FRAUD & ERROR (iSA 240) Questions and Answers

by

Audit Evidence Revision Questions and Answers

AUDIT PLANNING, CONTROL & RECORDING Revision Questions and Answers

QUIZ

  1. Define an error and a fraud.
    1. List the different types of errors.
    1. List the ways in which internal control systems are used to prevent fraud. 
  2. Error is an unintentional mistake in the financial information, which can occur any time   during processing and recording of transactions.

 Fraud this refers to intentional misrepresentation of financial information by one more individuals among management, employees or third parties.

  • Errors of commission:
    • Errors of omission
    • Error of principle:
    • Compensating errors:
    • Error or original entry
    • Complete reversal of entries
  • This is achieved through;
  • management supervision
    • Rotation of duties

physical Controls

  • Segregation of duties.
    • arithmetic and accounting estimates
    • personnel
    • Control of documents

QUESTION ONE

Fraud and error present risks to an entity. Both internal and external auditors are required to deal with risks to the entity.

required:

  1. Explain how the internal audit function helps an entity deal with the risk of fraud and error.
    1. Stone holidays is an independent travel agency. it does not operate holidays itself. it takes commission on holidays sold to customers through its chain of high street shops. Staff are partly paid on a commission basis.

Well-established tour operators run the holidays that Stone holidays sells. The networked reservations system through which holidays are booked and the computerised accounting system are both well-established systems used by many independent travel agencies.

Payments by customers, including deposits, are accepted in cash and by debit and credit card. Stone holidays is legally required to pay an amount of money (based on its total sales for the year) into a central fund maintained to compensate customers if the agency should cease operations.

Describe the nature of the risks to which Stone holidays is subject arising from fraud and error.

QUESTION TWO

The responsibilities of internal and external auditors in relation to the risk of fraud and error differ.

Explain the responsibilities of external auditors in respect of the risk of fraud and error in an audit of financial statements

QUESTION THREE

Compare the responsibilities of the directors and auditors regarding the published financial statements

SUGGESTED ANSWERS

QUESTION ONE

(a) Internal audit function: risk of fraud and error

 The internal audit function in any entity is part of the overall corporate governance function of an entity. Corporate governance objectives include the management of the risks to which the entity is subject that would prevent it achieving its overall objectives such as profitability. Corporate governance objectives also include the overarching need for the management of an entity to exercise a stewardship function over the entity’s assets.

 a large part of the management of risks, and the proper exercise of stewardship, involves the maintenance of proper controls over the business. Controls over the business as a whole, and in relation to specific areas, include the effective operation of an internal audit function.

 internal audit can help management manage risks in relation to fraud and error, and exercise proper stewardship by:

 Commenting on the process used by management to identify and classify the specific fraud and error risks to which the entity is subject (and in some cases helping management develop and implement that process);

 Commenting on the appropriateness and effectiveness of actions taken by management to manage the risks identified (and in some cases helping management develop appropriate actions by making recommendations);

 periodically auditing or reviewing systems or operations to determine whether the risks of fraud and error are being effectively managed;

 monitoring the incidence of fraud and error, investigating serious cases and making recommendations for appropriate management responses.

  1. in practice, the work of internal audit often focuses on the adequacy and effectiveness of internal control procedures for the prevention, detection and reporting of fraud and error. routine internal controls (such as the controls over computer systems and the production of routine financial information) and non-routine controls (such as controls over year-end adjustments to the financial statements) are relevant.
  2. It should be recognized however that many significant frauds bypass normal internal control systems and that in the case of management fraud in particular, much higher level controls (those relating to the high level governance of the entity) need to be reviewed by internal audit in order to establish the nature of the risks, and to manage them effectively.

(b) nature of risks arising from fraud and error: Stone holidays

 Stone holidays is subject to all of the risks of error arising from the use of computer systems. if programmed controls do not operate properly, for example, the information produced may be incomplete or incorrect. inadequate controls also give rise to the risk of fraud by those who understand the system and are able to manipulate it in order to hide the misappropriation of assets such as receipts from customers.

 all networked systems are also subject to the risk of error because of the possibility of the loss or corruption of data in transit. They are also subject to the risk of fraud where the transmission of data is not securely encrypted.

 all entities that employ staff who handle company assets (such as receipts from customers) are subject to the risk that staff may make mistakes (error) or that they may misappropriate those assets (fraud) and then seek to hide the error or fraud by falsifying the records.

 Stone holidays is subject to problems arising from the risk of fraud perpetrated by customers using stolen credit or debit cards or even cash. Whilst credit card companies may be liable for such frauds, attempts to use stolen cards can cause considerable inconvenience.

 There is a risk of fraud perpetrated by senior management who might seek to lower the amount of money payable to the central fund (and the company’s tax liability) by falsifying the company’s sales figures, particularly if a large proportion of holidays are paid for in cash.

 There is a risk that staff may seek to maximize the commission they are paid by entering false transactions into the computer system that are then reversed after the commission has been paid.

QUESTION TWO

            External auditors: fraud and error in an audit of financial statements

 External auditors are required by iSa 240 to consider the risks of material misstatements in the financial statements due to fraud. Their audit procedures will then be based on a risk assessment. regardless of the risk assessment, auditors are required to be alert to the possibility of fraud throughout the audit and maintain an attitude of professional skepticism, notwithstanding the auditors’ past experience of the honesty and integrity of management and those charged with governance. members of the engagement team should discuss the susceptibility of the entity’s financial statements to material misstatements due to fraud.  auditors should make enquiries of management regarding management’s assessment of fraud risk, its process for dealing with risk, and its communications with those charged with governance and employees. They should enquire of those charged with governance about the oversight process.

 Auditors should also enquire of management and those charged with governance about any suspected or actual instance of fraud.

 Auditors should consider fraud risk factors, unusual or unexpected relationships, and assess the risk of misstatements due to fraud, identifying any significant risks. Auditors should evaluate the design of relevant internal controls, and determine whether they have been implemented.

 Auditors should determine an overall response to the assessed risk of material misstatements due to fraud and develop appropriate audit procedures, including testing certain journal entries, reviewing estimates for bias, and obtaining an understanding of the business rationale of significant transactions outside the normal course of business. Appropriate management representations should be obtained.

 Auditors are only concerned with risks that might cause material error in the financial statements. External auditors might therefore pay less attention than internal auditors to small frauds (and errors), although they must always consider whether evidence of single instances of fraud (or error) are indicative of more systematic problems.

 it is accepted that because of the hidden nature of fraud, an audit properly conducted in accordance with ISAs might not detect a material misstatement in the financial statements arising from fraud. in practice, routine errors are much easier to detect than frauds

 Where auditors encounter suspicions or actual instances of fraud (or error), they must consider the effect on the financial statements, which will usually involve further investigations. They should also consider the need to report to management and those charged with governance.

          Where serious frauds (or errors) are encountered, auditors need also to consider the effect on the going concern status of the entity, and the possible need to report externally to third parties, either in the public interest, for national security reasons, or for regulatory reasons. Many entities in the financial services sector are subject to this type of regulatory reporting and many countries have legislation relating to the reporting of money laundering activities, for example.

FRAUD & ERROR (iSA 240) Questions and Answers

QUESTION THREE

 Materiality. a matter is material if its inclusion or omission will affect the decision reached by the user of the account and if they affect the view of the account. Whether an item is material may depend on the degree of approximation of item of which it is a part. There may be critical points ‘when materiality can be important, for example in turning a small profit into a small loss or just making a company’s assets exceed its liabilities or reversing a trend.

 Duty of confidentiality. The guide to professional ethics states that information acquired in the course of professional work should not be disclosed except consent has been acquired from client or where there is public duty to disclose or where there is a legal or professional duty or right to disclose. a member acquiring information in the course of professional work should neither use nor appear to use that information for his personal advantage or for the advantage of a third party.

 Professional indemnity insurance. There is a tendency to sue the auditor knowing that he will hot have to pay but his insurer will. The auditor seeks to pay some premiums to an insurance firm so that in case of any suit flied against him the insurer can pay. The effect of this is that the insurer will insist on reasonable skill and care on the part of the insured.

 Peer review may be described as an independent review of a firm’s accounting and auditing practices. it is intended that the review be done by practitioners upon fellow practitioners hence the term “peer review”. The work of the review is limited to:-

  • Professional aspects of the practice.
  • Overall total quality control policies.

 Quality control;. Audits should be extremely well done and yet be completed expeditiously and economically. The auditor should ensure that audits are carried out.

                in accordance with international accounting standards.  in conformity with statutory and contractual requirements.     in accordance with ethical standards.

        In agreement with any professional standards set out by the firm and by other professional bodies.

                Economically and to time schedules with minimum risk.

QUESTION FOUR

Preparation of financial statements

The directors are normally required to prepare the financial statements of the company using the appropriate law of their country and in accordance with the international accounting Standards (IASs). The auditors are normally required to check or audit those financial statements, again in accordance with the legislation of their country and the international Statements on auditing.

Fraud and error

The directors are responsible for preventing and detecting fraud and error in the financial statements, no matter how immaterial this may be. auditors are responsible for ensuring that the financial statements show a true and fair view; in other words that the financial statements are materially correct. auditors are not required to detect immaterial fraud or error.

Disclosure

The directors must ensure that there is adequate disclosure of all matters required by statute or IASs in the financial statements. The auditor will check that disclosure provisions have been complied with, and where certain disclosures have not been made (e.g. iSa 550 regarding related party transactions) provide this information in the audit report.

Going concern.

The directors are responsible for ensuring that the company will continue in operational existence for the foreseeable future, and report to the members in the published financial statements if this is unlikely to be the case. The auditor will check the accuracy of the directors’ workings and assumptions and if these are considered incorrect or inappropriate, then the audit report may be modified or qualified to bring the situation to the attention of the members of the company.

Audit Evidence

QUESTiON ONE

a) Audit evidence consists of any information used by the auditor to enable him to arrive at conclusion necessary for his opinion. Auditing is concerned with the verification of accounting data and with determining the accuracy and reliability of accounting statements and reports.

b)

                Relevant audit evidence                it depends on whether it assists the auditor to form an opinion on some  aspect of the financial statements. For example evidence that indicates that a  recorded asset exists is relevant to audit objectives.

                Reliable audit evidence                 reliability of audit evidence can be assessed to some extent on the following  presumptions:

  • Documentary evidence is more reliable than oral evidence.
  • Evidence from outside the enterprise is more reliable than that secured solely from within the enterprise.
  • Evidence originated by auditor by such means as analyzing and physical inspection is more reliable than evidence obtained from others.
  • Evidence for a figure in accounts is usually obtained from several sources. The cumulative effect of several evidential sources which give a consistent view is greater than that from a single source.
  • Original documents are more reliable than photocopies or facsimiles. c.

 Written confirmation of a trade debtor circularize at the year end. Evidence from the enterprise is more reliable than that secured solely from within the enterprise. Though debtor circularization may not be sufficient evidence depending on the circumstances.

 Work in progress stocks identified during annual physical stock count. If the auditor was present during the stock take, then as the evidence has originated as a means of analysis and physical inspection by the auditor it is more reliable than if obtained from others. The auditor however needs to refer to other materials and statements so as to collect sufficient evidence.

 Solicitors letter confirming pending legal action. It is more reliable evidence than evidence from management. However, it will be sufficient on its own because the solicitor is the one who solely deals with cases.

FRAUD & ERROR (iSA 240) Questions and Answers

QUESTION TWO

            Main audit procedures and processes: interim and final audit

 The interim audit generally involves risk assessment, the testing of internal controls, and certain analytical and other substantive procedures. Many of these procedures are often performed concurrently.

 Risk assessment involves gathering information about the business, inquiries, analytical procedures and determining the response to assessed risk. In practice it also involves the determination of materiality and tolerable error.

 Risk assessment also involves evaluating the design of internal controls and determining whether they have been implemented

 Final audit procedures also involve a review of the financial statements as a whole to ensure that they are internally consistent, and in accordance with the relevant financial reporting framework and the auditor’s knowledge of the business.

 Substantive procedures, which include analytical procedures, are designed to provide evidence that the figures and disclosures in the financial statements are complete, relevant, and accurate. Arriving at the final conclusions often involves the performance of further analytical procedures on the financial statements as a whole.

 it is common for auditors to provide management with lists of control weaknesses (both structural and operational) together with recommendations for improvement both after the interim and final audits.

 Auditors are also required to communicate with those charged with governance. Mention could also be made of management representations, third party confirmations, the review of working papers, and a number of other matters.

QUESTION THREE

  • headings: accounts payable and accrued expenditure

 Whilst there are a great number of possible headings for accounts payable and accrued expenditure, the seven headings below seem likely:

            Food and beverages;

            Payroll;

            Cleaning;

            Maintenance of properties;

            Waste disposal;

            Light, heat, water and other utilities;   business and other local taxes.

  • audit tests and reasons: accounts payable and accrued expenditure

                General

 The firm would first obtain an understanding of the business, including reviewing management and financial accounts, in order to enable the firm to make some predictions as to the likely relationships between items of financial and non financial data. There are likely to be direct relationships that do not vary such as gross margins, and income and expenditure. These relationships may be applied to each restaurant and to the company as a whole. Understanding the business is important because it is the firm’s first year as auditor and because it enables the auditor to properly plan tests, and evaluate the results thereof.

 Tests of controls would be performed on expenditure under each heading to enable the firm to determine the level of substantive procedures required at the year-end.

 analytical procedures would be applied to each heading, both for the company as a whole, for regions and for individual restaurants if necessary. This would establish the level of expenditure, and the level of accounts payable and accruals in the prior year and for each period within the current year for which figures were available. Any unusual items would be investigated and explanations sought and substantiated. analytical procedures are useful in the planning of audit tests to establish areas to which greater audit resources need to be devoted.

 Food, payroll, cleaning, maintenance of properties  in all cases, substantive procedures would involve tracing source documentation created by the company (such as purchase orders for food, contracts with the cleaning and maintenance agencies and clock cards or timesheets) through the system (via goods received notes, signed documentation indicating that services had been performed, etc.) to daybooks, ledgers and control accounts and finally to schedules supporting the financial statements. This type of test helps provide audit comfort that accounts payable and accruals are complete, correctly calculated, properly authorized and recorded in the correct accounting period.

 Substantive procedures tracing entries in the financial statements back to supporting schedules, entries in the ledgers, control accounts and daybooks through to source documentation help provide audit comfort that accounts payable and accruals exist are properly authorized and recorded in the correct accounting period.

 Substantive procedures may also involve direct confirmation of accounts payable, although if suppliers send regular statements this may not be necessary. Such confirmations and statements provide the auditor with valuable third party, written evidence that is generated outside the company, showing the existence, accuracy and proper recording of accounts payable.

 after-date payment of both accounts payable and accruals also provides evidence of the existence and accuracy of accounts payable and accrued expenditure.

 Cut-off tests (checking samples of invoices for food received just before and just after the year-end to goods received notes, purchase invoices and records of inventory counts, for example) help ensure that expenditure and the related accounts payable and accruals are recorded in the correct accounting period.

 For many such items, there may be accrued expenditure. Tests for accrued expenditure will be similar to those noted under the following heading.

                Waste disposal, light, heat, water and other utilities and business and other local taxes

 These items are less likely to have source documentation created by the company than those noted above. They are also more likely to be billed or invoiced less frequently than those noted above and there are likely to be more accruals for such items.

 Accrued expenditure is an accounting estimate based on previous experience. Analytical procedures such as those noted above form a large part of the checking of accrued expenditure.

 The firm should establish the basis on which accrued expenditure is calculated to ensure that it appears reasonable and consistent with prior periods, and check the actual calculation of the expenditure (possibly on a sample basis).

 Checking accrued expenditure to invoices or bills received after the year-end and to payments after the year-end provides evidence as to the correct calculation of accruals.

(c) Difficulties and decisions: direct confirmation of accounts payable

 Many of the difficulties faced by auditors conducting direct confirmations of accounts payable are the same as those relating to direct confirmations of accounts receivable. Clients are sometimes resistant to conducting such confirmations.

 Auditors have to consider whether the resources required to conduct a confirmation are likely to be warranted in terms of the audit evidence likely to be obtained, particularly where alternative third party evidence is available in the form of supplier statements. The level of response is often low, responses may be delayed and responses may be inaccurate

(particularly if the error is in the favour of the creditor ).

 Auditors have to decide whether to send a positive or negative confirmation. Positive confirmations ask for a reply in any case (and may have a low response rate), negative confirmations only require a reply when the creditor disagrees with the amounts stated, although the auditor can never be absolutely sure whether a non-reply indicates agreement of the amount or whether the request has simply been ignored. The auditor is generally most concerned to ensure that liabilities are not understated and requests for confirmation are therefore usually positive.

 auditors also have to decide whether to state the balance in the request (which enables the supplier to provide a reconciliation if there is a disagreement), or not to (in which case the auditor has to perform a reconciliation although strictly speaking, this is the responsibility of the client).

 In practice, reconciling accounts can be time consuming and inefficient, and often requires the assistance of the client’s staff.

QUESTION FOUR

  • Advantages and disadvantages           Analytical procedures                

Advantages

 The main advantage of analytical procedures is that they can be used at all stages of the audit to enquire into the absolute amounts to be included in the financial statements, and into the relationships between those amounts.

 Analytical procedures are a good test for the overall reasonableness of an amount. They can be used on a global basis, and they can be split down into their constituent elements.  Analytical procedures enable the auditor to make comparisons on a continuous basis, taking prior years into account, and providing the auditor with a better understanding of both the business as a whole, and of individual account areas.

                Disadvantages

 Analytical procedures often have to be performed on management accounts, or draft or incomplete accounts before the final financial statements have been prepared. This means that significant adjustments, which are often made at a late stage, are not taken into account.

 Without a prior and proper understanding of the business, the auditor may be tempted to accept the results of analytical procedures that show no unusual variations as evidence that there is nothing wrong, which may not be the case if there have been significant changes in the business of which the auditor is unaware (and which management may wish to hide from the auditors).

                Auditors may also be tempted to accept ‘plausible’ explanations for changes and variations without much further substantiation, where further investigation may actually be warranted.

2.            Audit sampling

                Advantages

 Audit sampling enables the auditor to draw conclusions about a population without testing all of the transactions or balances in the population as a whole.

 Audit sampling also enables the auditor to concentrate on high risk or high value items, and to differentiate between elements of a population which may be subject to differing internal controls.

                Disadvantages

          There is always a risk that the auditor’s sample is not representative of the population as a whole (known as ‘sampling risk’). Auditors calculate and accept this risk, and perform other procedures to compensate for it, but it always remains a risk.

 Sampling relies on the use of judgment in relation to materiality, exceptions, and in drawing conclusions, for example. Judgment can be abused, or simply fail, particularly where staff are inexperienced.

3.            Tests of controls

                Advantages

 Tests of controls enable the auditor to establish whether a control system in operation is effective. if properly designed controls are operating as prescribed, auditors can reduce the level of substantive testing required at the period-end.

 Tests of controls mean that auditors do not have to concentrate all of their efforts on substantive procedures at the period-end which would in many cases be impractical, inefficient and not cost-effective.

                Disadvantages

                Tests of controls are often performed on a sample basis (disadvantages noted above).

 Tests of controls are often performed on routine transactions for which there are high quality automated controls. The very high risk areas in financial statements are often outside this area and relate to non-routine transactions and more intangible environmental or general controls which are not easy to test.

4.            Detailed testing of transactions and balances

                Advantages

 Detailed testing enables the auditors to form a view as to whether the figures on which he is reporting are fairly stated and often involves third party, written confirmation which is a good source of audit evidence.

 In detailed testing of transactions and balances, auditors are directly examining the figures and assertions that appear in the financial statements.

                Disadvantages

 Detailed testing of transactions and balances is often performed on a sample basis ( disadvantages noted above ).

 The level of testing of transactions and balances is determined by the level of comfort obtained by the auditor from tests of controls. if too much comfort has been obtained from tests of controls, it is likely that any error will be compounded by an inadequate level of testing of transactions and balances.

  1. Computer assisted audit techniques (CaaTs)      

Advantages

 CaaTs reduce the level of human error in testing and enable a very high level of audit evidence to be derived.

 The use of CaaTs frees up expensive human resources that would otherwise be engaged in routine, mechanical work to concentrate on judgmental areas.

          CaaTs enable the auditors to test a large volume of data, or the operation of the controls in a system, accurately and quickly. They are therefore very-cost efficient when operated properly.

                Disadvantages

 CaaTs are expensive to set up and require the co-operation of the client. it is usually necessary for a continuing audit relationship to be present before it is worth committing the audit resources.

 major changes in client systems often require major changes in CaaTs which is expensive. if the audit fee is based on the assumption that the prior year’s CaaTs can be used, and a change is made without warning, the client may have unrealistic expectations about the level of service that can be provided for the fee.

(b) relationship between the methods of evidence gathering

 Analytical procedures are often first used during the planning stage of the audit. Materiality levels and levels of tolerable error are often derived (at least in part) from analytical procedures. These are in turn used in audit sampling procedures.

 analytical procedures help the auditor determine the audit approach (the levels and areas for tests of controls and detailed testing).

 The results of tests of controls determine the level of detailed testing of transactions and balances. analytical procedures provide indirect evidence as to the effective operation of internal controls (if controls are working, analytical procedures may help prove that the population as a whole is fairly stated).

 Detailed tests of transactions and balances are often performed towards the end of the audit in conjunction with analytical procedures – analytical procedures compensate to an extent for the weaknesses in sampling procedures both for tests of controls and detailed testing of transactions and balances (and vice versa).

 Sampling is used for both tests of controls and detailed testing of transactions and balances. Where CaaTs are used, sampling may not be necessary because CaaTs can often be used to test the whole population, either for tests of controls, or for detailed testing of transactions and balances.

QUESTION FIVE

a) Management representations are a form of audit evidence. They are contained in a letter, written by the company’s directors and sent to the auditor, just prior to the completion of audit work and before the audit report is signed.

                Representations are required for two reasons:

 Firstly, so the directors can acknowledge their collective responsibility for the preparation of the financial statements and to confirm that they have approved those statements.

 Secondly, to confirm any matters, which are material to the financial statements where representations are crucial to obtaining sufficient and appropriate audit evidence.

 in the latter situation, other forms of audit evidence are normally unavailable because knowledge of the facts is confined to management and the matter is one of judgment or opinion.

 Obtaining representations does not mean that other evidence does not have to be obtained.

audit evidence will still be collected and the representation will support that evidence. any contradiction between sources of evidence should, as always, be investigated.

(b) Lack of representation letter

                The auditor may take the following actions:

 Discuss the situation with the directors to try and resolve the issue that the directors have raised. The auditor will need to explain the need for the representation letter again (and note that the signing of the letter was mentioned in the engagement letter).

 Ascertain exact reasons why the directors will not sign the letter. Consider whether amendments can be made to the letter to incorporate the directors’ concerns that will still provide the auditor with appropriate and sufficient audit evidence.

 The discussion must clearly explain the fact that if the auditor does not receive sufficient and appropriate audit evidence, then the audit report will have to be modified.

 The reason for the audit qualification will be uncertainty regarding the amounts and disclosures in the financial statements.

 An ‘except for’ qualification for the material uncertainty is likely, although a disclaimer may be required, especially if the legal claim is thought to require a provision.

 Even if the letter is subsequently signed, the auditor must still evaluate the reliability of the evidence. If, in the auditor’s opinion, the letter no longer provides sufficient or reliable evidence, then a qualification may still be required.

AUDIT SAMPLING (iSA 530) Notes

AUDIT SAMPLING Questions and Answers