审计学教学要点(18)

CHAPTER 04Management Fraud and Audit RiskLEARNING OBJECTIVESReview Checkpoints MultipleChoiceExercises, Problems,and Simulations1.Define business risk and understand howmanagement addresses business risk withthe enterprise risk management model.1, 2, 3 27, 41, 52 58, 59, 602.Explain auditors’ responsibility for riskassessment, and define and explain thedifferences among several types of fraudand errors that might occur in anorganization. 4, 5, 6, 7, 8, 11,1228, 29, 36, 37, 38,39, 40, 49, 51 61, 633.Describe the audit risk model and explainthe meaning and importance of itscomponents in terms of professionaljudgment and audit planning.9, 10 32, 464.Understand sources of inherent riskfactors including the cli ent’s business and environment. 13, 14, 15, 16 42, 43, 44, 45, 47,48, 5053, 54, 55, 565.Understand sources of information forassessing risks including analyticalprocedures, brainstorming, and inquiries.Explain how auditors respond to assessed risks. 17, 18, 19, 20,21, 2233, 34, 3562, 646.Explain auditors’ responsibilities withrespect to a client’s failure to comply withlaws or regulations.23, 24, 25, 26 30, 31 577.Describe the content and purpose of anaudit strategy.SOLUTIONS FOR REVIEW CHECKPOINTSits objectives and execute4.1 Risks that could adversely affect companies’ ability to achievestrategies are called business risks. Business risks might result from settinginappropriate objectives and strategies or from changes or complexity in the company'soperations or management. A company's objectives are the overall plans established bymanagement or the board of directors, and strategies are the approaches by whichmanagement intends to achieve its objectives.4.2 ERM provides a framework for management to assess the firm’s risk environment, setobjectives, identify risk events, assess risks, determine responses to such risk, establishcontrol activities to mitigate the risks, establish information and communication regardingthe risks, and to monitor the overall risk management process.4.3 Audit standards are clear that business risks are usually reflected in the financialstatements. For example the economic environment may affect the valuation of inventoryor the likelihood of collecting receivables. Competition may also affect the market valueof inventory. Risks related to suppliers, customers, and bankers may affect a companylikelihood of continuing as a going concern. Each of these examples show that there is arelationship between clients’ business risks and their financial statements which means that auditors need to be aware of such risks.4.4 (a) White collar crimes are frauds perpetrated by people in a non-violent manner and aretypically focused on stealing cash or assets. They are often committed by people whowork in offices and steal items such as inventory, cash or other valuable assets. Whitecollar crimes are often contrasted with violent street crimes like armed robbery, murderand kidnapping.(b) Employee fraud is the use of fraudulent means to take money or other property froman employer. It consists of three phases: (1) the fraudulent act, (2) the conversion of the-up.money or property to the fraudster’s use, and (3) the cover(c) Embezzlemen t is a type of fraud involving employees or nonemployees wrongfullytaking funds or property entrusted to their care, custody, and control, often accompaniedby false accounting entries and other forms of lying and cover-up.(d)Larceny is simple theft of an employer’s property that is not entrusted to anemployee’s care, custody or control.(e) Defalcation is another name for employee fraud and embezzlement.(f) Management fraudis deliberate fraud committed by management that injuresinvestors and creditors through materially misstated information. Because managementfraud usually takes the form of deceptive financial statements, management fraud issometimes referred to as fraudulent financial reporting. AU 240 defines fraudulentfinancial reporting as “intentional misstatements, including omissions of amounts ordisclosures in financial statements to deceive financial statement users. It can be causedby the efforts of management to manage earnings in order to deceive financial statementusers(g) Errors are unintentional misstatements or omissions of amounts or disclosures infinancial statements.4.5 The following are some other conditions that have provided opportunities for fraud in thepast:Fraud Risk Factors - Management’s Characte ristics and InfluenceManagement has a motivation (bonus compensation, stock options, etc.) to engage infraudulent reporting.Management decisions are dominated by an individual or a small group.Management fails to display an appropriate attitude about internal control andfinancial reporting.Managers’ attitudes are very aggressive toward financial reporting.Managers place too much emphasis on earnings projections.Nonfinancial management participates excessively in the selection of accountingprinciples or determination of estimates.The company has a high turnover of senior management.The company has a known history of violations.Managers and employees tend to be evasive when responding to auditors’ inquirie Managers engage in frequent disputes with auditors.Fraud Risk Factors – Industry ConditionsCompany profits lag those of the industry.New requirements are passed that could impair stability or profitability.The company’s market is saturated due to fierce competition.is declining.The company’s industryThe company’s industry is changing rapidly.Fraud Risk Factors –Operating Characteristics and Financial StabilityA weak internal control environment prevails.The company is not able to generate sufficient cash flows to ensure that it is a goingconcern.There is pressure to obtain capital.The company operates in a tax haven jurisdiction.The company has many difficult accounting measurement and presentation issues.The company has significant transactions or balances that are difficult to audit.The company has significant and unusual related-party transactions.Company accounting personnel are lax or are not experienced in performing theirduties.4.6Audit risk is the probability that an audit team will express an inappropriate opinion whenthe financial statements are materially misstated. Audit risk is a combination of the otherrisks: Audit risk = Risk of material misstatement x Detection risk. Risk of materialmisstatement = Inherent risk x Control risk.“Audit risk in an overall sense” refers to the audit taken as a whole and the probabilitythat the auditors will issue an inappropriate opinion on financial statements. Generally,this is the risk of giving the standard unmodified report when the financial statementscontain material misstatements or the report should be qualified or modified in somemanner.“Audit risk applied to individual account balances and disclosures” refers to the probability that a misstatement exists in a particular account balance or disclosure at leastequal to the tolerable misstatement assigned to the audit of that balance remains. Thisversion of audit risk is applied at the individual account balance level or disclosure and isused to help plan the procedures to be completed on the audit.4.7 Risk of material misstatement—the likelihood that material misstatement(s) may haveentered the accounting system and not been detected and corrected by the client’control. It is the combination of inherent risk and control risk.Inherent risk is the probability that material errors or frauds have entered the accountinginformation system. This risk is expressed without regards to internal controls.Control risk is the probability that the client’s system of internal control will fail toprevent or detect material misstatements provided that they enter the accountinginformation system in the first place.Audit Risk is the probability that an audit team will express an inappropriate opinionwhen the financial statements are materially misstated. It is the combination of risk ofmaterial misstatement and detection risk.procedures will fail to find material Detection risk is the probability that the auditor’s ownerrors and frauds provided any have entered the system and have not been detected orcorrected by the client’s internal control system.4.8 The auditor uses the Audit Risk Model to determine the nature, timing, and extent of auditprocedures by evaluating the risk of material misstatement for each relevant assertionrelated to each significant account and disclosure. Once the risk of material misstatementhas been assessed, the auditor can determine the resulting required detection risk that canbe accepted, given the assessment of the risk of material misstatement. Stated differently,the auditor will select the mix of substantive procedures that are needed to “serisk at a level that is needed given the assessed level of the risk of material misstatement for each assertion.4.9 The two categories of substantive procedures are (1) tests of detail of transactions andbalances and (2) substantive analytical procedures, which study plausible relationshipsamong financial and nonfinancial data. When thinking about the nature, timing andextent of procedures to be performed, it is helpful to consider these categories ofsubstantive procedures.The nature of audit procedures refers to the type of tests that the auditor plans to use todetect errors and fraud. In general tests of details are more effective than substantiveanalytical procedures. However, in general, the substantive analytical procedures aremore efficient than tests of details. Thus, when considering the nature of tests to beperformed, if an auditor wants to set detection risk lower, he/she is likely to completemore tests of details, relative to analytical procedures.The timing of audit procedures refers to when they are performed, usually at (1) interimperiod or at (2) year-end. However, timing may have other aspects such as surpriseprocedures (unannounced to client personnel) or procedures performed after the year-end.To set detection risk lower, auditors would typically complete more testing at year-end,as compared to interim.The extent of the application of procedures usually refers to the sample sizes of dataexamined, such as the number of customer accounts receivable to confirm or the number of inventory types to count. To set detection risk lower, the auditor would typicallyincrease sample sizes.4.10 The nature of the company includes:The company's organizational structure and management personnel.The sources of funding of the company's operations and investment activitiesThe company's significant investments.The company's operating characteristics, including its size and complexity.The sources of the company's earnings, including the relative profitability of key productsand services as well as key supplier and customer relationships.4.11 The purpose of obtaining an understanding of the company's performance measures is tobe able to determine what information management and others deem to be key indicators of company performance. It also reveals items to which management might be sensitive.lysts’ ratings For example, measures used to determine management compensation or anamight place pressure on management to manipulate results. Also, auditors might gain abetter understanding of their clients by reviewing measures that management uses tomonitor operations, such as budget variances or trend analysis. Finally, those measuresmight be indicators of qualitative materiality factors.4.12 Related parties include those individuals or organizations that can influence or beinfluenced by decisions of the company, possibly through family ties or investmentrelationships. Because one of the basic assumptions of historical cost accounting is thattransactions are valued at prices agreed on by two independent parties, valuation ofrelated-party transactions is particularly troublesome. Auditors also should question thepersuasiveness of the evidence obtained from related parties because the source of theevidence may be biased. Finally, related party transactions have been used by companiesto perpetrate fraudulent transactions. Thus, auditors need to consider such transactions ashigher risk of fraud.4.13 The purpose of obtaining an understanding of the company’s objectives, strategies, andrelated business risks is to identify business risks that could reasonably be expected toresult in material misstatement of the financial statements. Of course the best startingpoint is with management whose job it is to be knowledgeable about the company’s possibly by using the ERM model discussed in this chapter. In order to get understandingindustry, an auditor can consider:of a client’s business andStudying numerous sources such as AICPA industry accounting and auditingguides, specialized trade magazines and journals, registration statements and 10-Kreports filed with the SEC, general business magazines and newspapers(Bloomberg Businessweek, Forbes, Fortune, Harvard Business Review, Barron’and The Wall street Journal).Using inquiry of client personnel, including review of prior-year auditdocumentation (personnel who worked on the audit in prior years are available toconvey their understanding of the business), inquiry, and interviews with thecompany’s management, directors, and audit committee.Using information from client acceptance and retention evaluation, audit planning,past audits, and other engagements.Considering the results of the audit team discussions (brainstorming), thisinvolves sharing information among members of the engagement team.4.14 The purpose of performing preliminary analytical procedures in the audit planning stageis to direct attention to potential problem areas so the audit work can be planned toreduce the risk of missing something important. In fact, according to auditing standards,analytical procedures must be applied in the planning stages of each audit. During thiscritical point of the engagement, auditors use analytical procedures to identify potentialproblem areas so that subsequent audit work can be designed to reduce the risk ofmissing something important. Analytical procedures during planning also provide anorganized approach—a standard starting place—for becoming familiar with the client’ｓbusiness. Auditors need to remember that preliminary analytical procedures are based onunaudited data, so they should consider the effectiveness of controls over their reliabilitywhen deciding how much weight to place on the results.4.15 The five steps auditors use to apply comparison and ratio analysis to unaudited financialstatements when completing preliminary analytical procedures are to: (1) develop anexpectation, (2) define a significant difference, (3) calculate predictions and comparethem with the recorded amount, (4) investigate significant differences, and (5) documenteach of the first four steps.4.16 There are a number of ratios that can be used in completing preliminary analyticalcurrent ratio, days’ sales in procedures. Some of the ratios that can be used includereceivables, doubtful accounts ratio, days’ sales in inventory, receivables turnover, inventory turnover, cost of goods sold ratio, return on e q uity, and Altman’s financialdistress ratios and discriminant score. There are a number of other ratios that can be usedas well. In addition, depending on the industry of the client, there may be keyperformance metrics within that industry that might be useful to complete suchprocedures.4.17 Analytical procedures are required (1) at the beginning of an audit—the planning stageby applying analytical procedures discussed in this chapter and (2) at the end of an auditwhen the partners in charge review the overall quality of the work and look for apparentproblems. They are optional as substantive audit procedures since test of details can beused instead when gathering evidence about each relevant financial statement assertionabout each significant account and disclosure.4.18 Auditors are required to plan their procedures to detect material misstatements due toerrors, fraud, and noncompliance with laws and regulations having a direct effect onfinancial statements. For laws and regulations having an indirect effect on financialstatements, auditors are limited to performing specified audit procedures that mayidentify noncompliance with those laws and regulations that may have a material effecton the financial statements, inquiry of management and those charged with governance,and inspection of correspondence with relevant licensing or regulatory authorities.However, if auditors become aware of the possibility of indirect-effect noncompliance,they are required to follow up to ensure there is no material effect on the financialstatements.4.19 The audit strategy memorandum is the basis for preparing the detailed audit plans (oftenaccount and disclosure on the audit. The called “audit programs”) for each significantaudit plans list the audit procedures to be performed by auditors to gather sufficientappropriate evidence on which to base their opinion on the financial statements. The auditstrategy memorandum sets the scope, timing, and direction for auditing each relevantassertion. If the auditors identified fraud risk or significant risks of noncompliance withlaws and regulations, these areas will be specifically addressed in the strategy, includingthe possibility of adding fraud specialists to the team or expanding testing.SOLUTIONS FOR MULTIPLE-CHOICE QUESTIONS4.20 a. Correct ERM is the responsibility of company management.b. Incorrect Auditors are responsible for limiting audit risk.c. Incorrect Insurance providers only limit selected risks determined bymanagement.d. Incorrect Only a. is correct.4.21 a. Incorrect Information risk is the risk of issuing misleading or inaccuratefinancial statements.b. Incorrect Audit risk is the risk of an incorrect audit opinion being issued.c. Correct This is the definition of business risk.d. Incorrect Inherent risk is the risk of a material misstatement beforeconsidering controls.4.22 a. Incorrect. Auditors are supposed to understand the nature of errors and frauds.b. Incorrect. Auditors are supposed to assess the risk of occurrence of errors andfrauds.c. Incorrect. Auditors are supposed to design audits to provide reasonableassurance of detecting errors and frauds.d. Correct. Auditors are not required to report all finding of errors and fraudsto police authorities.4.23 a. Incorrect. In credit sales and debit receivables, not inventory.b. Incorrect. In credit sales and debit receivables, not cost of goods sold.c. Incorrect. In credit sales and debit receivables, not bad debt expense.d. Correct. In (fictitious) credit sales and (fictitious) receivables.4.24 a. Incorrect. Falsification of documents is characteristic, but management frauddoes not involve stealing funds from an employer.b. Correct. Management fraud is victimization of investors through the use ofmaterially misleading financial statements.c. Incorrect. Management fraud principally involves misleading financialstatements that might or might not involve illegal acts committedby management to evade laws and regulations.d. Incorrect. Conversion of stolen inventory to cash deposited in a falsified bankaccount describes an employee fraud.4.25 a. Incorrect. Extended procedures would be used if supporting documents arenot produced when requested.b. Correct. If the client made several large adjustments at year-end (a red flag),extended procedures would be considered necessary to ensure thatfraud was not taking place.c. Incorrect. Unless the previous CFO left the company under suspiciouscircumstances, extended procedures would probably not beconsidered necessary.d. Incorrect. Due to the immateriality of petty cash funds, the audit team wouldprobably not use extended procedures under these circumstances.4.26 a. Incorrect. Inherent risk is one component of the risk of material misstatement(the correct answer).b. Incorrect. Control risk is one component of the risk of material misstatement(the correct answer).c. Incorrect. Detection risk is the likelihood that the auditors will not detectmisstatements that may have entered the accounting system andnot been detected or corrected by the client’s internal controls.d. Correct. This is the definition of the risk of material misstatement.4.27 a. Correct. The risk of material misstatement is composed of inherent risk andcontrol risk.b. Incorrect The risk of material misstatement is composed of inherent risk andcontrol risk.c. Incorrect The risk of material misstatement is composed of inherent risk andcontrol risk.d. Incorrect The risk of material misstatement is composed of inherent risk andcontrol risk.4.28 a. Incorrect Audit risk also considers the risk of material misstatement as wellas auditors’ procedures.b. Incorrect Inherent risk exists independently of the audit.c. Incorrect Control risk exists independently of the audit.d. Correct This is the definition of detection risk.4.29 a. Incorrect DR = AR/ (IR x CR) = 0.05/0.50 = 0.10.b. Correct. DR = AR/ (IR x CR) = 0.05/0.50 = 0.10.c. Incorrect DR = AR/ (IR x CR) = 0.05/0.50 = 0.10.d. Incorrect DR = AR/ (IR x CR) = 0.05/0.50 = 0.10.4.30 a. Incorrect While solving for DR works mathematically, you will find that IR(not given in the problem) has to be more than 100%; therefore,the solution is not possible. (Very tricky!)b.Incorrect If control risk rises, detection risk should decrease.c.Correct This solution is both mathematically and practically correct.d.Incorrect If control risk rises, detection risk should decrease.edural4.31 a. Incorrect. This is a type of “overall response,” not a “specific procresponse.”b. Incorrect. Auditors ought to direct specific procedures toward the area wherethe suspicion lies.c. Correct. This is a specific procedural response mentioned in audit standards.d. Incorrect. This is an overall response, not a “specific procedural response.4.32 a. Incorrect. Confirmation is not an analytical procedure.b. Incorrect. Physical observation is not an analytical procedure.c. Correct. Analytical procedures incorporate information from a variety ofsources.d. Incorrect. Examination of documents is not an analytical procedure.4.33 a. Incorrect. Physical production statistics are not a source of information for“comparison of current account balances with prior periods.”sts are sources of information forb. Correct. A client’s budgets and foreca“comparison of current account balances with expected balances.c. Incorrect. Published industry ratios are not a source of information for“evaluation of current account balances with relation to predictablehistorical patterns.”d. Incorrect. The company’s own historical financial statements are not a goodsource of information for “evaluation of current account balancesin relation to nonfinancial information.”4.34 a. Incorrect. Analytical procedures can be used as a method of overall review atthe end of an audit. In fact, this is required by professionalstandards.b. Incorrect. Analytical procedures can be used when directing the attention ofauditors to certain accounts and disclosures when planning theaudit. In fact, this is required by professional standards.c. Incorrect. Analytical procedures can be used when performing substantiveprocedures during an audit. The other choice is tests of details. Itis entirely up to the auditor which tests are used based on the facts,circumstances, and risk of the assertion and the account ordisclosure.d. Correct. The answer is all of the above. Analytical procedures can be usedwhen planning the audit, when performing substantive proceduresduring an audit, and as a method of overall review at the end of anaudit.4.35 a. Incorrect. Weaknesses in the company’s internal control are not a subject forpreliminary analytical procedures because auditors can’t examinthe internal controls at this particular time with these kinds ofanalyses.b. Incorrect. Individual transactions are not used in preliminary analyticalprocedures.c. Incorrect. Management assertions in financial statements are not the directobject of preliminary attention-directing analytical procedures.d. Correct. With preliminary analytical procedures, the auditors are lookingfor signs of accounts and relationships that may represent specificpotential problems and risks in the financial statements.4.36 a. Incorrect. The ratio of cost/sales does not increase.b. Correct. The numerator (cost of goods sold) increases relatively less thanthe denominator (sales) increases.c. Incorrect. The ratio of cost/sales does not remain unchanged.d. Incorrect See answer b.4.37 a. Correct. Management is responsible for making the estimates in the firstplace, just as management is primarily responsible for all thefinancial statement elements.b. Incorrect. Auditors need to determine the reasonableness of estimates.c. Incorrect. Auditors need to determine estimates are presented in conformitywith GAAP.d. Incorrect. Auditors need to determine whether estimates are adequatelydisclosed in the financial statements.4.38 a. Incorrect. An audit strategy does not specify audit standards. The standardsare relevant in all audits.b. Correct. An audit strategy contains specifications of procedures the auditorsbelieve appropriate for the financial statements under audit.c. Incorrect. Documentation of the assertions under audit, the evidence obtained,and the conclusions reached describe audit documentation, notaudit strategies.d. Incorrect. Reconciliation is a specific procedure, not a strategy.4.39 a. Correct. The objective is to perform a quality audit and keep audit risk low.b. Incorrect. Control risk = 0 is generally not warranted.c. Incorrect. Inherent risk = 0 is generally not warranted.d. Incorrect. 40% audit risk is too high.4.40 a. Incorrect. Reporting clearly inconsequential noncompliance with the Act tothe board of directors is not required.b. Correct. Once informed, the board of directors has the first responsibility toreport to the SEC. If the board does not report these items to theSEC, the law then requires the auditors to do so.c. Incorrect. Auditors are not required to report clearly inconsequentialnoncompliance with the Act to the board. (Reporting tomanagement, however, is appropriate.)d. Incorrect. Audit firm resignation is not required. However, if the audit firmwithdraws and the board does not report the item to the SEC, thelaw requires the auditors to report to the SEC, just as though therehad been no resignation.4.41 a. Incorrect. The audit team would be concerned if key factors are notconsistent with prior periods.b. Incorrect. The audit team would be concerned if key assumptions are notsimilar to industry guidelines.c. Incorrect. The audit team would be least concerned about measurements thatare objective and not susceptible to bias.d. Correct. Evidence of a systematic bias, whether aggressive or conservative,would be of most concern to the audit team.4.42 a. Incorrect An audit committee is composed of members of a company’sboard of directors who are not involved in the day-to-dayoperations of the company.b. Incorrect An audit committee is composed of members of a company’sboard of directors who are not involved in the day-to-dayoperations of the company.c. Correct. An audit committee is composed of members of a company’sboard of directors who are not involved in the day-to-dayoperations of the company.d. Incorrect An audit committee is composed of members of a company’sboard of directors who are not involved in the day-to-dayoperations of the company.4.43 a. Incorrect. While the audit team may recommend remedial actions to the auditcommittee, the audit team’s first concern is the effect of thenoncompliance on the financial statements.b. Correct. The audit team’s first concern is the effect of the noncomplianceon the financial statements.c. Incorrect. While the audit team may consider whether to contact lawenforcement officials, the audit team’s first concern is the effect ofthe noncompliance on the financial statements.d. Incorrect. While the audit team should determine whether other similar actsmay have occu rred, the audit team’s first concern is the effect ofthe noncompliance on the financial statements.。