compensation for coming forward as a whistleblower.

1. Section 806 of Sarbanes-Oxley provides whistleblowing protection for employees of

public companies in that it:

a. Prevents a company from discharging, demoting, suspending, threatening, harassing,

or discriminating an employee for providing information or assisting in an

investigation that the employee reasonably believes constitutes fraud, and

b. Requires a company to rehire an employee with back pay (and interest) if an

employee is violated for whistleblowing

c. Requires company boards to establish procedures for hearing whistleblowing

complaints.

2. Section 922 of Dodd-Frank expands the protections and offers financial incentives for

whistleblowers58

by:

a. Establishing a whistleblower rewards fund to pay awards to whistleblowers equal to

between 10-30 percent of the total collected when monetary sanctions exceeding $1

million are imposed on a public company for securities law violations that exceed

$1 million, based on information that is:

Derived from the whistleblowers original knowledge

Not known by the SEC from any other source, and

Not exclusively derived from any judicial or administrative hearing, or other

report or news media.

b. Providing legal remedies for an individual who alleges discharge or other

discrimination due to whistleblowing with such relief consisting of:

Reinstatement with the same seniority status that the individual would have

had, but for the discrimination;

58

Dodd-Frank defines a whistleblower as any individual (or individuals) who provide information to the SEC about a

company’s securities law violation. The definition expands well beyond an employee to any third party, investor, etc.


189

Two times the amount of back pay otherwise owed to the individual, with

interest; and

Compensation for litigation costs, expert witness fees, and reasonable

attorneys’ fees.

Although whistleblowing can be useful, the legal remedies and rewards included in Sarbanes

coupled with those in the recently passed Dodd-Frank Act, provide employees with the means

by which to leverage certain proprietary corporation information for financial gain. In fact,

recent cases such that some employees are using the whistleblowing protections to retaliate

against management or to extract concessions in a contract negotiation or severance pay

package.

Two recent cases suggest that auditors or boards that ignore whistleblowers, do so at their own

peril.

In the first case, the State of New York v. Ernst & Young, the State of New York alleges that

Ernst & Young failed to disclose whistleblower allegations in connection with Lehman’s use

of Repo 105, among other matters.

Secondly, under obvious pressure from regulators, Renault inadvertently terminated several

employees based on information obtained from a whistleblower.

In the Ernst & Young case, the auditors received a letter from a whistleblower, sent to

Lehman’s audit committee. The auditors interviewed the whistleblower and dismissed the

allegations. Subsequently, in the State of New York, complaint, the plaintiff alleged that that

the auditor failed to disclose the results of the whistleblower’s interview to the Lehman audit

committee.

In the Renault case, a whistleblower claimed that a Renault executive was engaged in a bribe.

After an intensive investigation, Renault terminated three employees and announced publicly

it had evidence against them, even though there was no such evidence of any bribes or

improprieties. Subsequently, Renault admitted it had committed an error and has exonerated

the three employees.

It is obvious that the Ernst & Young, and Renault cases are examples at opposite ends of the

spectrum, with Ernst & Young being accused of not taking enough action in a whistleblower

case while Renault being criticized for being overly aggressive in handing its case.

With the financial incentives of Dodd-Frank, there is a new whistleblowing industry that has

cropped up including web sites, blogs, and law firms that advertise the represent

whistleblowers.

Is there an incentive for a whistleblower to overreact and report to the SEC prematurely?


190

There is an obvious incentive for a whistleblower to be the first one to notify the SEC. Dodd-

Frank provides that in order for a whistleblower to collect his or her reward, the information

provided to the SEC must be fresh, meaning it must be a) derived from the whistleblowers

original knowledge, b) not known by the SEC from any other source, and c) not exclusively

derived from any judicial or administrative hearing, or other report or news media. Once

information is already divulged, the whistleblower’s information is stale and there is no

reward. Also, there is no real penalty for a whistleblower to exaggerate or to be wrong about

his or her allegation. Section 806 of Sarbanes-Oxley provides that an employee has to

“reasonably believe” there is a fraud in order to be protected from company retaliation.

How good is the financial incentive to whistleblow?

Dodd-Frank has certainly enhanced the financial incentive to whistleblow against a company

and to do it early. Dodd-Frank allows an employee-whistleblower who a company retaliates

against to receive two times the amount of back pay (including interest), and reimbursement of

compensation for litigation costs, expert witness fees, and reasonable attorneys’ fees.

The reward, itself, is 10-30 percent of the money that the SEC receives for a company’s

securities law violations that include fraudulent financial reporting, Foreign Corrupt Practices

Act (FCPA) violations, and insider trading, among others. Some violations, such as violation

of the FCPA can result in fines that are millions of dollars.

Is there an incentive for a company to offer a mechanism for employees to report a violation

to the company first, before going to the SEC?

The SEC is considering regulations that would allow an employee to whistleblow to a

company before going to the SEC and still collect the SEC reward. In providing this structure,

companies would be more likely to establish a corporate culture that promotes employees to

come forward with SEC violations, and allow companies to correct the actions internally.

However, such a structure would have to include a company-level financial incentive for

whistleblowers.

SEC’s Report on the Dodd-Frank Whistleblower Program

In August 2011, the SEC whistleblower rules found in the Dodd-Frank Act, were finalized

and became effective.

In November 2011, the SEC published its annual report on the Dodd-Frank Whistleblower

Program.59

The Report indicated that since August 2011, the SEC had received 334 tips

spanning 37 states and 11 foreign countries. Approximately 9.6 percent of the tips received

related to tips involving foreign companies.

59

Annual Report on the Dodd-Frank Whistleblower Program, Fiscal Year 2011 (November 2011)


191

1. In the first seven weeks of available whistleblower data, 334 whistleblower tips were

received through September 30, 2011. The SEC fielded more than 900 whistleblower

calls from May 2011 through September 2011.

2. Forty seven (47) percent of the complaints received related to:

Market manipulation (16.2%)

Corporate disclosures and financial statements (15.3%), and

Fraud (15.6%).

3. California was the most active state, followed by New York, Florida and Texas.

4. At September 30, 2011, there was approximately $452 million in the whistleblower

fund available to pay out to whistleblowers.

Observation: Can one imagine the extent to which whistleblowers will be providing tips under

the SEC’s whistleblower program? In the first seven weeks of operation, there were 334 tips

submitted to the SEC. On an annualized basis, the amount would be approximately 2,500 tips

in its first year alone. With a fund balance of $452 million and presumably unlimited funds, the

SEC’s whistleblower program may become a full-time business for many disgruntled

employees seeking a sizeable payday at the expense of their employer. Another key point is

that there is no recourse against an employee or other party making a false claim under the

whistleblower program. Consequently, employees and others are incentivized to file tips with

the SEC even if those tips may not be valid.


192

REVIEW QUESTIONS









1. What does Section 404 of the Sarbanes-Oxley Act require:

a. In the company’s annual report to shareholders, management must state whether the

company’s internal controls are effective

b. Management of private companies must assess the effectiveness of the company’s

internal control over financial reporting

c. Audit reports must disclose both material weaknesses and significant deficiencies

d. The auditor must include in the company’s financial statements two opinions

2. In replacing Auditing Standard No. 2, which of the following was a criticism against

auditors in applying Standard No. 2 that the PCAOB and others note in the PCAOB’s

Policy Statement regarding implementation of Auditing Standard No. 2:

a. They were not applying a principles-based approach to test for compliance

b. They would not offer advice to clients

c. They were using individualized audit programs for each client

d. They were using uniform standards to determine “material weakness” thresholds

3. Based on historical data, the typical successful going private transaction involves:

a. A large company with revenues in the trillions

b. A company in the financial sector

c. Management using private capital for an acquisition

d. Fairly expensive price per earning ratio

4. Which of the following are correct facts related to D&O insurance:

a. Some policies include a defense allocation provision

b. In the post-Sarbanes era, the cost of D&O insurance has consistently decreased

c. All major insurance carriers offer compliance-specific insurance products such as those

required by Sarbanes section 404

d. All policies cover negligent acts under Sarbanes


193

5. According to “What Every Director Should Know About the New Environment,” what are

the trends with respect to directors operating in today’s business climate:

a. Board members’ behavior is independent of a company’s actions

b. It is insufficient for board members to rely on company-generated information

c. The former rules defining directors’ “good-faith obligation” are sufficient

d. There should be a greater connection between the CEO and the chairman of the board

6. How does the Sarbanes-Oxley Act continue to affect accountants and auditors of nonpublic

entities:

a. All states are adopting the Act in their accountancy acts

b. For fixed-fee arrangements, auditors must perform more audit work

c. Fewer GAAP and GAAS statements are being issued for nonpublic entities

d. More companies are going public because of the Act

7. According to a recent survey, which Sarbanes provision are private companies

implementing at the greatest percentage:

a. Audited financial statements

b. CFO/CEO financial statement certification

c. Disclosure of off-balance sheet and contingent liabilities

d. Section 404 compliance requirements

8. Dodd-Frank makes several changes that affect both auditors and board members. Which of

the following is one of those changes:

a. No less frequently than once every three years, there shall be a shareholder vote to

approve executive compensation

b. No less frequently than once every five years, there shall be a board of directors vote to

approve dividends to be paid

c. Once every year, there shall be a shareholder vote to select the auditor

d. Once every two years, there shall be a vote of senior management to approve dividends

9. Which of the following is a change made by Dodd-Frank that affects whistleblowers:

a. Provides companies with a legal remedy if an employee makes a false claim as a

whistleblower

b. Allows for the reinstatement of an employment who whistle blows

c. Provides for five times the amount of any back pay

d. Allows an attorney to collect legal fees from a whistleblower


194

SUGGESTED SOLUTIONS

1. What does Section 404 of the Sarbanes-Oxley Act require:

a. Correct. Section 404 of the Sarbanes-Oxley Act requires that management include

in the management’s conclusion of the company’s annual report to shareholders

whether, as a result of its assessment, the company’s internal controls are effective.

b. Incorrect. Section 404 of the Sarbanes-Oxley Act requires that management of a public

company (not a private company) assess the effectiveness of the company’s internal

control over financial reporting as of the end of the company’s most recent fiscal year.

c. Incorrect. Section 404 of the Sarbanes-Oxley Act requires that the audit report disclose

only material weaknesses and not significant deficiencies.

d. Incorrect. Section 404 of the Sarbanes-Oxley Act, as amended by AS5, requires that the

auditor issue one opinion on the effectiveness of internal control over financial reporting

that are included in the company’s published financial statements along with the audit

report on those statements.

2. In replacing Auditing Standard No. 2, which of the following was a criticism against

auditors in applying Standard No. 2 that the PCAOB and others note in the PCAOB’s

Policy Statement regarding implementation of Auditing Standard No. 2:

a. Incorrect. A criticism against auditors in applying Standard No. 2 was that auditors were

not applying a risk-based approach to test for compliance with Section 404.

b. Correct. A criticism against auditors in applying Standard No. 2 was that auditors

were taking too literal of a stance in not offering advice to clients in terms of

Section 404 compliance.

c. Incorrect. A criticism was that auditors were using one-size-fits-all audit programs with

standardized checklists that had little to do with the unique issues and risks associated

with a particular client’s financial reporting process.

d. Incorrect. A criticism was that auditors were using arbitrary, rather than uniform,

standards to determine when a company had reached the threshold of having “material

weaknesses” in internal control.

3. Based on the historical data, the typical successful going private transaction involves:

a. Incorrect. The typical successful going private transaction involves a relatively small

company with revenues around $80 million and a market capitalization of $40 million.

b. Incorrect. The typical successful going private transaction that has occurred involves a

company in the consumer, information technology, or industrials sectors.

c. Correct. The typical successful going private transaction that has occurred

involves an acquisition by management using private capital.

d. Incorrect. The typical successful going private transaction that has occurred involves

fairly inexpensive price per earning ratio (5.5 times EBITDA).


195

4. Which of the following are correct facts related to D&O insurance:

a. Correct. Some policies include a defense allocation provision that allows the

insurance company to pay only a portion of legal defense costs when some of the

claims are covered and others are not under the policy.

b. Incorrect. In the post-Sarbanes era, insurance costs increased from 2002 to 2003, then

dropped from 2004 to 2011. Thus, the answer is incorrect.

c. Incorrect. Some, but not all, major insurance carriers offer compliance-specific

insurance products such as those required by Sarbanes section 404.

d. Incorrect. Some policies exclude negligent acts under Sarbanes, while others include it

in certain instances.

5. According to “What Every Director Should Know About the New Environment,” what are

the trends with respect to directors operating in today’s business climate:

a. Incorrect. Board members’ behavior has been looked at more closely than ever thereby

linking it to a company’s actions.

b. Correct. The courts have maintained that it is insufficient to rely on company-

generated information. Board members must search for information outside the

company to assist them in making decisions.

c. Incorrect. A new set of rules defining directors’ “good-faith obligation” is being shaped

by the courts that increases the responsibility to directors.

d. Incorrect. There should be a greater separation between the CEO and the chairman of

the board to ensure that the board is independent of management.

6. How does the Sarbanes-Oxley Act continue to affect accountants and auditors of nonpublic

entities:

a. Incorrect. Many, but not all, states are adopting the Act in their accountancy acts and are

requiring that the provisions apply to all auditors of nonpublic entities.

b. Correct. Due to the increase in audit and accounting work that has trickled down

from Sarbanes, accountants and auditors must perform more audit work. In fix-

fee engagements, they may have difficulty passing the additional cost onto their

clients.

c. Incorrect. More GAAP and GAAS statements are being issued that apply to both public

and nonpublic entities.

d. Incorrect. The Act has made going public less appealing for many companies.

7. According to a recent survey, which Sarbanes provision are private companies

implementing at the greatest percentage:

a. Correct. According to a recent survey, 93% of the respondents of private

companies are implementing audited financial statements.

b. Incorrect. Only 59% of the respondents of private companies are implementing

CFO/CEO financial statement certification.

c. Incorrect. Only 81% of the respondents of private companies are implementing

disclosure of off-balance sheet and contingent liabilities.

d. Incorrect. Due to the stringent Section 404 compliance requirements, few private

companies have adopted section 404.


196

8. Dodd-Frank makes several changes that affect both auditors and board members. Which of

the following is one of those changes:

a. Correct. Dodd-Frank requires that not less frequently than once every three

years, there shall be a shareholder vote to approve executive compensation.

b. Incorrect. There is no provision dealing with five years, and no requirement for the

board to approve dividends to be paid at each five-year interval.

c. Incorrect. First, in general the board selects the auditor, and second there is no annual

requirement in Dodd-Frank.

d. Incorrect. The board of directors approves dividends and not senior management.

9. Which of the following is a change made by Dodd-Frank that affects whistleblowers:

a. Incorrect. Dodd-Frank provides whistleblowers, not companies, with a legal remedy if

an employee makes a false claim as a whistleblower.

b. Correct. Dodd-Frank allows for the reinstatement of an employment who

whisteblows in certain instances.

c. Incorrect. It provides for three times, not five times, the amount of any back pay.

d. Incorrect. It allows for a whistleblower to collect legal fees from a company who

violates Dodd-Frank.


197

XXII. Peer Review

Recurring peer review comments

The following information was obtained from the Auditing Standards Board along with data

compiled by the AICPA Peer Review Program. Many of the following items were covered in

Risk Alerts, and continue to recur in practice year after year.

Significant engagement deficiencies

Failure to:

Appropriately qualify an auditor’s

report for a scope limitation or

departure from the basis of accounting

used for the financial statements.

Issue a report on compliance and

internal controls for audits subject to

Government Auditing Standards.

Disclose the lack of independence in a

compilation report.

Disclose the omission of substantially

all disclosures in a compilation that

omits disclosures.

Disclose the omission of the statement

of cash flows in financial statements

prepared in accordance with GAAP.

Disclose an other comprehensive basis

of accounting (OCBOA) for financial

statements compiled without

disclosures, where the basis of

accounting is not readily determinable

from reading the report.

Disclose, in the accountant’s or

auditor’s report, a material departure

from professional standards such as

the omission of significant income tax

provision on interim financial

statements, significant disclosures

related to defined employee benefit

plans, etc.

Departures from standard wording where the

report does not contain the critical elements of

applicable standards.

Issuance of an audit or review report when the

accountant is not independent.

Inclusion of material balances that are not

appropriate for the basis of accounting used.

Significant departures from the financial

statement formats prescribed by industry

accounting and auditing guides.

Omission of the disclosures related to

significant accounting policies applied (GAAP

or OCBOA).

Omission of significant matters related to the

understanding of the financial statements, such

as the cumulative material effect of a number

of deficiencies.

Improper accounting for a material transaction

such as recording a capital lease as an

operating lease.

Misclassification of a material transaction or

balance.

Failure to include a summary of significant

assumptions in a forecast or projection.

Failure to segregate the statement of cash


198

Include a material amount or balance

necessary for the basis of accounting

used (examples include omission of

material accruals, failure to amortize a

significant intangible asset, provide for

material losses or doubtful accounts,

or to provide for material deferred

income taxes.)

flows into the categories of investing,

operating and financing.

Omission of significant required disclosures

related to material financial statement balances

or transactions.

Failure to disclose the cumulative effect of a

change in accounting principle.

Omission of the statement of income and

retained earnings when referred to in the

report.

Minor engagement deficiencies

Supplementary information:

Failure to report on supplementary

information.

Supplementary information was not

clearly segregated or marked.

Titles of supplementary information

did not coincide with the descriptions

and titles presented in the financial

statements.

Reports:

Minor departures from standard report

language.

Report did not cover all periods

presented.

Minor report dating departures.

Other:

Failure to accrue income taxes where

the accrual is not material.

Inclusion of the reference about the

omission of the statement of cash

flows for financial statements prepared

under OCBOA.

Failure to reference the accountant’s

report on each page of the financial

statements.

Disclosures:

Omitted or inadequate disclosures related to

minor account balances or transactions such as

inventory, valuation allowances, long-term

debt, related-party transactions, and

concentrations of credit risk.

Financial statement display:

Minor departures from the financial statement

formats recommended by industry accounting

guides.

Use of financial statement titles that are not

appropriate for the basis of accounting used.

Failure to include the title “Selected

Information- Substantially All Disclosures

Required by GAAP Are Omitted.” As

appropriate for the presentation of certain

selected disclosures.

Presentation of treasury stock in the financial

statements of a company that is incorporated

in a state that does not recognize treasury

stock.


199

Failure to identify within the audit

report the country of origin.

Audit procedures and documentation:

Failure to:

Use a written audit program.

Tailor audit programs for specialized

industries or for a specific type of

engagement, such as significant areas

of inventory and receivable balances.

Request a legal representation letter, if

an attorney was consulted.

Obtain a client management

representation letter.

Include several components of a client

management representation letter

within the letter.

Document the auditor’s consideration

of the internal control structure.

Document key audit areas.

Document tests of controls and

compliance for engagements subject to

OMB Circular A-133.

Assess or document fraud risk.

Failure to:

Perform essential audit procedures required

by an industry audit guide.

Perform adequate tests in key audit areas.

Confirm significant receivables or document

appropriateness and utilization of other audit

techniques.

Assess the level of materiality and control

risk.

Document the nature and extent of analytical

procedures.

Review loan covenants.

Perform audit cut-off procedures.

Document communications between

predecessor and successor auditors.

Perform a review of subsequent events.

Test for unrecorded liabilities.

Observe inventory when the amount is

material to the balance sheet.


200

Compilation and Review (SSARS) Procedures and Documentation:

Failure to:

Perform analytical and inquiry procedures

for a review engagement.

Document the matters covered in the

accountant’s inquiry and analytical

procedures on a review engagement.


representation letter for a review

engagement.

Include the required language in an

engagement letter on a management-use

only compilation engagement for

communicating the understanding of the

engagement for financial statements that

are prepared for management use only,

except for the failure to refer to the level

of responsibility on supplementary

information, which is not a significant

deficiency.

Attestation Procedures and Documentation:

Failure to:


representation letter for an examination

of internal control or regarding

managements’ assumptions for a pro

forma financial statement.

Appropriately label pro forma financial

information to distinguish it from

historical financial information.

Specific Common Financial Statement Deficiencies:

Assets:

Improper classifications between current

and long-term assets.

Investments in majority owned or

controlled subsidiary not consolidated.

Cash overdrafts shown as a negative

balance in the current asset section.

Accounts receivable shown on cash basis


Investments in debt and equity securities

not classified or measured correctly.

Statement of Income:

Income tax provisions not recorded on

interim financial statements.

Liabilities:

Improper classifications between current

and long-term debt.

Demand liabilities classified as long-

term.

Non-recognition of liability for

compensated balances (e.g., vacation

pay).

Non-recognition of capital leases.

Improper recognition of deferred

revenue.

Improper classification of deferred

income taxes.


201

Reporting period not clearly identified.

Significant components of income tax

expense not disclosed.

Statement of Cash Flows:

Cash flow statement not categorized by

operating, investing and financing

activities.

Misclassification of activities, especially

between investing and financing

activities.

No disclosure of non-cash investing and

financing activities.

No disclosure of interest and taxes paid

for indirect method.

No reconciliation between net income

and net cash flow from operations.

Certain amounts in the statement of cash

flows did not agree with amounts

calculated from the comparative balance

sheets.

Cash flow statement not presented for

each period that statement of income is

presented.


202

Incomplete and Missing Disclosures:

Significant accounting policies, such as

revenue recognition.

Basis of accounting other than GAAP.

Concentrations of credit risk.

Disclosures about fair value of financial

instruments.

Disclosures about risks and

uncertainties.

Components of receivables.

Components of inventory.

Disclosure of five-year debt maturities.

Related party transactions.

Leases.

Inadequate employee benefit plan

disclosures.

Inadequate disclosure about deferred

taxes.

Missing caption “Selected Information-

Substantially All Disclosures Omitted,”

where applicable.

Modifications to cash basis of

accounting.

Use of estimates.

Accounting policy on bad debts.

Nature of operations.

Information about concentrations of

products, services, customers, and suppliers.

Inadequate subsequent event disclosure of

significant unrealized stock market losses.

Interest expense.

Rent expense.

Investments.

Intangible assets.

Details related to long-term debt.

Preferred stock redemption requirements.

Details related to the components of capital

stock.

Details related to components of retained

earnings.

Restricted loan covenants.

Depreciation and amortization.

Cash equivalents.

Accrued compensation expense.

Advertising expense.

Income tax expense.

Terms and conditions of a commitment.

Details relating to pension plans.


203

Common Functional Area Deficiencies- Engagement

Engagement performance:

Failure to:

Perform an adequate review of

working papers and/or the

accountant’s/auditor’s report and

accompanying financial statements

by the practitioner-in-charge of the

engagement prior to the issuance of

the auditor’s/accountant’s report.

Perform pre-issuance review of

engagement working papers and/or

reports and accompanying financial

statements by an independent party

not associated with the engagement

as required by firm policy.

Utilize a disclosure and reporting

checklist as required by firm policy.

Consult professional literature or with a

source outside the firm on reporting for a

specialized industry, which resulted in the

issuance of an incorrect audit report,

and/or financial statement disclosure or

presentation.

Use accounting/auditing practice aids

developed by third party providers as

required by firm policy, which resulted in

engagement deficiencies.

Use engagement letters for

accounting/auditing engagements as

required by firm policy.

Personnel management:

Failure of professional staff to take

adequate CPE in accounting and

auditing related subjects or specialized

industries, which resulted in disclosure,

reporting, and documentation

deficiencies on engagements selected

for review.

Monitoring:

Failure to:

Adequately implement the firm’s

monitoring policies and procedures.

Document the firm’s compliance with

policies and procedures for its system of

quality control as required by AICPA

Quality Control Standards.

Perform an annual inspection, including

the functional elements of quality control,

as required by firm policy.

Extend monitoring policies and

procedures to non-audit services such as

compilation and/or review engagements.


204

Common Deficiencies Unique to Specialized Industries

Engagements subject to government auditing standards

Missing reports for internal control or

compliance.

Missing proper A-133 reports.

Required compliance testing not

performed.

Compliance and control tests not

adequately designed.

Inadequate or outdated reference

materials used.

Report on financial statements does not

refer to reports on controls and

compliance.

Yellow Book CPE requirements not met.

Improper accounting for a certain fund.

Failure to restrict the use of the

accountant’s report to the proper

governmental agency.

Not-for-profit organizations

Failure to:

Identify a voluntary health and

welfare organization.

Present a statement of cash flows.

Inadequate format, titles and

presentation of financial statements.

Incorrect classification of contributions

as unrestricted, temporarily restricted, or

permanently restricted.

Inadequate audit procedures to support

the statement of functional expenses.

Improper accounting for restricted funds.

Employee benefit plans

Inadequate testing of participant data

and investments.

Inadequate or missing disclosures

related to participant directed

investment programs, investments

and participant data.

Failure to understand testing

requirements on a limited-scope

engagement.

Inadequate consideration of

prohibited transactions.

Incomplete description of the plan and its

provisions.

Failure to properly report on a DOL

limited-scope audit.

Improper use of the limited scope

exemption because the financial

institution did not qualify for the

exemption.

Failure to properly report on the

supplementary schedules for ERISA and

the DOL.


205

OCBOA financial statements

Failure to state the basis of

accounting and that the basis is other

than GAAP.

Failure to appropriately modify the

accountant’s report to reflect financial

statement titles that are appropriate

for OCBOA.

Inadequate description of the basis of

accounting and how it differs from

GAAP.

Peer review changes

Effective January 1, 2009, significant changes were made to the AICPA Peer Review program

with the issuance of AICPA Standards for Performing and Reporting on Peer Reviews (PRP

Section 100).

The peer review model has as key objectives the promotion of consistency and efficiency, and

improved transparency.

Key changes in the model are noted below. The model:

1. Reduces in the current model of three types of peer reviews down to two.

The system, engagement and report reviews have been reduced to only two types of

reviews: system and engagement reviews.

The report review has been folded into the engagement review.

2. Eliminates certain terms used in the old peer review program such as the Letter of

Comment (LOC) and use of the term “substandard.”

3. Introduces terms to measure the quality of the peer review engagement:

Matter

Finding

Deficiency, and

Significant deficiency.

4. Establishes a grading system that includes:

Pass

Pass with deficiency, and

Fail


206

5. Changes the timing of initial selection of engagements provided to the reviewed firm to no

earlier than three weeks.

6. Creates of a more understandable, shorter and easier to use peer review report written in

“plain English.”

The two types of peer reviews:

The program has reduced the previous three-types of peer reviews to two: a system review and

engagement review as noted in the following chart:

Types of Peer Reviews

Old Program

New Program

System review

System review

Engagement review

Engagement review*

Report review

* Report review has been folded into the engagement review.

System Review – This type of review is for firms that perform engagements under the

SASs (audits) and/or examinations of prospective financial information under the SSAEs

(attestation standards).

A system review focuses on a firm’s accounting and auditing practice system of quality

control design, policies and procedures in accordance with the quality control standards

established by SQCS No. 8.

Engagement Review – This type of review is for firms that are not required to have a

system review (e.g., do not perform any audits (governmental or otherwise), engagements

under the SSAEs).

The objective of an engagement review is to evaluate whether engagements submitted for

review are performed and reported on in conformity with professional standards including

whether the reviewed firm's working paper documentation conforms with the requirements

of SSARS applicable to those engagements in all material respects. There is no opinion on

the reviewed firm's system of quality control and, therefore, the reviewer is not opining on

the firm’s compliance with its own quality control policies and procedures or with quality

control standards, just conformity with SSARS and the SSAEs. Some examples of the

documentation referred to above on a review engagement include the management


207

representation letter, the documentation of the matters covered in the CPA's inquiry and

analytical procedures, etc.

Engagement reviews now include compilations that omit substantially all disclosures as

well as management-use only compilations in which no compilation report is issued

The following table summarizes the current peer review structure:

Highest Level of Service Conducted

by Firm

Type of Peer Review Required

Audits and/or examinations of

prospective information (attestation

engagements).

System review--An opinion given

on the firm's system of quality control.

Firms that are not required to have a

system review.

Example:

Reviews

Compilations including

management-use only

compilation engagements.

Engagement review-- Similar to the

old off-site review with some changes:

Separate report, letter of comments,

technical review actions apply.

Committee acceptance and

monitoring.

Additional requirements:

workpaper documentation is in

conformity with the SSARSs and/or

SSAEs. Examples include

management representation letter,

documentation of matters covered

in the CPA's inquiry and analytical

procedures, etc.

Change in measurement standards:

The peer review program drastically changes both the terminology and means by which a

reviewed firm is evaluated.

In particular, the previously used letter of comment (LOC) has been eliminated along with the

term “substandard.”

The revised peer review program introduces terms to measure the quality of the peer review

engagement:

Matter

Finding

Deficiency, and

Significant deficiency.


208

A peer reviewer identifies a matter as a result of his or her evaluation of the firm’s system of

quality control. A matter warrants further consideration by the reviewer and is documented

on a Matter for Further Consideration (MFC) form.

System review:

A finding is one or more related matters that result from a condition in the firm’s system of

quality control or compliance with that system that provides more than a remote possibility

that the firm would not perform and/or report in conformity with professional standards.

If there is one or more findings, the peer reviewer concludes whether individually or

combined, the findings rise to the level of either a deficiency or significant deficiency.

A finding that does not rise to the level of deficiency or significant deficiency is documented

on a Finding for Further Consideration (FFC) form and is not included in the final peer review

report.

A deficiency is one or more findings that the peer reviewer concludes that taken as whole,

could create a situation in which the firm would not have reasonable assurance of performing

and/or reporting in conformity with professional standards on one or more important respects.

A significant deficiency is one or more deficiencies that the peer reviewer concludes results

from a condition in the reviewed firm’s system of quality control or compliance such that as a

whole does not provide the firm with reasonable assurance of performing and/or reporting in

conformity with professional standards in all material respects.

Engagement review:

A finding is one or more related matters that the reviewer concludes result in financial

statements or information, accountant’s report, or procedures performed, not being performed

and/or reported on in conformity with the professional standards.

If there is one or more findings, the peer reviewer concludes whether individually or

combined, the findings rise to the level of either a deficiency or significant deficiency.

A deficiency is one or more findings that the peer reviewer concludes that taken as whole, are

material to the understanding of the financial statements or information and/or related

accountant’s reports or that represent omission of a critical procedure, including

documentation, required by professional standards.

A significant deficiency exists when the peer reviewer concludes results that deficiencies are

evident on all of the engagements submitted for review. The exception is when more than one

engagement has been submitted for review, the same deficiency occurs on each of those

engagements, and there are no other deficiencies, which ordinarily would result in a report

with a peer review rating of “pass with deficiencies.”


209

There are three (3) types of final reviewer reports that can be issued:

Pass: There are no deficiencies or significant deficiencies.

Pass with deficiency: There was one or more deficiencies but no significant deficiencies.

Fail: There was one or more significant deficiencies.

Other changes:

There are several other important changes made by the new peer review program.

a. The initial selection of engagements to be reviewed should be provided by the peer

reviewer to the reviewed firm no earlier than three weeks prior to the commencement of the

peer review procedures.

At least one engagement from the initial selection should be provided to the firm once

the peer review begins and not provided in advance. The selection should be an audit

or the next highest level of service.

b. The reviewed firm must provide a representation letter to the peer reviewer.

The representation regarding compliance is stipulated as negative assurance

A firm’s refusal to furnish the written representation letter to the reviewer constitutes a

limitation of the peer review.

The letter must state that the accountant has submitted all engagements to the reviewer.

c. A firm’s due date for its initial peer review is 18 months from the date it enrolled in the

program. Subsequent peer reviews have a due date of three years and six months from the

year end of the previous peer review.


210

Illustrative Report: System Review with Pass Rating

To the Partners of XYZ CPA Firm

and the Peer Review Committee of the [name of applicable administering entity]

We have reviewed the system of quality control for the accounting and auditing practice of XYZ CPA

Firm (the Firm) in effect for the year ended June 30, 20XX. Our peer review was conducted in

accordance with the Standards for Performing and Reporting on Peer Review established by the Peer

Review Board of the American Institute of Certified Public Accountants. The firm is responsible for

designing a system of quality control and complying with it to provide the firm with reasonable

assurance of performing and reporting in conformity with applicable professional standards in all

material respects. Our responsibility is to express an opinion on the design of the system of quality

control and the firm’s compliance therewith based on our review. The nature, objectives, scope,

limitations of, and the procedures performed in a System Review are described in the standards at

www.aicpa.org/prsummary.

As required by the standards, engagements selected for review included (engagements performed

under the Government Auditing Standards, audits of employee benefit plans, and audits performed

under FDICIA).

In our opinion, the system of quality control for the accounting and auditing practice of XYZ CPA

Firm in effect for the year ended June 30, 20XX, has been suitably designed and complied with to

provide the firm with reasonable assurance of performing and reporting in conformity with applicable

professional standards in all material respects. Firms can receive a rating of pass, pass with deficiency

(ies) or fail. XYZ CPA Firm has received a peer review rating of pass.

Smith, Jones and Associates

[Name of team captain’s firm]

Date:

http://www.aicpa.org/prsummary


211

Illustrative Report: Engagement Review with Pass Rating

To the Partners of XYZ CPA Firm

and the Peer Review Committee of the [name of applicable administering entity]

We have reviewed selected accounting engagements of XYZ CPA Firm (the Firm) in effect for the

year ended June 30, 20XX. Our peer review was conducted in accordance with the Standards for

Performing and Reporting on Peer Review established by the Peer Review Board of the American

Institute of Certified Public Accountants. The firm is responsible for designing a system of quality

control and complying with it to provide the firm with reasonable assurance of performing and

reporting in conformity with applicable professional standards in all material respects. Our

responsibility is to evaluate whether the engagements submitted for review were performed and

reported on in conformity with applicable professional standards in all material respects. An

Engagement Review does not include reviewing the firm’s system of quality control and compliance

therewith and, accordingly, we express no opinion or any form of assurance on that system. The

nature, objectives, scope, limitations of, and the procedures performed in an Engagement Review are

described in the standards at www.aicpa.org/prsummary.

Based on our review, nothing came to our attention that caused us to believe that the engagements

submitted for review by XYZ CPA Firm for the year ended June 30, 20XX, were not performed and

reported on in conformity with applicable professional standards in all material respects. Firms can

receive a rating of pass, pass with deficiency(ies) or fail. XYZ CPA Firm has received a peer review

rating of pass.

Smith, Jones and Associates

[Name of review captain’s firm on firm-on-firm review or association formed review team]

or

John Brown, Review Captain

[Committee-appointed review team review]

Date:

http://www.aicpa.org/prsummary


212

Firm Representation Letter

As part of the peer review standards, a reviewed firm must provide the reviewer with a

representation letter. Following is the new representation letter that is included in the new

standards.

Illustrative Representation Letter: No significant Matters to

Report to the Team Captain or Review Capital

December 3, 20XX

To the Team Captain/ Reviewer

We are providing this letter in conjunction with the peer review of [firm name here] as

of the date of this letter and for the year ended June 30, 20XX.

We understand that we are responsible for complying with the rules and regulations of state

boards of accountancy and other regulators. We confirm, to the best of our knowledge and

belief, that there are no known situations in which [firm name here] or its personnel have not

complied with the rules and regulations of state board(s) of accountancy or other regulatory

bodies rules and regulations, including applicable firm and individual licensing requirements

in each state in which it practices for the year under review. For attestation engagements,

including financial forecasts or projections, the list included those engagements with report

dates during the year under review.

We have also provided [team captain or review captain] with any other information requested,

including communications by regulatory, monitoring, or enforcement bodies relating to

allegations or investigations in the conduct of its accounting, audit, or attestation engagements

performed and reported on by the firm, whether the matter relates to the firm or its personnel,

within three years preceding the current peer review year-end. In addition, there are no

known restrictions or limitations on the firm’s or its personnel’s ability to practice public

accounting by regulatory, monitoring, or enforcement bodies within three years preceding the

current peer review year-end. We have also discussed the content of our PCAOB inspection

report with the [team captain or review captain] (if applicable).

Sincerely

Name of reviewed firm


213

REVIEW QUESTIONS









1. Engagement deficiencies where the engagement is considered to be substandard include all

of the following except:

a. Departure from standard wording where the report does not contain the critical

elements of applicable standards

b. Issuance of an audit or review report when the accountant is not independent

c. Failure to indicate in the audit report the country of origin

d. Omission of the disclosures related to significant accounting policies applied

2. Specific financial statement deficiencies noted in peer reviews related to the Statement of

Income include all of the following except:

a. Income tax provisions not recorded on interim financial statements

b. Reporting period not clearly identified

c. Significant components of income tax expense not disclosed

d. Errors in calculations of totals

3. Which of the following is not a deficiency listed for engagements subject to government

auditing standards:

a. Missing reports for internal control or compliance

b. Required compliance testing not performed

c. Inadequate titles used on reports

d. Inadequate or outdated reference materials used

4. Which of the following is one of the two types of peer reviews under the AICPA peer

review program?

a. System review

b. Document review

c. Findings review

d. Report review


214

5. A system review focuses on which of the following:

a. Working paper documentation

b. Management representation letter

c.. The accountant’s inquiry and analytical procedures

d. The accounting firm’s system of quality control

6. Firms that only perform compilations that omit substantially all disclosures:

a. Require a system review

b. Require an engagement review

c. Require a report review

d. Are not required to participate in the peer review program

7. Under the current AICPA peer review program, which of the following engagements would

require an engagement review to be performed assuming no other engagement is performed

by the firm:

a. Review

b. Governmental audit

c. Financial forecast

d. Audit

8. If there is one or more findings, a peer reviewer may conclude that the finding(s) rises to

the level of which of the following:

a. Matter

b. Deficiency

c. Violation

d. Fraud

9. With respect to the AICPA peer review program, which of the following is true regarding

the firm’s representation letter?

a. There is no requirement for the firm to provide a representation letter

b. A signed representation letter must include positive assurance that the firm is in

compliance with state board or other regulatory requirements

c. A firm’s refusal to furnish a written representation letter to the reviewer does not

constitute a limitation of the peer review

d. A representation must be made that all client engagements with periods ending during

the year under review, and attestation engagements with report dates during the year

under review, were provided to the reviewer


215

SUGGESTED SOLUTIONS

1. Engagement deficiencies where the engagement is considered to be substandard include all

of the following except:

a. Incorrect. This is listed as a significant engagement deficiency in which the engagement

is considered substandard.

b. Incorrect. This is listed as a significant engagement deficiency in which the engagement


c. Correct. This deficiency is considered minor, and does not make the engagement

substandard.

d. Incorrect. This is listed as a significant engagement deficiency in which the engagement


2. Specific financial statement deficiencies noted in peer reviews related to the Statement of

Income include all of the following except:

a. Incorrect. This is one of the deficiencies noted regarding the Statement of Income.

b. Incorrect. This is one of the deficiencies noted regarding the Statement of Income.

c. Incorrect. This is one of the deficiencies noted regarding the Statement of Income.

d. Correct. This is not a significant deficiency noted by peer reviewers regarding the

Statement of Income.

3. Which of the following is not a deficiency listed for engagements subject to government

auditing standards:

a. Incorrect. This is one of the deficiencies noted regarding engagements subject to

government auditing standards.

b. Incorrect. This is one of the deficiencies noted regarding engagements subject to


c. Correct. This is not a listed deficiency regarding engagements subject to


d. Incorrect. This is one of the deficiencies noted regarding engagements subject to


4. Which of the following is one of the two types of peer reviews under the AICPA peer

review program?

a. Correct. The two types are system and engagement reviews.

b. Incorrect. The two types are system and engagement reviews. Document review is not

one of the two.

c. Incorrect. A findings review is not one of the two types of peer reviews.

d. Incorrect. Under the peer review program, a report review is not one of the two types of

reviews. A report review was a type of review under the previous AICPA peer review

program but is not under the current program.

5. A system review focuses on which of the following:


216

a. Incorrect. Working paper documentation is the focus of an engagement review, not a

system review.

b. Incorrect. Obtaining a management representation letter is an effort that a peer

reviewer would consider in an engagement review and not a system review.

c. Incorrect. The accountant’s effective use of inquiry and analytical procedures is an

integral part of an engagement review and not a system review.

d. Correct. A system review encompasses opining of whether a firm is in compliance

with its own quality control policies and procedures.

6. Firms that only perform compilations that omit substantially all disclosures:

a. Incorrect. This type of review is for firms that perform engagements under the SASs

and/or examinations of prospective financial information under the SSAEs.

b. Correct. Under the current AICPA peer review program, a compilation with no

disclosures falls under an engagement review.

c. Incorrect. A report review is no longer one of the types of reviews provided by the

current AICPA peer review program.

d. Incorrect. Firms that perform any compilation engagements must participate in the peer

review program.

7. Under the current AICPA peer review program, which of the following engagements would

require an engagement review to be performed assuming no other engagement is performed

by the firm:

a. Correct. A review engagement would require a firm to be subject to an

engagement review.

b. Incorrect. A governmental audit elevates the firm to the requirement that it be subject to

a system review and not an engagement review.

c. Incorrect. A financial forecast, which is performed under the SSAEs, elevates the firm

to the requirement that it be subject to a system review and not an engagement review.

d. Incorrect. An audit, which is performed under the SASs, elevates the firm to the

requirement that it be subject to a system review and not an engagement review.

8. If there is one or more findings, a peer reviewer may conclude that the finding(s) rises to

the level of which of the following:

a. Incorrect. A matter is an item that warrants further consideration and is not a

finding. b. Correct. A finding(s) may result in either a deficiency or a significant deficiency.

c. Incorrect. The peer review program does not use the term “violation.”

d. Incorrect. Fraud is used as a term in an audit but is not referenced in the AICPA peer

review program.


217

9. With respect to the AICPA peer review program, which of the following is true regarding

the firm’s representation letter?

a. Incorrect. The reviewed firm must provide a signed representation letter to the reviewer

that includes certain representations.

b. Incorrect. The representation regarding compliance is stipulated as negative assurance

rather than positive assurance.

c. Incorrect. A firm’s refusal to furnish the written representation letter to the reviewer

constitutes a limitation of the peer review.

d. Correct. This is a listed required representation.


218

XXIII. SSAE No. 16: Report on Controls at a Service Organization

Issue Date: April 2010

Effective date: SSAE No. 16 is effective for service auditors’ reports for periods ending on or

after June 15, 2011. Earlier implementation is permitted.

Objective:

In April 2010, the Auditing Standards Board issued SSAE No. 16, Reporting on Controls at a

Service Organization, which supersedes SAS No. 70, Service Organizations.

SSAE No. 16 addresses examination engagements undertaken by a service auditor to report on

controls at organizations that provide services to user entities that need to rely on those internal

controls.

In comparing SSAE No. 16 with its predecessor SAS No. 70, SSAE No. 16 does the following:

Provides for more detailed requirements for the description of the service organization’s

system of controls

Requires management to provide a written assertion

Requires a risk analysis be performed

Expands the reporting requirements for the use of subservice organizations

Modifies the auditor’s opinion to cover a period of time instead of a specific date.

Background

It is common for entities to outsource certain business tasks or functions to other entities. For

example, an entity may outsource a reservations system, payroll processing, and other

important business functions.

Examples of a service organizations include:

An investment adviser invests assets for user entities, including maintains the

accountability for those assets, and provides statements to user entities that contain

information that is incorporated in the user entities’ financial statements, for example,

the fair value of exchange traded securities, or dividend and interest income.


219

A data center provides applications and technology to user entities to process

financial transactions.

A company processes claims for a health insurance company.

The entity that outsources a task or function is known as a user entity, while the entity that

performs a service for user entities is known as a service organization. Similarly, the auditor

who audits the financial statements for the user is referred to as the “user auditor” while the

auditor for the service organization is called the “service auditor.”

In auditing the financial statements of a user entity, the user auditor needs to obtain evidence to

support assertions in the user entity’s financial statements that are affected by information

provided by the service organization. In some cases, the user entity is able to implement

controls at the user entity over the service performed by the service organization. In other

cases, the user entity relies on the service organization to initiate, execute, and record the

transactions in which case it may be necessary for a user auditor to obtain information about

the effectiveness of controls at the service organization that affect the quality of the

information provided to user entities.

To obtain information about the effectiveness of controls at a service organization, a user

auditor has two options:

a. With option one, the user auditor could visit the service organization and test the service

organization’s controls that are relevant to the user entity’s internal control over

financial reporting, or

b. With option two, the service organization can engage a service auditor to report on the

fairness of the presentation of the description, the suitability of the design of the

controls, and in certain engagements, the operating effectiveness of the controls, which

is a service auditor’s report.

The service auditor’s report, including the description of the system, can be used by all the user

auditors to obtain information about the controls at the service organization that are relevant to

the user entities’ internal control over financial reporting.

Prior to the issuance of SSAE No. 16, the requirements and guidance for service auditors and

user auditors was included in SAS No. 70, Service Organizations. The AICPA’s Auditing

Standards Board, as part of its project to converge audit, attest, and quality control standards

with those of the International Auditing and Assurance Standards Board (IAASB), decided that

the guidance for service auditors in SAS No. 70 should be moved to SSAE No. 16, and the

guidance for user auditors should be retained in SAS No. 70.

As a result, SAS No. 70 has been divided and replaced by two standards as follows:

a. SSAE No. 16: Deals with service auditors reporting on controls at a service organization

relevant to user entities internal control over financial reporting,


220

b. SAS No. 70: Retains the audit requirements for a user auditor that audits the financial

statements of a user organization.

The ASB has finalized but not issued a new statement that will replace SAS No. 70 as part of

the clarification project.

SSAE No. 16 is based on the IAASB’s International Standard on Assurance Engagements No.

3402, Assurance Reports on Controls at a Service Organization.

1. SSAE No. 16 applies to a service auditor who is hired to perform an examination and report

on controls of a service organization.

2. SSAE No. 16 permits a service auditor to perform two types of engagements on the service

organization.

Type 1 engagement in which the service auditor reports only on the fairness of the

presentation of management’s description of the service organization’s system and the

suitability of the design of the controls to achieve the related control objectives included

in the description as of a specified date.

Type 2 engagement is an expansive engagement in which the service auditor reports on

a) the fairness of the presentation of management’s description of the service

organization’s system and the suitability of the design and b) the operating effectiveness

of the controls to achieve the related control objectives included in the description

throughout a specified period.

Note: In both a Type 1 and 2 engagement, the auditor reports on whether management’s

description of the service organization’s system fairly presents the system that was

designed and implemented, and that the controls were suitably designed. The key difference

is that a Type 2 engagement goes one step further by also opining as to whether the

controls operated effectively. Thus, in a Type 2 engagement, the auditor must test the

controls to make sure they are working effectively.

3. The service auditor is now required to obtain a written assertion from management of the

service organization about the subject matter of the engagement.

a. The Type 1 engagement requires management to make two written assertions while

there are three written assertions in a Type 2 engagement as shown in chart presented

below.

4. Suitability criteria are used to measure, present, and evaluate the subject matter. The service

auditor may not use evidence obtained in prior engagements about the satisfactory

operation of controls in prior periods to provide a basis for a reduction in testing even if it is

supplemented with evidence obtained during the current period.


221

Management Written Assertions Required

Type 1 Engagement Type 2 Engagement

Management’s written assertions

A written assertion by management of the

service organization about whether, in all

material respects, and based on suitable criteria:

A written assertion by management of the

service organization about whether, in all

material respects, and based on suitable criteria:

1. Management’s description of the service

organization’s system fairly presents the

service organization’s system that was

designed and implemented as of a

specified date.

1. Management’s description of the service

organization’s system fairly presents the

service organization’s system that was

designed and implemented throughout the

specified period.

2. The controls related to the control

objectives stated in management’s

description of the service organization’s

system were suitably designed to achieve

those control objectives as of the specified

date.




system were suitably designed throughout

the specified period to achieve those

control objectives.

none




system operated effectively throughout the

specified period to achieve those control

objectives.

Observation: Notice that Type 2 report includes a third assertion which is that “the

controls related to the control objectives stated in management’s description of the service

organization’s system operated effectively throughout the specified period to achieve those

control objectives.”

5. The service auditor should request that management provide written representations that:

a. Reaffirm management’s assertion included in or attached to the description of the

service organization’s system.

b. States that management has provided the service auditor with all relevant information

and access agreed to, and

c. States that management has disclosed to the service auditor any of the following of

which it is aware:

Instances of noncompliance with laws and regulations or uncorrected errors

attributable to the service organization that may affect one or more user entities.


222

Knowledge of any actual, suspected, or alleged intentional acts by management or

the service organization’s employees, that could adversely affect the fairness of the

presentation of management’s description of the service organization’s system or the

completeness or achievement of the control objectives stated in the description.

Design deficiencies in controls

Instances when controls have not operated, as described, and

Any events subsequent to the period covered by management’s description of the

service organization’s system up to the date of the service auditor’s report that could

have a significant effect on management’s assertion.

Note: If a service organization uses a subservice organization and management’s

description of the service organization’s system uses the inclusive method, the service

auditor also should obtain the written representations identified above from

management of the subservice organization. A subservice organization is a service

organization used by another service organization to perform some of the services

provided to user entities that are likely to be relevant to those user entities’ internal

control over financial reporting.

6. Sample Reports

The following illustrative reports are for guidance only and are not intended to be exhaustive

or applicable to all situations.


223

Report Differences

Type 1 Report Type 2 Report

Opinion paragraph:

In our opinion, in all material respects, based

on the criteria described in XYZ Service

Organization’s assertion:

Opinion paragraph:

In our opinion, in all material respects, based on

the criteria described in XYZ Service

Organization’s assertion on page xx.

a. The description fairly presents the service

organization’s system that was designed

and implemented as of date.

a. The description fairly presents the service

organization’s system that was designed and

implemented throughout the period ____ to

_____.

b. The controls related to the control objectives

stated in the description were suitably

designed to provide reasonable assurance

that the control objectives would be

achieved if the controls operated effectively

as of ___________ date.

b. The controls related to the control objectives

stated in the description were suitably

designed to provide reasonable assurance that

the control objectives would be achieved if

the controls operated effectively throughout

the period ____ to _____.

none

c. The controls tested, which were those

necessary to provide reasonable assurance

that the control objectives stated in the

description were achieved, operated

effectively throughout the period ____ to

_____.

none

Description of tests of controls:

The specific controls tested and the nature,

timing, and results of those tests are listed on

pages xx- xx.


224

Type 1 Service Auditor’s Report

Independent Service Auditor’s Report on a Description of a Service Organization’s

System and the Suitability of the Design of Controls

XYZ Service Organization

[Scope]

We have examined XYZ Service Organization’s description of its [type or name of] system for processing

user entities’ transactions [or identification of the function performed by the system] as of [date], and the

suitability of the design of controls to achieve the related control objectives stated in the description.

[Service organization’s responsibilities]

On page XX of the description, XYZ Service Organization has provided an assertion about the fairness of the

presentation of the description and suitability of the design of the controls to achieve the related controls

objectives stated in the description. XYZ Service Organization is responsible for preparing the description and

for its assertion, including the completeness, accuracy, and method of presentation of the description and the

assertion, providing the services covered by the description, specifying the control objectives and stating them

in the description, identifying the risks that threaten the achievement of the control objectives, selecting the

criteria, and designing, implementing, and documenting controls to achieve the related control objectives stated

in the description.

[Service auditor’s responsibilities]

Our responsibility is to express an opinion on the fairness of the presentation of the description and on the

suitability of the design of the controls to achieve the related control objectives stated in the description, based

on our examination. We conducted our examination in accordance with attestation standards established by the

American Institute of Certified Public Accountants. Those standards require that we plan and perform our

examination to obtain reasonable assurance, in all material respects, about whether the description is fairly

presented and the controls were suitably designed to achieve the related control objectives stated in the

description as of [date].

An examination of a description of a service organization’s system and the suitability of the design of the

service organization’s controls to achieve the related control objectives stated in the description involves

performing procedures to obtain evidence about the fairness of the presentation of the description of the system

and the suitability of the design of the controls to achieve the related control objectives stated in the

description. Our procedures included assessing the risks that the description is not fairly presented and that the

controls were not suitably designed to achieve the related control objectives stated in the description. An

examination engagement of this type also includes evaluating the overall presentation of the description and

the suitability of the control objectives stated therein, and the suitability of the criteria specified by the service

organization and described at page [aa].

We did not perform any procedures regarding the operating effectiveness of the controls stated in the

description and, accordingly, do not express an opinion thereon.

We believe that the evidence we obtained is sufficient and appropriate to provide a reasonable basis for our

opinion.


225

Page 2

[Inherent limitations]

Because of their nature, controls at a service organization may not prevent, or detect and correct, all errors or

omissions in processing or reporting transactions [or identification of the function performed by the system].

The projection to the future of any evaluation of the fairness of the presentation of the description, or any

conclusions about the suitability of the design of the controls to achieve the related control objectives is subject

to the risk that controls at a service organization may become ineffective or fail.

[Opinion]

In our opinion, in all material respects, based on the criteria described in XYZ Service Organization’s

assertion.

a. the description fairly presents the [type or name of] system that was designed and implemented as of

[date], and

b. the controls related to the control objectives stated in the description were suitably designed to provide

reasonable assurance that the control objectives would be achieved if the controls operated effectively

as of [date].

[Restricted use]

This report is intended solely for the information and use of XYZ, Service Organization, user entities of XYZ

Service Organization’s [type or name of] system as of [date], and the independent auditors of such user

entities, who have a sufficient understanding to consider it, along with other information including information

about controls implemented by user entities themselves, when obtaining an understanding of user entities

information and communication systems relevant to financial reporting. This report is not intended to be and

should not be used by anyone other than these specified parties.

______________________________

Service auditor’s signature

Date of the service auditor’s report

Service auditor’s city and state


226

Type 2 Service Auditor’s Report

Independent Service Auditor’s Report on a Description of a Service Organization’s System and the

Suitability of the Design and Operating Effectiveness of Controls

XYZ Service Organization

[Scope]

We have examined XYS Service Organization’s description of its [type or name of] system for processing user

entities’ transactions [or identification of the function performed by the system] throughout the period [date] to

[date] (description) and the suitability of the design and operating effectiveness of controls to achieve the

related control objectives stated in the description.

[Service organization’s responsibilities]

On page XX of the description, XYZ Service Organization has provided an assertion about the fairness of the

presentation of the description and suitability of the design and operating effectiveness of the controls to

achieve the related control objectives stated in the description. XYZ Service Organization is responsible for

preparing the description and for the assertion, including the completeness, accuracy, and method of

presentation of the description and the assertion, providing the services covered by the description, specifying

the control objectives and stating them in the description, identifying the risks that threaten the achievement of

the control objectives, selecting the criteria, and designing, implementing, and documenting controls to achieve

the related control objectives stated in the description.

[Service auditor’s responsibilities]

Our responsibility is to express an opinion on the fairness of the presentation of the description and on the

suitability of the design and operating effectiveness of the controls to achieve the related control objectives

stated in the description, based on our examination. We conducted our examination in accordance with

attestation standards established by the American Institute of Certified Public Accountants. Those standards

require that we plan and perform our examination to obtain reasonable assurance about whether, in all material

respects, the description is fairly presented and the controls were suitably designed and operating effectively to

achieve the related control objectives stated in the description throughout the period [date] to [date].

An examination of a description of a service organization’s system and the suitability of the design and

operating effectiveness of the service organization’s controls to achieve the related control objectives stated in

the description involves performing procedures to obtain evidence about the fairness of the presentation of the

description and the suitability of the design and operating effectiveness of those controls to achieve the related

control objectives stated in the description. Our procedures included assessing the risks that the description is

not fairly presented and that the controls were not suitably designed or operating effectively to achieve the

related control objectives stated in the description were achieved. An examination engagement of this type

also includes evaluating the overall presentation of the description and the suitability of the control

objectives stated therein, and the suitability of the criteria specified by the service organization and

described at page xx.

We believe that the evidence we obtained is sufficient and appropriate to provide a reasonable basis for our

opinion.


227

Page 2

[Inherent limitations]

Because of their nature, controls at a service organization may not prevent, or detect and correct, all errors or

omissions in processing or reporting transactions [or identification of the function performed by the system].

Also, the projection to the future of any evaluation of the fairness of the presentation of the description, or

conclusions about the suitability of the design or operating effectiveness of the controls to achieve the related

control objectives is subject to the risk that controls at a service organization may become inadequate or fail.

[Opinion]

In our opinion, in all material respects, based on the criteria described in XYZ Service Organization’s assertion

on page xx.

a. the description fairly presents the [type or name of] system that was designed and implemented

throughout the period [date] to [date].

b. the controls related to the control objectives stated in the description were suitably designed to provide

reasonable assurance that the control objectives would be achieved if the controls operated effectively

throughout the period [date] to [date].

c. the controls tested, which were those necessary to provide reasonable assurance that the control

objectives stated in the description were achieved, operated effectively throughout the period

[date] to [date].

[Description of tests of controls]

The specific controls tested and the nature, timing, and results of those tests are listed on pages [yy-zz].

[Restricted use]

This report, including the description of tests of controls and results thereof on pages [yy-zz], is intended solely

for the information and use of XYZ Service Organization, user entities of XYZ Service Organization’s [type or

name of] system during some or all of the period [date] to [date], and the independent auditors of such user

entities, who have a sufficient understanding to consider it, implemented by user entities themselves, when

assessing the risks of material misstatements of user entities’ financial statements. This report is not intended

to be and should not be used by anyone other than these specified parties.

_______________________________

Service auditor’s signature

Date of the service auditor’s report

Service auditor’s city and state

Observation: In reviewing the samples of Type 1 and 2 reports above, there are several

obvious differences.

First, the Type 1 report is as of a specific date while a Type 2 report opines on controls in

effect during a period of time.

Second, in a Type 1 engagement, the auditor opines on two elements: a) the description fairly

presents the system that was designed and implemented, and b) the controls were suitably

designed to provide reasonable assurance that the control objectives would be achieved if the


228

controls operated effectively. In a Type 2 engagement, the auditor opines on a third element,

which is whether “the controls tested operated effectively throughout the period [date] to

[date].”

Additionally, in a Type 2 report, the auditor must include a description of tests of controls.

Effective date: SSAE No. 16 is effective for service auditors’ reports for periods ending on or

after June 15, 2011. Earlier implementation is permitted.


229

REVIEW QUESTIONS









1. Which of the following is a change made by SSAE No. 16:

a. It moves the guidance for user auditors from SAS No. 70 to SSAE No. 16

b. It moves the guidance for service and user auditors from SAS No. 70 to SSAE No. 16

c. It replicates the guidance for both service and user auditors that was not in SAS No.

70

d. It moves the guidance for service auditors from SAS No. 70 to SSAE No. 16

2. One key difference between a Type 1 and Type 2 Service Auditor’s Report under SSAE

No. 16 is __________________:

a. In a Type 1 report, the auditor opines as to whether the description fairly presents the

system that was designed and implemented, while Type 2 does not

b. In a Type 2 report, the auditor opines as to whether the controls stated in the description

were suitably designed, while a Type 1 report does not

c. In a Type 2 report, the auditor opines that the controls tested were achieved and

operated effectively, while no such opinion is given in a Type 1 report

d. In a Type 1 report, the auditor provides a description of tests of controls while such a

description is not given in a Type 2 report


230

SUGGESTED SOLUTIONS

1. Which of the following is a change made by SSAE No. 16:

a. Incorrect. It makes no change to the guidance for user auditors found in SAS No. 70.

b. Incorrect. It does move the guidance for service auditors, but does not change the

guidance for user auditors from SAS No. 70 to SSAE No. 16.

c. Incorrect. It does not replicate the guidance for both service and user auditors that was

not in SAS No. 70.

d. Correct. SSAE No. 16 moves the guidance for service auditors from SAS No. 70

to SSAE No. 16, but has no effect on existing guidance for user auditors which is

retained in SAS No. 70.

2. One key difference between a Type 1 and Type 2 Service Auditor’s Report under

SSAE No. 16 is __________________:

a. Incorrect. In both a Type 1 and Type 2 report, the auditor opines as to whether the

description fairly presents the system that was designed and implemented.

b. Incorrect. In both a Type 1 and Type 2 report, the auditor opines as to whether the

controls stated in the description were suitably designed.

c. Correct. One significant difference between the two types of report is that in a

Type 2 report, the auditor opines that the controls tested were achieved and

operated effectively, while no such opinion is given in a Type 1 report.

d. Incorrect. In a Type 2 report (and not a Type 1 report) the auditor provides a description

of tests of controls.


231

SECTION 3: Accounting and Auditing in Volatile Times

XXIV. Key Focus Areas for the Auditor

In conducting attest services, auditors should be aware of some of the key areas in which they

should focus their efforts to deal with the volatility in the business climate.

1. Inquire as to the status of concentrations of customers and suppliers:

Auditors should consider the risk associated with maintaining a concentration of business with

a handful of customers or a single supplier of an important material. Although ASC 275, Risks

and Uncertainties (formerly SOP 94-6), requires disclosure of concentration of major

customers and suppliers when it is reasonably possible that the concentration could result in a

near-term (within one year) severe impact on a company, it is important that the auditor

consider the solvency of the customer and supplier and whether that company might be in

financial trouble.

2. Pay attention to key financial ratios and analytical procedures:

If a company is in financial trouble, the signs will be there for the auditor to observe.

Analytical procedures present critical signs of trouble well before the company is in severe

financial decline.

What ratios and analytical procedures are important?

There are many ratios that are important. The auditor should focus on liquidity and coverage

ratios since they display the short-term (within one year) trend of a company.

a. Working capital ratios:

Four key ratios provide a thorough analysis of working capital. They are:

Days Sales in Accounts

Receivable =

Trade receivables

X 365

Net sales

Days Supply in Inventory =

Inventory X 365

Net sales

Days Payables Outstanding = Accounts payable X 365

Net sales

Days in Working Capital =

AR + Inventory – AP X 365

Net sales


232

Observation: The first sign that a company is headed toward cash flow problems is usually

found in a spike in the number of days in receivables. Typically, the number of days increases

by 2 to 7 days driven by an increase in that portion of receivables that exceed 60 days old.

For example, a company that typically has a number of days of 42 will start to see that

number increase to 45 or 46 days.

b. Other coverage ratios:

Times debt service is earned:

Net income before interest

depreciation and amortization .

Current annual principal and interest

payments

Interest coverage ratio: Cash flow from operations + interest

Interest expense

Note: Both of the above ratios should exceed 1.0. In instances where the ratio is below 1.0,

there is the risk that the company may not be able to fund debt service and could become in

default of its loan agreements.

c. Altman Z Score- Consists of a weighted average of four separate ratios as follows:

Ratio 1: Working Capital

Total assets

Ratio 2: Retained earnings

Total assets

Ratio 3: Net earnings before interest and income taxes

Total assets

Ratio 4: Net worth

Total debt

All four ratios are weighted to compute an overall Z score as follows:

6.56 (ratio 1) + 3.26 (ratio 2) + 6.72 (ratio 3) + 1.05 (ratio 4) = Z score


233

Results:

1.00 or less: Headed toward bankruptcy

1.00 to 2.50: Could have financial problems

2.50 or greater: Strong financially, unlikely risk of bankruptcy.

Observation: The Altman Z Score is generally accepted as a ratio that is highly correlated

with bankruptcy. It works on companies within most traditional industries such as retailers,

wholesalers and manufacturers. For others, such as real estate developers and certain highly

leveraged industries, the Altman Z Score may show a distorted result due to the

disproportionate amount of debt that may be outstanding at a particular point in time.

In most engagements involving strong, solvent companies, the Altman Z ratio usually

generates a score in the 5.00 to 9.00 range. Many leading accounting software packages

include the Altman Z score as part of the analytical procedures (ratios). The author

recommends that practitioners compute the Altman Z Score for all engagements including

audits, reviews and compilations as the accountant/auditor has a responsibility for going

concern in each of those types of engagements.

3. Check for going concern:


Concern provides guidance on evaluating the adequacy of going-concern disclosure in audited

financial statements. SAS No. 59 is the only authoritative auditing literature for going concern

disclosure. Continuation of an entity as a going concern is assumed in financial reporting in the

absence of information to the contrary.

Factors that may indicate a potential going concern problem

Determining whether there is a going concern problem is based on the facts and circumstances

of the case. Factors to consider include:

Unusually liberal credit terms to customers including dating of receivable

Continued operating losses

Negative cash from operations in statement of cash flows

Company is running tight on its working capital line of credit formula

Weak financial ratios such as the Altman Z Score.

Rule under SAS No. 59:

In an audit engagement, if there is substantial doubt of an entity's ability to

continue as a going-concern for one year from the balance sheet date, the

CPA must seek factors that mitigate this fact such as alternative sources of

financing, management's plan of action, etc.


234

If, after seeking mitigating factors, the auditor still believes there is still

substantial doubt, SAS No. 59 requires a disclosure and an audit report

modification as follows:

Separate paragraph in the audit report:

As discussed in Note A, the Company has suffered continued losses from operations

and, at December 31, 20X1, has a deficiency in stockholders' equity. These factors

raise substantial doubt about the Company's ability to continue as a going concern.

Management has a plan of action that is described in Note A. The financial statements

do not reflect any adjustments that might result from the outcome of this uncertainty.

4. Check loan covenants and restrictions:

Due to the status of the credit markets in 2012, lenders have continued to tighten up lending

criteria. As loans come up for renewal, lenders may try to renegotiate credit terms. The result

is that auditors should be aware of the risks associated with obtaining and retaining financing,

particularly with respect to marginally profitable companies.

a. Companies with existing financing that is up for renewal may find greater restrictions

placed on them by their bankers including the requirement for additional collateral and

more stringent performance ratios and covenants

b. Commercial real estate loans may require an infusion of cash by the owner because of

declines in real estate values.

Auditors need to consider the impact of lower cash flow on loans in terms of how they will

impact loan covenants, and whether the entity can fund cash flow.

5. Be aware of client pressures to reverse allowance and reserve accounts:

Some companies treat their allowance accounts and reserve for inventory obsolescence to be

"rainy day funds." Throughout the past decade, many auditors have left excess amounts in

selected reserve and allowance accounts based on the argument that higher allowance or

reserve account balance reflected a lower, more conservative net income. If a company is

experiencing a decline in profitability, there may be an attempt by management to reduce those

accounts to their lower, actual estimated balances with a corresponding credit to an expense or

cost of sales. Such an entry results in a credit to net income, most of which relates to prior

years. Auditors should consider whether such entries, if any, are material.

6. Inventory lower of cost or market value:

As previously discussed in this course, many companies have gradually cleaned up their excess

inventory levels, leading to a demand for additional orders which may be the continued

catalyst for economic growth. However, many companies are still holding onto older slower-


235

moving, obsolete items. Auditors should consider the possibility that a reserve for

obsolescence might have to be set up or increased to accommodate the obsolete goods.

7. Impairment issues- real estate:

Commercial real estate vacancies are still high and rental rates per square foot are relatively

low as compared with five years ago. Also, real estate has been valued at record high levels

due to low capitalization rates fueled by low interest rates. Auditors should be aware of the

risks that real estate might be impaired, requiring a write down in accordance with ASC 360,

Property, Plant and Equipment (includes former FASB No. 144.) The writedown may be the

result of two causes. First, commercial real estate may be overpriced due to high vacancies.

Second, as interest rates climb capitalization rates used to value real estate will increase,

resulting in lower real estate values.

Note further that many bank loans have “call” provisions under which the banker may take

action if the value of the real estate declines. Action may include either requiring the borrower

to infuse additional cash to keep the loan in equilibrium with the original loan-to-value, or may

allow the borrower to call the loan.

8. Writedowns of investment values:

Companies that have investments in securities may have experienced declining stock values.

Additionally, companies may be holding investments in nonsecurities, such as a closely held

stock or partnership investment.

In such instances, the auditor should consider the accounting for any potential declines in

values.

ASC 320, Investments in Debt and Equity Securities (formerly FASB No. 115), addresses the

accounting for securities by categorizing securities into three categories.

The three (3) categories are as follows:

Debt securities held-to-maturity- Debt securities that management plans to hold until

maturity.

Trading securities- Both debt and equity securities that are bought and held for the

purpose of selling them in the near term (generally within one year).

Available-for-sale- Both debt and equity securities that are not categorized as either held-

to-maturity or trading securities, are automatically categorized as available for sale. In

this category, management has essentially not decided what it plans to do with the

securities.


236

The category in which a security is placed is determined at the time of purchase based on

management's positive intent and ability. Once a security is placed in a particular category, it

generally can be changed only where there are significant unforeseeable circumstances.

ASC 325, Investment- Other (formerly part of ARB No. 43), addresses the accounting for

investments not covered by FASB No. 115, namely non-security investments, including

investments in closely held businesses. ASC 325 states that such non-security investments

should be recorded at amortized cost.

Decline in the investment value that is other-than-temporary:

Regardless of whether there is an investment in securities (publicly traded bonds or stocks) or

non-securities (closely held investments), there is an overriding rule found in ASC 320, Debt

and Equity Securities (formerly FASB No. 115) and ASC 325 (formerly ARB No. 43), that

deals with a decline in the value of an investment that is other than temporary.

Specifically, if there is a decline in value that is other than temporary, the amortized cost

should be written down to fair value and a realized loss should be recorded on the income

statement. The fair value becomes the new cost basis going forward to the next year. Once

written down to fair value, in future years, the value may not be written back up to the original

cost.

What does other-than-temporary mean?

ASC 320 (formerly FASB No. 115) gives an example of where the “other-than-temporary”

threshold might be met with respect to a debt security:

“If it is probable that the investor will be unable to collect all amounts due

according to the contractual terms of a debt security not impaired at acquisition,

an other-than-temporary impairment shall be considered to have occurred.”60

Examples of factors that might suggest an other-than-temporary impairment has occurred are

as follows:

1. Fair value is significantly below amortized cost.

2. There has been a decline and it is attributable to adverse conditions specific to the

security or the industry or its geographic area, and the decline has existed for an

extended period of time.

60

ASC 320 (formerly FASB No. 115). The FASB statement also references that the “other-than-temporary” definition is

found in AICPA Auditing Interpretation of SAS No. 1, Evidential Matter for the Carrying Amount of Marketable

Securities, and SEC Staff Accounting Bulletin No. 59, Accounting for Noncurrent Marketable Equity Securities.


237

3. A decline exists and management does not have the intent and ability to hold the

security for a period of time sufficient to allow the security to recover its value. If it is

a debt security, management does not plan to hold the security until maturity.

4. A security has been downgraded by a rating agency or the financial condition of the

security issuer is known to have deteriorated.

5. The issuer has reduced or eliminated dividend payments, or has not made required

interest payments.

6. The issuer has recorded losses from the security after year end.

What is the value of a security or non-security investment?

Determining the value of a security is much easier than that of a non-security investment.

Securities (debt or equity) typically have a readily determinable market value that is published.

Nevertheless, regardless of the type of investment, the fair value is a compilation of various

factors including:

The issuer’s financial condition and performance including the quality of assets,

earnings trends, and other financial factors

The prospects within the industry and region

Management’s intent with respect to the investment.

With respect to investments in closely held entities, determining the fair value is more difficult

because published information on the investee may not be available.

Auditing the investment writedown

SAS No. 92, Auditing Derivative Instruments, Hedging Activities, and Investments in

Securities, provides authoritative guidance on how to audit investments in securities. Similar

guidance should be followed for auditing investments in non-securities. Specific requirements

in SAS No. 92 include:

a. If a writedown has been made, make sure it is recorded as a realized loss on the income

statement

b. Test the loss computation

c. Ensure that previously written-down losses have not subsequently been written back up

d. Make sure that the summary of written down investments is complete and accurate


238

e. Consider the credit rating of the counterparty, and

f. Conclude on the adequacy of the impairment writedown and adjustment.

9. Watch out for round-trip transactions:

The use of round-trip or “wash” transactions can artificially inflate revenues and profits by

creating a flow of funds that circulates back to the company in a different form from when it

was initially disbursed by the company.

The AICPA’s Audit Risk Alert gives an example of how round-trip transactions occur to inflate

an entity’s revenue.

Step 1: Company A pays an inflated amount to a vendor for services or products.

Step 2: The vendor buys products or services from Company B.

Step 3: Company B buys products or services from Company A.

Step 4: Company A records the sale to B as revenue.

The result is that Company A has inflated revenue from the transaction even though the

transaction might be a profit wash in that Company A has additional revenue and additional

cost from the payment to its vendor. However, by inflating revenue, Company A may be able

to make the case to a third-party investor or financer that the Company’s revenue base is

growing.

Auditors and accountants should be aware of the above transactions that lack economic

substance.

10. Look for games being played with expenses:

If management is not playing games with revenue, it might attempt to manipulate expenses as

a means to augment an entity’s profitability. Here are a few ways in which management might

attempt to manipulate expenses:

Expenses are capitalized despite no evidence of future benefit beyond the current

reporting period

Increasing salvage values and useful lives of depreciable assets

Not accruing expenses that should be accrued

Not writing off costs capitalized on aborted projects

Recording liabilities and related expenses in the wrong period


239

Under or overstating asset allowance accounts including allowance for bad debts and

obsolete inventories

Netting expenses and revenue where there is no legal right of offset, and

Misclassifying expenses on the income statement above or below the line.

11. Check for “slush-fund” reserves and “rainy day” funds and distorted estimates:

During difficult financial times, management may take a posture to manipulate financial

statements from one end or the other:

a. Management may feel pressure to meet projections, thereby understating allowances

and reserves to achieve financial goals.

b. Management may also decide that it has sufficient income for the current year and

might “save” extra income for the next year by understating income using excess

reserves, accruals and allowance balances.

Similarly, in a year of a significant loss, management might decide to increase the loss by

increasing allowances and reserves, thereby saving income for future years.

Example: Company X has a large loss in the current year. X decides that there

would be no impact if the loss was even larger. Thus, X increases its loss by

increasing both the allowance for bad debts and allowance for obsolete inventory.

In the next year, X reverses the overstated amount in the allowance accounts and

credits them to expense and cost of sales.

Conclusion: X has played the game of using slush funds to manipulate income

from year to year.

Auditors and accountants can sometimes focus on the wrong end of management’s objectives.

Because the concept of conservatism is embedded in the accounting psyche, auditors and

accountants may permit management to overbook reserves and allowances based on the

concept that “a more conservative net income is better.” However, by doing so, the auditor or

accountant is being set up for a potential problem in future years in which management decides

to reverse the accruals, allowances and reserves, thereby artificially inflating future years’

income.

The concept of using “rainy day” funds has been around for quite a while, yet the focus on

them in recent years is relatively new for auditors and accountants.

Auditors and accountants need to understand the underlying assumptions used in

management’s estimates for accruals, allowances and reserve accounts and must review any


240

changes in estimates to determine that they are reasonable, and that they are supported with

sufficient evidential matter.

In assessing the assumptions used by management to develop estimates, auditors and

accountants should consider whether:

The assumptions used are consistent with the sources from which they were derived

The assumptions are consistent with management’s plans

The information used is reliable

There was sufficient sources of information used to develop the estimate

12. Look at underfunded pensions and post-retirement benefit obligations:

Many pension funds are now underfunded even though many defined benefit and post-

retirement benefit obligations were overfunded less than a decade ago.

The results can be significant:

Newly required funding may deplete future cash flows and affect profitability.

The required funding may affect loan covenants.

Additionally, management might alter actuarial assumptions in order to minimize the

obligation to be recorded.

1. With the drop in interest rates, management might attempt to discount the obligation

using a higher-than-market interest rate. A higher rate will yield a lower present value

of benefits obligation.

2. Management may change employee retention and participation rates as well as the

amount and timing of the future benefit payments.

13. Auditors may wish to assist clients in tightening up operations:

In all business cycles, accountants and auditors can assist clients in tightening up operations by

performing two services:

a. Expense reduction review and performance review

b. Profitability analysis on customers and product lines


241

Expense reduction involves performing an analysis of the efficiency of operations including

labor and operating expenses. The objective is to identify where a company can reduce costs

that may have bloated gradually over a long period of time.

Profitability analysis entails performing a vertical analysis of each major customer or product

line to ascertain whether certain customers or lines should be eliminated altogether.

The 80-20 rule is an important one. That is, 80% of a company's profitability comes from 20%

of its customers or products. The remaining 80% of the customers or products generate only

20% of the company's profitability. Some of the 80% can be eliminated altogether from the

client's business.

Consider the following example of a client of the author who asked for assistance in evaluating

the profitability of its major customers.

Facts: The client asks the author to assist in an analysis of certain larger customers. The client

is concerned that the larger customers are "squeezing" the client on sales prices to the extent

that the business may no longer be profitable.

------Customer X------

Company

Total

Sales $8,000,000 100% 100%

Direct costs: direct labor, materials and

variable overhead, and variable selling

costs

(5,800,000)

(72%)

(48%)

Contribution margin 2,200,000 28% 52%

Fixed overhead (2,360,000) (30%) (30%)

Net income- absorption cost $(160,000) (2%) 22%

Should the client stop doing business with the customer with whom he is losing $(160,000)?

Conclusion: The above analysis is a traditional direct-cost analysis whereby a contribution

margin (sales less variable costs) is calculated to determine the amount being contributed to

fixed overhead.

Other types of analyses can be performed such as activity-based accounting.

Using the above analysis, assuming that no other factors are significant, Company X is actually

profitable since there is a contribution to fixed overhead in the amount of $2.2 million. If the

client stops doing business with Customer X, other business must be developed to pay for the

$2,200,000 of fixed overhead that it absorbs. The exception is where there is a limit in the

amount of business it can accommodate, and the company has other, more profitable business

that can replace Customer X's business.


242

The above analysis can be done on all significant customers or product lines to eliminate

marginally profitable business.

14. Watch out for related party transactions:

If a company is experiencing a downturn in its business, there may be an incentive to use

related-party transactions to disguise the true financial situation. Here are a few:

a. Specific abuses in related party transactions:

The auditor or accountant may encounter transactions with related parties that either lack

economic substance or are not disclosed. Examples include:

Sales and expenses:

Sales without economic substance, such as round-about transactions in which the entity

loans money to an affiliate who, in turn, remits it in a sales transaction.

Sales that do not result in the risks and rewards of ownership passing to the related party

purchaser (e.g., right to return the goods, a commitment by the seller to repurchase the

goods, etc.).

Sales or purchases among related parties at little or no cost.

Sales recorded from a related party for services never rendered.

Sales to a related party middleman at a below-market price. The middleman then sells

to the ultimate customer at a higher price while the related party retains the difference.

Having one party pay the expenses and costs for another related party.

Large, unusual transactions with related parties near or at year end.

Loans:

Loans between entities on an interest-free basis or at an other-than market rate, or that

have no scheduled terms of repayment.

Loans that have an unusually high interest rate and the resultant higher interest income.

Loans to entities that do not have the ability to repay them.

Advances of company funds to a related party who, in turn, uses the funds to repay an

otherwise uncollectible loan or receivable.


243

Loans made to a related party and subsequently written off.

Forgiveness of a loan so that the debtor can recognize extinguishment of debt income.

Note: A comment made by peer reviewers is that auditors and accountants do not consider the

collectibility of intercompany receivables. The auditor should consider the viability of the

affiliate and whether the loan is collectible. If not, an allowance may have to be established.

Moreover, in certain situations involving related party debt, ASC 470, Debt (formerly found

in APB No. 26), clearly states that "the extinguishment transactions between related parties

may be, in essence capital transactions." Thus, depending on the extent to which there are

related parties, any forgiveness should be credited to equity as additional paid in capital.

Recording the transaction as forgiveness of debt income on the income statement would not be

appropriate given the related party nature of the loan.

Asset transactions:

Purchasing assets from a related party at above-market prices

Selling real estate at an amount that is significantly different than the appraisal or

market value

Exchanging similar property in a nonmonetary transaction

Sale of land with arranged financing

Sale of marketable securities at a discount from quoted market prices.

b. What an auditor should do about related party transactions:

The AICPA’s Audit Risk Alert makes some recommendations about how an auditor can deal

with related party transactions.

Searching for related party transactions:

Review material cash disbursements and other transactions

Discuss with tax and consulting personnel who have provided services to the client

whether they are aware of any related party transactions

Discuss with other professionals (lawyers, predecessor auditors) about related parties


244

Use the Internet to search records for the names of principals of the audit client to find

other affiliated entities

Auditing known related party transactions:

Once the auditor has discovered a related party transaction, he or she might wish to perform

some or all of the following procedures.

Develop an understanding of the business purpose of the transaction(s)

Examine evidence related to the transaction(s) including invoices, copies of

agreements, contracts, and other documents (receiving and shipping reports, etc.)

Obtain evidence that the transaction(s) was approved by the board of directors or other

management

Test the adequacy and accuracy of the related party disclosure

Make sure that there are concurrent audits of intercompany balances and that

information is obtained for such balances at the same time

Examine or confirm evidence about the transferability and value of collateral

Confirm transaction terms and amounts such as guarantees and other information, with

the other party to the transaction

Examine or inspect evidence in the hands of the other party to the transaction

Discuss significant information with other third parties including banks, attorneys,

agents, etc.

Review financial publications, trade journals, credit agencies, etc. and other sources

when there is concern that related party transactions lack economic substance

Examine the financial statements, tax returns, and other information of related parties, if

such information is available.

Observation: The auditor should be careful that related party disclosures are not misleading.

In general, a related party disclosure should not express or imply that the transactions were

arms-length unless such a claim can be substantiated.


245

REVIEW QUESTIONS









1. Which of the following is the formula for the Days Sales in Accounts Receivable ratio:

a. 365SalesNet

PayableAccounts

b. 365Re

SalesNet

PayableAccountsInventoryceivableAccounts

c. 365SalesNet

Inventory

d. 365Re

SalesNet

ceivablesTrade

2. If a company has an Altman Z Score of 2.50 or greater, that company:

a. Could be in default of its loan agreements

b. Could have financial problems

c. Is headed toward bankruptcy

d. Is strong, with an unlikely risk of bankruptcy

3. Which of the following factors might suggest that an other-than-temporary impairment has

occurred in a security investment:

a. A rating agency has upgraded a security

b. Amortized cost is significantly below fair value

c. Losses are recorded from the security after year end

d. Management intends to hold the security to allow a value recovery

4. Auditors should be aware of _______________ that circulate a flow of funds back to the

company in a different form than the company initially disbursed.

a. Investment writedowns

b. Manipulation of expenses

c. Round-trip transactions

d. Slush-fund reserves


246

5. In what way can accountants and auditors help clients tighten up operations:

a. Use the 50-50 rule with respect to evaluating a company’s profitability

b. Horizontal analysis of major customers

c. Analysis of product lines’ profitability

d. Absorption cost review


247

SUGGESTED SOLUTIONS

1. Which of the following is the formula for the Days Sales in Accounts Receivable ratio:

a. Incorrect. The formula for Days Payables Outstanding is 365SalesNet

PayableAccounts

b. Incorrect. The formula for Days in Working Capital is

365Re

SalesNet

PayableAccountsInventoryceivableAccounts

c. Incorrect. The formula for Days Supply in Inventory is 365SalesNet

Inventory

d. Correct. The formula for Days Sales in Accounts Receivable is:

365Re

SalesNet

ceivablesTrade

2. If a company has an Altman Z Score of 2.50 or greater, that company:

a. Incorrect. Where the ratios for Times Debt Service is earned and Interest Coverage are

below 1.0, there is a risk that the company may not be able to fund debt service and

could default on its loan agreements. An Altman Z score of 2.50 or greater has nothing

to do with whether an entity is in default on a loan.

b. Incorrect. If a company has an Altman Z Score of 1.00 to 2.50, that company could have

financial problems, but generally not so if the ratio is 2.50 or greater.

c. Incorrect. If a company has an Altman Z Score of 1.00 or less, that company is headed

toward bankruptcy.

d. Correct. If a company has an Altman Z Score of 2.50 or greater, that company is

strong financially, with an unlikely risk of bankruptcy.

3. Which of the following factors might suggest that an other-than-temporary impairment has

occurred in a security investment?

a. Incorrect. The fact that a rating agency has downgraded, not upgraded, a security rating

may suggest there is an impairment.

b. Incorrect. If fair value is significantly below cost, there could be an impairment, not the

other way around.

c. Correct. If losses are recorded after year end, an other-than-temporary

impairment might have occurred and been in place at year end.

d. Incorrect. If management has both the intent and ability to hold the security for enough

time for its value to recover, it is not likely that there is an impairment. Instead, if

management does not have the intent or ability to hold the security for a period of time

sufficient to allow the security to recover its value, an other-than-temporary impairment

might have occurred.


248

4. Auditors should be aware of _______________ that circulates a flow of funds back to the

company in a different form than the company initially disbursed.

a. Incorrect. Investment writedowns have no flow of funds back to the company.

b. Incorrect. Manipulation of expenses may impact the income statement but has no direct

effect on the circulation of flow of funds back to the company.

c. Correct. Auditors should be aware of round-trip transactions that create a flow of

funds that circulate back to the company in a different form from when it was

initially disbursed by the company.

d. Incorrect. Slush fund reserves result in the manipulation of income from period to

period but do not affect funds flow.

5. In what way can accountants and auditors help clients tighten up operations:

a. Incorrect. Typically, an 80-20 rule is used, not 50-50. The 80-20 rule is important to

consider when performing a profitability analysis: 80% of a company’s profitability

comes from 20 % of its customers or products.

b. Incorrect. A vertical analysis is used, not a horizontal one. Profitability analysis entails

performing a vertical analysis of each major customer or product line to ascertain

whether certain customers or lines should be eliminated altogether.

c. Correct. One of the two ways that accountants and auditors can help clients

tighten up operations is through profitability analysis of customers and product

lines.

d. Incorrect. Generally, an absorption cost review is not one of ways identified to tighten

up operations.


249

XXV. Lessons From Litigation

A. Introduction:

In recent years, we have seen tremendous growth in litigation claims that has expanded

throughout all segments of society. In particular, the professions have seen increases in claims

at an exponential level. Doctors, lawyers, architects and accountants have all experienced the

threat of a lawsuit from a client or third party, whether frivolous or not. The result has been

skyrocketing malpractice insurance premiums.

With accountants, the highly publicized cases against the national CPA firms represent a small

percentage of the overall claims against accountants. More and more claims are being initiated

by smaller, closely held business owners, along with a significant increase in the number of

claims made by third parties. The average claim against accounting firms is settled in the range

of $100,000- $250,000.

Given the weakening of the third-party privity defense in most states, accountants continue to

be exposed to third-party lawsuits, despite the fact that there is no contract between the

accountant and the third party.

Most malpractice insurance companies concede that lawsuits against accountants now come

from sources once thought to be unlikely.

Consider the following summary compiled by the author through interviews with several top

malpractice insurance companies:

1. There is a significant increase in lawsuits initiated by third parties such as bankers and

trustees:

15% of lawsuits are initiated by third parties

85% of lawsuits are initiated by clients

2. A significant portion of lawsuits relate to non-traditional tax and audit services such as:

Compilations and review engagements

Writeup engagements

Management advisory services

3. Most lawsuits occur within the first five years of the auditor's relationship, with most of the

litigation revolving around the first year.


250

4. Approximately 20-25% of all claims against accountants relate to compilation and review

engagements.

5. The courts tend to hold accountants responsible well beyond the standards applicable to the

engagement:

The complexity of facts in lawsuits has increased, making it difficult to defend in front

of a jury.

Juries do not understand the issues at hand in lawsuits- thereby pooling audit, review

and compilation engagements under one level of responsibility.

Juries tend to hold accountants to the level of guarantors.

Many jury rulings imply that the accountant must go so far as to protect clients from

themselves.

Jury awards clearly demonstrate that there is a perception gap between what the public

believes the accountant delivers and the actual service delivered.

Accountants tend to be poor witnesses-- too precise and accurate to persuade a jury of

the facts.

6. Competitive pressures have moved accountants into areas of greater risk whereby

accountants are:

Keeping or accepting higher risk clients

Accepting engagements outside their areas of expertise

Overselling their abilities to gain new clients

Criticizing the predecessor firm after obtaining a client from that firm.

Using a standard (canned) audit program instead of customizing program design for

particular risk areas.

B. Common Pitfalls For Accountants

The following is a list of common pitfalls that continue to expose accountants to loss in

litigation.

1. Failure to maintain professional skills:

Not keeping up with CPE, professional journals and society programs, particularly

in the area of accounting and auditing.

Not using up-to-date manuals and checklists.


251

2. Working in areas and industries outside of expertise:

Lack of familiarity with GAAP and GAAS.

Not consulting with outside experts such as professional societies, AICPA, FASB

and insurance-carrier hotlines.

Not familiar with industry norms such as accounting methods, relationships, and

credit policies.

3. Unprofessional working habits:

Failure to document work including:

- Insufficient workpapers

- Using canned programs rather than customized programs

- Insufficient financial statement disclosures

- Not documenting recommendations made to clients

Failure to notice the obvious-too much time looking at the trees and not the forest

4. Failure to maintain a good relationship with clients:

Not communicating a clear understanding of responsibilities to the client

Having a poorly drafted engagement letter

Overselling the firm’s abilities and expertise: Using high-priced employees to sell

the firm without introducing the junior staff who will actually work on the job.

Failure to communicate effectively:

a. Omitting information up front

b. Not being straight forward about areas of risk

c. Using too much jargon with terms such as GAAP, GAAS, etc.

Not being available to clients

a. Not returning telephone calls promptly or at all

Agreeing to an unrealistic schedule by not saying “no” to a client

Maintaining a improper distance from your client

a. Being too close may compromise independence

b. Being too far may result in lack of regular contact, failure to return calls, etc.

5. Failure to properly hire and supervise staff:

Not recognizing employee financial problems


252

a. Staff may be vulnerable to client bribes or may steal from a client

Not recognizing employee personal problems such as alcohol and substance abuse,

gambling and other addictions

Note: Abusive personalities gravitate toward abuse during times of stress (e.g., audit

and tax season)

Not checking employee references

Not emphasizing quality over quantity

a. A deterioration of quality in exchange for speed exposes the firm to the risk of

errors.

Not prohibiting employee moonlighting

a. Employees who moonlight may have poorer job performance during the day.

b. Employees who moonlight usually do not carry personal liability insurance.

c. The firm may be named as a co-defendant if the employee is sued, using the

argument that the employee was working on behalf of the firm under apparent

authority.

Risks of using per diem employees

a. Not checking to ensure that per diem employees have adequate CPE in the area

of the engagement.

b. Not properly overseeing the work of the per diem employees.

c. Being complacent that the per diem employees are “seasoned veterans” not

requiring the same degree of supervision as the firm’s other staff.

d. Accepting the “bad workpaper habits” of per diem employees.

6. Conflicts of interest/independence issues:

Bringing parties together of mutual interest

a. The accountant may be held liable for damages due to recommending one party

to another.

Accepting referral fees and commissions

a If commissions are received, independence may be impaired.

b. Not disclosing that a commission or referral fee will be received.


253

Getting in the middle of clients’ disputes

a. There is a risk that one or both parties may sue the accountant for having a

conflict of interest such as in the case of a divorce.

7. Lowballing fees:

Cutting corners on the engagement to accommodate the low fee.

8. Suing clients for fees:

More than 50% of all clients that are sued will file a counterclaim for malpractice.

Alleging negligence usually forces the accountant to drop the suit for fees.

9. Failure to discover fraud and defalcations:

Juries believe the auditor is responsible for finding fraud in audit, review and

compilation engagements as well as write-up engagements.

More pronounced in small companies with weaker segregation of duties.

A single defalcation can be devastating to a smaller company as compared with a

larger company. Damages against the accountant can be more significant if a smaller

company is involved.

Accountants do not recognize the fraud risk factors such as:

- Lack of management integrity

- Weak competitive position, tempting management to commit fraud

- Lack of operational capabilities, including not enough personnel, machines, and

resources

- High turnover of accounting personnel

- Firing of the previous accounting firm or a series of firms within several years

- Board or key executive resignations

- Changes in the way business is conducted including deep price discounts

- Pressure to increase earnings particularly with start-ups and companies for sale

- Pressure to satisfy loan covenants

- Significant year-end transactions that favorably impact earnings

- Related-party transactions

- Lack of documentation for transactions

- Weak internal controls

- Using offsetting transactions that zero out

- Loss of a major customer


254

Employee defalcation factors: Employees who:

- Live beyond their means

- Never take a vacation

- Are the first in and last out each day

- Never share tasks

- Never ask for a raise

- Resist changes to existing bookkeeping methods

- Offer superiors frequent examples of their loyalty and productivity

C. Top Ten Actions to Minimize the Risk of Being Sued

The following is a list of the top ten actions to minimize the risk of being sued. This list was

compiled by the author as a result of various discussions with top malpractice insurance

companies.

1. Tighten Up Engagement Letters

2. Watch Out for Bad Clients

3. Take Precautions for Fraud and Defalcation

4. Protect the Privity Defense Against Third Parties

5. Supervise and Manage Personnel

6. Have a Workpaper Retention Policy

7. Improve Billing Procedures

8. Never Sue to Collect Unpaid Fees

9. Tighten Up Workpapers

10. Improve Client Relations

Here is a discussion of just a few of the above ten recommendations

Recommendation: Tightening Up Engagement Letters-Litigation-Friendly Clauses

To mitigate the effects of litigation against auditors, more accounting firms are including

protective language in their engagement letters. The engagement letter is the contract between

the client and the auditor and should clearly reflect the understanding and responsibilities of

both parties. SAS No. 108, Planning and Supervision61

, provides a list of required and

recommended language that should be included in an engagement letter. Excerpts from this

statement are included below.

Examples of provisions to include in the engagement letter that might assist the auditor in

litigation include:

1. Responsibilities for fraud- SAS No. 99 requirements- required

61

Effective December 31, 2012, SAS No. 108 is replaced by AU-C 210, Terms of Engagement.


255

2. Limitations on use or reproduction of the audit report for unknown third parties -

recommended

3. Indemnification to the auditor from liability arising from management misrepresentations

that result in legal fees incurred by the auditor- recommended

4. Ownership of workpapers- recommended

5. Mediation clause, but never an arbitration clause

Based on previous decisions, reference to some or all of these items has been helpful in

minimizing the damages against the auditor. Of course, the auditor must balance the need to

include some or all of these provisions in his or her engagement letter, without alienating his or

her client who may be reluctant to include them.

Sample Language To Be Included In The Engagement Letter:

Fraud: We will plan and perform the audit to obtain reasonable, but not absolute,

assurance about whether the financial statements are free from material mis-

statement due to error or fraud. Because of the concept of reasonable assurance and

because we will not perform a detailed examination of all transactions, there is a risk

that material errors, fraud, or other illegal acts, may exist and not be detected by us.

Further, we have no responsibility to search for fraud and, our audit is not designed

to detect an error or fraud that is immaterial to the financial statements.

Use of Report by Third Parties: We understand that you have a loan outstanding

with NoLoan Bank and Trust and that the purpose of our report on your financial

statements is to enable you to present the audited financial statements to NoLoan

Bank and Trust. We are not aware of any other persons, entities, or limited groups

of persons or entities for whose use or benefit this report is intended or

contemplated. In the event that, during the term of this engagement, you decide to

provide a copy of the audited financial statements to a particular person or entity in

connection with a contemplated transaction, you have agreed to notify us in writing

prior to the issuance of the report of the identity of such person or entity and the size

and nature of the contemplated transaction.

Indemnification: If we incur legal fees as a result of our reliance on any false

representation made by you, you agree to reimburse us for all of our legal fees and

related costs of defense.

Note: There are several cases cited by malpractice insurance carriers where a CPA

firm was sued by a former client who went bankrupt and sued the CPA firm for the

audit failure. This occurred even though management lied to the firm about certain

issues. By including the above indemnification language in the engagement letter,


256

the firm was able to favorably settle the case and received reimbursement of its legal

fees for its defense.

Ownership of Records: Our working papers of our engagement remain the

property of James J. Fox & Company and constitute confidential information.

Except as discussed below, any requests for access to our working papers will be

discussed with you before making them available to requesting parties.

a) Our firm, as well as other accounting firms, participates in a peer review

program covering our audit and accounting practices. This program requires that

once every three years we subject our system of quality control to an

examination by another accounting firm. As part of this process, the other firm

will review a sample of our work. It is possible that the work we perform for

you may be selected for review. If it is, the other firm is bound by professional

standards to keep all information confidential.

b) We may be required to make certain workpapers available to Joe Regulator

pursuant to authority given to it by law or regulation. If requested, access to such

workpapers will be provided under the supervision of our firm personnel. Further,

upon request, we may provide copies of selected workpapers to Joe Regulator and

such copies may be distributed by Joe Regulator to other third parties including

government agencies.

Mediation: In the event of a dispute over our engagement, we mutually agree that

any dispute that may arise in connection with our engagement will be submitted to

mediation by selecting a third party to help us reach an agreement. We acknowledge

that the results of this mediation will not be binding upon either of us. The costs of

the mediation will be shared equally by both of us.

What about an arbitration clause?

Generally, arbitration clauses are dangerous with respect to a professional engagement.

Arbitration is legally binding and the process can restrict the accountant from proving his or

her case. Arbitrators are known for “splitting the difference” and there are limitations on the

extent of discovery that can be presented in the hearing. In a malpractice case, an accountant

that has excellent workpapers may be precluded from presenting those papers as evidence.

Most insurance carriers state that an arbitration clause should be avoided and can be included

only with respect to fee disputes, and not malpractice cases.

Recommendation: Watch Out For Bad Clients

An auditor should be watchful of clients and related engagements that may have a high risk of

lawsuit. In particular, certain clients have attributes that, in the event of loss, could lead to

litigation.


257

In particular, there has been recent discussion of the importance of assessing clients. An in-

depth discussion of this issue was presented in an article published in The Practicing CPA,

entitled, Do You See Trouble When It Walks in the Door? (Mary C. Eklund, Esq.).

In her article, Ms. Eklund makes reference to the idea of "bad clients" and that CPAs continue

to expose themselves to litigation when they fail to consider whether a particular client

represents a litigation risk. Many times, the CPA recognizes that there could be a risk, yet

takes no action because "it couldn't happen to us."

Ms. Eklund identifies several early hints of trouble that the CPA should be aware of such as:

1. Symptoms of a Problem Client:

a. High business risk:

In a start-up mode

Poor record keeping

Operates in litigious or declining industry

Has a history of litigation

Has poor internal control

High employee turnover, such as the accounting department

Director resignation

Slow payment to suppliers and service providers

Has poor credit or inadequate working capital

Large or unusual year-end transactions

Unusual sources of loans or high rates on loans

Material transactions not recorded in the usual manner

Suspicious confirmation responses

Owner acts dishonestly

b. Deterioration in the client’s relationship with the firm:

A client who:

Does not deliver information on a timely basis

Fails to pay the firm on time

Has unrealistic schedules, deadlines and demands by the client

Fails to return the firm’s telephone calls

Is unreasonable or consistently ignores the accountant's advice, is disreputable and a

bully

Demands an unusually low fee or unrealistically fast service

Refuses to sign engagement or representation letters


258

Gives evasive answers or makes it difficult for auditors/accountants to get

information or documents

Has significant weaknesses in accounting and administration controls

Whose personality and attitude changes

Has personal financial pressures

Has a history of changing accounting firms

Who creates emotional turmoil

c. Change in client’s business:

Company plans to go public

Business is for sale

Client ownership and management transition is in process that may expose the firm’s

work to heightened scrutiny

There is a change in the client’s type of business that places the firm into unknown,

unfamiliar areas outside of its expertise.

d. Conflict of interest issue emerges: Intra-family disputes, including potential divorce or

sibling fighting may place the auditor in the middle of a battle that could lead to

ultimately being sued by all sides involved.

e. Management’s disregard for internal controls and record keeping: Management sets the

tone for the organization. If management has a low regard for internal controls and

recordkeeping, that attitude will permeate throughout the organization.

f. Management refuses to sign engagement or representation letters: Management’s

unwillingness to sign an engagement letter is a red flag that management cannot be

trusted. Management’s refusal to sign a representation letter is a scope limitation.

Observation: There are two important changes that can significantly expose the auditor to

risk: a sale of the business and a change in management. If a sale of business is anticipated, the

client may attempt to inflate earnings and equity to increase the sales price. Because the sales

price is a multiple of earnings (e.g., multiple times EBITDA), the impact of a small increase in

net income may be significant. For example, if a client intentionally inflates income by

$100,000, it could impact the sales price by $500,000, based on a five-times EBITDA

multiple. In addition, the purchaser may have a third-party claim against the auditor because

the purchaser will be a known third party to the auditor, most likely relying on his or her audit

report and related financial statements to formulate the purchase price.

The second situation in which an auditor is most vulnerable to being sued is where a client

hires new management. When a new manager arrives, he or she may uncover a fraud,

defalcation, or error relating to the previous manager. The manager may hire his or her own

auditor, who further scrutinizes the work of the predecessor auditor. This scenario could result

in a claim against the auditor.


259

If the auditor sees some of the symptoms of a bad client, he or she should reconsider whether

the risk is too significant to continue with the engagement. Ways to evaluate whether to

continue with the engagement include the following:

a. Evaluate the client's real needs and demands: Consider the services needed in

addition to those requested. Ask the question: Can we do what is needed for the amount

being paid?

b. Evaluate the firm's (individual's) ability to handle the client's needs and demands:

Does the firm have the expertise and staffing necessary to do the job?

c. Interview the predecessor accountant, if this is a new client:

Ask the following questions:

Has the client ever lied to you?

Has the client ever unreasonably delayed payment or refused to pay you?

Did the client ever refuse to sign an engagement or representation letter?

Has the client ever threatened to sue you?

Have you ever had a disagreement with the client on accounting principles or tax

matters?

d. Perform an industry check: Ask the prospective client for a list of customers and

suppliers and permission to talk with them.

Does the client pay his/her bills on time, have respect, and maintain good

relationships with peers?

Find out whether the industry is subject to frequent or sudden business failures.

The AICPA’s Practice Aid Acceptance and Continuance of Audit Clients highlights matters

that auditors may wish to consider in connection with establishing policies and procedures for

client acceptance and continuance.

Problem clients have proven to be one of the principal factors giving rise to liability claims

against auditors. Auditors should consider establishing a general firm philosophy specific to

client acceptance.


260

Example: Firm only accepts clients who are engaged in legitimate pursuits and should not

present undue business risks to the firm or adversely affect the firm’s reputation.

and should not

Recommended procedures:

Obtain an understanding of the client's business.

Inquire as to the client's reputation and that of high-ranking employees and owners.

Consider management's response to observations about or suggestions for improve-

ments in internal controls made by the predecessor auditor.

Consider the composition and autonomy of the board of directors.

Communicate with the predecessor auditor and inquire as to the reasons for the change

in auditor and to the integrity of management.

Consider the firm's independence with respect to the client.

Consider whether the firm is qualified to handle the audit.

Auditors should devise a formal client acceptance/retention policy based on a client’s

undesirable qualities:

a) Management lacks integrity

b) Weak financial condition

c) Unwillingness to pay professional service fees

d) Management that chronically enters into material high-risk transactions

e) Disregard for internal controls and record keeping

f) Management refuses to sign engagement or representation letters.

Observation: In the post-Andersen era, with the introduction of the Sarbanes-Oxley Act,

many national firms have purged their client list of clients in high risk industries or that,

individually, represent an unacceptable risk to the firm. Other firms are following the same

tact in that they are simply not willing to take the risk of being sued when compared to the

amount of the audit fee derived from the engagement.


261

How to get rid of bad clients!

Eliminating a bad client from the firm’s client list can create a greater risk than keeping the

client, if the action is not handled properly. In many instances, notifying the client that the firm

will no longer service his or her account can cause resentment which, in turn, can translate to

blame. Also, there is the issue of how to handle outstanding fees. Should the firm demand

payment or forgive the balance? There are also successor accountant/auditor matters where the

firm must be careful not to provide information to the successor without obtaining permission

from the client. Let’s not forget that approximately 85% of all lawsuits against accountants are

initiated by the client, not third parties.

Evaluating New Clients

In connection with a prospective client, the firm should set up a new client acceptance policy

that includes evaluating the prospect in more depth before being accepted as a new client.

Recommendation: Protect the Privity Defense Against Third Parties

Lawsuits initiated by clients against the auditor may take a different form than those from third

parties, such as banks, investors, etc. Most frequently, the client sues for breach of contract

using the notion that the auditor failed to render the agreed-upon services in the manner

contracted in the engagement letter. Generally, an auditor may be sued under any one of the

following five causes of action:

1. Breach of contract: The auditor failed to perform the agreed-upon services in the

manner contracted in the engagement letter (or verbally, if no engagement letter was

signed).

2. Negligence: The auditor failed to meet professional accounting and auditing standards.

3. Negligent misrepresentation: The auditor provided erroneous information to the client

through failure to exercise due care.

4. Fraud: The auditor knowingly or recklessly made a material false statement of fact or

omitted a material fact.

5. Breach of fiduciary duty: The auditor failed to uphold the responsibility associated

with professionalism and accountability. Examples include unauthorized disclosure of

confidential client information.

Any one or all of the above five causes of action can be brought by a client against an auditor.

However, what about damages claimed by a third party such as a bank, investor or bonding

company? Since the third party usually is not a party to the contract (e.g., engagement letter),

what causes of action can it bring?


262

For years, the answer was found in the so-called privity standard, developed after a 1931 court

case, Ultramares Corp. v. Touche, Niven & Co. (New York, 1931).

The privity (contract) standard states:

“Accountants’ liability is limited to those third parties with

whom the accountant has a contractual relationship.”

Under a strict interpretation of this standard, the accountant is exempt from responsibility to a

third party unless the accountant has a contract with that third party. And, usually, the third

party is not a party to the contract (e.g., engagement letter), giving the accountant a shield

against third party lawsuits.

Unfortunately for accountants, since the inception of the privity standard in 1931, case law and

most state statutes have watered down the privity standard to the extent that it applies only in a

few states. The result is that, depending on the state of jurisdiction, responsibility to third

parties can be categorized into four different levels as follows:

1. Privity (discussed above)

2. Near-privity

3. Restatement approach

4. Foreseeability approach

Near-privity: Under the near-privity (near-contract) standard, a third-party that does not have

a contractual relationship with the accountant can still bring suit against an accountant for

negligence if all three of the following conditions apply:

1. The accountant is aware that his or her financial report is to be used for a particular

purpose.

2. A specific, known third party, intends to rely on the financial report, and

3. The accountant’s conduct clearly demonstrates that the accountant is aware the third

party will rely on the financial report.

Note: The near-privity standard is based on the case of Credit Alliance Corporation v. Arthur

Andersen & Co. (1985) in which an auditor was sued by a lender in connection with a client

that filed bankruptcy. Under the near-privity standard, the accountant must know who the third

party is and the fact that the specific third party will rely on the accountant’s report. The task

of documenting that an accountant was aware of third party’s reliance on the report has not

been clearly decided by the courts since the Credit Alliance case. For example, is a telephone

call initiated by a third party to an accountant adequate to confirm that the accountant knew the

third party and that the party would rely on his or her report? It is not clear. What is clear is

that knowing that some unidentified third party will receive the report is usually not enough.


263

The identity of the third party must be known for the near-privity defense to be challenged by a

third party.

Restatement approach: In those states that follow the restatement approach, accountants are

responsible to third parties who fall into either one of two categories:

1. Third parties the accountant expressly knows will be provided with the financial report,

and

2. Third parties who are members of a limited class of persons to whom the accountant

knows the financial report will be given.

Note: The restatement approach requires that the accountant know the class of third party

(e.g., bankers, insurance companies, etc.), but not necessarily the name of the party. This

is different from the requirement of the near-privity defense where the name of the third

party must be identified.

Example 1: Fred, an accountant audits a client’s financial statements and issues an

unqualified report. Fred gives the client several copies of the financial statements without

knowing specifically to whom the statements will be provided. The client gives a copy of

the statements to a vendor who grants credit to the client. Subsequently, the client’s

business fails and the vendor sues Fred for negligence. The state of jurisdiction follows

the restatement approach for responsibility to third parties.

Conclusion: Fred is not liable to the vendor because he did not have notice that the

financial statements would be given to the creditor or to a class of third parties (e.g.

vendors).

Example 2: Same facts as Example 1, except that during the audit, the client informs Fred

that the statements will be issued to the vendor, names the vendor, and states that the

vendor will be using the statements to grant credit to the client.

Conclusion: Under the restatement approach, Fred would be responsible to the vendor

because he expressly knew the financial statements would be given to the vendor.

Example 3: Same facts as Example 2, except that during the audit, the client informs Fred

that the statements will be issued to one or more vendors without disclosing names.

Conclusion: Under the restatement approach, Fred would be responsible to any vendor to

whom the statements were given because Fred was aware the statements would be given to

a particular class of third parties (vendors).

Note: In the above series of examples, if the state of jurisdiction followed the near-privity

standard, Fred would have been liable to the third party in Example 2 only, where Fred


264

was informed that a known, third party would rely on the report for a particular purpose, to

issue credit.

Foreseeability approach: The accountant is liable to any “reasonably foreseeable” third-

party recipient of the accountant’s financial report provided the third party relies on the report

for its proper business purpose. Further, the accountant is not required to know the specific

third party or how the report will be used.

Example: An insurance company obtains a copy of a client’s financial statements used to

issue an employee fraud policy. Subsequently, employee fraud is found and a claim is

made against the policy. The insurance company sues the auditor, claiming that the auditor

did not disclose certain known information that would have resulted in rejection of the

insurance application. The state of jurisdiction follows the foreseeability approach for

third-party liability.

Conclusion: Assuming there is negligence, the auditor is liable to the insurance company

under the foreseeability approach. It was “reasonably foreseeable” for the insurance

company to be the recipient of the accountant’s financial report. This is the case even

though the auditor did not know about the insurance company or the purpose for which the

insurance company would use the report.

Observation: The foreseeability approach is a very dangerous standard for accountants. The

good news is that, presently, only two states, Wisconsin and Mississippi, follow the

foreseeability approach to third-party liability.

The following chart, published by the AICPA, illustrates the third-party liability laws, by state.

The categorization of each state is always changing based on that state’s recent laws and court

decisions.


265

Summary of Third-Party Liability By State

Privity States Near Privity States

Pennsylvania Arkansas Montana

Virginia Idaho Nebraska

Illinois New Jersey

Kansas New York

Louisiana Utah

Michigan Wyoming

Restatement States Foreseeability States

Alabama Minnesota Mississippi

Alaska Missouri Wisconsin

Arizona New

Hampshire

North Carolina

California

Colorado States Not Categorized

Colorado Ohio Delaware North Dakota

Connecticut South Carolina Indiana Oklahoma

Florida Tennessee Kentucky Oregon

Georgia Texas Maine Rhode Island

Hawaii Washington Maryland South Dakota

Iowa West Virginia Nevada Vermont

Massachusetts New Mexico

Source: AICPA Compilation and Review Alert, as modified by the author.

Recommendation: Make Sure You Have a Workpaper Retention Policy:

Auditors should formulate a workpaper retention policy that includes the following:

1. The document retention period should be sufficiently long enough to:

Negate an inference that it was designed to destroy information that could injure

the firm, and

Satisfy the auditor's reasonable needs to obtain information regarding the entity's

prior financial activities.

2. The retention period should be rational in the sense that a longer retention period

should be maintained for documents which are likely to be called upon at a later date.

3. The retention policy should be scrupulously adhered to so as to avoid an inference that

documents were destroyed because they were the subject of litigation.


266

Note: SAS No. 103, Audit Documentation62

, requires an auditor to retain audit

documentation for a sufficient period of time with a minimum workpaper retention

period of five years from the report release date, or longer if required by statutes,

regulations, or the firm’s internal quality control policies.

Observation: Historically, in lawsuits against accounting firms, a key factor supporting the

firm’s discarding of its workpapers has been whether the firm did so during a timeframe that

was consistent with the firm’s retention policy.

During the Enron scandal, the auditor, Arthur Andersen, was accused of shredding working

papers. The firm was indicted because the shredding occurred after the firm received a

subpoena for its workpapers. If, instead, the firm had not received the subpoena, presumably,

the firm would have had the right to shred its workpapers provided that shredding was

consistent with the firm’s workpaper retention policy.

The moral of the story is that if a firm has a retention policy, it is imperative that it follow it

consistently so that a third party cannot accuse the firm of discarding workpapers as a means to

remove damaging evidence in a lawsuit.

Sarbanes-Oxley requires auditors of SEC companies to maintain a seven-year workpaper

retention policy. Since the adoption of Sarbanes, several state licensing boards have adopted

portions of Sarbanes, one of which is the requirement of a seven-year retention policy for all

auditors, including those of non-public entities.

Recommendation: Tighten Up Workpapers

Perhaps the most important litigation-proofing a firm can implement is to tighten up its

workpapers. In litigation, a firm’s workpapers are its evidence that it performed the

engagement with due care in accordance with GAAP, GAAS or the SSARSs. In front of a jury,

a talented plaintiff’s attorney can translate a series of minor workpaper flaws into a negligently

performed engagement. The following analysis identifies certain chronic workpaper

deficiencies that have been recurring in litigation.

1. Complete the audit program:

a. Never leave a procedure incomplete (blank) in the program.

b. Do not place “not applicable” next to a procedure that could be performed, but the

accountant/auditor elects not to do it.

c. If the procedure is not needed, it should be eliminated from the program altogether.

62

Effective December 31, 2012, SAS No. 103 is replaced by AU-C 230, Audit Documentation.


267

Note: All major publishers offer the audit program in electronic format. This allows the firm

to customize the program and remove any standard procedures that are not going to be

performed during the engagement. From a liability standpoint, it is better for an audit program

to be brief and for all procedures in the program to be completed, than for a larger, canned

program to be used that has a series of incomplete procedures.

2. Remove all “to do” lists or other comments or scribbles from the workpapers that suggest

that the engagement was not completed.

3. Never place jokes in the workpapers or comments about the client.

4. Make sure there is a partner review and sign off on workpapers.

5. Perform analytical procedures:

Analytical procedures that demonstrate no unusual fluctuations are a strong defense in a

fraud claim.

Comparison of data from year to year is the best means to detect going concern and cash

flow problems.

6. Label preliminary financial statements with “draft” or “draft-for internal use only.”

7. Document, document, document:

Show support for positions taken such as AICPA, Hotlines, etc.

Never speculate, only state facts.

Conclude on procedures performed.

Document all communications with client noting the date and what was discussed.

Note: An auditor must document the work he or she does in conducting his or her audit.

Specifically, the auditor must obtain abstracts or copies of significant contracts or

agreements that were examined to evaluate the accounting for significant transactions.

Example: Joe Auditor is auditing X’s accounts receivable. X has a contract with one large

customer that allows for the customer to delay payment (dated terms) for a period of time.

Joe inspects the contract in determining whether accounts receivable is collectible.

Conclusion: Joe should document the contract inspected including retaining a copy of the

contract in his working papers.

Audit documentation should include identification of the items tested.


268

When a random sample is selected, the documentation should include identifying

characteristics, such as specific invoice numbers of the items selected, and the

listing.

When a scope of items is selected (e.g., all items over a certain amount) the

documentation needs to describe the scope and the listing.

When a systematic sample is selected from a population of documents, the

documentation need only provide an identification of the source documents, the

starting point, and the sampling interval.

Example 2: Mary Auditor is auditing Company X and selecting customer receivables

for confirmation. Mary uses random sampling by selecting 100 random customers from

the accounts receivable aging.

Conclusion: Because Mary is using random sampling, in her working papers, she

should document specific customers and amounts selected for the confirmation, and the

listing from which the customers were selected.

Acceptable documentation would consist of:

“Randomly selected the following 100 customers from the client’s

accounts receivable aging as of December 31, 20XX”

Customer Customer # Balance

Smith 56346 $xx

Johns 34356 xx

Johnson 67894 xx

Etc…….

Total selected for confirmation

$xx

Unacceptable documentation:

“Randomly selected 100 customers off the client’s aging with a total

balance of $xxx.”

The previous example is unacceptable because the sample does not provide a means by which

another party could reconstruct the sample (e.g., selected every fifth customer off the aging,

etc.).


269

REVIEW QUESTIONS









1. With regard to hiring and supervising staff, accountants should:

a. Check employee references

b. Emphasize quantity over quality

c. Allow employees to moonlighting

d. Use per-diem employees

2. Which provision, that might assist the auditor in litigation, is required to be included in the

engagement letter:

a. Arbitration clause

b. Limitations for unknown third parties on use or reproduction of the audit report

c. Ownership of workpapers

d. Responsibilities for fraud

3. Which of the following would not generally expose an auditor to a risk from having a

problem client?

a. A planned purchase of long-term assets

b. A change in the client’s management

c. A deterioration in the client’s relationship with the firm

d. The client’s sale of a subsidiary

4. Which of the following liability standards states that only third parties with contractual

relationships with the accountant may bring suit against an accountant for negligence?

a. The foreseeability approach

b. The near-privity standard

c. The privity standard

d. The restatement approach


270

5. Under what level of responsibility to third parties can both the third party and the use of the

financial report be unknown to the accountant and that he or she is still responsible to the

unknown party:

a. The foreseeability approach

b. The near-privity standard

c. The privity standard

d. The restatement approach


271

SUGGESTED SOLUTIONS

1. With regard to hiring and supervising staff, accountants should:

a. Correct. A common pitfall that continues to expose accountants to loss in litigation

is failure to properly hire and supervise staff. To avoid exposure to loss in

litigation, accountants in hiring and supervising positions should check employee

references.

b. Incorrect. To avoid exposure to loss in litigation, accountants in hiring and supervising

positions should emphasize quality over quantity. A deterioration of quality in exchange

for speed exposes the firm to the risk of errors.

c. Incorrect. Accountants in hiring and supervising positions should prohibit employee

moonlighting. Employees who moonlight may have poorer job performance during the

day and usually do not carry personal liability insurance.

d. Incorrect. Accountants should be aware of the risks of using per-diem employees. Not

checking to ensure that per-diem employees have adequate CPE in the area of the

engagement; not properly overseeing their work; not giving them the same degree of

supervision as other staff; and accepting their bad workpaper habits, are some common

oversights.

2. Which provision, that might assist the auditor in litigation, is required to be included in the

engagement letter:

a. Incorrect. An arbitration clause is not required to be in an engagement letter under

auditing standards. As a matter of good practice, a mediation clause is recommended,

but not an arbitration clause.

b. Incorrect. A provision stating limitations on use or reproduction of the audit report for

unknown third parties is recommended, but not required.

c. Incorrect. A provision stating the ownership of workpapers is recommended, but not

required.

d. Correct. A provision required by SAS No. 99, which might assist the auditor in

litigation, is to state the responsibilities for fraud in the engagement letter.

3. Which of the following would not generally expose an auditor to a risk from having a

problem client?

a. Correct. A planned purchase of long-term assets does not, in and of itself, expose

an auditor to risk of having a problem client.

b. Incorrect. Hiring new management generally does expose the auditor to risk from

having a problem client. An auditor is most vulnerable to being sued when a client hires

new management. When a new manager arrives, he or she may uncover a fraud,

defalcation, or error relating to the previous manager and may hire his or her own

auditor. The result could be a claim against the predecessor auditor.

c. Incorrect. A deterioration in the client’s relationship with the firm is a symptom of a

problem client. In particular a client who does not deliver information timely, fails to

pay the firm on time, and has personal financial pressures, is one that should be

categorized as high risk.


272

d. Incorrect. The sale of a business can significantly expose the auditor to risk because the

company may attempt to inflate earnings and equity to increase the sales price.

4. Which of the following liability standards states that only third parties with contractual

relationships with the accountant may bring suit against an accountant for negligence?

a. Incorrect. The foreseeability approach states that the accountant is liable to any

“reasonably foreseeable” third-party recipient of the accountant’s financial report

provided the third party relies on the report for its proper business purpose.

b. Incorrect. The near-privity standard states that three conditions must be met for a third

party with no contractual relationship with the accountant to bring suit against an

accountant for negligence.

c. Correct. The privity (contract) standard states that only third parties with

contractual relationships with the accountant may bring suit against an accountant

for negligence.

d. Incorrect. The restatement approach states that accountants are responsible to third

parties who the accountant expressly knows will be provided with the financial report

and third parties who are members of a limited class of persons to whom the accountant

knows the financial report will be given.

5. Under what level of responsibility to third parties can both the third party and the use of the

financial report be unknown to the accountant and yet he or she is still responsible to the

unknown party:

a. Correct. Under the foreseeability approach, both the third party and the use of the

financial report can be unknown to the accountant.

b. Incorrect. Under the near-privity standard, the accountant must be aware that the

financial report is to be used for a particular purpose and must know who the third party

is and the fact that the specific third party will rely on the accountant’s report.

c. Incorrect. Under the privity standard, to be held responsible, the accountant must have a

contractual relationship with the third party.

d. Incorrect. Under the restatement approach, accountants are required to know the class of

third party, but not necessarily the name of the party.


273

XXVI. Efficient Engagements- Reduce Time, Make More Money

Without Increasing Risk

A. Staffing Problems

The AICPA's Private Companies Practice Section (PCPS) published the results of its annual

poll of the Top Ten CPA Firm Issues, which is listed below based on firm size of 6 to 10

professionals.

Top Ten CPA Firm Issues

1. Client retention

2. Retaining qualified staff at all levels

3. Tax complexity and changes

4. The effect of new regulations and standards on small firms

5. Marketing/practice growth

6. Finding qualified staff

7. Client collections

8. Keeping up with standards

9. Keeping up with technology

10. Working/life balance initiatives

Source: AICPA

Items 2 and 6, retaining and finding staff, have been at the top of the list for the past five years

and staffing issues continue to be the number one challenge facing the profession. The staffing

issue, coupled with the pressure to keep up with regulations and standards, make the

engagement efficiency a vital element of any CPA firm's quality control practice.

Another observation made by CPA firms is that the quality of staff is not as extensive as prior

generations thereby making it more difficult to drive performance. Consider some of the

common comments about staff:

Today’s accounting graduate lacks:

Basic writing and math skills

Work ethic needed for many firms to drive through the cyclical seasons of the typical

CPA firm.

What this means is that many firms are unable to generate high production out of staff

members thereby putting pressure on the firm to ensure that engagements are performed

efficiently.

Efficiency Auditing Takes the Pressure Off Staffing Issues


274

In general, firms are over auditing, over reviewing and over compiling, resulting in wasted

time that could be used to drive other business or, the ability to perform the same volume of

work with fewer staff. With the expansion of regulations and standards, firms may find their

profit margins being squeezed if they do not make their engagements more efficient.

Dealing with the Challenges of Profit Squeeze

SOLUTIONS

B. Efficiency Auditing

The PCPS Section of the AICPA published a handbook entitled Smarter Audits, which

provides CPAs with ideas on ways to make audits more efficient. Although the majority of the

following suggestions and comments have been developed by the author, several important

ideas were extracted from the PCPS document.

The following are suggestions on how a firm can reduce time and increase audit efficiency:

Manage and train the client and its staff

Weed out unprofitable clients and increase fees

Retain and effectively use staff

Spend more time planning the engagement

Staffing

Shortages

Staffing

salary

increases

PROFIT

SQEEZE

Reduce

Time-

Increase

efficiency

Increase

Fees

80/20

RULE


275

Recommend that the client convert to income-tax-basis accrual financial statements,

where appropriate

Recommend that the client switch to a review from an audit, and

Look at specific audit areas for time savings.

1. Managing and training the client

a. Ask the client to perform more PBC (prepared by client) schedules to eliminate

wasted audit time reconstructing transactions.

The client should have a clear due date for the PBCs and a format example.

Do not start the audit until all PBCs are completed.

Note: Some firms charge a separate billing for the accounting work so that the client can see

the impact of having the accountant perform many wasted tasks that could be performed by the

client. Some firms are willing to discount the bill if the client prepares PBCs and reduces the

engagement time.

2. Weed out unprofitable clients and increase fees

Because of staffing shortages, it may make sense to reduce the client base and operate on a

more solid, profitable one.

Statistics show that there is tremendous time savings from performing engagements on repeat

clients where work papers have already been set up and the staff is already familiar with the

industry and client. However, unprofitable clients, particularly those that have year ends

during busy times of the year, may not be worth keeping.

a. Get rid of unprofitable clients:

1) The 80-20 rule applies: 80% of a firm’s business comes from 20% of its clients.

2) Clients that are high-risk, slow paying, high-maintenance, and low-profitability may not

be worth keeping.

3) It may be too time consuming to retain one client who is in an industry within which no

other clients exist.

4) The first clients to go should be those who have year ends at busy times of the year

such as calendar year ends. Firms can generally replace unprofitable year end business

with other more profitable clients.

b. Increase fees: One way to weed out clients is to increase fees, particularly within areas of

recognized expertise. Clearly, the timing of the economy may be a factor in deciding when

you increase fees and weed out clients.

3. Retain and effectively use staff


276

The most efficient audits are performed by staff that is already familiar with the client from

performing the engagement in prior years.

a. Firms should retain staff as a means of enhancing client relations and providing significant

audit efficiencies.

b. Clients like to work with the same staff from year to year.

4. Spend more time planning the engagement

Auditors are required to plan the audit. However, in this case, the term “planning” refers to the

process of making sure the pieces work together including staffing, timing, and extent of work

to be done.

a. Successful firms plan the engagement in the following areas:

Plan the audit based on risk and materiality

Allocate hours to spend on each area

Attempt to eliminate duplicate tests, where possible

Develop PBC lists and due dates

Prepare the engagement letter

Prepare a budget

b. Specific planning opportunities:

Focus audit on high risk areas

Complete your work paper review and exit interview prior to leaving the client’s office

Move certain audit work to interim such as receivable confirmations and inventory

observations.

5. Recommend that the client convert to income-tax-basis accrual financial statements

Most closely held businesses focus on tax reduction planning and less on issuing GAAP

financial statements. Consequently, for them, income-tax-basis, accrual financial statements

may be more meaningful.

What is just as important is the significant savings to you, as an auditor. Because OCBOA

statements are not GAAP, the rules of GAAP do not apply. Instead, if income tax basis

statements are prepared, the authority for when to record income and expense is determined by

the Internal Revenue Code, not GAAP. The most common basis to use is income-tax-basis

accrual financial statements since usually the results of operations do not significantly deviate

from operations reported under GAAP.


277

Traditional GAAP items you can forget about when using income tax basis statements include:

Deferred income taxes Allowance for bad debts

Accrued vacation pay Different depreciation methods

Investments at market value UNICAP- section 263A adjustment

Impairment of long-lived assets Goodwill amortization

Consolidation of variable

interest entities (VIEs)

The time savings can be significant!

6. Recommend that your client switch from an audit to a review

In limited cases, a review may be more appropriate for a client than an audit, and more

profitable to the CPA firm. Although the billing amount may be lower, the profit on a review

can be much greater than an audit. It is better that an auditor, rather than a competitor,

promotes savings to his or her client.

7. Look at specific audit areas for time savings

The author suggests that firms consider some of the following areas for significant time

savings:

a. Reassess the materiality threshold established for the audit:

Many firms set materiality too low and do too much work based on the assessment.

The rule of thumb threshold is 5-10% of net income or 2-5% of total assets.

b. Streamline the audit program:

Never have any procedure in the audit program that will not be performed.

Do not used "canned" programs which include too many procedures.

c. Replace tests of account balances with analytical procedures in low risk audit areas:

Examples of areas in which analytical procedures can replace typical tests of account

balances include any variable operating expense and those balance sheet accounts that

have low inherent risk (e.g., prepaid and accrued items) such as:

Interest expense as % of average debt

Payroll tax expense as % of gross payroll

Repairs and maintenance as % of fixed assets

Sales returns and allowances as % of sales

Other operating expenses from year to year


278

Recurring prepaid expenses and accruals

Observation: Auditors should seriously consider increasing the use of analytical procedures as

effective substantive tests in lieu of tests of account balances. By doing so, audit time can be

significantly decreased without sacrificing the quality of the audit. More importantly,

analytical procedures are extremely effective in uncovering material misstatements.

d. Increase audit work in high-risk areas such as inventories and receivables.

e. Eliminate wasted audit procedures: The following chart presents some of the areas in

which audits waste time.

Audit area Recommended procedure to save time

Cash Eliminate request for cut-off statements. For the first month after the

client’s year end, use the client's bank statement when received and

instruct client to deliver the statement to the auditor unopened, or

inspect the bank statement electronically through the client’s on-line

banking.

Don't confirm bank accounts. Obtain client's bank statement unopened

for the month following the year end and trace the balance into the

bank statement or review the client’s bank account on line in the

presence of the client.

Accounts

receivable Confirm receivables at interim, within one or two months of year end.

Stratify the confirmation population: Send positive confirmations to the

largest customers, negative confirmations to the next largest customers

and eliminate confirmations to the lowest 20% of the balances.

Eliminate confirmations of receivables altogether where, based on

history, results have not been successful and perform alternative

procedures.

Inventories Perform physical observation at interim and roll forward the balance to

year end.

Test a percentage of the valuation using the largest items within the

population and perform analytical procedures such as gross profit test,

number of days, and inventory turnover.

Perform lower of cost of market on the entire inventory and not

individual inventory items

Accounts

payable Generally, do not confirm trade payables. Confirmation usually does

not test for the highest risk which is having unrecorded liabilities.

Search for unrecorded liabilities by examining subsequent cash

disbursements and invoices

Contingencies

and lawyers’

letters.

Do not send lawyers letters for unasserted claims.

Lawyers’ letters should only be sent to confirm the facts of a

contingency that is asserted by management.


279

Prepaid expenses

and accruals Test prepaid expenses and accruals analytically instead of testing

account balances.

Do not test details of account balances unless the analytical procedures

result in a significant variance from year to year or from the current

year in comparison with expected amounts.

Expenses Test analytically and avoid an analysis of the account balance unless

analytical procedures indicate a significant fluctuation.

Initially test repairs and maintenance analytically from year to year and,

if possible, avoid examining individual repairs and maintenance items.

Are receivable confirmations required?

SAS No. 67, The Confirmation Process,63

was issued in response to the concerns that the

profession was over-utilizing confirmations as an effective substantive test. Almost a decade

later, it appears that CPA firms continue to misuse and overuse confirmations.

Understanding SAS No. 67 can be an effective tool to reduce audit time.

SAS No. 67 states that confirmations should be used with respect to accounts receivable

unless:

The balance is immaterial.

Audit risk is assessed very low and alternative substantive tests would be adequate to

reduce audit risk.

Use of confirmations would be an ineffective audit procedure.

Example: Based on history, the auditor can expect that response rates will be low.

SAS No. 67 states that there is a presumption that an auditor will request confirmations for

receivables. If he or she does not request confirmations, he or she must document how this

presumption was overcome.

SAS No. 67 stipulates that negative confirmations may not be used unless:

Control risk is set at below the maximum level,

There are a large number of small account balances, and

The auditor believes that the recipients will reply.

63

Effective for years ending on December 31, 2012 and later, SAS No. 67 is replaced with AU-C 505, External

Confirmations.


280

Therefore, positive confirmations should be used instead of negative ones for the majority of

the population tested.

With respect to accounts receivable, there is the presumption that the auditor will request

accounts receivable confirmations unless the use of confirmations would be an ineffective

audit procedure. In those cases, accounts receivable confirmations can be replaced with

alternative substantive tests such as:

1. Sales cutoff

2. Examination of certain invoices included in the balances of significant receivables

3. Analytical procedures such as number of days sales and receivable turnover

4. Realization of receivable balances

Avoiding the time trap of prepaid and accrued expenses

Do you want to reduce your audit time but not increase audit risk?

One easy way to do so is to make sure you do not get locked into the time trap of spending too

much time performing detailed analyses of prepaid expenses and accruals. Instead, the auditor

should initially test these accounts analytically from year to year. Only if there is a significant

fluctuation in the prepaid or accrued expense balance from year to year (adjusted for any

expected change), should an auditor spend time with detailed analyses of the prepaid or

accrued account.

Example: Joe Auditor is auditing Company X. X has a prepaid insurance asset on the balance

sheet as follows:

20X2 20X1

Prepaid insurance $20,000 $23,000

Insurance expense 40,000 38,000

Joe’s expectation is that 20X2 insurance expense and prepaid insurance should be similar to

20X1 because there is no indication that there has been a significant change in insurance cost

or coverage from year to year.

Conclusion: Joe can easily test the prepaid insurance and related insurance expense for 20X2

by comparing both the prepaid balance and insurance expense from year to year. Given the

fact that both the 20X2 asset and expense are not materially different from 20X1, there is no

need for the auditor to perform additional procedures, such as tests of the account balances.

Change the facts: Prepaid insurance and related expense are as follows:

20X2 20X1


281

Prepaid insurance $5,000 $23,000

Insurance expense 55,000 38,000

Conclusion: In performing an analytical procedure on prepaid insurance and insurance

expense, there is a difference between the accounts from year to year. In fact, it looks like both

the asset might be understated by $18,000 and the expense might be overstated by a similar

amount.

Should Joe perform additional work on the prepaid insurance and expense?

Whether Joe expands his work to perform tests of the account balances is based on whether

any difference (in this case $18,000) might be material to the financial statements. If not, Joe

should pass on further work. If it is potentially material, Joe would perform additional audit

procedures which might include: a) inquiry as to why the accounts have changed, and b) a test

of the account balances such as a calculation of the prepaid insurance and expense.

Observation: The previous example illustrates a typical situation in practice involving a

recurring prepaid asset or accrual. An effective way for an auditor to test all prepaid expenses

and accruals that are recurring (such as prepaid insurance, accruals for payroll taxes,

commissions, interest, etc.) is to test them analytically without engaging in a test of the detail

of the account balance. In performing the analytical procedure, the auditor should test

analytically the balance sheet balance (prepaid or accrual balance) and the related expense

account. If the prepaid or accrual balance, and the related expense account are reasonably

consistent from year to year, the auditor should refrain from performing additional audit

procedures.

Auditing recurring prepaid and accrual accounts, and the related expenses, by testing the detail

of those accounts should be avoided and performed as a last resort only when the results of the

analytical procedures indicate that there might be a material variance.

Having the discipline to avoid detailed audit work in recurring prepaid and accruals items will

save the auditor significant time without increasing audit risk.

XXVII. Assessing Going Concern

The Auditing Standards Board continues to emphasize the importance of assessing going

concern issues in audits. Regardless of the strength or weakness of the economy, companies

go out of business For various reasons many of which are simply self-imposed strategic errors

or business cycles that have matured to extinction.


Concern, provides guidance on evaluating the adequacy of going-concern disclosure in


282

audited financial statements. SAS No. 59 is the only authoritative literature for going concern

disclosure.

Continuation of an entity as a going concern is assumed in financial reporting in the absence of

information to the contrary. In an audit engagement, an auditor should assess whether the

entity has the ability to continue as a going concern for one year from the balance sheet date.

Factors that might raise doubts about the ability to continue as a going concern include:

Negative cash flow from current operations or forecasted for the next year

Declining revenues coupled with continued operating losses

Adverse financial ratios such as negative net worth or working capital deficiencies

Loss of major sources of sales such as lost customers, product lines, etc.

Noncompliance with statutory capital requirements

Loan defaults

Preferred dividend arrearages

Lawsuits or loss contingencies such as environmental or uninsured catastrophic events

Loss of key personnel

Unusually liberal credit terms to customers including significant dating of receivables

Company runs tight on its working capital line of credit formulas (e.g., maximum

available line is based on a percentage of eligible inventory and trade receivable.)

If, based on this assessment, there is substantial doubt of an entity's ability to continue as a

going-concern for one year from the balance sheet date, the accountant must seek factors that

mitigate this fact.

Examples of mitigating factors include:

Alternative sources of financing

Management's plan of action, including its forecast for the coming year

Disposition of assets

If management’s plans are based on the success of future normal operations for the coming

year, the auditor should review management’s assumptions used in its forecast and become

satisfied that the forecast results are achievable based on past experience with differences

properly substantiated.

If management plans to dispose of certain assets or consummate a single event (e.g., sign up a

major customer or develop a new product line), the auditor must consider whether there is

adequate evidence that currently exists to support the claim that it is more likely than not that

management will be successful. The concept of more likely than not means that there is more

than a 50% likelihood of success.

If, after seeking mitigating factors, the auditor still believes there is still substantial doubt,

SAS No. 59 requires a disclosure and an audit report modification as follows:


283

Separate paragraph in the audit report:

As discussed in Note A, the Company has suffered continued losses from operations

and, at December 31, 20XX, has a deficiency in stockholders' equity. These factors

raise substantial doubt about the Company's ability to continue as a going concern.

Management has a plan of action that is described in Note A. The financial

statements do not reflect any adjustments that might result from the outcome of this

uncertainty.

Note: SAS No. 77 amends SAS No. 59 to preclude the auditor from using conditional

language in the report when identifying a going concern issue.

SAS No. 77 and 59 will be replaced with a new auditing standard, scheduled to be issued as

AU-C 570, Going Concern, as part of the Clarity Project.

XXVIII. The Risk of Vicarious Liability Among CPA Firm Alliance

Its is quite common for CPA firms to join affiliated groups of firms otherwise called alliances.

In doing so, smaller or regional firms can reap the benefits and economies that inure from

having an alliance umbrella under which to operate.

Typically such alliances share common benefits that include:

Maintenance of a uniform quality control system including monitoring and peer review

Discounts on purchases of insurance and other services

Ability to receive higher-level technical and managerial expertise

Use of a common trade name or logo

Ability to maintain a collective marketing and public relations campaign

Access to international business and expertise, and

Fee-sharing arrangements, including referral and other fees.

Court decisions have called into question whether such firm alliances are actually operating as

one firm for liability purposes. If so, there is the risk that the liability of one affiliated firm that

is sued may become the liability of all firms in the alliance under the concept of vicarious

liability.

Two cases have brought the concept of vicarious liability among CPA firms to the forefront:

Nuevo Mundo Holdings v. PricewaterhouseCoopers, and the Parmalat Securities Litigation

Case.

The doctrine of vicarious liability involves assigning one party’s liability to another party.


284

The Mundo case

The Mundo case involved shareholders and directors of Banco Nuevo Mundo S. A, a Peruvian

bank, who brought suit against the New York City offices of Pricewaterhouse Coopers (PWC)

and Arthur Andersen, LLP (Andersen)(prior to its demise). The claim was that two Peruvian

accounting firms issued an audit report on fraudulent financial statements.

PWC and Andersen were sued under the theory of vicarious liability with the claim that the

two Peruvian accounting firms operated under the control of PWC and Andersen by using the

same brand name.

The Court held that PWC and Andersen had no vicarious liability simply by using the same

brand name. Factors the Court noted that must be present to have vicarious liability include:

a. A principal/agency relationship including control

b. An alter-ego relationship, including piercing the corporate veil, or

c. A partnership or joint venture

The Court concluded that none of the three criteria were present and that PWC and Andersen

had no vicarious liability with respect to the actions of the two Peruvian firms.

An important point is that the fact that a joint logo was used by the firms was not enough to

assign vicarious liability to PWC and Andersen.

The Parmalat case

Although the Mundo case was important, it pales in comparison to the Parmalat case.

Background:

Parmalat SpA was one of Italy’s largest dairy conglomerates, known for long shelf-life milk.

Details related to Parmalat follow:64

In the 1990s, Parmalat expanded its operations financed largely by debt.

Its expansion into South America was problematic and resulted in significant

losses and negative cash flow.

Parmalat’s CEO and his family diverted funds from the company.

64

Court Filing dated June 28, 2005, Master Docket 04MD 1653 (LAK)


285

Parmalat used off-shore entities to hide its losses and create an appearance of financial

health and stability. One such transaction involved a fictitious sale of powdered milk to

Cuba for $620 million. In another transaction, inter-company debt was transferred to

Parmalat’s Brazilian affiliate.

Parmalat continued to borrow funds to service its losses and debt service.

Grant Thornton- Italy (GT-Italy) was Parmalat’s auditor through 1999.

Starting in 2000, as required by Italian law, Parmalat was required to change auditors

and hired Deloitte & Touche, S.p.A. (Deloitte Italy) to perform the audit.

In late 2003, Parmalat defaults on its debt and files for bankruptcy.

Italian authorities indicted Parmalat executives, Deloitte Italy and certain partners of

GT-Italy.

It was later discovered that Parmalat had committed a massive fraud that involved the

understatement of $10 billion of debt and an overstatement of its net assets by $16.4

billion.

Subsequent to Parmalat’s demise, investors in Parmalat filed a class action suit against

Deloitte Italy, GT-Italy, as well as Deloitte & Touche USA and Grant Thornton, LLP

(GT-USA).

The vicarious liability claim again Deloitte & Touche USA and Grant Thornton USA:

The investors in Parmalat brought claims against the United States arms of Deloitte & Touche

and Grant Thornton under the theory of vicarious liability. That is, the investors claimed that

the relationship between Deloitte & Touche USA (DT USA) and Grand Thornton USA (GT

USA) with their respective Italian affiliates was such that the U. S. arms should be liable for

the actions of their Italian counterparts.

DT USA and GT USA disagreed based on the argument that they were separate from their

Italian affiliates and could not be responsible for their actions.

Factors considered in deciding whether DT USA and GT USA had vicarious liability in this

case included:

a. Agency relationship: Whether the Italian affiliate was acting as an agent for the U. S.

principal firm which actually had control over the Italian affiliate.

b. Alter ego: Whether the Italian firms were essentially the same as the U. S. affiliates

and an instrument of the U. S. affiliates, or


286

c. Partnership or joint venture: Whether both firms were acting like a partnership or joint

venture in terms of profit sharing, mutual control, and holding themselves out as a

partnership.

Agency relationship:

In general, in order for there to be a principal-agent relationship, there must be several

elements that include:

a. An understanding that the agent acts on behalf of the principal.

b. The agent’s acceptance of the undertaking, and,

c. An understanding that the principal is in control of the undertaking.

The key factor is control and whether the principal has control over the actions of the agent.

The court held that there was an agency relationship between DT USA and DT Italy, and

between GT USA and GT Italy. Evidence supporting the court’s finding included that DT

USA demonstrated that it controlled DT Italy in several instances:

a. When it removed an auditor from the Parmalat audit in Brazil when there was a

disagreement between that auditor and an DT Italy auditor over the transfer of inter-

entity debt.

b. There was managerial overlap with several top executives of DT Italy also executives of

DT USA.

GT USA demonstrated control over GT Italy when it had disciplined partners at GT Italy and

ultimately expelled GT Italy from the GT alliance.

Alter-ego:

The concept of alter-ego is that one entity is operating as an extension of the other and that the

form (two legal entities) is really that of one firm. It implies that one entity has been so

dominated by the other that the second entity should be disregarded altogether as it is

transacting business on behalf of the dominator’s business and not its own.

The criteria for “piercing the corporate veil” are consistent with those used to support that an

alter-ego exists. Factors used to argue that one entity is merely the alter ego of the other

include:

Failure to adhere to corporation or other formalities

Intermingling of funds

Overlap of ownership, staff and directorship

Common use of office space


287

Whether the dealings between the entities were arms length

Whether the entities are treated as separate profit centers

The Court held that DT Italy and GT Italy were not alter egos of DT USA and GT USA as the

factors did not support such a conclusion. In general, the Italian affiliates did operate

independently from the U.S. affiliates in terms of having their own staffing and office space.

Moreover, each of the Italian affiliates was appropriately capitalized and followed formalities

of independence.

The Court also noted that the relative size of GT USA versus GT Italy should not be a factor in

determining whether GT Italy was the alter ego of GT USA.

Partnership-joint venture:

Typically, in order for there to be a claim that a partnership or joint venture exists among

entities, several factors must be present:

a. There must be a sharing of profits and losses

b. Joint control and/or management of the business

c. Contributions of property, knowledge or other resources by each party

d. The intention to be partners.

Emphasis is placed on the first two factors:

the sharing of profits and losses, and

some sort of control by the parties.

The definition of control is “the power to direct or cause the direction of the management and

policies of a person, whether through the ownership of voting securities, by contract, or

otherwise.”65

The court held that DT USA and GT USA did not have a joint venture or partnership with DT

Italy and GT Italy, respectively. Although there was some sharing of profits and losses

between DT USA and DT Italy, there was no mutual control.

What conclusions can be reached about vicarious liability among alliance firms?

Firms need to be very careful how they conduct business among themselves to ensure they

operate separate of each other.

Key points to remember in a firm alliance:

65

As cited in the Parmalat case: First Jersey Sec. Inc. 101 F. 3d at 1472-73.


288

1. Firms should be careful not to exert control over each other. A member of an alliance that

dominates others may be liable for liabilities of the other firms in that alliance.

2. Firms that share profits within an alliance risk being considered a joint-venture or

partnership under which all members are jointly and severely liable.

3. Appearance is everything. Firms should consider how they hold themselves out to third

parties.

4. Firms within an alliance should minimize overlapping management.

Does the mere use of a common trade name or logo or joint marketing program expose

firms within an alliance to vicarious liability?

No. In the Parmalat case, the court was quite clear that the mere use of a joint-logo was not, in

and of itself, sufficient to assign vicarious liability. Common marketing campaigns will not

result in liability. Although in the Parmalat case, there was no suggestion that appearance of

how the firms conducted themselves to the public was an important factor. The fact that the

firms used the terms “global” and “worldwide” was no more relative to the outcome of the

case, than the appearance of disclaimers placed on web sites and other marketing literature

stating that there was no affiliation. Nevertheless, it would seem prudent for firms to avoid

using any language that would suggest that the firm members are partners.

XXIX. Advising Clients on Insurance- Auditor’s Responsibility

After several years of continued increase in insurance rates, rates in 2011 into 2012 have been

stable due to the fact that these years were relatively quiet years for natural disasters.

Nevertheless, insurance costs are not coming down and represent a significant cost to all

businesses. One major hurricane or terrorist attack will turn rates upward making it difficult for

companies to manage the cost of insurance and its related risk.

Here are the facts that have been published in the financial press and in insurance industry

studies:

1. Ten years later, insurers and reinsurers continue to amortize the losses related to the

September 11 terrorist acts, as well as losses from Hurricane Katrina and other natural

disasters.

2. Insurers are still experiencing losses due to a decline in investment income from the stock

market.


289

3. Insurance companies are still experiencing the results of a decade of pricing wars during

which the average insurer was paying out more than 100 percent of premiums received.

4. Insurance carriers exclude terrorism coverage from their base coverage.

a. A poll conducted by Lloyd’s of London shows:

66% of CFOs in the United States believe their companies’ domestic assets are

more of a target than their assets overseas.

64% of CFOs have little or no confidence in the insurance industry’s ability to

offer a comprehensive package to protect against future terrorist attacks.

Having adequate business interruption insurance appears to be the primary focus

among companies in dealing with future terrorist acts.

Why should the auditor care about increasing insurance costs?

Because of the sizeable increases in insurance rates, some companies are either cutting

insurance coverage or self-insuring for certain aspects of insurance coverage. These changes

place companies at greater risk that a calamity could adversely affect their business and, in

some cases, result in their demise.

But, is an auditor responsible for the adequacy of a client’s insurance coverage?

The answer is no. An auditor has no responsibility to assess the adequacy of a company’s

insurance coverage unless substandard coverage is a symptom of a reportable condition in

internal control. That is, a company has a weakness in its internal control by not properly

assessing the adequacy of its insurance coverage.

Does the auditor have any responsibility to review a client’s insurance coverage?

There is no formal requirement that an auditor or accountant assess the adequacy of insurance

of a company. In fact, there is no disclosure required for companies that self-insure.

ASC 450, Contingencies (formerly FASB No. 5), references this issue:

“The absence of insurance does not mean that an asset has been impaired or a

liability has been incurred at the date of the enterprise’s financial statements. Fires,

explosions, and other similar events that may cause loss or damage of an

enterprise’s property are random in their occurrence… An enterprise may choose

not to purchase insurance against risk of loss that may result from injury to others,

damage to the property of others, or interruption of its business operations.

Exposure to risks of those types constitutes an existing condition involving

uncertainty about the amount and timing of any losses that may occur, in which case


290

a contingency exists. Mere exposure to risks … does not mean that an asset has been

impaired or a liability has been incurred.”

ASC 450 indicates that un-insured or under-insured property represents a contingency. Under

ASC 450, a loss contingency is accrued only when it is probable that the loss will be incurred

and the amount of loss can be reasonably estimated. A loss contingency is disclosed, but not

accrued, if it is reasonably possible that the loss will be incurred. Where it is remote that the

loss will be incurred, no loss is disclosed or accrued except for a few exceptions, none of

which includes insurance contingencies.

The fact that a company is underinsured or uninsured represents a contingency that is remote in

likelihood of occurrence and not required to be disclosed.

Thus, an auditor has no responsibility to consider the adequacy of the insurance because there

is no GAAP-related disclosure of liability applicable to the under or un-insurance. However,

an auditor can review the insurance outside the scope of the audit as part of a consulting

engagement.

XXX. Auditing Lease Agreements

Over the past few years, tenants started to evaluate the costs of their real estate leases. That

trend has continued as a growing number of tenants are hiring firms to conduct lease audits.

The focus of such audits is to compute the accuracy of common area maintenance (CAM)

charges allocated to tenants. More tenants are including a provision in their leases that gives

them the right to conduct such audits. In high demand markets, such as Boston and New York

where lease prices are high even in a soft economic climate, unreasonable CAM charges can

drive the effective rent cost to unreasonable levels. One particular problem is where there are

fewer tenants and landlords attempt to allocate fixed CAM charges over the remainder tenants,

resulting in higher CAM charges per tenant.

According to one article,66

Real Estate Resource Group LLC in Washington DC has about

2,260 lease audits nationwide, which is nearly double what it had a few years earlier. Equis

Corp., a Chicago real-estate services firm has done about 40% more audits now than it did a

few years ago. The Big Four also are conducting these audits. Yet, most smaller and middle-

sized CPA firms are not aggressively performing these audits.

Some key observations about these audits include the following:

1. For most companies, rent expense is the second largest expense after payroll.

66

Wall Street Journal: Office Tenants Are Auditing Books of Landlords to Find Overcharges


291

2. Common problems found in such leases include:

Landlords with significant vacancies are trying to pass on the entire CAM charges to a

smaller number of tenants occupying the building.

Landlords who charge tenants an estimate of CAM charges are sending improper actual

settlements after year end.

Landlords are passing along the entire cost of new equipment in one year.

Landlords are charging tenants for capital improvements that should not be charged at

all such as elevators and energy-efficient systems.

CAM charges are increasing because of security costs required for the building.

Landlords with multiple properties are erroneously allocating insurance costs (including

umbrella policy costs) among properties.

Landlords are charging arbitrarily high management fees to manage the building.

Landlords are not passing along the credit from real estate tax abatements to tenants.

Landlords are misallocating CAM charges among tenants and, in some cases, are

charging total CAM charges aggregating more than 100 percent.

What’s wrong with the following language found in a commercial triple-net lease?


292

Commercial Lease Excerpt

Extended Term Common Area Maintenance Charges. Throughout the Lease Term, Tenant shall pay to

Landlord, as Additional Rent, Tenant’s pro rata share of the Common Area Maintenance Charges (hereafter,

“CAM Charges”) (as hereafter defined). CAM Charges shall be paid in equal monthly installments in the

same manner as Base Rent within seven (7) days after receipt of Landlord’s bill thereof.

Notwithstanding the preceding sentence, if requested by Landlord, Tenant shall make estimated payments of

CAM Charges as hereinafter provided. If Landlord is to require estimated payments of CAM Charges during

any year of the Extended Term, Landlord shall provide Tenant with a good faith estimate of Tenant’s pro-

rata share of total annual CAM Charges for each calendar year and/or fiscal year during the Extended Term.

After receipt of such estimate, commencing with the next date upon which the payment of Base Rent is due

under this Lease, Tenant shall pay to Landlord a monthly installment equal to one-twelfth (1/12) of Tenant’s

pro-rata share of total annual CAM Charges as estimated by Landlord. Landlord may reasonably adjust the

amount of such installments from time to time by written notice to Tenant.

If Landlord requires estimated payments of CAM Charges as provided herein, after year end Landlord shall

furnish Tenant with a statement of the actual amount of Tenant’s pro rata share of CAM Charges for the

Building for the prior calendar year. (1) If the estimated amount of Tenant’s CAM Charges for the prior

calendar year is more than the actual amount of Tenant’s CAM Charges for the prior calendar year, Landlord

shall refund any overpayment to Tenant. If the estimated amount of Tenant’s CAM Charges for the prior

calendar year is less than the actual amount of CAM Charges for such prior calendar year, Tenant shall pay

Landlord, within thirty (30) days after its receipt of the statement, any underpayment for the prior calendar

year.

For the purposes hereof, Tenant’s pro rata share of CAM charges shall be equal to greater of a) 11.42%, or b)

the ratio of 8,550 square feet to the total amount of interior space actually leased (based on Exhibit A),

calculated on a weighted-average basis on an annual basis. (2)

The terms “Common Area Maintenance Charges” and “CAM Charges” as used in this Lease shall mean all

costs incurred by Landlord in the operation, repair, replacement, maintenance, management, and monitoring

of the Building, including, but not limited to the following: (a) the cost of all utilities, including, but not

limited to, electricity, heat, gas, water, and sewerage; (b) the cost of the Landlord's insurance applicable to

the Building, and its occupancy or operations, including a pro-rata share of the cost of an umbrella liability

policy (3) (c) the percentage of those wages and salaries of all persons directly or indirectly engaged in the

operation, repair, replacement, maintenance and monitoring of the Building, including, if applicable, social

security taxes, unemployment taxes, hospitalization insurance and other normal employee benefits relating

thereto as are paid to or on behalf of such persons for their work applicable to the operation, repair,

replacement, maintenance, management, administration and/or monitoring of the Building; (4) (d) the cost of

all supplies and materials used in the operation, maintenance, repair, administration and monitoring of the

Building; (e) the cost of all contract labor, maintenance and service agreements relating to the operation,

maintenance, repair and monitoring of the Building; (f) management fees and the cost of management

contracts relating to the Building (5) (g) real estate taxes and any other charges assessed against the Building

or the land on which it is situated (6) (h) personal property taxes, if any, assessed with respect to equipment

and other property used solely in connection with the operation, repair, replacement, maintenance,

management, and monitoring of the Building; (i) capital expenditures (7) and (j) license, permit, and

inspection fees applicable to the Building in general.


293

Comments on the above language:

An accountant or auditor can assist a client with reviewing the above lease and possibly

auditing it.

Provisions in the above lease that should not have been included, from the tenant’s

perspective, are numbered as follows:

1. There should be a provision giving the tenant the right to audit the CAM charges.

2. The ratio of CAM charges should be based on the ratio of 8,550 square feet (leased

space) to the total available interior square feet regardless of whether it is rented. By

including language “total amount of interior space actually leased,” the tenant pays for

a pro rata share of CAM charges for space that is vacant.

3. The insurance should not include a pro rata share of umbrella policy insurance as this is

an indirect cost.

4. The labor portion of CAM charges should be limited to only those persons “directly”

involved in the management and maintenance of the property, and should exclude

indirect persons and persons involved in administration. Otherwise, this provision

permits the landlord to charge a portion of indirect G&A costs related to accounting and

bookkeeping functions to the tenants. Similarly, supplies should be limited to direct

supplies, and should not include supplies related to administration.

5. The management fees clause is open-ended and permits the landlord to charge itself

higher management fees than are reimbursed through CAM charges. The lease should

state that management fees are either fixed or based on a measurable amount (e.g., 5%

of gross collected rental income). Alternatively, reference can be made that all

management fees must be at market value.

6. Real estate taxes should be net of abatements. Further, there should be a requirement

that the landlord file for an abatement annually.

7. CAM charges should not include the total cost of capital expenditures. Instead, these

charges should be amortized into CAM charges over a period of time such as the

depreciable or other life.

How can accountants assist their clients with leases?

1. Accountants have a great opportunity to offer a lease audit service to their clients.

The service can be either in the form of auditing one financial statement element (rent

expense), or performing an agreed-upon procedures engagement.


294

2. Accountants can assist clients in negotiating or renegotiating their leases.

Key provisions to include in leases include:

Defining the type of capital improvements that are charged to tenants.

Requiring CAM charges to include the amortization of qualifying improvements over a

certain minimum period of time, not in one year.

Capping the total CAM charges that can be charged to the tenant.

Limiting the allocation of CAM charges based only on costs related to space rented.

Fixing the amount of management fees that can be charged in CAM charges.

XXXI. Practice Issues Relating to Auditing

A. Engagement Letter:

Question: Must an engagement letter be obtained for an audit?

Response: SAS No. 108, Planning and Supervision, requires that an understanding of the

nature and terms of the engagement with the client be in writing. Thus, an engagement letter

is required.

Prior to the issuance of SAS No. 108, its predecessor, SAS No. 83 permitted the understanding

to be achieved verbally or in writing. SAS No. 108 eliminated the option of obtaining the

understanding verbally and now requires it to be in writing.

Question: Must an engagement letter be signed by the client?

Response: No. SAS No. 108 requires the understanding to be in writing, but does not

require that it be signed by the client. Therefore, an accountant could send a client a one-way

written communication, summarizing the terms of the agreement, and not require that the

client sign that communication. Obviously, one-way communication is risky because

subsequently to the engagement being performed, the client could disavow that he or she

agreed with the terms of the letter.

B. Inventories:

Facts: A company's year end is December 31. The company has always taken one physical

inventory per year on September 30. At year end, the inventory is adjusted using an estimated


295

gross profit. Perpetual inventory records are maintained. Joe CPA observes the physical

inventory on September 30 and tests the valuation at December 31 calculated on the gross

profit method.

Question: May the auditor rely on his interim observation as adequate evidence for supporting

the year end inventory valuation?

Response: SAS No. 1, Receivables and Inventories, states:

“When the well-kept perpetual inventory records are checked by the client

periodically by comparisons with physical counts, the auditor's observation

procedures usually can be performed either during or after the end of the period

under audit......It will always be necessary for the auditor to make, or observe, some

physical counts of the inventory and apply appropriate test of intervening

transactions.”

Therefore, it would appear that the above auditing procedures would be adequate.

C. Confirmation Procedures:

Question: Historically, auditors have had difficulty obtaining confirmation replies from large

corporations and government organizations. What audit procedures should be used in this

situation?

Response: In this situation, the auditor has no choice but to perform alternative auditing

procedures including, but not limited to:

Examination of invoices included in the aging

Collection of the receivable balances (realization test)

Test of sales cutoff

Analytical procedures

Confirmation of bank loans/capital lease obligations:

Question: It is often difficult for banks to confirm loan balances. This includes the balance on

a capitalized lease obligation. What alternative procedures should be performed?

Response: While the debtor may not be able to calculate the loan or obligation balance, there

are details that the debtor may confirm from which the auditor can adapt. For example, a bank

can confirm the original loan balance and terms. From this, the auditor can "roll forward" the

balance from the previous year's balance. This would be deemed an acceptable auditing

procedure.

Using postage-paid return envelopes:


296

Question: Does GAAS require that an auditor use postage-paid return envelopes for positive

confirmations?

Response: No. GAAS does not require the use of return envelopes; however, in practice, most

auditors use return envelopes to facilitate responses.

D. Auditing Cash:

Question: Most major banks will not confirm cash balances using the standard bank

confirmation. What options does an auditor have in verifying the cash balance from the third

party bank?

Response: Assuming cash is material, an auditor can use alternative procedures to confirm the

cash balance.

One is for the auditor to request that the client give the auditor the end of year bank statement

directly unopened. The auditor can make a copy of the statement and give the statement back

to the client to complete the year-end bank reconciliation. Some commentators believe that

receiving the bank statement from the client is subject to client manipulation of the bank

statement before it is given to the auditor. The reality is that if the client opens the bank

statement before handing the statement to the auditor, the auditor will know that the glued seal

on the envelope has been broken.

A second option is for the auditor to ask the client to pull up the electronic bank statement on

line at the bank’s web site in the presence of the auditor. At that point, the auditor can inspect

the electronic bank statement on line, and print out a copy of the bank statement and any

canceled checks directly from the bank’s web site.

Question: How important is it to ask for cutoff bank statements at year-end in order to clear all

items in the client's year-end bank reconciliation?

Response: In general, most banks will not send cutoff statements and, if they do, the timing

of receipt of the statement may be too late relative to the timing of the audit engagement.

An alternative to receiving a cutoff statement is to ask the client to deliver the next bank

statement after year end to the auditor unopened. For example, if an audit is conducted as of

December 31, instead of asking for a cutoff statement as of January 15, the auditor should wait

and receive the January 31 bank statement directly from the client unopened. How does the

auditor know that the client did not open the statement? It is quite obvious. With most bank

statements, once the statement is opened, the envelope flap is altered because of the strong glue

that is used to secure the seal.

Another option is for the auditor to ask the client to go on-line and look up the bank account

directly on the bank’s web site. At that time, the auditor can review checks clearing after year

end.


297

Question: What alternative procedures might an auditor use to verify endorsements on checks

when the client’s bank does not return canceled checks with the bank statements?

Response: Verifying endorsements on the back of canceled checks is not a required auditing

procedure. Yet, an auditor may decide that this procedure is necessary given his or her

assessment of inherent and control risk. As a general rule, if the auditor is simply testing a

bank reconciliation, the need to verify endorsements on the back of canceled checks is usually

not required and beyond the scope of the audit objective. If, however, the auditor seeks the

endorsements as a part of a compliance test to reduce control risk or other audit procedure, the

auditor can apply the following additional procedures:

a) Ask the client to go directly the bank’s web site and pull up the electronic version of the

bank account. From there, the auditor can select canceled checks and inspect the

endorsement on the bank of those selected checks.

b) Select the checks and order copies of those canceled checks directly from the bank.

Note: You should expect that the bank will charge the client a fee for sending or

photocopying the checks. Further, it is likely that the bank will take 30 to 60 days to send

copies of the checks. This time delay should be factored in when planning the audit.

Observation: With the use of on-line banking, the need for an auditor to confirm bank account

balances and obtain cut-off bank statements is passé. The author believes the most effective

approach for an auditor (and one that saves administrative time) is for the auditor to ask the

client to go on-line and open the bank account and allow the auditor to inspect the bank

statement(s), canceled checks and other transactions. One key point to consider is that most

banks retain only 18 months of bank statements on line. That means that it is critical that the

auditor make sure that he or she is within the 18-month window to retrieve on-line electronic

bank statements. For most audits that are performed within three or four months of year end,

the auditor could be required to go back a total of 15 to 16 months (12 months plus three or

four months after year end), so that there should be no problem obtaining all on-line electronic

bank statements.

However, if the audit engagement is delayed for whatever reason, the auditor may wish to

perform the on-line banking procedures early in the auditor or risk that the 18-month window

for reviewing bank statements on-line is not closed.

E. Auditing Cash Basis Financial Statements:

Facts: An auditor is auditing the financial statements of a company that reports on the cash

basis of accounting. The Company has material balances in its trade receivables or payables,

both of which are not presented on the cash basis balance sheet.


298

Question: Does GAAS apply? What auditing procedures should the auditor conduct with

respect to the receivables and payables?

Response: GAAS applies to GAAP statements as well as those statements prepared on an

other comprehensive basis of accounting (OCBOA statements) such as cash basis financial

statements. Because the receivables and payables are not presented on the balance sheet,

confirmation or the conducting of other substantive tests is not required. With respect to the

completeness of revenue and expenses, they can be tested via cash receipts and disbursements.

Therefore, again, no substantive tests are needed with respect to receivables and payables. The

exception may be where the auditor believes that confirmation is needed for the auditor to

comply with SAS No. 99, Consideration of Fraud in a Financial Statement Audit, whereby the

auditor establishes control risk at maximum and he/she is concerned about the possibility of

fraud.

F. Legal Letters:

Facts: As part of her audit, Mary Auditor, CPA examines legal and accounting expense. She

notices several invoices were paid as follows:

Billy Slime, Esq. Legal work-uncollected accounts receivable

Johnny Plaid, Esq. Patent work

Dewey, Charge and Howe Estate planning work in connection with revision of

Attorneys at Law shareholder stock redemption agreements

Robert Arsenalt, Esq. Legal fee in connection with bail out of owner's son

from drug dealing and car theft

Mary asks the client to prepare four legal letters for the above. The client's controller, Bill

Salami doesn't want to send out the letters because each lawyer charges $300 for a reply. He

further states that there are no unasserted claims and assessments against the company.

Question: Should Mary send out legal letters to comply with GAAS?

Response: Probably not. Lawyers generally charge for the time spent on responding to legal

letters. This practice has brought to the forefront the issue of when an auditor must obtain

legal letters to comply with SAS No. 12, Inquiry of a Client's Lawyer Concerning Litigation,

Claims, and Assessments67

, and when, such responses are meaningful.

SAS No. 12 requires that a letter of inquiry be sent only to those attorneys with whom it is

apparent management consulted regarding litigation, claims, and assessments. The initial

evidence for this is obtained from inquiry of management and by reviewing invoices and files

(e.g., analyzing legal expense). Only upon obtaining initial evidence of possible litigation,

claims or assessments should the auditor request that management send a legal letter to those

67

Effective December 31, 2012, SAS No. 12 is replaced with AU-C 501, Audit Evidence- Specific Considerations for

Selected Items.


299

attorneys involved. If a legal letter is not sent, it may be prudent for the auditor to include

language in the management representation letter stating that no attorney was consulted with

regard to litigation, claims and assessments.

Example of language to include in management's representation letter:

"We are not aware of any pending or threatened litigation, claims, or assessments or

unasserted claims or assessments that are required to be accrued or disclosed in the

financial statements in accordance with ASC Topic 450, Contingencies (formerly

FASB No. 5), and we have not consulted a lawyer concerning litigation, claims,

or assessments."

G. Unusual Reporting Issues:

Question: If an auditor is engaged to conduct a review, is he or she permitted to perform

selected auditing procedures and still issue a review report?

Response: Yes. Performing certain audit procedures, such as confirmation of receivables or

observation of inventory, may be requested by clients in connection with a review engagement.

The accountant must still issue a review report because audit level assurance has not been

obtained on the financial statements taken as a whole.

In addition, when an accountant, in connection with a compilation or review engagement, plans

to perform procedures that are customarily applied during an audit, he or she may wish to place

additional importance on whether a written engagement letter should be obtained from the

client. (See Interpretation No. 3 of SSARS No. 19, Compilation and Review of Financial

Statements for further guidance.)

Furthermore, in using confirmation requests or other communications in a review engagement,

the accountant should not use phrases such as "part of an audit of the financial statements."

Instead, recommended language might look like this:

As part of our review (compilation) of the financial statements of XYZ Corporation

for the year ended December 31, 20XX, we request that you confirm the following

information.......

Question: What are the procedural and reporting considerations in an audit engagement when

the auditor does not have the appropriate level of assurance on the opening financial statement

balances? An example is where an auditor audits financial statements covering a period in

which he or she did not observe the opening physical inventories.

Response: Although the auditor may not have observed the beginning inventory or audited

other accounts, he or she may, nevertheless, be able to become satisfied as to such prior

balances by applying alternative procedures such as testing prior transactions, review of the


300

records of prior counts, application of gross profit tests, etc. If comfort can be obtained, the

auditor can issue an unqualified opinion on all financial statements for that period.

If, however, the auditor cannot obtain comfort on the opening balances by applying alternative

procedures, the auditor may do the following:

Option 1: Perform a balance sheet only audit for the current year, or

Option 2: Express an unqualified opinion on the current balance sheet, and a qualified

opinion or disclaimer on the other financial statements (e.g., income statement, cash flow

statement, statement of equity).

Note: Effective December 31, 2012, the term “unqualified opinion” is replaced with the term

“unmodified opinion.”

Question: May an auditor audit the balance sheet and review the income statement, statement

of cash flows, and statement of retained earnings?

Response: There is no specific literature that prevents an auditor from doing this. AU sec.

508.05 permits an auditor to express an opinion on one financial statement and express a

qualified, adverse or disclaimer opinion on other statement(s) if the circumstances warrant.

Further, this section does not specifically permit or prohibit the audit of one statement and the

review or compilation of the other(s).

This situation could be somewhat effective where an auditor has a scope limitation relating to

the opening balances. Instead of issuing a qualified or disclaimer opinion on the statements of

income, cash flow and retained earnings, the auditor may wish to issue a review report to

provide the client with some level of assurance. However, the auditor must be careful that the

third party user and client are not confused about the two levels of service.

XXXII. Reaudit Engagements

There have been an increasing number of requests for reaudits (audits of financial statements

previously audited by another auditor). What is the impact of this trend on the applicability of

SAS No. 84, Communications Between Predecessor and Successor Auditors68

?

In a reaudit, the guidance of SAS No. 84 should be followed:

1. The successor auditor should inform the predecessor auditor that he or she has been

engaged to perform a reaudit.

68

Effective December 31, 2012, SAS No. 84 is replaced by AU-C 510, Opening Balances-Initial Audit Engagements,

Including Reaudit Engagements.


301

2. The successor auditor may request access to the predecessor's working papers however,

the predecessor should consider the risk associated with future litigation.

3. The successor auditor should not assume responsibility for the work of the predecessor

auditor or issue a report that divides responsibility for the audit.

4. The successor auditor should plan and perform the reaudit in accordance with GAAS.

XXXIII. Effectively Using Dual Dating of Reports

In many instances, the auditor may have completed all field work except for information

relating to a subsequent event. In this case, the auditor should consider dual-dating his or her

report in accordance with AU Section 530, Dating of the Independent Auditor's Report.

There are two types of subsequent events to which dual-dating may be appropriate:

a. Events subsequent to year-end that provide additional evidence concerning conditions

that existed at year-end. An adjustment may be required at year-end.

Example: An auditor awaits the receipt of a waiver of a debt covenant violation. The

auditor would date his or her report as of date of completion of the audit except for a

dual-dating with respect to the subsequent event (covenant violation waiver).

Example: A large receivable outstanding at year-end is potentially uncollectible. The

auditor waits until the client receives payment prior to issuance of the financial

statements.

b. Events subsequent to year-end that did not exist at year-end. There may be a required

disclosure, but no adjustment.

Example: Sale or purchase of business after year-end but before issuance of the financial

statements and report thereon. (A disclosure is required.)

Assume the report date is February 23, 20X1, which is the date on which the auditor

obtained sufficient appropriate audit evidence to support the audit opinion.

Example of dating:

February 23, 20X1 except for Note 4, as to which the date is March 17, 20X1


302

As an alternative, the auditor can use the later date (March 17, 20X1) for his or her report.

However, the auditor will be responsible for potential subsequent events relating to the entire

set of financial statements up to March 17, 20X1, rather than February 23, 20X1.

Further, dual-dating does not apply in the case where an auditor has obtained sufficient audit

evidence except for one particular procedure. This is not deemed to be a subsequent event to

which dual-dating is appropriate.

Example: An auditor obtains all of her audit evidence on March 3 except she is waiting for a

securities confirmation that isn't received until April 17. Dual-dating is not appropriate and

therefore, the auditor should date her report as of April 17.

XXXIV. Changing Auditors

In cases where there is a change in auditors, the auditors find themselves either as predecessor

or successor auditors and must follow the guidance found in SAS No. 84, Communications

Between Predecessor and Successor Auditors. The SAS defines the terms predecessor and

successor auditors.

A predecessor auditor is one who has reported on the most recent audited (not reviewed or

compiled) financial statements or was engaged to perform but did not complete the assignment,

and has either resigned, declined to stand for reappointment, or been notified that his or her

services have been, or may be, terminated.

A successor auditor is defined as an auditor who is considering accepting an engagement to

audit (not review or compile) financial statements, but has not yet communicated with the

predecessor auditor.

SAS No. 84 requires the successor to make specific and reasonable inquiries of the predecessor

auditor regarding matters that will assist the successor in deciding whether he or she can accept

the engagement. In particular, SAS No. 84 requires that the following matters be included in

the inquiry:

1. Information that might bear on management’s integrity.

2. Whether there was any disagreements with management as to accounting principles,

auditing procedures, or other similarly significant matters.

3. Communications to audit committees or others with equivalent authority and

responsibility regarding fraud; illegal acts by clients, and internal control matters.

4. The reasons why there is a change in auditors.


303

The predecessor must respond promptly and fully to the successor’s inquiries. The successor

should consider the effect of a limited response by the predecessor on whether he or she will

accept the engagement.

The predecessor should also permit the successor to review his or her working papers.

However, the SAS provides wide discretion to the predecessor in deciding which working

papers to provide to the successor. At a minimum, the predecessor should permit the successor

to review working papers relating to documentation of planning, internal control, audit results,

and other matters of continuing accounting and auditing significance such as balance sheet

accounts, and contingencies. Further, the term “access” does not necessarily mean copies, and

may be limited to permitting the successor to review the papers without leaving with copies.

There is nothing in SAS No. 84 that precludes the predecessor from charging the successor

auditor for his or her time in gathering information for the successor.

SAS No. 84 also provides an illustrative client consent and acknowledgement letter which the

client should sign authorizing the predecessor to communicate with the successor. It is the

responsibility of the successor, not the predecessor to obtain the letter from the client.

XXXV. Study on Public Perception of Accountants in Jury Trials

A Gallup Poll concluded that the image of the accounting profession has improved back to its

pre-Enron level.

Specifically, 45 percent of those polled had a positive image of the accounting profession as

compared with only 31 percent right after Enron surfaced in 2002, and a pre-Enron high of 47

percent.

Regardless of how the public perceives the accounting profession as a whole, a recent study

suggests that there continues to be a significant disconnect between the perceived

responsibility accountants have to their clients and third parties, and their actual

responsibilities.

Camico Mutual Insurance Co. published a report entitled, Public Perceptions in a “Post

Enron” World, based on a survey of the American public. The purpose of the survey was to

investigate potential juror attitudes towards accountants and whether those attitudes have been

negatively affected by the recent corporate scandals, including Enron. The survey was

performed by Dynamics Incorporated, a trial consulting firm, and was based on surveys of

random respondents from the general public in Atlanta, Los Angeles, Miami, New Orleans,

New York, and Seattle.

General conclusions reached from the survey include:


304

In the post-Enron environment, 78% of those surveyed believe the things they hear in the news

about corporate wrongdoing.

1. 61% of respondents believe that accountants are responsible for making sure their

clients stay honest.

2. 42% of respondents state that they blame external accountants for the legal and/or

ethical problems facing Corporate America today.

3. Only 13% of respondents believe that accountants have become more ethical in the past

five years.

4. 62% of respondents think that a professional accounting firm would look the other way

if a client violated the law in order to maintain its relationship with the client.

5. 71% of respondents believe that if an accountant is hired by a company to review

financial statements, but not retained to do an audit, they would expect the accountant to

uncover fraud.

6. 67% believe a professional accounting firm that does not catch a company’s fraud

should pay a severe penalty.

Although the survey is based on the public’s perception of auditors, the conclusions reached

apply to all accountants including those engaged in compilation and review engagements.

Simply put, there continues to be evidence that the public does not differentiate between the

accountant’s responsibility related to an audit, review and a compilation engagement.

Following are excerpts from the survey:

How closely, if at all, have you followed the news about corporate

scandals or wrongdoing?

Very closely 35%

Follow it, but not closely 28%

Sometimes follow it 24%

Rarely follow it 7%

Did not follow it at all 6%

Have you ever felt that you were misled about the financial

health of a company?

Yes 37%

No 63%

Which type of crime poses a greater threat to society, street

crime or white collar crime?

Street crime 49%

White collar crime 51%


305

Do you tend to believe the things you hear in the news about

corporate wrongdoing?

Pre

Enron

Post

Enron

Yes 46% 78%

No 54% 22%

Who, if anyone, do you blame for the legal and/or ethical problems

facing Corporate America today?

CEO 70%

Corporate senior executives 68%

CFO 62%

Inside lawyers 58%

Board of directors 55%

Inside accountants 53%

External accountants 42%

External lawyers 40%

External consultants 34%

Do you think accountants have become less ethical, more ethical, or

stayed the same in the past five years?

Less ethical 38%

More ethical 13%

Stayed the same 49%

Over the last few years, has your opinion of accounting firms that

audit corporations changed?

Yes 52%

No 48%

I do not trust accountants:

Strongly agree 8%

Somewhat agree 13%

Neutral 22%

Somewhat disagree 24%

Strongly disagree 33%

Do you think that a professional accounting firm would look the other

way if a client violated the law in order to maintain its relationship with

the client?

Yes 62%

No 38%


306

Compared to accountants who work for large national accounting firms, do

you think that accountants in small firms are less honest, more honest or

about the same in terms of honesty?

About the same 55%

More honest 39%

Less honest 6%

A company is ultimately responsible for its financial statements, not the

accountant who audits the company:

Strongly agree 59%

Somewhat agree 20%

Neutral 9%



Accountants should know laws that relate to financial matters:

Strongly agree 22%

Somewhat agree 67%

Neutral 7%



Accountants are responsible for making sure that companies stay honest:

Pre

Enron

Post

Enron

Agree 34% 61%

Neither 25% 10%

Disagree 39% 29%

If an accountant is hired by a company to review financial statements, but

not retained to do an audit, would you expect the accountant to uncover

fraud?

Pre

Enron

Post

Enron

Yes 40% 71%

No 60% 29%

Quality of work of small firms (when compared with the work of large

firms):

Pre

Enron

Post

Enron

Higher 16% 36%

Same 46% 55%

Lower 38% 9%


307

An auditor who works closely with a company’s financial statements should easily

detect any fraud:

Strongly agree 45%

Somewhat agree 29%

Neutral 10%



A professional accounting firm that does not catch a company’s fraud should pay a

severe penalty:

Strongly agree 42%

Somewhat agree 25%

Neutral 12%



While some accountants have done bad things, the entire accounting profession

should not be condemned:

Strongly agree 65%

Somewhat agree 20%

Neutral 5%

Somewhat disagree

Strongly disagree

4%

6%

Source: Camico Mutual Insurance Company

Moreover, the Audit Risk Alert published the results of audit malpractice claims compiled by

CPA firms insured with Continental Casualty Company’s AICPA insurance program.

Following are some of the statistics published:

1. Only 5% of all audit claims involve revenue fraud.

2. Audit services represent 16 percent of total revenues of CPA firms covered by the

AICPA insurance program and 16 percent of total claims volume.

3. Audit claims occur less frequently than tax practice claims, but audit claims involve

much higher costs.

4. Claims related to public company audits represent only 5% of total claims while such

claims tend to be very severe (high cost).

5. Claims related to nonpublic company audits represent 11% of total claims.

6. Audit claims involving nonpublic entities are broken down as follows:


308

Technical standards violations:

Improper inventory valuation 32%

Inadequate testing and verification of receivables including

accepting management representations regarding the

collectibility, and maintaining an inadequate allowance for

doubtful accounts

21%

All other technical standards violations

10%

Failure to detect defalcations

20%

Missing disclosures including those related to related parties and

derivatives

13%

Other

4%

100%

8. Engagement letters are issued in 85% of audit engagements, which is higher than other

areas of practice.

9. In 35% of all cases involving defalcation, the amount stolen was material to the



309

REVIEW QUESTIONS









1. According to the AICPA’s Private Companies Practice Section (PCPS) of the Top Ten

CPA Firm Issues published, which continues to be the biggest challenge for the accounting

profession:

a. Finding, hiring and retaining staff

b. Work/life balance

c. Keeping up with technology

d. Client collections

2. Which of the following suggestions does the author provide to decrease audit time:

a. Increase audit work in high-risk areas

b. Replace analytical procedures with tests of account balances in low risk audit areas

c. Set high materiality thresholds

d. Use “canned” programs

3. To save time when auditing the accounts payable, which of the following procedures is

recommended by the author?

a. Do not request cut-off statements

b. Eliminate confirmation of trade payables

c. Performance of confirmation of receivables at interim to compare with payables

d. Performance of physical observation at interim to assist with payables

4. Under SAS No. 67, when should confirmations be used with respect to accounts receivable:

a. In all cases even if alternative substantive tests would be adequate to reduce audit risk

b. When audit risk is assessed very low

c. When the balance is immaterial

d. When the auditor believes that the recipients will reply

5. What factor might make an auditor question a company’s ability to continue as a going

concern:

a. Compliance with statutory capital requirements

b. Continued operating losses coupled with increasing revenues

c. New loans


310

d. Unusually liberal credit terms to customers

6. From the tenant’s perspective, which of the following provisions should be included in a

lease agreement?

a. A provision allowing the tenant the right to audit CAM charges

b. A provision including a pro rata share of the cost of an umbrella policy insurance

c. A provision including persons involved in administration in the labor portion of CAM

charges

d. An open-ended management fees clause

7. Which one of the following is required to be performed by an auditor:

a. Engagement letters

b. Legal letters for unasserted litigation, claims, and assessments

c. The use of return envelopes in confirmations

d. Verification of endorsements on the back of canceled checks

8. In a reaudit engagement:

a. A report that divides responsibility for the audit should be issued by the predecessor

auditor

b. Copies of working papers should be provided to the successor auditor

c. Responsibility for the predecessor auditor’s work should be assumed by the successor

auditor

d. The reaudit should be planned and performed in accordance with GAAS

9. According to Camico Mutual Insurance Co.’s report, Public Perceptions in a “Post Enron”

World, what percentage of respondents believe what they hear in the news about corporate

misconduct:

a. 13%

b. 31%

c. 61%

d. 78%

10. According to the AICPA Audit Risk Alert, which of the following is not a technical

standards violation against auditors noted by a malpractice insurance carrier:

a. Improper inventory valuation

b. Failure to detect defalcations

c. Missing disclosures

d. Not establishing prepaid insurance


311

SUGGESTED SOLUTIONS

1. According to the AICPA’s Private Companies Practice Section (PCPS), of the Top Ten

CPA Firm Issues published, which continues to be the biggest challenge for the

accounting profession:

a. Correct. According to the AICPA’s PCPS, finding, hiring and retaining staff

continues to be the biggest challenge for the accounting profession.

b. Incorrect. Work/life balance, although on the Top Ten list, is not one of the top issues.

In fact, it is tenth on the list.

c. Incorrect. Keeping up with technology is not at the top of the list. It is ninth on the list.

d. Incorrect. Client collections are only number seven on the list.

2. Which of the following suggestions does the author provide to decrease audit time:

a. Correct. The author suggests that auditors increase audit work in high-risk areas

such as inventories and receivables to decrease audit time.

b. Incorrect. The author suggests that auditors replace tests of account balances with

analytical procedures in low risk audit areas to decrease audit time.

c. Incorrect. The author suggests that auditors reassess the materiality threshold at a higher

level established for the audit. Many firms set materiality too low and do too much work

based on the assessment.

d. Incorrect. The author suggests that auditors streamline the audit program and not use

“canned” programs which include too many procedures.

3. To save time when auditing the accounts payable, which of the following procedures is

recommended by the author?

a. Incorrect. To save time when auditing the cash, auditors should not request cut-off

statements. This procedure has no impact on accounts payable.

b. Correct. To save time when auditing accounts payable, auditors should eliminate

confirmation of trade payables. Confirmation usually does not test for unrecorded

liabilities which is where the greatest audit risk lies.

c. Incorrect. To save time when auditing the accounts receivable, the confirmation of

receivables should be performed at interim. However, this procedure does not impact

accounts payable.

d. Incorrect. To save time when auditing inventories, the physical observation should be

performed at interim. Even though inventories and accounts payable are related

accounts, the physical observation at interim does not save time in auditing accounts

payable.

4. Under SAS No. 67, when should confirmations be used with respect to accounts receivable:

a. Incorrect. If alternative substantive tests would be adequate to reduce audit risk,

confirmations with respect to accounts receivable may not be appropriate or needed.

b. Incorrect. If audit risk is assessed very low, confirmations with respect to accounts

receivable may not be appropriate or needed as alternative procedures may be used that

reduce audit time relative to the risk.


312

c. Incorrect. If the balance is immaterial, there is no need to use confirmations.

d. Correct. A key element in determining whether receivables should be used is

whether the recipients are likely to reply. If, based on historical responses of other

information, the auditor believes that recipients are not responsive, use of

confirmations would not be an effective audit procedure.

5. What factor might make an auditor question a company’s ability to continue as a going

concern:

a. Incorrect. A factor that might raise doubts about a company’s ability to continue as a

going concern is noncompliance with statutory capital requirements.

b. Incorrect. A factor that might raise doubts about a company’s ability to continue as a

going concern is continued operating losses coupled with declining revenues.

c. Incorrect. A factor that might raise doubts about a company’s ability to continue as a

going concern is loan defaults.

d. Correct. A factor that might raise doubts about a company’s ability to continue as

a going concern is unusually liberal credit terms to customers including significant

dating of receivables.

6. From the tenant’s perspective, which of the following provisions should be included in a

lease agreement?

a. Correct. From the tenant’s perspective, a lease agreement should contain a

provision giving the tenant the right to audit the CAM charges.

b. Incorrect. From the tenant’s perspective, a lease agreement should not contain a

provision that includes a pro rata share of umbrella policy insurance because this is an

indirect cost.

c. Incorrect. From the tenant’s perspective, a lease agreement should have a provision

excluding persons involved in administration from the labor portion of CAM charges.

d. Incorrect. From the tenant’s perspective, a lease agreement should state that

management fees are either fixed or based on a measurable amount. It should not

include an open-ended management fees clause.

7. Which one of the following is required to be performed by an auditor:

A. Correct. Under SAS No. 108, auditors must ensure that the client understands the

nature and terms of the engagement in writing. Thus, an engagement letter is

required. Previously, there was no requirement that such an understanding be in

writing.

b. Incorrect. Legal letters are not required for unasserted litigation, claims, and

assessments. Letters of inquiry must be sent only to attorneys with whom management

had consulted regarding litigation, claims and assessments.

c. Incorrect. GAAS does not require the use of return envelopes for confirmations.

However, in practice, most auditors use return envelopes to facilitate responses.

d. Incorrect. Verifying endorsements on the back of canceled checks is not a required

auditing procedure. Yet, an auditor may decide that this procedure is necessary given

his or her assessment of inherent and control risk.


313

8. In a reaudit engagement:

a. Incorrect. In a reaudit engagement, a report that divides responsibility for the audit

should not be issued by either the predecessor auditor or the successor auditor.

b. Incorrect. In a reaudit engagement, the successor auditor may request access to the

predecessor auditor’s working papers. However, the predecessor should consider the

risk associated with future litigation.

c. Incorrect. In a reaudit engagement, responsibility for the predecessor auditor’s work

should not be assumed by the successor auditor.

d. Correct. In a reaudit engagement, the reaudit should be planned and performed in

accordance with GAAS by the successor auditor.

9. According to Camico Mutual Insurance Co.’s report, Public Perceptions in a “Post Enron”

World, what percentage of respondents believe what they hear in the news about corporate

misconduct:

a. Incorrect. According to Camico Mutual Insurance Co.’s report, Public Perceptions in a

“Post Enron” World, only 13% believe accountants have become more ethical since the

Enron scandal.

b. Incorrect. According to a recent Gallup Poll, only 31% of those polled right after Enron

surfaced in 2002, had a positive image of the accounting profession.

c. Incorrect. According to Camico Mutual Insurance Co.’s report, Public Perceptions in a

“Post Enron” World, 61% hold accountants responsible for making sure their clients

stay honest.

d. Correct. According to Camico Mutual Insurance Co.’s report, Public Perceptions

in a “Post Enron” World, 78% of respondents believe what they hear in the news

about corporate misconduct.

10. According to the AICPA Audit Risk Alert, which of the following is not a technical

standards violation against auditors noted by a malpractice insurance carrier:

a. Incorrect. In 32 percent of the noted cases, improper inventory valuation was noted as a

violation against the auditor.

b. Incorrect. The Alert cites that in 20 percent of the cases noted, failure to detect

defalcations was a GAAS violation.

c. Incorrect. In 13 percent of the cases, disclosures were missing with particular emphasis

on those involving related parties and derivatives.

d. Correct. Not establishing prepaid insurance was not on the list and is a relatively

low risk audit area.


314

SECTION 4: ASB’s Clarity Project

XXXIV. SAS Nos. 122-125

Introduction:

In 2004, the Auditing Standards Board (ASB) started a project aimed at converging U.S.

auditing standards with International Standards on Auditing (ISA) issued by the International

Audit & Assurance Standards Board (IAASB). The project, referred to as the Clarity Project,

is similar to the one being done between the FASB and IASB on the GAAP side. Certain

information in this section regarding the Clarity Project was obtained from the AICPA’s

document entitled, Clarity Project: Update and Final Products, issued in January 2012, and

SAS Nos. 122-125.

The goal of the Project is two-fold:

1. To make existing U.S. auditing standards easier to apply and comprehend, and

2. To converge U. S. GAAS with International Standards on Auditing (ISA) issued by the

International Auditing & Assurance Standards Board (IAASB).

Key points to consider under this project include:

1. As of December 2011, the ASB has completed the redraft of all existing auditing

standards (except two) with the issuance of SAS Nos. 122-125, apply drafting

conventions to those standards, and has converged the material with the ISAs. The

redrafting process included exposing clarity redrafts, considering comments, making

changes and finalizing the standards.

2. All new standards found in SAS Nos. 122-125 incorporate conventions under the

Clarity Format that include the following:

a. A standard format is used for each new SAS, segregated into sections as follows:

Introduction and Scope

Objective

Definitions

Requirements and

Application and other explanatory material that links to the underlying material.

b. The new format provides for:


315

A separation between the requirements section and the application and other

explanatory material

Standard formatting techniques such as use of bullets for lists

Special considerations for smaller entity audits, and

Special considerations for audits of governmental entities, if applicable.

3. All existing auditing statements (SAS No. 1 to 116) have been superseded, except two,

with the replacement standards now part of the new codification.

a. SAS No. 117-121 has been retained but are recodified into the new AU-C format.

b. In completing the new codification, some existing auditing (AU) sections were

merged and others were split into different sections.

4. The new codification under the Clarity Project was completed with the October 2011

issuance of three new SASs: SAS No. 122-124, and the December 2011 issuance of

SAS No. 125 as follows:

SAS No. 122: Statements on Auditing Standards: Clarification and Recodification

SAS No. 123: Omnibus Statement on Auditing Standards- 2011

SAS No. 124: Financial Statements Prepared in Accordance With a Financial

Reporting Framework Generally Accepted in Another Country

SAS No. 125: Alert That Restricts the Use of the Auditor’s Written Communication.

5. Effective dates of SAS Nos. 122-125:

a. SAS Nos. 122-124 are effective for audits of financial statements for periods ending

on or after December 15, 2012. Early application is not permitted.

b. SAS No. 125 is effective for the auditor’s written communications related to audits

of financial statements for periods ending on or after December 15, 2012. For all

other types of engagements in accordance with GAAS, SAS No. 125 is effective for

the auditor’s written communications issued on or after December 15, 2012.

c. Early adoption of SAS No. 122-125 is not permitted.

d. Although the effective date of the SASs is calendar year 2012 (in most cases),

interim procedures for a year end December 31, 2012, that are performed prior to the

effective date, are subject to the new standards. The effective date runs to the year

end of the audit, not when the procedures are actually performed.

Although most changes to auditing standards made by SAS Nos. 122-125 are not substantive,

auditors need to change their work programs and specific procedures to reference guidance

found in the authoritative standards as follows:


316

Engagement letters and management representations letters need to be changed.

Audit programs and work papers need to reference the new auditing standards authority.

Key changes made in the new SASs:

1. The term “generally accepted accounting principles” (GAAP) is replaced with the term

“applicable financial reporting framework,” which also includes cash, tax, regulatory, and

contractual bases of accounting.

2. The SAS replaces the definition of other comprehensive basis of accounting (OCBOA) with a

broader term “special purpose framework.”

3. The wording of the auditor’s report has changed to include:

use of paragraph headings

an expanded section on management’s responsibility

an expanded description of the auditor’s responsibility and objectives of an audit

a broad definition of an audit.

4. The new SASs:

Introduce two terms: “emphasis-of-matter” and “other-matter” paragraphs, which replace

the previous term “explanatory paragraph.”

Make explicit requirements for auditors to perform procedures related to detection of

noncompliance with laws and regulations (formerly illegal acts).

Make explicit requirements for auditors to perform certain procedures on opening balances

in initial audit engagements.

Change the language in engagement and management representation letters.

Expand the auditor’s requirements in connection with audits under a special purpose

framework, such as OCBOA.

Expand the requirement in communicating internal control matters (which is an expansion

of SAS No. 115).

Expand the scope of existing GAAS on how to conduct an effective audit of group financial

statements involving component auditors.

Expand the auditor’s responsibility with respect to the audit of a single financial statement

or a specific element.


317

New SASs With Substantive Changes

Although most of the existing auditing standards have been reissued under the new Clarity

Project, only a handful of the SASs significantly impact the audit engagement and are

summarized in the following chart.

New SASs With Substantive (Significant) Changes to Existing GAAS

AU-C Title

250 Consideration of Laws and Regulations in an Audit of Financial Statements

265 Communicating Internal Control Related Matters Identified in an Audit

700 Forming an Opinion and Reporting on Financial Statements 705 Modifications to the Opinion in the Independent Auditor’s Report

706 Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs in the


600 Special Considerations- Audits of Group Financial Statements (Including

the Work of Component Auditors)

800 Special Considerations- Audits of Financial Statements Prepared in

Accordance With Special Purpose Frameworks 210 Terms of Engagement

580 Written Representations

In the following section, the author reviews each of these new standards that make substantive

changes to the way in which auditors will be required to perform their audits.


318

AU-C 250- Consideration of Laws and Regulations in an Audit of

Financial Statements

Supersedes: SAS No. 54, Illegal Acts by Clients

Key changes in the SAS:

1. Requires the auditor to perform specific audit procedures designed to detect

noncompliance with laws and regulations including:

the performance of procedures to identify instances of non-compliance with those

laws and regulations that may have a material effect on the financial statements,

and

the auditor’s inspection of correspondence, if any, with the relevant licensing or

regulatory authorities.

2. The concept of “illegal acts” as previously used in SAS No. 54 has been replaced

with “noncompliance with laws and regulations.”

3. Replaces the concept of “no assurance” found in existing GAAS with the term

“inherent limitations of an audit.”

4. Requires an auditor to obtain a written representation from management concerning

the absence of noncompliance with laws or regulations.

1. General requirements of the AU-C:

a. The requirements in AU-C 250 are designed to assist the auditor in identifying material

misstatement of the financial statements due to noncompliance with laws and

regulations. However, the auditor is not responsible for preventing noncompliance and

cannot be expected to detect noncompliance with all laws and regulations.

The term “illegal acts” is replaced with the term “noncompliance with laws and

regulations.”

b. Definition of Noncompliance: AU-C-250 defines noncompliance as:


319

“Acts of omission or commission by the entity, either intentional or

unintentional, which are contrary to the prevailing laws or regulations.”

1) Such acts include transactions entered into by, or in the name of the entity, or on its

behalf, by those charged with governance, management, or employees. Non-

compliance does not include personal misconduct (unrelated to the business

activities of the entity) by those charged with governance, management, or

employees of the entity.

Note: Previously issued SAS No. 54 stated “an audit performed in accordance with

generally accepted auditing standards provides no assurance that illegal acts will be

detected.” This new SAS replaces the term “no assurance” with the term “inherent

limitations of an audit” which is a much softer threshold.

Responsibility of Management

1. The AU-C states that it is management’s responsibility, with the oversight of those charged

with governance, to ensure that the entity’s operations are conducted in accordance with the

provisions of laws and regulations, including compliance with the provisions of laws and

regulations that determine the reported amounts and disclosures in the entity’s financial

statements.

a. Policies and procedures that any entity may implement to assist it in preventing and

detecting noncompliance with laws and regulations include:

Monitoring legal requirements to ensure that operating procedures are designed to

meet those requirements

Instituting and operating appropriate systems of internal control

Developing, publicizing, and following a code of ethics or conduct

Ensuring employees are properly trained and understand the code of ethics or

conduct

Monitoring compliance with the code of ethics or conduct, and disciplining

employees who fail to comply with it

Engaging legal advisors to assist in monitoring legal requirements, AND

Maintaining a register of significant laws and regulations with which the entity must

comply within a particular industry and a record of complaints.

Responsibility of the Auditor

1. The Auditor’s Consideration of Compliance With Laws and Regulations

a. As part of obtaining an understanding of the entity and its environment, in accordance

with AU-C 315, Understanding the Entity and Its Environment and Assessing the Risks


320

of Material Misstatement, the auditor should obtain a general understanding of the

following:

The legal and regulatory framework applicable to the entity and the industry or

sector in which the entity operates, and

How the entity is complying with that framework.

b. To obtain a general understanding of the legal and regulatory framework and how the

entity complies with that framework, the auditor may, for example:

use the auditor’s existing understanding of the entity’s industry and regulatory and

other external factors

update the understanding of those laws and regulations that directly determine the

reported amounts and disclosures in the financial statements

inquire of management about other laws or regulations that may be expected to have

a fundamental effect on the operations of the entity

inquire of management concerning the entity’s policies and procedures regarding

compliance with laws and regulations (including the prevention of noncompliance),

if appropriate

inquire of management regarding the policies or procedures adopted for identifying,

evaluating, and accounting for litigation claims

inquire of management regarding the use of directives issued by the entity and

periodic representations obtained by the entity from management at appropriate

levels of authority concerning compliance with laws and regulations, and

consider the auditor’s knowledge of the entity’s history of noncompliance with laws

and regulations.

c. Laws and regulations that have a direct effect on the financial statements:

The auditor should obtain sufficient appropriate audit evidence regarding material

amounts and disclosures in the financial statements that are determined by the

provisions of those laws and regulations generally recognized to have a direct effect on

the financial statements such:

the form and content of financial statements (for example, statutorily-mandated

requirements)

industry-specific financial reporting issues

accounting for transactions under government contracts (for example, laws and

regulations that may affect the amount of revenue to be accrued), and

the accrual or recognition of expenses for income tax or pension costs.

Note: With respect to laws and regulations that have a direct effect on the financial

statements, the auditor’s responsibility is to obtain sufficient appropriate audit evidence


321

regarding material amounts and disclosures in the financial statements that are

determined by the provisions of those laws and regulations. That responsibility is the

same as that for misstatements caused by error or fraud.

d. Other Laws and regulations that do not have a direct effect on the financial statements:

The auditor should perform specific audit procedures that may identify noncompliance

with other laws and regulations that may have a material effect on the financial

statements such as:

Inquiring of management and, when appropriate, those charged with governance

about whether the entity is in compliance with such laws and regulations, and

Inspecting correspondence, if any, with the relevant licensing or regulatory

authority.

e. In the absence of identified or suspected noncompliance, the auditor is not required to

perform audit procedures regarding the entity’s compliance with laws and regulations,

other than:

those set out in paragraphs (1)(a) through (d) above, and

the requirement to obtain written representations from management regarding an

entity’s compliance with laws and regulations.69

Note: The newly issued AU-C 580, Written Representations, includes the following

language to be included in a management representation letter:

“We have disclosed to you all known instances of non-

compliance or suspected non-compliance with laws and

regulations whose effects should be considered when preparing

financial statements.”

Previous language: SAS No. 85 (AU 333) (Superseded by AU-C 580):

“There are no violations or possible violations of laws or

regulations whose effects should be considered for disclosure in

the financial statements or as a basis for recording a loss

contingency.”

Note: An entity’s noncompliance with laws and regulations may result in a material

misstatement of its financial statements. Detection of noncompliance, regardless of

materiality, may affect other aspects of the audit, including, the auditor’s consideration

69

AU-C 580, Written Representations, (paragraph .13).


322

of the integrity of management or employees, as well as the possibility of fraudulent

activity.

2. Audit Procedures When Noncompliance Is Identified or Suspected

a. If the auditor becomes aware of information concerning an instance of noncompliance

or suspected noncompliance with laws and regulations, the auditor should obtain:

an understanding of the nature of the act and the circumstances in which it has

occurred, and

further information to evaluate the possible effect on the financial statements.

b. An auditor may perform additional procedures in response to becoming aware of

noncompliance or suspected noncompliance with laws and regulations, including:

Examining supporting documents, such as invoices, cancelled checks, and

agreements, and comparing them with accounting records

Confirming significant information concerning the matter with the other party to the

transaction or intermediaries, such as banks or lawyers

Determining whether the transaction has been properly authorized, and

Considering whether other similar transactions or events may have occurred and

applying procedures to identify them

3. Reporting of Identified or Suspected Noncompliance

Reporting Noncompliance to Those Charged With Governance

a. Unless all of those charged with governance are involved in management of the entity

and aware of matters involving identified or suspected noncompliance already

communicated by the auditor, the auditor should communicate with those charged with

governance matters involving noncompliance with laws and regulations that come to the

auditor’s attention during the course of the audit, other than when the matters are clearly

inconsequential.

4. Other Provisions

a. AU-C 250 also provides guidance about documentation and communication with those

charged with governance, and other matters.


323

REVIEW QUESTIONS


review questions intermittently throughout each self - study course. Additionally, feedback

must be given to the course participant in the form of answers to the review questions and the

reason why answers are correct or incorrect.





1. Which of the following is an element of the new format under the Clarity Project:

a. An integration between the requirements section and the application and other

explanatory material

b. Special consideration for larger, public entities

c. A separate section for auditors of not-for-profit organizations

d. Standard formatting techniques such as use of bullets for lists

2. Whose responsibility is it to ensure that an entity’s operations are conducted in accordance

with the provisions of laws and regulations:

a. Those charged with governance

b. Management

c. Auditor

d. Law enforcement

3. If an auditor becomes aware of noncompliance or suspected noncompliance with laws and

regulations, additional procedures he or she may perform include all of the following

except:

a. Examining supporting documents, such as invoices, cancelled checks, and agreements,

and comparing with accounting records

b. Receiving a written confirmation from management refuting the allegation of

noncompliance

c. Confirming significant information concerning the matter with the other party to the

transaction or intermediaries, such as banks or lawyers

d. Determining whether the transaction has been properly authorized


324

SUGGESTED SOLUTIONS

1. Which of the following is an element of the new format under the Clarity Project?

a. Incorrect. One element is that there is a separation, not integration, between the

requirements section and the application and other explanatory material

b. Incorrect. The new format provides special consideration for smaller entity audits, not

larger, public entity ones.

c. Incorrect. There is no separate section for auditors of not-for-profit organizations,


d. Correct. One of the elements is that there is a standard formatting techniques

such as use of bullets for lists.

2. Whose responsibility is it to ensure that an entity’s operations are conducted in accordance

with the provisions of laws and regulations:

a. Incorrect. Those charged with governance are responsible for oversight of management,

not direct responsibility for ensuring that an entity’s operations are conducted in

accordance with the provisions of laws and regulations.

b. Correct. Management is responsible to ensure that an entity’s operations are

conducted in accordance with the provisions of laws and regulations.

c. Incorrect. The auditor is not responsible for ensuring that an entity’s operations are

conducted in accordance with laws and regulations, making the answer incorrect.

d. Incorrect. In general, law enforcement is not responsible for an entity’s compliance

with laws and regulations, making the answer incorrect.

3. If an auditor becomes aware of noncompliance or suspected noncompliance with laws and

regulations, additional procedures he or she may perform include all of the following

except:

a. Incorrect. Examining supporting documents, such as invoices, cancelled checks, and

agreements, and comparing with accounting records, is an example of an additional

procedure that the auditor may perform, making the answer incorrect.

b. Correct. Receiving a written confirmation from management refuting the

allegation of noncompliance, is not an additional procedure identified within the

AU-C. Thus, the answer is correct.

c. Incorrect. The AU-C does state that confirming significant information concerning the

matter with the other party to the transaction or intermediaries, such as banks or

lawyers, is an additional answer. Thus, the answer is incorrect.

d. Incorrect. Determining whether the transaction has been properly authorized is

identified as an additional procedure, making the answer incorrect.


325

AU-C 265: Communicating Internal Control Related Matters Identified in

an Audit

Supersedes: SAS No. 115, Communicating Internal Control Related Matters Identified in an

Audit

Key Changes in the SAS:

1. The new SAS makes explicit the following requirements that were implied in SAS No.

115.

a. The auditor is required to determine whether, on the basis of the audit work

performed, the auditor has identified one or more deficiencies in internal control,

and,

b. The auditor is required to include specific matters if there is a written communication

made stating that no material weaknesses were identified during the audit.

2. The new SAS adds two new requirements that were not previously included in SAS No.

115:

a. The auditor is required to communicate, in writing or orally, only to management

other deficiencies (that are not material weaknesses or significant deficiencies) in

internal control identified during the audit that have not been communicated to

management by other parties and that, in the auditor’s professional judgment, are of

sufficient importance to merit management’s attention.

b. In its written communication identifying significant deficiencies or material

weaknesses, the auditor must now include an explanation of the potential effects of

those significant deficiencies and material weaknesses identified.

Definitions

1. For purposes of generally accepted auditing standards, the following terms have the

meanings attributed as follows:

Deficiency in internal control. A deficiency in internal control exists when the

design or operation of a control does not allow management or employees, in the

normal course of performing their assigned functions, to prevent, or detect and

correct, misstatements on a timely basis. A deficiency in design exists when (a) a


326

control necessary to meet the control objective is missing or (b) an existing

control is not properly designed so that, even if the control operates as designed,

the control objective would not be met. A deficiency in operation exists when a

properly designed control does not operate as designed or when the person

performing the control does not possess the necessary authority or competence to

perform the control effectively.

Material weakness. A deficiency, or a combination of deficiencies, in internal

control, such that there is a reasonable possibility that a material misstatement of

the entity’s financial statements will not be prevented, or detected and corrected,

on a timely basis.

Significant deficiency. A deficiency, or a combination of deficiencies, in

internal control that is less severe than a material weakness yet important enough

to merit attention by those charged with governance.

Requirements for the Auditor

1. An auditor is required to determine whether, on the basis of the audit work performed, the

auditor has identified one or more deficiencies in internal control during his or her audit

engagement.

2. The AU-C carries over the requirement from SAS No. 115 that if an auditor identifies one

or more deficiencies in internal control during his or her audit engagement, the auditor

should evaluate each deficiency to determine whether, individually or in combination, they

constitute:

Significant deficiencies, or

Material weaknesses

Communication of Deficiencies in Internal Control

1. The auditor should communicate in writing to those charged with governance on a timely

basis significant deficiencies and material weaknesses identified during the audit, including

those that were remediated during the audit.

2. The auditor also should communicate to management at an appropriate level of

responsibility, on a timely basis:

a. In writing, significant deficiencies and material weaknesses that the auditor has

communicated or intends to communicate to those charged with governance, unless it

would be inappropriate to communicate directly to management in the circumstances.

b. In writing or orally, other deficiencies in internal control identified during the

audit that have not been communicated to management by other parties and that,


327

in the auditor’s professional judgment, are of sufficient importance to merit

management’s attention. If other deficiencies in internal control are communicated

orally, the auditor should document the communication. (NEW)

3. The communications referred to in (1) and (2) above should be made no later than 60 days

following the report release date.

4. The auditor should include in the written communication of significant deficiencies and

material weaknesses the following:

a. The definition of the term “material weakness” and, when relevant, the definition of the

term “significant deficiency.”

b. A description of the significant deficiencies and material weaknesses and an

explanation of their potential effects (NEW).

c. Sufficient information to enable those charged with governance and management to

understand the context of the communication. In particular, the auditor should include in

the communication the following elements that explain that:

the purpose of the audit was for the auditor to express an opinion on the financial

statements

the audit included consideration of internal control over financial reporting in order

to design audit procedures that are appropriate in the circumstances, but not for the

purpose of expressing an opinion on the effectiveness of internal control

the auditor is not expressing an opinion on the effectiveness of internal control

the auditor’s consideration of internal control was not designed to identify all

deficiencies in internal control that might be material weaknesses or significant

deficiencies, and therefore, material weaknesses or significant deficiencies may exist

that were not identified.

d. In accordance with the AU-C 905, Restricting Use of an Auditor’s Report, a restriction

regarding the use of the communication to management, those charged with

governance, others within the organization, and any governmental authority to which

the auditor, is required to report.

Note: One of the new requirements found in AU-C 265 is that the communication includes

a description of the significant deficiencies and material weaknesses and an explanation of

their potential effects. In explaining the potential effects of significant deficiencies and

material weaknesses, the auditor is not required to quantify those effects. Instead, the

potential effects may be described:

in terms of the control objectives and types of errors the control was designed to prevent

or detect and correct, or


328

in terms of the risks of misstatement that the control was designed to address.

Moreover, the potential effects may be evident from the description of the significant

deficiencies or material weaknesses.

5. No Material Weakness Communications

a. An auditor is permitted (but not required) to issue a written communication stating that

no material weaknesses were identified during the audit.

1) If the auditor makes such a communication, he or she should include the matters in

paragraph 4(a), (c), and (d), above.

2) The auditor should not issue a written communication stating that no significant

deficiencies were identified during the audit.


329

REVIEW-FEEDBACK QUESTIONS









1. A __________________ is defined as a deficiency, or a combination of deficiencies, in

internal control, such that there is a reasonable possibility that a material misstatement of

the entity’s financial statements will not be prevented, or detected and corrected, on a

timely basis.

a. Deficiency

b. Material weakness

c. Violation of internal control

d. Weakness

2. An auditor is required to communicate in writing, to those charged with governance, which

of the following:

a. Significant deficiencies

b. Weaknesses

c. Other deficiencies

d. Important matters

3. Which of the following is correct as it relates to a situation in which there are no significant

deficiencies identified during an audit. The auditor_____________stating that no

significant deficiencies were identified during the audit.

a. Should issue an oral or written communication

b. Should not issue a written communication

c. Is permitted to issue a written communication

d. Is not permitted to issue an oral communication


330

SUGGESTED SOLUTIONS

1. A __________________ is defined as a deficiency, or a combination of deficiencies, in

internal control, such that there is a reasonable possibility that a material misstatement of

the entity’s financial statements will not be prevented, or detected and corrected, on a

timely basis.

a. Incorrect. A deficiency does not necessarily rise to creating a material misstatement,


b. Correct. A material weakness is a deficiency where it is reasonably possible that a

material misstatement of the entity’s financial statements will not be prevented, or

detected and corrected on a timely basis.

c. Incorrect. The definition presented is for a material weakness, and not for a violation of

internal control

d. Incorrect. The definition is for a material weakness and not just a weakness, making the

answer incorrect.

2. An auditor is required to communicate in writing, to those charged with governance, which

of the following:

a. Correct. An auditor must communicate in writing significant deficiencies and

material weaknesses identified during the audit.

b. Incorrect. Only material weaknesses must be communicated.

c. Incorrect. An auditor must disclose other deficiencies to management and not those

charged with governance. Further, such communications may be made orally, and not

in writing.

d. Incorrect. There is no requirement to communication important matters.

3. Which of the following is correct as it relates to a situation in which there are no significant

deficiencies identified during an audit. The auditor ___________ stating that no

significant deficiencies were identified during the audit.

a. Incorrect. An auditor should not issue a written communication making the statement

incorrect.

b. Correct. The SAS states that an auditor should not issue a written communication

stating that no significant deficiencies were identified during the audit.

c. Incorrect. The SAS states that the auditor should not issue a written communication,


d. Incorrect. The SAS precludes issuing of a written communication, but does not preclude

making an oral communication, making the answer incorrect.


331

AU-C 700: Forming an Opinion and Reporting on Financial Statements

Supersedes: certain sections of SAS No. 1, Codification of Auditing Standards and

Procedures, and SAS No. 58, Reports on Audited Financial Statements.


The new SAS rewrites the standard auditor’s report to include:

A more expansive description of management’s responsibility for the preparation

and fair presentation of the financial statements, than the one required by SAS No.

58.

A clearer description of the auditor’s responsibility.

An expanded definition of an audit.

Headings throughout the auditor’s report to clearly distinguish each section of the

report.

A change in terminology by which the term “unqualified opinion” is replaced with

the new term “unmodified opinion.”

Auditor’s Report for Audits Conducted in Accordance With GAAS

AU-C 700 changes the components of the standard auditor’s report as follows:

1. The term “unqualified opinion” is replaced with the term “unmodified opinion.”

2. Management’s Responsibility for the Financial Statements:

a. The auditor’s report should include a section with the heading “Management’s

Responsibility for the Financial Statements.” (NEW)

b. The auditor’s report should describe management’s responsibility for the preparation

and fair presentation of the financial statements.

The description should include an explanation that management is responsible for

the preparation and fair presentation of the financial statements in accordance


332

with the applicable financial reporting framework; this responsibility includes the

design, implementation, and maintenance of internal control relevant to the

preparation and fair presentation of financial statements that are free from

material misstatement, whether due to fraud or error. (NEW)

c. The description about management’s responsibility for the financial statements in the

auditor’s report should not be referenced to a separate statement by management about

such responsibilities if such a statement is included in a document containing the

auditor’s report.

3. Auditor’s Responsibility:

a. The auditor’s report should include a section with the heading “Auditor’s

Responsibility” and should state that the responsibility of the auditor is to express an

opinion on the financial statements based on the audit. (NEW)

b. The auditor’s report should describe an audit by stating that: (NEW)

an audit involves performing procedures to obtain audit evidence about the amounts

and disclosures in the financial statements. (NEW)

the procedures selected depend on the auditor’s judgment, including the assessment

of the risks of material misstatement of the financial statements, whether due to

fraud or error. In making those risk assessments, the auditor considers internal

control relevant to the entity’s preparation and fair presentation of the financial

statements in order to design audit procedures that are appropriate in the

circumstances, but not for the purpose of expressing an opinion on the effectiveness

of the entity’s internal control, and accordingly, no such opinion is expressed.

an audit also includes evaluating the appropriateness of the accounting policies used

and the reasonableness of significant accounting estimates made by management, as

well as the overall presentation of the financial statements.

c. When the auditor also has a responsibility to express an opinion on the effectiveness of

internal control in conjunction with the audit of the financial statements, the auditor

should omit from the audit report the phrase that the auditor’s consideration of internal

control is “not for the purpose of expressing an opinion on the effectiveness of internal

control, and accordingly, no such opinion is expressed.”

d. The auditor’s report should state whether the auditor believes that the audit evidence the

auditor has obtained is sufficient and appropriate to provide a basis for the auditor’s

opinion.

4. Auditor’s Opinion:


333

a. The auditor’s report should include a section with the heading “Opinion.” (NEW)

b. When expressing an unmodified opinion on financial statements, the auditor’s opinion

should state that the financial statements present fairly, in all material respects, the

financial position of the entity as of the balance sheet date and the results of its

operations and its cash flows for the period then ended, in accordance with the

applicable financial reporting framework.

c. The auditor’s opinion should identify the applicable financial reporting framework and

its origin.

5. Other Reporting Responsibilities:

a. If the auditor addresses other reporting responsibilities in the auditor’s report on the

financial statements that are in addition to the auditor’s responsibility under GAAS to

report on the financial statements, these other reporting responsibilities should be

addressed in a separate section in the auditor’s report that should be subtitled “Report on

Other Legal and Regulatory Requirements” or otherwise, as appropriate to the content

of the section.

b. If the auditor’s report contains a separate section on other reporting responsibilities, the

headings, statements, and explanations should be under the subtitle “Report on the

Financial Statements.” The “Report on Other Legal and Regulatory Requirements”

should follow the “Report on the Financial Statements.”

Note: If there are no other legal or regulatory reporting requirements, both the “Report

on the Financial Statements,” and “Report on Other Legal and Regulatory Require-

ments” headings are eliminated from the auditor’s report.

6. Date of the Auditor’s Report:

a. The auditor’s report should be dated no earlier than the date on which the auditor has

obtained sufficient appropriate audit evidence on which to base the auditor’s opinion on

the financial statements, including evidence that:

the audit documentation has been reviewed

all the statements that the financial statements comprise, including the related notes,

have been prepared, and

management has asserted that they have taken responsibility for those financial

statements.


334

Auditor’s Report for Audits Conducted in Accordance With Both GAAS and Another

Set of Auditing Standards

1. When the auditor’s report refers to both GAAS and another set of auditing standards, the

auditor’s report should identify the other set of auditing standards, as well as their origin.

Example: New Standard Audit Report under AU-C 700

An Auditor’s Report on Comparative Financial Statements Prepared in Accordance

With Accounting Principles Generally Accepted in the United States of America

Facts:

Audit of a complete set of general purpose financial statements (comparative).

The financial statements are prepared in accordance with accounting principles

generally accepted in the United States of America.

The auditor has no other reporting requirements to be included in the report.


335

INDEPENDENT AUDITOR’S REPORT

[Appropriate Addressee]

We have audited the accompanying financial statements of ABC Company, which comprise the balance sheets as of

December 31, 20X1 and 20X0, and the related statements of income, changes in stockholders’ equity and cash flows for the

years then ended, and the related notes to the financial statements.

Management’s Responsibility for the Financial Statements

Management is responsible for the preparation and fair presentation of these financial statements in accordance with

accounting principles generally accepted in the United States of America; this includes the design, implementation, and

maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from

material misstatement, whether due to fraud or error.

Auditor’s Responsibility

Our responsibility is to express an opinion on these financial statements based on our audits. We conducted our audits in

accordance with auditing standards generally accepted in the United States of America. Those standards require that we

plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material

misstatement.

An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial

statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material

misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor

considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to

design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the

effectiveness of the entity’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating

the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by

management, as well as evaluating the overall presentation of the financial statements.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

Opinion

In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of

ABC Company as of December 31, 20X1 and 20X0, and the results of their operations and their cash flows for the years

then ended in accordance with accounting principles generally accepted in the United States of America.

[Auditor’s signature]

[Auditor’s city and state]

[Date of the auditor’s report]

Observation: The Example 1 report is the new standard audit report that replaces the standard

audit report found in SAS No. 58.


336

AU-C 705: Modifications to the Opinion in the Independent Auditor’s

Report

Supersedes: portions of SAS No. 58, Reports on Audited Financial Statements


The new SAS addresses report modifications to the standard audit report.

The SAS introduces the term “modified opinion” which is either a qualified opinion, adverse

opinion, or a disclaimer of opinion.

General Rules

1. The new AU-C establishes three types of modified opinions which are carried over from

SAS No. 58.

Qualified opinion

Adverse opinion

Disclaimer of opinion

2. The decision as to which type of modified opinion is appropriate depends on the nature of

the matter and the auditor’s professional judgment.

Definitions

Modified opinion: A qualified opinion, an adverse opinion, or a disclaimer of opinion.

Pervasive: A term used in the context of misstatements to describe the effects on the

financial statements of misstatements or the possible effects on the financial statements of

misstatements, if any, that are undetected due to an inability to obtain sufficient appropriate

audit-evidence. Pervasive effects on the financial statements are those that, in the auditor’s

professional judgment:

are not confined to specific elements, accounts, or items of the financial statements

if so confined, represent or could represent a substantial portion of the financial

statements, or

with regard to disclosures, are fundamental to users’ understanding of the financial

statements.


337

Requirements:

1. The auditor should modify the opinion in the auditor’s report when:

a. The auditor concludes that, based on the audit evidence obtained, the financial

statements as a whole are materially misstated or may be materially misstated, or

b. The auditor is unable to obtain sufficient appropriate audit evidence to conclude that

the financial statements as a whole are free from material misstatement.

2. Types of Modifications:

a. In deciding the type of modified opinion depends on two factors:

Materiality of item: Whether the financial statements are materially misstated or may

be materially misstated, and

Pervasiveness of the item: The pervasiveness of the effects or possible effects of the

matter on the financial statements.

The following table describes the basis for which an auditor should issue a modification.

Type of Modified Opinion

Qualified opinion Adverse opinion Disclaimer of opinion

Material but not Pervasive

Material and Pervasive

Material and Pervasive

The auditor should express a

qualified opinion when:

The auditor concludes that

misstatements, individually or

in the aggregate, are material

but not pervasive to the

financial statements, or

The auditor was unable to

obtain sufficient appropriate

audit evidence on which to

base the opinion, but the

auditor concludes that the

possible effects on the financial

statements of undetected

misstatements could be

material but not pervasive.

The auditor should express an

adverse opinion when the auditor,

having obtained sufficient

appropriate audit evidence,

concludes that misstatements,

individually or in the aggregate, are

both material and pervasive to the


The auditor should disclaim an

opinion when the auditor is unable

to obtain sufficient appropriate

audit evidence on which to base the

opinion, and the auditor concludes

that the possible effects on the

financial statements of undetected

misstatements, if any, could be

both material and pervasive.


338

b. If there is a modified opinion (qualified opinion, adverse opinion, or disclaimer of

opinion), the auditor’s report has two paragraphs associated with the modification:

Basis for Modification paragraph, and

Opinion paragraph

3. Basis for Modification Paragraph:

a. When the auditor modifies the opinion, the auditor should include a paragraph in the

auditor’s report that provides a description of the matter giving rise to the modification.

b. The Basis for Modification paragraph should be placed immediately before the opinion

paragraph in the auditor’s report and should use a heading that includes:

Basis for Qualified Opinion

Basis for Adverse Opinion

Basis for Disclaimer of Opinion

c. Lack of independence: When the auditor is not independent but is required by law or

regulation to report on the financial statements, the auditor should disclaim an opinion

and should specifically state that the auditor is not independent.70

Note: The auditor is not required to provide, nor precluded from providing, the reasons

for the lack of independence. If the auditor chooses to provide the reasons for lack of

independence, the auditor should include all the reasons.

4. Opinion Paragraph:

a. If an auditor issues a modified opinion, the auditor should use a heading such as one of

the following for the opinion paragraph:

Qualified Opinion

Adverse Opinion

Disclaimer of Opinion

b. The auditor’s professional judgment about the matter(s) giving rise to the modification

and the pervasiveness of its effects on the financial statements affect the type of opinion

the auditor should issue:

The following table illustrates the interrelation of an auditor’s professional judgment and the

pervasiveness of the effects on the financial statements:

70

Amendment to SAS No. 122 made by SAS No. 123.


339

Nature of Matter Giving Rise

to the Modification

Auditor’s Professional Judgment About

the Pervasiveness of the Effects or Possible

Effects on the Financial Statements

Material but not pervasive Material and pervasive

Financial statements materially

misstated

Qualified opinion Adverse opinion

Inability to obtain sufficient

appropriate audit evidence

Qualified opinion Disclaimer of opinion

Source: SAS No. 122, AU-C 705

Following are examples of the three types of modified opinions:

An Auditor’s Report- Qualified Opinion Due to a Material Misstatement of the Financial

Statements

Facts:





Inventories are misstated.

The auditor’s report contains a qualified opinion because the misstatement is considered

to be material, but not pervasive to the financial statements.

Basis for Qualified Opinion

The Company has stated inventories at cost in the accompanying balance sheets. Accounting

principles generally accepted in the United States of America require inventories to be stated

at the lower of cost or market. If the Company stated inventories at the lower of cost or

market, a writedown of $200,000 and $100,000 would have been required as of December

31, 20X1 and 20X0, respectively.

Qualified Opinion

In our opinion, except for the effects of the matter described in the Basis for Qualified

Opinion paragraph, the financial statements referred to above present fairly, in all material

respects, the financial position of ABC Company as of December 31, 20X1 and 20X0, and

the results of its operations and its cash flows for the years then ended in accordance with

accounting principles generally accepted in the United States of America.


340

An Auditor’s Report- Adverse Opinion Due to a Material Misstatement of the Financial

Statements

Facts:





The financial statements are materially misstated due to the unconsolidation of a

significant subsidiary. This material misstatement is considered to be pervasive to the

financial statements due to the size of the subsidiary.

The auditor’s report contains an adverse opinion. The effects of the misstatement have

not been determined because it was not practicable to do so.

Basis for Adverse Opinion

As described in Note X, the Company has not consolidated the financial statements of

subsidiary XYZ Company that it acquired during 20X1 because it has not yet been able to

determine the fair values of certain of the subsidiary’s material assets and liabilities at the

acquisition date. Therefore, this investment is stated at cost on the Company’s balance sheet.

Under accounting principles generally accepted in the United States of America, the

subsidiary should have been consolidated because it is controlled by the Company. Had

XYZ Company been consolidated, many elements in the accompanying financial statements

would have been materially affected. The effects on the financial statements of the failure to

consolidate have not been determined.

Adverse Opinion

In our opinion, because of the significance of the matter discussed in the Basis for Adverse

Opinion paragraph, the financial statements referred to above do not present fairly the

financial position of ABC Company as of December 31, 20X1, and the results of its

operations and its cash flows for the year then ended.

An Auditor’s Report- Disclaimer of Opinion Due to the Auditor’s Inability to Obtain

Sufficient Appropriate Audit Evidence About a Multiple Elements of the Financial

Statements

Facts:






341

The auditor was unable to obtain sufficient appropriate audit evidence about multiple

elements of the financial statements, such as the entity’s inventories and accounts

receivable. The possible effects of the auditor’s inability to obtain sufficient evidence

are considered to be both material and pervasive to the financial statements

The auditor’s report contains a disclaimer of opinion.

Basis of Disclaimer of Opinion

We were not engaged as auditors of the Company until after December 31, 20X1, and,

therefore, did not observe the counting of physical inventories at the beginning or end of the

year. We were unable to satisfy ourselves by other auditing procedures concerning the

inventory held at December 31, 20X1, which is stated in the balance sheet at $1,000,000. In

addition, the introduction of a new computerized accounts receivable system in September

20X1 resulted in numerous misstatements in accounts receivable. As of the date of our audit

report, management was still in the process of rectifying the system deficiencies and

correcting the misstatements. We were unable to confirm or verify by alternative means

accounts receivable included in the balance sheet at a total amount of $2,500,000 at

December 31, 20X1. As a result of these matters, we were unable to determine whether any

adjustments might have been found necessary in respect of recorded or unrecorded

inventories and accounts receivable, and the elements making up the statements of income,

changes in stockholders’ equity, and cash flows.

Disclaimer of Opinion

Because of the significance of the matters described in the Basis for Disclaimer of Opinion

paragraph, we have not been able to obtain sufficient appropriate audit evidence to provide a

basis for an audit opinion. Accordingly, we do not express an opinion on these financial

statements.


342

REVIEW QUESTIONS









1. Which of the following is a heading that should be in the auditor’s report?

a. Auditor’s Responsibility for the Financial Statements

b. Management’s Responsibility for the Financial Statements

c. See Accountant’s Audit Report

d. Responsibility for the Report

2. In the auditor’s report, if there are no other legal or regulatory reporting requirements:

a. There should be a separate report paragraph stating so

b. Both the “Report on the Financial Statements,” and “Report on Other Legal and

Regulatory Requirements” headings are eliminated from the auditor’s report

c. All report headings are eliminated

d. A separate additional report heading entitled “Elimination of Other Legal or Regulatory

Reporting Requirements” is included in the report

3. Which of the following is an example of appropriate heading for a Basis for Modification

paragraph?

a. “Opinion”

b. “Basis for Auditor’s Report”

c. “Basis for Qualified Opinion”

d. “Basis for Opinion”

4. Assume financial statements are materially misstated but the effect on the financial

statements is not pervasive. The auditor should most likely issue what type of audit

opinion:

a. Unmodified opinion

b. Qualified opinion

c. Adverse opinion

d. Disclaimer of opinion


343

SUGGESTED SOLUTIONS


c. Incorrect. One of the headings is not “Auditor’s Responsibility for the Financial

Statements.”

b. Correct. The management’s responsibility paragraph should have a heading

entitled “Management’s Responsibility for the Financial Statements.”

c. Incorrect. There is no heading in the audit report entitled “See Accountant’s Audit

Report.”

d. Incorrect. There is no heading in the audit report entitled “Responsibility for the

Report.”

2. In the auditor’s report, if there are no other legal or regulatory reporting requirements:

a. Incorrect. There is no requirement to include a separate report paragraph.

b. Correct. If there is no other legal or regulatory reporting requirements, the two

headings: “Report on the Financial Statements,” and “Report on Other Legal and

Regulatory Requirements” are eliminated from the auditor’s report.

c. Incorrect. Only two headings are eliminated.

d. Incorrect. Headings are eliminated. No separate additional report heading entitled

“Elimination of Other Legal or Regulatory Reporting Requirements” is included in the

report.

3. Which of the following is an example of appropriate heading for a Basis for Modification

paragraph?

a. Incorrect. “Opinion” is not an appropriate heading for the Basis for Modification

paragraph.

b. Incorrect. “Basis for Auditor’s Report” is not a heading for the Basis for Modification

paragraph.

c. Correct. “Basis for Qualified Opinion” is an appropriate heading if there is a

qualified report, which is a modification.

d. Incorrect. “Basis for Opinion” is not an appropriate heading for the Basis for

Modification paragraph.

4. Assume financial statements are materially misstated but the effect on the financial

statements is not pervasive. The auditor should most likely issue what type of audit

opinion:

a. Incorrect. Because there is a material misstatement, an unmodified opinion is not

appropriate.

b. Correct. When there is a material misstatement and the effect is not pervasive, a

qualified opinion is appropriate.

c. Incorrect. An adverse opinion would be appropriate if the effect is pervasive, which it

is not in this case.

d. Incorrect. There is no scope limitation. Thus, a disclaimer of opinion is not appropriate.


344

AU-C 706: Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs

in the Independent Auditor’s Report

Supersedes: portions of SAS No. 58, Reports on Audited Financial Statements


1. The new SAS introduces the terms emphasis-of-matter and other-matter paragraphs.

Emphasis-of-matter paragraph. A paragraph included in the auditor’s report that

refers to a matter appropriately presented or disclosed in the financial statements to

draw users’ attention to a particular matter.

Other-matter paragraph. A paragraph included in the auditor’s report that refers to a

matter other than those presented or disclosed in the financial statements.

2. The new SAS requires an emphasis-of-matter or other-matter paragraph to always follow

the opinion paragraph and be included in a separate section of the auditor’s report under

the section heading “Emphasis of Matter” or “Other Matter.”

3. The concept of an “explanatory paragraph” is no longer included in GAAS and is

replaced with either the emphasis-of-matter or other-matter paragraphs.

Scope of AU-C 706:

1. AU-C 706: Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs in the

Independent Auditor’s Report, addresses additional communications in the auditor’s report

when the auditor considers it necessary to draw users’ attention to:

a. a matter or matters presented or disclosed in the financial statements that are of such

importance that they are fundamental to users’ understanding of the financial statements

(emphasis-of-matter paragraph), or

b. any matter or matters other than those presented or disclosed in the financial statements

that are relevant to users’ understanding of the audit, the auditor’s responsibilities, or

the auditor’s report (other-matter paragraph).

Definitions


345

1. For purposes of generally accepted auditing standards (GAAS), the following terms have

the meanings attributed as follows:

Emphasis-of-matter paragraph: A paragraph included in the auditor’s report that is

required by GAAS, or is included at the auditor’s discretion, and that refers to a matter

appropriately presented or disclosed in the financial statements that, in the auditor’s

judgment, is of such importance that it is fundamental to users’ understanding of the


Other-matter paragraph: A paragraph included in the auditor’s report that is required

by GAAS, or is included at the auditor’s discretion, and that refers to a matter other

than those presented or disclosed in the financial statements that, in the auditor’s

judgment, is relevant to users’ understanding of the audit, the auditor’s responsibilities,

or the auditor’s report.

Requirements

Emphasis-of-Matter Paragraph in the Auditor’s Report

1. If the auditor considers it necessary to draw users’ attention to a matter appropriately

presented or disclosed in the financial statements that is of such importance that it is

fundamental to users’ understanding of the financial statements, the auditor should include

an emphasis-of-matter paragraph in the auditor’s report: In order to include an emphasis-

of matter paragraph:

a. The auditor must obtained sufficient appropriate audit evidence that the matter is not

materially misstated in the financial statements, and

b. The emphasis-of-matter paragraph should refer only to information presented or

disclosed in the financial statements.

2. Circumstances in which an auditor must emphasize a matter in the audit report:

a. There are certain auditing standards that require an auditor to include an emphasis-of-

matter paragraph in the auditor’s report in certain circumstances. That list includes:

Subsequent Events and Subsequently Discovered Facts (AU-C 570, paragraph .16c)

Going Concern (Proposed AU-C 570)

Special Considerations—Audits of Financial Statements Prepared in Accordance

With Special Purpose Frameworks (AU-C- 800, paragraphs .19 and .21)

Consistency of Financial Statements (AU-C 708, paragraphs 8-9 and .11-.13)

3. Circumstances in which an emphasis-of-matter paragraph may be necessary:


346

a. In addition to the use of an emphasis-of-matter paragraph required by other SASs, the

following are examples of circumstances when the auditor may consider it necessary to

include an emphasis-of-matter paragraph:

An uncertainty relating to the future outcome of unusually important litigation or

regulatory action

A major catastrophe that has had, or continues to have, a significant effect on the

entity’s financial position

Significant transactions with related parties, and

Unusually important subsequent events

4. Including an emphasis-of-matter paragraph in the auditor’s report:

a. An emphasis-of-matter paragraph should refer only to matters appropriately presented

or disclosed in the financial statements.

1) To include information in an emphasis-of-matter paragraph about a matter beyond

what is presented or disclosed in the financial statements may raise questions about

the appropriateness of such presentation or disclosure.

b. The inclusion of an emphasis-of-matter paragraph in the auditor’s report does not affect

the auditor’s opinion. An emphasis-of-matter paragraph is not a substitute for either:

1) the auditor expressing a qualified opinion or an adverse opinion, or disclaiming an

opinion, when required by the circumstances of a specific audit engagement (see

AU-C 705, Modifications to the Opinion in the Independent Auditor’s Report), or

2) disclosures in the financial statements that the applicable financial reporting

framework requires management to make.

Other-Matter Paragraph in the Auditor’s Report

1. If the auditor considers it necessary to communicate a matter other than those that are

presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant

to users’ understanding of the audit, the auditor’s responsibilities, or the auditor’s report,

the auditor should:

a. do so in a paragraph in the auditor’s report with the heading “Other Matter” or other

appropriate heading, and

b. include this paragraph immediately after the opinion paragraph and any emphasis-of-

matter paragraph or elsewhere in the auditor’s report if the content of the other-matter

paragraph is relevant to the “Other Reporting Responsibilities” section.

2. An “other matter” paragraph is used in situations in which:


347

a. It is necessary to communicate a matter that is not presented or disclosed in the

financial statements (e.g., not in the notes), and

b. Is relevant to the users’ understanding of the:

audit

auditor’s responsibilities, or

auditor’s report.

Note: An other-matter paragraph does not address circumstances when the auditor has

other reporting responsibilities that are in addition to the auditor’s responsibility under

GAAS to report on the financial statements, or when the auditor has been asked to perform

and report on additional specified procedures or to express an opinion on specific matters.

3. Exhibit C of AU-C 706 provides a list of other auditing standards that require use of an

other-matter paragraph in the auditor’s report in certain circumstances:

AU-C 560, Subsequent Events and Subsequently Discovered Facts

AU-C 700, Forming an Opinion and Reporting on Financial Statements

AU-C 720, Other Information in Documents Containing Audited Financial

Statements

AU-C 725, Supplementary Information in Relation to the Financial Statements as a

Whole

AU-C 730, Required Supplementary Information

AU-C 800, Special Considerations- Audits of Financial Statements Prepared in

Accordance With Special Purpose Frameworks

AU-C 806, Reporting on Compliance With Aspects of Contractual Agreements or

Regulatory Requirements in Connection With Audited Financial Statements

AU-C 905, Restricting the Use of an Auditor’s Report

4. If there are both emphasis-of-matter and other-matter paragraphs, those paragraphs should

be presented in the auditor’s report in the following order:

FIRST: Opinion paragraph

SECOND: Emphasis-of-matter paragraph

THIRD: Other-matter paragraph

Communication With Those Charged With Governance

1. If the auditor expects to include an emphasis-of-matter or other-matter paragraph in the

auditor’s report, the auditor should communicate with those charged with governance

regarding the expectation and the proposed wording of this paragraph.


348

Examples of Auditor’s Reports With Emphasis-of-Matter or Other-Matter Paragraphs:

Example 1: An Auditor’s Report With an Emphasis-of-Matter Paragraph Because

There Is Uncertainty Relating to a Pending Unusually Important Litigation Matter

Facts:

Audit of a complete set of general purpose financial statements (single year) prepared in

accordance with accounting principles generally accepted in the United States of

America.

There is uncertainty relating to a pending unusually important litigation matter.

The auditor’s report includes an emphasis-of-matter paragraph.



We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet as of

December 31, 20X1, and the related statements of income, changes in stockholders’ equity and cash flows for the year then

ended, and the related notes to the financial statements.







Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in



misstatement.






effectiveness of the entity’s internal control.71

Accordingly, we express no such opinion. An audit also includes evaluating


71

In circumstances when the auditor also has responsibility to express an opinion on the effectiveness of internal control in

conjunction with the audit of the financial statements, this sentence would be worded as follows: “In making those risk

assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial

statements in order to design audit procedures that are appropriate in the circumstances.” In addition, the next sentence,

“Accordingly, we express no such opinion,” would not be included.


349


We believe that the audit evidence that we have obtained is sufficient and appropriate to provide a basis for our audit

opinion.

Opinion

In our opinion, the financial statements referred to above present fairly, in all material respects the financial position of

ABC Company as of December 31, 20X1, and the results of its operations and its cash flows for the year then ended in

accordance with accounting principles generally accepted in the United States of America.

Emphasis of Matter

As discussed in Note X to the financial statements, the Company is a defendant in a lawsuit [briefly describe the

nature of the litigation consistent with the Company's description in the note to the financial statements]. Our

opinion is not modified with respect to this matter.




Example 2: An Auditor’s Report With an Other-Matter Paragraph That May Be

Appropriate When an Auditor Issues an Updated Report on the Financial Statements of

a Prior Period That Contains an Opinion Different From the Opinion Previously

Expressed

Facts:

Audit of a complete set of general purpose financial statements (comparative) prepared

in accordance with accounting principles generally accepted in the United States of

America.

The auditor’s report on the prior period financial statements expressed an adverse

opinion due to identified departures from accounting principles generally accepted in

the United States of America that resulted in the financial statements being materially

misstated. The entity has elected to change its method of accounting for the matters that

gave rise to the adverse opinion in the prior period, and have restated the prior period

financial statements. Therefore, the auditor issued an adverse opinion.

The auditor’s report includes an other-matter paragraph indicating that the updated

report on the financial statements of the prior period contains an opinion different from

the opinion previously expressed, as required by AU-C 700, Forming an Opinion and

Reporting on Financial Statements.

Although the entity changed its method of accounting for the matters that gave rise to

the adverse opinion in the prior period, the principal objective of the communication in

the other-matter paragraph is to draw users’ attention to the change in the auditor’s

opinion on the prior period financial statements. The other-matter paragraph also refers

to the change in accounting principle and the related disclosure in the financial

statements. Therefore, the other-matter paragraph also meets the objective of


350

communicating the change in accounting principle as required by AU-C 708,

Consistency of Financial Statements, and a separate emphasis-of-matter paragraph is

not considered necessary.



We have audited the accompanying financial statements of ABC Company, which comprise the balance sheets as of

December 31, 20X1 and 20X0, and the related statements of income, changes in stockholders’ equity and cash flows for the

years then ended, and the related notes to the financial statements.







Our responsibility is to express an opinion on these financial statements based on our audits. We conducted our audits in



misstatement.









We believe that the audit evidence that we have obtained is sufficient and appropriate to provide a basis for our audit

opinion.

Opinion

In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of

ABC Company as of December 31, 20X1 and 20X0, and the results of its operations and its cash flows for the years then

ended in accordance with accounting principles generally accepted in the United States of America.

Other Matter

In our report dated March 1, 20X1, we expressed an opinion that the 20X0 financial statements did not fairly

present the financial position, results of operations, and cash flows of ABC Company in accordance with accounting

principles generally accepted in the United States of America because of two departures from such principles: (1)

ABC Company carried its property, plant, and equipment at appraisal values, and provided for depreciation on the

basis of such values, and (2) ABC Company did not provide for deferred income taxes with respect to differences

between income for financial reporting purposes and taxable income. As described in Note X, the Company has

changed its method of accounting for these items and restated its 20X0 financial statements to conform with

accounting principles generally accepted in the United States of America. Accordingly, our present opinion on the

restated 20X0 financial statements, as presented herein, is different from that expressed in our previous report.


351




Observation: Notice in the Example 2 report that the Other Matter paragraph does not

reference a footnote such as “As disclosed in Note X.” The reason is because the matter

addressed in the Other-Matter paragraph is not addressed elsewhere in the financial statements

or notes.


352

REVIEW QUESTIONS









1. Which kind of paragraph refers to a matter appropriately presented or disclosed in the

financial statements that is of such importance that it is fundamental to users’

understanding of the financial statements:

a. Emphasis-of-matter paragraph

b. Unmodified opinion paragraph

c. Qualified opinion paragraph

d. Adverse-opinion paragraph

2. A key element of an other matter paragraph is that:

a. It involves a communication of a matter that is presented in the financial statements but

not the notes.

b. It involves a communication of a matter that is not presented in the financial statements

but is presented in the notes

c. It involves a communication of a matter that is presented or disclosed in the financial

statements or the notes

d. It involves a communication of a matter that is not presented or disclosed in the

financial statements or the notes


auditor’s report, which of the following should the auditor do:

a. Send a letter to management notifying them of the wording of the paragraph

b. Communicate with those charged with governance

c. Nothing is specifically required in the auditing standard

d. Make an oral communication to management giving them an opportunity to challenge

the wording in the paragraph


353

SUGGESTED SOLUTIONS

1. Which kind of paragraph refers to a matter appropriately presented or disclosed in the

financial statements that is of such importance that it is fundamental to users’

understanding of the financial statements:

a. Correct. An emphasis-of-matter paragraph refers to a matter that is disclosed in

the financial statements and is of such importance that it is fundamental to users’

understanding of the financial statements.

b. Incorrect. An unmodified opinion paragraph does not deal with a matter that is

presented or disclosed in the financial statements.

c. A qualified opinion paragraph has nothing to do with referring to a matter that is

importance to fundamental users’ understanding of the financial statements.

d. An adverse opinion paragraph does not refer to a matter that is importance to

fundamental users’ understanding of the financial statements.

2. A key element of an other matter paragraph is that:

a. Incorrect. An other matter paragraph does not involve a communication of a matter that

is presented in the financial statements but not the notes.

b. Incorrect. An other matter paragraph does not involve a communication of a matter that

is not presented in the financial statements but is presented in the notes.

c. Incorrect. An other matter paragraph does not involve a communication of a matter that

is presented or disclosed in the financial statements or the notes.

d. Correct. An other matter paragraph involves a communication of a matter that is

not presented or disclosed in the financial statements or the notes.


auditor’s report, which of the following should the auditor do:

a. Incorrect. There is no requirement for the auditor to communicate with management

notifying them of the wording of the paragraph

b. Correct. The auditor should communicate with those charged with governance

regarding the expectation and the proposed wording of the paragraph.

c. Incorrect. There is a required communication to those charged with governance,


d. Incorrect. No communication is required to be made to management, making the

answer incorrect.


354

AU-C 600: Special Considerations- Audits of Group Financial Statements

(Including the Work of Component Auditors)

Supersedes: SAS No. 1, Part of Audit Performed by Other Independent Auditors (AU section

543)


1. The new SAS expands the scope of existing GAAS found in AU 543 of SAS No. 1, with a focus on

how a group auditor must conduct an effective audit of group financial statements.

2. The new SAS:

a. Introduces the concepts of “group auditor” and “component auditor.”

b. Requires the group auditor to have greater involvement in the audit work of a component

auditor including indentifying significant components, and defining materiality at both the

group and component level.

c. Expands the communication required between the group and component auditors.

d. Deals with the reporting options for a group auditor.

Introduction:

1. AU-C 600: Special Considerations- Audits of Group Financial Statements (Including the

Work of Component Auditors), deals with a group auditor reporting on group financial

statements, and replaces the previous guidance found in AU 543, Part of Audit Performed

by Other Independent Auditors.

2. In the group auditor report, the group auditor has the choice of referring to the work of the

component auditor or not referring to the work of the component auditor.

a. In situations when the group engagement partner does not make reference to a

component auditor’s work in the auditor’s report on the group financial statements, all

of the performance requirements for the group auditor, found in AU-C 600, apply.

That is, if the group report does not reference the work of the component auditor, the

group auditor is responsible for that component.


355

b. In situations when the group engagement partner decides to make reference to a

component auditor in the audit report on the group financial statements, certain of the

requirements of AU-C 600 would not apply because the group auditor would not be

taking responsibility for the component that was audited by the component auditor.

Note: While AU-C 600 is based on ISA 600, ISA 600 does not permit reference to a

component auditor in the auditor’s report on the group financial statements.

Definitions found in AU-C 600:

AU-C 600 includes several new terms as well as certain revised terms from AU 543.

Component: An entity or business activity for which group or component management

prepares financial information that should be included in the group financial statements.

Group Financial Statements: Financial statements that include the financial information

of more than one component.

Group Engagement Partner: The partner or other person in the firm who is responsible

for the group audit engagement and its performance and for the auditor’s report on the

group financial statements that is issued on behalf of the firm.

Group: All of the components whose financial information is included in the group

financial statements. A group always has more than one component.

Group Audit: The audit of group financial statements.

Group Engagement Team: Partners, including the group engagement partner, and staff

who establish the overall group audit strategy, communicate with component auditors,

perform work on the consolidation process, and evaluate the conclusions drawn from the

audit evidence as the basis for forming an opinion on the group financial statements.

Group-Wide Controls: Controls designed, implemented, and maintained by group

management over group financial reporting.

Component Management: Management responsible for preparing the financial infor-

mation of a component.

Component Materiality: The materiality for a component determined by the group

engagement team for the purposes of the group audit.

Component Auditor: An auditor who performs work on the financial information of a

component that will be used as audit evidence for the group audit. A component auditor

may be part of the group engagement partner’s firm, a network firm of the group

engagement partner’s firm, or another firm.


356

Note: An auditor is only a component auditor when a group auditor decides to either a) use

the work of the component auditor, or b) make reference to the component auditor’s work

in the group auditor’s report.

Significant Component: A component identified by the group engagement team (i) that is

of individual financial significance to the group, or (ii) that, due to its specific nature or

circumstances, is likely to include significant risks of material misstatement of the group


Requirements of AU-C 600:

1. The AU-C establishes the responsibilities for a group auditor when it is relying on the

auditor a component, which is referred to as the component auditor.

2. The AU-C identifies the responsibilities for the:

Group engagement partner, and

Group engagement team

3. The group engagement partner is the individual responsible for:

a. the direction, supervision, and performance of the group audit engagement in comp-

liance with professional standards and regulatory and legal requirements

b. determining whether the auditor’s report that is issued is appropriate in the

circumstances, and

c. reviewing and approving the overall group audit strategy and group audit plan.

4. The group engagement team is responsible for:

a. obtaining an understanding of the group, its components, and their environments that is

sufficient to identify components that are likely to be significant components

b. identifying significant components

c. establishing an overall group audit strategy and developing a group audit plan

d. identifying and assessing the risks of material misstatements through obtaining an

understanding of the entity and its environment

e. obtaining an understanding that is sufficient to:


357

Confirm or revise its initial identification of components that are likely to be a

significant components, and

Assess the risks of material misstatement of the group financial statements whether

due to fraud or error.

f. obtaining an understanding of the component auditor.

Determining Whether to Reference the Component Auditor in the Group Auditor’s

Report

1. Once the group engagement team has gained its understanding of each component auditor,

the group engagement partner should determine whether to:

a. Not reference to the component auditor in the group auditor’s report: Group auditor

assumes responsibility for the work of component auditors which requires the group

auditor to be involved in the work of component auditors, insofar as that work relates to

the expression of an opinion on the group financial statements, or

b. Make reference to the component auditor in the group auditor’s report: Group auditor

does not assume responsibility for the component, which requires the group auditor to

make reference to the audit of a component auditor in the auditor’s report on the group


2. The decision to reference the work of the component auditor in the group auditor’s report is

made individually for each component auditor, regardless of the decision to reference any

other component auditors.

Procedures Performed by the Group Auditor on the Component Auditor- All Situations

1. Regardless of whether the group auditor makes reference to the work of the component

auditor in the group auditor report, at a minimum, the group engagement team is required

to:

a. Gain an understanding of the component auditor, and

b. Communicate with and evaluate the component auditor.

Thus, in a situation in which there is a group engagement and a component is audited by a

component auditor, the group auditor must gain an understanding of the component auditor,

and communicate with and evaluate the component auditor. Then, the group auditor can

decide if he or she is going to reference the component auditor in the group audit report.

Gain Understanding a Component Auditor


358

1. Regardless of whether the group auditor makes reference to the work of the component

auditor in the group auditor report, the group engagement team is required to gain an

understanding of the component auditor in terms of:

a. Whether a component auditor understands, and will comply with the ethical

requirements that are relevant to the group audit

b. Whether the component auditor is independent

c. The component auditor’s professional competence

d. The extent to which the group engagement team will be able to be involved in the work

of the component auditor

e. Whether the group engagement team will be able to obtain information affecting the

consolidation process from a component auditor, and

f. Whether a component auditor operates in a regulatory environment that actively

oversees auditors (e.g., peer review).

Communication With and Evaluate the Component Auditor

1. AU-C 600 requires that there be communications to and from the group auditor and

component auditor regardless of whether the component auditor will be referenced in the

group auditor’s report.

2. The group engagement team is required to communicate specific items to the component

auditor on a timely basis.

3. The group engagement team should request that a component auditor communicate to the

group matters relevant to the group’s conclusion with regard to the group audit which

should include:

a. Whether the component auditor has complied with ethical requirements, including

independence and professional competence, relevant to the group audit

b. Identification of the financial information of the component on which the component

auditor is reporting, and

c. The component auditor’s overall financings, conclusions, or opinion.

4. The group engagement team is required to evaluate a component auditor’s

communication and to discuss significant findings and issues arising from that evaluation

with the component auditor, component management, or group management, as

appropriate.


359

Making Reference to the Component Auditor in the Group Auditor’s Report

1. If the group auditor decides to reference to component auditor in its group auditor report,

the group auditor no longer assumes responsibility for that component.

2. By referencing the component auditor’s work in the group audit report, the group auditor’s

procedures are limited because the group auditor is not taking responsibility for that

component.

Therefore, the group engagement team’s work is limited to obtaining sufficient appropriate

audit evidence by performing the following procedures:

a. Procedures performed on all component auditors:

Gain an understanding of the component auditor, and

Communicate with and evaluate the component auditor

b. Reading the component’s financial statements and the component auditor’s report to

identify significant findings and issues and, when considered necessary, communicating

with the component auditor in this regard.

3. The group auditor should not reference the audit of the component auditor in its audit report

unless:

a. The component’s financial statements are prepared using the same financial reporting

framework as the group financial statements

b. The component auditor has performed an audit on the financial statements of the

component in accordance with GAAS or PCAOB (for public companies), and

c. The component auditor has issued an auditor’s report that is not restricted as to use.

4. When the group engagement partner decides to make reference to the audit of a component

auditor in the group auditor’s report, the report on the group financial statements should:

a. Clearly indicate that the component was not audited by the group auditor but was

audited by the component auditor, and

b. Include the magnitude of the portion of the financial statements audited by the

component auditor.

5. The group auditor may name the component auditor in the group auditor’s report provided:

a. The component auditor’s express permission is obtained, and


360

b. The component auditor’s report is presented together with that of the group auditor’s

report.

6. If the component auditor’s report opinion is modified and includes an emphasis-of-matter

or other-matter paragraph, the group auditor should determine the effect that this

modification may have on the group auditor’s report.

a. When deemed appropriate, the group auditor should modify the opinion on the group

financial statements or include an emphasis-of-matter or other-matter paragraph in the

group auditor’s report.

Not Making Reference in the Auditor’s Report

1. If the group engagement partner decides to assume responsibility for the component, no

reference should be made to the component auditor in the group auditor’s report.

2. In not referencing the component auditor in the group auditor’s report, the group

engagement team is required to perform certain additional procedures on the component

and the component auditor’s work, as follows:

Define materiality of the component, and

Get involved in the work of the component auditor including identifying significant

components and identifying risk of the component

Defining Materiality

1. The group engagement team should determine the following:

a. Materiality, including performance materiality, for the group financial statements as a

whole when establishing the overall group audit strategy

b. Whether particular classes of transactions, account balances, or disclosures in the group

financial statements exist for which misstatement of lesser amounts than materiality for

the group financial statements as a whole could reasonably be expected to influence the

economic decisions of users taken on the basis of the group financial statements

c. Component materiality for those components on which the group engagement team will

perform, or request a component auditor to perform, an audit or review

Component materiality is required to be lower than group materiality in order to

reduce the risk that the aggregate of detected and undetected misstatements in the

group financial statements exceeds the materiality for the group financial statements

as a whole.


361

Component performance materiality should be lower than group performance

materiality.

Getting Involved in the Work of the Component Auditor and Significant Components

1. AU-C 600 provides that when a component auditor performs an audit of a significant

component for which the group auditor is assuming responsibility for that component

(e.g., the component auditor is not referenced in the group auditor’s report), the group

engagement team should be involved in the risk assessment of the component to identify

significant risks of material misstatements of the group financial statements. In making that

assessment, the group engagement team should do the following:

a. Discuss with the component auditor or component management the component’s

business activities of significance to the group

b. Discuss with the component auditor the susceptibility of the component to material

misstatement due to fraud or error

c. Review the component auditor’s documentation of identified significant risks of

material misstatement of the group financial statements

d. If significant risks of material misstatement have been identified in a component,

evaluate the appropriateness of further audit procedures to be performed to respond to

the identified significant risks of material misstatement.

2. AU-C 600 introduces a new concept of a significant component, which is defined as a

component identified by the group engagement team that is either:

a. of individual financial significance to the group, or

b. due to its specific nature or circumstances, is likely to include significant risks of

material misstatement of the group financial statements.

LARGE OR RISKY COMPONENT = SIGNIFICANT COMPONENT

3. The group engagement team should identify significant components so that the work effort

should be directed toward such components.

4. In performing audit work on significant components, AU-C 600 provides the following

requirements for the group engagement team:

a. For a component that is individually financially significant to the group:

Audit the component’s financial information using the component materiality.


362

b. For a component considered significant because it is likely to include significant risks of

material misstatements of the group financial statements, an audit of the component is

performed in one or more of the following ways:

Audit the component financial information using component materiality

Audit one or more account balances, classes of transactions, or disclosures where the

risk resides, or

Perform specific audit procedures related to the likely significant risks of material

misstatement of the group financial statements.

5. For components that are not significant, the group engagement team should perform

analytical procedures at the group level.

Dealing with the Consolidation Process

1. The AU-C also provides guidance on how the group engagement team should deal with the

consolidation process, communicate with the group management and those charged with

governance, a specific documentation requirements.


363

AU-C 800: Special Considerations- Audits of Financial Statements

Prepared in Accordance With Special Purpose Frameworks

Supersedes: certain portions of AU 544 of SAS No. 62, Special Reports.


1. The term OCBOA is replaced with the term special purpose framework, which no longer includes a

definite set of criteria having substantial support that is applied to all material items appearing in


a. Special purpose frameworks are limited to cash, tax, regulatory, or contractual bases of

accounting.

2. The new SAS requires:

a. The auditor to obtain an understanding of:

the purpose for which the financial statements are prepared

the intended users, and

the steps taken by management to determine that the special purpose framework is

acceptable in the circumstances.

b. The auditor to obtain the agreement of management that it acknowledges and understands its

responsibility to include all informative disclosures that are appropriate for the special purpose

framework used to prepare the financial statements.

c. In the case of special purpose financial statements prepared in accordance with a contractual

basis of accounting, the auditor to obtain an understanding of any significant interpretations of

the contract that management made in the preparation of those financial statements and to

evaluate whether the financial statements adequately describe such interpretations.

d. When management has a choice of financial reporting frameworks in the preparation of the

financial statements, the explanation of management’s responsibility for the financial

statements in the auditor’s report to make reference to management’s responsibility for

determining that the applicable financial reporting framework is acceptable in the

circumstances.

e. In the case of financial statements prepared in accordance with a regulatory or contractual basis

of accounting, the auditor’s report to describe the purpose for which the financial statements

are prepared or refer to a note in the special purpose financial statements that contains that

information.


364

f. The auditor’s report to include an emphasis-of-matter paragraph under an appropriate heading

that, among other things, states that the special purpose framework is a basis of accounting

other than GAAP. As previously indicated, the term OCBOA is no longer used in GAAS.

g. The auditor’s report to include specific elements if the auditor is required by law or regulation

to use a specific layout, form, or wording of the auditor’s report.

Definitions

1. For purposes of AU-C 800, the following terms have the meanings attributed as follows:

Special purpose financial statements: Financial statements prepared in accordance with a

special purpose framework.

Special purpose framework: A financial reporting framework other than GAAP that is

one of the following bases of accounting:

Cash basis: A basis of accounting that the entity uses to record cash receipts and

disbursements and modifications of the cash basis having substantial support (for

example, recording depreciation on fixed assets).

Tax basis: A basis of accounting that the entity uses to file its income tax return for the

period covered by the financial statements.

Regulatory basis: A basis of accounting that the entity uses to comply with the

requirements or financial reporting provisions of a regulatory agency to whose

jurisdiction the entity is subject (for example, a basis of accounting that insurance

companies use pursuant to the accounting practices prescribed or permitted by a state

insurance commission.)

Contractual basis: A basis of accounting that the entity uses to comply with an

agreement between the entity and one or more third parties other than the auditor.

Example: A borrower is required by its lender to prepare consolidated financial

statements presented on a contractual basis of accounting, which is not GAAP.

The cash, tax, and regulatory bases of accounting are commonly referred to as other

comprehensive bases of accounting, although the term OCBOA is no longer included in

GAAS.

Observation: Under the new SAS, the term OCBOA is replaced with the term special purpose

framework. Previously, the definition of other comprehensive basis of accounting (OBCOA)


365

included any set of criteria that had substantial support. The new SAS does not include under

the definition of special purpose framework, any set of criteria having substantial support.

Further, the definition of income tax basis is changed slightly from the previous one found in

SAS No. 62. The SAS No. 62 definition was “a basis of accounting that the entity uses or

expects to use to file its income tax return for the period covered by the financial statements.”

The new definition removes the “expects to use” from the definition. As a practical matter,

eliminating the “expects to use” from the definition should have no significant effect on the

application of the SAS.

Lastly, the term “income tax basis of accounting” has been replaced with the term “tax basis of

accounting.”

Auditor Requirements:

1. The auditor is required to determine the acceptability of the financial reporting framework

applied in the preparation of the financial statements. In an audit of special purpose

financial statements, the auditor should obtain an understanding of:

a. the purpose for which the financial statements are prepared

b. the intended users, and

c. the steps taken by management to determine that the applicable financial reporting

framework is acceptable in the circumstances.

2. The SAS requires the auditor to establish whether the preconditions for an audit are present

including obtaining the agreement of management that it acknowledges and understands its

responsibility to include all informative disclosures that are appropriate for the special

purpose framework used to prepare the entity’s financial statements including:

a a description of the special purpose framework, including a summary of significant

accounting policies, and how the framework differs from GAAP, the effects of which

need not be quantified

b. informative disclosures similar to those required by GAAP, in the case of special

purpose financial statements that contain items that are the same as, or similar to, those

in financial statements prepared in accordance with GAAP

c. a description of any significant interpretations of the contract on which the special

purpose financial statements are based, in the case of special purpose financial

statements prepared in accordance with a contractual basis of accounting, and

d. additional disclosures beyond those specifically required by the framework that may be

necessary for the special purpose financial statements to achieve fair presentation.

3. The auditor is required to comply with all AU-C sections relevant to the audit.


366

a. In planning and performing an audit of special purpose financial statements, the auditor

should adapt and apply all AU-C sections relevant to the audit as necessary in the

circumstances of the engagement.

b. In the case of special purpose financial statements prepared in accordance with a

contractual basis of accounting, the auditor should obtain an understanding of any

significant interpretations of the contract that management made in the preparation of

those financial statements. An interpretation is significant when adoption of another

reasonable interpretation would have produced a material difference in the information

presented in the financial statements.

Reporting

1. When reporting on special purpose financial statements, the auditor should apply the

requirements in AU-C 700, Forming an Opinion and Reporting on Financial Statements.

2. With respect to the auditor’s report on special purpose financial statements, the following

rules apply:

a. The explanation of management’ responsibility for the financial statements should also

reference to its responsibility for determining that the applicable financial reporting

framework is acceptable in the circumstances.

When management has no choice of financial reporting frameworks, no reference to

the responsibility for determining the applicable framework is required.

b. The auditor’s report should also describe the purpose for which the financial statements

are prepared, or refer to a note in the special purpose financial statements that contains

that information.

Note: The requirement to describe the purpose for which the financial statements are

prepared only applies to:

a contractual basis of accounting or

a regulatory basis of accounting (general or restricted use only)

3. In most cases, the auditor’s report on special purpose financial statements should have

either an emphasis-of-matter paragraph or other-matter (restricted use) paragraph.

4. Emphasis-of-Matter Paragraph

a. The auditor’s report on special purpose financial statements should include an

emphasis-of- matter paragraph, under an appropriate heading, that:


367

indicates that the financial statements are prepared in accordance with the applicable

special purpose framework

refers to the note to the financial statements that describes that framework, and

states that the special purpose framework is a basis of accounting other than GAAP.

b. The exception is that an emphasis-of-matter paragraph is not required if special-purpose

financial statements are prepared on a regulatory basis for general use.

5. Restricted Use (Other Matter) Paragraph

a. The auditor’s report on special purpose financial statements should include an other

matter paragraph, under an appropriate heading, that restricts the use of the auditor’s

report to those within the entity, the parties to the contract or agreement, or the

regulatory agencies to whose jurisdiction the entity is subject when the special purpose

financial statements are prepared in accordance with either:

a contractual basis of accounting or

a regulatory basis of accounting (restricted use only)

Note: The restricted use (other matter) paragraph is not required for other types of

special purpose reports (e.g., cash or tax basis, or regulatory basis for general use).

6. Regulatory Basis Financial Statements Intended for General Use

a. If the special purpose financial statements are prepared in accordance with a regulatory

basis of accounting, and the special purpose financial statements together with the

auditor’s report are intended for general use, the auditor should not include the

emphasis-of-matter or other-matter paragraphs. Instead, the auditor should provide dual

opinions in the same report as follows:

Opinion 1: Expresses an opinion about whether the special purpose financial statements

are prepared in accordance with GAAP.

Opinion 2: The auditor should also, in a separate paragraph, express an opinion as to

whether the financial statements are prepared in accordance with the special purpose

framework, which is the regulatory basis for general use.

This dual opinion only applies if the auditor reports on a regulatory basis intended for

general use, and not restricted for use. If the regulatory basis for restricted use is used,

a single opinion should be issued.

7. Report Prescribed by Law or Regulation


368

a. If an auditor is required by law or regulation to use a specific layout, form, or wording

of the auditor’s report, the report should refer to GAAS only if the auditor’s report

includes the following elements, at a minimum:

Title

Addressee

Introductory paragraph that identifies the special purpose financial statements

audited

Description of the responsibility of management

Management’s responsibility for determining that the applicable financial reporting

framework is acceptable in the circumstances

Description of the auditor’s responsibility

Opinion paragraph

Emphasis-of-matter paragraph indicating that the financial statements are prepared

in accordance with a special purpose framework, when required

Other-matters paragraph that restricts the use of the auditor’s report, when required

Auditor’s signature

Auditor’s city and state, and

Date of auditor’s report.

Note: AU-C 800 states that if the prescribed specific layout, form, or wording of the

auditor’s report, required by law or regulation, is not acceptable or would cause an

auditor to make a statement that the auditor has no basis to make, the auditor should

reword the prescribed form of report or attach an appropriately worded separate report.

The following chart summarizes the format of the auditor’s report when reporting under a



369

Special Purpose Reports

Cash basis Tax basis Contractual basis Regulatory

basis

Restricted Use

Regulatory basis

General Use

Opinion

Single opinion

on special

purpose

framework

Single opinion

on special

purpose

framework

Single opinion on

special purpose

framework

Single opinion

on special

purpose

framework

Dual

Opinion on

GAAP and

special purpose

framework

Emphasis-of

matter

paragraph- alerting

reader to special

purpose

framework (other

than GAAP)

Yes Yes Yes Yes No

Describe purpose

of financial

statements

No No Yes Yes Yes

Other matter

paragraph

restricting use

No No Yes Yes No

Source: AU-C 800, as modified by author.

Example 1: Auditor’s Report Prepared in Accordance With the Cash Basis of

Accounting (Source: AU-C 800, as modified by author)

Facts:

The financial statements have been prepared by management of a partnership in

accordance with the cash basis of accounting (that is, a special purpose framework).

Management has a choice of financial reporting frameworks.


370



We have audited the accompanying financial statements of ABC Partnership, which comprise the statements of assets and

liabilities arising from cash transactions as of December 31, 20X1, and the related statements of revenue collected and

expenses paid for the year then ended, and the related notes to the financial statements.


Management is responsible for the preparation and fair presentation of these financial statements in accordance with the

cash basis of accounting; this includes determining that the cash basis of accounting is an acceptable basis for the

preparation of financial statements in the circumstances.72

Management is also responsible for the design, implementation,

and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free

from material misstatement, whether due to fraud or error.





misstatement.




considers internal control relevant to the partnership’s preparation and fair presentation of the financial statements in order

to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the

effectiveness of the partnership’s internal control. Accordingly, we express no such opinion. An audit also includes

evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made

by management, as well as evaluating the overall presentation of the financial statements.


Opinion

In our opinion, the financial statements referred to above present fairly, in all material respects, the assets and liabilities

arising from cash transactions of ABC Partnership as of December 31, 20X1, and its revenue collected and its expenses

paid during the year then ended in accordance with the cash basis of accounting described in Note X.

Basis of Accounting

We draw attention to Note X of the financial statements, which describes the basis of accounting. The financial

statements are prepared on the cash basis of accounting which is a basis of accounting other than accounting

principles generally accepted in the United States of America. Our opinion is not modified with respect to this

matter.

[Auditor’s Signature]

[Auditor’s City and State]

[Date of the Auditor’s Report]

72

The SAS requires the auditor’s report to reference management' responsibility for determining that the applicable

financial reporting framework is acceptable in the circumstances. If management does not have a choice of financial

reporting frameworks, the audit report should remove this language from the report.


371

Example 2: Auditor’s Report Prepared in Accordance With the Tax Basis of Accounting

(Source: AU-C 800, as modified by author)

Facts:

The financial statements have been prepared by management of a partnership in

accordance with the basis of accounting the partnership uses for income tax purposes

(that is, a special purpose framework).

Based on the partnership agreement, management does not have a choice of financial

reporting frameworks.



We have audited the accompanying financial statements of ABC Partnership, which comprise the statements of assets,

liabilities, and capital-income tax basis as of December 31, 20X1, and the related statements of revenue and expenses-

income tax basis and of changes in partners’ capital accounts-income tax basis for the year then ended, and the related

notes to the financial statements.



basis of accounting the Partnership uses for income tax purposes; this includes the design, implementation and maintenance

of internal control relevant to the preparation and fair presentation of financial statements that are free from material

misstatement, whether due to fraud or error.





misstatement.




considers internal control relevant to the partnership’s preparation and fair presentation of the financial statements in order

to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the

effectiveness of the partnership’s internal control. Accordingly, we express no such opinion. An audit also includes

evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made

by management, as well as evaluating the overall presentation of the financial statements.


Opinion

In our opinion, the financial statements referred to above present fairly, in all material respects, the assets, liabilities, and

capital of ABC Partnership as of December 31, 20X1, and its revenue and expenses and changes in partners’ capital

accounts for the year then ended in accordance with the basis of accounting the Partnership uses for income tax

purposes described in Note X.

Basis of Accounting


372

We draw attention to Note X of the financial statements, which describes the basis of accounting. The financial

statements are prepared on the basis of accounting the Partnership uses for income tax purposes, which is a basis of

accounting other than accounting principles generally accepted in the United States of America. Our opinion is not

modified with respect to this matter.




Observations- Example 2 Report:

AU-C 800 uses the term “tax basis” to describe income tax basis financial statement. Yet, the

sample report fund in the AU-C uses the term “income tax basis.” In practice, most parties use

the term “income tax basis” and, in the author’s opinion, should continue to do so.

In Example 2, management does not have a choice of framework because the income tax basis

of accounting is required under the partnership agreement. In such a case, the Management’s

Responsibility for the Financial Statements paragraph does not include language referencing

that management is responsible for determining that the income tax basis of accounting is

acceptable.

Let’s look at the comparison:

Scenario 1:

The income tax basis of accounting is used and management does not have the choice of using

another framework.

The language in the management’s responsibility paragraph is as follows (which is what is

given in this Example 2):


Management is responsible for the preparation and fair presentation of these

financial statements in accordance with the basis of accounting the Partnership

uses for income tax purposes; this includes the design, implementation and

maintenance of internal control relevant to the preparation and fair presentation of

financial statements that are free from material misstatement, whether due to fraud

or error.

Scenario 2:

The income tax basis of accounting is used and management does have the choice of using

another framework.


373

The language in the management’s responsibility paragraph is as follows:


Management is responsible for the preparation and fair presentation of these

financial statements in accordance with the basis of accounting the Partnership

uses for income tax purposes; this includes determining that the income tax basis

of accounting is an acceptable basis for the preparation of financial statements in

the circumstances. Management is also responsible for the design, implementation

and maintenance of internal control relevant to the preparation and fair

presentation of financial statements that are free from material misstatement,

whether due to fraud or error.

Example 3: Regulatory Basis- Not Intended for General Use


Facts:

The financial statements have been prepared by management of the entity in accordance

with the financial reporting provisions established by a regulatory agency (that is, a

special purpose framework).

The financial statements together with the auditor’s report are not intended for general

use.

Based on the regulatory requirements, management does not have a choice of financial




We have audited the accompanying financial statements of ABC City, Any State, which comprise cash and unencumbered

cash for each fund as of December 31, 20X1, and the related statements of cash receipts and disbursements and

disbursements-budget and actual for the year then ended, and the related notes to the financial statements.



financial reporting provisions of Section Y of Regulation Z of Any State. Management is also responsible for the design,

implementation and maintenance of internal control relevant to the preparation and fair presentation of financial statements

that are free from material misstatement, whether due to fraud or error.





374


misstatement.










Opinion

In our opinion, the financial statements referred to above present fairly, in all material respects, the cash and unencumbered

cash of each fund of ABC City as of December 31, 20X1, and their respective cash receipts and disbursements, and

budgetary results for the year then ended in accordance with the financial reporting provisions of Section Y of Regulation Z

of Any State described in Note X.

Basis of Accounting

We draw attention to Note X of the financial statements, which describes the basis of accounting. As described in Note X to

the financial statements, the financial statements are prepared by ABC City on the basis of the financial reporting

provisions of Section Y of Regulation Z of Any State, which is a basis of accounting other than accounting principles

generally accepted in the United States of America, to meet the requirements of Any State.73

Our opinion is not modified

with respect to this matter.

Restriction on Use

Our report is intended solely for the information and use of ABC City and Any State and is not intended to be and should

not be used by anyone other than these specified parties.




Note: The restriction on use paragraph is only required for reports on a regulatory basis, not

intended for general use, or on a contractual basis.

73

For reports prepared on a contractual or regulatory basis (general or restricted), the report must include a description of

the purpose for which the financial statements are prepared.


375

Example 4: Regulatory Basis- Intended for General Use


Facts:


with the financial reporting provisions established by a regulatory agency (that is, a

special purpose framework).

The financial statements together with the auditor’s report are intended for general use.

Based on the regulatory requirements, management does not have a choice of financial


The variances between the regulatory basis of accounting and accounting principles

generally accepted in the United States of America (U.S. GAAP) are not reasonably

determinable and are presumed to be material.



We have audited the accompanying financial statements of XYZ City, Any State, which comprise cash and unencumbered

cash for each fund as of December 31, 20X1, and the related statements of cash receipts and disbursements and

disbursements-budget and actual for the year then ended, and the related notes to the financial statements.



financial reporting provisions of Section Y of Regulation Z of Any State. Management is also responsible for the design,

implementation and maintenance of internal control relevant to the preparation and fair presentation of financial statements

that are free from material misstatement, whether due to fraud or error.





misstatement.









We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinions.


376

Basis for Adverse Opinion on U.S. Generally Accepted Accounting Principles

As described in Note X of the financial statements, the financial statements are prepared by XYZ City on the basis of the

financial reporting provisions of Section Y of Regulation Z of Any State, which is a basis of accounting other than

accounting principles generally accepted in the United States of America, to meet the requirements of Any State.74

The effects on the financial statements of the variances between the regulatory basis of accounting described in Note X and

accounting principles generally accepted in the United States of America, although not reasonably determinable, are

presumed to be material.

Adverse Opinion on U.S. Generally Accepted Accounting Principles

In our opinion, because of the significance of the matter discussed in the “Basis for Adverse Opinion on U.S.

Generally Accepted Accounting Principles” paragraph, the financial statements referred to above do not present

fairly, in accordance with accounting principles generally accepted in the United States of America, the financial

position of each fund of XYZ City as of December 31, 20X1, or changes in financial position or cash flows thereof for

the year then ended.

Opinion on Regulatory Basis of Accounting

In our opinion, the financial statements referred to above present fairly, in all material respects, the cash and

unencumbered cash of each fund of XYZ City as of December 31, 20X1, and their respective cash receipts and

disbursements, and budgetary results for the year then ended in accordance with the financial reporting provisions

of Section Y of Regulation Z of Any State described in Note X.




Observation: In the Example 4 report, there is a dual opinion: one on GAAP and one on the

regulatory basis of accounting. The dual opinion is required whenever an auditor reports on a

regulatory basis and the financial statements are intended for general use. In doing so, there is

an adverse opinion on the GAAP basis, and an unmodified opinion on the regulatory basis. If

the financial statements are restricted for use, only an opinion on the regulatory basis is

required.

Example 5: Contractual Basis of Accounting


Facts:


with a contractual basis of accounting (that is, a special purpose framework) to comply

with the provisions of that contract.

Based on the provisions of the contract, management does not have a choice of financial


74




377



We have audited the accompanying financial statements of ABC Company, which comprise the assets and liabilities-

contractual basis as of December 31, 20X1, and the revenues and expenses-contractual basis, changes in equity-contractual

basis and cash flows-contractual basis for the year then ended, and the related notes to the financial statements.



financial reporting provisions of Section Z of the contract between ABC Company and DEF Company dated January 1,

20X1 (the contract). Management is also responsible for the design, implementation, and maintenance of internal control

relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether

due to fraud or error.





misstatement.










Opinion

In our opinion, the financial statements referred to above present fairly, in all material respects, the assets and liabilities of

ABC Company as of December 31, 20X1, and revenues, expenses, changes in equity, and cash flows for the year then

ended in accordance with the financial reporting provisions of Section Z of the contract.

Basis of Accounting

We draw attention to Note X of the financial statements, which describes the basis of accounting. The financial statements

are prepared by ABC Company on the basis of the financial reporting provisions of Section Z of the contract, which is a

basis of accounting other than accounting principles generally accepted in the United States of America, to comply with the

financial reporting provisions of the contract75

referred to above. Our opinion is not modified with respect to this matter.

75




378

Restriction on Use

Our report is intended solely for the information and use of ABC Company and DEF Company and is not intended to be

and should not be used by anyone other than these specified parties.




Note: The restriction on use paragraph is only required for reports on a regulatory basis, not

intended for general use, or on a contractual basis.

Fair Presentation and Adequate Disclosures

1. When the special purpose financial statements contain items that are the same as, or similar

to, those in financial statements prepared in accordance with GAAP, informative

disclosures similar to those required by GAAP are necessary to achieve fair presentation.

Example: Financial statements prepared on a tax basis or on a modified cash basis of

accounting usually reflect depreciation, long-term debt, and owners’ equity. Thus, the

informative disclosures for depreciation, long-term debt, and owners’ equity in such

financial statements would be comparable to those in financial statements prepared in

accordance with GAAP.

2. As a result, with respect to special purpose financial statements that contain items that are

the same as, or similar to, those in financial statements prepared in accordance with

generally accepted accounting principles (GAAP), the new SAS requires the auditor to

evaluate:

Whether the financial statements include informative disclosures similar to those

required by GAAP, and

Whether additional disclosures, beyond those specifically required by the framework,

relate to matters that are not specifically identified on the face of the financial

statements or other disclosures are necessary for the financial statements to achieve fair

presentation.

3. If special purpose financial statements contain items for which GAAP would require

disclosure, the financial statements may either:

Provide the relevant disclosure that would be required for those items in a GAAP

presentation, or

Provide qualitative information that communicates the substance of that disclosure.


379

4. If GAAP provides requirements that apply to the presentation of financial statements,

special purpose financial statements may either:

Comply with those requirements, or

Provide qualitative information that communicates the substance of those requirements,

without modifying the format of the special purpose financial statements.

Note: When special purpose financial statements are issued, qualitative information may be

substituted for the quantitative information required for GAAP presentations provides the

information communicates the substance of the GAAP requirements.

5. For special purpose financial statements, if GAAP disclosure requirements are not relevant

to the measurement of the item, those disclosures do not have to be considered.

Example:

Fair value disclosures for debt and equity securities would not be relevant when the

basis of presentation does not adjust the cost of such securities to their fair value.

Disclosures related to actuarial calculations for contributions to defined benefit plans

would not be relevant in financial statements prepared in accordance with the cash or

tax basis of accounting.

Disclosures related to the use of estimates would not be relevant in a presentation that

has no estimates, such as the cash basis of accounting.

6. Statement of cash flows:

Special purpose financial statements may not require that a statement of cash flows be

presented, such as in the case of cash or tax basis financial statements.

If a presentation of cash receipts and disbursements is presented in a format similar to a

statement of cash flows or if the entity chooses to present such a statement, the

statement would either conform to the requirements for a GAAP presentation or

communicate their substance.


380

AU-C 210: Terms of Engagement

Supersedes: portions of SAS No. 108, Planning and Supervision, and SAS No. 84,

Communication Between Predecessor and Successor Auditors.


1. Requires the auditor to explicitly determine whether the financial reporting framework

to be applied in the preparation of the financial statements is acceptable.

2. Requires the auditor to obtain the agreement of management (in an engagement letter)

that it acknowledges and understands its responsibility.

a. Such understanding should include management’s responsibility for:

preparation and fair presentation of the financial statements under the

applicable framework

the design, implementation and maintenance of internal control, and

providing access and information to the auditor.

3. On recurring audits, requires the auditor to assess whether circumstances require the

terms of the audit to be revised.

4. Deals with situations in which law or regulation prescribes a specific layout, form, or

wording of the auditor’s report that significantly differs from GAAS.


381

Example of an Audit Engagement Letter (from Exhibit A of AU-C 210)

Following is an example the new engagement letter offered by AU-C 210.

Changes made by AU-C 210 are presented in bold type.

To the appropriate representative of those charged with governance of ABC Company:

[The objective and scope of the audit]

You have requested that we audit the financial statements of ABC Company, which comprise the balance sheet

as of December 31, 20XX, and the related statements of income, changes in stockholders’ equity and cash flows

for the year then ended, and the related notes to the financial statements. We are pleased to confirm our

acceptance and our understanding of this audit engagement by means of this letter. Our audit will be conducted

with the objective of our expressing an opinion on the financial statements.

[The responsibilities of the auditor]

We will conduct our audit in accordance with auditing standards generally accepted in the United States

(GAAS). Those standards require that we plan and perform the audit to obtain reasonable assurance about

whether the financial statements are free of material misstatement. An audit involves performing procedures to

obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected

depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial

statements, whether due to fraud or error. An audit also includes evaluating the appropriateness of accounting

policies used and the reasonableness of significant accounting estimates made by management, as well as

evaluating the overall presentation of the financial statements.

Because of the inherent limitations of an audit, together with the inherent limitations of internal control, an

unavoidable risk that some material misstatements may not be detected exists, even though the audit is properly

planned and performed in accordance with GAAS.

In making our risk assessments, we consider internal control relevant to the entity’s preparation and fair

presentation of the financial statements in order to design audit procedures that are appropriate in the

circumstances but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal

control. However, we will communicate to you in writing concerning any significant deficiencies or material

weaknesses in internal control relevant to the audit of the financial statements that we have identified during the

audit.

[The responsibilities of management and identification of the applicable financial reporting framework]

Our audit will be conducted on the basis that [management and, where appropriate, those charged with

governance] acknowledge and understand that they have responsibility:

a. for the preparation and fair presentation of the financial statements in accordance with

accounting principles generally accepted in the United States


382

b. for the design, implementation, and maintenance of internal control relevant to the preparation

and fair presentation of financial statements that are free from material misstatement, whether

due to fraud or error, and

c. to provide us with:

access to all information of which [management] is aware that is relevant to the preparation

and fair presentation of the financial statements such as records, documentation, and other

matters

additional information that we may request from [management] for the purpose of the audit,

and

unrestricted access to persons within the entity from whom we determine it necessary to

obtain audit evidence.

As part of our audit process, we will request from [management and, where appropriate, those charged

with governance], written confirmation concerning representations made to us in connection with the

audit.

[Other relevant information]

[Insert other information, such as fee arrangements, billings, and other specific terms, as appropriate.]

[Reporting]

[Insert appropriate reference to the expected form and content of the auditor’s report. Example follows:]

We will issue a written report upon completion of our audit of ABC Company’s financial statements. Our report

will be addressed to the board of directors of ABC Company. We cannot provide assurance that an unmodified

opinion will be expressed. Circumstances may arise in which it is necessary for us to modify our opinion, add an

emphasis of matter or other matter paragraph(s), or withdraw from the engagement.

We also will issue a written report on [Insert appropriate reference to other auditor’s reports expected to be

issued.] upon completion of our audit.

Please sign and return the attached copy of this letter to indicate your acknowledgement of, and agreement with,

the arrangements for our audit of the financial statements including our respective responsibilities.

XYZ & Co.

Acknowledged and agreed on behalf of ABC Company by

___________________________

[Signed]

[Name and Title]

[Date]


383

580: Written Representations

Supersedes: SAS No. 85, Management Representations.


The SAS introduces a new management representation letter.

1. AU-C 580 makes minor changes to the language found in the illustrative management

representation letter.

2. The new SAS does not change or expand the requirements previously found in SAS No. 85,

in any significant respect.


384

Exhibit: Illustrative Representation Letter

The following illustrative letter includes written representations that are required by this and

other AU sections in effect for audits of financial statements for periods ending on or after

December 15, 2012.

New language provided by AU-C 580 is presented in bold type.

(Entity Letterhead)

(To Auditor) (Date)

This representation letter is provided in connection with your audit of the financial statements of ABC

Company, which comprise the balance sheet as of December 31, 20XX, and the related statements of income,

changes in stockholders’ equity and cash flows for the year then ended, and the related notes to the financial

statements, for the purpose of expressing an opinion as to whether the financial statements are presented fairly,

in all material respects, in accordance with accounting principles generally accepted in the United States (U.S.

GAAP).

Certain representations in this letter are described as being limited to matters that are material. Items are

considered material, regardless of size, if they involve an omission or misstatement of accounting information

that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person

relying on the information would be changed or influenced by the omission or misstatement.

Except where otherwise stated below, immaterial matters less than $[insert amount] collectively are not

considered to be exceptions that require disclosure for the purpose of the following representations. This

amount is not necessarily indicative of amounts that would require adjustment to or disclosure in the


We confirm that, to the best of our knowledge and belief, having made such inquiries as we considered

necessary for the purpose of appropriately informing ourselves, as of (date of auditor’s report):

Financial Statements

We have fulfilled our responsibilities, as set out in the terms of the audit engagement dated [insert date],

for the preparation and fair presentation of the financial statements in accordance with U.S. GAAP [or

other financial reporting framework].

We acknowledge our responsibility for the design, implementation, and maintenance of internal

control relevant to the preparation and fair presentation of financial statements that are free from


We acknowledge our responsibility for the design, implementation, and maintenance of internal control

to prevent and detect fraud.

Significant assumptions used by us in making accounting estimates, including those measured at

fair value, are reasonable.

Related party relationships and transactions have been appropriately accounted for and disclosed in

accordance with the requirements of U.S. GAAP.

All events subsequent to the date of the financial statements and for which U.S. GAAP requires

adjustment or disclosure have been adjusted or disclosed.


385

The effects of uncorrected misstatements are immaterial, both individually and in the aggregate, to the

financial statements as a whole. A list of the uncorrected misstatements is attached to the representation

letter. [Attached List]76

The effects of all known actual or possible litigation and claims have been accounted for and disclosed

in accordance with U.S. GAAP.

[Any other matters that the auditor may consider appropriate]

Information Provided

We have provided you with:

o Access to all information, of which we are aware that is relevant to the preparation and fair

presentation of the financial statements such as records, documentation and other matters;

Additional information that you have requested from us for the purpose of the audit; and

o Unrestricted access to persons within the entity from whom you determined it necessary to

obtain audit evidence.

All transactions have been recorded in the accounting records and are reflected in the financial

statements.

We have disclosed to you the results of our assessment of the risk that the financial statements

may be materially misstated as a result of fraud.

We have [no knowledge of any][disclosed to you all information that we are aware of in relation to]

fraud or suspected fraud that affects the entity and involves:

o Management;

o Employees who have significant roles in internal control; or

o Others where the fraud could have a material effect on the financial statements.

We have [no knowledge of any][disclosed to you all information in relation to] allegations of fraud, or

suspected fraud, affecting the entity’s financial statements communicated by employees, former

employees, analysts, regulators or others.

We have disclosed to you all known instances of non-compliance or suspected non-compliance

with laws and regulations whose effects should be considered when preparing financial

statements.

We [have disclosed to you all known actual or possible][ are not aware of any pending or threatened]

litigation and claims whose effects should be considered when preparing the financial statements [and

we have not consulted legal counsel concerning litigation or claims]

We have disclosed to you the identity of the entity’s related parties and all the related party relationships

and transactions of which we are aware.

[Any other matters that the auditor may consider necessary].

___________________

[Name of Chief Executive Officer and Title]

____________________

[Name of Chief Financial Officer and Title]

Note: The previous illustration assumes that the applicable financial reporting framework is

accounting principles generally accepted in the United States. Further, it assumes that there is

no requirement for representation involving going concern, and that there are no exceptions

76

Attached to the representation letter should be a list of uncorrected entries.


386

that exist to the requested written representations. If there were exceptions, the representations

would need to be modified to reflect the exceptions.


387

REVIEW QUESTIONS









1. In a group audit, which of the following is responsible for reviewing and approving the

overall group audit strategy and group audit plan:

a. Component auditor

b. Group engagement team

c. Group engagement partner

d. Component management

2. In a group audit, which of the following parties is responsible for obtaining an

understanding of the component auditor:

a. Group engagement partner

b. Group quality control reviewer

c. Group engagement team

d. Group board of directors

3. If a group auditor does not wish to assume responsibility for a component, which of the

following should he or she do:

a. Make reference to the component auditor in the group auditor’s report

b. Include a disclaimer in the engagement letter and make no reference in the group

auditor’s report

c. Do not reference the component auditor in the group auditor’s report

d. Include a disclosure in the notes to financial statements in which the group auditor

disclaims responsibility for the work of the component auditor

4. A group auditor should not reference the work of a component auditor in the group audit

report unless the component’s financial statements are prepared using _____________.

a. International standards

b. the same financial reporting framework as the group financial statements

c. U.S. GAAP

d. Other comprehensive basis of accounting (OCBOA)


388

5. Which of the following is not a basis of accounting included under the special purpose

framework?

a. Cash basis

b. Tax basis

c. Contractual basis

d. Accrual basis

6. In an audit of a special purpose framework, the auditor is required to obtain agreement of

management that it acknowledges and understands it responsibility. Such information

includes all of the following except:

a. Description of the special purpose framework

b. Required GAAP disclosures

c. A description of any significant interpretations of the contract on which the special

purpose financial statements are based

d. Additional disclosures beyond those specifically required

7. Facts: Management is using a financial reporting framework for its financial statements.

Management has no choice of using another financial reporting framework. Which of the

following is correct?

a. Reference to the responsibility for determining the applicable framework is required

b. No reference to the responsibility for determining the applicable framework is required

c. The report should not explain the management’s responsibility for the financial

statements

d. Reference to the responsibility for determining the applicable framework is not

permitted

8. An auditor’s report on special purpose financial statements should include an other-matter

paragraph that restricts the use of the auditor’s report for which of the following bases of

accounting:

a. Cash basis of accounting

b. Tax basis of accounting

c. Contractual basis of accounting

d. Regulatory basis of accounting, general use only

9. With respect to special purpose financial statements, if such statements contain items for

which GAAP would require disclosure, the financial statements may ___________:

a. Provide a quantitative disclosure in the special purpose format

b. Provide the relevant disclosure that would be required for those items in a GAAP

presentation

c. Show comparative disclosures in both the special purpose and GAAP format

d. Provide both qualitative and quantitative disclosure in the special purpose format


389

SUGGESTED SOLUTIONS

1. In a group audit, which of the following is responsible for reviewing and approving the

overall group audit strategy and group audit plan:

a. Incorrect. The component auditor has nothing to do with the work at the group level.

b. Incorrect. The group engagement team is responsible for executing the group audit but

is not responsible for the final review and approval of the overall group audit strategy

and audit plan. That task belongs to the group engagement partner.

c. Correct. The group engagement partner is responsible for reviewing and

approving the overall group audit strategy and group audit plan.

d. Incorrect. Component management and, in fact, any management, is not involved in

making decisions related to the audit, making the answer incorrect.

2. In a group audit, which of the following parties is responsible for obtaining an

understanding of the component auditor?

a. Incorrect. Although the group engagement partner is responsible for final approval, the

group engagement partner is not involved in obtaining an understanding of the

component auditor. That task is performed by the group engagement team.

b. Incorrect. The group quality control reviewer is responsible for reviewing the audit

engagement but is not involved in actually performing the audit work, which includes

obtaining an understanding of the component auditor.

c. Correct. The group engagement team is required to obtain an understanding of the

component auditor.

d. Incorrect. The group board of directors is not involved in performing any audit

procedures, making the answer incorrect.

3. If a group auditor does not wish to assume responsibility for a component, which of the

following should he or she do:

a. Correct. By making reference to the component auditor in the group auditor’s

report, the group auditor does not assume responsibility for the component

auditor.

b. Incorrect. Although the group auditor may wish to include a disclaimer in the

engagement letter, the group auditor also must reference the component auditor in the

group auditor’s report

c. Incorrect. GAAS requires that the group auditor must reference the component auditor

in the group auditor’s report if the group auditor does not wish to assume responsibility

for the component.

d. Incorrect. Placing a disclosure in the notes to financial statements is not sufficient.

There must be reference to the component auditor in the group auditor’s report.

4. A group auditor should not reference the work of a component auditor in the group audit

report unless the component’s financial statements are prepared using _____________.


390

a. Incorrect. Use of international standards by the component’s financial statements would

be required only if the group financial statements were also prepared using international

standards. Thus, the answer is incorrect.

b. Correct. GAAS requires that the component’s financial statements be on the same

financial reporting framework as the group financial statements. If not, the group

auditor is not allowed to reference to work of the component auditor in the group

audit report.

c. Incorrect. U.S. GAAP is required for the component financial statements only if U.S.

GAAP is used for the group’s financial statements.

d. Incorrect. Using OCBOA is required for the component financial statements only if

OCBOA is used for the group’s financial statements.

5. Which of the following is not a basis of accounting included under the special purpose

framework?

a. Incorrect. The cash basis is an example of a basis under the special purpose framework.

b. Incorrect. The tax basis is an example of a basis under the special purpose framework.

c. Incorrect. The contractual basis is an example of a basis under the special purpose

framework.

d. Correct. The accrual basis of accounting, by itself, is not a basis included under

the definition of a special purpose framework, making the answer correct.

6. In an audit of a special purpose framework, the auditor is required to obtain agreement of

management that it acknowledges and understands its responsibility. Such information

includes all of the following except:

a. Incorrect. One of the items that the auditor must get agreement with management is the

description of the special purpose framework including a summary of significant

accounting policies, and how the framework differs from GAAP, the effects of which

need not be quantified.

b. Correct. The agreement should include all informative disclosures similar to those

required by GAAP (not required GAAP disclosures), making the answer correct.

c. Incorrect. One requirement is for the auditor to obtain agreement on a description of any

significant interpretations of the contract on which the special purpose financial

statements are based.

d. Incorrect. The auditor is required to obtain agreement as to any additional disclosures

beyond those specifically required

7. Facts: Management is using a financial reporting framework for its financial statements.

Management has no choice of using another financial reporting framework. Which of the

following is correct?

a. Incorrect. Reference to the responsibility for determining the applicable framework is

not required, making the answer incorrect.

b. Correct. In a situation in which management has no choice of the financial

reporting framework, no reference to the responsibility for determining the

applicable framework is required.


391

c. Incorrect. The report should always explain management’s responsibility for the

financial statements, regardless of whether management has a choice of framework.

d. Incorrect. The SAS states that when management has no choice of using another

framework, reference to the responsibility for determining the applicable framework is

not required, but it is permitted.

8. An auditor’s report on special purpose financial statements should include an other-matter

paragraph that restricts the use of the auditor’s report for which of the following bases of

accounting:

a. Incorrect. A restricted use of the auditor’s report is not required for the cash basis of

accounting.

b. Incorrect. A restricted use of the auditor’s report is not required for the tax basis of

accounting.

c. Correct. GAAS requires that the report be restricted for use when there is a

contractual basis of accounting.

d. Incorrect. Only a regulatory basis of accounting, restricted for use only, requires that

the auditor’s report be restricted for use. A regulatory basis of accounting for general

use has no such restriction.

9. With respect to special purpose financial statements, if such statement contains items for

which GAAP would require disclosure, the financial statements may ___________.

a. Incorrect. AU-C 600 provides one option which is to provide qualitative (not

quantitative) disclosure in the special purpose format.

b. Correct. One option allowed is to provide the relevant disclosure that would be

required for those items in a GAAP presentation

c. Incorrect. There is no requirement to show comparative disclosures in both the special

purpose and GAAP format.

d. Incorrect. GAAS provides for presenting qualitative disclosures in the special purpose

format, but no requirement to show quantitative disclosures along with it.


392

Other SASs Issued in the Clarity Project as Part of SAS Nos. 122-125

The remainder of the Clarity Project changes found in SAS Nos. 122-125 consist of numerous

new standards that, in general, do not make substantive changes to the way in which auditors

conduct their auditors.

Following is a listing of those new standards, segregated into those that make modest changes

to GAAS, and those that result in a mere reformatting of existing GAAP.

AU-C Title

Standards –Modest Changes to GAAS

200 Overall Objectives of the Independent Auditor and the Conduct of An Audit in

Accordance with Generally Accepted Auditing Standards

220 Quality Control for an Engagement Conducted in Accordance With Generally

Accepted Auditing Standards

510 Opening Balances-Initial Audit Engagements, Including Reaudit Engagements

Standards- Reformatting of Existing GAAS

230 Audit Documentation

240 Consideration of Fraud in a Financial Statement Audit

260 The Auditor’s Communication With Those Charged With Governance

300 Planning an Audit

315 Understanding the Entity and Its Environment and Assessing the Risks of

Material Misstatement

320 Materiality in Planning and Performing an Audit

330 Performing Audit Procedures in Response to Assessed Risks and Evaluating the

Audit Evidence Obtained

402 Audit Considerations Relating to an Entity Using a Service Organization

450 Evaluation of Misstatements Identified During the Audit

500 Audit Evidence

501 Audit Evidence-Specific Considerations for Selected Items

505 External Confirmations

520 Analytical Procedures

530 Audit Sampling

540 Auditing Accounting Estimates, Including Fair Value Accounting Estimates and

Related Disclosures

550 Related Parties

560 Subsequent Events and Subsequently Discovered Facts

585 Consideration of Omitted Procedures After the Report Release Date

620 Using the Work of an Auditor’s Specialist

708 Consistency of Financial Statements

720 Other Information in Documents Containing Audited Financial Statements

725 Supplementary Information in Relation to the Financial Statements as a Whole


393

730 Required Supplementary Information

805 Special Considerations- Audits of Single Financial Statements and Specific

Elements, Accounts, or Items of a Financial Statement

806 Reporting on Compliance With Aspects of Contractual Agreements or

Regulatory Requirements in Connection With Audited Financial Statements

810 Engagements to Report on Summary Financial Statements

905 Alert That Restricts the Use of the Auditor’s Written Communication

910 Financial Statements Prepared in Accordance With a Financial Reporting

Framework Generally Accepted in Another Country

915 Reporting on Application of Requirements of an Applicable Financial Reporting

Framework

920 Letters for Underwriters and Certain Other Requesting Parties

925 Filings With the U.S. Securities and Exchange Commission Under the Securities

Act of 1933

930 Interim Financial Information

935 Compliance Audits


394

Glossary

Brainstorming: A method of shared problem solving in which all members of a group

spontaneously contribute ideas.

Cash basis: A basis of accounting that the entity uses to record cash receipts and

disbursements and modifications of the cash basis having substantial support.

Component: An entity or business activity for which group or component management

prepares financial information that should be included in the group financial statements.

Component auditors: Auditors who do not meet the definition of a member of the group

engagement team, including an auditor who may work for a network firm of the group

engagement partner’s firm or may even work for a different office of the same firm.

Contractual basis: A basis of accounting that the entity uses to comply with an agreement

between the entity and one or more third parties other than the auditor.

Deficiency in internal control: The design or operation of a control does not allow

management or employees, in the normal course of performing their assigned functions, to

prevent, or detect and correct, misstatements on a timely basis.

Emphasis-of-matter paragraph: A paragraph included in the auditor’s report that is required

by GAAS, or is included at the auditor’s discretion, and that refers to a matter appropriately

presented or disclosed in the financial statements that, in the auditor’s judgment, is of such

importance that it is fundamental to users’ understanding of the financial statements.

Fraud: An intentional act by one or more individuals among management, those charged with

governance, employees, or third parties, involving the use of deception that results in a

misstatement in financial statements that are the subject of an audit.

Group: All the components whose financial information is included in the group financial

statements. A group always has more than one component.

Group engagement partner: The partner or other person in the firm who is responsible for

the group audit engagement and its performance and for the auditor’s report on the group

financial statements that is issued on behalf of the firm.

Group engagement team: Partners, including the group engagement partner, and staff who

establish the overall group audit strategy, communicate with component auditors, perform

work on the consolidation process, and evaluate the conclusions drawn from the audit evidence

as the basis for forming an opinion on the group financial statements.


395

Group financial statements: Financial statements that include the financial information of

more than one component.

Material weakness: A deficiency, or a combination of deficiencies, in internal control, such

that there is a reasonable possibility that a material misstatement of the entity’s financial

statements will not be prevented, or detected and corrected, on a timely basis.

Modified opinion: A qualified opinion, an adverse opinion, or a disclaimer of opinion.

Money laundering: To move illegally acquired cash through financial systems so that it

appears to be legally acquired.

Noncompliance: Acts of omission or commission by the entity, either intentional or

unintentional, which are contrary to the prevailing laws or regulations.

Other-matter paragraph: A paragraph included in the auditor’s report that is required by

GAAS, or is included at the auditor’s discretion, and that refers to a matter other than those

presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant to

users’ understanding of the audit, the auditor’s responsibilities, or the auditor’s report.

Pervasive: A term used in the context of misstatements to describe the effects on the financial

statements of misstatements or the possible effects on the financial statements of

misstatements, if any, that are undetected due to an inability to obtain sufficient appropriate

audit-evidence.

Preconditions for an audit: The use by management of an acceptable financial reporting

framework in the preparation of the financial statements and the agreement of management

and, when appropriate, those charged with governance, to the premise on which an audit is

conducted.

Privity standard: Accountant’s liability is limited to those third parties with whom the

accountant has a contractual relationship.

Professional skepticism: An open-minded attitude that presumes that parties are neither

totally honest nor totally dishonest.

Public Company Accounting Oversight Board (PCAOB): A regulatory body created by the

Sarbanes-Oxley Act of 2002, which regulates audits of SEC registrants, and operates under the

U.S. Securities and Exchange Commission.

Rainy day fund: A hidden reserve that can be used to adjust quarterly earnings.

Recurring audit: An audit engagement for an existing audit client for whom the auditor

performed the preceding audit.


396

Regulatory basis: A basis of accounting that the entity uses to comply with the requirements

or financial reporting provisions of a regulatory agency to whose jurisdiction the entity is

subject (for example, a basis of accounting that insurance companies use pursuant to the

accounting practices prescribed or permitted by a state insurance commission).

Sarbanes-Oxley Act: The Act signed into law that became effective in 2002. The Act contains

sweeping reforms for issuers of publicly traded securities, corporate board members, and

lawyers. It adopts tough new provisions intended to deter and punish corporate and accounting

fraud and corruption, threatening severe penalties for wrongdoers, and protecting the interests

of workers and shareholders.

Significant Component: A component identified by the group engagement team (i) that is of

individual financial significance to the group, or (ii) that, due to its specific nature or

circumstances, is likely to include significant risks of material misstatement of the group


Significant deficiency: A deficiency, or a combination of deficiencies, in internal control that

is less severe than a material weakness yet important enough to merit attention by those

charged with governance.

Special purpose financial statements: Financial statements prepared in accordance with a


Special purpose framework: A financial reporting framework other than GAAP that is one of

the following bases of accounting: cash basis, tax basis, regulatory basis, or contractual basis.

Spring-loading: The practice in which an entity acquiring another entity may try to

manipulate the financial performance of the target entity during the preacquisition period.

Tax basis: A basis of accounting that the entity uses to file its income tax return for the period

covered by the financial statements.

Variable interest entity: An entity that has one or both of the following characteristics: (1) its

equity at risk is not sufficient to permit the entity to finance its activities without additional

subordinated financial support from other parties, or (2) as a group, the equity investors lack

one or more of the following characteristics: (a) direct/indirect ability to make decisions, (b)

obligation to absorb expected losses, or (c) right to receive expected residual returns.


397

Index

A

accounting estimates, 10,14, 19, 20, 85, 88, 334

adverse opinion, 160, 162, 338, 339, 340, 341, 342

Altman Z Score, 234

analytical procedures, 10, 14, 63, 85, 90, 95, 101, 102, 202, 209,

233, 269, 279, 280, 281, 282, 283, 297, 311

audit documentation, 268, 269

B

Big Four, 132, 137, 139, 140, 141, 142, 143, 146, 148, 149, 150,

151, 152, 153, 293

C

cash larceny, 43, 44, 66, 68, 71

component, 357

Crazy Eddie Rip-off, 62

D

D&O insurance, 173, 174, 175, 176

defined benefit pension plans, 23, 381

E

engagement letter, 132, 133, 135, 136, 202, 205, 256, 257, 263,

264, 278, 296, 301, 310, 318, 382, 383

F

foreseability approach, 264, 266, 267

fraud triangle, 56, 57, 58, 64, 118, 127

fraudulent cash disbursements, 42, 43, 66

fraudulent financial reporting, 21, 36, 39, 55, 56, 58, 59, 60, 61,

83, 84, 87, 98, 102, 104, 192

G

going concern, 10, 12, 13, 24, 87, 143, 146, 235, 236, 269, 283,

284, 285, 387

I

investment writedowns, 17

L

lease agreements, 292

legal letters, 300

long-lived assets, 17, 279

M

material weakness, 162, 166, 328

misappropriation of assets, 39

modified opinion, 338

money laundering, 105

N

near-privity, 264

noncompliance, 223, 284, 318, 320, 321, 322, 323, 324

O

occupational fraud, 37, 39

other-matter paragraph, 347

outsourcing, 26

P

Pervasive, 338

privity, 263, 264

Q

qualified opinion, 338, 339, 340, 341

R

regulatory basis, 366

related party transactions, 244, 245

restatement approach, 264, 265

revenue fraud, 97

risk assessment procedures, 9

round-trip transactions, 240

S

Sarbanes-Oxley Act, 141, 153, 156, 160, 161, 163, 164

significant component, 358

significant deficiency, 328

skimming, 39

spring-loading, 28

T

tax basis, 279, 366

termination benefits, 30

time theft, 81

U

understated expenses, 24

unmodified opinion, 333

NAME: ______________________________

Email address: _____________________________ please print clearly

Mailing address: _____________________________

_____________________________ You can either fax the exam back to 1-317-219-3223 or scan it and email it back to [email protected]. If you

prefer to mail it, the address is CFO Resources LLC, PO 611 Noblesville, IN 46061.

You will be notified of results within one week. A passing grade is 70%.

If you prefer instant results, take the on-line exam and receive an instant grade and certificate for passing. Just click

on the Student Login button on the top of the www.cpaselfstudy.com website or go to

http://www.takeexams.cpaselfstudy.com.

I prefer to receive my grade and certificate by – please select one:

Email Mail Fax

Course Name: Audit Engagement Developments Course ID: AACSFAUD Please transfer your answers to this sheet and fax them so that you do not have to fax all the pages. Please make

sure that your answers are clearly circled.

1 A B C D 21 A B C D 41 A B C D 61 A B C D




















Click or access this link to go to our course evaluation page.

http://cpaselfstudy.com//evaluation.htm

mailto:[email protected]

http://www.cpaselfstudy.com/

http://cpaselfstudy.com/evaluation.htm

Audit Engagement Developments CPE -Exam

Instructions: Please select the single best answer.

1. Factors to consider in evaluating going concern include all of the following except:

a. Negative trends and recurring operating losses or working capital deficiencies

b. Financial difficulties such as loan defaults or denial of trade credit from suppliers

c. Ability to obtain external financing

d. Ability to obtain new customers at terms and conditions acceptable to the company

2. Auditing procedures with respect to receivables and, in particular, the adequacy of the

allowance for doubtful accounts include all of the following except:

a. Investigate unusual credit limits or nonstandard payment terms given to customers

b. Test the realization of receivables

c. Review the industry in which the customers operate

d. Review the collectability of vendor financing given to customers

3. Specific auditing procedures to determine if inventories are properly valued include all of the

following except:

a. Product sales trends and expected future demand

b. Sales forecasts for products in comparison to industry demand

c. Anticipated technological changes that could affect the value of inventories

d. The quantity of high-value inventory items at year end

4. ASC 320, Debt and Equity Securities (formerly FASB No. 115), deals with the accounting

for securities. ASC 320 places securities into ______ categories.

a. Two

b. Three

c. Four

d. Five

5. Categories of securities included under ASC 320 (formerly FASB No. 115) include all of the

following except:

a. Debt securities held-to-maturity

b. Investments in closely held businesses

c. Trading securities

d. Available-for-sale securities

6. What continues to head the list of areas subject to fraudulent financial reporting:

a. Inventory valuation

b. Revenue recognition

c. Understating payables

d. None of the above

7. Auditors should be aware of ways in which entities may attempt to apply spring-loading

tactics such as inflating reserves and allowances. Examples of inflating reserves and

allowances include all of the following except:

a. Reserve for merger costs

b. Reserve for inventory obsolescence

c. Allowance for doubtful accounts on receivables

d. Accrued vacation pay

8. What differentiates fraud from an error:

a. Intent

b. Risk

c. Degree of loss


9. The three conditions of the fraud triangle include all of the following except:

a. Lifestyle and standard of living

b. Incentive and pressure

c. Opportunity

d. Rationalization or attitude

10. Common types of financial statement fraud noted by the FBI include all of the following

except:

a. Phony sales

b. Cash theft

c. Parked inventory sales

d. Channel stuffing

11. Misappropriation of assets is accomplished in several ways, including all of the following

except:

a. Embezzling receipts

b. Overstating revenue or inventory

c. Stealing assets

d. Causing the entity pay for goods or services not received

12. In the comparison of types of fraud, which of the following has the highest ease of

concealing the identity of the fraudster?

a. Phony vendors

b. Register disbursement

c. Expense reimbursement

d. Check tampering

13. Professional skepticism is an attitude based on all of the following except:

a. Having a questioning mind and performing a critical assessment of all audit evidence

received

b. Possessing a “show me” mindset that recognizes the distinct possibility that a material

misstatement due to fraud could be present

c. Ensuring that all statements made by a client are included in a management

representation letter

d. Probing evidence more thoroughly and critically

14. SAS No. 99 requires that an auditor perform three additional procedures to deal with the risk

of management override of internal controls. The additional procedures include all of the

following except:

a. Examine journal entries

b. Review accounting estimates for biases that could result in material misstatement due

to fraud

c. Evaluate the business rationale for significant unusual transactions

d. Conduct a brainstorming session

15. One of the key elements emphasized in SAS No. 99 is for an auditor to have heightened

professional skepticism in conducting an audit. The AICPA’s Audit Risk Alert identifies a

list of “circumstances and observations” that should catch the attention of the auditor. That

list includes all of the following except:

a. A company that has a culture of arrogance

b. An ineffective audit committee and board governance

c. An overly centralized control over the financial reporting process

d. An overly loyal management team

16. Weak audit procedures increase the risk that deficiencies in internal control and poor

accounting practices will not be noticed. Examples of audit procedures that enhance the risk

that fraud might not be detected include all of the following except:

a. Accepting verbal or written representations by company management and personnel

without obtaining independent corroborating evidence of such representations

b. Accepting confirmations sent directly to the company being audited instead of the

auditor

c. Failure to confirm unusual transactions with third parties

d. Failure to observe inventories

17. SAB No. 101, Revenue Recognition in Financial Statements, offers four criteria that need to

be met in order to recognize revenue. The four criteria include all of the following except:

a. There is persuasive evidence that an arrangement exists

b. A delivery of goods has occurred or services have been rendered

c. There is a right to return the goods by the buyer

d. Collectability of the sale or service is reasonably assured

18. Under ASC 605-15-25, Revenue Recognition-Products- Recognition (formerly FASB

No. 48), if an entity sells its product but gives the buyer the right to return the product, the

revenue shall be recorded only if all of the conditions have been met. The conditions include

all of the following except:

a. The seller’s price to the buyer is substantially fixed or determinable at the date of sale

b. The buyer has economic substance apart from the seller

c. The amount of future returns can be reasonably estimated

d. There is a legal right of offset

19. With respect to side agreements involving receivables, an auditor should consider the use of

additional audit procedures that may include all of the following except:

a. Obtaining a sufficient understanding of the client’s industry and business

b. Send out the standard confirmation to the accounts payable department

c. Make inquiries of relevant personnel

d. Read and understand contracts

20. Which of the following is an element of the predator profile that Bernie Madoff had?

a. People around Madoff loved him

b. Madoff had an inferiority complex

c. Madoff apologized too much for his fraud

d. Madoff had the need to look successful

21. Which of the following is an acceptable type of indemnification clause that an auditor can

place in his or her engagement letter: Indemnification against ________________?

a. Auditor’s negligence

b. Knowing misrepresentations made by audit client’s management

c. Intentional errors committed by the auditor

d. Client unintentional errors

22. Which of the following is a fact identified in a GAO report related to a concentration in

audit market for larger public companies:

a. The Big Four audit approximately 50 percent of all U.S. public companies

b. Midsize and smaller firms audit about 40 percent of the smallest public companies

c. Internationally, the Big Four dominate the market for audit services

d. Approximately 90 percent of large companies noted that the number of accounting

firms from which they could choose was adequate

23. Which of the following is true as it relates to litigation settlements against auditors and

accountants:

a. The average settlement has declined in 2011 from an average high in 2006

b. The inventory of cases waiting to be settled has increased

c. The ultimate settlement is only 10-15% of the total estimated damages claims

d. The number of large settlements at more than $1 billion increased considerably in 2011

and 2010

24. The top accounting issues cited in lawsuits include all of the following except:

a. Estimates

b. Depreciation and amortization

c. Understated liabilities and expenses

d. Revenue recognition

25. Which of the following is a recommendation made by the Advisory Committee on the

Auditing Profession:

a. Auditor liability should be limited to a percentage of firm capital

b. Large auditing firms should issue audited financial statements to the PCAOB

c. The SEC should force the creation of a fifth firm that will compete with the Big Four


26. The AICPA’s Top 10 Technology Issues of 2011 includes all of the following except:

a. Control and Use of Mobile Devices

b. Information Security

c. Data Retention Policies and Structure

d. 3G wireless

27. Section 404 of Sarbanes-Oxley Act requires that the company’s auditor evaluate

management’s assessment of internal control by taking certain steps that include all of the

following except:

a. Perform a walkthrough of the company’s significant processes

b. Test and evaluate the effectiveness of the design and operating effectiveness of internal

controls

c. Identify control deficiencies and categorize them into two categories

d. Issue, if applicable, an unqualified opinion on the company’s financial statements

28. Which of the following is a change made by Dodd-Frank with respect to Section 404:

a. Dodd-Frank specifically exempts all public companies from Section 404(a) only

b. Dodd-Frank specifically exempts all public companies from Section 404(a) and (b).

c. Dodd-Frank specifically exempts no-accelerated filers from having to comply with

Section 404(b) only

d. Dodd-Frank specifically exempts non-accelerated filers from having to comply with

section 404(a) and (b)

29. According to a Wall Street Journal report, many of the advantages of staying public no

longer exist. Examples of such advantages include all of the following except:

a. Access to public market capital is no longer important

b. Smaller public companies do not benefit from the public markets like the larger

companies do

c. The direct and indirect costs of staying public exceed the benefits

d. In general, smaller companies do not reap the benefits of higher stock prices

30. According to one article noted in the course, board members need to do all of the

following except:

a. Ask hard questions of management

b. Apply sound judgment

c. Have legal counsel to advise on personal liability

d. Come to board meetings prepared

31. Section 953 of Dodd-Frank requires disclosure of which of the following:

a. The annual total compensation of the lowest one third of all employees of an issuer

b. The annual total compensation of the CEO of an issuer

c. The annual total compensation of all employees of an issuer

d. The annual total compensation of the CEO and all senior management of an issuer

32. According to the 2010 Report to the Nation, which of the following is the number one most

effective control in detecting and limiting financial statement fraud schemes:

a. Fraud hotline

b. Granting rewards for whistleblowing

c. Enhancing internal control

d. Performing an external audit

33. Under Section 806 of Sarbanes-Oxley, which of the following whistleblowing protections

are provided for employees of public companies?

a. Requires a company board to pay whistleblowers a referral fee

b. Requires a company to rehire an employee at three times his or her previous average

compensation over the past three years

c. Prevents a company from discharging an employee for providing information about

fraud

d. Permits a company to sue an employee who whistleblows false information

34. An incentive for a whistleblower to overreact and report to the SEC prematurely is:

a. The information provided to the SEC must be fresh

b. The first party to disclose a fraud is the only one who receives the reward

c. There is a short time limit to whistleblow and receive a reward

d. The special anti-retaliation rules allow for a very short window of protection after

which a company can retaliate against an employee without recourse

35. One incentive for a company to offer a mechanism for employees to report an SEC

violation is:

a. It allows a company to correct the action internally before being reported to the SEC

b. It allows the company to terminate the employee before the employee is able to report

to the SEC

c. It allows a company to file an injunction against the employee before the employee is

able to report to the SEC

d. It allows the company to modify files and other evidence and develop a defense

strategy before being reported to the SEC

36. With respect to recurring peer review comments, deficiencies in audit procedures noted

include all of the following except:

a. Failure to perform cash reconciliations

b. Failure to use a written audit program

c. Failure to obtain a client management representation letter

d. Failure to tailor audit programs for specialized industries

37. Specific financial statement deficiencies noted in peer reviews related to assets include all of

the following except:

a. Improper classifications between current and long-term assets

b. Investments in majority owned or controlled subsidiary not consolidated

c. Cash overdrafts shown as a negative balance in the current asset section

d. Inventories valued using the wrong accounting method

38. Specific financial statement deficiencies noted in peer reviews related to incomplete and

missing disclosures include all of the following except:

a. Not disclosing the amount of the fixed assets on hand

b. Significant accounting policies, such as revenue recognition

c. Basis of accounting other than GAAP

d. Concentrations of credit risk

39. Common functional area deficiencies noted in peer reviews related to employee benefit

plans include all of the following except:

a. Inadequate testing of participant data and investments

b. Inadequate or missing disclosures related to participant directed investment programs,

investments and participant data

c. Failure to understand testing requirements on a limited-scope engagement

d. Failure to include the proper wording in the report

40. In accordance with the AICPA peer review program, which of the following types of

engagements performed would require that a system review be performed on that firm: A

firm that performs:

a. Only compilations that omit substantially all disclosures

b. Only audits

c. Only reviews

d. Only compilations and reviews

41. With respect to the AICPA peer review program, if a firm receives a “fail” in its reviewer’s

grade, it means which of the following:

a. There was one or more significant deficiencies

b. There were at least three deficiencies

c. There was a combination of more than one deficiency and a significant deficiency


42. In a comparison with SAS No. 70, SSAE No. 16 does all of the following except:

a. Requires management to provide a written assertion

b. Requires the user auditor to perform new expansive procedures

c. Requires a risk analysis be performed

d. Expands the reporting requirements for use of subservice organizations

43. Which of the following is true?

a. A Type 1 Report is as of a specific date while a Type 2 report opines on controls in

effect during a period of time

b. A Type 1 report is for a period of time while a Type 2 report is as of a specific date

c. A Type 1 report is as of the beginning of the period while Type 2 is as of the end of the

period

d. Both reports are as of a specific date

44. Under SSAE No. 16, which of the following must an auditor include in a Type 2 report that

is not in a Type 1 report:

a. Description of tests of controls

b. Restricted use

c. Service auditor’s responsibilities

d. Service organization’s responsibilities

45. Which of the following is an example of a coverage ratio?

a. Days sales in receivables

b. Times debt service is earned

c. Altman Z score

d. Inventory turnover

46. Factors that may indicate a potential going concern problem include all of the following

except:

a. Unusually liberal credit terms to customers including dating of receivables

b. Continued operating losses

c. Company is within a very competitive marketplace

d. Weak financial ratios such as the Altman Z Score

47. In searching for related party transactions, the auditor may wish to perform all of the

following procedures except:

a. Review material cash disbursements and other transactions

b. Research the definition of related parties in accounting literature

c. Discuss with other professionals about related parties

d. Use the Internet to search records for the names of principals at the audit client to find

other affiliated entities

48. According to the author, _____ of lawsuits are initiated by third parties.

a. 15%

b. 25%

c. 75%

d. 85%

49. Most lawsuits against auditors occur within which period of time:

a. The first two years of the auditor’s relationship

b. Typically once there is a triggering event

c. The first five years of the auditor’s relationship

d. The first seven years of the auditor’s relationship

50. Common pitfalls that continue to expose accountants to loss in litigation include all of the

following except:

a. Failure to maintain professional skills

b. Working in areas and industries in which the accountant has too much expertise

c. Unprofessional working habits

d. Failure to maintain a good relationship with clients

51. The Top Ten Actions to minimize the risk of being sued include:

a. Never sue to collect unpaid fees

b. Take additional CPE courses

c. Have two partners sign off on all workpapers


52. According to the AICPA, _____________ has (have) proven to be one of the principal

factors giving rise to liability claims against auditors.

a. Overbilling clients

b. Personality disputes between the client and the auditor

c. Problem clients

d. Missing deadlines

53. Which of the following is not a symptom of an undesirable client?

a. Client is unwilling to pay professional service fees

b. Has a weak financial condition

c. Management chronically enters into material high-risk transactions

d. Client lacks formal education

54. Generally, an auditor may be sued under which of the following causes of action:

a. Breach of contract

b. Negligence

c. Fraud

d. All of the above

55. Auditors’ responsibility to third parties can be categorized into four different categories that

include:

a. Near-privity

b. Restatement approach

c. Foreseeability approach

d. All of the above

56. In order to tighten up workpapers, the author recommends that the auditor does all of the

following except:

a. Complete the audit or review program

b. Include all “to do” lists, whether or not completed

c. Document, document, document

d. Perform analytical procedures

57. Suggestions on how a firm can reduce time and increase audit efficiency include all of the

following except:

a. Manage and train the client and its staff

b. Weed out unprofitable clients and increase fees

c. Cut time down, particularly time allocated to planning the engagement

d. Retain and effectively use staff

58. With respect to weeding out unprofitable clients, clients that are:

a. High risk should be retained if the auditor receives an unusually high fee for the

engagement

b. High risk, slow payers, high maintenance and low profitability may not be worth

keeping

c. Low risk, fast payers, low maintenance and high profitability may not be worth keeping


59. One way in which the author recommends saving time is to:

a. Perform physical inventories right after year end

b. Confirm trade payables

c. Send out lawyers letters at the same time

d. Eliminate the request for cash cut-off statements

60. SAS No. 67 stipulates that negative confirmations may not be used unless control risk is set

at:

a. Below maximum

b. Maximum

c. Less than 50% of maximum


61. Examples of mitigating factors that are sought in evaluating going concern include all of the

following except:

a. The ability of an entity to refinance its loan when due three years from the balance

sheet date

b. Alternative sources of financing

c. Management’s plan of action, including its forecast for the coming year

d. Disposition of assets

62. The doctrine of _____________________ liability involves assigning one party’s liability to

another party.

a. Joint and several

b. Vicarious

c. Alter ego

d. Merged

63. Which of the following is a factor that one can use to argue that one entity is merely the

alter ego of another entity?

a. Separate bank accounts, one for each entity

b. Separate facilities

c. Failure to adhere to corporation formalities

d. Separate ownership

64. In auditing lease agreements, common problems found in such leases include all of the

following except:

a. Landlords are passing along the entire cost of new equipment in one year

b. CAM charges are increasing because of security costs required for the building

c. Landlords are charging arbitrarily high management fees to manage the building

d. Landlords are passing along the credit from real estate tax abatements to tenants

65. Under the ASB’s Clarity Format, each new standard is segregated into which of the

following elements:

a. Background

b. Definitions

c. Theory

d. Conclusion

66. Which of the following is a category of laws and regulations that AU-C 250 identifies:

Laws and regulations that _____________.

a. Have a direct effect on the financial statements

b. Have an impact on audit planning

c. Have an impact on the entity’s ethical framework

d. Require a legal interpretation from an entity’s legal counsel

67. An auditor should communicate with those charged with governance, matters involving

noncompliance with laws and regulations that come to the auditor’s attention during the

course of the audit _________________.

a. Other than when the matters are clearly inconsequential

b. Regardless of the materiality of the matters

c. Only if each matter is individually material to the financial statements

d. Unless fraud is involved in the matter.

68. A ____________ is defined as deficiency, or a combination of deficiencies, in internal

control that is less severe than a material weakness, yet important enough to merit

attention by those charged with governance.

a. Significant deficiency

b. Error

c. Irregularity

d. Severe deficiency

69. Which of the following is true as it relates to a situation in which there are no material

weaknesses identified during an audit. The auditor __________stating that no material

weaknesses were identified during the audit.

a. Is not permitted to issue a written communication

b. Is required to issue a written communication

c. Is permitted to issue a written communication

d. Is not permitted to issue an oral communication

70. In accordance with AU-C 700, which of the following is the definition of an opinion

expressed by the auditor when the auditor concludes that the financial statements are

presented fairly, in all material respects, in accordance with the applicable financial

reporting framework:

a. Unmodified opinion

b. Unqualified opinion

c. Disclaimer of opinion

d. Clean opinion


a. “Auditor’s Responsibility”

b. “Client Responsibility”

c. “Responsible Party”

d. “General Responsibility”

72. The auditor’s report should be dated _____________________.

a. As of the date on which the auditor has obtained sufficient appropriate audit evidence

b. On earlier than the last day of field work

c. No earlier than the date on which the auditor has obtained sufficient appropriate audit

evidence

d. As of the date on which the report is completed and proofed

73. If an auditor issues a modified opinion, which of the following is an example of a heading

that could be used for the opinion paragraph:

a. Unmodified Opinion

b. Qualified Opinion

c. Auditor’s Responsibility

d. Management’s Responsibility

74. Which kind of paragraph refers to a matter other than those presented or disclosed in the

financial statements that is relevant to users’ understanding of the audit, the auditor’s

responsibilities, or the audit report:

a. Unqualified opinion paragraph

b. Other-matter paragraph

c. Qualified opinion paragraph

d. Adverse-opinion paragraph

75. If there are both emphasis-of-matter and other-matter paragraphs in an auditor’s report, in

what order should the various paragraphs be presented:

a. FIRST: Opinion paragraph, SECOND: Emphasis-of-matter paragraph, and THIRD:

Other-matter paragraph

b. FIRST: Emphasis-of-matter paragraph, SECOND: Other-matter paragraph, and THIRD:

Opinion paragraph

c. FIRST: Emphasis-of-matter paragraph, SECOND: Opinion paragraph, and THIRD:

Other-matter paragraph

a. FIRST: Opinion paragraph, SECOND: Other-matter paragraph, and THIRD: Emphasis-

of matter paragraph

76. A _________________ is defined as a component identified by the group engagement team

that is of individual financial significance to the group, or (ii) that, due to its specific nature

or circumstances, is likely to include significant risks of material misstatement of the group


a. Significant component

b. Critical element

c. Important component

d. Material element

77. In a group audit, which of the following is responsible for determining whether the auditor’s

report that is issued is appropriate in the circumstances:

a. Component auditor

b. Group engagement partner

c. Group engagement team

d. Component management

78. In a group audit, if the group engagement partner decides to assume responsibility for the

work of a component auditor, how should this event be handled by the group auditor:

a. Reference should be made to the component auditor in the group auditor’s report

b. No reference should be made to the component auditor in the group auditor’s report

c. Reference should be made in the notes to financial statements

d. Reference should be made in the engagement letter

79. With respect to a group audit, which of the following procedures should the group

engagement team perform on components that are not significant:

a. Perform analytical procedures at the component level

b. Perform analytical procedures at the group level

c. Perform analytical procedures combining both the group and component level elements

d. No procedures are required because the component is insignificant

80. When special purpose financial statements contain items that are the same as, or similar to,

those in GAAP financial statements, what kind of disclosures should be presented for the

special purpose financial statements:

a. Disclosures identical to GAAP disclosures

b. Information disclosures similar to those required by GAAP

c. Only disclosures required by the special purpose framework without regard to disclosures

required by GAAP

d. GAAP disclosures with quantitative substitutes to reflect the special purpose format

Please email or fax your completed ANSWER SHEET to the address noted on the sheet if you do

not use the online exam. The online exam and the paper exam are the same.

Good Luck!

Thank you for participating in our self-study program.

Audit Engagement Developments - CourseWebs

Documents

Transcript of Audit Engagement Developments - CourseWebs