MODULE 5 - Fraud, Non Compliance, & Other Audit Matters

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 15

MODULE 5: ERRORS, FRAUD, NON-COMPLIANCE & OTHER AUDIT MATTERS

MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest)

I. “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements ”


The purpose of PSA 240 (Redrafted) is to establish basic principles and essential procedures and to
provide guidance on the auditor’s responsibility to consider fraud in an audit of financial statements and
expand on how the standards and guidance in PSA 315 Redrafted “Identifying and Assessing the Risks of
Material Misstatements Through Understanding the Entity and Its Environment” and PSA 330 Redrafted,
“The Auditor’s Responses to Assessed Risks” are to be applied in relation to the risks of material
misstatements due to fraud.

Overall Objectives and Approach - It is an auditor’s responsibility to plan and perform the audit to obtain
reasonable assurance about whether the financial statements are free of material misstatement, whether
caused by error or fraud. Concerning fraud, the emphasis in the PSA is on situations in which it causes
material misstatements, not on making determinations of whether legally fraud has occurred in any
particular situation.

This standard deals with the auditor’s responsibility as it relates to the risk of material misstatement due to
fraud. Its major standard describe
A. Characteristics of fraud
B. Professional skepticism
C. Staff discussion of the risk of material misstatement
D. Obtaining the information needed to identify risks of material misstatement due to fraud
E. Identifying risks that may result in a material misstatement due to fraud
F. Assessing the identified risks after considering the client’s programs and controls
G. Responding to the results of the assessment
H. Evaluating audit evidence
I. Communicating about fraud to management, the audit committee, and others
J. Documenting the auditor’s consideration of fraud

A. Fraud Overview

1. Responsibilities
a. Management and Those Charged with Governance.
It is management’s responsibility to design and implement programs and controls to prevent, deter
and detect fraud. Management and those charged with governance should set the proper “tone” at
the “top” for the entity.
b. Auditor.
1) Reasonable assurance. The auditor has a responsibility to plan and perform the audit to
obtain reasonable assurance about whether the financial statements are free of material
misstatement, whether caused by error or fraud. Because absolute assurance is not attainable,
even properly designed and executed audit may not detect a material misstatement resulting
from fraud.
2) Focus on Misstatements of Financial Statements. Auditors do not make legal determination
of whether fraud has occurred. The auditor is interested in acts that result in a material
misstatement of the financial statements.

2. Fraud Characteristics
Fraud is intentional, errors are unintentional
a. Although fraud is considered an intentional act, when a misstatement exists, intent is
often difficult to determine.
b. “Error” refers to an unintentional misstatement in financial statements including the omission of an
amount or a disclosure, including:
1. A mistake in gathering or processing data from which financial statements are prepared.
2. An incorrect accounting estimate arising from oversight or misinterpretation of facts.
3. A mistake in the application of accounting principles relating to measurement, recognition,
classification, presentation or disclosure.
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 2

c. “Fraud” refers to the intentional act by one or more individuals among management, those charged
with governance, employees, or third parties, involving the use of deception to obtain an unjust or
illegal advantage.

3. Types of intentional misstatements

a. Fraudulent financial reporting – intentional misstatements, omissions of amounts or disclosures


to deceive financial statement users.
It may be accomplished by the following:
1. Manipulation, falsification (including forgery), or alteration of accounting records or supporting
documentation from which the financial statements are prepared.
2. Misrepresentation in or intentional omission from the financial statements of events, transactions
or other significant information.
3. Intentional misapplication of accounting principles relating to amounts, classifications, manner of
presentation, or disclosure.

Material misstatements due to fraudulent financial reporting often result from an overstatement of
revenue (e.g. premature revenue recognition or recording fictitious revenues) or understatement of
revenues (e.g. improperly shifting revenues to a later period). Therefore, the auditor should ordinarily
presume that there is a risk of materially misstating due to fraud relating to revenue recognition. If an
auditor finds this is not to be the case, the auditor should document the reasons supporting this
conclusion.

Fraudulent financial reporting also involves management override of controls that otherwise may
appear to be operating effectively. Techniques include the following:
1. Recording fictitious journal entries, particularly close to the end of an accounting period to
manipulate operating results or achieve other objectives.
2. Inappropriately adjusting assumptions and changing judgments used to estimate account
balances.
3. Omitting, advancing or delaying.

b. Misappropriation of assets – theft of an entity’s assets, also referred to as defalcation.

Misstatements arising from misappropriation of assets involve the theft of an entity’s assets where
the effect causes financial statements to be misstated. It can be accomplished in various ways
including:
1. Embezzling receipts
2. Stealing assets
3. Causing an entity to pay for goods or services that have not been received.

4. The auditor should consider the following ATTRIBUTES of the RMM due to fraud to identify whether and
how the risk is relevant to audit.
a. Type. Whether it involves fraudulent financial reporting or misappropriation of assets.
b. Significance. Whether it is of a magnitude that could lead to result in a possible
material misstatement of the financial statements.
c. Likelihood. The likelihood that it will result in a material misstatement in the financial
statements.
d. Pervasiveness. Whether the potential risk is pervasive to the financial statements as a
whole or especially related to a particular assertion, account or class of transactions.

5. Three conditions are generally present when fraud occurs: (Fraud Risk Triangle)
a. Incentive/pressure – a reason to commit fraud
b. Opportunity – Circumstances exists - for example, absence of controls, ineffective controls, or the
ability of management to override of controls – that provide an opportunity for fraud to be perpetrated.

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 3
c. Attitude/rationalization – Those involved are able to justify/rationalize committing a fraudulent act.

6. Management has a unique ability to perpetrate fraud because it can directly or indirectly manipulate
accounting records and present fraudulent financial information; it may
a. Override controls
b. Direct or solicit employees to carry out fraud

7. Although fraud is ordinarily concealed, certain conditions (e.g. missing documents) may suggest the
possibility of fraud

8. An auditor is unable to provide absolute assurance of detecting fraud

B. Assessment of the Risk of Material Misstatement Due to Fraud

1. Professional Skepticism
a. Professional skepticism is an attitude that includes a questioning mind and critical assessment of
audit evidence.

b. An audit should be conducted with a mindset that recognizes the possibility of material
misstatement due to fraud, even if
1.Past experience with the client has not revealed fraud, and
2.Regardless of the auditor’s belief about management’s honesty and integrity.

c. An auditor should not be satisfied with less than persuasive evidence because of a belief that
management is honest

2. Staff discussion of the risk of material misstatement

1. Prior to or in conjunction with obtaining information to identify risks of fraud, the audit team
should discuss the potential for a material misstatement due to fraud, including
a. “Brainstorming” among team members about how and where the financial statements might
be susceptible to fraud, how management could perpetrate and conceal fraudulent financial
reporting, and how assets could be misappropriated.
b. Emphasizing the importance of maintaining the proper state of mind regarding the potential
for material misstatement due to fraud

2. The discussion should


a. Include consideration of known factors affecting incentives/pressures for fraud,
opportunities, and culture or environment that enables management to rationalize
committing fraud
b. Emphasize the need to maintain a questioning mind and to exercise professional skepticism
c. Include key members of the audit team
1. If multiple locations are involved, there could be multiple discussions in different locations.
2. It may be useful to include any specialists assigned to the audit team in the discussion.

3. Obtaining the information needed to identify risks of material misstatement due to fraud;
procedures should include

1. Inquiries of management and others


a. Examples of inquiries of management
1) Does it have knowledge of fraud or suspected fraud
2) Have there been allegations of fraud or suspected fraud
3) Its understanding of fraud risks
4) Programs and controls established to mitigate fraud risks
5) Control over multiple locations

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 4
6) Communications to employees about business practices and ethical behavior

7) Whether management has reported to the audit committee the nature of the company’s
internal control
b. Inquiries of the audit committee, internal audit function, and others should include their views
about risks of fraud and their knowledge of any fraud or suspected fraud.

2. Considering the results of analytical procedures performed in planning the audit


a. When unexpected results occur, consider the risk of material misstatement due to fraud
b. Perform analytical procedures on revenue to identify unusual or unexpected relationships.
c. Because analytical procedures performed during planning often use data aggregated at a high
level, results obtained often only provide a broad initial indication about whether a material
misstatement exists.

3. Considering fraud risk factors


a. Fraud risk factors are events or conditions that indicate incentives/pressures to perpetrate
fraud, opportunities to carry out fraud, or attitude/rationalizations to justify a fraudulent
action.
b. The auditor should use professional judgment in determining whether a risk factor is present and
in identifying and assessing the risk of material misstatement due to fraud.
c. While fraud risk factors do not necessarily indicate the existence of fraud, they often are present
when fraud exists

4. Consider other information: the discussion among audit team members, review of interim financial
statements, and consideration of identified inherent risks.

4. Identifying risks that may result in a material misstatement due to fraud

1. It is helpful at this stage to consider the three conditions present when a material misstatement due
to fraud ordinarily occurs – incentives/pressures, opportunities, and attitudes/rationalizations.
2. The auditor should evaluate whether identified risks of material misstatement due to fraud can be
related to specific accounts, assertions, or whether they relate more pervasively to the financial
statements as a whole.
3. The identification of a risk of material misstatement due to fraud includes consideration of
a. Type of risk that may exist (fraudulent financial reporting or misappropriation of assets)
b. Significance of risk (magnitude)
c. Likelihood of risk
d. Pervasiveness of risk (overall financial statements, or a particular assertion or account)
4. A presumption of improper revenue recognition is a fraud risk.
5. The auditor should always address the risk of management override of controls.

5. Assessing the identified risks after considering programs and controls

1. PSA 315 Redrafted “Identifying and Assessing the Risks of Material Misstatements Through
Understanding the Entity and Its Environment” requires the auditor to obtain an understanding of
internal control sufficient to plan the audit; this understanding allows the auditor to
a. Identify types of potential misstatements
b. Consider factors that affect the risk of material misstatement
c. Design tests of controls when applicable
d. Design substantive tests

2. As a part of obtaining an understanding of internal control sufficient to plan the audit, the auditor
should evaluate whether the client’s programs and controls that address the identified risks of
material misstatement due to fraud have been suitably designed and placed in operation.

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 5
3. After the auditor has evaluated the client’s programs and controls in this area, the auditor’s
assessment of the risk of material misstatement due to fraud should consider these results.

C. Responding to the results of the assessments – As risk increases

1. Overall responses
a. Assign personnel with more experience and have more supervision
b. More carefully consider significant accounting policies
c. Make auditing procedures less predictable

2. Responses that address specifically identified risks


a. General types of responses
(1) Nature – more reliable evidence or additional corroborative information
(2) Timing – perform at or near end of reporting period, but apply substantive procedures to
transactions occurring throughout the year
(3) Extent – increase sample sizes, perform more detailed analytical procedures

b. Example of modification of the nature, timing and extent of procedures


(1) Perform procedures on a surprise or unannounced basis (e.g. inventory observations, counting
of cash)
(2) Request inventory counts at end of reporting period
(3) Make oral inquiries of major customers and suppliers in addition to written confirmations
(4) Perform substantive analytical procedures using disaggregated data
(5) Interview personnel in areas where risk of material misstatement due to fraud has been
identified
(6) Discuss the situation with any other auditors involved with audit (e.g. an “other auditor” who
audits subsidiary)
c. Additional example of responses for a high risk of fraudulent financial reporting may result in
increased
(1) Analysis of revenue recognition
(2) Consideration of inventory quantities
(3) Consideration of management estimates (e.g. allowance for doubtful accounts)
d. Additional responses for a high risk of misappropriation of assets
(1) If a particular asset is susceptible to misappropriation, obtain an understanding of controls
and/or physical inspection may be appropriate
(2) More precise analytical procedures may be used

3. Responses to further address the risk of management override of controls


a. Examine journal entries and other adjustments for evidence of possible material misstatement
due to fraud
b. Review accounting estimates for biases, including a retrospective review of previous year
estimates so as to provide guidance on management’s past performance in this area
c. Evaluate the business rationale for significant unusual transactions

Note: 1, through 3, above are distinct types of responses – (1) overall responses, (2)
responses that address specifically identified risks, and (3) responses for management
override of controls. Although differing combinations of each might be expected on an
audit, those for management override are ordinarily required on an audit.

D. Evaluating audit evidence

1. The assessment of risks of material misstatement should be ongoing throughout the audit
2. Conditions identified during fieldwork may change or support a judgment concerning the assessment
a. Discrepancies in accounting records; examples
(1) Transactions not recorded in a complete or timely manner, or improperly recorded

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 6
(2) Unsupported or unauthorized balances or transactions
(3) Significant lat-minute adjustments
(4) Evidence of employee inappropriate access to systems

b. Conflicting or missing audit evidence; examples


(1) Missing, unavailable, or altered documents
(2) Unexplained items on reconciliations
(3) Inconsistent, vague, or implausible responses to inquiries
(4) Unusual discrepancies between records and confirmation replies
(5) Missing inventory or physical assets
(6) Unavailable or missing electronic evidence, inconsistent retention policies

c. Problematic or unusual relationships between auditor and management; examples


(1) Denial of access to records, facilities, employees, customers, vendors, and others
(2) Undue time pressures
(3) Management complaints, intimidation
(4) Unusual delays in providing information
(5) Tips or complaints about alleged fraud
(6) Unwillingness to facilitate auditor access to electronic files
(7) Denial of access to IT operations staff and facilities
(8) Unwillingness to add or revise disclosures in financial statements

3. The auditor should evaluate whether analytical procedures performed as substantive tests or in the
overall review stage indicate a previously unrecognized risk of material misstatement due to fraud
a. If not already performed, the auditor should perform analytical procedures at the overall review stage
of the audit; unusual situations include
(1) Large amounts of income recorded in the last week or two of the year
(2) Income inconsistent with trends in cash flows from operations

4. The auditor should evaluate risks of material misstatement due to fraud at near completion of fieldwork.
a. This is primarily a qualitative consideration based on the auditor’s judgment.

5. When audit procedures identify misstatements, the auditor should consider whether such misstatements
may indicate fraud.

6. When misstatements are or may be the result of fraud, but the effects are not material to the financial
statements, the auditor should evaluate the implications.
a. A misappropriation of cash from a small petty cash fund normally would have little significance
b. A misappropriation involving management may be indicative of a more pervasive problem and may
require the auditor to consider the impact on the nature, timing, and extent of tests of balances or
transactions, and the assessment of the effectiveness of controls.

7. If the auditor believes the misstatements may be the result of fraud and has determined it could be
material to the financial statements, but has been unable to evaluate whether the effect is material, the
auditor should
a. Attempt to obtain audit evidence to determine whether fraud has occurred and its effect.
b. Consider implications for other aspects of the audit.
c. Discuss the matter and an approach for further investigation with an appropriate level of management
at least one level above those involved, and with senior management and the audit committee.
d. If appropriate, suggest the client consult with legal counsel

8. The risk of fraud may be so high as to cause the auditor to consider withdrawing from engagement;
factors affecting decision
a. Implications about integrity of management.
b. Diligence and cooperation of management or the board of directors.

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 7

E. Communicating about fraud to management, the audit committee, and others

1. Whenever there is evidence that fraud may exist, the matter should be brought to an appropriate level of
management, even if the matter might be considered inconsequential
a. All fraud involving senior management, and any fraud (by anyone) that causes a material
misstatement should be reported directly by the audit committee
b. The auditor should reach an understanding with the audit committee regarding communications about
misappropriations perpetrated by lower-level employees.
2. If risks have continued control implications, the auditor should determine whether they represent
significant deficiencies and need to be communicated to the audit committee
3. The auditor may choose to communicate other risks of fraud
4. Disclosure of fraud beyond senior management and its audit committee is not ordinarily a part of the
auditor’s responsibility, unless
a. Required by specific legal and regulatory requirements
b. To a successor auditor
c. In response to a subpoena
d. To a funding agency or other specified agency in accordance with requirements of audits of entities
that receive governmental financial assistance

F. Documenting the auditor’s consideration of fraud; document the following:

1. Discussion among audit team of risk of material misstatement due to fraud, including how and when
discussion occurred, participants and subject matter
2. Procedures performed to obtain information to identify and assess risks of material misstatement due to
fraud
3. Specific risks of material misstatement due to fraud that were identified and auditor’s response to those
risks
4. If auditor has not identified improper revenue recognition as a risk of material misstatement due to
fraud, the reasons for that conclusion
5. Results of procedures performed to further assess risk of management override of controls

6. Other conditions and analytical relationships or other responses required and any further responses the
auditor concluded were appropriate to address such risks or conditions
7. Nature of communications about fraud made to management, the audit committee, and others.

EXAMPLES OF FRAUD RISK FACTORS

Risk Factors Relating to Fraudulent Financial Reporting

1. Management characteristics
 Management does not display and communicate an appropriate attitude regarding internal control
and the financial reporting process.
 Management’s compensation is based on unreasonable targets for operating results or financial
position.
 Management tries to increase the stock price or earnings trend by using aggressive accounting
practices.
 Senior management or board members turn over rapidly.
 Management and its current or predecessor auditor have strained relationship.
2. Industry Conditions
 New accounting, statutory or regulatory requirements impair the financial stability or profitability of
the entity.
 A high degree of competition or market saturation causes or accompanies declining margins.
 The client is in a declining industry with frequent business failures.
 The industry experiences rapidly changing customer demand, technology or product obsolescence.

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 8

3. Operating characteristics and Financial Stability


 The client is under significant pressure to obtain needed capital for major research or capital
expenditures.
 The financial statements are based on subjective estimates that are subject to potential significant
change in the near term.
 The financial structure of the client makes it highly vulnerable to changes in interest rates.
 The client is threatened with imminent bankruptcy or foreclosure.
 The client has reported earnings growth, but cannot generate cash flows from operations.
 Unusually complex transactions occur near the end of the year.

Risk Factors Relating to Misappropriation of Assets

1. Susceptibility of Assets to Misappropriation


 Large amounts of cash are processed.
 Inventory consists of small high value items.
2. Employee Relationship or Pressures
 Dissatisfied employees have access to assets.
 Employees exhibit a lifestyle that is beyond their means.
 Employee behavior changes in unusual and unexplained ways.
3. Controls
 Management fails to provide adequate oversight.
 Job applicants are inadequately screened.
 The accounting system is in disarray.

The Auditor’s Responsibility If Errors and Fraud Are Detected

Discovery of an Error or Fraud

If the amounts shown in the client’s accounting records and the audited amounts differ, the auditor must
make professional judgments as to whether these differences are errors or fraud. Errors generally should
require adjustment of the client’s accounting records, whereas fraud has serious implications that go beyond
the monetary effect on the financial statements .

If the auditor has determined that a difference is, or maybe, fraud, but the effect on the effect on the financial
statements could not be material, the auditor should
1. Refer the matter to an appropriate level of management that is at least one
level above those involved.
2. Satisfy himself or herself that the implication of the fraud for other aspects of
the audit has been given proper consideration.

If the auditor has determined that the difference is, or may be, fraud and the effect on the financial
statements could be material, the auditor should
1. Consider the implication for other aspects of the audit.
2. Discuss the matter with a level of management at least one level above those involved in the fraud.
3. Try to obtain evidence to determine whether the fraud is material and what its effect will be on the
financial statements.
4. If appropriate, suggest that the client consult with legal counsel on matters of law.

Effects of Fraud on the Auditor’s Report

The auditor’s responsibility for material fraud extends to the opinion in the audit report. The financial
statements should be revised if necessary or a qualified or adverse opinion issued.

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 9
The auditor may not be allowed to or may be unable to perform the necessary auditing procedures to
conclude whether possible fraud materially affects the financial statements. In such cases, the auditor
should:
1. Disclaim an opinion or express a qualified opinion on the financial statements.
2. Report the findings on the possible fraud to the audit committee or the board of
directors.

The auditor should withdraw from the engagement if the client refuses to accept a disclaimer of opinion or a
qualified opinion because of the circumstances described above.

II. PSA 250 Redrafted, “Consideration of Laws and Regulations in an Audit of Financial Statements”

Overall Objectives and Approach – This standard presents guidance on the auditor’s responsibility to
consider laws and regulations in an audit of financial statements. This also includes nature and extent of
consideration given to client noncompliance during audits. The guidance relates both to considering the
possibility of noncompliance, and to the responsibility when such noncompliance are detected.

A. Overall definition of Noncompliance and Summary of Auditor Responsibility

1. Noncompliance – refers to acts of omission or commission by the entity being audited, either intentional
or unintentional, which are contrary to the prevailing laws and regulations. Such acts include transactions
entered into by, or in the name of, the entity or on its behalf by its management or employees.
a. Noncompliance by clients are acts attributable to entity under audit acts of management, or
employees acting on behalf of entity.
b. Noncompliance by clients do not include personal misconduct by entity’s personnel that is
unrelated to business.

2. Determination of legality of act is normally beyond auditor’s professional competence and depends on
legal judgment

3. The further removed noncompliance is from the events and transactions ordinarily reflected in financial
statements the less likely it is that the auditor will become aware.
a. Examples of noncompliance more likely to be detected (those with a direct and material effect on
determination of financial statement amounts)
(1) Tax laws affecting accruals
(2) Revenue accrued on government contracts
b. Examples of noncompliance less likely to be detected (those with an indirect effect on financial
statements – often a contingent liability)
(1) Laws related to securities trading
(2) Occupational safety and health
(3) Price fixing

B. Management’s responsibility for the compliance of laws and regulations

1. It is the management’s responsibility with the oversight of those charged with governance to prevent
and detect non-compliance by means of:
1. Monitoring legal requirements and ensuring that operating procedures are designed to meet
these requirements.
2. Instituting and operating appropriate systems of internal control.
3. Developing, publicizing appropriate systems of internal control.
4. ensuring employees are properly trained and understand the Code of Conduct
5. Monitoring compliance with the Code of Conduct and acting appropriately to discipline
employees who fail to comply with it
6. Engaging legal advisors to assist in monitoring legal requirements.

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 10
7. Maintaining a register of significant laws with which the entity has to comply within its particular
industry and a record of complaints.

In larger entities, these policies and procedures may be supplemented by assigning appropriate
responsibilities to:
1. An internal audit function
2. Audit committee

C. The Auditor’s Consideration of Compliance with Laws and Regulations

1. The auditor is not, and cannot be held responsible for preventing noncompliance. The fact that an
annual audit is carried out may, however, act as a deterrent.

2. An audit is subject to the unavoidable risk that some material misstatements of the financial statements
will not be detected, even though the audit is properly planned and performed in accordance with
PSAs. This risk is higher with regard to material misstatements resulting from noncompliance with laws
and regulations due to factors such as:
a. There are many laws and regulations, relating principally to the operating aspects of the entity that
typically do not have a material effect on the financial statements and are not captured by the
accounting and internal control systems.
b. The effectiveness of audit procedures is affected by the inherent limitations of the accounting and
internal control systems and by the use of testing.
c. Much of the evidence obtained by the auditor is persuasive rather than conclusive in nature.
d. Noncompliance may involve conduct designed to conceal it, such as collusion, forgery, deliberate
failure to record transactions, senior management override of controls or intentional
misrepresentations being made to the auditor.

3. In accordance with PSA 200 Revised and Redrafted “Overall Objective of the Independent Auditor and
the Conduct of an Audit in Accordance with Philippine Standards on Auditing”, the auditor should plan
and perform the audit with an attitude of professional skepticism recognizing that the audit may reveal
conditions or events that would lead to questioning whether an entity is complying with laws and
regulations.

4. In order to plan the audit, the auditor should obtain a general understanding of the legal and regulatory
framework applicable to the entity and the industry and how the entity is complying with that framework.

5. In obtaining this general understanding, the auditor would particularly recognize that some laws and
regulations may have a fundamental effect on the operations of the entity. That is, noncompliance
with certain laws and regulations may cause the entity to cease operations, or call into question the
entity's continuance as a going concern. For example, noncompliance with the requirements of the
entity's license or other title to perform its operations could have such an impact (for example, for a
bank, noncompliance with capital or investment requirements).

6. To obtain the general understanding of laws and regulations, the auditor would ordinarily:
 Use the existing knowledge of the entity's industry and business.
 Inquire of management concerning the entity's policies and procedures regarding compliance with
laws and regulations.
 Inquire of management as to the laws or regulations that may be expected to have a fundamental
effect on the operations of the entity.
 Discuss with management the policies or procedures adopted for identifying, evaluating and
accounting for litigation claims and assessments.
 Discuss the legal and regulatory framework with auditors of subsidiaries in other countries (for
example, if the subsidiary is required to adhere to the securities regulations of the parent
company).

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 11

7. After obtaining the general understanding, the auditor should perform procedures to help identify
instances of noncompliance with those laws and regulations where noncompliance should be
considered when preparing financial statements, specifically:
a.Inquiring of management as to whether the entity is in compliance with such laws and regulations.
b.Inspecting correspondence with the relevant licensing or regulatory authorities.

8. The auditor should obtain sufficient appropriate audit evidence about compliance with those laws and
regulations generally recognized by the auditor to have an effect on the determination of material
amounts and disclosures in financial statements. The auditor should have a sufficient understanding
of these laws and regulations in order to consider them when auditing the assertions related to the
determination of the amounts to be recorded and the disclosures to be made.
9. The auditor should be alert to the fact that procedures applied for the purpose of forming an opinion on
the financial statements may bring instances of possible noncompliance with laws and regulations to
the auditor’s attention. For example, such procedures include reading minutes; inquiring of the entity's
management and legal counsel concerning litigation, claims and assessments; and performing
substantive tests of details of transactions or balances.
10. The auditor should obtain written representations that management has disclosed to the auditor all
known actual or possible noncompliance with laws and regulations whose effects should be
considered when preparing financial statements.

11. In the absence of evidence to the contrary, the auditor is entitled to assume the entity is in compliance
with these laws and regulations.

Procedures When Noncompliance is Discovered

12. When the auditor becomes aware of information concerning a possible instance of noncompliance, the
auditor should obtain an understanding of the nature of the act and the circumstances in which it has
occurred, and sufficient other information to evaluate the possible effect on the financial statements.

13. When evaluating the possible effect on the financial statements, the auditor considers:
1. The potential financial consequences, such as fines, penalties, damages, threat of expropriation
of assets, enforced discontinuation of operations and litigation.
2. Whether the potential financial consequences require disclosure.
3. Whether the potential financial consequences are so serious as to call into question the fair
presentation given by the financial statements.

14. When the auditor believes there may be noncompliance, the auditor should document the
findings and discuss them with management. Documentation of findings would include copies of
records and documents and making minutes of conversations, if appropriate.

15. If management does not provide satisfactory information that it is in fact in compliance, the auditor
would consult with the entity's lawyer about the application of the laws and regulations to the
circumstances and the possible effects on the financial statements. When it is not considered
appropriate to consult with the entity's lawyer or when the auditor is not satisfied with the opinion, the
auditor would consider consulting the auditor's own lawyer as to whether a violation of a law or
regulation is involved, the possible legal consequences and what further action, if any, the auditor
would take.
16. When adequate information about the suspected noncompliance cannot be obtained, the
auditor should consider the effect of the lack of audit evidence on the auditor’s report.

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 12
17. The auditor should consider the implications of noncompliance in relation to other aspects of
the audit, particularly the reliability of management representations. In this regard, the auditor
reconsiders the risk assessment and the validity of management representations, in case of
noncompliance not detected by internal controls or not included in management representations. The
implications of particular instances of noncompliance discovered by the auditor will depend on the
relationship of the perpetration and concealment, if any, of the act to specific control procedures and
the level of management or employees involved.

Reporting of Noncompliance

To Management

18. The auditor should, as soon as practicable, either communicate with the audit committee, the
board of directors and senior management, or obtain evidence that they are appropriately
informed, regarding noncompliance that comes to the auditor’s attention. However, the auditor
need not do so for matters that are clearly inconsequential or trivial and may reach agreement in
advance on the nature of such matters to be communicated.

19. If in the auditor’s judgment the noncompliance is believed to be intentional and material, the
auditor should communicate the finding without delay.

20. If the auditor suspects that members of senior management, including members of the board
of directors, are involved in noncompliance, the auditor should report the matter to the next
higher level of authority at the entity, if it exists, such as an audit committee or supervisory
board. Where no higher authority exists, or if the auditor believes that the report may not be acted
upon or is unsure as to the person to whom to report, the auditor would consider seeking legal advice.

To the Users of the Auditor's Report on the Financial Statements

21. If the auditor concludes that the noncompliance has a material effect on the financial
statements, and has not been properly reflected in the financial statements, the auditor should
express a qualified or an adverse opinion.

22. If the auditor is precluded by the entity from obtaining sufficient appropriate audit evidence to
evaluate whether noncompliance that may be material to the financial statements has, or is
likely to have occurred, the auditor should express a qualified opinion or a disclaimer of
opinion on the financial statements on the basis of a limitation on the scope of the audit.

23. If the auditor is unable to determine whether noncompliance has occurred because of
limitations imposed by the circumstances rather than by the entity, the auditor should
consider the effect on the auditor’s report.

To Regulatory and Enforcement Authorities

24. The auditor's duty of confidentiality would ordinarily preclude reporting noncompliance to a third party.
However, in certain circumstances, that duty of confidentiality is overridden by statute, law or by courts
of law (for example, in some countries the auditor is required to report noncompliance by financial
institutions to the supervisory authorities). The auditor may need to seek legal advice in such
circumstances, giving due consideration to the auditor's responsibility to the public interest.

Withdrawal from the Engagement

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 13
25. The auditor may conclude that withdrawal from the engagement is necessary when the entity does not
take the remedial action that the auditor considers necessary in the circumstances, even when the
noncompliance is not material to the financial statements. Factors that would affect the auditor's
conclusion include the implications of the involvement of the highest authority within the entity which
may effect the reliability of management representations, and the effects on the auditor of continuing
association with the entity. In reaching such a conclusion, the auditor would ordinarily seek legal
advice.

26. On receipt of an inquiry from the proposed auditor, the existing auditor should advise whether there
are any professional reasons why the proposed auditor should not accept the appointment or
engagement. The extent to which an existing auditor can discuss the affairs of a client with a
proposed auditor will depend on whether the client's permission to do so has been obtained and/or the
legal or ethical requirements that apply relating to such disclosure. If there are any such reasons or
other matters which need to be disclosed, the existing auditor would, taking account of the legal and
ethical constraints, including where appropriate permission of the client, give details of the information
and discuss freely with the proposed auditor all matters relevant to the appointment. If permission
from the client to discuss its affairs with the proposed auditor is denied by the client, that fact should
be disclosed to the proposed auditor.

Indications That Noncompliance May Have Occurred - “ Red Flags”

Examples of the type of information that may come to the auditor's attention that may indicate that
noncompliance with laws or regulations has occurred are listed below:

1. Investigation by government departments or payment of fines or penalties.

2. Payments for unspecified services or loans to consultants, related parties, employees or government
employees.

3. Sales commissions or agent's fees that appear excessive in relation to those ordinarily paid by the
entity or in its industry or to the services actually received.

4. Purchasing at prices significantly above or below market price.

5. Unusual payments in cash, purchases in the form of cashiers' checks payable to bearer or transfers to
numbered bank accounts.

6. Unusual transactions with companies registered in tax havens.

7. Payments for goods or services made other than to the country from which the goods or services
originated.
8. Payments without proper exchange control documentation.
9. Existence of an accounting system which fails, whether by design or by accident, to provide an
adequate audit trail or sufficient evidence.
10. Unauthorized transactions or improperly recorded transactions
11. Media comment.

III. PSA 260 Revised and Redrafted “ Communication With Those Charged With Governance”
establishes standards and provides guidance on communication of audit matters arising from the audit of
financial statements between the auditor and those charged with governance of an entity. These
communications relate to audit matters of governance interest

A. Auditor’s Responsibility

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 14
The auditor should communicate audit matters of governance interest arising from the audit of financial
statements with those charged with governance of an entity on a “timely basis”

“Governance” is the term used to describe the role of persons entrusted with the supervision, control and
direction of an entity. Those charged with governance ordinarily are accountable for ensuring that the entity
achieves its objectives, financial reporting, and reporting to interested parties. Those charged with
governance include management only when it performs such function.

“Those Charged With Governance” are those persons with responsibility for overseeing the strategic
direction of the entity and obligations related to the accountability of the entity. This includes overseeing
the financial reporting process. The term “those charged with governance” encompasses the terms board
of directors and audit committee.

“Management” are those responsible for achieving the objectives of the entity and who have the
executive authority to establish policies and make decisions by which objectives are to be pursued. Their
responsibilities include the financial statements and the system of internal control over financial reporting.

“Audit matters of governance interest” are those that arise from the audit of financial statements and, in
the opinion of the auditor, are both important and relevant to those charged with governance in overseeing
the financial reporting and disclosure process. Audit matters of governance interest include only those
matters that have come to the attention of the auditor as a result of the performance of the audit. The
auditor is not required, in an audit in accordance with PSAs, to design procedures for the specific purpose
of identifying matters of governance interest.

For corporations covered by the SEC Code of Corporate Governance, as well as banks, the board of
directors is primarily responsible for corporate governance of such entities. One of the duties of the
board of directors is the creation of an audit committee that will be responsible for the set-up of internal
audit functions.

B. Matters To be Communicated With Those Charged With Governance

Matters related to the financial statements that are significant and relevant to the responsibilities of those
charged with governance in overseeing the financial reporting process must be communicated by the
auditor. However, communication by the auditor does not relieve management of their responsibility to
communicate matters of interest to those charged with governance.

1. Auditor’s responsibilities in relation to financial statement audit


a. Opinion. The auditor is responsible for forming and expressing an opinion about whether the
financial statements that have been prepared by management with oversight of those charged
with governance are presented fairly, in all material respects, in conformity with applicable
reporting framework.
b. Responsibilities. The audit does not relieve either management or those charged with
governance of their responsibilities.

2. Planned scope and timing of audit. An overview of the planned scope and timing of the audit
should be communicated. The auditor must exercise professional judgment in determining the nature
and extent of communication.

3. Significant Findings. The auditor should communicate significant findings from the audit including:
a. The auditor’s views about qualitative aspects of the entity’s significant accounting practices,
including accounting policies, accounting estimates and financial statement disclosures.
b. Significant difficulties, if any, encountered during the audit.
c. Uncorrected misstatements, other than those the auditor believes are trivial, if any.
d. Disagreements with management.

MODULE 5 LECTURE
MODULE 5: Errors, Fraud, Non Compliance, & Audit Matters of Governance Interest 15
e. Other findings or issues, if any arising from the audit that are, in the auditor’s professional
judgment, significant to those charged with governance regarding the oversight of the financial
reporting process.

And unless all those charged with governance are involved in managing the entity, the auditor should
also communicate:

f. Material, corrected misstatements that were brought to the attention of management as a result of
audit procedures.
g. Representations the auditor is requesting from management.
h. Management’s consultations with other accountants.
i. Significant issues, if any, arising from the audit that were discussed, or the subject of
correspondence with management.

4. Auditor’s Independence.
In case of listed entities, the auditor shall communicate with those charged with governance:
1. A statement that the engagement team and others in the firm as
appropriate, the firm and when applicable, the network firm have complied with relevant ethical
requirement regarding independence.
2. All relationships between the firm, network firm and entity, that in the
auditor’s professional judgment, may reasonably be thought to bear on independence.
3. The related safeguards that have been applied to eliminate the threat
or reduce the threat to an acceptably low level.

C. The Communication Process.

It is important that the communication process be effective and two-way, so as the auditor should
communicate with those charged with governance the form, timing and expected general content of the
communications. If the two-way communication is not adequate, the auditor should consider the effect, if
any, on the auditor’s assessment of the risks of material misstatements. The auditor must exercise
professional judgment as to whether the communication is oral or writing.

The auditor’s communications with those charged with governance may be made orally or in writing.
The auditor’s decision whether to communicate orally or in writing is affected by factors such as:

1. The size, operating structure, legal structure, and communications processes of the entity being
audited;
2. The nature, sensitivity and significance of the audit matters of governance interest to be
communicated;
3. The arrangements made with respect to periodic meetings or reporting of audit matters of
governance interest;
4. The amount of on-going contact and dialogue the auditor has with those charged with governance.

D. Documentation.

The auditor should document matters communicated orally and retain those in writing.

*********************************************

MODULE 5 LECTURE

You might also like