4 minute read
AUDITORS RESPOND TO FRAUD RISKS AND MATERIAL MISSTATEMENTS PARTNER EXPERIENCE
Yousouf MAHMAD BADAT Head of Quality Control - Mauritius http://www.tgsmauritius.mu
Advertisement
The auditor should perform a test to obtain evidence about the operating effectiveness of the controls related to all relevant financial statement assertions for all significant account balances.
To understand and evaluate the effectiveness of the design of controls and confirm whether any have been implemented, the auditor should perform a walkthrough test. This is extremely useful and allows them to understand the controls in place for complex business processes, new or significantly changed systems processes, and processes involving accounts which are susceptible to fraud.
Going back to basic audit procedures, the auditor should:
• Understand the organisation’s activities, its objectives, and its current business conditions (including its inability to continue as a going concern).
• Identify significant account balances and types of volumes of transactions.
• Identify unusual or unexpected balances that might indicate a risk of fraud or error.
• Consider the organisation’s monitoring performance against their expectations and how management monitors their business risks.
• Investigate variances by seeking explanations from management and obtaining appropriate corroborating evidence, thus, using their professional scepticism to arrive at the right audit conclusion.
• Compare key indicators with the industry average.
The auditor should also test:
• Controls relating to the organisation’s risk assessment process that specifically address fraud risk, which is also a key risk.
• Controls relating to the adequacy of the internal controls in higher risk areas.
• Controls restraining the misappropriation of assets that could result in material misstatements and relat to ethics, conflicts of interest, related party transactions and other complex transactions.
The risk assessment processes within an organisation help the auditor to identify risks, determine the effectiveness of internal controls that impact these risks, and develop mitigation plans for these risks which are considered a significant threat to the organisation.
Based on the above work, the auditor can form their independent point of view of the organisation’s business risks, including key risks to develop testing strategies for material balances.
The auditor should be more sceptical and rigorous in the way they perform audit testing and obtain corroborative evidence, as this profession is based on public trust and the public firmly believes that auditors can challenge organisations to detect fraud.
The auditor should also vary their testing strategies from one year to another by incorporating an element of unpredictability into their audit plan to respond to overall fraud risk where there have been significant changes within an organisation.
Ways to incorporate unpredictability into their audit plan:
1. Consider inspecting the existence of lower value assets not previously considered due to materiality, for example, equipment spare parts
2. Test repairs and maintenance of assets, to determine whether they’re of capital or revenue nature
3. Attend inventory counts performed at locations not previously attended during prior audits and without preinforming the organisation
4. Testing standard costing of inventories for lower/medium value items
5. Change the nature of substantive analytical processing, by using a different basis for disaggregating revenues
6. Send confirmations of balances that have not previously been targeted (negatives and balances below the size threshold not used previously) and confirmations of outstanding balances directly from suppliers by normal confirmation request procedures
7. Extend cut-off testing beyond year end date
8. Perform tests on receivables not yet collected, by reviewing bank transfers post-year end and examining relevant documents to related invoices/despatch notes
9. Review accounts for reasonableness and explanation of allowance for bad debts.
10. Select additional months to perform work on bank reconciliations and scrutinise the transfer of funds from bank accounts after year- end.
Whilst the auditor can still place reliance on prior CAKE (Cumulative Audit Knowledge and Experience), the documentation of internal controls and proactiveity in the approach of managing and achieving the quality of controls (International Standard on Quality Control (ISQC ISA 220R)) should be enhanced. These should show that evidence supporting the effectiveness of controls, processes for all the relevant assertions and significant accounts and balances have been adhered to.
Another audit procedure used to respond to fraud is by testing journal entries. Testing standard journal entries is something that will give the auditor a good understanding of the organisation’s financial reporting process. There should be controls over journal entries and other adjustments put in place in order to test journals effectively. This is because there have been many cases that resulted in restatement and allegedly involved management fraud as a result of inappropriate journal entries and other adjustments.
Fraud could look like posting numerous improper journal entries in relatively small amounts. These may impact the balance sheet and income statement, but not in a significant enough way to be identified through some analytical procedures. These non-standard journal entries can also be used to create fraudulent financial statements.
There should be numerous policies and procedures in place regarding the initiation, recording and processing of journal entries, namely:
• Journal entries are sequentially numbered, based on accurate sources of information and properly verified.
• Accounting staff are responsible for posting journal entries to the general ledger only after evidence of review by a team leader.
• Controls are specifically designed to prevent and detect fictitious entries and unauthorised changes to journal entries and ledger accounts.
• Any specific journal entries that are posted or done on an ad-hoc basis require a team leader’s written authorization.
• Controls over the integrity of the processing of journal entries used to generate accurate and precise financial/management reports.
• Several levels of independent reviews are required to ensure reports are free from errors.
Normally, the auditor should expect to review standard journal entries such as the purchase/disposal of assets, bad debts, damaged or obsolete stocks, sales returns, petty cash expenses, increase/decrease in provisions and so on. The auditor should also verify the general ledger and scan journal entries at year end as there is a greater risk associated with non-standard journal entries in this timeframe.
All of the above audit strategies will give the auditor reasonable assurance and comfort over the financial reporting processes and account balances.
Photo by AdobeStock
