Introduction
1. The purpose of this InternationalCambodian Standard on Auditing (ICSA) is to establish standards and provide guidance on the auditor’s responsibility to consider fraud and error in an audit of financial statements.
2. When planning and performing audit procedures and in evaluating and reporting the results thereof, the auditor should consider the risk of material misstatements in the financial statements resulting from fraud or error.
3. The term 'fraud' refers to an intentional act by one or more individuals among management, employees, or third parties, which results in a misrepresentation of financial statements. Fraud may involve:
· Manipulation, falsification or alteration of records or documents.
· Misappropriation of assets.
· Suppression or omission of the effects of transactions from records or documents.
· Recording of transactions without substance.
· Misapplication of accounting policies.
4. The term 'error' refers to unintentional mistakes in financial statements, such as:
· Mathematical or clerical mistakes in the underlying records and accounting data.
· Oversight or misinterpretation of facts.
· Misapplication of accounting policies.
Responsibility of Management
5. The responsibility for the prevention and detection of fraud and error rests with management through the implementation and continued operation of adequate accounting and internal control systems. Such systems reduce but do not eliminate the possibility of fraud and error.
Responsibility of the Auditor
6. The auditor is not and cannot be held responsible for the prevention of fraud and error. The fact that an annual audit is carried out may, however, act as a deterrent.
Risk Assessment
7. In planning the audit, the auditor should assess the risk that fraud and error may cause the financial statements to contain material misstatements and should inquire of management as to any fraud or significant error which has been discovered.
8. In addition to weaknesses in the design of the accounting and internal control systems and noncompliance with identified internal controls, conditions or events which increase the risk of fraud and error include:
· Questions with respect to the integrity or competence of management.
· Unusual pressures within or on an entity.
· Unusual transactions.
· Problems in obtaining sufficient appropriate audit evidence.
Examples of these conditions or events are set out in the Appendix to this ICSA.
Detection
9. Based on the risk assessment, the auditor should design audit procedures to obtain reasonable assurance that misstatements arising from fraud and error that are material to the financial statements taken as a whole are detected.
10. Consequently, the auditor seeks sufficient appropriate audit evidence that fraud and error which may be material to the financial statements have not occurred or that, if they have occurred, the effect of fraud is properly reflected in the financial statements or the error is corrected. The likelihood of detecting errors ordinarily is higher than that of detecting fraud, since fraud is ordinarily accompanied by acts specifically designed to conceal its existence.
11. Due to the inherent limitations of an audit (see paragraphs 12 - 14) there is an unavoidable risk that material misstatements in the financial statements resulting from fraud and, to a lesser extent, error may not be detected. The subsequent discovery of material misstatement of the financial statements resulting from fraud or error existing during the period covered by the auditor’s report does not, in itself, indicate that the auditor has failed to adhere to the basic principles and essential procedures of an audit. Whether the auditor has adhered to these principles and procedures is determined by the adequacy of the audit procedures undertaken in the circumstances and the suitability of the auditor’s report based on the results of those audit procedures.
Inherent Limitations of an Audit
12. An audit is subject to the unavoidable risk that some material misstatements of the financial statements will not be detected, even though the audit is properly planned and performed in accordance with ICSAs.
13. The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting a material misstatement resulting from error, because fraud ordinarily involves acts designed to conceal it, such as collusion, forgery, deliberate failure to record transactions, or intentional misrepresentations being made to the auditor. Unless the audit reveals evidence to the contrary, the auditor is entitled to accept representations as truthful and records and documents as genuine. However, in accordance with ICSA 200 'Objective and General Principles Governing an Audit of Financial Statements,' the auditor should plan and perform the audit with an attitude of professional skcepticism, recognizsing that conditions or events may be found that indicate that fraud or error may exist.
14. While the existence of effective accounting and internal control systems reduces the probability of misstatement of financial statements resulting from fraud and error, there will always be some risk of internal controls failing to operate as designed. Furthermore, any accounting and internal control system may be ineffective against fraud involving collusion among employees or fraud committed by management. Certain levels of management may be in a position to override controls that would prevent similar frauds by other employees; for example, by directing subordinates to record transactions incorrectly or to conceal them, or by suppressing information relating to transactions.
Procedures When There is an Indication That Fraud or Error May Exist
15. When the application of audit procedures designed from the risk assessment indicates the possible existence of fraud or error, the auditor should consider the potential effect on the financial statements. If the auditor believes the indicated fraud or error could have a material effect on the financial statements, the auditor should perform appropriate modified or additional procedures.
16. The extent of such modified or additional procedures depends on the auditor’s judgment as to:
(a) the types of fraud and error indicated;
(b) the likelihood of their occurrence; and
(c) the likelihood that a particular type of fraud or error could have a material effect on the financial statements.
Unless circumstances clearly indicate otherwise, the auditor cannot assume that an instance of fraud or error is an isolated occurrence. If necessary, the auditor adjusts the nature, timing and extent of substantive procedures.
17. Performing modified or additional procedures would ordinarily enable the auditor to confirm or dispel a suspicion of fraud or error. Where suspicion of fraud or error is not dispelled by the results of modified or additional procedures, the auditor should discuss the matter with management and consider whether the matter has been properly reflected or corrected in the financial statements. The auditor should consider the possible impact on the auditor’s report.
18. The auditor should consider the implications of fraud and significant error in relation to other aspects of the audit, particularly the reliability of management representations. In this regard, the auditor reconsiders the risk assessment and the validity of management representations, in case of fraud and error not detected by internal controls or not included in management representations. The implications of particular instances of fraud or error discovered by the auditor will depend on the relationship of the perpetration and concealment, if any, of the fraud or error to specific control procedures and the level of management or employees involved.
Reporting of Fraud and Error
To Management
19. The auditor should communicate factual findings to management as soon as practicable if:
(a) the auditor suspects fraud may exist, even if the potential effect on the financial statements would be immaterial; or
(b) fraud or significant error is actually found to exist.
20. In determining an appropriate representative of the entity to whom to report occurrences of possible or actual fraud or significant error, the auditor would consider all the circumstances. With respect to fraud, the auditor would assess the likelihood of senior management involvement. In most cases involving fraud, it would be appropriate to report the matter to a level in the organizsation structure of the entity above that responsible for the persons believed to be implicated. When those persons ultimately responsible for the overall direction of the entity are doubted, the auditor would ordinarily seek legal advice to assist in the determination of procedures to follow.
To Users of the Auditor’s Report on the Financial Statements
21. If the auditor concludes that the fraud or error has a material effect on the financial statements and has not been properly reflected or corrected in the financial statements, the auditor should express a qualified or an adverse opinion.
22. If the auditor is precluded by the entity from obtaining sufficient appropriate audit evidence to evaluate whether fraud or error that may be material to the financial statements, has, or is likely to have, occurred, the auditor should express a qualified opinion or a disclaimer of opinion on the financial statements on the basis of a limitation on the scope of the audit.
23. If the auditor is unable to determine whether fraud or error has occurred because of limitations imposed by the circumstances rather than by the entity, the auditor should consider the effect on the auditor’s report.
To Regulatory and Enforcement Authorities
24. The auditor’s duty of confidentiality would ordinarily preclude reporting fraud or error to a third party. However, in certain circumstances, the duty of confidentiality is overridden by statute, law or by courts of law (for example, in some countries the auditor is required to report fraud or error by financial institutions to the supervisory authorities). The auditor may need to seek legal advice in such circumstances, giving due consideration to the auditor’s responsibility to the public interest.
Withdrawal from the Engagement
25. The auditor may conclude that withdrawal from the engagement is necessary when the entity does not take the remedial action regarding fraud that the auditor considers necessary in the circumstances, even when the fraud is not material to the financial statements. Factors that would affect the auditor’s conclusion include the implications of the involvement of the highest authority within the entity, which may affect the reliability of management representations, and the effects on the auditor of continuing association with the entity. In reaching such conclusion, the auditor would ordinarily seek legal advice.
26. As stated in the 'Code of Ethics for Professional Accountants' issued by the International Federation of Accountants,Where there is to be a change of auditor, on receipt of an inquiry from the proposed auditor, the existing auditor should advise whether there are any professional reasons why the proposed auditor should not accept the appointment. The extent to which an existing auditor can discuss the affairs of a client with a proposed auditor will depend on whether the client’s permission to do so has been obtained and/or the legal or ethical requirements that apply in each country relating to such disclosure. If there are any such reasons or other matters which need to be disclosed, the existing auditor would, taking account of the legal and ethical constraints including where appropriate permission of the client, give details of the information and discuss freely with the proposed auditor all matters relevant to the appointment. If permission from the client to discuss its affairs with the proposed auditor is denied by the client, that fact should be disclosed to the proposed auditor.
Public Sector Perspective
1. In respect of paragraph 9 of this ICSA, it has to be noted that the nature and the scope of the public sector audit may be affected by legislation, regulation, ordinances and ministerial directives relating to the detection of fraud and error. These requirements may lessen the auditor’s ability to exercise judgment. In addition to any formally mandated responsibility to detect fraud, the use of 'public monies' tends to impose a higher profile on fraud issues, and auditors may need to be responsive to public 'expectations' regarding detection of fraud. It also has to be recognized that reporting responsibilities as discussed in paragraphs 19 and 20 of this ICSA, may be subject to specific provisions of the audit mandate or related legislation or regulation.
Appendix - Examples of Conditions or Events which Increase the Risk of Fraud or Error
Questions with respect to the integrity or competence of management
· Management is dominated by one person (or a small group) and there is no effective oversight board or committee.
· There is a complex corporate structure where complexity does not seem to be warranted.
· There is a continuing failure to correct major weaknesses in internal controls where such corrections are practicable.
· There is a high turnover rate of key accounting and financial personnel.
· There is a significant and prolonged understaffing of the accounting department.
· There are frequent changes of legal counsel or auditors.
Unusual pressures within or on an entity
· The industry is declining and failures are increasing.
· There is inadequate working capital due to declining profits or too rapid expansion.
· The quality of earnings is deteriorating, for example, increased risk taking with respect to credit sales, changes in business practice or selection of accounting policy alternatives that improve income.
· The entity needs a rising profit trend, due to the demands of shareholdersto support the market price of its shares due to a contemplated public offering, a takeover or other reason.
· The entity has a significant investment in an industry or product line noted for rapid change.
· The entity is heavily dependent on one or a few products or customers.
· Financial pressure on top managers.
· Pressure is exerted on accounting personnel to complete financial statements in an unusually short time period.
Unusual transactions
· Unusual transactions, especially near the year - end, that have a significant effect on earnings.
· Complex transactions or accounting treatments.
· Transactions with related parties.
· Payments for services (for example, to lawyers, consultants or agents) that appear excessive in relation to the services provided.
Problems in obtaining sufficient appropriate audit evidence
· Inadequate records, for example, incomplete files, excessive adjustments to books and accounts, transactions not recorded in accordance with normal procedures and out of balance control accounts.
· Inadequate documentation of transactions, such as lack of proper authorizsation, supporting documents not available and alteration to documents (any of these documentation problems assume greater significance when they relate to large or unusual transactions).
· An excessive number of differences between accounting records and third party confirmations, conflicting audit evidence and unexplainable changes in operating ratios.
· Evasive or unreasonable responses by management to audit inquiries.
Some factors unique to a computer information systems environment which relate to the conditions and events in described above include:
· Inability to extract information from computer files due to lack of, or noncurrent, documentation of record contents or programs.
· Large numbers of program changes that are not documented, approved and tested.
· Inadequate overall balancing of computer transactions and data bases to the financial accounts.
CSA 240 - Fraud and Error
Posted by : Sokchea
on 7:20 PM
Subscribe to:
Post Comments (Atom)
1 comments:
I have read your blog its very attractive and impressive. I like it your blog.
m4ufree movies
Post a Comment