Joint IIA/ ISACA/ ACFE Spring Fraud Conference: Fraud & the External Auditor, and You
Meeting with you today Summer Taylor, Audit Managing Director Deloitte & Touche LLP, Orange County Summer is a CPA and business advisor. She provides auditing, financial reporting, accounting and consulting services to publicly traded and privately held companies. Her experience includes U.S. GAAP reporting and technical research, SEC reporting, public debt offerings, IPO's, PCAOB and AICPA standards, and private equity transactions. She is also an instructor for the CalCPA Education Foundation. Deloitte & Touche LLP Tel: (714) 436-7766 Cell: (714) 315-2040 Fax: (714) 885-8316 sumtaylor@deloitte.com www.deloitte.com 695 Town Center Drive, Suite 1200 Costa Mesa, California 92626 2
Agenda Fraud & the External Auditor, and You Auditors Responsibility Requirements of the auditing standards PCAOB standard changes The importance of professional skepticism Significant Accounting Scandals Management s Responsibility 3
Auditors Responsibility Member firms and DTTL: Insert appropriate copyright [To edit, click View > Slide Master > Slide Master] Presentation title [To edit, click View > Slide Master > Slide Master] 4
Auditors Responsibility AU Section 240 Consideration of Fraud in a Financial Statement Audit PCAOB AS 2401 Consideration of Fraud in a Financial Statement Audit An auditor conducting an audit in accordance with GAAS is responsible for obtaining reasonable assurance that the financial statements as a whole are free from material misstatement, whether caused by fraud or error. Identify and assess the risks of material misstatement of the financial statements due to fraud; Obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; and Respond appropriately to fraud or suspected fraud identified during the audit. 5
Auditors Responsibility AU Section 240 Consideration of Fraud in a Financial Statement Audit PCAOB AS 2401 Consideration of Fraud in a Financial Statement Audit Maintain professional skepticism Discussion Among the Engagement Team Risk Assessment Procedures and Related Activities Discussions With Management and Others Within the Entity, Those Charged With Governance Evaluate Unusual or Unexpected Relationships Identified Evaluation of Fraud Risk Factors Identification and Assessment of the Risks of Material Misstatement Due to Fraud Responses to the Assessed Risks of Material Misstatement Due to Fraud Audit Procedures Responsive to Assessed Risks of Material Misstatement Due to Fraud Unpredictability in the Selection of Audit Procedures 6
PCAOB Standard Changes PCAOB Auditing Standard No. 18 Related Parties and Other Amendments Significant Unusual Transactions Transactions with Executive Officers 7
What drove the changes? RPs, SUTs, and EO transactions/relationships: Contributing factors in numerous financial reporting frauds over the last several decades. Recent History Prominent corporate scandals served to undermine investor confidence; resulted in significant losses for investors and loss of many jobs. RP transactions specifically have been used to engage in fraudulent financial reporting and to conceal misappropriation of assets. 8
What drove the changes? Important to step back and identify areas where management may have incentive or opportunity to manipulate the financial statements. These areas may not have strong processes and controls in place at all entities. The Need to Identify Red Flags RP transactions and SUTs are ripe areas where manipulation could be at play. Apparent lack of business purpose or difficult substance over form questions; potential heightened risk of fraud. Understanding terms of executive compensation arrangements critical to understanding where top management may have incentive to manipulate accounts. 9
Key audit procedures required by AS18 Key Audit Procedures Required by AS 18 Performing risk assessment procedures to obtain an understanding of the company's relationships and transactions with its related parties: Obtaining an understanding of the company's process New or Expanded Requirement Expanded Expanded Performing inquiries of: o Management Expanded o Others within the company New o Audit committee or its chair New Communicating with the audit engagement team and other auditors Identifying and assessing risks of material misstatement Expanded Responding to the risks of material misstatement Expanded Evaluating whether the company has properly identified its related parties and relationships and transactions with related parties Expanded Evaluating financial statement accounting and disclosures Expanded Communications with the audit committee Expanded New 10
Key amendments related to significant unusual transactions: Key Audit Procedures Required by AS 12 and AU 316 AS 12: Required procedures to help auditors identify significant unusual transactions (e.g., make inquiries of management and others). AU Section 316: Requirement that when identifying significant unusual transactions, auditors take into account other work performed during the audit (e.g., information gathered with respect to related-party transactions). Basic required procedures for obtaining information for evaluating significant unusual transactions and more in-depth procedures designed to be scalable and commensurate with the facts and circumstances of the audit. New or Expanded Requirement New New New Evaluating the business purpose or lack thereof for significant unusual transactions, including whether it indicates that transactions may have been entered into to engage in fraud. Expanded Evaluating accounting matters relative to significant usual transactions in addition to evaluating disclosure requirements. New 11
Key amendments related to a company s financial relationships and transactions with its executive officers: Key Audit Procedures Required by AS 12 AS 12: Required audit procedures to obtain an understanding of the company's financial relationships and transactions with its executive officers. New or Expanded Requirement New 12
The importance of professional skepticism The inspection results indicate that the Firm, in certain instances, relied heavily on evidence that supported the issuer's conclusion, without sufficiently taking into account new or contrary evidence that was available to the Firm at the time of the audit. This tendency frequently contributed to the concerns noted in prior inspection reports related to a lack of professional skepticism and deficiencies in auditing estimates. Member firms and DTTL: Insert appropriate copyright [To edit, click View > Slide Master > Slide Master] Presentation title [To edit, click View > Slide Master > Slide Master] 13
The importance of professional skepticism Remarks at the AICPA Conference on Current SEC and PCAOB Developments Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence. 14
The importance of professional skepticism Remarks at the AICPA Conference on Current SEC and PCAOB Developments In exercising professional skepticism, the auditor should not be satisfied with less than persuasive evidence because of a belief that management is honest. I must respectfully disagree with the notion mentioned by a speaker yesterday that professional skepticism calls for a "trust but verify" approach. 15
The importance of professional skepticism Remarks at the AICPA Conference on Current SEC and PCAOB Developments Focus on extraordinary "audit quality", not extraordinary client service. When your auditor questions your assertions, he or she is not being difficult. They're just doing their job. 16
Worst Accounting Scandals of All Time 1. AIG 2. Bernie Madoff 3. Enron 4. Freddie Mac 5. Health South 6. Lehman Brothers 7. Tyco 8. Waste Management 9. WorldCom 10. Satyam 17
Management s Responsibility Member firms and DTTL: Insert appropriate copyright [To edit, click View > Slide Master > Slide Master] Presentation title [To edit, click View > Slide Master > Slide Master] 18
Management s Responsibility Preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework Design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error Provide the auditor with: access to all information of which management is aware that is relevant to the preparation and fair presentation of the financial statements, such as records, documentation, and other matters; additional information that the auditor may request from management for the purpose of the audit; and unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence. 19
Common scandal themes & how you can help! Common Fraud Possible Company Response Management Override Design effective controls over: - Journal entries - Tone at the top - Critical financial review Revenue Controls to consider - IT systems - Manual entries - Period end cutoff procedures Estimates - Challenge estimates - Incorporate higher level reviews - Evidence when the control has identified issues - Evaluate and consider bias Complex/Unusual Transactions Design controls specific to the new risk 20
Management s Responsibility Preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework Design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error Provide the auditor with: access to all information of which management is aware that is relevant to the preparation and fair presentation of the financial statements, such as records, documentation, and other matters; additional information that the auditor may request from management for the purpose of the audit; and unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence. 21
Questions? 22
Thank you! 23
About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.com/about for a detailed description of DTTL and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Member of Deloitte Touche Tohmatsu Limited Financial Instruments