Ch 4 Flashcards
Enterprise risk management (ERM)
Facilitate assessment and mitigation of business risks that
Entity faces
Management, boards and personnel have to assess what can go
Wrong with business and how to prevent it
Business risks
Risk that could adversely affect companies’ ability to achieve
Objectives and execute strategies
Inherent risk
In absence of internal controls
Risk frauds and errors can occur through information processing
And financial statements are misstated
Information risk
Probability that information distributed by entity will be materially
False and misleading
Control risk
Management builds in controls so errors and fraud are less likely
To occur,
but there is risk internal controls will fail to detect fraud or error
Audit risk
Risk of incorrect audit opinion when financial statements are
Materially misstated
8 elements of ERM (enterprise risk management framework)
1 internal environment 2 objective setting 3 event identification 4 risk assessment 5 risk response 6 control activities 7 information and communication 8 monitoring
ERM: internal environment define, what 4 items does it include?
Risk consciousness of organization
Includes organization’s risk management philosophy and risk
Appetite, ethical values, operating environment
ERM: Objective setting
Managements responsibility to determine goals and objectives of
Organization
ERM: event identification, define, examples
Identification of conditions and events that could adversely
Affect management’s objectives
Ex. Supplier problems, poor weather
ERM: risk assessment, define, example
Systematic process for estimating likelihood of adverse conditions
Occurring
Ex. Chance of Bad weather and financial damage it might cause
ERM: risk response
How organization will prevent of respond to adverse conditions
If they actually occur
ERM: control activities
Policies/procedures to ensure risk responses are appropriate
Given circumstances
ERM: information and communication
Link all components of ERM
Ex. Provide management with all info to minimize/eliminate risk
ERM: monitoring
Regular management and supervisory activities over risk
Management activities
to make sure they remain in place and operate smoothly
3 ways management can mitigate risk
1 avoid it
2 control it
3 share it
Fraud
Act of knowingly making material misrepresentation of fact
With intent of inducing someone to believe in falsehood and
Act on it, suffering a loss or damage
3 ways fraud and aggressive financial reporting occur
1 overstating revenues and assets
2 understating expenses and liabilities
3 giving disclosures that are misstated or omit important info
Fraud that affect financial info and causes financial statements to be materially misstated often arise from need to…
Get through difficult period
3 Examples of difficult periods where fraud occurs
1 cash shortage
2 increase in competition
3 cost overruns
Management fraud AKA fraudulent financial reporting
Deliberate fraud committed by management that injures investors
And creditors through materially misstated info
White collar crime
Fraud perpetrated by people who work in offices and steal
With pencil or computer
Not through violence
Employee fraud
Use of fraudulent means to misappropriate funds or other
Property from an employer
3 phases of employee fraud
1 fraudulent act
2 conversion of funds/property to fraudster’s use
3 coverup
Embezzlement
Type of fraud involving employees or non employees wrongfully
Misappropriating funds or property entrusted to their care
Often accompanied by false accounting entries and other
Forms of deception and coverup
Larceny
Simple theft
Stealing what hasn’t been entrusted to you
Defalcation
Another name for employee fraud, embezzlement or larceny
Misappropriation of assets
Errors
Unintentional misstatements or omissions of amounts or
Disclosures in financial statements
Significant account or disclosure
Account or disclosure that has reasonable possibility of
containing material misstatement regardless of effect of controls
Relevant assertions
Management assertions that have reasonable possibility of
Containing material misstatements without regard to effect of
Controls
Audit risk can be broken down into 3 parts
Risk of:
1 material misstatement occurs (inherent risk)
2 not prevented or detected by client internal controls (control risk)
3 not detected by auditors procedures (detection risk)
Inherent risk and control risk are combined into what kind of risk?
Risk of material misstatement
Risk of material misstatement (RMM)
Risk a material misstatement exists in financial statements before
Auditors apply their procedures
Inherent risk, text book definition
Probability that in absence of internal controls, material errors or
Frauds could enter accounting system used to develop financial
Statements
Susceptibility of account to misstatement
Detection risk
Probability that auditors procedures will fail to detect material
Misstatements that haven’t been prevented by client’s internal
Controls
Audit risk model (equation)
Audit risk (AR) = Inherent risk (IR) X Control Risk (CR) X Detection Risk (DR)
Inherent risk is high if…
Material misstatement is likely to enter the accounting info system
Control risk is high if…
Material misstatement is not likely to be detected by client’s
Internal controls
High detection risk means…
We can afford less effective testing
Low detection risk means we…
Need more effective testing
Impact of detection Risk Allowed: Lower detection risk allowed vs. Higher detection risk allowed: nature
Nature:
Lower detection risk allowed = more effective tests
Higher detection risks allowed = less effective tests
Impact of detection Risk Allowed: Lower detection risk allowed vs. Higher detection risk allowed: timing
Timing:
Lower detection risk = testing performed at year end
Higher detection risk = testing can be performed at interim
Impact of detection Risk Allowed: Lower detection risk allowed vs. Higher detection risk allowed: extent
Extent:
Lower detection risk allowed = more tests
Higher detection risk allowed = fewer tests
Susceptibility of accounts to misstatement or fraud: dollar size of account
The higher the account balance, the greater the chance of
Having errors or fraud in the account
Susceptibility of accounts to misstatement or fraud: liquidity
Example
The greater the accounts liquidity, the more susceptible the
account is to fraud
Ex. Cash is more susceptible to theft than a building
Liquidity define
Ability it be easily converted into cash
Susceptibility of accounts to misstatement or fraud: volume of transactions
The higher the volume if transactions, the higher the chance
Of error or fraud occurring in the transactions
Susceptibility of accounts to misstatement or fraud: complexity of transactions
Ex.
Very complex transactions have higher percentage of errors
Ex. Derivatives and hedging transactions
Susceptibility of accounts to misstatement or fraud: subjective measurements
Ex.
Subjective measurements have more fraud and error as subjective
(Estimating allowance for doubtful accounts Than objective measurements (counting petty cash)
Measurement is easier to manipulate
5 aspects auditors must understand about nature of company
1 company’s organizational structure and management personnel
2 sources of funding for operation and investment activities
3 company’s significant investments
4 company’s operating characteristics
5 sources of company’s earnings
Company’s organizational structure and management personnel
Whether company is centralized or decentralized
Company’s operating characteristics
Its size and complexity
Whether it operates internationally or has subsidiaries in
Diverse industries
Related parties
individuals and organizations that can influence or be influenced
By decisions of company
Possibly though family ties or investment relationships
Accounting estimates
Approximations of financial statement numbers, often included
In financial statements
Numerous fraud cases have involved manipulation of estimates
3 early information gathering activities of auditors
1 reviewing the corporate charter and bylaws or partnership
Agreement
2 reviewing contracts, agreements, legal proceedings
3 reading minutes if meetings of directors and committees
Of board of directors
Analytical procedures
Reasonableness tests where auditors compare their expectation
For each account balance with those recorded by management
5 steps auditors should perform when completing analytical procedures
1 develop an expectation 2 define a significant difference 3 compare expectation with recorded amount 4 investigate significant differences 5 document each of preceding steps
Define a significant difference
What percentage or dollar difference from you expectation is
Still considered reasonable
Horizontal analysis
Comparative financial statements and calculate year to year
Changes in balance sheet and income statement accounts
Vertical analysis
Calculate common size statements
where amounts are expressed As percentage of base (sales of
income statement, or total assets Of balance sheet)
Significant risks, ex
Risks that require special audit consideration
Because nature of risk or likelihood and potential magnitude of
Misstatement related to risk
Ex. Fraud risks
Extended procedures
Audit procedures used in response to heightened fraud awareness
As result of identification of significant risks
Fraud at the management level should be reported to who?
The audit committee
Audit committees
Composed of independent, outside members of board of directors
Not involved in company’s daily operations
Provide buffer between audit firm and managment
2 types of noncompliance dealt with by auditing standards
1 direct effect noncompliance
2 indirect effect noncompliance
Direct effect noncompliance
Violations of laws or government regulations by entity or its
Management or employees
That produce direct and material effects on dollar amounts
In financial statements
Indirect effect noncompliance
Violation of laws and regulations that doesn’t directly effect
Specific financial statement accounts or disclosures
Ex. Insider trading, OSHA violations, FDA regulations, environmental protection, equal employment
Private Securities Litigation Reform Act 1995: reporting obligations
If auditors believe a serious illegal act has occurred, they must
Inform company’s board, and board must inform SEC in 1 business
Day
If board doesn’t inform SEC, auditors should resign and give
SEC report in 1 business day
Audit strategy memorandum
Scope, timing and direction for auditing each relevant assertion
Based on results of audit risk model
