Internal Auditing

Auditor’s Responsibility
Responsibilities of Management and Auditor

• Responsibility of the client’s management – fair presentation of

the financial statements in accordance with the applicable
financial reporting standards

• Responsibility of Auditor – design the audit to provide reasonable

assurance of detecting material misstatements in the financial
statements
Misstatements in the Financial Statements

• 1. Error
• 2. Fraud
• 3. Noncompliance with Laws and Regulations
Misstatements in the Financial Statements

Unintentional Intentional act by one or Acts of omission or

misstatements in the FS more individuals among commission by the entity
management, those being audited, either
charged with intentional or
governance, employees, unintentional, which are
or third parties, involving contrary to the
the use of deception to prevailing laws or
obtain an unjust or regulations
illegal advantage
Kinds of Error

• Mathematical or clerical mistakes in the underlying records and

accounting data
• An incorrect accounting estimate arising from oversight or
misinterpretation of facts
• Mistake in the application of accounting policies
Misstatements in the Financial Statements

Unintentional Intentional act by one or Acts of omission or

misstatements in the FS more individuals among commission by the entity
management, those being audited, either
charged with intentional or
governance, employees, unintentional, which are
or third parties, involving contrary to the
the use of deception to prevailing laws or
obtain an unjust or regulations
illegal advantage
Types of Fraud

• The auditor is primarily concerned with fraudulent acts that cause

a material misstatement in the financial statement

1. Fraudulent Financial Reporting

2. Misappropriation of assets or employee fraud
Fraudulent Financial Reporting

• Involves intentional misstatement or omissions of amounts or

disclosures in the financial statements to deceive financial
statement users

• Also called as management fraud because it usually involves

members of management or those charged with governance
Fraudulent Financial Reporting

• This may involve:

1. Manipulation, falsification or alteration of records or documents
2. Misinterpretation in or intentional omission of the effects of
transactions from records or documents
3. Recording of transactions without substance
4. Intentional misapplication of accounting policies
Misappropriation of assets or employee fraud

• Involves theft of an entity’s assets committed by the entity’s

employees
• This may include:
• Embezzling receipts
• Stealing entity’s assets such as cash, marketable securities and
inventory
• Lapping of accounts receivable
• Often accompanied by false or misleading records or documents in
order to conceal the fact that the assets are missing
Committing Fraud

• Fraud involves motivation to commit it and

received opportunity to do so.

• Example:
• Motivation – employee’s financial problem
• Opportunity – there is no proper segregation of
duties (e.g. Bookkeeper same as Collections clerk)
Responsibility of Management and those
Charged with Governance

• The responsibility for the prevention and detection of fraud and

error rests with both management and those charged with the
governance of the entity
• PSA 240 requires:
• Management to establish a control environment and to implement
internal control policies and procedures designed to ensure, among others,
the detection and prevention of fraud and error
• Individuals charged with governance of an entity to ensure the integrity of
an entity’s accounting and financial reporting systems and that appropriate
controls are in place
Auditor’s Responsibility

Consider
Effects on
Planning Testing Completion
the
Phase Phase Phase
Auditor’s
Report
Planning Phase

1. When planning an audit, the auditor should make inquiries or

management about the possibility of misstatements due to fraud
and error
• Inquiries may include:
• Managements assessment of risks due to fraud
• Controls established to address the risk
• Any material error or fraud that has affected the entity or suspected
fraud that the entity is investigating
• These inquiries though will not address management fraud
Planning Phase

2. The auditor should assess the risk that fraud or error may cause
the financial statements to contain material misstatements

• PSA 240 requires the auditor to specifically “assess the risk if

material misstatements due to fraud and consider that
assessment in designing the audit procedure is performed”

• Fraud is concealed can make it very difficult to detect. Fraud risk

factors do not necessarily indicate the existence of fraud.
Planning Phase

• Judgements about the increased risk of material misstatements

due to fraud may influence the auditor’s professional judgements
in the ff ways:
• the auditor may approach the audit with a heightened level of professional
scepticism
• Ability of the management to override controls
• Audit team may be selected in ways that ensure that the knowledge, skill
and ability of personnel assigned significant responsibilities are
commensurate with the auditor’s assessement of risks
• Consider management selection and application of significant accounting
policies (esp. those related to income determination and asset valuation)
Testing Phase

Adjust Financial
Error Statements for
material errors
Consider effect
to assertions
Misstatements Non Material –
refer the matter
to management Discuss with
Fraud management (1
lvl up)
Material
Obtain evidence
of existence and
impact

Suggest to
consult legal
counsel
Completion Phase

• Auditor should obtain written representation from client’s

management that:
Fraud and Error

Responsibility for internal control that are designed to prevent and detect fraud and erro r

Immaterial misstatements

Individual and in aggregate are immaterial, summary are included in the written representation

Full disclosure
Disclosed to the auditor all significant facts relating to any frauds or suspected frauds
Results of risk assessment
Consider the Effect on the Auditor’s report

Request Or Express a
When auditor
management Qualified or
believes that material
to revise the Adverse
error or fraud exists
FS Opinion
Consider the Effect on the Auditor’s report

If the auditor is unable to

evaluate the effect of The auditor
Or disclaim his
fraud on FS due to should either
opinion on the FS
limitations on scope or Qualify
examination
Consider the Effect on the Auditor’s report

• Due to inherent limitations on an audit there is unavoidable risk

that material misstatements in the FS resulting from fraud or error
may not be detected.
• Thus, the subsequent discovery of material misstatement in the FS
resulting from fraud or error does not, in and of itself, indicate
that the auditor has failed to adhere to the basic principles and
essential procedures of an audit
Consider the Effect on the Auditor’s report

• Risk of not detecting material misstatements due to:

FRAUD > ERROR
× Fraud may involve sophisticated and carefully organized
schemes designed to conceal (e.g. forgery, deliberate failure
to record receipts of cash)
× Hence, audit procedures effective for detecting material
errors may be ineffective for detecting material fraud
MANAGEMENT FRAUD > EMPLOYEE FRAUD
× Management can override established controls due to authority
Misstatements in the Financial Statements

Unintentional Intentional act by one or Acts of omission or

misstatements in the FS more individuals among commission by the entity
management, those being audited, either
charged with intentional or
governance, employees, unintentional, which are
or third parties, involving contrary to the
the use of deception to prevailing laws or
obtain an unjust or regulations
illegal advantage
Noncompliance with Laws and Regulations

• Refers to the acts of omission or commission by the entity being

audited, either intentional or unintentional, which are contrary to
the prevailing laws and regulations.
• Can be entered into by the name of the entity or on behalf of the
management or employee
• Examples:
• Tax evasion
• Violation of environmental protection laws
• Inside trading of securities
Management Responsibility

• Ensure that the entity’s operations are conducted in accordance

with laws and regulations
• Responsibility for the prevention and detection of noncompliance
rests with management (PSA 250)
Management Responsibility

• Some policies and procedures:

1. Monitoring legal requirements and ensuring that operating
procedures are designed to meet these requirements.
2. Instituting and operating appropriate systems of internal control
3. Developing, publicizing and following a Code of Conduct
4. Ensuring employees are properly trained and understand the
Code of Conduct
5. Monitoring compliance with the Code of Conduct and acting
appropriately to discipline employees who fail to comply with it.
Management Responsibility

• Some policies and procedures:

6. Engaging legal advisors to assist in monitoring legal requirements
7. Maintaining a register of significant laws with which the entity
has to comply within its particular industry and a record of
complaints
Auditor’s Responsibility

• Auditors cannot be expected to detect noncompliance with all

laws and regulations
• Nevertheless, auditors should recognize that noncompliance by
the entity with laws and regulations may materially affect the FS

Consider
Effects on
Planning Testing Completion
the
Phase Phase Phase
Auditor’s
Report
Planning Phase

• Auditors should obtain a general understanding of the legal and regulatory

framework applicable to the entity and the industry and how the entity is
complying with that framework
Use the existing knowledge of the industry and business

Inquire of management concerning the entity’s policies and procedures

regarding compliance with laws and regulations
Inquire of management that may be expected to have a fundamental effect
on the operations of the entity
Discuss with management the policies or procedures adopted for identifying,
evaluating and accounting for litigation claims and assessment
Discuss the legal and regulatory framework with auditors of subsidiaries in other
countries
Planning Phase

• After obtaining the general understanding, the auditor should

design procedures to help identify instances of noncompliance
• The auditor should also obtain sufficient appropriate evidence
about compliance with those laws and regulations
Testing Phase

• When the auditor becomes aware of possible

noncompliance, he should evaluate the possible effect
on the FS
• Potential financial consequences
• Whether it requires disclosures
• Whether the potential financial consequences are so serious as
to call into question the fair presentation given by the FS
• The auditor should document the findings, discuss them
with management, and consider the implication on audit
Completion Phase

• Obtain written representations that management has disclosed to

the auditor all known actual or possible noncompliance with laws
and regulations that could materially affect the FS
Consider the Effect on the Auditor’s report

When auditor believes Or Express a

Request
that there is Qualified or
management to
noncompliance that Adverse
revise the FS
materially affect the FS Opinion
Consider the Effect on the Auditor’s report

If the auditor is unable to

evaluate the effect of The auditor
Or disclaim his
noncompliance on FS due should either
opinion on the FS
to limitations on scope or Qualify
examination
Consider the Effect on the Auditor’s Report

• Auditors are primarily concern with noncompliance that will have

direct and material effect in the FS
Examples of Risk Factors Relating to
Misstatements Resulting from Fraud

1. Resulting from Fraudulent Financial Reporting

a) Management’s characteristics and influence over the Control Environment
b) Industry Conditions
c) Operating Characteristics and Financial Stability
2. Resulting from Misappropriation of Assets
a) Susceptibility of Assets to Misappropriation
b) Controls
 Management’s characteristics and influence over
the Control Environment

Failure to
display and Non
communica financial
History of
Motivation te manageme High Strained
securities Corporate
to engage appropriat nt turnover of relationshi
law governanc
in e attitude participate manageme p between
violations e structure
fraudulent regarding s in nt, counsel manageme
or is weak or
financial internal selection or board nt and
manageme ineffective
reporting control of members auditor
nt fraud
and the FR accounting
process principles
 Industry Conditions

New accounting,
statutory or Rapid changes in the
High degree of Declining industry
regulatory industry, such as high
competition or with increasing
requirements that vulnerability to
market saturation, business failures and
could impair the rapidly changing
accompanied by significant declines in
financial stability or technology or rapid
declining margins customer demand
profitability of the product obsolescence
entity
 Operating Characteristics and Financial Stability

Inability to Significant
generate cash related party A threat of Unrealistically
Especially high
flows from transactions imminent aggressive sales
vulnerability to
operations while which are not in bankruptcy, or profitability
changes in
reporting the ordinary foreclosure or incentive
interest rates
earnings and course of hostile takeover programs
earnings growth business
 Susceptibility of Assets to Misappropriation

Inventory characteristics such

Large amounts of cash on
as small size, high valued Easily convertible assets
hand or processed
products
 Controls

Poor physical Lack of an

Inadequate record
Lack of appropriate safeguards over cash, appropriate
keeping for assets
management investments, segregation of duties
susceptible to
oversight inventory or fixed or independent
misappropriation
assets checks
Examples of Risk Factors Relating to
Misstatements Resulting from Fraud
• Lack of timely and appropriate Resulting from
Fraudulent Financial
Resulting from
Misappropriation of
documentation for transactions Reporting Assets

• A poor or deteriorating financial

position when management has Management’s
personally guaranteed significant characteristics and Susceptibility of
Assets to
debts of the entity influence over the
Control Environment Misappropriation

• Significant bank accounts or

subsidiary or branch operations
in tax-haven jurisdictions for Industry Conditions Controls
which there appears to be no
clear business justifications
Operating
Characteristics and
Financial Stability
Examples of Risk Factors Relating to
Misstatements Resulting from Fraud

• Management fails to correct Resulting from

Fraudulent Financial
Resulting from
Misappropriation of
known material weaknesses in Reporting Assets
internal control on a timely
basis Management’s
Susceptibility of
• Domineering attempt to characteristics and
influence over the Assets to
influence the scope of Control Environment Misappropriation

auditor’s work
• New technological Industry Conditions Controls
development which could
render the product obsolete
Operating
Characteristics and
Financial Stability