Cinthia Santamaria

Victoria Pham
Dr. F. Alali
Acct 505

Case 9.4 Bud’s Bug Blue Manufacturing

[1] List the four factors auditors should consider when evaluating the results of confirmation procedures. Also, what
are three of the characteristics of a reliable confirmation?

The four factors auditors should consider when evaluating the results of confirmation are the following:

a) The reliability of the confirmation and the alternative procedures

b) The nature of any exceptions, including implications both quantitative and qualitative
c) The audit evidence provided by other procedures
d) Whether additional audit evidence is needed

Confirmation requests should be tailored to the specific audit objectives. Thus, when designing the confirmation
requests, the auditor should consider the assertion(s) being addressed and the factors that are likely to affect the
reliability of the confirmations. Factors such as the form of the confirmation request, prior experience on the audit or
similar engagements, the nature of the information being confirmed, and the intended respondent should affect the
design of the requests because these factors have a direct effect on the reliability of the evidence obtained through
confirmation procedures.

Three if the characteristics of a reliable confirmation are:

a) The use of blank confirmation requests may provide a greater degree of assurance about the information
confirmed
b) The auditor should investigate relevant information provided on negative confirmations that have been
returned to the auditor to determine the effect such information may have on the audit
c) The auditor should direct the confirmation request to a third party who the auditor believes is knowledgeable
about the information to be confirmed

[2] What does it mean to “maintain control” over the confirmation requests and responses? What could go wrong if
the auditor does not maintain control over the confirmation process?

Maintaining control means establishing direct communication between the intended recipient and the auditor to
minimize the possibility that the results will be biased because of manipulation of the confirmation requests or
responses. (AU 330.28) This is necessary to ensure independent communication between the auditor and the customer.

If the auditor does not maintain control over the confirmation process, control over the process is deficient if the client
acquires the confirmation, because the client can alter the confirmation in order to commit fraud. Inadequate controls
may be situations where the respondent replies to a confirmation request other than in a written communication mailed
to the auditor, through fax or email. More evidence may be required to support the certainty and effectiveness of fax or
email responses. To confirm the source of the fax or email response the auditor should contact the sender through
phone call and the auditor should request that the sender mail the original confirmation addressed to the CPA.

There may be situations in which the respondent, because of timeliness or other considerations, responds to a
confirmation request other than in a written communication mailed to the auditor. When such responses are received,
additional evidence may be required to support their validity. For example, facsimile responses involve risks because of
the difficulty of ascertaining the sources of the responses. To restrict the risks associated with facsimile responses and
treat the confirmations as valid audit evidence, the auditor should consider taking certain precautions, such as verifying
the source and contents of a facsimile response in a telephone call to the purported sender. In addition, the auditor
should consider requesting the purported sender to mail the original confirmation directly to the auditor. Oral
confirmations should be documented in the working papers. If the information in the oral confirmations is significant,
the auditor should request the parties involved to submit written confirmation of the specific information directly to the
auditor.

[4] What is the difference between a positive and negative confirmation? What are the advantages and disadvantages
of each type?

A positive confirmation requests the respondent to confirm whether the balance as stated on the confirmation request
is correct or incorrect. A negative confirmation requests response only when the recipient disagrees with the stated
amount.

A positive confirmation is more reliable evidence because the auditor can perform follow-up procedures if a response is
not received from the recipient. Positive confirmation is the request addressed to third parties asking for a reply.
Sometimes, it is a blank form and third parties have to fill in the balance. Positive form provide more assurance as the
person received has to fill out the number in the blank form or if those forms didn’t come back, the auditors will be
alerted to perform further procedures. But the return of the form sometimes doesn’t tell the truth. The receiver may
just sign and send it back without matching the balance with their books.

Negative confirmation is the requests asking third parties to verify the balance shown in the request only if the amount
doesn’t match. With a negative confirmation, failure to a reply can be regarded as a correct response even though the
recipient may have ignored the confirmation request. It could lead to a misstatement if the recipient didn’t want to
verify the balance or if the mail was lost. Negative confirmations are less expensive to send than positive confirmations
because more can be distributed at the same total cost. Negative confirmations cost less because there are no second
requests and no follow-up of non-responses.

[5] Search the internet to identify a real-life situation where an auditor apparently did not maintain sufficient control
over the confirmation process. Briefly describe the situation you found.

Parmalat

Parmalat, Italy’s largest food company involved the disappearance of more than $10 billion dollars in assets. Parmalat
had been using its assets to offset more than a decade's worth of liabilities through off shoring and foreign finance
companies. The problem was that these assets did not exist. A document from the Bank of America that was supposed
to confirm the presence of an account containing more than $4 billion was determined to be a forgery. A Parmalat
representative claimed to have traced $7.7 billion to another Bank of America account, but a resulting search by the
bank's representatives determined that this account did not exist.

The scandal was discovered because Italian law mandates that companies must change audit firms every nine years.
Deloitte & Touche, which replaced auditor Grant Thornton in 1999, was the first to examine the nonexistent accounts.
This called into question what Grant Thornton's role was in the fraud, particularly since Parmalat continued to retain the
firm as its auditor for its Cayman Islands subsidiary, Bonlat, which was not subject to Italian law and was where the
missing assets were supposed to have been located. Although Grant Thornton claims to have been a victim of the fraud
as well, two of its executives are among the 11 people who have been arrested in connection with the case.
(http://www.allbusiness.com/accounting-reporting/fraud/1081567-1.html)
ZZZZ Best

Barry Minkow started operating his carpet cleaning business out of his family garage at 15 and six years later the
company ZZZZ Best had a market value of $211 million dollars. The major aspect of the fraud involved reporting fictitious
receivables and revenue from fire damage restoration jobs. (http://www.rohanchambers.com/Courses/Auditing/ZZZZ
%20Best%20Company.htm)

Frank La Forgia CPA

This case is about the improper professional conduct of LaForgia, a certified public accountant (“CPA”), who conducted
improper audits and reviews of Certified Services, Inc.’s (“Certified”) financial statements for the years ended December
31, 2002 and December 31, 2003

Certified was a publicly held company located in Fort Lauderdale, Florida. Certified and its subsidiaries operated a
professional employee leasing organization (“PEO”) business

On March 6, 2008 the Commission filed a complaint in U.S. District Court for the Southern District of Florida (the
“Complaint”), alleging, among other things, that Certified’s management engaged in financial fraud from approximately
4
2001 through 2004. The Commission alleged that Certified’s officers artificially and materially inflated the company’s
financial condition in its Commission filings by including at its high point almost $47 million in bogus letters of credit
(“LOCs”) as assets on its balance sheet and omitting liabilities that reached a high of approximately $65 million. The
Commission also alleged that the company failed adequately to disclose material related party relationships and related
party transactions.

Failure to Control the LOC Confirmation Process

LaForgia was Rosenberg Rich’s engagement partner on the audits and reviews at issue. LaForgia was confronted
with numerous facts that should have caused him to heighten his skepticism during the LOC confirmation process. For
example, he was aware of Certified’s rapid growth, the increase in the LOCs as a proportion of Certified’s assets,
LaForgia’s documented concerns regarding Certified’s management and his knowledge of Huff’s criminal background.
Significantly, LaForgia also knew that Certified did not maintain accounts with the financial institution that purportedly
issued the LOCs. Despite these facts, and in contravention of AU § 330.15, (AU § 330, The Confirmation Process) LaForgia
did not exhibit an appropriate level of professional skepticism.

LaForgia’s review of the LOCs and the process LaForgia directed and conducted to confirm the LOCs were
insufficient. GAAS requires that “[d]uring the performance of confirmation procedures, the auditor should maintain
control over the confirmation requests and responses. Maintaining control means establishing direct communication
between the intended recipient and the auditor to minimize the possibility that the results will be biased because of
interception and alteration of the confirmation requests or responses.” (AU § 330.28) GAAS also instructs that “[t]he
auditor should direct the confirmation request to a third party who the auditor believes is knowledgeable about the
information to be confirmed. For example, to confirm a client’s oral and written guarantees with a financial institution,
the auditor should direct the request to a financial institution official who is responsible for the financial institution’s
relationship with the client or is knowledgeable about the transactions or arrangements.” (AU § 330.26) LaForgia and his
team did not control the LOC confirmation process. Rather than independently obtaining the address of the issuing
bank, LaForgia and his team of auditors relied on Certified to supply the contact information. The address they found in
Certified’s documents was not actually connected with the bank but instead was the address of a retail mail service
store.
 LaForgia and his team also failed to reasonably evaluate a purported confirmation response from the issuing
bank. LaForgia did not question why a standard client authorization for release of information letter directed to Certified
and received by the auditors was signed by a purported bank employee rather than someone from Certified.
Additionally, LaForgia and his team requested certain information concerning LOCs issued on behalf of Certified’s
subsidiary, however the issuing bank response listed Certified, not the subsidiary as the beneficiary of the LOCs. Despite
LaForgia’s receipt of this document he failed adequately to analyze this one-page confirmation and did not notice the
discrepancy. This discrepancy should have increased LaForgia’s skepticism for two reasons. First, Certified was never
mentioned in the auditors’ authorization letter. Second, neither Certified nor its subsidiary ever had a banking
relationship with that bank. Further, LaForgia and his team requested that the issuing bank identify the source of the
LOCs’ collateral, but the response failed to address this issue and LaForgia did not further pursue it. Finally, Certified did
not have any other bank documents to support the issuance of the LOCs and the auditors did not obtain any evidence of
cash disbursements backing the LOCs. The totality of these facts should have raised LaForgia’s skepticism regarding the
validity of the LOCs, particularly since they comprised such a large part of Certified’s assets.

Works Cited

http://www.sec.gov/litigation/admin/2009/34-60415.pdf