Chapter 03 - Management Fraud and Audit Risk

CHAPTER 3
Management Fraud and Audit Risk
LEARNING OBJECTIVES
Review
Checkpoints

Exercises, Problems
and Simulations

1.

Define and explain the differences among
several kinds of fraud, errors, and illegal acts
that might occur in an organization.

1

43

2.

Explain auditors’ responsibilities with respect
to detecting and reporting fraud.

2, 3

45, 53, 56, 57, 60, 62

3.

List and explain some conditions that can lead
to frauds.

4, 5

46, 50, 63

4. Explain auditors’ responsibilities with
respect to illegal acts.

6

61

5.

Describe the conceptual audit risk model and
explain the meaning and importance of its
components in terms of professional judgment
and audit planning.

7, 8, 9, 10

47, 51, 55, 58, 59

6.

Define materiality and explain its relationship
to the audit risk model.


11, 12

7.

List and describe eight general types of audit
procedures for gathering evidence.

13, 14, 15, 16

44, 48, 49, 52

8.

Describe the content and purpose of audit
programs.

17, 18, 19

54

3-1


Chapter 03 - Management Fraud and Audit Risk

SOLUTIONS FOR REVIEW CHECKPOINTS
3.1

White collar crimes are frauds perpetrated by people who work in offices and steal with a pencil or

a computer terminal. The contrast is violent street crime.
Employee fraud is the use of fraudulent means to take money or other property from an employer.
It consists of three phases: (1) the fraudulent act, (2) the conversion of the money or property to
the fraudster’s use and (3) the cover-up.
Embezzlement is a type of fraud involving employees or nonemployees wrongfully taking funds
or property entrusted to their care, custody, and control, often accompanied by false accounting
entries and other forms of lying and cover-up.
Larceny is simple theft of an employer’s property that is not entrusted to an employee’s care,
custody or control.
Defalcation is another name for employee fraud and embezzlement.
Errors are unintentional misstatements or omissions of amounts or disclosures in financial
statements.
Direct-effect illegal acts are violations of laws or government regulations by the company or its
management or employees that produce direct and material effects on dollar amounts in financial
statements. “Illegal acts” (far-removed) are violations of laws and regulations that are far
removed from financial statement effects (for example, violations relating to insider securities
trading, occupational health and safety, food and drug administration, environmental protection,
and equal employment opportunity).

3.2

AICPA auditing standards require that:
a.

audit team members have an understanding and awareness of signs of errors, frauds
(including direct-effect illegal acts), and indirect-effect illegal acts.

b.

the audit be designed to respond to knowledge of fraud risks and provide reasonable

assurance of detecting material errors and frauds (including direct-effect illegal acts).

c.

audit team members should have the proper degree of professional skepticism, assuming
neither dishonesty nor unquestioned honesty of management.

d.

for reporting, the materiality concept is different for errors, fraud, and illegal acts. For
errors, the usual idea of materiality prevails; for frauds (including direct-effect and
far-removed illegal acts) immateriality is expressed in terms of “clearly inconsequential.”
Matters that fall below the threshold apparently can be reported to levels of management
below the board of directors and audit committee. More significant matters are reported
to the director level, and management involvement in frauds and illegal acts is never
considered inconsequential.

3-2


Chapter 03 - Management Fraud and Audit Risk

3.3

The seven steps specified by SAS 99: Consideration of Fraud in a Financial
Statement Audit are:
Step 1:
Engagement Team Discussion (“Brain Storming”)
Step 2:
Identify Information Necessary to Assess Fraud Risk Factors

Step 3:
(a) Identify Risk Factors Related to Fraudulent Financial
Reporting and (b) Assess Fraud Risks
Step 4:
Respond to Assessed Risks
Step 5:
Evaluate Audit Evidence
Step 6:
Communicate Fraud Matters
Step 7:
Document Fraud Matters

3.4

Below are some other conditions and circumstances that have existed along with frauds in the
past:
Fraud Risk Factors

•

•
•

•
•
•

•
•
•

•

3.5

Management’s Characteristics
and Influence
Management has a motivation
(bonus compensation, stock
options, etc.) to engage in
fraudulent reporting.
Management decisions are
dominated by an individual or
a small group.
Management fails to display an
appropriate attitude about
internal control and financial
reporting.
Managers’ attitudes are very
aggressive toward financial
reporting.
Managers place too much
emphasis on earnings
projections.
Nonfinancial management
participates excessively in the
selection of accounting
principles or determination of
estimates.
The company has a high
turnover of senior

management.
The company has a known
history of violations.
Managers and employees tend
to be evasive when responding
to auditors’ inquiries.
Managers engage in frequent
disputes with auditors.

•
•
•
•
•

Industry
Conditions
Company profits lag the
industry.
New requirements are
passed that could impair
stability or profitability.
The company’s market is
saturated due to fierce
competition.
The company’s industry
is declining.
The company’s industry
is changing rapidly.


Operating Characteristics and
Financial Stability
•
A weak internal control
environment prevails.
•
The company is not able to
generate sufficient cash flows
to ensure that it is a going
concern.
•
There is pressure to obtain
capital.
•
The company operates in a
tax haven jurisdiction.
•
The company has many
difficult accounting
measurement and
presentation issues.
•
The company has significant
transactions or balances that
are difficult to audit.
•
The company has significant
and unusual related-party
transactions.
•

Company accounting
personnel are lax or
inexperienced in their duties.

Auditors should know how to preserve the chain of custody of evidence. The chain of custody is
the crucial link of the evidence to the suspect, called the “relevance” of evidence by attorneys and
judges. If documents are lost, mutilated, coffee-soaked, compromised (so a defense attorney can

3-3


Chapter 03 - Management Fraud and Audit Risk
argue that they were altered to frame the suspect), they can lose their effectiveness for the
prosecution.

3-4


Chapter 03 - Management Fraud and Audit Risk

3.6

3.7

a.

There is no difference among the categories at the awareness level.

b.


The expectation is lower for far-removed illegal acts, where audit procedures (other than
inquiry and familiarity) are performed only when specific information indicates that
possible illegal acts may have a material indirect effect on financial statements.

c.

About the same degree of skepticism with respect to all the categories; in connection with
errors and frauds (including direct-effect illegal acts) auditors should have the proper
degree of professional skepticism, assuming neither dishonesty nor unquestioned honesty
of management; in connection with far-removed illegal acts, auditors should make
inquiries about management’s policies and procedures for compliance with laws and
regulations and obtain written management representations concerning the absence of
violations of laws and regulations.

d.

For reporting, the materiality concept is different: (1) for errors, the usual idea of
materiality prevails, (2) for frauds (including direct-effect and far-removed illegal acts),
immateriality is expressed in terms of “clearly inconsequential.” Matters that fall below
the threshold can be reported to levels of management below the board of directors and
audit committee. More important matters go to the director level, and management
involvement in frauds and illegal acts is never considered inconsequential.

Audit risk is a concept applied both to the probability of issuing an inappropriate opinion and to
the probability of failing to detect material errors and frauds in a particular disclosure or account
balance. Audit risk is a conceptual combination of the other risks: Audit Risk = Inherent Risk x
Internal Control Risk x Detection Risk.
“Audit risk in an overall sense” refers to the audit taken as a whole and the probability that the
auditors will issue an inappropriate opinion on financial statements. Generally, this is the risk of
giving the standard unqualified report when the financial statements contain material

misstatements or the report should be qualified or modified in some manner.
“Audit risk applied to individual account balances” refers to the probability that auditors will fail
to discover misstatement in a particular account balance at least equal to the tolerable
misstatement assigned to the audit of that balance. This version of audit risk is applied in concept
at the individual account balance level.

3.8

The three components of audit risk are:
Inherent risk--the probability that material errors or frauds have entered the data processing
system.
Internal control risk--the probability that the client’s system of internal control will fail to detect
material errors and frauds, provided any enter the accounting system in the first place.
Detection risk--the probability that audit procedures will fail to find material errors and frauds,
provided any have entered the system and have not been detected or corrected by the client’s
internal control system.

3-5


Chapter 03 - Management Fraud and Audit Risk

3.9

From the Audit Risk Alert
Some of the effects of bad economic times auditors should be alert to detect in clients’ financial
statements:
•
•
•

•
•
•

3.10

Asset valuations--recoverability and bases of accounting.
Inappropriate offsetting of assets and liabilities.
Changes in cost-deferral policies and the reasonableness of amortization periods.
Allowances for doubtful accounts, in general, and loan-loss allowances for financial
institutions, in particular.
Compliance with financial covenants and the necessity to obtain waivers from lending
institutions to meet current requirements.
Changes in sales practices or terms that may require a change in accounting.

The nature of audit procedures refers to their effectiveness in detecting errors and fraud.
Confirmation with third parties is more effective in detecting errors and fraud than verbal inquiry.
The timing of audit procedures refers to when they are performed, usually at (1) interim, or at (2)
year-end. However, timing may have other aspects such as surprise procedures (unannounced to
client personnel) or procedures performed after the year-end.
The extent of the application of procedures usually refers to the sample sizes of data examined,
such as the number of customer accounts receivable to confirm, or the number of inventory types
to count.

3.11

“Material information” in accounting and auditing is “information that should be disclosed if it is
likely to influence the economic decisions of financial statement users.
“Planning materiality” in an audit context is the largest amount of uncorrected dollar misstatement
that could exist in published financial statements, yet they would still fairly present the company’s

financial position and results of operations in conformity with GAAP.

3.12

“Vouching” relates to the examination of documents. Generally, items of financial information are
selected from an account, and auditors then go backward through the bookkeeping-filing system to
find the source documentation which supports the item selected.
“Tracing” essentially is the opposite direction compared to “vouching”. In the process of tracing,
auditors select sample items of basic source documents and proceeds forward through the
bookkeeping process to find the final recording of the accounting transactions.
“Scanning” refers to the auditors scrutinizing documentation for unusual items and events.

3.13

Auditors use eight general audit procedures to gather evidence: 1) inspection of records and
documents (vouching, tracing, scanning), 2) inspection of tangible assets, 3) observation, 4)
inquiry, 5) confirmation, 6) recalculation, 7) reperformance, and 8) analytical procedures. One or
more of these procedures may be used no matter what account balance, control procedure, class of
transactions, or other information is under audit.

3-6


Chapter 03 - Management Fraud and Audit Risk

3.14

Five types of general analytical procedures:
1.
2.

3.
4.
5.

Compare financial information with prior period(s).
Compare financial information with budgets or forecasts.
Study predictable financial information patterns based on the entity’s experience.
Compare financial information to industry statistics.
Study financial information relationships to nonfinancial information.

3.15

Yes, the Hylas and Ashton research brief in the chapter showed that auditors have credited
discovery of errors and frauds to analytical review procedures in 27.1% of the cases in a set of
audits.

3.16

Auditing standards do not require auditors to express planning materiality as a specific dollar
amount. An event or amount may be material by its significance, either quantitatively or
qualitatively.

3.17

An audit program is a list of the audit procedures the auditors need to perform to gather sufficient
appropriate evidence on which to base their opinion on the financial statements. Auditors indicate
when they have performed each procedure, and where the evidence is documented. Thus, audit
programs are used not only for quality control and supervision, but also as documentation that the
audit team is following generally accepted auditing standards.


3.18

An internal control program contains the specification of procedures for obtaining an
understanding of the client’s business and internal control and for assessing the inherent risk and
the control risk related to the financial account balances and classes of transactions. A substantive
audit program contains the specification of substantive procedures for gathering direct evidence on
management’s assertions (i.e., existence, occurrence, completeness, cutoff, rights and obligations,
valuation and allocation, accuracy, classification, and understandability) about amounts and
disclosures in the financial statements.

3-7


Chapter 03 - Management Fraud and Audit Risk

3.19

Four “cycles” and accounts in them:
Revenue and collection cycle
Acquisition and expenditure cycle
Production and conversion cycle
Financing and investment cycle
X
X
X
X
X
X

X


X

X
X
X
X
X
X

X

Inventory
Fixed assets
Accumulated depreciation
Accounts payable
Accrued expenses
General expense

X
X

Cost of goods sold
Depreciation expense

X

X

X

X
X
X
X
X
X
X
X

Cash
Accounts receivable
Allowance for doubtful accounts
Sales
Sales returns
Bad debt expense

Marketable securities
Bank loans
Long term notes
Accrued interest
Capital stock
Retained earnings
Dividends declared
Interest expense
Income tax expense

SOLUTIONS FOR MULTIPLE-CHOICE QUESTIONS
3.20

3.21


a.

Incorrect.

b.

Incorrect.

c.

Incorrect.

d.

Correct.

a.

Correct.

Inherent risk is one component of the risk of material misstatement (the
correct answer).
Control risk is one component of the risk of material misstatement (the
correct answer).
Detection risk is the likelihood that the auditors will not detect
misstatements that may have entered the accounting system and not
been detected or corrected by the client’s internal controls.
This is the definition of the risk of material misstatement.
The risk of material misstatement is composed of inherent risk and

control risk.

3-8


Chapter 03 - Management Fraud and Audit Risk

3.22

3.23

3.24

3.25

3.26

a.

Correct.

b.
c.

Incorrect.
Incorrect.

d.

Incorrect.


a.

Incorrect.

b.

Incorrect.

c.

Incorrect.

d.

Correct.

a.
b.
c.

Incorrect.
Incorrect.
Incorrect.

d.

Correct.

a.

b.

Incorrect.
Incorrect.

c.

Incorrect.

d.

Correct.

b.

Correct.

Management is responsible for making the estimates in the first place,
just as management is primarily responsible for all the financial
statement elements.
Auditors need to determine the reasonableness of estimates.
Auditors need to determine estimates are presented in conformity with
GAAP.
Auditors need to determine whether estimates are adequately disclosed
in the financial statements.
Independent auditors are supposed to understand the nature of errors
and frauds.
Independent auditors are supposed to assess the risk of occurrence of
errors and frauds.
Independent auditors are supposed to design audits to provide

reasonable assurance of detecting errors and frauds.
Independent auditors are not required to report all finding of errors and
frauds to police authorities.
This is the risk of giving an inappropriate opinion.
This is the risk of misstatements entering the accounting system.
This is the risk that the client’s internal control will not detect
misstatements that enter.
This is the risk that auditors will not detect misstatements.
The business situation creates inherent risk.
Business risk is the name for the collective risk faced by a company
that engages in business. It includes the probability that customers will
buy from competitors, that product lines will become obsolete, that
taxes will increase, that government contracts will be lost, or that
employees will go on strike.
Control risk is a function of management’s design and operation of its
internal controls.
Auditors are responsible for performing the evidence-gathering
procedures that manage and control detection risk.
DR = AR/ (IRxCR) = 0.05/0.50 = 0.10

3-9


Chapter 03 - Management Fraud and Audit Risk

3.27

a.

Incorrect.


b.

Correct.

c.

Incorrect.

d.

Incorrect.

3.28

a.
b.
c.
d.

Incorrect.
Incorrect.
Correct.
Incorrect.

These accounts are part of the acquisition cycle.
These accounts are part of the conversion cycles.
These accounts are part of the revenue cycle.
These accounts are part of the financing and investment cycle.


3.29

a.

Incorrect.

b.

Incorrect.

c.

Correct.

d.

Incorrect.

You won’t find an unrecorded item (completeness assertion) by looking
in the financial statement numbers.
Starting with the potentially unrecorded items is an audit for the
completeness assertion, not the existence assertion.
You can find evidence of existence of recorded amounts by selecting
from the recorded amounts (general ledger) and going back to the
supporting original transaction documents.
Selecting from the supporting original transaction documents and going
to the general ledger is an audit for the completeness assertion, not the
existence assertion.

a.


Incorrect

b.
c.
d.

Incorrect
Correct
Incorrect

a.

Incorrect.

b.

Incorrect.

c.
d.

Correct.
Incorrect.

This is a type of “overall response”, not a “specific procedural
response.”
Auditors ought to direct specific procedures toward the area where the
suspicion lies.
This is a specific procedural response mentioned in SAS 99.

This is an overall response, not a “specific procedural response.”

a.
b.
c.
d.

Correct.
Incorrect.
Incorrect.
Incorrect.

The objective is to perform a quality audit and keep audit risk low.
Control risk = 0 is generally not warranted.
Inherent risk = 0 is generally not warranted.
40% audit risk is too high.

3.30

3.31

3.32

An audit program does not specify audit standards. All the GAAS are
relevant in all audits.
An audit program contains specifications of procedures the auditors
believe appropriate for the financial statements under audit.
Documentation of the assertions under audit, the evidence obtained,
and the conclusions reached describe audit documentation, not audit
programs.

Reconciliation of the account balances in the financial statements with
the account balances in the client’s general ledger is one element of the
content of audit documentation, not audit programs.

While solving for DR works mathematically, you will find that IR (not
given in the problem) has to be greater than 100%, therefore the
solution is not possible. (Very tricky!)
If control risk rises, detection risk should decrease.
This solution is both mathematically and practically correct.
If control risk rises, detection risk should decrease.

3-10


Chapter 03 - Management Fraud and Audit Risk

3.33

a.

Incorrect.

b.

Incorrect.

c.

Correct.


d.

Incorrect.

Confirmation of accounts receivable are selected from recorded
amounts and thus give no chance for selection of unrecorded amounts;
responses do not produce evidence of probability of collection.
Confirmation yields some evidence of rights (ownership); responses do
not produce evidence of probability of collection.
Confirmations produce evidence of existence in debtors’ admission of
their debts as well as some evidence of rights (ownership);
Confirmations produce evidence about existence, but not completeness.

3.34

a.
b.
c.
d.

Incorrect.
Incorrect.
Incorrect.
Correct.

The accounting is credit sales, debit receivables, not inventory.
The accounting is credit sales, debit receivables, not cost of goods sold.
The accounting is credit sales, debit receivables, not bad debt expense.
The accounting is (fictitious) credit sales, debit (fictitious) receivables.


3.35

a.

Incorrect.

b.

Correct.

c.

Incorrect.

d.

Incorrect.

Falsification of documents is characteristic, but management fraud does
not involve stealing money from an employer.
Management fraud is victimization of investors through the use of
materially misleading financial statements.
Management fraud principally involves misleading financial statements
which might or might not involve illegal acts committed by
management to evade laws and regulations.
Conversion of stolen inventory to cash deposited in a falsified bank
account describes an employee fraud.

a.


Incorrect.

b.

Correct.

c.

Incorrect.

d.

Incorrect.

3.37

a.
b.
c.
d.

Incorrect
Incorrect
Incorrect
Correct.

Materiality may be qualitative rather than quantitative.
Materiality may be quantitative rather than qualitative.
AICPA guidelines are silent as to materiality judgments.
Materiality is a matter of professional judgment.


3.38

a.

Incorrect.

b.

Incorrect.

c.

Incorrect.

d.

Correct.

The audit team would be concerned if key factors are not consistent
with prior periods.
The audit team would be concerned if key assumptions are not similar
to industry guidelines.
The audit team would be least concerned about measurements that are
objective and not susceptible to bias
Evidence of a systematic bias, whether aggressive or conservative
would be of most concern to the audit team.

3.36


Reporting clearly inconsequential illegal acts to the board of directors
is not required.
Once informed, the board of directors has the first responsibility to
report to the SEC. If the board does not report these items to the SEC,
the law then requires the auditors to do so..
Auditors are not required to report clearly inconsequential illegal acts
to the board. (Reporting to management, however, is appropriate.)
Audit firm resignation is not required. However, if the audit firm
withdraws and the board does not report the item to the SEC, the law
requires the auditors to report to the SEC, just as though there had been
no resignation.

3-11


Chapter 03 - Management Fraud and Audit Risk

3.39

a.

Incorrect.

b.

Correct.

c.

Incorrect.


d.

Incorrect.

3.40

c.

Correct.

An audit committee is composed of members of a company’s board of
directors who are not involved in the day-to-day operations of the
company.

3.41

a.

Incorrect.

b.

Correct.

c.

Incorrect.

d.


Incorrect.

While the audit team may recommend remedial actions to the audit
committee, the audit team’s first concern is the effect of the illegal act
on the financial statements.
The audit team’s first concern is the effect of the illegal act on the
financial statements.
While the audit team may consider whether to contact law enforcement
officials, the audit team’s first concern is the effect of the illegal act on
the financial statements.
While the audit team should determine whether other similar acts may
have occurred, the audit team’s first concern is the effect of the illegal
act on the financial statements.

a.

Incorrect.

b.

Incorrect.

c.

Correct.

d.

Incorrect.


3.42

Extended procedures would be used if supporting documents are not
produced when requested.
If the client made several large adjustments at year-end (a red flag),
extended procedures would be considered necessary to ensure that
fraud was not taking place.
Unless the previous CFO left the company under suspicious
circumstances, extended procedures would probably not be considered
necessary.
Due to the immateriality of petty cash funds, the audit team would
probably not use extended procedures under these circumstances.

The responsibility for detecting direct-effect illegal acts exactly
parallels the responsibility for errors and fraud.
The audit team must design their tests to detect all material illegal acts
that directly affect the financial statements.
The audit team must design their tests to obtain reasonable assurance
that all illegal acts with direct material statement effects are detected.
The audit team must design their tests to detect all material illegal acts
that directly affect the financial statements.

SOLUTIONS FOR EXERCISES, PROBLEMS AND SIMULATIONS
3.43

Risk of Misstatement in Various Accounts
a.

Inventory understatements may occur from counting and pricing errors.

Fixed asset understatements may result from failure to capitalize costs (expensing them
instead) or from erroneous depreciation calculations.
Liability understatement and expense understatement appear to be quite common, as
these misstatements result in improved perceptions of financial condition and
profitability.

b.

Asset understatements can result from accounting errors, misapplication of accounting
principles, and measurement errors (such as undercounting the inventory). A company
might be motivated by tax evasion to understated assets and income.

3-12


Chapter 03 - Management Fraud and Audit Risk

c.

Estimated liabilities might be measured large for conservatism. The company might over
accrue expenses in order to reduce taxable income. A fraud might be imbedded in false
payables to false vendors.

d.

The data indicate that income overstatement occurs most frequently. Apparently the cause
is usually understatement of expenses (e.g. accrued expenses) or overstatement of
revenues.

3-13



Chapter 03 - Management Fraud and Audit Risk
3.44

General Audit Procedures and Financial Statement Assertions

Audit Procedures
1a. Inspection of records
or documents (vouching)
1b. Inspection of records
or documents (tracing)
1c. Inspection of records
or documents (scanning)

PCAOB Assertions
Existence or Occurrence

2. Inspection of tangible
assets
3. Observation

Existence or occurrence, Valuation.

4. Confirmation

Existence or occurrence,
Rights (Ownership)
Valuation (sometimes)
Completeness (sometimes).


Completeness
Raises questions that may be relevant to all
assertions, but may not produce actual
“evidence.” Since it is performed on recorded
amounts, it works best for Existence or
occurrence, Valuation and allocation, Rights and
obligations, and Presentation and disclosure.
When applied to source documents, it might
work for the completeness assertion.

Existence or occurrence, Valuation.

5. Inquiry

All assertions; however, responses typically
yield more assertions, in turn subject to audit
with corroborating evidence.

6. Recalculation

Existence, Valuation.

7. Reperformance
8. Analytical procedures

Valuation
Existence or occurrence
Valuation
Completeness


ASB Assertions
Existence,
Occurrence
Completeness
Existence
Occurrence
Valuation and
allocation
Rights and
obligations
Completeness
Accuracy
Classification
Existence,
Valuation.
Existence,
Valuation.
Existence
Rights (Ownership)
Completeness
(sometimes).
All assertions;
however, responses
typically yield more
assertions, in turn
subject to audit
with corroborating
evidence.
Existence,

Valuation.
Valuation
Existence
Occurrence
Completeness

3-14


Chapter 03 - Management Fraud and Audit Risk
3.45

Errors and Frauds
Students can probably think of many examples for each of the cases. This solution does not
purport to be exhaustive.
a.

Overstate an asset, understate another asset
Hold cash receipts journal open past the year end (cutoff date) and record additional cash
receipts occurring after year end, reducing accounts receivable.

b.

Overstate an asset, overstate stockholder equity
Record appraised value of property, plant, and equipment, with a corresponding credit to
a capital account.

c.

Overstate an asset, overstate revenue

(1) Hold the sales journal open past the year end (cutoff date) and record too much sales
revenue and cash or accounts receivable. (2) Record fictitious sales and accounts
receivable.

d.

Overstate an asset, understate an expense
(1) Capitalize maintenance expense, making the asset amount higher than warranted and
the expense amount lower. Subsequent depreciation would reverse this misstatement, but
the first effect would be to overstate the asset and understate the expense. (2) Record an
expenditure as a prepaid expense instead of a current expense.

e.

Overstate a liability, overstate an expense
Accrue too much liability for expenses not yet paid, such as wages, rent, interest, product
warranties, etc.

f.

Understate an asset, overstate an expense
(1) Calculate too much depreciation expense on assets. (2) Classify expenditures as
current expenses when they should be classified as prepaid expenses.

g.

Understate a liability, understate an expense
Fail to accrue liabilities for expenses not yet paid, such as wages, rent, interest, product
warranties, etc.


3-15


Chapter 03 - Management Fraud and Audit Risk
3.46

Audit Simulation: Analysis of Accounting Estimates
The company has fudged the write-offs toward being as small as possible, hoping to satisfy the
auditors. Taken one at a time, only the uncertainty about the deferred subscription costs is large
enough to break the materiality threshold. But the set of problems cannot be taken one at a time.
Here is a suggested low-high audit estimate:
Low Estimate

High Estimate

Write-off deferred subscription costs (1)
Provide allowance for bad debts (2)
Provide for expected warranty expense (3)
Lower of cost or market inventory write-down (4)
Loss on government contract refund (5)

$ 6,000,000
$ 4,000,000
$ 2,000,000
$ 5,600,000
$ 1,000,000

$12,000,000
$ 4,000,000
$ 6,000,000

$ 5,600,000
$ 2,000,000

Total write-offs and losses

$18,600,000

$29,600,000

(1)

The low estimate gives benefit of doubt to survival of the business, writing off half the
deferred costs as if one-half might be written off over the next two years. The company
seems to have taken the 50% probability ($6 million) and allocated half to each of the
two years.

(2)

The company seems ready to provide the allowance for all the doubtful accounts
receivable.

(3)

Not much information for the audit team (such as a probability distribution).

(4)

It looks like the company plans to rebuild the inventory and recover as much as it can,
namely the $4,400,000 that can be realized from selling the rebuilt parts, but the lower of
cost or market was figured incorrectly. The company seems to have subtracted the selling

price ($8 million) from the inventory cost ($10 million) to get the $2 million write-down.
The correct calculation is:
Net Realizable Value:
Selling price proceeds
Cost to rebuild
Cost to market and ship (20% x $8 million)
Ceiling (net realizable value)
Floor, Subtract “normal profit” (5% x $8 million)
Floor

$ 8,000,000
( 2,000,000)
( 1,600,000)
$ 4,400,000
( 400,000)
$ 4,000,000

Replacement cost is apparently $6 million for the modern part, so the “market” for lower
of cost or market is NRV = $4,400,000, and the inventory write-down is $10,000,000 $4,400,000 = $5,600,000. Sale of the rebuilt parts will produce zero profit in subsequent
period(s):
Selling price
Cost of Goods Sold:
Inventory sold (written-down cost)
Rebuilding cost
Cost to market and ship
Profit

3-16

$ 8,000,000

4,400,000
2,000,000

(6,400,000)
(1,600,000)
-0-


Chapter 03 - Management Fraud and Audit Risk

(5)

3.46

For a contingency such as this government contract dispute, GAAP suggests recognizing
loss at the lower end of a range for loss, so a $1 million loss provision would satisfy
GAAP.

Audit Simulation: Analysis of Accounting Estimates (Continued)
Recommended Adjustment:
Management’s suggestion of $11,000,000 cost/loss recognition is not sufficient. It “leaves”
$7,600,000 income overstatement, even using the auditors’ low estimate of $18,600,000. Even
booking the low estimate “leaves” $10,000,000 unrecognized (including the government contract
contingency at $1 million instead of $2 million). The minimum adjustment, given the limited
information available in this problem, is below. Adequate disclosures should be made about the
$6 million deferred subscription costs remaining and the prospects for the business, and about the
warranty expense estimate, since these are the items that leave uncertain assets and liabilities in
the financial statements.
Subscription expense
Bad debt expense

Warranty expense
Cost of goods sold
Government contract loss
Deferred subscription costs
Allowance for doubtful accounts
Estimated warranty liability
Inventory
Estimated liability on contract

3-17

Debit
$ 6,000,000
$ 4,000,000
$ 2,000,000
$ 5,600,000
$ 1,000,000

Credit

$ 6,000,000
$ 4,000,000
$ 2,000,000
$ 5,600,000
$ 1,000,000


Chapter 03 - Management Fraud and Audit Risk
3.47


Audit Risk Model
Evaluation of risk assessment conclusions with AR = IR x CR x DR as a model.
1.

Paul is not justified in acting upon a belief that IR = 0. He may have seen no adjustments
proposed because (1) none were material or (2) Tordik’s control system has functioned
well in the past and prevented/detected/corrected material errors. If IR = 0, then AR = 0
and no further audit work need be done. Conservative auditing standards and practice do
not permit this level of (non)work based on this little evidence and knowledge.

2.

Hill is not justified in acting upon a belief that CR = 0. She may well know that
Edward’s internal accounting control is exceptionally good, but (1) her review did not
cover the last month of Edward’s fiscal year and (2) control procedures are always
subject to lapses. If CR = 0, then AR = 0 and no further audit work need be done.
Conservative audit practice does not permit assessment of control risk at 0% to the
exclusion of other audit procedures.

1.

Insofar as audit effectiveness is concerned, Fields’ decision is within the spirit of audit
standards. Even if IR = 1 and CR = 1, if DR = 0.02, the AR = 0.02. This audit risk (AR)
seems quite small. However, Fields’ decision may result in an inefficient audit.

4.

This case was deliberately left ambiguous, without quantifying the audit risks. Students
will need to experiment with the model. One approach is to compare the current audit to
a hypothetical last year’s audit when “everything was operating smoothly.” Assume:

Last Year:
Current Year:

AR = IR (0.50) + CR (0.20) x DR (0.20) = 0.02
AR = IR (1.0) + CR (1.0) x DR (0.25) = 0.25

Features of the hypothetical comparison:
1.
Inherent risk is greater than last year.
2.
Control risk is greater than last year.
3.
The audit was less extensive, possibly resulting in greater detection
risk.
4.
Audit risk appears to be very high.
An alternative analysis is that Shad perceived higher inherent and control risk early, and
he did not put any audit time into trying to assess the risks at less than 100%. He
proceeded directly to performance of extensive substantive procedures and worked a
lesser total number of hours, yet still performed a high-quality audit by keeping AR low
by keeping DR low.

3-18


Chapter 03 - Management Fraud and Audit Risk

3.48

Audit Procedures

Types of procedures used by auditors in general, with examples:
1a.

Document Inspection (Vouching)
• find brokers’ invoices and cancelled checks showing agreement with record amounts
for securities investments.

1b.

Document Inspection (Tracing)
• select a sample of shipping documents and trace them to sales invoices, sales journal
recording and posting to general ledger

1c.

Document Inspection (Scanning)
• scan expense accounts for credit entries
• scan payroll check lists for unusually large checks

2.

Inspection of tangible assets
• verify existence of fixed assets by locating them.

3.

Observation
• observation, test-counting of client’s physical inventory-taking

4.


Confirmation
• obtaining accounts receivable confirmations
• obtaining client’s lawyer’s letter

5.

Inquiry and written representations
• ask client personnel about accounting events
• complete an internal control questionnaire
• obtain written client representation letter

6.

Recalculation
• recompute the client’s calculation of depreciation expense

7.

Reperformance
• analyze valuation of receivables by re-aging them by due date.

8.

Analytical procedures--any example that fits one of these:
• compare financial information with prior periods
• compare financial information with budgets and forecasts
• study predictable financial information patterns (e.g., ratio analysis)
• compare financial information to industry statistics
• study financial information in relation to nonfinancial information


3-19


Chapter 03 - Management Fraud and Audit Risk
3.49

Confirmation Procedure
a.

An audit confirmation is a written statement to the CPA from someone external to the client
on a fact which that person is qualified to affirm.

b.

The two main characteristics a confirmation should possess are:
1. The party supplying the information requested must be knowledgeable and independent,
i.e., must have knowledge of information of interest to the auditors and must be outside
the scope of influence of the organization being audited, and
2. The auditors must obtain the information directly from the informed party.

3.50

Auditing an Accounting Estimate
The audit problem is to develop a range of valuation of the inventory in order to evaluate
management’s estimate.
Low

High


Selling price
Advertising and shipping expenses

$ 78,000
7,000

$ 92,000
5,000

Auditors’ estimate of the range
for the inventory valuation

$ 71,000

$ 87,000

a.

Yes, an adjustment can be proposed.
Loss (or Cost of Goods Sold)
Inventory

$ 12,000
$12,000

Write down the inventory to the nearest end of the auditors’ range ($99,000 client
valuation minus the “high” end of the auditors’ valuation).
b.

3.51


No adjustment is necessary. The management estimate of $80,000 is within the auditors’
range estimate.

Risk Assessment
Refer to the question for the items 1-15. Discussion can range across many reasons.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.

Decrease overall audit risk
Increase
Increase
Increase
Decrease
No effect
Decrease
Increase
Increase
Decrease

11.
12.

13.
14.
15.

3-20

Increase
Increase
No effect
Increase
Increase


Chapter 03 - Management Fraud and Audit Risk

3.52

Potential Audit Procedure Failures
This is a very open-ended discussion topic. Students’ responses could be quite varied depending
upon their experience and imagination. The best classroom strategy is to start with one of the
procedures, then list the students’ suggestions on the chalkboard. The discussion can become very
lively!

3.53

SAS 99 Review
Management fraud is deliberate fraud committed by management that injures investors and
creditors through materially misleading financial statements. The class of perpetrators is
management; the class of victims is investors and creditors; and the instrument of
perpetration is financial statements. Sometimes management fraud is called “fraudulent

financial reporting,’’ which was defined by the National Commission on Fraudulent
Financial Reporting (1987) as “intentional or reckless conduct, whether by act or
omission, that results in materially misleading financial statements.”
Defalcation is another name for employee fraud, embezzlement, and larceny. Employee
fraud is the use of fraudulent means to take money or other property from an employer .
It usually involves falsifications of some kind--false documents, lying, exceeding
authority, or violating an employer’s policies. Embezzlement is a type of fraud
involving employees’ or nonemployees’ wrongfully taking money or property entrusted
to their care, custody, and control, often accompanied by false accounting entries and
other forms of lying and cover-up. Larceny is simple theft--for example, an employee
taking an employer’s money or property that has not been entrusted to the custody of the
employee.
b.

Under GAAS, auditors are responsible for assessing the risk of material misstatements
due to management fraud and due to misappropriation of assets (employee fraud);
consider this assessment when designing procedural responses (overall response and
specific procedural response); ask management abut its understanding of fraud risk in the
company; pay attention to fraud risk factors; document the risk assessment and
management knowledge in the audit documentation; determine whether the company has
specific control to mitigate fraud risks; consider the effectiveness of the company’s
prevention, detection, and deterrence programs; perform procedures to provide a
reasonable assurance of detecting material misstatements due to fraud.

c.

Characteristics of management fraud important for consideration: materiality of the effect
on financial statements, the level of management involved, the extent and skillfulness of
concealment, the relationship to control activities, the specific accounts affected.


3-21


Chapter 03 - Management Fraud and Audit Risk
3.53

SAS 99 Review (Continued)
d.

Concern-heightening factors:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•

Management decisions are dominated by an individual or small group.

Managers’ accounting attitudes are unduly aggressive.
Managers place much emphasis on meeting earnings projections.
Management’s business reputation is poor.
Management has engaged in opinion shopping.
Managers are evasive responding to auditors= inquiries.
Managers engage in frequent disputes with auditors.
Managers display significant disrespect for regulatory bodies.
Company has a weak internal control environment.
Company accounting personnel are lax or inexperienced in their duties.
Company employs inexperienced managers.
Company is in a period of rapid growth.
Company profit lags the industry.
Company has going concern problems (near bankruptcy).
Company is decentralized without adequate monitoring.
Company has many difficult accounting measurement and presentation issues.
The company may be offered for sale.
The company makes acquisitions using its stock.

These next “red flags” have more to do with employee frauds (misappropriations of
assets) than management fraud, but auditors are supposed to know about them:
•
•
•
•
•
•
•
•
•
•

•
•
•
•
•
•
•
•
•
•
•
•
•
•

Missing documents.
Second endorsements on checks.
Unusual endorsements.
Unexplained adjustments to inventory balances.
Unexplained adjustments to accounts receivable.
Old items in bank reconciliations.
Old outstanding checks.
Customer complaints.
Unusual patterns in deposits in transit.
Cash shortages and overages.
Excessive voids and credit memos.
Customer complaints.
Common names or addresses for refunds.
Adjustments to receivables and payables.
General ledger does not balance.

Increased past due receivables.
Inventory shortages.
Increased scrap.
Alterations on documents.
Duplicate payments.
Employees cannot be found.
Second endorsements on checks.
Documents photocopied.
Dormant accounts become active.

3-22


Chapter 03 - Management Fraud and Audit Risk
3.53

SAS 99 Review (Continued)
e.

3.54

Disclosure might be required:
(1)

To comply with legal and regulatory requirements (including reporting a change
of auditors on SEC Form 8-K, reporting control matters and disagreements
according to Item 304 of SEC Regulation S-K).

(2)


To report to the SEC under the requirements of the Private Securities Litigation
Reform Act (when illegal acts material to the financial statements are not
reported to the SEC by the company’s board of directors).

(3)

To respond to successor auditors’ inquiries (SAS 84).

(4)

To respond to a subpoena.

(5)

To communicate with a funding or other agency when required in audits of
entities that receive governmental financial assistance.

Internet Exercise: Audit Programs on the Internet
This is an open-ended question. Students’ responses could be quite varied depending upon their
interests.

3.55

Kaplan CPA Exam Simulation: Inherent Risk
To:

The President of the Ferreira Company

From:


Partner, Riley & Associates CPAs

As one step in performing an audit to provide reasonable assurance that financial statements are
presented fairly in conformity with United States generally accepted accounting principles, the
CPA must make an assessment of the inherent risk that exists within the reporting entity. Inherent
risk is the possibility that a material misstatement will occur within the reporting entity’s
accounting system. Auditors normally assess inherent risk early in the audit process. If inherent
risk is judged to be especially high, the audit team will frequently have to compensate by
decreasing detection risk (the possibility that a material misstatement will not be caught by the
external auditors’ testing) to a level lower than anticipated so that overall audit risk is reduced to
an acceptably low level. Detection is reduced by carrying out additional substantive testing or by
performing substantive testing that renders a higher quality of audit evidence.
Inherent risk is assessed by steps such as (a) performing analytical procedures, (b) looking at
problems found in prior audits, (c) analyzing the number of accounts that require significant
estimations to be made, (d) studying the quality of the accounting systems used by the company,
(e) evaluating the experience, training, and competency of the individuals working with the
accounting systems, and (f) analyzing the risk associated with accounts having particularly high
balances or number of transactions.

3-23


Chapter 03 - Management Fraud and Audit Risk

3.56

Kaplan CPA Exam Simulation: SAS 99 Fraud Guidelines
The audit team should conduct the audit
with professional skepticism which
includes an attitude that assumes

balances are incorrect until verified by
the audit team by gathering evidence.

F

Due professional care requires the audit team to exercise
professional skepticism. Professional skepticism is an attitude that
includes a questioning mind and a critical assessment of audit
evidence. Standards go on to state that auditors should neither
assume that management is dishonest nor assume unquestioned
honesty.

The fact that a company needs to obtain
additional debt or equity financing to
stay competitive may be a fraud risk
factor.

T

The following fraud risk factors are associated specifically with
fraudulent financial reporting: Excessive pressure exists for
management to meet the requirements or expectations of third
parties due to the following: a) Profitability expectations of
investment analysts, investors, or significant creditors. b)
Company needs to obtain additional debt or equity financing to
stay competitive. c) Company has marginal ability to meet debt
repayment or other debt covenant requirements.

Professional skepticism should be
exercised throughout the audit process.


T

Since evidence is gathered and evaluated throughout the audit,
professional skepticism should be exercised throughout the audit
process.

The three components of the fraud
triangle are incentive, opportunity and
fraud risk factors. (Note: The fraud
triangle is discussed in Chapter 6).

F

The three components of the fraud triangle are incentive,
opportunity and rationalization.

If fraud is detected and misstatement
does exist, an audit team assesses if it is
material. If it is not material, the audit
team tells management and has no other
responsibility.

T

If fraud is detected and it is deemed to be immaterial, an audit
team need only inform members of management at least one level
above those involved.

If a material problem is resolved, it is not

necessary for the audit team to inform
the audit committee.

F

Even if a material problem is resolved, the audit committee of the
board of directors must be informed because the issue had a
significant impact on the financial reporting of the company.

When performing a financial statement
audit, auditors are required to explicitly
assess the risk of material misstatement
due to fraud.

T

AU 312 and AU 316 both required that auditors specifically
assess the risk of material misstatements due to fraud and
consider that assessment in designing the audit procedures to be
performed.

3-24


Chapter 03 - Management Fraud and Audit Risk
3.57

Kaplan CPA Exam Simulation: Financial Statement Assurance
What assurance does the audit team provide
that misstatements due to errors that are

material to the financial statements will be
detected?

Reasonable

AU 110 and AU316 requires the audit team
to design the audit to provide reasonable
assurance that material misstatements,
whether caused by error or fraud, be
detected.

What assurance does the audit team provide
that misstatements that are material to the
financial statements due to fraudulent
financial reporting will be detected?

Reasonable

AU 110 and AU316 requires the audit team
to design the audit to provide reasonable
assurance that material misstatements,
whether caused by error or fraud, be
detected. Fraudulent financial reporting is
one of the major types of fraud.

What assurance does the audit team provide
that misstatements due to direct-effect illegal
acts that are material to the financial
statements will be detected?


Reasonable

AU 110 requires the audit team to design the
audit to provide reasonable assurance of
detecting material errors, fraud and directeffect illegal acts. A direct-effect illegal act
is one that would have an effect on the
determination of financial statement
amounts.

What assurance does the audit team provide
that misstatements that are material to the
financial statements due to misappropriation
of assets will be detected?

Reasonable

AU 110 and AU316 requires the audit team
to design the audit to provide reasonable
assurance that material misstatements,
whether caused by error or fraud, be
detected. Misappropriation is one of the
major types of fraud.

3-25