The ‘fraud triangle’ (shown below) is a well-known tool for enabling discussions among audit teams about the possible ‘climatic’ factors that may be present in an audit client. Where all three coincide, fraud is much more likely to be present.
ISA 240 ‘The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements’ was re-issued in October 2022 with additional requirements (among other topics) to do with the audit engagement team discussion.
For the purposes of this blog (Part 1 of a 2 part series) we are focusing on the main areas of the audit team discussion.
‘The discussion shall include an exchange of ideas among engagement team members about fraud risk factors, including:
- incentives for management or others within the entity to commit fraud;
- how management could perpetrate and conceal fraudulent financial reporting; and
- how assets of the entity could be misappropriated (ISA 240.16.1)
For a group audit, the discussion among the group engagement team shall include matters to discuss with the component auditor of a significant component about the susceptibility of the component to material misstatement of the financial information of that component due to fraud. (ISA 240.16.2)
If allegations of fraud come to the auditor’s attention, the discussion shall include how to investigate and respond to those allegations. (ISA 240.16.3) see last week’s blog on the expanded Protected Disclosures regime now in force in Ireland and which will have implications for auditors of the affected entities.
The standard allows for the initial engagement team discussion to be later revisited and revised, where necessary, when ‘fraud risk factors that have been identified during the course of the audit and the implications for the audit’ considered (ISA 240.16.4)
Basically the audit engagement team is expected to document a discussion of how fraud might be perpetrated in the audit client. That discussion needs to be structured around the headline items shown below:
The guidance focuses on:
- incentives to manage earnings or key performance indicators derived from the financial statements in order to deceive financial statement users by influencing their perceptions as to the entity’s performance and profitability;
- A consideration of circumstances that might be indicative of earnings management and the practices that might be followed by management to manage earnings that could lead to fraudulent financial reporting.
- A consideration of the risk that management may attempt to present disclosures in a manner that may obscure a proper understanding of the matters disclosed (for example, by including too much immaterial information or by using unclear or ambiguous language).
- A consideration of the known external/internal factors affecting the entity that may create an incentive or pressure for management or others to commit fraud, provide the opportunity for fraud to be perpetrated, and indicate a culture or environment that enables management or others to rationalize committing
Further guidance on these topics is given in Application paragraphs A12 and A12-1 in the standard. We will say more about this topic next week.
IT Controls Assessment
Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying And Assessing The Risks Of Material Misstatement for accounting periods commencing 15 December 2021, which in practical terms means, accounting periods Ended 21 December 2022 and later.
Auditors dealing with the audits of entities with such accounting periods affected by these change will need, to adopt new audit programmes and, in additional to the normal audit tests, to also assess the entity’s IT controls (no ,matter what the size of that entity).
This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.
For an easy to implement additional (two page) IT Controls Questionnaire to help document the above process, please click on this link to download immediately for only €60 + VAT.
Please go to our website to see our:
- letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
- ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at firstname.lastname@example.org.
We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.
Recently while researching material for one of my anti-money laundering (AML) training courses, I came across the 5 page anti-corruption policy of Tesla, the electric car company. It states in bold print…. ‘Boiled down to its essence, our policy is: Don’t offer any bribe to anybody, anytime, for any reason.’
Tesla’s brief and to the point anti-bribery policy explains, “Involvement in bribery or corruption can result in lasting damage to our brand and our reputation. It can also result in multi-million-dollar fines and penalties, plus jail time for participants.”
The message is loud and clear. If any business wants to remain respectable and maintain its reputation it needs to communicate this to its employees and associated third parties. It’s much more effective than merely saying… “we don’t do corruption because I said so”.
Money laundering is often stage two of a crime or series of crimes that have already occurred e.g., the bribe has been given/accepted and now needs to be ‘concealed’ – ‘concealment’ being a key feature in AML cases.
Other reasons why money laundering, bribery and corruption are bad ideas include:
- Bribe takers/payers become hostages to fortune – they are always at risk of being pressured into taking/making more bribes. Once is never enough.
- Often, bribes are paid through intermediaries who can become blackmailers.
- Bribes will usually lead to the accounting records of the entity being falsely prepared to help hide the original illegal act, leading to a wider range of offences including indictable offence reporting to the ODCE where an audit client is involved. They go into the books as something else — consultancy fees, motor expenses, transport costs, commissions etc.
- Bribery leads to greed. Demands for bribes can be very “fluid.” Once the payer reveals a weakness in being open to giving a bribe, the bribe taker’s appetite for more becomes unquenchable.
- The risk of fraud is multiplied. Where intermediaries are involved, they may say the bribe is for €5,000, but how can the bribe payer know for sure?
- Bribery often triggers other criminal activity which ensnares those involved. People often fall into the intellectual trap that says “I deserve this, it’s so small, it’s just this time”
- While bribes can help a company enjoy short-lived success, in the end it leads to misery.
See the World Misery Index produced by Johns Hopkins University Professor Steve Hanke. The index assumes that higher unemployment and worsening inflation create economic and social costs for a country leading to more crime. The index is built using the sum of the country’s interest, inflation, and unemployment rates, minus the year-on-year percentage change in per-capita GDP growth.
In the latest version of this index from 2020, with 156 countries included, Venezuela comes out as the most miserable country in the world and Ireland at 135th, is much less miserable than the US (109) and the UK (87).
For more blogs please visit this link and for our publications and manuals and services click here.
The term money mule refers to the transfer of illegally obtained funds between bank accounts on behalf of others. According to a recent report by FraudSMART in the first 6 months of 2021 alone, over 700 ‘money mule’ transactions totalling €5 million moved through several bank accounts.
The majority of these cases involved accounts belonging to 18–24 year olds who are assisting in committing money laundering, which carries a maximum 14 year prison sentence. The Garda have appealed to young people and their parents to be aware of the serious and long reaching consequences of money muling.
The FraudSMART report details what to look out for in potential money muling recruitment scams with social media being the main platform for recruiting young people who are being targeted more than ever. Unsolicited texts or emails with the promise of “easy money” are commonplace and the Garda and FraudSMART are appealing to people to familiarise themselves with the red flags to look out for.
FraudSMART is the fraud awareness initiative led by the Banking & Payments Federation Ireland (BPFI) and is supported by An Garda Síochana Crime Bureau who have more details on money muling on their website here.
For more blogs please visit this link and for our publications and manuals and services click here.
This is our third and final blog about the results of audit monitoring inspections during the Pandemic.
In Part 2 last week, we looked at going concern (ISA 570), subsequent events (ISA 560) and the lack of financial statement disclosures regarding COVID.
In Part 1 two weeks ago, we looked at stock attendance (ISA 501), fraud (ISA 240) and accounting systems and controls (ISA 315).
Other matters that we have seen on cold file reviews and on recent audit monitoring visits include:
Walk through tests that appear on audit files often start from within the client’s accounting system which is the wrong place to start. For walk through tests to be fully effective, they need to commence outside the main system i.e., at the authorisation stage for purchases, at the customer order stage for sales, using clock cards, timesheets and/or employment contracts for wages etc.
Ethical Standards for Auditors
The new IAASA Ethical Standards for Auditors (Ireland) 2020 are effective from 15 July 2021.
Sometimes auditors do not appreciate the implications of certain ethical standards which require appropriate safeguards to mitigate the threats posed. The most common threats we see are Long Association with Audit Engagements (audit partner in place for 10+years) and Provision of Non-Audit Services (especially for the provision of accounting, tax and company secretarial services). Firms are reminded to review the Ethical Standards (Sections 3 and 5 respectively) to ensure they have dealt appropriately with the threats and identified/implemented relevant safeguards. Quite often the only practical safeguard for sole practitioners with a long association problem is to arrange for an annual hot issue or a hot file review (also known as an Engagement Quality Control Review (EQC Review) in year 11 onwards. The implementation of safeguards needs to be properly documented.
It may be possible to apply Provisions Available for Audits of Small Entities (Section 6 PAASE) to deal with threats arising from economic dependence or where tax or accounting services are provided to certain ‘small’ entities, as defined in Section 6. Where PAASE is applied, two matters arise:
- the auditors’ report must disclose this fact and
- either the financial statements notes or the auditors’ report must include the relevant disclosures specified in ES PAASE para 6.15(b).
Small Companies Exemption Incorrectly Claimed – Schedule 5 Companies Act 2014
A reminder that entities listed in Schedule 5, Companies Act 2014 are deemed ‘large’ and often include entities regulated by the Central Bank of Ireland (e.g., ‘insurance intermediaries’). Please note that such entities cannot:
- Use FRS 102 Section 1A (which is only for certain ‘small’ entities;
- Use the Provisions Available for Audits of Small Entities;
- Avail of small companies’ audit exemption; and
- File abridged financial statements with the CRO.
Such companies must also produce a Statement of Cash Flows and disclose the remuneration of their auditors in four stated categories (for the current/prior years) for:
- audit of the company/group;
- other assurance services;
- tax advisory services; and
- other non-audit services.
For bespoke training on any of the topics mentioned here, please see our website.
This is Part 2 of our series of three blogs about the impact that the Coronavirus (COVID-19) is having on evidencing of audit work.
In Part 1 last week, we looked at issues like stock attendance (ISA 501), fraud (ISA 240) and accounting systems and controls (ISA 315). Here are some other problem areas seen during recent audit monitoring inspections.
Going concern (ISA 570)
Going concern has always been a key audit area and remains so, particularly at the moment. Monitoring inspectors often see excellent examples of audit work on going concern including consideration of worst case scenarios when assessing forecasts, and good documentation of the thought processes supporting the auditor’s conclusions on this topic. This will include evidence of scepticism and challenge of management’s assumptions.
In other cases with less than ideal inspection outcomes, audit work on going concern may have been carried out but inadequately documented, or in some cases insufficient audit work on going concern is performed. Areas giving rise to findings on monitoring visits include lack of, or insufficient challenge and assessment of management assumptions or the lack of alternative audit procedures on the audit file, where for example formal future cash flow forecasts are not prepared, particularly on smaller clients. These need to be on file for a period of at least 12 months from the date of sign-off of the financial statements.
Please remember ISA 570 (Revised) (effective for audits of financial statements for periods commencing on or after 15 December 2019) contains increased requirements in relation to audit work on going concern.
Subsequent events (ISA 560)
Inspectors also see cases where there has been a delay in signing some financial statements due to the Pandemic. Don’t forget to ensure that appropriate subsequent events procedures are performed up to the date of the auditor’s report in such circumstances. This should include details of the date/time/place and names of those attending the final close off meeting, even if this s a brief 5-minute phone call. The notes should also contain details of action points agreed and matters forward to the next audit.
Financial Statement disclosures – COVID
There are often comprehensive disclosure in financial statements regarding the impact of COVID. Unfortunately in other cases, there are only brief or no disclosures.
Even where the directors consider COVID has had no impact on the entity, it may still be appropriate to include disclosure in the financial statements to that effect. Disclosure should be sufficient to enable the reader of the financial statements to understand why the directors believe this to be the case. Information disclosed in the directors’ report must be consistent with the information disclosed in the financial statements.
See the final Part 3 of this blog next week.