Chapter 5

Fraud in Financial Statements and Auditor Responsibilities

Questions for Consideration1. What are the red flags that are indicators that

fraud may exist?2. What is the difference between an error, a

fraud, and an illegal act and related audit responsibilities?

3. What the auditor’s responsibilities to detect and report fraud?

4. What is the role of internal controls and risk assessment in preventing and detecting fraud?

What is an Audit?

• Audit, an examination of company prepared financial statements in accordance with GAAP– Independent opinion rendered on the

examination– SEC requires all public companies to have an audit– PCAOB establishes audit standards for

independent auditors and ethics standards for companies listed on stock exchanges

– AICPA issues auditing standards for private companies

Expectations Gap• Difference between what the public and users of financial

statements and accounting profession perceive as the responsibilities of auditors and the purpose of an audit– Investing public perceive audits should detect material

misstatements due to error and fraud– Accounting profession perceive that audit provides only

reasonable assurance that financial statements are free of all types of material misstatements

• Closing the Gap– Management Integrity/Honesty – Organizational Culture– Audit Risks

Fraudulent Financial ReportingInvolves either intentional misstatements or omissions

of amounts or disclosures in order to deceive financial statement users

1. Deception – manipulation, falsification or alteration of accounting records or supporting documents

2. Misrepresentation in, or intentional omission of, events, transactions, or other significant information

3. Intentional misapplication of accounting principles

Nature and Causes of Misstatements

• The auditor has responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud or illegal acts.

• Because of the nature of audit evidence and the characteristics of fraud, the auditor is able to obtain reasonable, but not absolute, assurance.

Error, Fraud & Illegal Acts• Error– Innocent mistake in math or application of GAAP– Innocent mistake in omission of information

• Fraud– Deliberate decision made to deceive others– Fraudulent financial reporting– Misappropriation of assets

• Illegal Acts– Violations of laws or regulations– Bribery

Procedures upon Discovery of Illegal Acts

• Assess the impact of the acts on the financial statements

• Consult with legal counsel and other specialists• Report the acts to audit committee• Consider client’s remedial actions– Disciplinary actions– Controls to safeguard against recurrence– Reporting effects of the acts

• Consider withdrawing from engagement

Private Securities Litigation Reform Act (PSLRA)

• Additional requirements upon public companies and their auditors when

1. The illegal act has a material effect on financial statements2. Senior management and board of directors have not taken

appropriate remedial action3. Failure to take remedial action may warrant departure from a

standard audit report (or resignation of auditors)

• When illegal act has material effect on the financial statements– Auditors must report act to the client– Client must inform Board of Directors which has one day to inform the SEC

• If client does not inform the SEC– Auditors must furnish the report to the SEC within one day– Or resign from the engagement

Auditors Responsibilities for Fraud Prevention, Detection, and Reporting

• First line of defense against fraud– Effective system of internal controls– Independent internal audit function– Fraud assessment

• Internal auditors should have direct and unrestricted access to the audit committee

• Description and Characteristics of Fraud– Management Fraud

• Misstatements arising from fraudulent financial reporting

– Defalcations • Misappropriation of assets

Fraud Triangle• INCENTIVES/PRESSURES TO COMMIT FRAUD

– Self-serving– Pressures to meet financial numbers– Financial distress– Personal Problems

• OPPORTUNITY – Employees who have access to assets such as cash and inventory– Internal controls to help safeguard assets

• Segregation of duties• Reconciliations

– Backdating stock options• RATIONALIZATION

– Explain away actions as acceptable– Perpetrators are often in denial– It’s a one-time event– A good person may get caught up in the fraud– Rationalization

• Company had to make numbers• Fear losing job• I’m entitled since I’m underpaid

Tyco: A Case of Corporate Greed

• Lavish parties• Decorating NY apartment• Company “loans” to avoid paying taxes• Failed corporate governance• PwC partner On Tyco issued cease and desist

order– Failed to follow GAAS– Violated antifraud provisions of securities law

Fraud Risk Assessment• Approach each engagement with a healthy

dose of skepticism• Identify risk of material misstatement due to

fraud– Make inquiries of management and others– Consider any unusual or unexpected relationships:

analytical procedures during planning– Consider whether fraud risk factors exist– Consider other information– Consider management override of controls– Consider improper revenue recognition

Fraud Risk Assessment

• Evaluation of evidence about the potential client before accepting engagement

• Communication with predecessor auditor – Reasons for firing or the reasons for no longer servicing client– Management’s integrity– Disagreement with management over accounting principles

• Make inquiries about the risks of fraud and how they are addressed

• Consider any unusual or unexpected relationships• Consider whether one or more fraud risk factors exist• Consider other information

Fraud Considerations in the Audit1. Description and characteristics of fraud2. Importance of exercising professional skepticism3. Discussion among engagement personnel regarding the risks of

material misstatement due to fraud4. Obtaining the information needed to identify risks of material

misstatements due to fraud5. Identifying risks that may result in a material misstatement due to

fraud6. Assessing the identified risks after taking into account an

evaluation of the entity’s programs and controls7. Responding to the results of the assessment8. Evaluating audit evidence9. Communicating about fraud to management, the audit

commitment, and others10. Documenting the auditor’s consideration of fraud

Rite Aid Fraud

• Improper adjusting entries to reduce cost of goods sold and accounts payable

• Management failed to devise and maintain a system of internal controls

• KPMG, auditors– Noted failure of management to have internal

control system

Communications about Possible FraudIf fraud may exist that causes a material

misstatement of financial statements• Brought to the attention of appropriate level of

management– Reported even if matter might be considered

inconsequential– Whether caused by management or other employees

• Reported directly through governance structure• Consider whether fraud has internal control

implications

Management Representations and Financial Statement Certifications

• Management responsible for preventing and detecting fraud• Management can override internal controls and create

deceptive accounting• Management representation letters from CEO, CFO, and other

appropriate officers (SOX requirements)– Provided access to all known information bearing on fair

presentation of financial statements– Confirms that management has performed an assessment of

effectiveness of internal control over financial reporting– Concludes that effective internal controls have been maintained– Discloses any deficiencies in the design or operation of internal

controls

The Contents of the Audit Report• Title – Independent; addressed to BOD/stockholders• Introductory Paragraph – identifies entity, financial statements, time period• Management’s Responsibility

– Preparation and fair presentation of financial statements– Design, implementation and maintenance of internal controls

• Auditor’s Responsibility– Express an opinion based upon audit– Procedures to obtain evidence– Auditor’s judgment and risk assessments– Consideration of internal controls– Audit evidence is sufficient and appropriate as basis for opinion

• Opinion – link to “present fairly” and conformity to GAAP• Optional Paragraph: Report on Other Legal and Regulatory Requirement• Signature, date, auditor’s city and state

Unmodified Audit Opinions• Unmodified (clean or standard opinion)– Financial statements “present fairly” • Financial position • Results of operations• Cash flows• Stockholders’ Equity

– Optional paragraph • Emphasis-of-matter

– Going concern– Consistent application of accounting principles– Litigation uncertainty

• Other-matter– Supplemental information

Modified Audit Opinions• Modifies the audit when: explain type of modification and why

– Based upon evidence financial statements are materially misstated, or– Unable to obtain sufficient appropriate evidence

• Qualified– Concludes misstatements, individually or in the aggregate, are material but not

pervasive to the financial statements, or– Unable to obtain sufficient appropriate audit evidence but possible effect on financial

statements could be material but not pervasive

• Adverse– Concludes that misstatements, individually or in the aggregate, are material and

pervasive• Disclaimer

– Unable to gather sufficient evidence to warrant the expression of an opinion on the statements as a whole

• Basis for Modifications– Separate paragraph describe smatter giving rise to modification– Place immediately before the opinion paragraph– Titled “Basis for (Qualified, Adverse, Disclaimer) Opinion

Generally Accepted Auditing Standards (GAAS)

• AICPA Auditing Standards Board– Privately owned businesses

• Public Company Accounting Oversight Board (PCAOB)– Establishes auditing standards for public companies– Required standards, not generally accepted– Establishes independence rules – Establishes quality control standards for registered

CPA firms– Conducts peer review for registered firms

GAASGeneral Standards1. Adequate technical training and proficiency2. Independence in mental attitude3. Due care in the performance of the audit and preparation of the reportStandards of Field Work4. Adequately plan the audit work and supervise assistants5. Obtain a sufficient understanding of internal control to adequately plan the

audit and determine the nature, timing, and extent of tests to be performed

6. Gather sufficient competent evidential matter to provide a basis for an opinion

Standards of Reporting7. The statements have been in conformity with GAAP8. Accounting principles have been consistently applied9. Adequate informative disclosures have been made10. Expression of an opinion on statements taken as a whole, or indication that

an opinion cannot be expressed

Auditing Evidence

• Consideration of the competency and sufficiency of evidence

• Management representations are not a substitution for application of audit procedures

• Audit risk and materiality considered together– Determination of nature, timing and extent of procedures– Evaluation of results of procedures

• Assess risks of material misstatements due to fraud– Application of professional skepticism

• Audit procedures – specific acts performed to gather evidence about specific assertions

Limitations of the Audit Report

• Reasonable Assurance– Due care– Relation of independence and client relationships– Not an absolute guarantee– Followed GAAS, gathering sufficient competent

evidential matter– Failure to follow GAAS: allegation of negligence

Limitations of the Audit Report

• Materiality– Magnitude of an omission or misstatement of accounting information

that the judgment of reasonable person relying on the information would have been changed or influenced by the omission or misstatement

– Judging Materiality• May not rely solely on a quantitative threshold as a “rule of thumb”

to determine materiality• 5% is a common materiality test• Unintended consequence of materiality is that it is subject to

manipulation• Full analysis of all relevant considerations including qualitative ones• Consideration of risk of fraud

Limitations of the Audit Report

• Present Fairly– Auditor’s assessment of fair presentation depends on

whether1. Accounting principles used have general acceptance2. Accounting principles are appropriate 3. Financial statements are informative4. Information presented is classified and summarized in a

reasonable manner5. Financial statements reflect the underlying transactions

and events in a manner that is consistent with materiality and reflects economic substance

COSO Internal Control – Integrated Framework

• Broadens the definition of internal control and the parties that affect it by linking sound controls to the actions of the BOD, management and other personnel

• Identifies five interrelated components of internal controlControl environment Risk assessmentControl activities Information systemsMonitoring of controls

Internal Control – Integrated Framework

• Internal control as a process• Effected by board of directors, management,

and other personnel• Designed to provide reasonable assurance– Effectiveness and efficiency of operations– Reliability of financial reporting– Compliance with laws and regulations

COSO Findings in Fraudulent Financial Reporting: 1998 -2007

• 347 alleged cases of public company fraudulent financial reporting

• CEO and/or CFO some level involvement in 89% of the fraud cases

• Most common fraud technique– Improper revenue recognition (60%)– Overstatement of existing assets– Capitalization of expenses

• 60% of fraud firms changed auditors during fraud period

Enterprise Risk Management – Integrated Framework

Internal control enhanced with corporate governance and risk management

• Aligning risk appetite and strategy• Enhancing risk response decisions• Reducing operational surprises and losses• Identifying and managing multiple and cross-

enterprise risks• Seizing opportunities• Improving deployment of capital

PCAOB’s Integrated Audit Concept

• Integrated audit combines an audit of internal control over financial reporting with the audit of the financial statements

• Objectives of the two audits are achieved simultaneously through a single coordinated process

• Can help to improve the quality and integrity of both audits

PCAOB Standards

• Auditing Std No. 4 – audit of whether previously reported material weakness no longer exists

• Auditing Std No. 5 – audit of assessment of effectiveness of internal control over financial reporting

• Auditing Std No. 6 – auditor’s evaluation of the consistency of the financial statements

PCAOB Standards

• Auditing Std No. 8 – consideration of audit risk in an audit of financial statement as a part of an integrated audit including internal controls

• Auditing Std No. 9 – requirements regarding planning an audit, including assessing matters, appropriate audit strategy, and audit plan

• Auditing Std No. 10 –requirements for the supervision of the audit engagement

PCAOB Standards

• Auditing Std No. 11 – consideration of materiality in planning and performing an audit

• Auditing Std No. 12 – requirements regarding the process of identifying and assessing risks of material misstatement of the financial statements

• Auditing Std No. 13 – requirement for responding to risks of material misstatements in financial statements

PCAOB Standards

• Auditing Std No. 14 – requirements regarding the auditor’s evaluation of audit results and determination of whether the auditor has obtained sufficient appropriate audit evidence

• Auditing Std No. 15 – requirements for designing and performing audit procedures to obtain sufficient appropriate audit evidence to support the opinion expressed in the auditor’s report

Communication with Audit Committees

• Auditing Std No. 16 – requirements of communications with audit committees

• Understanding of the audit engagement1. Significant accounting policies and practices2. Critical accounting policies and practices3. Critical accounting estimates4. Significant unusual transactions

Auditing Quality of Financial Reporting

• Difficult or contentious matters• Going concern• Uncorrected and corrected misstatements• Departure from standard report• Disagreements with management• Difficulties encountered in performing audit• Form and documentation of communication

Restatements of Financial Statements

• Downward trend since 2006 peak year• Improved reliability of ICFR implementations• Relaxed approach adopted by SEC– Materiality– Need to file restatements

• Drop in severity of restatements• Smaller cut out of profits

Causes behind Restatements• Complexity of accounting standards and/or

transactions • Weak financial governance and controls• Increased auditor and audit committee

conservatism• Broad application of materiality• Earnings management driven by pressure to

make the numbers• Lack of transparency• Fraud