and You - Chapters Site County/IIA OC Presentation... · Joint IIA/ ISACA/ ACFE Spring Fraud Conference: Fraud & the External Auditor, and You

Joint IIA/ ISACA/ ACFE Spring Fraud Conference:Fraud & the External Auditor, and You

Copyright © 2016 Deloitte Development LLC. All rights reserved. 2

Summer Taylor, Audit Managing Director

Deloitte & Touche LLP, Orange County

Meeting with you today

Deloitte & Touche LLP Tel: (714) 436-7766 Cell: (714) 315-2040Fax: (714) 885-8316 [email protected] www.deloitte.com 695 Town Center Drive, Suite 1200 Costa Mesa, California 92626

Summer is a CPA and business advisor. She provides auditing, financial reporting, accounting and consulting services to publicly traded and privately held companies. Her experience includes U.S. GAAP reporting and technical research, SEC reporting, public debt offerings, IPO's, PCAOB and AICPA standards, and private equity transactions.

She is also an instructor for the CalCPA Education Foundation.


• Auditors’ Responsibility

• Requirements of the auditing standards• PCAOB standard changes

• The importance of professional skepticism

• Significant Accounting Scandals

• Management’s Responsibility

AgendaFraud & the External Auditor, and You

Presentation title[To edit, click View > Slide Master > Slide Master]

Member firms and DTTL: Insert appropriate copyright[To edit, click View > Slide Master > Slide Master]

4

Auditors’ Responsibility



An auditor conducting an audit in accordance with GAAS is responsible for obtaining reasonable assurance that the financial statements as a whole are free from material misstatement, whether caused by fraud or error.

• Identify and assess the risks of material misstatement of the financial statements due to fraud;

• Obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; and

• Respond appropriately to fraud or suspected fraud identified during the audit.

AU Section 240 — Consideration of Fraud in a Financial Statement Audit

PCAOB AS 2401 — Consideration of Fraud in a Financial Statement Audit



• Maintain professional skepticism

• Discussion Among the Engagement Team

• Risk Assessment Procedures and Related Activities

• Discussions With Management and Others Within the Entity, Those Charged With Governance

• Evaluate Unusual or Unexpected Relationships Identified

• Evaluation of Fraud Risk Factors

• Identification and Assessment of the Risks of Material Misstatement Due to Fraud

• Responses to the Assessed Risks of Material Misstatement Due to Fraud

• Audit Procedures Responsive to Assessed Risks of Material Misstatement Due to Fraud

• Unpredictability in the Selection of Audit Procedures

AU Section 240 — Consideration of Fraud in a Financial Statement Audit

PCAOB AS 2401 — Consideration of Fraud in a Financial Statement Audit


PCAOB Standard ChangesPCAOB Auditing Standard No. 18 – Related Parties and Other Amendments Significant Unusual TransactionsTransactions with Executive Officers


Recent History

• RPs, SUTs, and EO transactions/relationships:

• Contributing factors in numerous financial reporting frauds over the last several decades.

• Prominent corporate scandals served to undermine investor confidence; resulted in significant losses for investors and loss of many jobs.

• RP transactions specifically have been used to engage in fraudulent financial reporting and to conceal misappropriation of assets.

What drove the changes?


The Need toIdentify

“Red Flags”

• Important to step back and identify areas where management may have incentive or opportunity to manipulate the financial statements.

• These areas may not have strong processes and controls in place at all entities.

• RP transactions and SUTs are “ripe” areas where manipulation could be at play.

• Apparent lack of business purpose or difficult “substance over form” questions; potential heightened risk of fraud.

• Understanding terms of executive compensation arrangements critical to understanding where top management may have incentive to manipulate accounts.

What drove the changes?


Key Audit Procedures Required by AS 18New or

Expanded Requirement

Performing risk assessment procedures to obtain an understanding of the company's relationships and transactions with its related parties:

Expanded

• Obtaining an understanding of the company's process Expanded• Performing inquiries of:

o Management Expanded

o Others within the company New

o Audit committee or its chair NewCommunicating with the audit engagement team and other auditors

Expanded

Identifying and assessing risks of material misstatement ExpandedResponding to the risks of material misstatement Expanded

Evaluating whether the company has properly identified its related parties and relationships and transactions with related parties

Expanded

Evaluating financial statement accounting and disclosures Expanded

Communications with the audit committee New

Key audit procedures required by AS18


Key Audit Procedures Required by AS 12 and AU 316

New or Expanded Requirement

AS 12:• Required procedures to help auditors identify significant

unusual transactions (e.g., make inquiries of management and others).

New

AU Section 316: • Requirement that when identifying significant unusual

transactions, auditors take into account other work performed during the audit (e.g., information gathered with respect to related-party transactions).

New

• Basic required procedures for obtaining information for evaluating significant unusual transactions and more in-depth procedures designed to be scalable and commensurate with the facts and circumstances of the audit.

New

• Evaluating the business purpose or lack thereof for significant unusual transactions, including whether it indicates that transactions may have been entered into to engage in fraud.

Expanded

• Evaluating accounting matters relative to significant usual transactions in addition to evaluating disclosure requirements.

New

Key amendments related to significant unusual transactions:


Key Audit Procedures Required by AS 12New or

Expanded Requirement

AS 12:• Required audit procedures to obtain an

understanding of the company's financial relationships and transactions with its executive officers.

New

Key amendments related to a company’s financial relationships and transactions with its executive officers:



13

The importance of professional skepticism

The inspection results indicate that the Firm, in certain instances, relied heavily on evidence that supported the issuer's conclusion, without sufficiently taking into account new or contrary evidence

that was available to the Firm at the time of the audit. This tendency frequently contributed to the concerns noted in prior

inspection reports related to a lack of professional skepticism and deficiencies in auditing estimates.



Remarks at the AICPA Conference on Current SEC and PCAOB Developments

Professional skepticism is an attitude that includes a questioning mind and a critical

assessment of audit evidence.


I must respectfully disagree with the notion mentioned by a speaker yesterday that

professional skepticism calls for a "trust but verify" approach.

In exercising professional skepticism, the auditor should not be satisfied with less than persuasive evidence because of a

belief that management is honest.




When your auditor questions your assertions, he or she is not being difficult.

They're just doing their job.

Focus on extraordinary "audit quality", not extraordinary “client

service.”




1. AIG

2. Bernie Madoff

3. Enron

4. Freddie Mac

5. Health South

6. Lehman Brothers

7. Tyco

8. Waste Management

9. WorldCom

10. Satyam

Worst Accounting Scandals of All Time



18

Management’s Responsibility



• Preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework

• Design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error

• Provide the auditor with:

• access to all information of which management is aware that is relevant to the preparation and fair presentation of the financial statements, such as records, documentation, and other matters;

• additional information that the auditor may request from management for the purpose of the audit; and

• unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence.


Common scandal themes & how you can help!

Common Fraud Possible Company Response

Management Override Design effective controls over:- Journal entries- Tone at the top- Critical financial review

Revenue Controls to consider- IT systems- Manual entries- Period end cutoff procedures

Estimates - Challenge estimates- Incorporate higher level

reviews- Evidence when the control has

identified issues- Evaluate and consider bias

Complex/Unusual Transactions Design controls specific to the new risk



• Preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework

• Design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error

• Provide the auditor with:

• access to all information of which management is aware that is relevant to the preparation and fair presentation of the financial statements, such as records, documentation, and other matters;

• additional information that the auditor may request from management for the purpose of the audit; and

• unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence.


Questions?

23Copyright © 2016 Deloitte Development LLC. All rights reserved.

Thank you!

About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a detailed description of DTTL and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

Copyright © 2016 Deloitte Development LLC. All rights reserved.Member of Deloitte Touche Tohmatsu Limited Financial Instruments

Documents

and You - Chapters Site County/IIA OC Presentation... · Joint IIA/ ISACA/ ACFE Spring Fraud Conference: Fraud & the External Auditor, and You