CFE Exam Quiz 24

The National Commission on Fraudulent Financial Reporting (commonly known as the Treadway Commission) was set up in 1985 to define the auditor’s responsibility to prevent and detect fraud. The Treadway Commission proposed in 1987 that the five professional accounting associations funding the commission work together to guide the internal controls of organizations. The Sponsoring Organizations Committee (COSO) was formed to review the recommendation of the Treadway Commission and COSO released its Internal Control-Integrated System in 1992.

It is to be noted that when identifying and assessing the risks of material misstatement due to fraud, the auditor shall be based on a presumption that there are risks of fraud in revenue recognition, evaluate which types of revenue, revenue transactions, or assertions give rise to such risks. Specific documentation is required when the auditor concludes that the presumption is not applicable in the circumstances of the engagement and, accordingly, has not identified revenue recognition as a risk of material misstatement due to fraud

It is found that following ISA 330 (Redrafted), the auditor shall determine overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level. In doing so, the auditor shall:
I: Assign and supervise personnel, taking account of the knowledge, skill, and ability of the individuals to be given significant engagement responsibilities and the auditor’s assessment of the risks of material misstatement due to fraud for the engagement; this might include assigning additional individuals with specialized skill and knowledge, such as forensic and IT specialists, or assigning more experienced individuals to the engagement.
II: Evaluate whether the selection and application of accounting policies by the entity, particularly those related to subjective measurements and complex transactions, may be indicative of fraudulent financial reporting resulting from management’s effort to manage earnings
III: Incorporate an element of unpredictability in the choice of the type, duration, and context of audit procedures, such as using various sampling methods or conducting procedures on an unannounced basis at different locations or places.

If, as a result of a misstatement resulting from fraud or suspected fraud, the auditor encounters exceptional circumstances that bring into question the auditor’s ability to continue performing the audit, the auditor shall:
Determine the professional and legal responsibilities applicable in the circumstances, including whether there is a requirement for the auditor to report to the person or persons who made the audit appointment or, in some cases, to regulatory authorities
Consider whether it is appropriate to withdraw from the engagement, where withdrawal from the engagement is legally permitted; and
If the auditor withdraws:
Discuss with the appropriate level of management and those charged with governance the auditor’s withdrawal from the engagement and the reasons for the withdrawal;
Determine whether there is a professional or legal requirement to report to the person or persons who made the audit appointment or, in some cases, to regulatory authorities, the auditor’s withdrawal from the engagement and the reasons for the withdrawal.

The auditor shall obtain written representations from management that:
I: It acknowledges its responsibility for the design, implementation, and maintenance of internal control to prevent and detect fraud;
II: It has disclosed to the auditor the results of its assessment of the risk that the financial statements may be materially misstated as a result of fraud;
III: It has disclosed to the auditor its knowledge of fraud or suspected fraud affecting the entity involving: Management; Employees who have significant roles in internal control; or others where the fraud could have a material effect on the financial statements

It is to be noted that if the auditor suspects fraud involving management, the auditor shall communicate these suspicions to those charged with governance and discuss with them the nature, timing, and extent of audit procedures necessary to complete the audit.

It is noticeable that according to the auditor’s documentation of the responses to the assessed risks of material misstatement required by the ISA 315 are
I: The significant conclusions made during the engagement group debate about the vulnerability of the entity’s financial statements to material fraud
II: The identified and assessed risks of material misstatement due to fraud at the financial statement level and the assertion level
Whereas according to the ISA 330, The overall responses to the assessed risks of material misstatement due to fraud at the financial statement level and the nature, timing, and extent of audit procedures, and the linkage of those procedures with the assessed risks of material misstatement due to fraud at the assertion level; and the results of the audit procedures, including those designed to address the risk of management override of controls.

INCENTIVES/PRESSURES
Financial stability or profitability is threatened by economic, industry, or entity operating conditions.
Excessive pressure exists for management to meet the requirements or expectations of third parties.
Information available indicates that the entity’s financial performance threatens the personal financial situation of management or those charged with governance.
There is excessive pressure on management or operating personnel to meet financial targets established by those charged with governance, including sales or profitability incentive goals.

It is found that the transmission, execution, promotion or compliance by the management of the values or ethical standards of the organization, or transmission of unacceptable values or ethical standards are examples of attitudes and rationalization.

It is to be noted that the opportunities for misappropriate resources increase if large amounts of cash are on hand or processed; stock products are small in size, high value, or high demand; the company holds easily convertible assets, such as bearer bonds, diamonds, or computer chips; fixed assets are small in size, marketable, or lack visible ownership recognition.

If a company has to find the disregard of internal control over misappropriation of property by overriding established controls or failure to take sufficient remedial action to address identified shortcomings in internal control, the risk that is involved in this is attitudes and rationalization.

Auditor supervision— whether through a regulatory body or some other mechanism — is a mandatory external evaluation of the performance and integrity of the independent audit process. Some jurisdictions directly govern the audit practice. Furthermore, several other jurisdictions have or are considering changing their policies in this area as a result of several major financial scandals.

The International Securities Commissions Organization (IOSCO) is an international securities regulators organization that was founded in 1983. The membership of the association comprises securities regulators and other participants in the securities market in more than 115 countries, representing more than 95% of the capital markets of the world.
To exchange information on their respective experiences at the global and regional level to promote business growth, improve market infrastructure and enforce effective regulation is one of the main objectives of the International Organization of Securities Commission.

These Principles for Auditor Oversight note that auditor oversight should take place at several levels—within the audit firm, by professional associates, and through government regulation. However, the Principles for Auditor Oversight state that, within jurisdictions, audit firms should be subject to oversight by somebody that acts and is seen to act in the public interest. Further, this auditor oversight body should have in place a regular review process designed to ascertain whether audit firms adhere to quality control policies and procedures that address all significant aspects of auditing. The following is the full text of the Principles as released by IOSCO’s Technical Committee:
Independent auditors play a critical role in enhancing the reliability of financial information by certifying whether the financial statements prepared by management fairly present the public company’s financial position and past performance following accepted accounting standards.

There should be a mechanism to require auditors to be subject to the discipline of an auditor’s supervisory body that is independent of the audit profession, or to be supervised by an independent body if a professional body acts as the supervisory body. Such an auditor supervisory body should function in the public interest and have adequate membership, an adequate charter of obligations and rights, and adequate funding not under the control of the auditing profession in order to fulfill such duties.
Most importantly, this oversight process can be carried out in conjunction with similar quality assurance mechanisms in place within the audit industry, ensuring that the oversight body retains control over critical issues such as the nature of reviews, access to and preservation of audit work papers and other information required in reviews, and monitoring of the review outcomes.

Reviews should be performed on a recurring basis and should be structured to determine the extent to which audit firms have and adhere to appropriate policies and procedures for quality control that cover all essential aspects of the audit. Matters to be considered include:
I: Audit performance, that is, compliance with applicable generally accepted
auditing standards
II: Consultation on difficult, contentious, or sensitive matters and resolution of differences of opinion during audits
III: Second partner reviews of audits,
A: Communications with management, supervisory boards, and audit committees of
audit clients
B: Communications with bodies charged with oversight over the financial reporting process; for example, on matters such as regulatory inquiries, changes in auditors, or other matters as may be required
C: Provisions for continuing professional education

INTERNATIONAL COOPERATION
In the case of companies operating or classified on a cross-border basis, IOSCO members are encouraged to provide each other, whether directly or through collaboration with the auditor supervisory authority in their jurisdiction, with the fullest possible assistance in the review or investigation of matters where irregular auditing may have occurred and in any other matter relating to the auditor.

The Public Interest Oversight Board (PIOB) is the international independent oversight body aimed at improving the performance and public interest orientation of the International Accountants Federation (IFAC) standards for auditing, training, and ethics.
The PIOB aims to bring greater accountability and credibility to the international audit profession through its supervisory activities, The creation of the PIOB resulted from a joint initiative by the international financial regulatory community collaborating with the IFAC to ensure that the accounting profession’s auditing and assurance, ethics, and academic standards are established in a consistent manner that represents the public interest. It was mutually recognized that high quality, transparent standard-setting processes with public and regulatory input, together with regulatory monitoring and public interest oversight, are necessary to enhance the quality of external audits of entities.

The PIOB oversees IFAC’s Public Interest Activity Committees (PIACs) comprising the International Auditing and Assurance Standards Board, International Accounting Education Standards Board, International Ethics Standards Board for Accountants, their respective Consultative Advisory Groups (CAGs), and the Compliance Advisory Panel (CAP). In this capacity, the PIOB:
I: Ensures that the processes of standard development under its oversight follow due
process and are responsive to the public interest
II: Ensures the completeness of the strategies and work plans of the standard-setting boards
III: Oversees the process of nominations to all PIACs and CAGs under its oversight
IV: Oversees the CAP
To enhance investor protection and promote investor confidence in the integrity of securities markets, through strengthened information exchange and cooperation in enforcement against misconduct and supervision of markets and market intermediaries is the objective of the International Organization of Securities Commissions (IOSCO).

Misappropriation of assets can be accomplished in a variety of ways, including:
Embezzling receipts (for example, misappropriating collections on accounts receivable or diverting receipts in respect of written-off accounts to personal bank accounts)
Stealing physical assets or intellectual property (for example, stealing inventory for personal use or sale, stealing scrap for resale, or colluding with a competitor by disclosing technological data in return for payment)
Causing an entity to pay for goods and services not received (for example, payments to fictitious vendors, kickbacks paid by vendors to the entity’s purchasing agents in return for inflating prices, or payments to fictitious employees)
Using an entity’s assets for personal use (for example, using the entity’s assets as collateral for a personal loan or a loan to a related party)

Internal auditors play a key role in helping organizations prevent and detect fraudulent activity. Because of their proximity to and understanding of the inner workings of the organization, internal auditors are in a unique position to uncover potential unscrupulous acts.
Standard 1210—Proficiency
Internal auditors must possess the knowledge, skills, and other competencies needed to perform their responsibilities. The internal audit activity collectively must possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities.

According to the standards of the section 1220.A1
Internal auditors must exercise due professional care by considering the:
I: Extent of work needed to achieve the engagement’s objectives
II: Relative complexity, materiality, or significance of matters to which assurance procedures are applied
III: Adequacy and effectiveness of governance, risk management, and control processes
IV: Probability of significant errors, fraud, or noncompliance
V: Cost of assurance in relation to potential benefits

Standard 2110—Governance
The internal audit activity must assess and make appropriate recommendations for
improving the governance process in its accomplishment of the following objectives:
I: Promoting appropriate ethics and values within the organization
II: Ensuring effective organizational performance management and accountability
III: Communicating risk and control information to appropriate areas of the organization
IV: Coordinating the activities of and communicating information among the board, external and internal auditors, and management

Fighting fraud in an organization requires the combined efforts of many different departments, including internal audit. Internal auditors assist in the prevention and detection of fraud by evaluating the adequacy and effectiveness of internal controls, assisting management in establishing effective fraud prevention measures, proactively auditing for fraud, and investigating suspected fraud. Specifically, the Practice Guide states that, in conducting audit engagements, the internal auditor should:
Assess if management consistently maintains responsibility for managing the Fraud Risk Management System, whether prompt and appropriate corrective action has been taken concerning any reported audit violations or shortcomings, and whether the system monitoring plan remains sufficient for the ongoing success of the program.

It is noted that the task of the audit committee is to assess the detection of fraud risks by management and the execution of anti-fraud measures and to provide the tone at the top that fraud will not be tolerated in any form. It is also the responsibility of the audit committee to track controls to prevent or detect fraud in the management.

External auditors are responsible for compliance with professional standards and preparing and performing the audit of the financial statements of the organization in order to provide reasonable assurance as to whether the financial statements are free from factual defects, whether caused by mistake or fraud.

Specifically, internal audit can reinforce each of the following program components in the
noted ways:
Tone at the top/governance structure, by:
I: Understanding the attitude and tolerance of management and the board regarding
bribery and corruption risks
II: Assessing whether that attitude is sufficiently restrictive
III: Validating that this attitude has been effectively communicated throughout the
organization

Specifically, internal audit can reinforce each of the following program components in the
noted ways:
Policies and procedures, by testing whether they are:
I: Documented appropriately
II: Approved by management
III: In compliance with applicable laws and regulations
IV: Implemented effectively

It should be noted that knowledge exchange with other positions or agencies (e.g. fraud investigation, legal, compliance, external audit, regulators) is only relevant to communication and training.

It should be noted that the statement i.e. ensuring risk assessments, analyzes, and interaction are successful in promoting the monitoring role of management is related to monitoring and auditing,