Audit is the inspection and verification of the accuracy of financial records and statements. Private businesses and all levels of government conduct internal audits of accounting records and procedures. Internal audits are conducted by a company’s own personnel to uncover bookkeeping errors and also to check the honesty of employees. In large companies, internal auditing is an ongoing procedure. A company that trades stock on a registered stock exchange or is preparing to issue new shares of stock must submit to an external audit. These companies are known as publicly traded companies. An external audit is used to give the public a true statement of a company’s financial position. It is made at least once a year by public accountants who are not regular employees of the company. The auditors make sure that the company has followed proper accounting procedures in its financial records and statements. They compare the current financial statements with those of the previous year to determine whether the statements are calculated consistently. If they are not, they present a distorted picture of the company’s financial position. The auditors also inspect real estate, buildings, and other assets to see if their value is overstated. Debts and other liabilities are checked to see if they have been understated ( 1999).
Financial auditing practice has a much longer history than many of the other developments that can be considered and the large firms of accountants, in which many financial auditors work have become influential advisory institutions throughout the world. Thus financial auditing has provided the model which has influenced the design of auditing practice in many other fields. Although environmental, medical, or value for money audits are conceived as distinct from financial auditing, the latter continues to exert its normative influence as a centre of gravity for debate and discussion. And it is in the context of financial auditing that the dependency of acts of verification on judgment and negotiation is most apparent. The power of the financial auditing model lies in its benchmarking potential for other audit practices. In part this potential is realized indirectly through the work of accountant advisors, for whom the financial auditing model is a fundamental component of their expertise and whose advice in areas of control is shaped by it. But the influence can also be direct as entities such as hospital trusts, privatized industries, charities, and many other organizations become subject to an intensification of financial control and reporting requirements. This is an expanding domain, not just of neutral checking but also of judgment and of an evaluation of the fundamental purposes of organizations. Paradoxically, given the influential role of the financial auditing model suggested above, its status as a practice is unclear. What do audits produce and how are they effective? (2002).
Financial auditing is subject to expectations and demands which are, justifiably or otherwise, often disappointed. Nevertheless, the official procedural knowledge base of auditing has evolved in response to scandals and corporate failures in such a way that the essential puzzle of what audits produces their effectiveness remains hidden from view as an article of faith. Finally despite, and probably because of, this puzzle it is argued that financial auditing maintains itself as an institutionally credible system of knowledge. Notwithstanding crisis and scandal it satisfies the aspirations and demands of a variety of regulatory programs. Particular audits may fail but the system as such cannot. The possibility of effective auditing is necessarily presupposed by regulatory intentions. Traditionally, auditing has applied itself to the domain of finance, but organizations are increasingly finding value from internal audits that monitor other aspects of their activity. Environmental and social audits, for example, have been championed by firms in response to the ethical concerns of both shareholders and the public in relation to the company's impact upon the locality. Financial auditing is growing in importance too, partly in response to recent major scandals such as the collapse of banks, and also in order to monitor the increasingly complex demands being made upon accountants ( 2002).
However, auditing remains something of a mystery to those outside of the profession, and has become more specialized as accounting has become more sophisticated. For example, while best practice has evolved certain tools for analytical review or establishing audit trails, an element of subjective judgment remains as auditors decide what evidence to include. Further, rules of thumb can never be ruled out. Audit risk has developed as an issue too, as the models for reducing the probability of mistakes being made on sampling, for example, become more subtle. In countries such as Canada these have changed dramatically. Here, a Bayesian approach was introduced in 1980. Auditors recognize the limitations of their science. They are not held responsible for detecting fraud, for example. Auditing provides a degree of assurance, but not insurance, as to the financial position of the firm ( 2002).
Differences in auditing practices
Readers of financial statements of foreign companies audited by major international accounting firms assume a uniformly high quality of information. International differences in audit objectives, standards and practice, however, result in varying levels of audit assurance. Financial statement users and accountants whose clients demand expertise in all phases of financial accounting and reporting matters whether domestic and international need to be aware of these differences. The development of audit standards and practice in different countries is influenced by numerous factors including the nature of financing, the size and complexity of businesses and capital markets, tax laws and the legal environment. In the United States and the United Kingdom, many owners provide much of the financing for public companies, and capital markets are large and sophisticated (1996). As a result, shareholders' needs significantly influence financial statements and independent audits, and private-sector bodies have a strong impact on both accounting and audit standard setting. In Germany, a small number of large banks and pension funds traditionally supply most business capital, and ownership and voting rights generally are concentrated. One result is less demand for independent audits and for a sophisticated, investor-oriented financial reporting system. Another is that the German accounting profession has less influence in establishing accounting standards which are set primarily by commercial laws. However, as in the United States and the United Kingdom, the accounting profession has played an important role in developing audit standards. International differences in business, legal and cultural environments also have led to varying audit objectives. Consistent with a strong investor orientation, the audit objective in the United States is to express an opinion on whether the financial statements present fairly, in all material respects, financial position, results of operations and cash flows in conformity with generally accepted accounting principles. The strong presumption is that to present fairly, financial statements must conform to generally accepted accounting principles (GAAP). Departures are permitted only in rare instances (1996).
Like the United States, the United Kingdom has investor-oriented public regulation, a strong audit tradition and a large, well-established accounting profession. However, in contrast to the United States, where audit standard setting is highly concentrated in the private sector, it is United Kingdom company law in addition to the private sector that influences audit practice. Thus, although the audit's overriding objective is formation of an opinion on whether the financial statements give a true and fair view, the U.K. auditor also expresses an opinion on whether the financial statements have been properly prepared in accordance with the Companies Acts. In Germany, lenders and institutional owners have direct access to company information, reducing the need for detailed financial reports and auditing standards designed to protect a widely dispersed shareholder and creditor base. Thus, until recently, the sole audit objective in Germany was to judge whether the accounting records, financial statements and management report complied with laws and regulations. In 1987, the true and fair view concept became part of German accounting requirements as a consequence of incorporating the European Union's fourth directive on individual company accounts into company law. The directive's overriding requirement is that financial statements give a true and fair view of a company's financial position and the results of operations, making both compliance with company law and conformance with a true and fair view audit objectives in Germany (1996).
Germany generally has the most rigorous education and practice requirements for becoming certified as a public accountant. German audit managers tend to be involved with clients over a number of years; German managements generally consider the service they receive of low quality if audit staff changes from year to year. German auditors have lower legal exposure than their U.S. counterparts, since liability for negligence damages in statutory audits is capped and contractual limitations normally exist in all other audit services. However, auditors' legal risk in Germany appears to be growing as evidenced by an increase in publicized audit failures (1996). The six largest U.S. accounting firms are all market leaders in the United Kingdom and Germany. However, fee income, growth rates and the relative importance of audit, tax and management consulting services vary. For example, 1993 to 1994 total fee income for the six firms in the United States ($13.3 billion) is much greater than in the United Kingdom ($3.8 billion) and Germany ($2.2 billion). The average annual growth rates of these firms' fees in the United States (9.3%) and Germany (8.5%) are substantially greater than in the United Kingdom (3%). Audit fees are relatively more important to firms in Germany, where they average 60% of total fee income in contrast to 49% in the United States and 41% in United Kingdom ( 1996).
Although auditing standards address similar topics in the three countries, their content, level of detail and application in practice vary considerably. U.S. audit standards are highly specific and comprehensive. German standards are briefly stated and function at a much more general level. U.K. audit standard setters promote principles rather than rules; U.K. standards are much more extensive than German standards, but they are less so than U.S. standards. As a result of the close relationships between corporate managers and their external accountants in Germany, several audit practices differ considerably from those in the United States and the United Kingdom. For example, German managers might consider it inappropriate for auditors to question managements' oral statements. German auditors also are more hesitant to accept responsibility for detecting irregularities than their U.S. or U.K. counterparts (1996).
Numerous other differences exist. Some argue they will lead to different levels of audit assurance, in spite of unified audit approaches and programs of international auditing firms. For example, in Germany, relatively few related party disclosures are required in the financial statements and audit reports. The United Kingdom requires disclosure of related party transactions in the annual report and recently issued standards on auditing them. U.S. GAAP also requires financial statements to disclose material related party transactions other than compensation arrangements or similar items in the ordinary course of business, and U.S. generally accepted auditing standards include detailed guidance on procedures auditors should consider to identify related party relationships and transactions. Securities regulations also lead to international differences in audit assurance levels. In the United States, the Securities and Exchange Commission considers conformance with GAAP and Generally accepted auditing standard (GAAS) to be so important that financial statements of listed companies can't have audit reports qualified for scope limitations or nonconformity with GAAP. The German and U.K. stock exchanges do not have similar restrictions. However, the London Stock Exchange subjects’ new applicants that have had a qualified audit opinion in the previous three years to additional requirements ( 1996).
There are philosophic differences in auditing between the United Kingdom and the United States. In the United States, auditors are oriented to the shareholder much as they were intended to be in the United Kingdom's Companies Acts. In the United Kingdom, the nature of who the auditor is reporting to has changed with the years. The auditor's function has come to be seen as an extension of the Inland Revenue, the tax collecting authority in the United Kingdom. Chartered accountants are more proactive on behalf of the tax authority in the United Kingdom than in the United States. Indeed, the auditor in the United Kingdom submits his or her report to both the Inland Revenue and the shareholders, whereas in the United States, the report is made to the shareholders only. Another difference between the United Kingdom and the United States is that the Companies Acts apply to all corporations, public or private. One other difference between financial reports in the United States and in the United Kingdom is that the latter has, for a relatively long time, commented on the social responsibility aspects of a company's activities (1993). Accounting statements and auditors' reports in the United States have made little mention of the impact of the company on society. In recent years, there has been a growing practice for U.S. companies to be more proactive in making such statements. Another area of potential confusion between U.K. and U.S. accounting practices is in language. The U.K. term ordinary shares is the same as common shares in the United States. The U.K. term stocks means inventories in the U.S. Own shares in the United Kingdom means treasury stock in the United States. Debtors versus receivables, provision for bad debt versus reserve for doubtful accounts, and taken to reserves versus included in equity are other differences in terminology between the United Kingdom and the United States. This matter of differences in terminology becomes bothersome for non-English speaking companies that desire to issue an English version of their annual reports. Usually, the purpose of the English version is in preparation for raising funds in the London and/or New York capital markets, or to attract American or English investors. The simple decision to translate a company's financial statements into English is complicated by which form of English is more suitable for presentation purposes (1993).
Australia has historically been heavily influenced by British accounting practices. The Companies Act of 1961 contains the concept of the accountability of directors to shareholders, including the stipulation that annual accounts and audits of financial statements must be true and fair. In Australia, the courts frequently decide on what is to be construed as true and fair in accounting practices, not the professional accounting societies. Accountants are represented by either the Australian Society of Certified Public Accountants (CPAS) with over 60,000 members, or the Institute of Chartered Accountants with nearly 22,000 members. These organizations compete for both membership and influence, which complicates the process of arriving at generally accepted accounting principles. These are established by the Australian Accounting Research Foundation, which is jointly sponsored by the two professional accounting organizations. Recent decisions have more or less mirrored changes in accounting practices taking place in the United States, which is why Australian accounting is a mix of U.K. and U.S. accounting practices. Australian annual reports contain a section on social responsibility and Australian companies also publish annual reports for their employees (1993). The Australian Society of CPAs and the Institute of Chartered Accountants jointly approve academic programs of study that will qualify an applicant for eventual professional recognition. To become a CPA in Australia, a trainee must have an undergraduate degree with a major in accounting and three years of experience under the supervision of a CPA or chartered accountant, or five years unsupervised experience in accounting or finance. A trainee must also complete course work designed by the Australian Society of CPAs in auditing, external reporting, insolvency and reconstruction, management accounting, taxation, and treasury, each with its own examination. The total program for becoming a CPA must be completed within five years of enrollment. If not completed within this time, the trainee must re-enroll starting from the beginning (1993).
Canada is a member of the Commonwealth of Nations and its companies are organized under legislation similar to the Companies Acts of Britain. However, corporate legislation emanates from dual levels of government: federal and provincial. Similar to a choice of English or French as an official language, a company has a choice as to which provincial or federal corporate law applies when the company is first incorporated. A company actually has a choice of thirteen sets of law that includes federal law, or the applicable law in ten provinces and two territories. The choice depends on a number of factors including the scope of operations, nature of the business, disclosure and reporting requirements, the structure of the shareholdings, and the residences of the directors. The Canadian Institute of Chartered Accountants is an umbrella organization governed by representatives of the provincial organizations. The provincial organizations have delegated to the national organization the setting of accounting and auditing standards for the nation. The Canadian Institute of Chartered Accountants speaks for the accounting profession on national issues and settles issues between the provincial organizations. Its declarations are given statutory recognition, that is, are legally binding. The nature of financial statement reporting and auditing requirements differ among corporations; depending on which of the thirteen sets of legislation apply. Although this sounds confusing, there is apparently little difficulty in the preparation of financial statements. Only certified members of the Canadian Institute of Chartered Accountants can conduct audits ( 1993).
There are other organizations such as the Certified General Accountants Association and the Society of Management Accountants, whose members generally fill industrial or government accounting positions. As one might expect, accounting standards issued by the Canadian Institute of Chartered Accountants are influenced by what occurs south of the border. However, the accounting systems in the United States and Canada are not exact replicas of each another. In Canada, audited statements are required only for large publicly traded companies, whereas in the United States, all publicly traded companies must be audited ( 1993).
France is a nation of many small companies. Accounting practices are uniform throughout the country. The Plan Comptable is essentially a national cookbook for accounting, with detailed instructions on such matters as valuation methods and procedures, disclosure rules, and the standard forms to be used by accountants. This follows, conceptually, the French practice of codifying its laws. In France, tax laws have precedence over the concept of a true and fair presentation of financial results. In fact, financial reports are usually the tax returns for a company. Yet, as has already been discussed, there are frequently major differences between book and tax returns in the portrayal of the financial results of a company (1993).
Japanese accounting practices originate from two sources. Prior to World War II, the major influence was the German Commercial Code of 1889. Following World War II, the U.S. inspired Securities and Exchange Law became the foundation of how Japanese companies were to report financial results to their shareholders. Both German and American influences can be seen in current Japanese accounting practices. The German influence is seen in the control exerted over accounting practices by government ministries, the lack of public availability of private companies' accounts, uniform formats for published accounts, dominance of tax rules in determining income, and the establishment of legal reserves. There is more emphasis on the form, or layout, of accounts than substance, or depth of meaning, in portraying the financial results of a company. When form over substance prevails, the true and fair view suffers (1993). The Netherlands is a small nation whose commerce is largely intertwined with that of its neighboring states. Accounting principles are closely related to those practiced in the United Kingdom. Dutch accounting principles require that annual financial statements show a true and fair picture of the financial position of the company with all items appropriately grouped and described. Financial statements must be drawn up in accordance with sound business practice, which is interpreted to mean that accounting principles must be acceptable to the business community. The process of stating assets and liabilities and determining results are to be disclosed. Financial statements are prepared on a consistent basis, with disclosure of material effects of changes in accounting principles. Comparative financial information for the preceding period must be disclosed ( 1993).
Auditing and accounting standards vary from country to country largely because of differing business practices, fiscal systems, culture, tradition and company law. Worldwide uniformity of auditing and accounting standards is an objective of the International Federation of Accountants (IFAC) and the International Accounting Standards Committee (IASC). A number of developing countries have adopted the international standards set by these bodies as benchmarks for their national standards; however, developed countries are moving more cautiously from their own well-established standards to international standards. Thus, auditing and accounting diversity will continue to be a fact of life (1997).
Difference between auditing standards
Difference between ISA 240 and SAS 99
The ISA 240 is a description and discussion of the auditor’s responsibility to consider fraud in the audit of financial statements. It is divided into different titles that includes an introduction; the description of the characteristics of fraud; description of the responsibilities of those charged with governance and of management; the inherent limitations of an audit in the context of fraud; the responsibilities of the auditor for detecting material misstatement due to fraud; professional skepticism; discussion among the engagement team; risk assessment procedures; identification and assessment of the risks of material misstatement due to fraud; responses to the risks of material misstatement due to fraud; evaluation of audit evidence; management representations; communications with management and those charged with governance; communications to regulatory and enforcement authorities; auditor unable to continue the engagement; documentation; effective date.
This standard distinguishes fraud from error and describes the two types of fraud that are relevant to the auditor, that is, misstatements resulting from misappropriation of assets and misstatements resulting from fraudulent financial reporting; describes the respective responsibilities of those charged with governance and the management of the entity for the prevention and detection of fraud, describes the inherent limitations of an audit in the context of fraud, and sets out the responsibilities of the auditor for detecting material misstatements due to fraud. This standard also requires the auditor to maintain an attitude of professional skepticism recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor’s past experience with the entity about the honesty and integrity of management and those charged with governance. Moreover this standard requires members of the engagement team to discuss the susceptibility of the entity’s financial statements to material misstatement due to fraud and requires the engagement partner to consider which matters are to be communicated to members of the engagement team not involved in the discussion.
The standard requires auditor to do certain things such as performing procedures to obtain information that is used to identify the risks of material misstatement due to fraud; identifying and assessing the risks of material misstatement due to fraud at the financial statement level and the assertion level and for those assessed risks that could result in a material misstatement due to fraud, evaluate the design of the entity’s related controls, including relevant control activities, and to determine whether they have been implemented; determining overall responses to address the risks of material misstatement due to fraud at the financial statement level and consider the assignment and supervision of personnel, consider the accounting policies used by the entity and incorporate an element of unpredictability in the selection of the nature, timing and extent of the audit procedures to be performed; designing and performing audit procedures to respond to the risk of management override of controls; determining responses to address the assessed risks of material misstatement due to fraud; considering whether an identified misstatement may be indicative of fraud; obtaining written representations from management relating to fraud; and communicating with management and those charged with governance. The ISA 240 provides guidance on communications with regulatory and enforcement authorities. The standard provides guidance if, as a result of a misstatement resulting from fraud or suspected fraud, the auditor encounters exceptional circumstances that bring into question the auditor’s ability to continue performing the audit. Lastly the standard establishes documentation requirements.
According to the Standards the term error refers to an unintentional misstatement in financial statements, including the omission of an amount or a disclosure, such as the following a mistake in gathering or processing data from which financial statements are prepared; an incorrect accounting estimate arising from oversight or misinterpretation of facts; and a mistake in the application of accounting principles relating to measurement, recognition, classification, presentation or disclosure. According to the standards the term fraud refers to an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. Auditors do not make legal determinations of whether fraud has actually occurred. Fraud involving one or more members of management or those charged with governance is referred to as management fraud. A fraud involving only employees of the entity is referred to as employee fraud. In either case, there may be collusion within the entity or with third parties outside of the entity. According to ISA 240 fraudulent financial reporting involves intentional misstatements including omissions of amounts or disclosures in financial statements to deceive financial statement users. Fraudulent financial reporting may be accomplished by the following manipulation, falsification, or alteration of accounting records or supporting documentation from which the financial statements are prepared; misrepresentation in, or intentional omission from, the financial statements of events, transactions or other significant information; intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure.
Fraudulent financial reporting can be caused by the efforts of management to manage earnings in order to deceive financial statement users by influencing their perceptions as to the entity’s performance and profitability. Such earnings management may start out with small actions or inappropriate adjustment of assumptions and changes in judgments by management. Pressures and incentives may lead these actions to increase to the extent that they result in fraudulent financial reporting. Such a situation could occur when, due to pressures to meet market expectations or a desire to maximize compensation based on performance, management intentionally takes positions that lead to fraudulent financial reporting by materially misstating the financial statements. In some other entities, management may be motivated to reduce earnings by a material amount to minimize tax or to inflate earnings to secure bank financing.
The primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and with management. The respective responsibilities of those charged with governance and of management may vary by entity and from country to country. In some entities, the governance structure may be more informal as those charged with governance may be the same individuals as management of the entity. It is important that management, with the oversight of those charged with governance, place a strong emphasis on fraud prevention, which may reduce opportunities for fraud to take place, and fraud deterrence, which could persuade individuals not to commit fraud because of the likelihood of detection and punishment. This involves a culture of honesty and ethical behavior. Such a culture, based on a strong set of core values, is communicated and demonstrated by management and by those charged with governance and provides the foundation for employees as to how the entity conducts its business. Creating a culture of honesty and ethical behavior includes setting the proper tone; creating a positive workplace environment; hiring, training and promoting appropriate employees; requiring periodic confirmation by employees of their responsibilities and taking appropriate action in response to actual, suspected or alleged fraud. It is the responsibility of those charged with governance of the entity to ensure, through oversight of management, that the entity establishes and maintains internal control to provide reasonable assurance with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. Active oversight by those charged with governance can help reinforce management’s commitment to create a culture of honesty and ethical behavior.
In exercising oversight responsibility, those charged with governance consider the potential for management override of controls or other inappropriate influence over the financial reporting process, such as efforts by management to manage earnings in order to influence the perceptions of analysts as to the entity’s performance and profitability. The ISA 240 focuses more towards auditing on a wider perspective. The said standards discussed what constitutes fraud and risk assessment. The said standards explained what should be done to ensure that cases of fraud can be known. ISA 240 focused more on the auditor as a person and what should be their relationship with the management team. Moreover ISO 240 gave guidelines of how auditors should act in accordance to the different situations they are facing.
On the other hand SAS 99 is a description and discussion of consideration of fraud in a financial statement audit. According to SAS 99 Fraud is a broad legal concept and auditors do not make legal determinations of whether fraud has occurred. Rather, the auditor’s interest specifically relates to acts that result in a material misstatement of the financial statements. The primary factor that distinguishes fraud from error is whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional. Fraud is an intentional act that results in a material misstatement in financial statements that are the subject of an audit. Three conditions generally are present when fraud occurs. First, management or other employees have an incentive or are under pressure, which provides a reason to commit fraud. Second, circumstances exist for example, the absence of controls, ineffective controls, or the ability of management to override controls that provide an opportunity for a fraud to be perpetrated. Third, those involved are able to rationalize committing a fraudulent act. Some individuals possess an attitude, character, or set of ethical values that allow them to knowingly and intentionally commit a dishonest act. However, even otherwise honest individuals can commit fraud in an environment that imposes sufficient pressure on them. The greater the incentive or pressure, the more likely an individual will be able to rationalize the acceptability of committing fraud.
Fraudulent financial reporting need not be the result of a grand plan or conspiracy. It may be that management representatives rationalize the appropriateness of a material misstatement, for example, as an aggressive rather than indefensible interpretation of complex accounting rules, or as a temporary misstatement of financial statements, including interim statements, expected to be corrected later when operational results improve. According to SAS 99 Fraud also may be concealed through collusion among management, employees, or third parties. Collusion may cause the auditor who has properly performed the audit to conclude that evidence provided is persuasive when it is, in fact, false. For example, through collusion, false evidence that controls have been operating effectively may be presented to the auditor, or consistent misleading explanations may be given to the auditor by more than one individual within the entity to explain an unexpected result of an analytical procedure. As another example, the auditor may receive a false confirmation from a third party that is in collusion with management. Although fraud usually is concealed and management’s intent is difficult to determine, the presence of certain conditions may suggest to the auditor the possibility that fraud may exist. For example, an important contract may be missing, a subsidiary ledger may not be satisfactorily reconciled to its control account, or the results of an analytical procedure performed during the audit may not be consistent with expectations. However, these conditions may be the result of circumstances other than fraud. Documents may legitimately have been lost or misfiled; the subsidiary ledger may be out of balance with its control account because of an unintentional accounting error; and unexpected analytical relationships may be the result of unanticipated changes in underlying economic factors. Even reports of alleged fraud may not always be reliable because an employee or outsider may be mistaken or may be motivated for unknown reasons to make a false allegation
The auditor should inquire of management about whether management has knowledge of any fraud or suspected fraud affecting the entity; whether management is aware of allegations of fraud or suspected fraud affecting the entity, for example, received in communications from employees, former employees, analysts, regulators, short sellers, or others; management’s understanding about the risks of fraud in the entity, including any specific fraud risks the entity has identified or account balances or classes of transactions for which a risk of fraud may be likely to exist; programs and controls the entity has established to mitigate specific fraud risks the entity has identified, or that otherwise help to prevent, deter, and detect fraud, and how management monitors those programs and controls; for an entity with multiple location the nature and extent of monitoring of operating locations or business segments, and whether there are particular operating locations or business segments for which a risk of fraud may be more likely to exist; whether and how management communicates to employees its views on business practices and ethical behavior.
According to SAS 99 In planning the audit, the auditor also should perform analytical procedures relating to revenue with the objective of identifying unusual or unexpected relationships involving revenue accounts that may indicate a material misstatement due to fraudulent financial reporting. An example of such an analytical procedure that addresses this objective is a comparison of sales volume, as determined from recorded revenue amounts, with production capacity. An excess of sales volume over production capacity may be indicative of recording fictitious sales. As another example, a trend analysis of revenues by month and sales returns by month during and shortly after the reporting period may indicate the existence of undisclosed side agreements with customers to return goods that would preclude revenue recognition. SAS 99 focused on the auditor as a authoritative and a careful person who makes sure that everything observed is noted, and every accusations of fraud has been proven before making any moves towards it. Analytical procedures performed during planning may be helpful in identifying the risks of material misstatement due to fraud. However, because such analytical procedures generally use data aggregated at a high level, the results of those analytical procedures provide only a broad initial indication about whether a material misstatement of the financial statements may exist. Accordingly, the results of analytical procedures performed during planning should be considered along with other information gathered by the auditor in identifying the risks of material misstatement due to fraud.
According to SAS 99 When audit test results identify misstatements in the financial statements; the auditor should consider whether such misstatements may be indicative of fraud. That determination affects the auditor’s evaluation of materiality and the related responses necessary as a result of that evaluation. If the auditor believes that misstatements are or may be the result of fraud, but the effect of the misstatements is not material to the financial statements, the auditor nevertheless should evaluate the implications, especially those dealing with the organizational position of the persons involved. For example, fraud involving misappropriations of cash from a small petty cash fund normally would be of little significance to the auditor in assessing the risk of material misstatement due to fraud because both the manner of operating the fund and its size would tend to establish a limit on the amount of potential loss, and the custodianship of such funds normally is entrusted to a non-management employee.
Conversely, if the matter involves higher-level management, even though the amount itself is not material to the financial statements, it may be indicative of a more pervasive problem, for example, implications about the integrity of management. In such circumstances, the auditor should reevaluate the assessment of the risk of material misstatement due to fraud and its resulting impact on the nature, timing, and extent of the tests of balances or transactions and the assessment of the effectiveness of controls if control risk was assessed below the maximum. The auditor’s consideration of the risks of material misstatement and the results of audit tests may indicate such a significant risk of material misstatement due to fraud that the auditor should consider withdrawing from the engagement and communicating the reasons for withdrawal to the audit committee or others with equivalent authority and responsibility. Whether the auditor concludes that withdrawal from the engagement is appropriate may depend on the implications about the integrity of management and the diligence and cooperation of management or the board of directors in investigating the circumstances and taking appropriate action. Because of the variety of circumstances that may arise, it is not possible to definitively describe when withdrawal is appropriate. The auditor may wish to consult with legal counsel when considering withdrawal from an engagement.
Some risks are inherent in the environment of the entity, but most can be addressed with an appropriate system of internal control. Once fraud risk assessment has taken place, the entity can identify the processes, controls, and other procedures that are needed to mitigate the identified risks. Effective internal control will include a well-developed control environment, an effective and secure information system, and appropriate control and monitoring activities. Because of the importance of information technology in supporting operations and the processing of transactions, management also needs to implement and maintain appropriate controls, whether automated or manual, over computer-generated information. SAS 99 give attention on what constitutes fraud but it gives more explanation and more examples regarding that topic. SAS 99 focuses not only on what the auditor should act but it focuses on how they act given the different personalities and characteristics.
Differences between ISA 250 and SAS 54
ISA 250 is the consideration of the laws and regulations in an audit of financial statement. According to ISA 250 When designing and performing audit procedures and in evaluating and reporting the results thereof, the auditor should recognize that noncompliance by the entity with laws and regulations may materially affect the financial statements. However, an audit cannot be expected to detect noncompliance with all laws and regulations. Detection of noncompliance, regardless of materiality, requires consideration of the implications for the integrity of management or employees and the possible effect on other aspects of the audit. The term noncompliance as used in this ISA refers to acts of omission or commission by the entity being audited, either intentional or unintentional, which are contrary to the prevailing laws or regulations. Such acts include transactions entered into by, or in the name of, the entity or on its behalf by its management or employees. Noncompliance does not include personal misconduct that are unrelated to the business activities of the entity by the entity’s management or employees.
Laws and regulations vary considerably in their relation to the financial statements. Some laws or regulations determine the form or content of an entity’s financial statements or the amounts to be recorded or disclosures to be made in financial statements. Other laws or regulations are to be complied with by management or set the provisions under which the entity is allowed to conduct its business. Some entities operate in heavily regulated industries. Others are only subject to the many laws and regulations that generally relate to the operating aspects of the business. Noncompliance with laws and regulations could result in financial consequences for the entity such as fines, litigation, etc. Generally, the further removed noncompliance is from the events and transactions ordinarily reflected in financial statements, the less likely the auditor is to become aware of it or to recognize its possible noncompliance.
ISA 250 mentioned that it is management’s responsibility to ensure that the entity’s operations are conducted in accordance with laws and regulations. The responsibility for the prevention and detection of noncompliance rests with management. There are policies and procedures that can assist management in discharging its responsibilities for the prevention and detection of noncompliance this includes monitoring legal requirements and ensuring that operating procedures are designed to meet these requirements; instituting and operating appropriate internal control; developing, publicizing and following a code of conduct; ensuring employees are properly trained and understand the code of conduct; monitoring compliance with the code of conduct and acting appropriately to discipline employees who fail to comply with it; engaging legal advisors to assist in monitoring legal requirements; maintaining a register of significant laws with which the entity has to comply within its particular industry and a record of complaints.
The auditor is not, and cannot be held responsible for preventing noncompliance. The fact that an annual audit is carried out may, however, act as a deterrent. An audit is subject to the unavoidable risk that some material misstatements of the financial statements will not be detected, even though the audit is properly planned and performed in accordance with the different ISA. This risk is higher with regard to material misstatements resulting from noncompliance with laws and regulations due to factors such as the following: there are many laws and regulations, relating principally to the operating aspects of the entity, that typically do not have a material effect on the financial statements and are not captured by the entity’s information systems relevant to financial reporting; the effectiveness of audit procedures is affected by the inherent limitations of internal control and by the use of testing; much of the audit evidence obtained by the auditor is persuasive rather than conclusive in nature; noncompliance may involve conduct designed to conceal it, such as collusion, forgery, deliberate failure to record transactions, senior management override of controls or intentional misrepresentations being made to the auditor.
The standards stated that the auditor should be alert to the fact that audit procedures applied for the purpose of forming an opinion on the financial statements may bring instances of possible noncompliance with laws and regulations to the auditor’s attention. For example, such audit procedures include reading minutes; inquiring of the entity’s management and legal counsel concerning litigation, claims and assessments; and performing substantive tests of details of classes of transactions, account balances, or disclosures. The auditor should obtain written representations that management has disclosed to the auditor all known actual or possible noncompliance with laws and regulations whose effects should be considered when preparing financial statements. When the auditor becomes aware of information concerning a possible instance of noncompliance, the auditor should obtain an understanding of the nature of the act and the circumstances in which it has occurred, and sufficient other information to evaluate the possible effect on the financial statements. When evaluating the possible effect on the financial statements, the auditor considers different things that include the potential financial consequences, such as fines, penalties, damages, threat of expropriation of assets, enforced discontinuation of operations and litigation; whether the potential financial consequences require disclosure; whether the potential financial consequences are so serious as to call into question the true and fair presentation given by the financial statements. When the auditor believes there may be noncompliance, the auditor should document the findings and discuss them with management.
The auditor should consider the implications of noncompliance in relation to other aspects of the audit, particularly the reliability of management representations. In this regard, the auditor reconsiders the risk assessment and the validity of management representations, in case of noncompliance not detected by the entity’s internal controls or not included in management representations. The implications of particular instances of noncompliance discovered by the auditor will depend on the relationship of the perpetration and concealment, if any, of the act to specific control activities and the level of management or employees involved. The auditor should, as soon as practicable, either communicate with those charged with governance, or obtain audit evidence that they are appropriately informed, regarding noncompliance that comes to the auditor’s attention. However, the auditor need not do so for matters that are clearly inconsequential or trivial and may reach agreement in advance on the nature of such matters to be communicated. If in the auditor’s judgment the noncompliance is believed to be intentional and material, the auditor should communicate the finding without delay. The auditor may conclude that withdrawal from the engagement is necessary when the entity does not take the remedial action that the auditor considers necessary in the circumstances, even when the noncompliance is not to the financial statements. Factors that would affect the auditor’s conclusion include the implications of the involvement of the highest authority within entity which may affect the reliability of management representations, effects on the auditor of continuing association with the entity. In such a conclusion, the auditor would ordinarily seek legal advice. ISA 250 gives a wider perspective on how to consider when an illegal act is done and when or when not illegal acts should be reported. It gives attention on how management should work hand in hand with the auditors to prevent any illegal acts to be committed. ISA 250 helps in giving a compassionate side to the auditors it also gives a different identity for them.
On the other hand SAS 54 discusses illegal acts by clients. According to SAS 54 the term illegal act refers to violations of laws or governmental regulations. Illegal acts by clients are acts attributable to the entity whose financial statements are under audit or acts by management or employees acting on behalf of the entity. Illegal acts by clients do not include personal misconduct by the entity’s personnel unrelated to their business activities. Illegal acts vary considerably in their relation to the financial statements. Generally, the further removed an illegal act is from the events and transactions ordinarily reflected in financial statements, the less likely the auditor is to become aware of the act or to recognize its possible illegality. Entities may be affected by many other laws or regulations, including those related to securities trading, occupational safety and health, food and drug administration, environmental protection, equal employment, and price fixing or other antitrust violations. Generally, these laws and regulations relate more to an entity’s operating aspects than to its financial and accounting aspects, and their financial statement effect is indirect. An auditor ordinarily does not have sufficient basis for recognizing possible violations of such laws and regulations. Their indirect effect is normally the result of the need to disclose a contingent liability because of the allegation or determination of illegality. For example, securities may be purchased or sold based on inside information. While the direct effects of the purchase or sale may be recorded appropriately, their indirect effect, the possible contingent liability for violating securities laws, may not be appropriately disclosed. Even when violations of such laws and regulations can have consequences material to the financial statements, the auditor may not become aware of the existence of the illegal act unless he is informed by the client, or there is evidence of a governmental agency investigation or enforcement proceeding in the records, documents, or other information normally inspected in an audit of financial statements.
According to SAS 54 normally, an audit in accordance with generally accepted auditing standards does not include audit procedures specifically designed to detect illegal acts. However, procedures applied for the purpose of forming an opinion on the financial statements may bring possible illegal acts to the auditor’s attention. For example, such procedures include reading minutes; inquiring of the client’s management and legal counsel concerning litigation, claims, and assessments; performing substantive tests of details of transactions or balances. The auditor should make inquiries of management concerning the client’s compliance with laws and regulations. Where applicable, the auditor should also inquire of management concerning certain things such as the client’s policies relative to the prevention of illegal acts, the use of directives issued by the client and periodic representations obtained by the client from management at appropriate levels of authority concerning compliance with laws and regulations.
In applying audit procedures and evaluating the results of those procedures, the auditor may encounter specific information that may raise a question concerning possible illegal acts, such as the following: unauthorized transactions, improperly recorded transactions, or transactions not recorded in a complete or timely manner in order to maintain accountability for assets; investigation by a governmental agency, an enforcement proceeding, or payment of unusual fines or penalties; violations of laws or regulations cited in reports of examinations by regulatory agencies that have been made available to the auditor; large payments for unspecified services to consultants, affiliates, or employees; sales commissions or agents’ fees that appear excessive in relation to those normally paid by the client or to the services actually received; unusually large payments in cash, purchases of bank cashiers’ checks in large amounts payable to bearer, transfers to numbered bank accounts, or similar transactions; unexplained payments made to government officials or employees; failure to file tax returns or pay government duties or similar fees that are common to the entity’s industry or the nature of its business.
In the said standards when the auditor becomes aware of information concerning a possible illegal act, the auditor should obtain an understanding of the nature of the act, the circumstances in which it occurred, and sufficient other information to evaluate the effect on the financial statements. In doing so, the auditor should inquire of management at a level above those involved. When the auditor concludes, based on information obtained and, if necessary, consultation with legal counsel, that an illegal act has or is likely to have occurred, the auditor should consider the effect on the financial statements as well as the implications for other aspects of the audit. The auditor should assure himself that the audit committee, or others with equivalent authority and responsibility, is adequately informed with respect to illegal acts that come to the auditor’s attention. The auditor need not communicate matters that are clearly inconsequential and may reach agreement in advance with the audit committee on the nature of such matters to be communicated. The communication should describe the act, the circumstances of its occurrence, and the effect on the financial statements. Senior management may wish to have its remedial actions communicated to the audit committee simultaneously. Possible remedial actions include disciplinary action against involved personnel, seeking restitution, adoption of preventive or corrective company policies, and modifications of specific control activities. If senior management is involved in an illegal act, the auditor should communicate directly with the audit committee. The communication may be oral or written. If the communication is oral, the auditor should document it.
If the auditor concludes that an illegal act has a material effect on the financial statements, and the act has not been properly accounted for or disclosed, the auditor should express a qualified opinion or an adverse opinion on the financial statements taken as a whole, depending on the materiality of the effect on the financial statements. If the auditor is precluded by the client from obtaining sufficient competent evidential matter to evaluate whether an illegal act that could be material to the financial statements has, or is likely to have, occurred, the auditor generally should disclaim an opinion on the financial statements. If the client refuses to accept the auditor’s report as modified for the circumstances, the auditor should withdraw from the engagement and indicate the reasons for withdrawal in writing to the audit committee or board of directors.
.The auditor may be unable to determine whether an act is illegal because of limitations imposed by the circumstances rather than by the client or because of uncertainty associated with interpretation of applicable laws or regulations or surrounding facts. In these circumstances, the auditor should consider the effect on his report. The auditor may conclude that withdrawal is necessary when the client does not take the remedial action that the auditor considers necessary in the circumstances even when the illegal act is not material to the financial statements. Factors that should affect the auditor’s conclusion include the implications of the failure to take remedial action, which may affect the auditor’s ability to rely on management representations, and the effects of continuing association with the client. In reaching a conclusion on such matters, the auditor may wish to consult with his own legal counsel. Disclosure of an illegal act to parties other than the client’s senior management and its audit committee or board of directors is not ordinarily part of the auditor’s responsibility, and such disclosure would be precluded by the auditor’s ethical or legal obligation of confidentiality, unless the matter affects his opinion on the financial statements.
Because potential conflicts with the auditor’s ethical and legal obligations for confidentiality may be complex, the auditor may wish to consult with legal counsel before discussing illegal acts with parties outside the client. An auditor may accept an engagement that entails a greater responsibility for detecting illegal acts than that specified in this section. For example, a governmental unit may engage an independent auditor to perform an audit in accordance with the Single Audit Act of 1984. In such an engagement, the independent auditor is responsible for testing and reporting on the governmental unit’s compliance with certain laws and regulations applicable to Federal financial assistance programs. Also, an independent auditor may undertake a variety of other special engagements. For example, a corporation’s board of directors or its audit committee may engage an auditor to apply agreed-upon procedures and report on compliance with the corporation’s code of conduct under the attestation standards. SAS 54 is focused on determining what are illegal acts and what it constitutes. The said standard gave procedures on what to do to make sure that illegal acts will not be committed and if it has been committed the standard assist in making sure that proper action can be done towards it. SAS 54 gives a detailed discussion and reminders on what the auditor should do towards illegal acts.
Read our customer feedbacks