Sunteți pe pagina 1din 28

Analyst consensus estimates for an entity may be obtained on finance websites or from EY Knowledge.

Our understanding of such estimates is not to obtain a precise prediction of the most likely result for the
entity, but rather to understand their general nature (i. e what the analysts are tracking ) and whether
this may affect management’s decision as to whether tor record misstatements brought to its attention.

Composition and changes in the financial performance

We read the entity’s financial information and perform analytical procedures, considering the non-
financial information, to look for indicators of risk factors, whether due to fraud or error b:

We perform procedures, such as:

Obtaining an understanding of key measures of financial performance that are important to


management. We inquire of management regarding the financial performance measures they monitor
and about other areas of financial performance that are important to management. We are aware of
the effect on management’s measures that may arise from our understanding of key stakeholder’s
expectations/needs, including those of analysts when appropriate.

Obtaining an understanding of how management uses m

At this stage, we want to obtain a high level understanding of how management determines that the
underlying data used in the calculations of the performance indicators and measures are appropriate
and accurate.

As we obtain an understanding of the entity’s performance indicators, we consider factors, such as:

The availability of internally-generated information used by management for measuring and reviewing
financial information.

The availability of external information, such as analysts’ reports and credit rating agency reports, used
by external parties to measure and review the entity’s financial performance

Management actions that increase the risks of material misstatement, including those due to fraud, as a
result of performance indicators, particularly the pressure to achieve the performance indicators.

Management’s reactions to unexpected results or trends or highlighted by the internal measurement


and review

Indications for existence of risks of material misstatements of the financial statements.

We perform analytical procedures on financial and non-financial information as risk identification and
assessment procedures to obtain an understanding of the entity.

We consider fluctuations:
On an account by account basis

Between group of related accounts

Within and between financial statements

Withinthe financial statements as whole

Scope and strategy

Related party transactions

Going concern

The role of IT

In understanding the entity and its environment, we obtain an understanding of the role of the IT in the
entity, including IT complexity.

We obtain an understanding of the entity and its environment by performing a combination of the
following risk assessment procedures:

Read relevant information

Inquire of:

Management and those responsible for financial reporting

Appropriate individuals within the internal audit function

Others in the entity who may have information that is likely to assist in identifying risks of material
misstatement due to fraud and error.

Perform analytical procedures on financial and non-financial information

Observation and inspection

Risk assessment procedures

Read relevant information

Inquiry

Analytical procedures

Observation and inspection

GTAC-relevant information to identify risk factors


If the PIC or EY or any other affiliates provided other services

Document sources of information

Previous experience with the client

Nature of the entity

Industry, legal and regulatory framework and other external factors

Nature of the entity

Accounting policies

Objectives and strategies of the entity

Measurement and review of financial performance

Movement analytic

Inquiry with management, those charged with governance and important internal audit function

Review of relevant information

Observation and inspection

Analytical procedures

Analytical procedures may help identify existence of unusual transactions or events, amounts, rations,
trends that might indicate matters that have audit implications such as possible risks of material
misstatements.

Going concern issues

Change in it environment

Change in key officers

Complexity

Related party transactions

Expansion (Location, product)

Competence of officers
Past history of misstatements

Incentive and opportunity of fraud

Accounting estimates

Pending litigation, claims and assessment

Whether the risk is related to recent significant economic, accounting or other developments

The complexity of transactions

Whether the risk involves significant transactions with related parties within the normal course of
business

The degree of subjectivity in the measurement

Significant risk

The complexity of transactions

Related parties normal course of business

Unusual outside the normal course of business

Recent significant economic developments

The degree of subjectivity

Complex

Voluminous

Estimation

Related party

Past history of misstatement

We determine inherent risks to be significant when we identify:

Risks of material misstatement due to fraud

Significant transactions with related parties that are outside the normal course of business for the entity

Likelihood of occurrence
Magnitude of misstatement

Risks of material misstatement

Related parties – outside

For significant risks, we are required to understand and assess the design and implementation of the
entity’s controls relevant to each risk. We obtain this understanding regardless of whether we plan a
controls reliance strategy.

UBT – identification of inherent risks from which risk of material misstatements may arise

Relate such risk to financial statements

We’ll be able to determine key audit matters

Significant risks

Relating inherent risks to the financial statements or to the individual assertions for significant accounts and disclosures helps us
in designing and executing a risk based audit strategy, including:

 Identifying significant accounts and disclosures


 Making inherent risk assessments for each relevant assertion
 Designing audit procedures

Key components of our documentation include the description of risk factors and characteristics we
used in determining inherent risks, including significant risks.

We complete the relevant sections of Audit Planning template

The sources of information from which the understanding of the entity was obtained regarding the
above mentioned elements, including the names of individuals to whom we spoke

The inherent risks, including significant risks and their effect on the DS

INHERENT RISK ASSESSMENT

For example, more cash on hand – higher inherent risk

Technological development – Higher risk on inventory


Complexity of transactions – Pension – higher inherent risk

Bankruptcy customers – Higher inherent risk receivables

The company that improperly has misstated an amount in PY may have higher inherent risk

Economy, industry and previously known misstatements that help

A few key factors can increase inherent risk.


 Environment and external factors: Here are some examples of environment
and external factors that can lead to high inherent risk:
o Rapid change: A business whose inventory becomes obsolete quickly
experiences high inherent risk.
o Expiring patents: Any business in the pharmaceutical industry also has
inherently risky environment and external factors. Drug patents eventually
expire, which means the company faces competition from other
manufacturers marketing the same drug under a generic label.
o State of the economy: The general level of economic growth is another
external factor affecting all businesses.
o Availability of financing: Another external factor is interest rates and the
associated availability of financing. If your client is having problems
meeting its short-term cash payments, available loans with low interest
rates may mean the difference between your client staying in business or
having to close its doors.
 Prior-period misstatements: If a company has made mistakes in prior years
that weren’t material (meaning they weren’t significant enough to have to
change), those errors still exist in the financial statements. You have to
aggregate prior-period misstatements with current year misstatements to see if
you need to ask the client to adjust the account for the total misstatement.
You may think an understatement in one year compensates for an overstatement in another year. In
auditing, this assumption isn’t true. Say you work a cash register and one night the register comes up $20
short. The next week, you somehow came up $20 over my draw count. The $20 differences are added
together to represent the total amount of your mistakes which is $40 and not zero. Zero would indicate no
mistakes at all had occurred.

 Susceptibility to theft or fraud: If a certain asset is susceptible to theft or fraud, the


account or balance level may be considered inherently risky. For example, if a client has
a lot of customers who pay in cash, the balance sheet cash account is going to have risk
associated with theft or fraud because of the fact that cash is more easily diverted than
customer checks or credit card payments.
Looking at industry statistics relating to inventory theft, you may also decide to consider
the inventory account as inherently risky. Small inventory items can further increase the
risk of this account valuation being incorrect because those items are easier to conceal
(and therefore easier to steal).

PRIOR-PERIOD MISSTATEMENTS
If a company has made mistakes in prior years that weren’t material (meaning they weren’t
significant enough to have to change), those errors still exist in the financial statements. You
have to aggregate prior-period misstatements with current year misstatements to see whether you
need to ask the client to adjust the accounting records for the total misstatement.
Here’s an example: Suppose you’re in charge of auditing the client’s accounts receivable
balance. Going through prior-period workpapers, you note accounts receivable was understated
by $20,000 and not corrected because your firm determined any misstatement under $40,000 was
immaterial. In the current period, you determine accounts receivable is overstated by $30,000.
The same $40,000 benchmark for materiality is in place. Do you have a material misstatement?
The answer is yes. Standing alone, neither the $20,000 from last year nor the $30,000 from this
year is over the $40,000 limit. However, adding the two misstatements together gives you
$50,000, which is in excess of the tolerable level of misstatement.

You add the two figures together in this example because the difference was understated in one
year and overstated in the next. If the differences had been in the same direction, you would have
subtracted one from the other.

So if the prior year had been overstated by $20,000 instead of understated, the aggregate of your
differences would be $10,000 ($30,000 – $20,000), which is well under the tolerable limit of
$40,000, and so the misstatement wouldn’t be material.
You may think an understatement in one year compensates for an overstatement in another year.
In auditing, this assumption isn’t true. Here’s a real-life auditing example that explains why:
Suppose you’re running the register at a local clothing store. Your ending cash register draw
count is supposed to be $100. One night your register comes up $20 short, a material difference.
The next week, you somehow come up $20 over your draw count. That’s good news, right?
Well, yes and no.
Although your manager is happy to hear that the store didn’t actually lose $20, he doesn’t buy
into the notion that the second mistake erases the first. As he sees it, you made two material
mistakes. The $20 differences are added together to represent the total amount of your mistakes,
which is $40 and not zero. Zero would indicate no mistakes at all had occurred.
Additionally, the fact that the two mistakes counterbalance each other doesn’t negate the fact that
a material misstatement of your register count occurred on two different occasions, indicating a
significant recurring breakdown in controls.

Perhaps, the most important aspect of understanding entity-level controls in non-complex entities
is understanding management’s day-to-day involvement in the financial aspects of the business
and its ability to influence or participate in activities and transactions.

We only obtain further understanding of those controls that we consider relevant to our audit.

Control Environment – Understanding, components, audit evidence – Entity level


Risk assessment – understanding – entity level
Information and communication – information – understanding, components, audit evidence
Communication – information – More on Application controls
Control activities – information; components and evidence as we perform UTP more on
application controls
Monitoring – information, components and evidence – entity level

We focus on elements that operate within this components

For the information system and control activities, we obtain an understanding as we obtain an
understanding of the significant class of transactions (SCOTs)

We recognized however that when management is actively involved in the financial aspects of
the business, the risk of material mi sstatements due to fraud involving management is
increased

Control environment

Integrity and ethical considerations


Management’s operating style
Management’s commitment to competence
Participation of governance and oversight by those charged with governance
Organizational structure and assignment of authority and responsibility
HR Policies and practices

Risk assessment
Business risk
Significance
Likelihood of occurrence
How to address

It is more likely that management will identify risks through direct personal involvement in the
process

If may nadiscover na risk


Appropriate ba na walang risk assessment
Does it constitute as s significant deficiency

We may identify risks of material misstatement at the financial statement or assertion level from any
internal control components (control environment, risk assessment, communication, and monitoring)

In doing so, we consider the size, complexity and ownership characteristics of the entity when
evaluating the factors that increase the likelihood of risks of material misstatements

Usually, ung mga less complex entities or NCEs, wala silang ineemploy na formal written code of
conduct, walang written accounting code or procedures, so based lang sya sa direct involvement ng
management sa operation ng business (so mas prone sya sa risk of material misstatement due to fraud).
Ayun lang yung procedure nila tska usally, wala silang formal risk assessment.They usually discover risk
as they perform procedures.

Such conditions may not adversely affect our assessment of the risks of material misstatement.
However, when non-complex entities have complex transactions or are subject to legal and regulatory
requirements frequently found in larger entities, they may need more formal means of achieving the
objectives of internal control.
Throughout the audit, we are alert for information or conditions (significant changes in the entity’s
internal control, exceptions in testing transaction-level controls or error identified through our
substantive procedures) that cause us to reevaluate our assessment of the risks of material
misstatement.

Entoty level controls – pervasive yung effect nya – more on control environment and monitoring, we
consider whether the components of entity-level control are operating effectively.

Effect on audit strategy

Mitigating controls (or material weakness if required to be communicated in the jurisdiction)

Positive factors relating to the integrity, ethical values and behavior of management are especially
important in determining that the control environment supports the prevention, or detection of
material misstatements.

Segregation of duties, authorization, asset safeguarding, asset accountability and other policies

The oversight along with other appropriate controls may allow management to compensate for the lack
of segregation of duties and achieve the objectives of asset and safeguarding and asset accountability.

Integrity of management

Risk assessment

Internal audit function

Monitoring

Identify risk

Control environment

Monitoring

Communication – SCOTs

Control Activities – SCOTS more on transaction level controls

If may deficiency or material weakness in internal control, we communicate such deficiencies in writing
to those charged with governance on a timely basis.

Reading relevant documents

Inquiry

Inspection of documents
Observation

Procedures

Our iunderstanding of elements of internal control

Obtain information during the planning phase of the audit

Evaluate conditions in the context of the fraud triangle

Identify risks of material misstatements

Approach to identifying and evaluating risks of material misstatements due to fraud

Approach to identifying and evaluating risk of material misstatements due to fraud

Even a properly planned and performed audit may not detect a material misstatement due to fraud
because of:

Concealment of fraudulent activity. Fraud may be disguised by sophisticated and carefully organize
schemes (forgery, deliberate failure to record transactions). Collusion may make such a concealment
even more difficult to detect.

Professional judgement involved in identifying and evaluating risks that cause a material misstatement
due to fraud and other conditions

Difficulty in determining whether misstatements in judgemental areas such as accounting estimates, are
caused by fraud or error.

We may, however, be able to identify potential opportunities to fraud to occur.

We may, however, be able to identify potential opportunities to fraud to occur

Our ability to detect a fraud depends on such factors such as the:

Skillfulness of the perpetrator

Frequency and extent of manipulation

Degree of collusion
Size of amounts manipulated

Seniority of those involved

Skillfulness of the perpetrator

Frequency and extent of manipulation

Degree of collusion

Size of amounts manipulated

Seniority of those involved

Pressure/Incentive

Declining margin

Negative cash flow

Vulnerability

New accounting standards

Risk factors

Operating conditions and financial stability under threat

Excessive pressure to deliver on expectations of third parties

Threats to the personal worth of management due to the entity’s financial performance

Pressure to meeti financial targets set by those charged with governance

Misappropriation of assets

Personal financial obligations

Adverse relationsji

Poor oversight

Poor oversight of management expenditure

Incompetent

Inadequate record keeping


Ineffective communication implementation, support or enforcement of the entity’s values or ethical
standards by management, or ineffective communication by management when inappropriate vaues or

Ineffective communication of entity’s ethical values

As exhibited by:

Frequent disputes against accounting and auditing standards

Unreasonable time constraints

Limited access to people and information

Wants to influence the scope of our work/Domineering management behavior

Non-financial management’s excessive participation in, or preoccupation with, the selection of


accounting principles or the determination of significant estimates

A history of violations of securities law or other laws and regulations or claims against the entity, its
senior management or those charged with governance alleging fraud or violations of securities or other
laws and regulations.

Excessive management interest in maintaining or increasing entity’s stock price or earnings

A management practice of committing to aggressive or unrealistic forecasts.

Management failure to correct known significant deficiencies on a timely basis.

Ineffective

Unrealistic goals

Management’s interest to increase earnings

Failure to correct deficiency

Nonfinancial personnel involved in selecting accounting policies

The owner-manager makes no distinction between personal and business transactions

Dispute between

Disregard for the need for monitoring or reducing risks related to misappropriation of assets

Disregard for internal control by overriding existing controls or by failing to correct control deficiencies

Behavior indicating displeasure or dissatisfaction with the entity or its treatment of the employees
Changes in behavior or lifestyle

Tolerance of pety theft

Fraudulent financial reporting

Influence

Frequent disputes

Limited access

Unreasonable time constraints

Past experience

Not so harmonious relationship

Managements interest in improving earnings

Management’s failure to change deficiency

Personal and business

Lack of concern for internal control

Dissatisfaction as exhibited by treatment to employees

Change in business lifestyle

Tolerance of petty theft

Management’s commitment to unrealistic goals

Certain assertions, accounts and classes of transactions that have a higher inherent risk, because they
involve a high degree of management judgement and subjectivity, may present risks of material
misstatements due to fraud because they are susceptible to management manipulation.

Incentive/Pressure

Pressure to meet objectives

May bonus pag may nameet na quota

Personal finnaical obligation


Adverse relationship

Opportunity

Walang controls

Maliit yung asset

Adverse relationship

Rationalization

Makikita mo naman sa ugali nung client

Unrealistic

Di kinorrect

Binago for rax puporses

Change of lifestyle

Tolerance of petty theft

Assessment of risk of material misstatement due to fraud

Actions to address those risks, including programs and controls the entity has established

Any risks of fraud that have been identified by the management or brought to management’s attention

Management’s communication if any to those charged with governance regarding its processes for
identifying and responding to risks of fraud.

Management’s communication to employees regarding its views on business practices and behaviors

Management’s knowledge of any actual or suspected fraud or allegations of fraudulent financial


reporting affecting the entity and if so, management’s responses to such allegations or complaints

Risk assessment

Actons

Communication to those charged with governance

Fraud the management know or brought to their attention

Communication to employees
Allegations of fraud and actions

Whether the entity has entered into any significant unusual transactions if so, the nature terms and
business purposes of those transactions and whether such transactions involved related parties

Management

Those charged with governance

Risk of assessment

Internal control

Risk assessment

Communication to those charged with governance

Communication to employees

Suspected fraud and actions

Significant unusual transactions

Internal audit

Suspected

Management, those charged with governance, Internal audit, others

Circumstances that may be indicative of fraud

Controls address the risk of fraud

We evaluate:

The collective knowledge we have obtained throughout the audit

The information obtained from our inquiries

The type of risk

The magnitude of risk

The likelihood that the risk will result in a material misstatement in the financial statements
The pervasiveness of the risk

The collective knowledge

Information we have obtained from inquiry

The type of risk

The magnitude of risk

The likelihood that the risk will result in a material misstatement in the financial statement in the
financial statements

The pervasiveness of the risk

Collective knowledge

Information obtained from inquiry

The type of risk

The magnitude of risk

The likelihood that risk will result to material misstatements

The pervasiveness of the risk

The partner in charge of the audit evidences his or her review and approval by signing the APT form

Better communication – appropriate professional skepticism

Reduce the risk of undetected misstatement due to fraud

Focus audit efforts

Avoid inadvertent communication among the audit team of additional risks of material misstatement
due to fraud

Better communication – professional skepticism

Less risk na hinde madetect ung material misstatement due to fraud

Audit focus areas

Avoid inadvertent discussions


Specific considerations for non complex entities

In some entities, management may view the business as a extension of their own personal.

We thererfore consider the risks of material misstatements due tofraud involving management, whether
performed directly by them or under their direction

Inflating expenses

VAT declaration

Under-overstating reserves

Personal use

Payment to family

Loan on behalf of the entity

Using entity’s assets as collateral

Entering into transactions at other than an arm length transaction

The existence of related parties with a dominant influence over the entity and its management could
result in a risk of material misstatement due to fraud being identified

Unauthorized

Access not consistent with Assigned duties

Material adjustment

Photocopied original

Missing

Documents that appeared to be altered


Significant unexplained items or reconciliations

Inconsistent responses to inquiries

Missing

Altered

Photocopied

Unexplained

Vague response to inquiry for analytics

Unusual discrepancies between the entity’s records and confirmation replies

Missing inventory or physical assets of significant magnitude

Vague explanation

Discrepancies between accounting records and confirmation replies

Unavailable or missing electronic device, inconsistent with the entity’s control retention practices

No available evidence of key systems development and program in-charge testing and implementation
activities

Unusual balance sheet changes or changes in trends or important financial statement ratios or
relationships

Large number of credit entries and other adjustments made to accounts receivable

Unexplained differences between the accounts receivable subsidiary ledger and the general ledger

Fewer responses to confirmation requests than anticipated or a greater number of responses than
anticipated

Not authorized

Not properly recorded

Manage access

Missing
Photocopied

Discrepancies

Vague explanation

Fewer responses

Discrepancies between confirmation replies and record

Discrepancies between AR SL and GL

Too much credit for AR

Problematic relationships between us and the entity

Denied access to records facilities from whom we can obtain audit evidence

Undue time pressures

Management complaints about the conduct of the audit

Unwilingness to allow access to electronic fles for testing

Unusual delays in providing information we request

Denied access to key IT operations staff and facilities

Unusual delays in providing information we request

Management’s unwillingness to add or revise disclosures in financial statements to make them more
complete and transparent

Management’s unwillingness to appropriately address significant deficiencies in internal control

Intimidation/Complaint

Denied access

Unusual delays

Limited access

Refusal to address internal control deficiency

Refusal to revise disclosures

Accounting recrods
Not recorded appropriately

Material adjustment

Not authorized

Missing docs

Photocopied

Vague explanation

Unexplained recon item

Changes

AR credit

Confirmation vs Record

GL vs SL

Limited access

Galit sila

Deadline

Unsual delays

Unwillingness to acess

Management’s ace

Accounting policies that appear inconsistent with industry practices that are widely recognized and
prevalent

Frequent changes in accounting estimates that do not appeato result from changing circumstances

Tolerance of violations of the entity’s conduct

Deadlines

Access

Limited access

Time constraints

Management intimidation

Complaints
Unusual delays

Unwiliingness to revise disclosures

Fraud risk factors may be present at the entity, yet due to the circumstances and nature of its business
these may not present risks of material misstatement due to fraud.

We evaluate information obtained throughout the audit to determine of conditions indicate risks of
material misstatement due to fraud.

Nature of the business

Likelihood and magnitude

Audit team discussions

Analytical procedures

UTB

Inquiry

Reading relevant documents

Inspection

Observation

Analytical Procedures

Susceptibility of financial statements to fraud

Organizational structure

Management oversight of controls

Complexity of transaction processing

We may consider incorporating an element of unpredictability into the NTE of audit procedures.

Susceptibility of FS

Pressure
Unpredictability

Related party transactions

Wala bang controls

Presence of Controls

Management oversight

Management override

The nature and extent of management involvement in setting accounting policies developing significant
accounting estimates and preparing financial statements

Judgement

Segregation of duties

Selection of audit procedures

The nature of significant transactions outside the normal course of business including those with related
parties

Related party relationships and transaction issues

Question prompts on fraud

Where in the FS

Use of ambiguous words

Where in the FS

Vague words

Consideration of fraud risk factors

What matters were identified in GTAC

How may fraud occur in significant accounts where there is inherent risk

Which accounts may be vulnerable to manipulation

Wich part of the FS

Vague words
Consideration of fraud risk factors

GTAC

Recurring misstatements

In what areas did we identify exceptions in our test of controls and substantive procedures

In what ways could management originate and post inappropriate journal entries or other adjustments

Perspective of management – How to embezzle

How to commit fraud

How to steal

What is the easiest to do it

UTB

ELC

Analytics

The nature of the account

Subject to udgment

GTAC

The nature of account

Subject to judgment

ELC

Review of interim

Assessment of inherent risk

Related party transactions

GTAC

UTB/The review of interim

ELC
The nature of the account

Subject to judgement

Inherent risk assessment

Related part trasnactions

We evaluate which types ot revenue t

If we have not identified a risk of material misstatement due to fraud relating to revenue recognition,
we document the reasons supporting this conclusion for each type of revenue transaction.

However, if the revenue processes are non-complex with little subjectivitin meeting revenue recognition
criteria, we may conclude that there is not a material misstatement due to fraud relating to revenue
recognition.

The higher likelihood of management override of controls, the greater the extent our testing, for
example by including more journal entries in the population for testing.

There may be higher risks of management overriding controls over the processing of JEs and other
adjustments as there may be fewer controls in this area, and they may be able to

Intervene the processing or recording of a transaction

Direct less senior personnel to process or record a transaction in a way that I outside normal processes
and controls

Manipulate FSCP with the intention to materially misstate the financial statements

Revenue recognition – per revenue account

Related party transactions

Management override

Significant unusual trasnactions

As e identify significant unsusua transactions, we also consider that transactions with related parties

We determine whether to communicate the risk of material misstatement due to fraud to those charged
with governance when it is relevant to the oversight of the financial reporting process.
When we identify or suspect fraud, we communicate these matters to management and those charged
with governance as appropriate.

When it is relevant to the oversight of the financial reporting process

Revenue recognition

Related party

Management Override

Significant unusual transactions

APT

The procedures perfomed to obtain the necessary information

Ususally from inquiry lang naman froma management, those charged wiith governance, internal audit
and others

Identify risks of material misstatement due to fraud

The procedures peformed

The specific risks relating to management override of controls

If we have not identified a risk of material misstatement due to fraud relating to revenue recognition,
the reasons supporting this conclusion – involves little judgment and is less complex

Can be predicted with a high degree of confidence

The information we obtained – sources of information

Risk of material misstatements

If we have not identified risk, the reasons for such conclusion

The specific risks relating to management override of controls

For each risk – how and where could fraud occur, in sufficient detail

The controls related to each identified risk of material misstatement due to fraud
Risks – where and how to determine its effect on the financial statements

The controls related to the identified risk of material misstatement due to fraud

Documenting sufficient detail of how and where fraud could occur includes:

How the entity’s financial statements might be susceptible to material misstatement due to fraud

How management could perpetrate or conceal fraudulent finaincal reporting

How assets of the entity might be appropriated

How the entity’s financial statements are susceptible to fraud

How management could perpetrate

How assets can be misappropriated

The procedures performed – usually inquiry

Risk management override

Appropriate assets

How and where in the FS is related to fraud

Revenue – why hinde

The controls

For each identified

How could perpetrate

Misappropriate

Susceptibility