PAS B.2.4 July 30, PAS-014(R)

Similar documents
DCAA MEMORANDUM FOR REGIONAL DIRECTORS COVER SHEET AUDIT GUIDANCE/AUDIT MANAGEMENT GUIDANCE MEMORANDUM NO. 13-PPS-016(R)

Master Document Audit Program. Activity Code Compliance Audit CAS 407 Version 5.19, dated December 2017 B-1 Planning Considerations

Auditing Standards and Practices Council

INTERNATIONAL STANDARD ON AUDITING 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT CONTENTS

Master Document Master Document. Version 8.13, dated December 2017 B-1 Planning Considerations

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

Consideration of Fraud in a Financial Statement Audit

INTERNATIONAL STANDARD ON AUDITING 580 WRITTEN REPRESENTATIONS CONTENTS

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Audit Evidence This section is effective for audits of financial statements for periods ending on or after December 15, 2012.

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

Report on Inspection of KPMG AG Wirtschaftspruefungsgesellschaft (Headquartered in Berlin, Federal Republic of Germany)

Auditing Standards and Practices Council

Report on. Issued by the. Public Company Accounting Oversight Board. June 16, 2016 THIS IS A PUBLIC VERSION OF A PCAOB INSPECTION REPORT

International Standard on Auditing (Ireland) 500 Audit Evidence

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS

PART 6 - INTERNAL CONTROL

CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a. AUDITING THEORY Risk Assessment and Response to Assessed Risks

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

Material Transfers and Material Management and Accounting System (MMAS) Next Slide

Report on Inspection of KAP Purwantono, Sungkoro & Surja (Headquartered in Jakarta, Republic of Indonesia)

INTERNATIONAL STANDARD ON AUDITING 620 USING THE WORK OF AN AUDITOR S EXPERT CONTENTS

Internal Controls: Need Them, Have Them, Love Them

International Standard on Auditing (Ireland) 402 Audit Considerations Relating to an Entity using a Service Organisation

Scope of this SA Effective Date Objective Definitions Sufficient Appropriate Audit Evidence... 6

Using the Work of an Auditor s Specialist

Statement on February 2014 Auditing Standards 128. Using the Work of Internal Auditors

SA 230 Audit Documentation SA 300 Planning an Audit of FS

FRAUD RISK FACTORS CHECKLIST (Source: New AU Section 240, Appendix A)

SRI LANKA AUDITING STANDARD 600 SPECIAL CONSIDERATIONS AUDITS OF GROUP FINANCIAL STATEMENTS (INCLUDING THE WORK OF COMPONENT AUDITORS) CONTENTS

Evaluating Internal Controls

IAASB Main Agenda (December 2009) Agenda Item. Engagements to Compile Financial Information Issues and IAASB Task Force Proposals I.

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)

Audit Training-of-Trainers Workshop, November 2014, Vienna Components of internal control within organization

AGS 10. Joint Audits AUDIT GUIDANCE STATEMENT

STATEMENT OF AUDITING STANDARDS 500 AUDIT EVIDENCE

Report on Inspection of PricewaterhouseCoopers Audit (Headquartered in Neuilly-Sur-Seine, French Republic)

July 30, (1) CHAPTER 5. Table of Contents

Planning an Audit 259

The Auditor s Responses to Assessed Risks

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

Post-Conference Auditing and Investigating Fraud Seminar

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

International Standard on Auditing (UK) 620 (Revised June 2016)

AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young. Lessons on Audit Risk. Responding to fraud risk

SRI LANKA AUDITING STANDARD 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

Report on Inspection of KPMG Auditores Consultores Ltda. (Headquartered in Santiago, Republic of Chile)

Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures

Report on Inspection of Deloitte & Associes (Headquartered in Neuilly-sur-Seine, French Republic) Public Company Accounting Oversight Board

and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

ASB Meeting January 12-15, 2015

The Board of Directors of the Wirtschaftsprüferkammer: Consideration on the Proportionate (Scaled) Performance of an Audit on the Basis of the ISA

INSTRUCTION ON METHODOLOGY ON PERFORMING FINANCIAL AUDIT AND REGULARITY AUDIT ( Official Gazette of MN, no. 07/15 from 17 th February 2015)

FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING

[RELEASE NOS ; ; FR-77; File No. S ]

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

SAS Teleconference

Chapter 3. Audit Planning

Master Document Master Document. Version 4.28, dated December 2017 B-1 Planning Considerations

SRI LANKA AUDITING STANDARD 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

Auditing Standard for Islamic Financial Institutions No. 6

Improper Billing of Costs on Progress Payments 1

Analytical Procedures

Professional Competence for Engagement Partners Responsible for Audits of Financial Statements (Revised)

PHILIPPINE STANDARD ON AUDITING 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

Audit Documentation. HKSA 230 Issued February Effective for audits of financial information for periods beginning on or after 15 June 2006

Auditing Standard 16

Report on Inspection of K. R. Margetson Ltd. (Headquartered in Vancouver, Canada) Public Company Accounting Oversight Board

May 3, To the Jail Board Members and Management Western Tidewater Regional Jail Authority 2402 Godwin Blvd Suffolk, Virginia 23434

MODULE 2: Engagement Planning (11% 17%)

IAASB Main Agenda (December 2011) Agenda Item

Annual Assessment of the External Auditor

2016 INSPECTION OF BHARAT PARIKH & ASSOCIATES CHARTERED ACCOUNTANTS. Preface

Chapter 7 Internal Controls

Auditor Objectivity and Skepticism What s Next?

Report on Inspection of Deloitte, S.L. (Headquartered in Madrid, Kingdom of Spain) Public Company Accounting Oversight Board

Defective Pricing- Material Pricing Deficiencies. Next Slide

Master Document. Version 2.6, dated November 2017 B-1 Planning Considerations

Dena Jansen, CPA Partner Maxwell Locke & Ritter LLP

Compilation Engagements

AUDITING (PI) & AUDIT PRACTICE (P2) EXAMS ARTICLE

Planning an Audit of Financial Statements

) ) ) ) ) ) ) ) ) ) ) )

Internal Audit Appendix: IIA Standards

Joint IIA/ ISACA/ ACFE Spring Fraud Conference: Fraud & the External Auditor, and You

Repetitive Bidding of Duplicative Material Costs. Next Slide

INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 500

EFFICIENT USE OF AUDIT COMMITTEES

Terms of Engagement 105. Source: SAS No Effective for audits of financial statements for periods ending on or after December 15, 2012.

Reporting on an Examination of Controls at a Service Organization Relevant to User Entities Internal Control Over Financial Reporting

Ethics Decision Tree. For CPAs in Government

AUSTRALIAN GAAS 2007 AUDITING STANDARDS CHECKLISTS

Pre-Engagement Activities and Audit Planning By: Tariq Mahmood FCA, ACMA

Basel Committee on Banking Supervision. Consultative Document. External audits of banks. Issued for comment by 21 June 2013

A Firm s System of Quality Control

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

3. STRUCTURING ASSURANCE ENGAGEMENTS

REPORT WRITING & INDEPENDENT REVIEW

Transcription:

DEFENSE CONTRACT AUDIT AGENCY DEPARTMENT OF DEFENSE 8725 JOHN J. KINGMAN ROAD, SUITE 2135 FORT BELVOIR, VA 22060-6219 IN REPLY REFER TO July 30, 2013 MEMORANDUM FOR REGIONAL DIRECTORS, DCAA DIRECTOR, FIELD DETACHMENT, DCAA HEADS OF PRINCIPAL STAFF ELEMENTS, HQ, DCAA SUMMARY The purpose of this guidance is to discuss the requirements for the audit team to design examination engagements that detect instances of fraud and noncompliances with provisions of laws, regulations, contracts, and grant agreements that may have a material effect on the subject matter. BACKGROUND CAM 4-702 provides guidance on the audit team responsibilities for detecting and reporting fraud. Policy supplemented this guidance last year by incorporating into working paper B-01 an audit step to hold a team-planning meeting to discuss the risk of fraud and other noncompliances with applicable laws and regulations that could have a material effect on the audit. In addition, DCAA delivered risk assessment training as part of the February/March 2013 FAO Assistant for Quality (FAQ) Workshops. The FAQ training illustrated how auditors integrate fraud risk into the application of the Audit Risk Model to achieve a focused and efficient approach to audit planning decisions. This MRD expands on these efforts and provides a comprehensive approach to detecting and responding to the risk of fraud. GUIDANCE INFORMATION-GATHERING PROCEDURES The audit team should perform information-gathering procedures to gain an understanding about the contractor and its environment. These procedures include management inquiries, analytical procedures, audit team discussion(s), and understanding the relevant internal controls that address the identified fraud risks factors. The understanding gained from these procedures assist auditors in identifying risks and design audit procedures to detect material noncompliances due to error or fraud.

Management Inquiries Management inquiries are very important for effective audit planning because fraud is often uncovered through information received in response to inquiries. Inquiries provide contractor employees with opportunities to convey information to the audit team that the employee otherwise might not communicate. This is why access to contractor employees responsible for the day-to-day management or accomplishment of major accounting/estimating functions is so important. The audit team should make the following inquiries of contractor management responsible for the subject matter under audit: Whether management has knowledge of any fraud or suspected fraud affecting the subject matter under audit; Whether management is aware of allegations of fraud or suspected fraud affecting the subject matter under audit, for example, received in communications from employees, former employees, regulators, or others; Management s understanding about the risks of fraud relevant to the subject matter under audit, including any specific fraud risks the contractor has identified or account balances or classes of transactions for which a risk of fraud may be likely to exist. The audit team should make these inquiries in every audit. The audit team should use information obtained at annual planning meetings about the contractor s programs and controls that mitigate fraud risk in order to facilitate additional inquiries related to the subject matter under audit. When possible, the audit team should conduct inquiries as part of face-to-face discussions. This provides auditors with an opportunity to measure responses, ask follow-up questions, and identify other employees that can corroborate responses. If there are instances of inconsistent information, the audit team should obtain additional audit evidence to resolve the inconsistencies. The audit team should use professional judgment to determine if there are other contractor employees that may have additional knowledge or be able to corroborate fraud risks identified in the discussions with management and make inquires accordingly (e.g., operating personnel not directly involved in the financial reporting process or employees involved in initiating, recording or processing complex or unusual transactions). Analytical Procedures Analytical procedures, combined with the audit team s understanding of the contractor and its environment, serve as a basis for additional inquiries and effective audit planning. Analytical procedures are defined as the evaluation of financial information through analysis of plausible relationships among financial and nonfinancial data. The underlying premise of utilizing analytical procedures is that plausible relationships among data should exist in the absence of known conditions to the contrary. 2

Analytical procedures used in planning audits should focus on enhancing the audit team s understanding of the contractor and its environment and identifying areas that may represent specific risks relevant to the audit. The objective of the procedures is to identify such things as the existence of unusual transactions and events, and amounts, ratios and trends that might indicate matters that have audit planning ramifications. When the results of analytical procedures differ from expectations, auditors should resolve the differences through further inquiries. While the differences in expectations may not necessarily indicate the existence of fraud, the audit team should be aware that some differences could represent a fraud risk factor and they should respond accordingly. When planning the audit, analytical procedures may simply be reviewing changes in account balances from the prior year to the current year or they may be more complex by comparing production schedules to financial representations. The audit team should use professional judgment to determine which analytical procedures are appropriate based on their understanding of the risks of material noncompliances and their knowledge of the subject matter and compliance requirements. Audit Team Discussion Prior to or in conjunction with the information gathering procedures, members of the audit team (at a minimum the auditor and the supervisor) should discuss the potential for material noncompliances due to error or fraud. The discussion should include an exchange of ideas or brainstorming among the audit team members about how and where they believe the subject matter under audit might be susceptible to material noncompliances due to error or fraud and how management could perpetrate and conceal fraud. Because of the characteristics of fraud, auditors should maintain an objective level of professional skepticism when considering the risk of material noncompliance due to fraud. The audit team discussions should include consideration of relevant prior audit experience (e.g., questioned cost, relevant reported estimating or accounting system deficiencies, audit leads) and relevant aspects of the contractor s environment. This includes discussion of the relevant fraud risk factors, other known risk factors, and the audit team understanding of relevant internal controls. The audit team should document how and when the discussion(s) occurred, the team members who participated, the subject matter discussed, and the outcome. A number of factors will influence the extent of the discussion. For example, if the audit involves more than one location, there could be multiple discussions with team members in differing locations. Another factor to consider in planning the discussions is whether to include specialists assigned to the audit team. For example, if the auditor determines that the team needs a professional possessing information technology skills, he or she may want to include that individual in the discussion. 3

FRAUD RISK FACTORS The audit team should be familiar with the fraud risk factors 1. The risk factors cover a broad range of situations, therefore, not all of these examples are relevant in all circumstances, and some may be of greater or lesser significance in entities of different sizes or with different ownership characteristics or circumstances. In addition, certain characteristics or circumstances provide opportunities to carry out fraud. The auditing standards and the DoDIG Handbook of Fraud Indicators identifies weaknesses in internal controls as fraud risk factors and in some cases uses weak internal controls in the fraud risk scenarios. Some examples are lack of segregation of duties, inadequate monitoring by management for compliance with policies, laws and regulations, and lack of asset accountability or safeguarding procedures. The audit team should be aware of these fraud risk factors when obtaining their understanding of relevant internal controls and respond accordingly. However, while these factors may be present in many small contractors, an opportunity to carry out fraud does not necessarily indicate the existence of fraud. The audit team also should keep in mind that the levels of internal controls for smaller contractors are likely to be less formal and less structured. It is important to note that we are not auditing to the fraud risk factors. They are not the objectives of the audit. The audit team gains an understanding of the contractor and its environment though the information gathering procedures. From this understanding, and an awareness of what the risk factors are, auditors should be reasonably sure they would detect materially relevant fraud risk factors. The audit team should document on Working Paper B all fraud risk factors identified during the performance of the audit. For each identified factor, auditors should reference the working paper that specifically addresses their response and the result of that response. If auditors identify no risk factors, they also should document this on Working Paper B. RESPONDING TO FRAUD RISK FACTORS The audit team should respond to the presence of fraud risk factors by designing audit procedures that (i) impact the overall conduct of the audit; (ii) modify the nature, timing and extent of the audit procedures; and/or (iii) address the risk of management override of controls. Responses that affect or influence the overall conduct of the audit generally relate to the assignment of personnel and supervision, predictability of auditing procedures, etc. For example, a supervisor generally should not assign a trainee to an audit when there were suspicions of fraud without the support of a more experienced audit team member or technical specialist. 1 You can find fraud risk factors in the DoDIG Handbook of Fraud Indicators and the examples of Indicators of Fraud Risk in the GAGAS Appendix Section A.10. In addition, AT 601.33 requires auditors to consider the risk factors identified in AU-C 240.A75 (Appendix A). 4

The second type of response modifies the nature, timing or extent of the audit procedures from that which the audit team would normally perform. That is, specifically documenting the response to fraud risk indicators by stating how the normal audit procedures changed in some way to address the risk of fraud. The audit team should use professional judgment to determine which modifications are necessary to address the risk of fraud by designing additional or different auditing procedures to obtain more reliable evidence or additional corroboration of management s explanations or representations (e.g., third-party confirmation, analytical procedures, examination of documentation from independent sources, or inquiries of others within or outside the entity). Management has the unique ability to perpetrate fraud by overriding controls that otherwise may appear to be operating effectively. Responses that address the risk of management override of controls generally relate to examining journal entries and other adjustments for evidence of possible material misstatement due to fraud, reviewing evidence of arbitrarily managing contracts to budgets, and evaluating the rationale for significant accounting and organizational changes. CLOSING REMARKS The guidance set forth in this MRD suggests a sequential audit process. Auditing standards do prescribe an integrated process for addressing audit risk. The Audit Risk Model (inherent (including fraud) risk, control risk and detection risk) illustrates this process. However, auditing, in fact, involves a continuous process of gathering, updating, and analyzing information throughout the audit. As a result, the audit team may implement the sequence of the guidance differently to fit the audit engagement at hand. FAO personnel should direct questions regarding this memorandum to their regional offices and regional personnel should direct any questions to Auditing Standards Division at (703) 767-3274 or e-mail DCAA-PAS@dcaa.mil. DISTRIBUTION: E /Signed/ Donald J. McKenzie Assistant Director Policy and Plans 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback