Joanne M. Flood

Wiley Practitioner's Guide to GAAS 2020


Скачать книгу

fraud risk include:

       Liabilities from a restructuring because of the subjectivity in estimating them

       Revenues for a software developer, because of their complexity

      NOTE: The auditor should document the identified fraud risks.

      Presumption about Improper Revenue Recognition as a Fraud Risk

      Since fraudulent financial reporting often involves improper revenue recognition, the auditor should ordinarily presume that there is a risk of material misstatement due to fraudulent revenue recognition. (AU-C 240.26)

      The auditor should document the reasons supporting his or her conclusion when improper revenue recognition is not identified as a fraud risk. (AU-C 240.46)

      The auditor should also recognize that, even when other specific risks of material misstatement are not identified, there is a risk that management can override controls. (AU-C 240.31) The auditor should address this risk, as discussed in the later section on “Addressing the Risk of Management Override.”

      Assessing Identified Risks

      As part of the understanding of internal control required by Section 319, the auditor should:

      1 Evaluate whether the entity’s programs and controls that address identified risks have been appropriately designed and placed in operation. Programs and controls may involve specific controls, such as those designed to prevent theft, or broad programs, such as one that promotes ethical behavior.

      2 Consider whether programs and controls mitigate identified risks of material misstatement due to fraud or whether control deficiencies exacerbate risks.

      3 Assess identified risks, taking into account the evaluation of programs and controls.

      4 Consider this assessment when responding to the identified risks of material misstatement due to fraud.

      Responding to the Results of the Assessment

      The auditor responds to assessment of risk of material misstatement due to fraud by:

       Exercising professional skepticism

       Evaluating audit evidence

       Considering programs and controls to address those risks

      Examples of the use of professional skepticism include:

       Designing additional or different audit procedures to obtain more reliable evidence

       Obtaining additional corroboration of management’s responses or representations

      The auditor should respond to the risk of material misstatement in the following ways:

      1 Evaluate the overall conduct of the audit.

      2 Adjust the nature, timing, and extent of audit procedures performed in response to identified risks.

      3 Perform certain procedures to address the risk that management will override controls.

      NOTE: The auditor should document a description of the auditor’s response to identified fraud risks.

      If the auditor concludes that it is not practical to design audit procedures to sufficiently address the risks of material misstatement due to fraud, the auditor should consider withdrawing from the engagement and communicating the reason to the audit committee.

      Overall Response to Risk

      Judgments about the risk of material misstatements due to fraud may affect the audit in the following ways:

      1 Assignment of personnel and supervision. The personnel assigned to the engagement should have the knowledge, skill, and experience necessary to address the auditor’s assessment of the level of risk of the engagement. The extent of supervision should also reflect the level of risk.

      2 Accounting principles. The auditor should evaluate management’s selection and application of significant accounting principles, particularly those relating to subjective measurements and complex transactions. The auditor should also consider whether the collective application of the principles indicates a bias that may create a material misstatement.

      3 Predictability of audit procedures. The auditor should vary procedures from year to year to create an element of unpredictability. For example, the auditor may perform unannounced procedures or use a different sampling method.

      (AU-C 240.29)

      Adjusting the Nature, Timing, and Extent of Audit Procedures to Address Risk

      The auditor may respond to identified risks by adjusting the nature, timing, and extent of audit procedures performed. Specifically:

       The nature of procedures may need to be modified to provide more reliable and persuasive evidence, or to corroborate management’s representations. For example, the auditor may need to rely more on independent sources, physical observation of assets, or computer- assisted audit techniques (CAATs).

       The timing of procedures may need to be changed. For example, the auditor may decide to perform more procedures at year-end, rather than relying on tests from an interim date.

       The extent of procedures applied should reflect the assessment of fraud risk and may need to be adjusted. For example, the auditor may increase sample sizes, perform more detailed analytical procedures, or utilize more computer-assisted audit techniques.

      (AU-C 240.30)

      Appendix B of AU-C 240 contains the following examples of ways to modify the nature, timing, and extent of tests in response to identified risks of material misstatement due to fraud:

       Perform unannounced or surprise procedures at locations.

       Ask that inventories be counted as closely as possible to the end of the reporting period.

       Orally confirm with major customers and suppliers in addition to sending written confirmations.

       Send confirm requests to a specific party in an organization.

       Perform substantive analytical procedures using disaggregated data, such as comparing gross profit or operating margins by location, line of business, or month to auditor-developed expectations.

       Interview personnel involved in areas where a fraud risk has been identified to get their views about the risk and how controls address the risk.

       Discuss with other independent auditors auditing other subsidiaries, divisions, or branches the extent of work that should be performed to address the risk of fraud resulting from transactions and activities among those components.

       If the work of an expert becomes particularly significant with respect to a financial statement item for which the assessed risk of misstatement due to fraud is high, perform additional procedures relating to some or all of the expert’s assumptions, methods, or findings to determine that the findings are not unreasonable, or engage another expert for that purpose.

       Perform audit procedures to analyze selected opening balance sheet accounts of previously audited financial statements to assess how certain issues involving accounting estimates and judgments (for example, an allowance for sales returns) were resolved with the benefit of hindsight.

      Examples of Responses to Identified Risks of Misstatements