Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CFE White Collar Crime and Corporate Governance > Auditors' Fraud-Related Responsibilities > Flashcards

Auditors' Fraud-Related Responsibilities Flashcards

1
Q

According to the International Organization of Supreme Audit Institutions’ (INTOSAI) standards for public-sector audits, the requirements for private-sector external auditors found in International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, also apply to government auditors during audits of public-sector financial statements.

True/False

A

True!

The International Organization of Supreme Audit Institutions (INTOSAI) operates as an umbrella organization for the external government audit community and provides an institutionalized framework for supreme audit institutions (SAIs) to foster the exchange of ideas, knowledge, and experiences; the organization acts as a recognized voice of SAIs within the international community. INTOSAI provides high-quality auditing standards in the form of International Standards of Supreme Audit Institutions (ISSAI) for the public sector in an effort to promote good governance.

ISSAI 1240 provides supplementary guidance regarding the applicability of International Standard on Auditing (ISA) 240 to public-sector financial statement audits. This practice note states that ISA 240 is applicable to auditors of public-sector entities in their role as auditors of financial statements and includes several specific considerations in applying ISA 240 to public-sector audits.

See pages 4.533, 4.540 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

According to International Standard on Auditing (ISA) 240, ________ involves intentional misstatements in financial statements to deceive financial statement users.

A. An auditor misrepresentation
B. A financial reporting error
C. Fraudulent financial reporting
D. A financial report item adjustment

A

C. Fraudulent financial reporting

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, fraudulent financial reporting involves intentional misstatements, including omissions of amounts or disclosures, in financial statements to deceive financial statement users. It can be caused by the efforts of management to manage earnings in order to deceive financial statement users by influencing their perceptions as to the entity’s performance and profitability.

See pages 4.503 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is a responsibility that the internal auditor should execute in conducting audit engagements?

A. Evaluate the indicators of fraud and decide whether any further action is necessary or whether an investigation
should be recommended
B. Consider fraud risks in the assessment of internal control design and determination of audit steps to perform
C. Evaluate whether management is actively retaining responsibility for oversight of the fraud risk management
program
D. All of the above

A

D. All of the above
(A. Evaluate the indicators of fraud and decide whether any further action is necessary or whether an investigation should be recommended
B. Consider fraud risks in the assessment of internal control design and determination of audit steps to perform
C. Evaluate whether management is actively retaining responsibility for oversight of the fraud risk management program)

To help auditors comply with their responsibilities pertaining to fraud, The Institute of Internal Auditors (IIA) released IPPF—Practice Guide: Internal Auditing and Fraud (the Practice Guide). Although not mandatory, the guidance included in the Practice Guide is strongly recommended. Specifically, the Practice Guide states that, in conducting audit engagements, the internal auditor should:

** Consider fraud risks in the assessment of internal control design and determination of audit steps to perform.
** Have sufficient knowledge of fraud to identify red flags indicating fraud might have been committed.
** Be alert to opportunities that could allow fraud, such as control deficiencies.
** Evaluate whether management is actively retaining responsibility for oversight of the fraud risk management
program, whether timely and sufficient corrective measures have been taken with respect to any noted
control deficiencies or weaknesses, and whether the plan for monitoring the program continues to be
adequate for the program’s ongoing success.
** Evaluate the indicators of fraud and decide whether any further action is necessary or whether an
investigation should be recommended.
** Recommend investigation when appropriate.

See pages 4.528-4.529 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

According to International Standard on Auditing (ISA) 240, the auditor’s assessment of the risk of material misstatement due to fraud at the financial statement level should have an effect on which of the following aspect(s) of an audit?

A. Consideration of accounting principles used
B. Choice of auditing procedures
C. Assignment and supervision of personnel
D. All of the above

A

D. All of the above:
(A. Consideration of accounting principles used
B. Choice of auditing procedures
C. Assignment and supervision of personnel)

Although fraud is a broad legal concept, for the purposes of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor is concerned with fraud that causes a material misstatement in the financial statements. Under this standard, the auditor shall determine overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level. To do so, the auditor shall:

** Assign and supervise personnel, taking account of the knowledge, skill, and ability of the individuals to be
given significant engagement responsibilities and the auditor’s assessment of the risks of material
misstatement due to fraud for the engagement; this might include assigning additional individuals with
specialized skill and knowledge, such as forensic and IT specialists, or assigning more experienced
individuals to the engagement.
** Evaluate whether the selection and application of accounting policies by the entity, particularly those related
to subjective measurements and complex transactions, might be indicative of fraudulent financial
reporting resulting from management’s effort to manage earnings.
*** Incorporate an element of unpredictability in the selection of the nature, timing, and extent of audit
procedures.

See pages 4.502, 4.511-4.512 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

According to International Standard on Auditing (ISA) 240, the auditor is primarily concerned with fraud that is determined to meet the legal definition of fraud.

True/False

A

False!

Although fraud is a broad legal concept, for the purposes of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor is concerned with fraud that causes a material misstatement in the financial statements. Two types of intentional misstatements are relevant to the auditor: misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets. Although the auditor might suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has actually occurred.

See pages 4.502 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If an external auditor discovers evidence of potential fraud, they are precluded from disclosing these findings to anyone in order to protect client confidentiality.

True/False

A

False!

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if the external auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor shall communicate these matters on a timely basis to the appropriate level of management in order to inform those with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities. Unless all of those charged with governance are involved in managing the entity, if the auditor has identified or suspects fraud involving management, employees who have significant roles in internal control, or others where the fraud results in a material misstatement in the financial statements, the auditor shall communicate these matters to those charged with governance on a timely basis. If the auditor suspects fraud involving management, the auditor shall communicate these suspicions to those charged with governance and discuss with them the nature, timing, and extent of audit procedures necessary to complete the audit. The auditor shall communicate with those charged with governance any other matters related to fraud that are, in the auditor’s judgment, relevant to their responsibilities.

If the auditor has identified or suspects a fraud, the auditor shall determine whether there is a responsibility to report the occurrence or suspicion to a party outside the entity. Although the auditor’s professional duty to maintain the confidentiality of client information may preclude such reporting, the auditor’s legal responsibilities may override the duty of confidentiality in some circumstances.

See pages 4.515 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

According to The Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing, internal auditors must apply the care and skill of an expert whose primary responsibility is investigating fraud.

True/False

A

False!

The Institute of Internal Auditors’ (IIA) Standard 1220 states that internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Standard 1220 also states, however, that due professional care does not imply infallibility.

See pages 4.526 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following parties has some responsibility regarding an organization’s fraud detection and prevention efforts?

A. In-house legal counsel
B. Board of directors
C. Management
D. All of the above

A

D. All of the above
(A. In-house legal counsel
B. Board of directors
C. Management)

The Institute of Internal Auditors’ (IIA) Practice Guide: Internal Auditing and Fraud discusses various parties’ typical roles and responsibilities for fraud detection and prevention. These parties include:

** Board of directors: The board of directors is responsible for effective and responsible corporate fraud
governance and is tasked with overseeing management’s actions to manage fraud risks.
** Audit committee: The audit committee’s role is to evaluate management’s identification of fraud risks and the
implementation of anti-fraud measures, as well as to provide the tone at the top that fraud will not be
accepted in any form. The audit committee is also responsible for overseeing controls to prevent or detect
management fraud.
** Management: Management is responsible for overseeing the activities of employees, assessing the entity’s
vulnerability to fraud, and establishing and maintaining an effective internal control system at a reasonable
cost.
** Legal counsel: Legal counsel advises the organization on legal matters pertaining to fraud.
** External auditors: External auditors have a responsibility to comply with professional standards and to plan
and perform the audit of the organization’s financial statements to obtain reasonable assurance about
whether the financial statements are free of material misstatements, whether caused by error or fraud.
** Loss prevention manager: The loss prevention manager deals with crimes, disasters, accidents, waste, and
other business risks, and this individual usually works closely with internal auditors to identify areas of
weak internal controls within the organization.
** Fraud investigators: Fraud investigators are responsible for detecting and investigating fraud, as well as
recovering assets.
** Other employees: All employees have a responsibility to report suspicious activity to a hotline, the internal
audit department, or management.

See pages 4.530-4.531 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is NOT one of the responsibilities that the internal auditor should execute in conducting audit engagements?

A. Have sufficient knowledge of fraud to identify red flags indicating fraud might have been committed.
B. Be alert to opportunities that could allow fraud, such as control deficiencies.
C. Consider fraud risks in the assessment of internal control design and determination of audit steps to perform.
D. Report all findings of fraud to the Securities and Exchange Commission within ten working days.

A

D. Report all findings of fraud to the Securities and Exchange Commission within ten working days.

To help auditors comply with their responsibilities pertaining to fraud, The Institute of Internal Auditors (IIA) released IPPF—Practice Guide: Internal Auditing and Fraud (the Practice Guide). Although not mandatory, the guidance included in the Practice Guide is strongly recommended. Specifically, the Practice Guide states that, in conducting audit engagements, the internal auditor should:

** Consider fraud risks in the assessment of internal control design and determination of audit steps to perform.
** Have sufficient knowledge of fraud to identify red flags indicating fraud might have been committed.
** Be alert to opportunities that could allow fraud, such as control deficiencies.
** Evaluate whether management is actively retaining responsibility for oversight of the fraud risk management
program, whether timely and sufficient corrective measures have been taken with respect to any noted
control deficiencies or weaknesses, and whether the plan for monitoring the program continues to be
adequate for the program’s ongoing success.
** Evaluate the indicators of fraud and decide whether any further action is necessary or whether an
investigation should be recommended.
** Recommend investigation when appropriate.

See pages 4.528-4.529 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

During an external audit of XYZ Corporation, the audit team determines the quantitative materiality threshold (i.e., the amount by which financial statements must be misstated to be considered materially misstated) to be $1 million. If the auditors discover evidence that management has intentionally overstated sales by $900,000, they should deem the misstatement immaterial for purposes of the audit and disregard it.

True/False

A

False!

The concept of materiality in a financial statement audit is an important one, especially as it pertains to fraud. International Standards of Auditing (ISAs) 1 and 8 define materiality as follows: “Information is material if omitting, misstating or obscuring it could reasonably be expected to influence the decisions that the primary users of general purpose financial statements make on the basis of those financial statements, which provide financial information about a specific reporting entity.”

Materiality is often considered in quantitative terms within an audit (e.g., by establishing a threshold amount by which the financial statements must be misstated to be considered materially misstated). However, the qualitative aspects of fraud can, and often do, override the general quantitative materiality threshold. For example, an intentional manipulation of an account for an amount just under the determined quantitative materiality threshold might still be deemed material for purposes of the audit, as it indicates management’s intent to “omit, misstate, or obscure” information to influence the decisions of the financial statement users.

See pages 4.506-4.507 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if an external auditor discovers evidence of a potential fraud involving senior management, to which of the following parties should they immediately report their findings?

A. Local law enforcement
B. The audit committee
C. Securities regulators
D. All of the above

A

B. The audit committee

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if the auditor has identified or suspects fraud involving management, the auditor shall communicate these matters to those charged with governance, such as the audit committee of the board of directors, on a timely basis. The related discussion should cover the nature, timing, and extent of audit procedures necessary to complete the audit, as well as any other matters related to fraud that are, in the auditor’s judgment, relevant to their responsibilities.

In certain circumstances, it might also be necessary or appropriate to report the findings to outside parties, such as securities regulators. Consequently, if the auditor has identified or suspects a fraud, the auditor shall also determine whether there is a responsibility to report the occurrence or suspicion to a party outside the entity. Although the auditor’s professional duty to maintain the confidentiality of client information may preclude such reporting, the auditor’s legal responsibilities may override the duty of confidentiality in some circumstances.

See pages 4.515 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Under The Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing, an organization’s internal audit function is required to hold primary responsibility for all internal fraud investigations.

True/False

A

False!

The role that internal audit plays in fraud investigations varies by organization. Internal audit may have primary responsibility for fraud investigations, may serve as a resource for the investigations, or may have no involvement at all in the investigations.

See pages 4.529 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

According to The Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing, the internal audit activity must evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding all of the following EXCEPT:

A. Sale of tangible and intangible assets
B. Compliance with laws, regulations, and contracts
C. Effectiveness and efficiency of operations
D. Reliability and integrity of financial and operational information

A

A. Sale of tangible and intangible assets

According to The Institute of Internal Auditors’ (IIA) Standard 2120.A1, the internal audit activity must evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding the:

  • ** Achievement of the organization’s strategic objectives
  • ** Reliability and integrity of financial and operational information
  • ** Effectiveness and efficiency of operations
  • ** Safeguarding of assets
  • ** Compliance with laws, regulations, and contracts

See pages 4.527 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

According to The Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing, due professional care implies infallibility.

True/False

A

False!

The Institute of Internal Auditors’ (IIA) Standard 1220 states that internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Standard 1220 also states, however, that due professional care does not imply infallibility.

See pages 4.526 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When determining the relevance of certain fraud risk factors within an entity, the auditor should consider:

A. The ownership of the entity
B. The complexity of the entity
C. The size of the entity
D. All of the above

A

D. All of the above
(A. The ownership of the entity
B. The complexity of the entity
C. The size of the entity)

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the entity’s size, complexity, and ownership characteristics have a significant influence on the consideration of relevant fraud risk factors. For example, in the case of a large entity, there might be factors that generally constrain improper conduct by management, such as:

  • ** Effective oversight by those charged with governance
  • ** An effective internal audit function
  • ** The existence and enforcement of a written code of conduct

See pages 4.511 in the Fraud Examiner’s Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The primary purpose of International Standard on Auditing (ISA) 240 is to:

A. Establish auditors as being primarily responsible for the prevention and detection of fraud within an organization
B. Establish requirements for auditors related to designing and implementing fraud-related internal controls
C. Establish standards and provide guidance on the auditor’s responsibility to consider fraud in an audit of financial
statements
D. All of the above

A

C. Establish standards and provide guidance on the auditor’s responsibility to consider fraud in an audit of financial
statements

The purpose of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, is to establish standards and provide guidance on the auditor’s responsibility to consider fraud in an audit of financial statements. ISA 240 also expands on how the standards and guidance in ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement, and ISA 330, The Auditor’s Responses to Assessed Risks, are to be applied in relation to the risks of material misstatement due to fraud. The standards and guidance in ISA 240 are intended to be integrated into the overall audit process.

See pages 4.502 in the Fraud Examiner’s Manual

17
Q

Government auditors’ requirements for reporting fraud may be subject to specific provisions of the audit mandate and can vary depending on the jurisdiction.

True/False

A

True!

In addition to the communications with management and those charged with governance required under International Standard on Auditing (ISA) 240, public-sector auditors may be required or may decide to communicate matters with other parties, such as the legislature. Furthermore, the requirements for reporting of fraud in the public sector may be subject to specific provisions of the audit mandate or related legislation or regulation (e.g., regulatory and enforcement authorities). In some environments, there may be a duty to refer indications of fraud to investigative bodies and even cooperate with such bodies to determine if fraud or abuse has occurred. In other environments, public-sector auditors may be obliged to report circumstances that may indicate the possibility of fraud or abuse to the competent jurisdictional body or to the appropriate part of the government or legislature, such as prosecutors, the police, and (if relevant to legislation) affected third parties. Consequently, public-sector auditors need to be familiar with applicable laws and regulations in regard to reporting, communication, and documentation of indications or suspicions of fraud. They should also take care to avoid interfering with potential investigations or legal proceedings and should consider the need to obtain legal advice in issues regarding indications of fraud.

See pages 4.542-4.543 in the Fraud Examiner’s Manual

18
Q

The internal audit function should wait until issues related to fraud arise before communicating with senior management or the board of directors about the topic.

True/False

A

False!

The Institute of Internal Auditors’ (IIA) Standard 2060, Reporting to Senior Management and the Board, notes that the head of an organization’s internal audit function—the chief audit executive (CAE)—must report periodically to senior management and the board of directors on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and on its conformance with the IIA’s Code of Ethics and its International Standards for the Professional Practice of Internal Auditing. Reporting must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and/or the board of directors.

In support of IIA Standard 2060, the IIA’s IPPF—Practice Guide: Internal Auditing and Fraud (the Practice Guide) recommends that CAEs have the required discussions about fraud with senior management and the board of directors before issues arise concerning what those parties need to know, when they need to know it, and how the communication should be made.

See pages 4.526, 4.530 in the Fraud Examiner’s Manual

19
Q

During an audit of a public-sector organization, a government auditor discovers evidence of potential fraud. To which of the following parties might the auditor be required to report this information?

A. Affected third parties
B. The relevant legislative body
C. Those charged with governance
D. All of the above

A

D. All of the above
(A. Affected third parties
B. The relevant legislative body
C. Those charged with governance)

In addition to the communications with management and those charged with governance required under International Standard on Auditing (ISA) 240, public-sector auditors may be required or may decide to communicate matters with other parties, such as the legislature. Furthermore, the requirements for reporting of fraud in the public sector may be subject to specific provisions of the audit mandate or related legislation or regulation (e.g., regulatory and enforcement authorities). In some environments, there may be a duty to refer indications of fraud to investigative bodies and even cooperate with such bodies to determine if fraud or abuse has occurred. In other environments, public-sector auditors may be obliged to report circumstances that may indicate the possibility of fraud or abuse to the competent jurisdictional body or to the appropriate part of the government or legislature, such as prosecutors, the police, and (if relevant to legislation) affected third parties. Consequently, public-sector auditors need to be familiar with applicable laws and regulations in regard to reporting, communication, and documentation of indications or suspicions of fraud. They should also take care to avoid interfering with potential investigations or legal proceedings and should consider the need to obtain legal advice in issues regarding indications of fraud.

See pages 4.542-4.543 in the Fraud Examiner’s Manual

20
Q

Which of the following might the internal audit function include in its communications with senior management and the board of directors about fraud?

A. Information about all fraud audits performed
B. How it coordinates fraud audit activity with external auditors
C. The role of internal audit in fraud investigations
D. All of the above

A

D. All of the above
(A. Information about all fraud audits performed
B. How it coordinates fraud audit activity with external auditors
C. The role of internal audit in fraud investigations)

The Institute of Internal Auditors’ (IIA) Standard 2060, Reporting to Senior Management and the Board, notes that the head of an organization’s internal audit function—the chief audit executive (CAE)—must report periodically to senior management and the board of directors on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and on its conformance with the IIA’s Code of Ethics and its International Standards for the Professional Practice of Internal Auditing. Reporting must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and/or the board of directors.

In support of IIA Standard 2060, the IIA’s IPPF—Practice Guide: Internal Auditing and Fraud (the Practice Guide) states that the head of the internal audit function (i.e., the CAE) may include the following in their communications with management and the board of directors:

  • ** All fraud audits performed
  • ** The fraud risk assessment process
  • ** Fraud or conflicts of interest
  • ** The results of monitoring programs concerning compliance with law, code of conduct, or code of ethics
  • ** The internal audit activity’s organizational structure as it pertains to addressing fraud
  • ** Coordination of fraud audit activity with external auditors
  • ** Overall assessment of the organization’s control environment
  • ** Productivity and budgetary measures of internal audit’s fraud activities
  • ** Benchmarking comparisons of internal audit’s fraud activities with other organizations
  • ** Role of internal audit in fraud investigations

See pages 4.526, 4.529-4.530 in the Fraud Examiner’s Manual

21
Q

An external auditor discovers a significant deficiency in an organization’s internal controls that could result in a material misstatement of the organization’s financial statements. Which of the following is FALSE regarding the auditor’s communication about these findings?

A. The communication should include a description of the deficiencies and an explanation of their potential effects.
B. The communication should note that the purpose of the audit was to express an opinion on the effectiveness of
the organization’s internal controls.
C. The communication should be provided to management and those charged with governance.
D. The communication should be made in writing.

A

B. The communication should note that the purpose of the audit was to express an opinion on the effectiveness of
the organization’s internal controls.

During the course of a financial statement audit, the external auditor might identify deficiencies in the organization’s internal controls that could result in a misstatement in the financial statements. International Standard on Auditing (ISA) 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management, provides guidance regarding the auditor’s responsibility to communicate such control deficiencies appropriately with management and those charged with governance.

According to ISA 265, the auditor is required to communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis. In the written communications regarding significant deficiencies in internal controls, the auditor must include:

** A description of the deficiencies and an explanation of their potential effects
** Sufficient information to enable those charged with governance and management to understand the context
of the communication, including explanations that the purpose of the audit was for the auditor to express
an opinion on the financial statements and that the audit included consideration of internal control
relevant to the preparation of the financial statements in order to design audit procedures that are
appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of
internal control.

See pages 4.516-4.518 in the Fraud Examiner’s Manual

22
Q

During an external audit of an organization’s financial statements, an auditor identifies a significant deficiency in the organization’s internal controls related to financial reporting. Which of the following is the auditor required to do with regard to this issue?

A. Communicate the findings in writing to those charged with governance.
B. Implement procedures to correct the underlying internal control deficiency.
C. Report the findings to the appropriate government authorities.
D. Document the findings and withdraw from the engagement.

A

A. Communicate the findings in writing to those charged with governance.

During the course of a financial statement audit, the external auditor might identify deficiencies in the organization’s internal controls that could result in a misstatement in the financial statements. International Standard on Auditing (ISA) 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management, provides guidance regarding the auditor’s responsibility to communicate such control deficiencies appropriately with management and those charged with governance.

According to ISA 265, if the auditor has identified one or more deficiencies in internal control, the auditor is required to:

** Determine, on the basis of the audit work performed, whether, individually or in combination, they constitute
significant deficiencies (i.e., a deficiency or combination of deficiencies in internal control that, in the
auditor’s professional judgment, is of sufficient importance to merit the attention of those charged with
governance).
** Communicate in writing significant deficiencies in internal control identified during the audit to those charged
with governance on a timely basis.
** Communicate to management at an appropriate level of responsibility on a timely basis, in writing, significant
deficiencies in internal control that the auditor has communicated or intends to communicate to those
charged with governance, unless it would be inappropriate to communicate directly to management in the
circumstances.
** Communicate to management at an appropriate level of responsibility on a timely basis other deficiencies in
internal control identified during the audit that have not been communicated to management by other
parties and that, in the auditor’s professional judgment, are of sufficient importance to merit
management’s attention.

See pages 4.516-4.517 in the Fraud Examiner’s Manual

23
Q

International Standard on Auditing (ISA) 240 delineates two types of frauds that are relevant for audit purposes: those that involve intentional fraudulent financial reporting and those that involve the misappropriation of company assets.

True/False

A

True!

Although fraud is a broad legal concept, for the purposes of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor is concerned with fraud that causes a material misstatement in the financial statements. Two types of intentional misstatements are relevant to the auditor: misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets. Although the auditor might suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has actually occurred.

See pages 4.502 in the Fraud Examiner’s Manual

24
Q

The risk of an auditor not detecting a material misstatement resulting from fraud is higher than the risk of an auditor not detecting a material misstatement resulting from error.

True/False

A

True!

The risk of an auditor not detecting a material misstatement resulting from fraud is higher than the risk of an auditor not detecting one resulting from error. This is because fraud might involve sophisticated and carefully organized schemes designed to conceal it, such as forgery, deliberate failure to record transactions, or intentional misrepresentations being made to the auditor.

See pages 4.505 in the Fraud Examiner’s Manual

25
Q

During an audit of a public-sector organization’s financial statements, a government auditor uncovers evidence of a potential fraud. The auditor’s requirements for reporting these findings are substantially the same as those for external auditors in the private sector.

True/False

A

False!

International Standard of Supreme Audit Institutions (ISSAI) 1240 provides supplementary guidance regarding the applicability of International Standard on Auditing (ISA) 240 to public-sector financial statement audits. This practice note states that ISA 240 is applicable to auditors of public-sector entities in their role as auditors of financial statements; however, the guidance also specifically notes that public-sector audits can involve additional requirements for communications about fraud-related matters. For example, public-sector auditors may be required or may decide to communicate matters with other parties, such as the legislature, in addition to those charged with governance. Furthermore, the requirements for reporting of fraud in the public sector may be subject to specific provisions of the audit mandate or related legislation or regulation (e.g., regulatory and enforcement authorities). In some environments, there may be a duty to refer indications of fraud to investigative bodies and even cooperate with such bodies to determine if fraud or abuse has occurred. In other environments, public-sector auditors may be obliged to report circumstances that may indicate the possibility of fraud or abuse to the competent jurisdictional body or to the appropriate part of the government or legislature, such as prosecutors, the police, and (if relevant to legislation) affected third parties.

See pages 4.542-4.543 in the Fraud Examiner’s Manual

26
Q

Internal auditing standards require the internal audit function, through the chief audit executive (CAE), to report periodically to senior management and the board of directors about the organization’s fraud risks.

True/False

A

True!

The Institute of Internal Auditors’ (IIA) Standard 2060, Reporting to Senior Management and the Board, notes that the head of an organization’s internal audit function—the chief audit executive (CAE)—must report periodically to senior management and the board of directors on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and on its conformance with the IIA’s Code of Ethics and its International Standards for the Professional Practice of Internal Auditing. Reporting must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and/or the board of directors.

See pages 4.526 in the Fraud Examiner’s Manual

27
Q

Which of the following is NOT an effective response for addressing the risk of material misstatement due to fraud during a financial statement audit?

A. Assigning specialists to assist regarding a particularly technical issue
B. Using differing sampling methods when collecting data for audit testing
C. Engaging in consistent auditing procedures each year
D. Implementing auditing procedures on an unannounced basis

A

C. Engaging in consistent auditing procedures each year

Although fraud is a broad legal concept, for the purposes of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor is concerned with fraud that causes a material misstatement in the financial statements. Under this standard, the auditor shall determine overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level. To do so, the auditor shall:

** Assign and supervise personnel, taking account of the knowledge, skill, and ability of the individuals to be
given significant engagement responsibilities and the auditor’s assessment of the risks of material
misstatement due to fraud for the engagement; this might include assigning additional individuals with
specialized skill and knowledge, such as forensic and IT specialists, or assigning more experienced
individuals to the engagement.
** Evaluate whether the selection and application of accounting policies by the entity, particularly those related
to subjective measurements and complex transactions, might be indicative of fraudulent financial
reporting resulting from management’s effort to manage earnings.
*** Incorporate an element of unpredictability in the selection of the nature, timing, and extent of audit
procedures.

See pages 4.502, 4.511-4.512 in the Fraud Examiner’s Manual

28
Q

The external auditor should perform which of the following procedures to obtain information to use in identifying the risks of material misstatement due to fraud?

A. Evaluate whether the information obtained from the risk assessment procedures indicates that fraud risk factors
are present
B. Make inquiries of management and others within the entity to determine whether they have knowledge of any
actual, suspected, or alleged fraud affecting the entity
C. Evaluate any unusual or unexpected relationships that have been identified in performing analytical procedures
D. All of the above

A

D. All of the above
(A. Evaluate whether the information obtained from the risk assessment procedures indicates that fraud risk
factors are present
B. Make inquiries of management and others within the entity to determine whether they have knowledge of
any actual, suspected, or alleged fraud affecting the entity
C. Evaluate any unusual or unexpected relationships that have been identified in performing analytical
procedures)

When performing risk assessment procedures and related activities to obtain an understanding of the entity and its environment, including the entity’s internal control, the auditor should perform the following procedures to obtain information for use in identifying the risks of material misstatement due to fraud:

** Make inquiries of management and others within the entity to determine whether they have knowledge of
any actual, suspected, or alleged fraud affecting the entity.
** Evaluate any unusual or unexpected relationships that have been identified in performing analytical
procedures.
** Evaluate whether the information obtained from the risk assessment procedures and related activities
indicates that one or more fraud risk factors are present.
** Consider whether any other information obtained by the auditor indicates risks of material misstatement due
to fraud.

See pages 4.508-4.510 in the Fraud Examiner’s Manual

29
Q

The risk of the auditor not detecting a material misstatement resulting from employee fraud is greater than the risk of the auditor not detecting a material misstatement resulting from management fraud.

True/False

A

False!

The risk of the auditor not detecting a material misstatement resulting from management fraud is greater than for employee fraud because management is frequently in a position to directly or indirectly manipulate accounting records, present fraudulent financial information, or override control procedures designed to prevent similar frauds by other employees.

See pages 4.506 in the Fraud Examiner’s Manual

30
Q

According to The Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing, the internal audit team must evaluate the potential for the occurrence of fraud, as well as the organization’s fraud risk management initiatives.

True/False

A

True!

According to The Institute of Internal Auditors’ (IIA) Standard 2120.A2, the internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.

See pages 4.527 in the Fraud Examiner’s Manual

31
Q

International Standard on Auditing (ISA) 240 requires auditors to discuss how management could perpetrate and conceal fraudulent financial reporting.

True/False

A

True!

International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, requires auditors to hold a discussion regarding the potential for material misstatements due to fraud. This discussion should cover:

  • ** How and where the entity’s financial statements might be susceptible to fraud
  • ** How management could perpetrate and conceal fraudulent financial reporting
  • ** How the entity’s assets could be misappropriated

See pages 4.508 in the Fraud Examiner’s Manual

32
Q

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if an external auditor suspects or identifies fraud involving management, it is the auditor’s responsibility to report these findings to those charged with governance of the organization.

True/False

A

True!

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if the auditor has identified or suspects fraud involving management, the auditor shall communicate these matters to those charged with governance, such as the audit committee of the board of directors, on a timely basis. The related discussion should cover the nature, timing, and extent of audit procedures necessary to complete the audit, as well as any other matters related to fraud that are, in the auditor’s judgment, relevant to their responsibilities.

See pages 4.515 in the Fraud Examiner’s Manual

33
Q

If an external auditor identifies an immaterial misstatement in the financial statements that they believe is the result of fraud, they should:

A. Reevaluate the assessment of risks of material misstatement due to fraud
B. Reconsider the reliability of evidence previously obtained
C. Assess the need to adjust the nature, timing, and extent of remaining audit procedures
D. All of the above

A

D. All of the above
(A. Reevaluate the assessment of risks of material misstatement due to fraud
B. Reconsider the reliability of evidence previously obtained
C. Assess the need to adjust the nature, timing, and extent of remaining audit procedures)

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if the auditor identifies a misstatement, whether material or not, and the auditor has reason to believe that it is or may be the result of fraud and that management (in particular, senior management) is involved, the auditor shall reevaluate the assessment of the risks of material misstatement due to fraud and its resulting impact on the nature, timing, and extent of audit procedures to respond to the assessed risks. The auditor shall also consider whether circumstances or conditions indicate possible collusion involving employees, management, or third parties when reconsidering the reliability of evidence previously obtained.

See pages 4.513 in the Fraud Examiner’s Manual

34
Q

Which of the following factors should auditors include in their discussion on the financial statements’ susceptibility to fraud, as required by International Standard on Auditing (ISA) 240?

A. How a company’s assets could be misappropriated
B. How and where the financial statements might be susceptible to fraud
C. Factors that indicate a culture that enables individuals to rationalize committing fraud
D. All of the above

A

D. All of the above
(A. How a company’s assets could be misappropriated
B. How and where the financial statements might be susceptible to fraud
C. Factors that indicate a culture that enables individuals to rationalize committing fraud)

International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, requires auditors to hold a discussion regarding the potential for material misstatements due to fraud. This discussion should cover:

  • ** How and where the entity’s financial statements might be susceptible to fraud
  • ** How management could perpetrate and conceal fraudulent financial reporting
  • ** How the entity’s assets could be misappropriated

This discussion should also include a consideration of known external and internal factors affecting the entity that might:

  • ** Create incentives or pressures for management and others to commit fraud.
  • ** Provide the opportunity for fraud to be perpetrated.
  • ** Indicate a culture or environment that enables management and others to rationalize committing fraud.

See pages 4.508 in the Fraud Examiner’s Manual

35
Q

With regard to fraud, government auditors have several considerations during a financial statement audit that their counterparts in the private sector do not. Which of the following is NOT one of these considerations?

A. An inability to withdraw from the audit engagement
B. A need to consider the concept of abuse
C. Narrower overall audit objectives
D. Additional communications about fraud-related matters

A

C. Narrower overall audit objectives

International Standard of Supreme Audit Institutions (ISSAI) 1240 provides supplementary guidance regarding the applicability of International Standard on Auditing (ISA) 240 to public-sector financial statement audits. This practice note states that ISA 240 is applicable to auditors of public-sector entities in their role as auditors of financial statements and includes the following application considerations specifically for public-sector audits:

** Broader audit objectives: The objectives of a financial audit in the public sector are often broader than
expressing an opinion as to whether the financial statements have been prepared, in all material respects,
in accordance with the applicable financial reporting framework (i.e., the scope of the financial statement
audits under the ISAs). The audit mandate arising from legislation, regulation, ministerial directives,
government policy requirements, or resolutions of the legislature may result in additional objectives.
These additional objectives may include audit and reporting responsibilities, for example, relating to
reporting whether the public-sector auditors found any instances of noncompliance with authorities,
including budgets and accountability frameworks and/or reporting on the effectiveness of internal control.
However, even where there are no such additional objectives, there may be general public expectations
for public-sector auditors to report any noncompliance with authorities detected during the audit or to
report on the effectiveness of internal control. These additional responsibilities and the related fraud risks
need to be considered by the public-sector auditor when planning and performing the audit.
** Consideration of the concept of abuse: In addition to fraud, public-sector auditors must remain alert
throughout the audit for occurrences of abuse. In this context, abuse involves behavior that is deficient or
improper when compared with behavior that a prudent person would consider reasonable and necessary
business practice given the facts and circumstances. Abuse also includes misuse of authority or position
for personal financial interests or those of an immediate or close family member or business associate.
Abuse does not necessarily involve fraud, violation of laws, regulations, or provisions of a contract or grant
agreement.
** Inability to withdraw from the engagement: Public-sector auditors do not normally have the option to
withdraw from an audit engagement. Therefore, public-sector auditors must consider the impact on the
audit opinion and any requirements for other forms of reporting, including whether it may be appropriate
to report separately to the legislature or to issue classified or restricted reports.
** Additional communications about fraud-related matters: Public-sector auditors may be required or may
decide to communicate matters with other parties, such as the legislature, in addition to those charged
with governance. Furthermore, the requirements for reporting of fraud in the public sector may be subject
to specific provisions of the audit mandate or related legislation or regulation (e.g., regulatory and
enforcement authorities). In some environments, there may be a duty to refer indications of fraud to
investigative bodies and even cooperate with such bodies to determine if fraud or abuse has occurred. In
other environments, public-sector auditors may be obliged to report circumstances that may indicate the
possibility of fraud or abuse to the competent jurisdictional body or to the appropriate part of the
government or legislature, such as prosecutors, the police, and (if relevant to legislation) affected third
parties.

See pages 4.540-4.543 in the Fraud Examiner’s Manual

CFE White Collar Crime and Corporate Governance (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions