Auditing – Lecture 7
Part II. Audit process by phase: Phase IV. Reporting


Content
nFraud
nReporting the obtained results
nRecommended reading
nAppendices: ISA 240, 330, 450, 700, 705
n
Nov 9, 2015
2

Fraud - types of fraud*
nTypes of fraud:
qFraudulent reporting (FR) - is an intentional misstatement or omission of amounts or disclosures
with the intent to deceive users. Most cases involve the intentional misstatement of amounts,
rather than disclosures. For example, WorldCom capitalized as fixed assets billions of dollars that
should have been expensed. Omissions of amounts are less common, but a company can overstate income
by omitting accounts payable and other liabilities.
nWhile most cases of fraudulent financial reporting involve an attempt to overstate income (either
by overstatement of assets and income or by omission of liabilities and expenses) companies also
deliberately understate income. At privately held companies, this may be done in an attempt to
reduce income taxes. Companies may also intentionally understate income when earnings are high to
create a reserve of earnings that may be used to increase earnings in future periods. Such
practices are called income smoothing
n
Nov 9, 2015
3

*See Appendix: ISA 240, 450

Fraud - types of fraud*
nand earnings management. Earnings management involves deliberate actions taken by management to
meet earnings objectives. Income smoothing is a form of earnings management in which revenues and
expenses are shifted between periods to reduce fluctuations in earnings. One technique to smooth
income is to reduce the value of inventory and other assets of an acquired company at the time of
acquisition, resulting in higher earnings when the assets are later sold.
nAlthough less frequent, several notable cases of fraudulent financial reporting involve inadequate
disclosure. For example, a central issue in the Enron case was whether the company adequately
disclosed obligations to affiliates known as special-purpose entities.
n
Nov 9, 2015
4

*See Appendix: ISA 240, 450

Fraud - types of fraud*
qMisappropriation of assets (MA) - is fraud that involves theft of an entity’s assets. In many
cases, but not all, the amounts involved are not material to the financial statements. However, the
theft of company assets is often a management concern, regardless of the materiality of the amounts
involved, because small thefts can easily increase in size over time. The term misappropriation of
assets is normally used to refer to theft involving employees and others internal to the
organization. According to estimates of the Association of Certified Fraud Examiners, the average
company loses five percent of its revenues to fraud, although much of this fraud involves external
parties, such as shoplifting by customers and cheating by suppliers.
nMisappropriation of assets is normally perpetrated at lower levels of the organization hierarchy.
In some notable cases, however, top management is involved in the theft of company
q
n
n
n
Nov 9, 2015
5

*See Appendix: ISA 240, 450

Fraud - types of fraud*
nassets. Because of management’s greater authority and control over organization assets,
embezzlements involving top management can involve significant amounts. In one extreme example, the
former CEO of Tyco International was charged by the SEC with stealing over $100 million in assets.
nA fraud survey conducted by the Association of Certified Fraud Examiners found that asset
misappropriations are the most common fraud scheme, although the size of the fraud is much greater
for fraudulent financial reporting.
q
q
n
n
n
Nov 9, 2015
6

*See Appendix: ISA 240, 450

Fraud – conditions for fraud*
nConditions for fraud – three conditions for fraud arising from fraudulent financial reporting and
misappropriations of assets are as fraud triangle.
qIncentives/pressures - management or other employees have incentives or pressures to commit fraud.
qOpportunities - circumstances provide opportunities for management or employees to commit fraud.
qAttitudes/rationalization - an attitude, character, or set of ethical values exists that allows
management or employees to commit a dishonest act, or they are in an environment that imposes
sufficient pressure that causes them to rationalize committing a dishonest act.
q
q
n
n
n
n
Nov 9, 2015
7

*See Appendix: ISA 240, 450

Fraud – conditions for fraud*
Nov 9, 2015
8

*See Appendix: ISA 240, 450

Fraud – conditions for fraud*
Nov 9, 2015
9

*See Appendix: ISA 240, 450

Fraud – conditions for fraud*
qRisk factors for FR - an essential consideration by the auditor in uncovering fraud is identifying
factors that increase the risk of fraud. In the fraud triangle, fraudulent financial reporting and
misappropriation of assets share the same three conditions, but the risk factors differ. First it
is necessary to address the risk factors for fraudulent financial reporting, and then discuss those
for misappropriation of assets.
ØIncentives/pressures for FR - a common incentive for companies to manipulate financial statements
is a decline in the company’s financial prospects. For example, a decline in earnings may threaten
the company’s ability to obtain financing. Companies may also manipulate earnings to meet analysts’
forecasts or benchmarks such as prior-year earnings, to meet debt covenant restrictions, or to
artificially inflate stock prices. In some cases, management may manipulate earnings just to
preserve their reputation.
n
n
n
n
Nov 9, 2015
10

*See Appendix: ISA 240, 450

Fraud – conditions for fraud*
ØOpportunities for FR - although the financial statements of all companies are potentially subject
to manipulation, the risk is greater for companies in industries where significant judgments and
estimates are involved. For example, valuation of inventories is subject to greater risk of
misstatement for companies with diverse inventories in many locations. The risk of misstatement of
inventories is further increased if those inventories are at risk for obsolescence.
ØAttitudes/rationalization for FR - the attitude of top management toward financial reporting is a
critical risk factor in assessing the likelihood of fraudulent financial statements. If the CEO or
other top managers display a significant disregard for the financial reporting process, such as
consistently issuing overly optimistic forecasts, fraudulent financial reporting is more likely.
Ø
Ø
q
n
n
n
n
Nov 9, 2015
11

*See Appendix: ISA 240, 450

Fraud – conditions for fraud*
qRisk factors for MA - the same three conditions apply to misappropriation of assets. However, in
assessing risk factors, greater emphasis is placed on individual incentives and opportunities for
theft.
ØIncentives/pressures for MA - financial pressures are a common incentive for employees who
misappropriate assets. Employees with excessive financial obligations, or those with drug abuse or
gambling problems, may steal to meet their personal needs. In other cases, dissatisfied employees
may steal as a form of attack against their employers.
ØOpportunities for MA - opportunities for theft exist in all companies. However, opportunities are
greater in companies with accessible cash or with inventory or other valuable assets, especially if
they are small or easily removed. For example, casinos handle extensive amounts of cash with little
formal records of cash received. Similarly, thefts of laptop computers are
Nov 9, 2015
12

*See Appendix: ISA 240, 450

Fraud – conditions for fraud*
nmuch more frequent than thefts of desktop systems. Weak internal controls create opportunities for
theft. Inadequate separation of duties is practically a license for employees to steal. Whenever
employees have custody or even temporary access to assets and maintain the accounting records for
those assets, the potential for theft exists. For example, if inventory storeroom employees also
maintain inventory records, they can easily take inventory items and cover the theft by adjusting
the accounting records.
nFraud is more prevalent in smaller businesses and not-for-profit organizations because it is more
difficult for these entities to maintain adequate separation of duties. However, even large
organizations may fail to maintain adequate separation in critical areas.
ØAttitudes/rationalization for MA - management’s attitude toward controls and ethical conduct may
allow employees and managers to rationalize the theft of assets. If
Ø
n
n
n
Nov 9, 2015
13

*See Appendix: ISA 240, 450

Fraud – conditions for fraud*
nmanagement cheats customers through overcharging for goods or engaging in high pressure sales
tactics, employees may feel that it is acceptable for them to behave in the same fashion by
cheating on expense or time reports.
Ø
n
n
n
Nov 9, 2015
14

*See Appendix: ISA 240, 450

Fraud – assessing the risk*
nAssessing the risk of fraud - auditors must maintain a level of professional skepticism as they
consider a broad set of information, including fraud risk factors, to identify and respond to fraud
risk. The auditor has a responsibility to respond to fraud risk by planning and performing the
audit to obtain reasonable assurance that material misstatements, whether due to errors or fraud,
are detected.
qProfessional skepticism - auditing standards state that, in exercising professional skepticism, an
auditor “neither assumes that management is dishonest nor assumes unquestioned honesty.” In
practice, maintaining this attitude of professional skepticism can be difficult because, despite
some recent high-profile examples of fraudulent financial statements, material frauds are
infrequent compared to the number of audits of financial statements conducted annually. Most
auditors will never encounter a material fraud during their careers. Also, through client
acceptance and continuance evaluation
Ø
Ø
q
n
n
n
n
Nov 9, 2015
15

*See Appendix: ISA 240, 450

Fraud – assessing the risk*
nprocedures, auditors reject most potential clients perceived as lacking honesty and integrity.
ØQuestioning mind - auditing standards emphasize consideration of a client’s susceptibility to
fraud, regardless of the auditor’s beliefs about the likelihood of fraud and management’s honesty
and integrity. During audit planning for every audit, the engagement team must discuss the need to
maintain a questioning mind throughout the audit to identify fraud risks and critically evaluate
audit evidence. There is always a risk that even an honest person can rationalize fraudulent
actions when incentives or pressures become extreme.
ØCritical evaluation of audit evidence - upon discovering information or other conditions that
indicate a material misstatement due to fraud may have occurred, auditors should thoroughly probe
the issues, acquire additional evidence as needed, and consult with other team members. Auditors
must be careful not to rationalize
q
n
n
n
n
Nov 9, 2015
16

*See Appendix: ISA 240, 450

Fraud – assessing the risk*
nor assume a misstatement is an isolated incident. For example, say an auditor uncovers a current
year sale that should properly be reflected as a sale in the following year. The auditor should
evaluate the reasons for the misstatement, determine whether it was intentional or a fraud, and
consider whether other such misstatements are likely to have occurred.
qSources of information to assess audit risk - five sources of information to assess these fraud
risks are used:
ØCommunications among audit team - the audit team is required to conduct discussions to share
insights from more experienced audit team members and to “brainstorm” ideas that address the
following:
üHow and where they believe the entity’s financial statements might be susceptible to material
misstatement due to fraud.
üHow management could perpetrate and conceal fraudulent financial reporting.
n
n
n
Nov 9, 2015
17

*See Appendix: ISA 240, 450

Fraud – assessing the risk*
üHow anyone might misappropriate assets of the entity.
üHow the auditor might respond to the susceptibility of material misstatements due to fraud.
ØInquiries of management - the auditor is required to make specific inquiries about fraud in every
audit. Inquiries of management and others within the company provide employees with an opportunity
to tell the auditor information that otherwise might not be communicated. The auditor’s inquiries
of management should address whether management has knowledge of any fraud or suspected fraud
within the company. Auditors should also inquire about management’s process of assessing fraud
risks, the nature of fraud risks identified by management, any internal controls implemented to
address those risks, and any information about fraud risks and related controls that management has
reported to the audit committee.
Ø
q
n
n
n
n
Nov 9, 2015
18

*See Appendix: ISA 240, 450

Fraud – assessing the risk*
ØRisk factors - the auditor is required to evaluate whether fraud risk factors indicate incentives
or pressures to perpetrate fraud, opportunities to carry out fraud, or attitudes or
rationalizations used to justify a fraudulent action. The existence of fraud risk factors does not
mean fraud exists, but that the likelihood of fraud is higher. Auditors should consider these
factors along with any other information used to assess the risks of fraud.
ØOther information - auditors should consider all information they have obtained in any phase or
part of the audit as they assess the risk of fraud. Many of the risk assessment procedures that the
auditor performs during planning to assess the risk of material misstatement may indicate a
heightened risk of fraud.
Ø
Ø
Ø
q
n
n
n
n
Nov 9, 2015
19

*See Appendix: ISA 240, 450

Fraud – assessing the risk*
Nov 9, 2015
20

*See Appendix: ISA 240, 450

Fraud – documenting the assess-t*
nDocumenting fraud assessment - auditing standards require that auditors document the following
matters related to the auditor’s consideration of material misstatements due to fraud:
qThe discussion among engagement team personnel in planning the audit about the susceptibility of
the entity’s financial statements to material fraud.
qProcedures performed to obtain information necessary to identify and assess the risks of material
fraud.
qSpecific risks of material fraud that were identified, and a description of the auditor’s response
to those risks.
qReasons supporting a conclusion that there is not a significant risk of material improper revenue
recognition.
qResults of the procedures performed to address the risk of management override of controls.
qOther conditions and analytical relationships indicating that additional auditing procedures or
other responses were required, and the actions taken by the auditor.
n
n
n
n
n
Nov 9, 2015
21

*See Appendix: ISA 240, 450

Fraud – specific fraud risk areas
nSpecific fraud risk areas - depending on the client’s industry, certain accounts are especially
susceptible to manipulation or theft. Specific high-risk accounts are discussed next. But even when
auditors are armed with knowledge of these risk areas, fraud remains extremely difficult to detect.
However, an awareness of existence of these areas and fraud detection techniques increases an
auditor’s likelihood of identifying misstatements due to fraud.
nRevenue and accounts receivable fraud risks - revenue and related accounts receivable and cash
accounts are especially susceptible to manipulation and theft. A study sponsored by the Committee
of Sponsoring Organizations (COSO) found that more than half of financial statement frauds involve
revenues and accounts receivable. Similarly, because sales are often made for cash or are quickly
converted to cash, cash is also highly susceptible to theft.
qFraudulent financial reporting risk for revenue - several
n
n
n
n
Nov 9, 2015
22

nreasons make revenue susceptible to manipulation. Most important, revenue is almost always the
largest account on the income statement, therefore a misstatement only representing a small
percentage of revenues can still have a large effect on income. An overstatement of revenues often
increases net income by an equal amount, because related costs of sales are usually not recognized
on fictitious or prematurely recognized revenues. Another reason revenue is susceptible to
manipulation is the difficulty of determining the appropriate timing of revenue recognition in many
situations. Three main types of revenue manipulations are: fictitious revenues, premature revenue
recognition and manipulation of adjustments to revenues.
ØFictitious revenues - the most egregious form of revenue fraud. You may be aware of several recent
cases involving fictitious revenues, but this type of fraud is not new. The 1931 Ultramares case
involved fictitious revenue entries in the general ledger. Fraud perpetrators
n
Nov 9, 2015
23
Fraud – specific fraud risk areas

noften go to great lengths to support fictitious revenue. Fraudulent activity at Equity Funding
Corp. of America, which involved issuing fictitious insurance policies, lasted nearly a decade
(from 1964 to 1973) and involved dozens of company employees. The perpetrators held file-stuffing
parties to create the fictitious policies.
ØPremature revenue recognition - companies often accelerate the timing of revenue recognition to
meet earnings or sales forecasts. Premature revenue recognition is the recognition of revenue
before accounting standards requirements for recording revenue have been met. In the simplest form
of accelerated revenue recognition, sales that should have been recorded in the subsequent period
are recorded as current period sales.
nOne method of fraudulently accelerating revenue is a “bill-and-hold” sale. Sales are normally
recognized at
Nov 9, 2015
24
Fraud – specific fraud risk areas

nthe time goods are shipped, but in a bill-and-hold sale, the goods are invoiced before they are
shipped. Another method involves issuing side agreements that modify the terms of the sales
transaction. For example, revenue recognition is likely to be inappropriate if a major customer
agrees to “buy” a significant amount of inventory at year-end, but a side agreement provides for
more favorable pricing and unrestricted return of the goods if not sold by the customer.
ØManipulation of adjustments to revenues - the most common adjustment to revenue involves sales
returns and allowances. A company may hide sales returns from the auditor to overstate net sales
and income. If the returned goods are counted as part of physical inventory, the return may
increase reported income. In this case, an asset increase is recognized through the counting of
physical inventory, but the reduction in the related accounts receivable balance is not made.
Ø
n
n
n
Nov 9, 2015
25
Fraud – specific fraud risk areas

nCompanies may also understate bad debt expense because significant judgment is required to
determine the correct amount. Because the required allowance depends on the age and quality of
accounts receivable, some companies have altered the aging of accounts receivable to make them
appear more current.
ØDocumentary discrepancies - despite the best efforts of fraud perpetrators, fictitious
transactions rarely have the same level of documentary evidence as legitimate transactions. For
example, in the well-known fraud at ZZZZ Best, insurance restoration contracts worth millions of
dollars were supported by one or two page agreements and lacked many of the supporting details and
evidence, such as permits, that are normally associated with these types of contracts.
qMisappropriation of receipts involving revenue - although misappropriation of cash receipts is
rarely as material as
ü
n
n
n
Nov 9, 2015
26
Fraud – specific fraud risk areas

nfraudulent reporting of revenues, such frauds can be costly to the organization because of the
direct loss of assets. A typical misappropriation of cash involves failure to record a sale or an
adjustment to customer accounts receivable to hide the theft.
ØFailure to record a sale - One of the most difficult frauds to detect is when a sale is not
recorded and the cash from the sale is stolen. Such frauds are easier to detect when goods are
shipped on credit to customers. Tracing shipping documents to sales entries in the sales journal
and accounting for all shipping documents can be used to verify that all sales have been recorded.
nIt is much more difficult to verify that all cash sales have been recorded, especially if no
shipping documents exist to verify the completeness of sales, and no customer account receivable
records support the sale. In such cases, other documentary evidence is necessary to verify that all
sales are recorded.
Nov 9, 2015
27
Fraud – specific fraud risk areas

nIf the sale is not included in the cash register it is almost impossible to detect the fraud.
ØTheft of cash receipts after a sale is recorded - it is much more difficult to hide the theft of
cash receipts after a sale is recorded. If a customer’s payment is stolen, regular billing of
unpaid accounts will quickly uncover the fraud. As a result, to hide the theft, the fraud
perpetrator must reduce the customer’s account in one of three ways:
ürecord a sales return or allowance
üwrite off the customer’s account
üapply the payment from another customer to the customer’s account, which is also known as lapping.
nInventory fraud risk - inventory is often the largest account on many companies’ balance sheets,
and auditors often find it difficult to verify the existence and valuation of inventories. Thus
inventory is susceptible to manipulation by management
Ø
n
n
Nov 9, 2015
28
Fraud – specific fraud risk areas

Nov 9, 2015
29
Fraud – specific fraud risk areas

nwho wants to achieve certain financial reporting objectives. Because it is also usually readily
saleable, inventory is also susceptible to misappropriation.
qFraudulent financial reporting risk for inventory - fictitious inventory has been at the center of
several major cases of fraudulent financial reporting. Many large companies have varied and
extensive inventory in multiple locations, making it relatively easy for the company to add
fictitious inventory to accounting records. While auditors are required to verify the existence of
physical inventories, audit testing is done on a sample basis, and not all locations with inventory
are typically tested. In some cases involving fictitious inventories, auditors informed the client
in advance which inventory locations were to be tested. As a result, it was relatively easy for the
client to transfer inventories to the locations being tested.
q
n
n
n
Nov 9, 2015
30
Fraud – specific fraud risk areas

Nov 9, 2015
31
Fraud – specific fraud risk areas

nPurchase and accounts payable fraud risks - cases of fraudulent financial reporting involving
accounts payable are relatively common although less frequent than frauds involving inventory or
accounts receivable. The deliberate understatement of accounts payable generally results in an
understatement of purchases and cost of goods sold and an overstatement of net income. Significant
misappropriations involving purchases can also occur in the form of payments to fictitious vendors,
as well as kickbacks and other illegal arrangements with suppliers.
qFraudulent financial reporting risk for accounts payable - companies may engage in deliberate
attempts to understate accounts payable and overstate income. This can be accomplished by not
recording accounts payable until the subsequent period or by recording fictitious reductions to
accounts payable.
nAll purchases received before the end of the year should be recorded as liabilities. This is
relatively easy to verify if the company accounts for prenumbered receiving reports.
n
n
n
n
Nov 9, 2015
32
Fraud – specific fraud risk areas

nHowever, if the receiving reports are not prenumbered or the company deliberately omits receiving
reports from the accounting records, it may be difficult for the auditor to verify whether all
liabilities have been recorded. In such cases, analytical evidence, such as unusual changes in
ratios, may signal that accounts payable are understated.
nCompanies often have complex arrangements with suppliers that result in reductions to accounts
payable for advertising credits and other allowances. These arrangements are often not as well
documented as acquisition transactions. Some companies have used fictitious reductions to accounts
payable to overstate net income. Therefore, auditors should read agreements with suppliers when
amounts are material and make sure the financial statements reflect the substance of the
agreements.
qMisappropriations in the acquisition and payment cycle - the most common fraud in the acquisitions
area is for the perpetrator to issue payments to fictitious vendors and
n
q
n
n
n
n
Nov 9, 2015
33
Fraud – specific fraud risk areas

ndeposit the cash in a fictitious account. These frauds can be prevented by allowing payments to be
made only to approved vendors and by carefully scrutinizing documentation supporting the
acquisitions by authorized personnel before payments are made.
nOther areas of fraud risk - although some accounts are more susceptible than others, almost every
account is subject to manipulation.
qFixed assets – represent a large balance sheet account for many companies, and are often based on
subjectively determined valuations. As a result, fixed assets may be a target for manipulation,
especially for companies without material receivables or inventories. For example, companies may
capitalize repairs or other operating expenses as fixed assets. Such frauds are relatively easy to
detect if the auditor examines evidence supporting fixed asset additions. Nevertheless, prior cases
of fraudulent financial reporting, such as WorldCom, have involved improper
q
n
q
n
n
n
n
Nov 9, 2015
34
Fraud – specific fraud risk areas

ncapitalization of assets.
qPayroll expenses - payroll is rarely a significant risk area for fraudulent financial reporting.
However, companies may overstate inventories and net income by recording excess labor costs in
inventory. Company employees are sometimes used to construct fixed assets. Excess labor cost may
also be capitalized as fixed assets in these circumstances. Material fringe benefits, such as
retirement benefits, are also subject to manipulation. Payroll fraud involving misappropriation of
assets is fairly common, but the amounts involved are often immaterial. The two most common areas
of fraud are the creation of fictitious employees and overstatement of individual payroll hours.
The existence of fictitious employees can usually be prevented by separation of the human resource
and payroll functions. Overstatement of hours is typically prevented by use of time clocks.
Ø
Ø
Ø
n
n
n
n
Nov 9, 2015
35
Fraud – specific fraud risk areas

Fraud – auditor’s responsibilities*
nResponsibilities when fraud is suspected - frauds are often detected through the receipt of an
anonymous tip or by accident, internal controls, or the internal audit function. Throughout an
audit, the auditor continually evaluates whether evidence gathered and other observations made
indicate material misstatement due to fraud. All misstatements the auditor finds during the audit
should be evaluated for any indication of fraud. When fraud is suspected, the auditor gathers
additional information to determine whether fraud actually exists. Often, the auditor begins by
making additional inquiries of management and others.
qUse of inquiry -  inquiry can be an effective audit evidence gathering technique. Interviewing
allows the auditor to clarify unobservable issues and observe the respondent’s verbal and nonverbal
responses. Interviewing can also help identify issues omitted from documentation or confirmations.
The auditor can also modify questions during the interview based on the interviewee’s responses.
Inquiry as
n
Nov 9, 2015
36

*See Appendix: ISA 240, 450

nan audit evidence technique should be tailored to the purpose for which it is being used.
Depending on the purpose, the auditor may ask different types of questions and change the tone of
the interview.
qListening techniques - it is critical for the auditor to use effective listening skills throughout
the inquiry process. The auditor should stay attentive by maintaining eye contact, nodding in
agreement, or demonstrating other signs of comprehension. Auditors should also attempt to avoid
preconceived ideas about the information being provided. Good listeners also take advantage of
silence to think about the information provided and to prioritize and review information heard.
qOther responsibilities - when the auditor suspects that fraud may be present, the auditor is
required to obtain additional evidence to determine whether material fraud has occurred – audit
software analysis (GAS and data mining) and expended substantial tests:
q
n
n
n
Nov 9, 2015
37
Fraud – auditor’s responsibilities*

*See Appendix: ISA 240, 450

ØAudit software analysis - auditors often use audit software such as ACL or IDEA to determine
whether fraud may exist. For example, software tools can be used to search for fictitious revenue
transactions by searching for duplicate sales invoice numbers or by reconciling databases of sales
invoices to databases of shipping records, to ensure that all sales are supported by evidence of
shipping. Similarly, these tools provide efficient searches for breaks in document sequences, which
may indicate misstatements related to the completeness objective for liabilities and expense
accounts. Auditors use audit software, including basic spreadsheet tools such as Excel, to sort
transactions or account balances into subcategories for further audit testing. Excel may also be
used to perform analytical procedures at disaggregated levels. For example, sales can be sorted to
disaggregate the data by location, by product type, and across time (monthly) for
Nov 9, 2015
38
Fraud – auditor’s responsibilities*

*See Appendix: ISA 240, 450

nfurther analytical procedure analysis. Unusual trends not observable at the aggregate level may be
detected when the data is analyzed in greater detail.
ØExpanded ST - auditors may also expand other substantive procedures to address heightened risks of
fraud. For example, when there is a risk that sales terms may have been altered to prematurely
record revenues, the auditor may modify the accounts receivable confirmation requests to obtain
more detailed responses from customers about specific terms of the transactions, such as payment,
transfer of custody, and return policy terms. In some instances, the auditor may confirm individual
transactions rather than entire account balances, particularly for large transactions recorded
close to year-end.
Ø
n
n
n
Nov 9, 2015
39
Fraud – auditor’s responsibilities*

*See Appendix: ISA 240, 450

Reporting – basic elements of AR*
nBasic elements of auditor report - the auditor’s report should include the following basic
elements:
qtitle;
qaddressee;
qopening or introductory paragraph:
Øidentification of the financial statements audited;
Øa statement of the responsibility of the entity’s management and the responsibility of the
auditor;
qscope paragraph (describing the nature of an audit):
Øa reference to the ISAs or relevant national standards or practices;
Øa description of the work the auditor performed;
qopinion paragraph containing an expression of opinion on the financial statements;
qthe date of the report;
qthe auditor’s address;
qauditor’s signature.
q
n
n
n
Nov 9, 2015
40

*See Appendix: ISA 700, 705

Reporting – standard unqualified AR*
nStandard unqualified audit report - the most common type of audit report. It is used for more than
90 percent of all audit reports. US GAAS and ISA prescribe the use of three-paragraph form:
introduction, scope, and opinion, where the final paragraph – opinion - states the auditor’s
conclusion based on the results of the audit examination. This paragraph is so important that the
entire audit report is frequently referred to as “the auditor’s opinion.” The opinion paragraph is
stated as an opinion rather than as statement of absolute fact or a guarantee. The intent is to
indicate that the conclusions are based on professional judgment.
nConditions for standard unqualified audit report:
qcompleteness - all statements (balance sheet, income statement, statement of change in equity and
retained earnings, and statement of cash flows) are included in the financial statements.
q
n
n
q
n
Nov 9, 2015
41

*See Appendix: ISA 700, 705

Reporting – standard  unqualified AR*
qcompliance – US GAAS/SAS or ISA have been followed in all respects. This also means that adequate
disclosures have been included in the footnotes and other parts of the financial statements.
qpervasiveness of evidence – sufficient appropriate evidence has been accumulated and presented in
auditor’s report.
qthere are no circumstances requiring the addition of an explanatory paragraph or modification of
the wording of the report.
nThe standard unqualified audit report is sometimes called a clean opinion because there are no
circumstances requiring a qualification or modification of the auditor’s opinion. The standard
unqualified report is the most common audit opinion. Sometimes circumstances beyond the client’s or
auditor’s control prevent the issuance of a clean opinion. However, in most cases, companies make
the appropriate changes to their accounting records to avoid a qualification or modification by the
auditor.
q
q
n
n
q
n
Nov 9, 2015
42

*See Appendix: ISA 700, 705

Reporting – extended and/or modified unqualified AR*
nAn auditor’s report is considered to be modified in the two different situations:
qmatters that do not affect the auditor’s opinion (which would mean adding of matter paragraph =>
issue of unqualified audit report with explanatory notes and/or modified wording)
qmatters that do affect the auditor’s opinion (instances that call for either: (a) qualified
opinion, (b) disclaimer of opinion, or (c) adverse opinion).
nCauses of addition of an explanatory paragraph or a modification in the wording of the standard
unqualified report:
qLack of consistent application of US GAAS/SAS or ISA
qSubstantial doubt about going concern
qAuditor agrees with a departure from promulgated accounting principles
qEmphasis of a matter
qReports involving other auditors or experts
n
n
n
q
n
Nov 9, 2015
43

*See Appendix: ISA 700, 705

Reporting – departures from unqualified AR*
nConditions requiring departures (matters that do affect the auditor’s opinion):
qScope of the audit has been restricted (scope limitation)
qFinancial statements have not been prepared in US GAAP or IFRS.
qAuditor is not independent
nMateriality (extra condition) - materiality is an essential consideration in determining the
appropriate type of report for a given set of circumstances. For example, if a misstatement is
immaterial relative to the financial statements, it is appropriate to issue an un - qualified
report. The situation is totally different when the amounts are of such significance that the
financial statements are materially affected as a whole. In these circumstances, it is necessary to
issue a disclaimer of opinion or an adverse opinion, depending on whether a scope limitation or
GAAP departure is involved. In situations of lesser materiality, a qualified opinion is
appropriate.
n
q
n
Nov 9, 2015
44

*See Appendix: ISA 700, 705

Reporting – decision-making process about type of AR*
nMaking decision about type of audit reports:
qDeciding whether any condition exists requiring a departure from a standard unqualified report
qDeciding about materiality level for each condition
qDeciding about the appropriate type of report for the condition, given the determined materiality
level
qWriting of audit report
n
Nov 9, 2015
45

*See Appendix: ISA 700, 705

Reporting – qualified AR*
nQualified opinion report - can result from a limitation on the scope of the audit or failure to
follow US GAAP or IFRS. A qualified opinion report can be used only when the auditor concludes that
the overall financial statements are fairly stated (a disclaimer or an adverse report must be used
if the auditor believes that the condition being reported on is highly material) Therefore, the
qualified opinion is considered the least severe type of departure from an unqualified report.
nA qualified report can take the form of a qualification of both the scope and the opinion or of
the opinion alone. A scope and opinion qualification can be issued only when the auditor has been
unable to accumulate all of the evidence required by generally accepted auditing standards.
Therefore, this type of qualification is used when the auditor’s scope has been restricted by the
client or when circumstances exist that prevent the auditor from conducting a complete audit. The
use of a qualification of the opinion alone is restricted to situations in which the financial
statements are not stated in accordance with GAAP/IFRS
n
q…
q
n
Nov 9, 2015
46

*See Appendix: ISA 700, 705

Reporting – adverse AR*
nAn adverse opinion - is used only when the auditor believes that the overall financial statements
are so materially misstated or misleading that they do not present fairly the financial position or
results of operations and cash flows in conformity with GAAP. The adverse opinion report can arise
only when the auditor has knowledge, after an adequate investigation, of the absence of conformity.
This is uncommon and thus the adverse opinion is rarely used.
n
n
Nov 9, 2015
47

*See Appendix: ISA 700, 705

Reporting – disclaimer of AR*
nA disclaimer of opinion - is issued when the auditor has been unable to satisfy himself or herself
that the overall financial statements are fairly presented. The necessity for disclaiming an
opinion may arise because of a severe limitation on the scope of the audit or a nonindependent
relationship under the Code of Professional Conduct (AISPA or IFAC) between the auditor and the
client. Either of these situations prevents the auditor from expressing an opinion on the financial
statements as a whole. The auditor also has the option to issue a disclaimer of opinion for a going
concern problem.
nThe disclaimer is distinguished from an adverse opinion in that it can arise only from a lack of
knowledge by the auditor, whereas to express an adverse opinion, the auditor must have knowledge
that the financial statements are not fairly stated. Both disclaimers and adverse opinions are used
only when the condition is highly material.
n
n
Nov 9, 2015
48

*See Appendix: ISA 700, 705

Recommended reading
nArens et al. (2015) – chosen chapters will be uploaded to IS
qCh. 11 (whole)
nHayes et al. (2014) – chosen chapters will be uploaded to IS
qCh. 11-12 (whole)
nISA 240, 450, 700, 705
n
Nov 9, 2015
49

Appendix: ISA 240 – Fraud
Nov 9, 2015
50
nScope:
qISA 240 deals with auditor’s responsibilities relating to fraud in an audit of financial
statements.
qIdentifying and assessing the risks of material misstatement due to fraud.
nObjective:
qTo identify and assess the risks of material misstatement of the financial statements due to
fraud.
qTo obtain sufficient appropriate audit evidence regarding the assessed risks of material
misstatement due to fraud, through designing and implementing appropriate responses.
qTo respond appropriately to fraud or suspected fraud identified during the audit.
nRequirements (general):
qThe auditor shall maintain professional skepticism throughout the audit.

Appendix: ISA 240 – Fraud
Nov 9, 2015
51
qWhere responses to inquiries of management or those charged with governance are inconsistent, the
auditor shall investigate the inconsistencies.
qMake inquiries of management about:
ØManagement assessment of risk of that the financial statements may be materially misstated due to
fraud, including the nature, extent and frequency of such assessments.
ØManagement’s process for identifying and responding to the risks of fraud in the entity, including
any specific risks of fraud that management has identified or that have been brought to its
attention, or classes of transactions, account balances, or disclosures for which a risk of fraud
is likely to exist.
ØManagement’s communication, if any, to those charged with governance regarding its processes for
identifying and responding to the risks of fraud in the entity
Ø
Ø
Ø
n
n

Appendix: ISA 240 – Fraud
Nov 9, 2015
52
ØManagement’s communication, if any, to employees regarding its views on business practices and
ethical behavior.
ØManagement, internal audit and others within the entity as appropriate, to determine whether they
have knowledge of any actual, suspected or alleged fraud affecting the entity.
qThe auditor shall obtain an understanding of how those charged with governance exercise oversight
of management’s processes for identifying and responding to the risks of fraud in the entity and
the internal control that management has established to mitigate these risks.
qThe auditor shall evaluate whether the information obtained from the other risk assessment
procedures and related activities performed indicates that one or more fraud risk factors are
present.
qWhen identifying and assessing the risks of material misstatement due to fraud, the auditor shall,
based on a presumption that there are risks of fraud in revenue
Ø
Ø
n
n

Appendix: ISA 240 – Fraud
Nov 9, 2015
53
nrecognition, evaluate which types of revenue, revenue transactions or assertions give rise to such
risks.
qAuditor shall design and perform procedure that are responsive to assessed risk.
qAuditor shall perform following procedure due to risk of Management override of control;
ØTest the appropriateness of journal entries, for end of period and throughout period  and inquire
about any unusual transaction.
ØReview accounting estimates for biases by evaluation and retrospective review.
ØFor significant transaction outside the normal course of business, evaluate the business
rationale.
nRequirements (specific):
qEvaluation of audit evidence
ØEvaluate the result of analytical procedure that are performed at the end of audit for consistency
with assessed risk
Ø
q
Ø
Ø
Ø
Ø
n
n

Appendix: ISA 240 – Fraud
Nov 9, 2015
54
ØEvaluate identified misstatement weather material or not, if its indicative of fraud or not.
ØIf the auditor confirms that, or is unable to conclude whether, the financial statements are
materially misstated as a result of fraud the auditor shall evaluate the implications for the audit
qAuditor is unable to continue the engagement
ØDetermine the professional and legal responsibilities
ØDetermine its appropriate to withdraw or not
ØIf withdraw: discuss with the appropriate level of management and those charged with governance
the auditor’s withdrawal from the engagement and the reasons for the withdrawal; and determine
whether there is a professional or legal requirement to report to the person or persons who made
the audit appointment or, in some cases, to regulatory authorities, the auditor’s withdrawal from
the engagement and the reasons for the withdrawal.
Ø
q
Ø
Ø
Ø
Ø
n
n

Appendix: ISA 240 – Fraud
Nov 9, 2015
55
qWritten representations – the auditor shall obtain written representations from management and,
where appropriate, those charged with governance that:
ØThey acknowledge their responsibility for the design, implementation and maintenance of internal
control to prevent and detect fraud;
ØThey have disclosed to the auditor the results of management’s assessment of the risk that the
financial statements may be materially misstated as a result of fraud
ØThey have disclosed to the auditor their knowledge of fraud, or suspected fraud, affecting the
entity and its financial statements.
qCommunications to management and with those charged with governance:
ØIf the auditor has identified a fraud or has obtained information that indicates that a fraud may
exist, the auditor shall communicate these matters on a timely basis to the appropriate level of
management.
q
Ø
q
Ø
q
Ø
Ø
Ø
Ø
n
n

Appendix: ISA 450 – Misstat-s
Nov 9, 2015
56
nScope:
qISA 450 deals with the evaluation of misstatements identified during the audit of financial
statements. ISA 320, “Materiality in Planning and Performing an Audit” deals with the determination
of materiality and its application in planning and performing an audit of financial statements. ISA
450 explains how materiality is applied in evaluating misstatements identified during the audit.
nObjective:
qThe objective of the auditor is to evaluate the effect of uncorrected misstatements on the
financial statements and whether the financial statements as a whole are free of material
misstatement.
nRequirements:
q‘Misstatement’ is defined as ‘a difference between the amount, classification, presentation, or
disclosure of a reported financial statement item and the amount, classification, presentation, or
q
Ø
q
Ø
q
Ø
Ø
Ø
Ø
n
n

Appendix: ISA 450 – Misstat-s
Nov 9, 2015
57
qdisclosure that is required for the item to be in accordance with the applicable financial
reporting framework. Misstatement can arise from error or fraud.’ This also relates to those that
require adjustments for issuing a true and fair view on the financial statements.
qFor these kind of identified misstatements, the auditor should determine whether the nature and
the circumstances of their occurrence indicate the existence of other misstatements, which could be
material individually or in aggregate. These misstatements should be communicated to the
appropriate level of management on a timely basis.
qThe auditor should also consider whether there is a need to revise the audit strategy and audit
plan – especially when those areas are confirmed to have appropriate design, implementation and
effective operation of controls, now there are identified misstatements. Does the initial
conclusion need to be reconsidered? This would definitely affect the risk assessment, audit
strategy and audit plan.
Ø
q
Ø
q
Ø
Ø
Ø
Ø
n
n

Appendix: ISA 450 – Misstat-s
Nov 9, 2015
58
q‘Uncorrected misstatements’ are the ‘misstatements that the auditor has accumulated during the
audit that have not been corrected’. Before evaluating the effect of the uncorrected misstatements,
the auditor should confirm whether the materiality still remains appropriate. Afterwards, the
auditor will determine the uncorrected misstatements are material individually or in aggregate. The
auditor will consider:
Øthe size and nature of the misstatements, and the particular circumstances of the occurrence
Øthe effect of uncorrected misstatements related to the prior periods.
Ø
q
Ø
q
Ø
q
Ø
Ø
Ø
Ø
n
n

Appendix: ISA 700 – AR
Nov 9, 2015
59
nScope:
qISA 700 deals with the auditor’s responsibility to form an opinion on the financial statements. It
also deals with the form and content of the auditor’s report issued as a result of an audit of
financial statements. It is written in the context of a complete set of general purpose financial
statements.
qThe requirements of this ISA are aimed at addressing an appropriate balance between the need for
consistency and comparability in auditor reporting globally and the need to increase the value of
auditor reporting by making the information provided in the auditor’s report more relevant to
users. This ISA promotes consistency in the auditor’s report, but recognizes the need for
flexibility to accommodate particular circumstances of individual jurisdictions. Consistency in the
auditor’s report, when the audit has been conducted in accordance with ISAs, promotes credibility
in the global marketplace by making more readily identifiable those audits that have been conducted
in accordance with globally
Ø
Ø
n
n

Appendix: ISA 700 – AR
Nov 9, 2015
60
qrecognized standards. It also helps to promote the user’s understanding and to identify unusual
circumstances when they occur.
nObjective - the objectives of the auditor are:
qTo form an opinion on the financial statements based on an evaluation of the conclusions drawn
from the audit evidence obtained; and
qTo express clearly that opinion through a written report.
nRequirements:
qAuditors are required to form an opinion on the basis of sufficient appropriate audit evidence
obtained and express it clearly in the form of a written report. In order to form an opinion
auditor must adhere to the requirements of ISA 700 and under the circumstances of engagement
appropriate select the type of opinion to be expressed i.e. qualified, adverse or disclaimer of
opinion. Auditor must follow the guidelines of ISA 700 regarding the format and content of
auditor’s report and if any supplementary information is provided by the management

Appendix: ISA 700 – AR
Nov 9, 2015
61
qauditor must ensure it is consistent with audited financial statements.
qForming an opinion
ØThe auditor’s opinion on general purpose financial statements is if they are they prepared, in all
material respects, in accordance with applicable financial reporting framework.
ØBut before auditor is able to express an opinion, he is required to gather sufficient appropriate
audit evidence as only sufficient appropriate audit evidence reduces the audit risk to an
acceptably low level.
ØAudit risk is considered to have reduced to an appropriate level if auditor has obtained
reasonable assurance that financial statements are free from material misstatements.
ØTo conclude that reasonable assurance has been obtained, auditor shall consider:
üIf sufficient appropriate audit evidence has been obtained
Ø
n
n

Appendix: ISA 700 – AR
Nov 9, 2015
62
üWhether uncorrected misstatements are material individually or in aggregate and appropriate steps
have been taken
üThe results of evaluation in which auditor is required to evaluate:
•Whether financial statements are prepared in accordance with applicable financial reporting
framework by evaluating if:
vSignificant policies selected and applied are adequately disclosed
vAccounting policies so selected and applied are consistent framework’s requirements
vManagements’ estimates are reasonable
vFinancial statements fulfill qualitative requirements i.e. relevance, reliability,
understandability, comparability etc.
vAdequate disclosures accompany financial
v
v
v
Ø
Ø
Ø
n
n

Appendix: ISA 700 – AR
Nov 9, 2015
63
qstatements so that user can understand the effects of material transactions
vTerminology used, including title of financial statements is appropriate
•Appropriateness of financial statements considering:
vThe qualitative aspects of entity’s accounting process
vProbability of distortion in financial statements due to management’s bias
•Whether applicable financial reporting framework has been appropriately referred to or described.
qForms of opinion
ØThe auditor shall express an unmodified opinion if:
üAuditor concludes that financial statements are prepared, in all material respects, in accordance
with applicable financial reporting framework.
Ø
q
v
v
v
Ø
Ø
Ø
n
n

Appendix: ISA 700 – AR
Nov 9, 2015
64
qOr in other words:
üFinancial statements are giving true and fair view of the business.
ØThe auditor shall give modified opinion if:
üAudit evidence obtained makes auditor conclude that financial statements are not free from
material misstatements; or
üAuditor is unable to obtain sufficient appropriate audit evidence whether financial statements are
free from material misstatements. For modified opinion auditor is required to follow guidelines of
ISA 705.
qContents of Auditor’s report with unmodified opinion:
ØAuditor expresses his opinion on entity’s financial statements in the form of a written report.
Oral expression cannot substitute a written report.
ØAs auditor’s expression enhances the credibility of financial statements therefore auditor’s
report follows a certain
v
v
v
Ø
Ø
Ø
n
n

Appendix: ISA 700 – AR
Nov 9, 2015
65
qformat and comprises of specific elements and content.
ØLocal applicable laws and regulations may require auditor to change the content of auditor’s.
However, as per ISA 700 auditor’s report has following elements:
üTitle
üAddressee
üIntroductory paragraph
üManagement’s responsibility for the financial statements
üAuditor’s responsibility
üAuditor’s opinion
üOther reporting responsibilities
üSignature of the auditor
üDate of auditor’s report
üAuditor’s address
qSupplementary information with Financial Statements
q
v
Ø
Ø
Ø
n
n

Appendix: ISA 700 – AR
Nov 9, 2015
66
ØIf supplementary information has been included with the financial statements by the management
then auditor shall evaluate if such information is consistent with the financial statements and has
been differentiated from the audited financial statements.
ØIf management refuses to correct the presentation of such supplementary information that may
confuse the user and take it as part of financial statements then auditor shall clearly state that
such supplementary information is not audited.
q
Ø
q
v
v
v
Ø
Ø
Ø
n
n

Appendix: ISA 705 – AR modif.
Nov 9, 2015
67
nScope:
qISA 705 deals with the auditor’s responsibility to issue an appropriate report in circumstances
when, in forming an opinion in accordance with ISA 700, the auditor concludes that a modification
to the auditor’s opinion on the financial statements is necessary.
nObjective:
qThe objective of the auditor is to express clearly an appropriately modified opinion on the
financial statements that is necessary when:
ØThe auditor concludes, based on the audit evidence obtained, that the financial statements as a
whole are not free from material misstatement; or
ØThe auditor is unable to obtain sufficient appropriate audit evidence to conclude that the
financial statements as a whole are free from material misstatement.
nRequirements:
qAn opinion in the auditor’s report is said to be modified if it is:
Ø
Ø
Ø
Ø
n
n

Appendix: ISA 705 – AR modif.
Nov 9, 2015
68
ØQualified opinion – a conditional opinion also known as “except for” opinion. An opinion according
to which except for certain aspect of financial statement everything else is true and fair.
ØAdverse opinion – an opinion in which auditor declares that financial statements as a whole are
not giving true and fair view.
ØDisclaimer of opinion – It is not really an opinion rather a statement that no opinion can be
formed due to absence of sufficient appropriate audit evidence.
qAuditor shall express a qualified opinion if:
Øhaving obtained sufficient appropriate audit evidence, auditor concludes that misstatements in the
financial statements are material but not pervasive
Øauditor is unable to obtain sufficient appropriate audit evidence that financial statements thus
unable to form an opinion. However, concludes that undetected misstatements could be material but
no pervasive
Ø
n
n

Appendix: ISA 705 – AR modif.
Nov 9, 2015
69
qAuditor shall express an adverse opinion as a result of obtaining sufficient appropriate audit
evidence auditor concludes that misstatements are material but also pervasive.
qAuditor shall express a disclaimer if auditor is unable to obtain sufficient appropriate audit
evidence and thus cannot form an opinion but concludes that undetected misstatements could be both
material and pervasive.
qSufficiency and appropriateness of audit evidence - Most of the time auditor is not able to
collect sufficient appropriate audit evidence due to:
ØLimitations imposed by circumstances
ØLimitations imposed by management
q
q
Ø
q
Ø
q
Ø
Ø
Ø
Ø
n
n