Fraud Discussions Among Audit Teams – Part 2 of 2

Fraud Discussions Among Audit Teams – Part 2 of 2

Continuing from last week’s blog we are looking at the guidance issued in ISA 240 ‘The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements’

I

Continuing the items to be documented by the audit engagement team in their discussion of how fraud might be perpetrated in the audit client. That discussion needs to be structured around these headline items (continued from last week):

  • Whether there are economic, industry and operating conditions that give rise to fraud risk factors for particular classes of transactions, account balances and disclosures. (Examples of economic, industry and operating conditions that may give rise to fraud risk factors are included in the examples of incentives/pressures and opportunities in Appendix 1.)
  • A consideration of any material frauds of which team members have experience in companies in the same industry and whether there are similar risks – see our blog of 3 October about the Protected Disclosures
  • A consideration of management’s involvement in overseeing employees with access to cash or other assets susceptible to misappropriation.
  • A consideration of any unusual or unexplained changes in behavior or lifestyle of management or employees which have come to the attention of the engagement
  • An emphasis on the importance of maintaining a proper state of mind throughout the audit regarding the potential for material misstatement due to fraud.
  • A consideration of the types of circumstances that, if encountered, might indicate the possibility of fraud.
  • A consideration of how an element of unpredictability will be incorporated into the nature, timing and extent of the audit procedures to be performed.
  • A consideration of the audit procedures that might be selected to respond to the susceptibility of the entity’s financial statement to material misstatement due to fraud and whether certain types of audit procedures are more effective than
  • A consideration of any allegations of fraud that have come to the auditor’s
  • A consideration of the risk of management override of controls.
  • A consideration of the extent of segregation of duties and whether and how that may be overridden.
  • A consideration of how those charged with governance and management promote a culture of honesty and integrity; what policies they have to facilitate and encourage reporting of wrongdoing (see the Protected Disclosures regime mentioned above); and how they respond to any such reports.
  • A consideration of audit team experience, or other knowledge, of the competencies and attitudes of employees in areas where there are risks of material misstatement.
  • Circumstances where it may be beneficial to have further discussion(s) among the engagement team at later stages in the audit may include, for example, when the auditor’s evaluation of audit evidence has provided further insight about the risks of material misstatement due to fraud (see more in ISA 240 paragraph A50) or members of the audit team have identified:
  • Fraud risk factors that were not covered in the original discussion.
  • Actual or suspected fraud.

Further guidance on these topics is given in Application paragraphs A12 and A12-1 in the standard.

IT Controls Assessment

Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying and Assessing the Risks of Material Misstatement for accounting periods commencing 15 December 2021, which in practical terms means, accounting periods Ended 31 December 2022 and later.

Auditors dealing with the audits of entities with such accounting periods affected by these change will need, to adopt new audit programmes and, in additional to the normal audit tests, to also assess the entity’s IT controls (no matter what the size of that entity).

This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.

For an easy to implement additional (two page) IT Controls Questionnaire to help document the above process, please click on this link to download immediately for only €60 + VAT.

Please also go to our website to see our:

  • Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
  • ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.

Fraud Discussions Among Audit Teams – Part 1 of 2

Fraud Discussions Among Audit Teams – Part 1 of 2

The ‘fraud triangle’ (shown below) is a well-known tool for enabling discussions among audit teams about the possible ‘climatic’ factors that may be present in an audit client. Where all three coincide, fraud is much more likely to be present.

ISA 240 ‘The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements’ was re-issued in October 2022 with additional requirements (among other topics) to do with the audit engagement team discussion.

For the purposes of this blog (Part 1 of a 2 part series) we are focusing on the main areas of the audit team discussion.

‘The discussion shall include an exchange of ideas among engagement team members about fraud risk factors, including:

  • incentives for management or others within the entity to commit fraud;
  • how management could perpetrate and conceal fraudulent financial reporting; and
  • how assets of the entity could be misappropriated (ISA 240.16.1)

For a group audit, the discussion among the group engagement team shall include matters to discuss with the component auditor of a significant component about the susceptibility of the component to material misstatement of the financial information of that component due to fraud. (ISA 240.16.2)

If allegations of fraud come to the auditor’s attention, the discussion shall include how to investigate and respond to those allegations. (ISA 240.16.3) see last week’s blog on the expanded Protected Disclosures  regime now in force in Ireland and which will have implications for auditors of the affected entities.

The standard allows for the initial engagement team discussion to be later revisited and revised, where necessary, when ‘fraud risk factors that have been identified during the course of the audit and the implications for the audit’ considered (ISA 240.16.4)

Basically the audit engagement team is expected to document a discussion of how fraud might be perpetrated in the audit client. That discussion needs to be structured around the headline items shown below:

The guidance focuses on:

  • incentives to manage earnings or key performance indicators derived from the financial statements in order to deceive financial statement users by influencing their perceptions as to the entity’s performance and profitability;
  • A consideration of circumstances that might be indicative of earnings management and the practices that might be followed by management to manage earnings that could lead to fraudulent financial reporting.
  • A consideration of the risk that management may attempt to present disclosures in a manner that may obscure a proper understanding of the matters disclosed (for example, by including too much immaterial information or by using unclear or ambiguous language).
  • A consideration of the known external/internal factors affecting the entity that may create an incentive or pressure for management or others to commit fraud, provide the opportunity for fraud to be perpetrated, and indicate a culture or environment that enables management or others to rationalize committing

Further guidance on these topics is given in Application paragraphs A12 and A12-1 in the standard. We will say more about this topic next week.

IT Controls Assessment

Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying And Assessing The Risks Of Material Misstatement for accounting periods commencing 15 December 2021, which in practical terms means, accounting periods Ended 31 December 2022 and later.

Auditors dealing with the audits of entities with such accounting periods affected by these change will need, to adopt new audit programmes and, in additional to the normal audit tests, to also assess the entity’s IT controls (no ,matter what the size of that entity).

This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.

For an easy to implement additional (two page) IT Controls Questionnaire  to help document the above process, please click on this link to download immediately for only €60 + VAT.

Please go to our website to see our:

  • letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
  • ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.

How Tesla Prevents Corruption

How Tesla Prevents Corruption

Recently while researching material for one of my anti-money laundering (AML) training courses, I came across the 5 page anti-corruption policy of Tesla, the electric car company. It states in bold print…. ‘Boiled down to its essence, our policy is: Don’t offer any bribe to anybody, anytime, for any reason.’

Tesla’s brief and to the point anti-bribery policy explains, “Involvement in bribery or corruption can result in lasting damage to our brand and our reputation. It can also result in multi-million-dollar fines and penalties, plus jail time for participants.”

The message is loud and clear. If any business wants to remain respectable and maintain its reputation it needs to communicate this to its employees and associated third parties. It’s much more effective than merely saying… “we don’t do corruption because I said so”.

Money laundering is often stage two of a crime or series of crimes that have already occurred e.g., the bribe has been given/accepted and now needs to be ‘concealed’ – ‘concealment’ being a key feature in AML cases.

Other reasons why money laundering, bribery and corruption are bad ideas include:

  1. Bribe takers/payers become hostages to fortune – they are always at risk of being pressured into taking/making more bribes. Once is never enough.
  2. Often, bribes are paid through intermediaries who can become blackmailers.
  3. Bribes will usually lead to the accounting records of the entity being falsely prepared to help hide the original illegal act, leading to a wider range of offences including indictable offence reporting to the ODCE where an audit client is involved. They go into the books as something else — consultancy fees, motor expenses, transport costs, commissions etc.
  4. Bribery leads to greed. Demands for bribes can be very “fluid.” Once the payer reveals a weakness in being open to giving a bribe, the bribe taker’s appetite for more becomes unquenchable.
  5. The risk of fraud is multiplied. Where intermediaries are involved, they may say the bribe is for €5,000, but how can the bribe payer know for sure?
  6. Bribery often triggers other criminal activity which ensnares those involved. People often fall into the intellectual trap that says “I deserve this, it’s so small, it’s just this time”
  7. While bribes can help a company enjoy short-lived success, in the end it leads to misery.

See the World Misery Index produced by Johns Hopkins University Professor Steve Hanke. The index assumes that higher unemployment and worsening inflation create economic and social costs for a country leading to more crime. The index is built using the sum of the country’s interest, inflation, and unemployment rates, minus the year-on-year percentage change in per-capita GDP growth.

In the latest version of this index from 2020, with 156 countries included, Venezuela comes out as the most miserable country in the world and Ireland at 135th, is much less miserable than the US (109) and the UK (87).

For more blogs please visit this link and for our publications and manuals and services click here.

Don’t Be a Money Mule

Don’t Be a Money Mule

The term money mule refers to the transfer of illegally obtained funds between bank accounts on behalf of others. According to a recent report by FraudSMART in the first 6 months of 2021 alone, over 700 ‘money mule’ transactions totalling €5 million moved through several bank accounts.

The majority of these cases involved accounts belonging to 18–24 year olds who are assisting in committing money laundering, which carries a maximum 14 year prison sentence. The Garda have appealed to young people and their parents to be aware of the serious and long reaching consequences of money muling.

The FraudSMART report details what to look out for in potential money muling recruitment scams with social media being the main platform for recruiting young people who are being targeted more than ever. Unsolicited texts or emails with the promise of “easy money” are commonplace and the Garda and FraudSMART are appealing to people to familiarise themselves with the red flags to look out for.

FraudSMART is the fraud awareness initiative led by the Banking & Payments Federation Ireland (BPFI) and is supported by An Garda Síochana Crime Bureau who have more details on money muling on their website here.

For more blogs please visit this link and for our publications and manuals and services click here.

Challenges for Auditors During the Pandemic – Part 3

Challenges for Auditors During the Pandemic – Part 3

This is our third and final blog about the results of audit monitoring inspections during the Pandemic.

In Part 2 last week, we looked at going concern (ISA 570), subsequent events (ISA 560) and the lack of financial statement disclosures regarding COVID.

In Part 1 two weeks ago, we looked at stock attendance (ISA 501), fraud (ISA 240) and accounting systems and controls (ISA 315).

Other matters that we have seen on cold file reviews and on recent audit monitoring visits include:

Walk-through testing

Walk through tests that appear on audit files often start from within the client’s accounting system which is the wrong place to start. For walk through tests to be fully effective, they need to commence outside the main system i.e., at the authorisation stage for purchases, at the customer order stage for sales, using clock cards, timesheets and/or employment contracts for wages etc.

Ethical Standards for Auditors

The new IAASA Ethical Standards for Auditors (Ireland) 2020 are effective from 15 July 2021.

Sometimes auditors do not appreciate the implications of certain ethical standards which require appropriate safeguards to mitigate the threats posed. The most common threats we see are Long Association with Audit Engagements (audit partner in place for 10+years) and Provision of Non-Audit Services (especially for the provision of accounting, tax and company secretarial services).  Firms are reminded to review the Ethical Standards (Sections 3 and 5 respectively) to ensure they have dealt appropriately with the threats and identified/implemented relevant safeguards. Quite often the only practical safeguard for sole practitioners with a long association problem is to arrange for an annual hot issue or a hot file review (also known as an Engagement Quality Control Review (EQC Review) in year 11 onwards. The implementation of safeguards needs to be properly documented.

It may be possible to apply Provisions Available for Audits of Small Entities (Section 6 PAASE) to deal with threats arising from economic dependence or where tax or accounting services are provided to certain ‘small’ entities, as defined in Section 6.  Where PAASE is applied, two matters arise:

  1. the auditors’ report must disclose this fact and
  2. either the financial statements notes or the auditors’ report must include the relevant disclosures specified in ES PAASE para 6.15(b).

Small Companies Exemption Incorrectly Claimed – Schedule 5 Companies Act 2014

A reminder that entities listed in Schedule 5, Companies Act 2014 are deemed ‘large’ and often include entities regulated by the Central Bank of Ireland (e.g., ‘insurance intermediaries’).  Please note that such entities cannot:

  • Use FRS 102 Section 1A (which is only for certain ‘small’ entities;
  • Use the Provisions Available for Audits of Small Entities;
  • Avail of small companies’ audit exemption; and
  • File abridged financial statements with the CRO.

Such companies must also produce a Statement of Cash Flows and disclose the remuneration of their auditors in four stated categories (for the current/prior years) for:

  1. audit of the company/group;
  2. other assurance services;
  3. tax advisory services; and
  4. other non-audit services.

For bespoke training on any of the topics mentioned here, please see our website.