Md MoniruzzamanA 514: Essay 2: Fraud under AICPA, PCAOB and IAASB

Introduction: My selected topic for this essay is “Fraud in a Financial Statement Audit”.Discussion and comparison of auditor’s responsibilities will be carried out in this essay among audit standards set by American Institute of Certified Public Accountants (AICPA), Public Company Accounting Oversight Board (PCAOB) and International Auditing and Assurance Standards Board (IAASB). AU-C 240 is the sampling standard set by AICPA where AU 316 is by PCAOB and ISA 240 is by IAASB.

Statements on Auditing Standard AU-C Section 240 by AICPA - Consideration of Fraud in a Financial Statement Audit: AU-C 240 was in effect since the financial statement audit of December 15, 2012. This SAS describes and addresses the issues involving understanding and assessing the risks of material misstatements to responding to those material misstatements due to fraud. Unintentional misstatements are error while intentional misstatements are fraud. However, the interesting thing is, even though auditor suspects that there might be fraud, they never make the judgment that it was a fraud.1

AU-C 240 affirms that even though auditor’s duty is to obtain a reasonable assurance that the financial statements as a whole are free from material misstatement, whether caused by fraud or error, it is the duty of management to prevent and detect it. The section describes the objectives of the auditor, defines the relevant terms well, and identifies the requirements of an audit. The procedure of identifying and assessing the level of risks are described in details in paragraph .25. The section specially put emphasis on professional skepticism. Whenever there is any misstatements, auditor should look for evidences whether there was any fraud or not and the management was involved or not with the fraud.2 If there is any severe case, auditor may plan to withdraw from the engagement and the responsibilities in that case are described in paragraph .38. Auditor should determine whom to report the identified fraud at the first level and if there is any necessity to report the fraud to regulatory authority. The auditor should keep enough documentation for the possible or identified fraud to back up her conclusion.3 The AU-C 240 section describes also the characteristics and intensity of fraud from paragraph .A1 to .A6. The section also suggests some of the common places like accounting estimation look for possible misstatements or frauds. Finally, the section suggests some specific response in relation to misstatement or fraud of specific situations like revenue recognition, inventory quantities, management estimates, and misappropriations of assets.

PCAOB Interim Standards AU 316 - Consideration of Fraud in a Financial Statement Audit: Superseding SAS no 82, this SAS was in effect since December 15, 1 Paragraph .03, AU-C Section 240: Consideration of Fraud in a Financial Statement Audit, AICPA2 Paragraph .36, AU-C Section 240: Consideration of Fraud in a Financial Statement Audit, AICPA3 Paragraph .43, AU-C Section 240: Consideration of Fraud in a Financial Statement Audit, AICPA

Md MoniruzzamanA 514: Essay 2: Fraud under AICPA, PCAOB and IAASB

2002. This section starts with the reference of AU section 110 about the responsibilities and functions of the independent auditor. The section describes the types and characteristics of fraud in details. It put emphasis on the professional skepticism. This section requires the discussion among the audit team members to discuss the possible places for misstatements or fraud. Material misstatement due to fraud should be identified by inquiring of management, considering the results of the analytical procedures, considering fraud risk factors and other relevant factors. 4 It describes the cases when to withdraw the engagement and whom to and when to report the fraud. The first place to report the fraud is those charged with governance or management. It includes the separate responsibility of management and the auditor in detecting and in preventing the material misstatements or fraud. There are two types of frauds as per this section: misstatements arising from fraudulent financial reporting and misstatements arising from misappropriation of assets.5 Fraud triangle- Pressure/Incentive, Opportunity and Rationalize is the primary condition of occurring a fraud. Those are described in details. It suggests that some of the personnel of the management must be involved in the process of doing fraud if there is any and there are some certain conditions that indicates the presence of fraud. 6 Auditors are responsible for the planning and performing the audit. Even though an audit is effective for detecting an error may be ineffective for detecting fraud.7 Using professional judgment the type of risk, significance of the risk, likelihood of the risk, and pervasiveness of the risk should be determined. 8 AU 316 suggests that revenue is one item that is a largely susceptible for fraud. There is always a chance of improper revenue recognition.9 The section ends with a couple of guidelines for auditing in the attachment.

International Standard on Auditing 240: the auditor’s responsibilities relating to fraud in an audit of financial statements by IAASB: Like other ISA, this ISA starts with a scope paragraph. It clearly defines the fraud as an intentional act by one or more individuals among management, employees, or third parties, by deception to obtain an unjust or illegal advantage.10 Describing the characteristics of fraud, it describes the responsibility of for the prevention and detection of fraud. It is stated that the prevention and detection of fraud is the responsibility of management. 11 Defining the responsibilities of the auditor in detection, it extends that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed

4 Paragraph .02 AU section 316, PCAOB5 Paragraph .06 AU section 316, PCAOB6 Paragraph .11 AU section 316, PCAOB7 Paragraph .12 AU section 316, PCAOB8 Paragraph .40 AU section 316, PCAOB9 Paragraph .41 AU section 316, PCAOB10 Paragraph 11 ISA 240, IAASB11 Paragraph 4 ISA 240, IAASB

Md MoniruzzamanA 514: Essay 2: Fraud under AICPA, PCAOB and IAASB

in accordance with the ISAs.12 Paragraph 6 describes that the undetected fraud might be much more risky than the prior undetected error. Moreover, fraud committed by management rather than mere employees is much more risky. Auditor must have to apply professional skepticism as per this ISA. Discussion among the engagement team, risk assessment procedures these are described in the similar fashion of GAAS and PCAOB standards. It states that in determining fraud and misstatements, auditor should assign and supervise competent person to detect them. If frauds or misstatements are assessed in the assertion level, the auditor shall design and perform further audit procedures.13 Even though there is no assessed risk, the auditor should perform audit procedures in relation to journal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements, accounting estimates, and other significant transactions.14 Inability to continue the engagement is also discussed in depth. Written representation of management is required as per the requirement of this ISA. Documentation should be sufficient in support of the work done. The ISA ends with some specific responses for specific situations.

Comparison: As PCAOB and AICPA standard do not have major differences, discussion is focused on AICPA and ISAAB standards.

ISA 240, Compared to AU-C Section 240 and their impact on auditing:

Differences in Language

Paragraph 11 of ISA 240 and paragraph .11 of section 240 define fraud. However, the definition of fraud in paragraph .11 of section 240 was changed by the words “to obtain illegal or unjust advantage” to “results in a misstatement in financial statements that are the subject of an audit.” The definition in ISA 240 is too broad and could inappropriately expose auditors to additional liability in the United States, and the meaning of unjust could be interpreted very broadly and subjectively in its application and could imply a scope well beyond the intent of the standard. But, the change in the definition does not create significant differences between the application of ISA 240 and the application of section 240.

Requirements in GAAS Not in the ISAs

Section 240 contains requirements, consistent with requirements of SAS AU 316, Consideration of Fraud in a Financial Statement Audit, as amended, that have been expanded from the requirements of ISA 240, or elevated from application material in ISA 240, as follows:

12 Paragraph 5 ISA 240, IAASB13 Paragraph 30 ISA 240, IAASB

14 Paragraph 32 ISA 240, IAASB

Md MoniruzzamanA 514: Essay 2: Fraud under AICPA, PCAOB and IAASB

The requirement in paragraph 14 of ISA 240 for the auditor to investigate inconsistent responses to auditor inquiries of management or those charged with governance has been expanded in paragraph .14 of section 240 to also include responses that are otherwise unsatisfactory (for example, vague or implausible responses).

The requirement in paragraph 44 of ISA 240 to document the significant decisions reached during the discussion among the engagement team regarding fraud-related matters has been expanded in paragraph .43 of section 240 to also require documenting how and when the discussion occurred and the audit team members who participated.

The requirements in paragraph 32(a) of ISA 240 address designing and performing auditing procedures to test the appropriateness of journal entries. That was absent in AU-C 240.

The requirement for the auditor to design and perform auditing procedures to review accounting estimates for biases and evaluate whether the circumstances producing the bias, if any, represent a risk of material misstatement due to fraud, in paragraph 32(b) of ISA 240, has been expanded in paragraph .32b of section 240 to include those estimates that are based on highly sensitive assumptions.

Conclusion: Even though there are some minor differences between these three standards, the standards for fraud is almost same in all the three cases.