Chapter 3

AUDITOR'S RESPONSIBILITY

The fair presentation of the financial statements in accordance with the

applicable financial reporting standards is the responsibility of the client's
management. The auditor's responsibility is to design the audit to provide reasonable assurance
of detecting material misstatements in the financial statements. These misstatements may
emanate from
. Error, 2. Fraud, and 3. Noncompliance with Laws and Regulations

ERROR The term "error” refers to unintentional misstatements in the financial

statements, including the omission of an amount or a disclosure, such as:
• Mathematical or clerical mistakes in the underlying records
and accounting data An incorrect accounting estimate arising from
oversight or misinterpretation of facts Mistake in the application of
accounting policies
FRAUD Fraud refers to intentional act by one or more individuals among
management, those charged with governance, employees, or third parties,
involving the use of deception to obtain an unjust or illegal advantage.
Although fraud is a broad legal concept, the auditor is primarily concerned
with fraudulent acts that cause a material misstatement in the financial
statements

63
IP
3 Types of Fraud
There are two types of fraud that are relevant to fin statement audit. Misstatements resulting from
fraud financial reporting and misstatements resulting from misappropriation of assets.
out to financial
fraudulent
resulting from
1.
Fraud involves motivation to commit it and a perceived opportunity to do so. For example, an
employee might be motivated to steal company's assets because this employee lives beyond his
means. Also, a member of management may be forced to manipulate the financial statements in
order to meet an overly optimistic projection. A perceived opportunity to commit fraud may
exist when there is no proper segregation of duties among employees or when management
believes that internal control can be easily circumvented.
ounts

Fraudulent financial reporting involt. intentional misstatements or omissions of amo or

disclosures in the financial statements to deceive financial statement users. This type
of fraud is al known as management fraud because it usually. involves members of
management or those charpe with governance. This may involve
Manipulation, falsification or alteration of records or documents
Misrepresentation in or intentional omission of the effects of transactions from
records or documents Recording of transactions without substance
Intentional misapplication of accounting
The primary factor that distinguishes fraud from error is whether the underlying cause of
misstatement in the financial statements is intentional or unintentional. Although
the auditor may be able to identify opportunities for fraud to be perpetrated,
it is often difficult, if not impossible, for the auditor to determine intent, particularly
in matters involving management judgment, such as accounting estimates and the
appropriate application of accounting principles. Consequently, the auditor's
responsibility for the detection of fraud and error is essentially the same.

-
Responsibility of Management and Those Charged with Governance
policies
1 ՏԱՐՈՎ

Misappropriation of assets or employee fraud involves theft of an

entity's assets committed by the entity's employees. This may
include . Embezzling receipts
The responsibility for the prevention and detection of fraud and error rests
with both management and those charged with the governance of the entity.
In this regard, PSA 240 requires

Management to establish a control environment and to implement

internal control policies and procedures designed to ensure, among
others, the detection and prevention of fraud and error.
Stealing entity's assets such as cash, marketable securities, and
inventory Lapping of accouöts receivable
Individuals charged with governance of an entity to ensure the
integrity of an entity's accounting and financial reporting systems and
that appropriate controls are in place.
This type of fraud is often accompanied by false or
misleading records or documents in order to conceal the fact that the
assets are missing.

Auditor's Responsibility
2.
statements may ditor is not and ention of fraud to design the
Although the annual audit of financial stateme, act as deterrent to fraud and error, the auditor is.
cannot be held responsible for the prevention of and error. The auditor's responsibility
is to desio audit to obtain reasonable assurance that the first statements are free from
material misstatements, w caused by error or fraud.
The auditor should assess the risk that fraud of error may cause the financial statements to
contain material misstatements. In this regard, PSA 240 requires the auditor to specifically "assess
the risk of material misstatements due to fraud and consider that assessment in designing the
audit procedures to be performed."
atements, whether

Todaw
PLANNING PHASE 1. When planning an audit, the auditor should
make inquiries of management about the possibility of misstatements due to fraud
and error. Such inquiries may include
Management's assessment of risks due to
fraud Controls established to address the risks Any material error or fraud
that has affected the entity or suspected fraud that
the entity is investigating The auditor's inquiries of management may
provide useful information concerning the risk of material
misstatements in the financial statements resulting from employee fraud.
However, such inquiries are unlikely to provide useful information
regarding the risk of material misstatements in the financial statements
resulting from management fraud. Accordingly, the auditor should also
inquire of those individual in charge of governance to seek their views
on the adequacy of accounting and internal control systems in place,
the risk of fraud and error, and the integrity of management
bined
The fact that fraud is usually concealed can make it very difficult to detect.
Nevertheless, using the auditor's knowledge of the business, the auditor may
identify events or conditions that provide an opportunity, a motive or a means to
commit fraud, or indicate that fraud may already have occurred. Such events or
conditions are referred to as "fraud risk factors”. Fraud risk factors do not
necessarily indicate the existence of fraud, however, they often have been
present in circumstances where frauds have occurred. Examples of fraud risk
factors taken from PSA 240 are set out at the end of this chaptet: Judgments
about the increased risk of material misstatements due to fraud may
influence the
auditor's professional judgments in the f ollowing ways:
b. The auditor may approach the audit with
a heightened level of professional skepticism.
The auditor's ability to assess control risk at less than high level may be
reduced and the auditor should be sensitive to the ability of the
management to override controls.
FLOTT Duo

na
bac SPOLE
Lock

IVS

The audit team may be selected in wa, that ensure that the knowledge, skill, ar ability of
personnel assigned significan responsibilities are commensurate with the auditor's
assessment of risk.
Be satisfied that, given the position of the likely perpetratot, the fraud has no other
implications for other aspects of the audit or that those implications have been
adequately considered.
The auditor may decide to conside management selection and application of significant
accounting policies particularly those related to income determination and asset
valuation.
However, if the auditor detects a material fraud or has been unable to evaluate
whether the effect on financial statement is material or immaterial, the auditor should

TESTING PHASE
Consider implication for other aspects of the audit particularly the reliability of
management representations.
3.
During the course of the audit, the auditor may encounter circumstances that may
indicate the possibility of fraud or error. For example, there are discrepancies
found in the accounting records, conflicting or missing documents or lack of
cooperation from management. In these circumstances, the auditor should
perform procedures necessary to determine whether material misstatements exist.
Discuss the matter and the approach to further investigation with an
appropriate level of that is at least one level above those involved,
Attempt to obtain evidence to determine whether a material fraud in fact
exists and, if so, their effect, and
Suggest that the client consult with legal counsel about questions of
law.
After identifying material misstatement in the financial statements, the
auditor should consider whether such a misstatement resulted from a fraud
or an error: This is important because errors will only result to an
adjustment of financial statements but fraud may have other
implications on an audit.
•
COMPLETION PHASE
5.
The auditor should obtain a written representation from the client's
management that
If the auditor believes that the misstatement is, or may be the
result of fraud, but the effect on the financial statements is not
material, the auditor should
it acknowledges its responsibility for the implementation and
operations of accounting and internal control systems that are
designed to prevent and detect fraud and error;
Refer the matter to the appropriate level of management at least one
level above those involved, and

ected

Because of the inherent limitations of an audit there is an unavoidable risk that

material misstatements in the financial statements resulting from fraud and error may not
be detected. Therefore, the subsequent discovery of material misstatement in the financial
statements resulting from fraud or error does not, in and of itself, indicate that the auditor
has failed to adhere to the basic principles and essential procedures of an audit.
it believes the effects of those uncorrec financial statement misstateme aggregated by the
auditor during the an are immaterial, both individually and the aggregate, to the financial statement
taken as a whole. A summary of a items
should be included in or attached to the written
representation; it has disclosed to the auditor all significant facts relating to any
frauds or suspected frauds known to management that may have affected the
entity; and it has disclosed to the auditor the results of its assessment of the
risk that the financial statements may be materially misstated as a result of fraud.
The risk of not detecting a material misstatement resulting from fraud is higher
than the risk of not detecting misstatements resulting from error. This is due to
the fact that fraud may involve sophisticated and carefully organized schemes
designed to conceal it, such as forgery, deliberate failure to record transactions,
or intentional misrepresentation being made to the auditor. Hence, audit
procedures that are effective for detecting material errors may be ineffective for
detecting material fraud, especially those concealed through collusion
CONSIDER THE EFFECT ON THE AUDITOR'S REPORT
When the auditor believes that material error or fraud exists, he should
request the management to revise the financial statements. Otherwise,
the auditor will express a qualified or adverse opinion.
Furthermore, the risk of the auditor not detecting a material misstatement
resulting from management fraud is greater than for employee fraud, because
those charged with governance and management are often in a position that
assumes their integrity and enables them to override the formally established
control procedures. Certain levels of management may be in a position to
override control procedures designed to prevent similar frauds by other
employees, for example, by directing subordinates to record transactions
incorrectly or to conceal them. Given its position of authority within an
entity, management has the ability to either direct employees to do
something or solicit their help to assist management in carrying out a fraud,
with or without the employees' knowledge.
7.
If the auditor is unable to evaluate the effect of fraud on the financial
statements because of a limitation on the scope of the auditor's
examination, the auditor should either qualify or disclaim his opinion on
the financial statements.
71

LAWS A
vs AND
NONCOMPLIANCE WITH REGULATIONS
commission by
Monitoring compliance with the Code of Conduct and acting appropriately to
discipline employees who fail to comply with it.
nintentional
Noncompliance refers to acts of omission of commissi the entity being audited, either intentional
or uninten which are contrary to the prevailing laws or regulations acts
include transactions
entered into by, or in the nat the entity or on its behalf by its management or empl
Common examples include:
rulations. Such in the name of
Engaging legal advisors to assist in monitoring legal requirements.

•
Maintaining a register of significant laws with which the entity has to comply within its
particular industry and a record of complaints.
Tax evasion Violation of environmental protection laws Inside trading of securities

Management's Responsibility
In larger entities, these policies and procedures may be supplemented by
assigning appropriate responsibilities to an internal audit function an audit
committee.

Auditor's Responsibility
It is management's responsibility to ensure that the entity operations are
conducted in accordance with laws and regulations. The responsibility for the
prevention and detection of noncompliance rests with management. (PSA
250)
An audit cannot be expected to detect noncompliance with all laws and regulations.
Nevertheless, the auditor should recognize that noncompliance by the entity with
laws and regulations may materially affect the financial statements.
The following policies and procedures, among others, may assist
management in discharging its responsibilities for the prevention and detection
of noncompliance:
Monitoring legal requirements and ensuring that operating procedures are
designed to meet these requirements.
PLANNING PHASE

1.
In order to plan the audit, the auditor should obtain a general
understanding of the legal and regulatory framework applicable to the entity
and the industry and how the entity is complying with that framework.
Instituting and operating appropriate systems of internal control.
Developing, publicizing and following a Code of Conduct.
To obtain the general understanding of laws and regulations, the auditor
would ordinarily:
• Use the existing knowledge of the entity's
industry and business.
Ensuring employees are properly trained and understand the Code of
Conduct.
73

oncerning the Aures regarding

Inquire of management concerni entity's policies and procedures to compliance
with laws and regulati
regulations
.

Inquire of management as to the la 'regulations that may be expected to a

fundamental effect on the operatie the entity.
the laws or vected to have e operations of
The auditor should also design audit procedures to obtain sufficient appropriate audit
evidence about compliance with those laws and regulations generally recognized by the
auditor to have an effect on the determination of material amounts and disclosures in financial
statements.

TESTING PHASE
identifying
Discuss with management the policie procedures adopted for identif evaluating
and accounting for lition claims and assessments.
ing for litigation

Discuss the legal and regulator framework with auditors of subsidiaries in other
countries (for example, if the subsidiary is required to adhere to the securities
regulations of the parent company).
4. When the auditor becomes aware of
information concerning a possible instance of noncompliance, the auditor should obtain
an understanding of the nature of the act and the circumstances in which it has
occurred, and sufficient other information to evaluate the possible effect on the financial
statements. When evaluating the possible effect on the financial statements, the
auditor considers:
The potential financial consequences, such as fines, penalties, damages, threat
of expropriation of assets, enforced discontinuation of operations and litigation.
Whether the potential financial consequences require disclosure.
RO
After obtaining the general understanding, the auditor should design
procedures to help identify instances of noncompliance with those laws
and regulations where noncompliance should be considered when
preparing financial statements, such as:
Inquiring of management as to whether the entity is in compliance with
such laws and regulations.
Whether the potential financial consequences are so serious as to call into
question the fair presentation given by the financial statements.

Inspecting correspondence with the relevant licensing or regulatory authorities.

5. When the auditor believes there may be
noncompliance, the auditor should document the findings, discuss them with
management, and consider the implication on other aspects of the audit

75

• COMPLETION PHASE
The auditor should obtain writt. representations that management has disclosed to the auditor all
known actual or possible noncompliance with laws and regulations that could materially affect the
financial statemente
not directly affect the fair presentation of the financial statements unless the results of other
procedures that were applied cause the auditor to suspect that a material indirect effect
noncompliance may have occurred.

CONSIDER THE EFFECT ON THE AUDITOR'S REPORT

Noncompliance may involve conduct designed to conceal it, such as collusion, forgery,
deliberate failure to record transactions, senior management override of controls or
intentional misrepresentations being made to the auditor.
7. When the auditor believes that there is
noncompliance with laws and regulations that materially affects the financial
statements, he should request the management to revise the financial statements.
Otherwise, a qualified or adverse opinion will be issued.
Examples of Risk Factors Relating to Misstatements Resulting from Fraud

8.
If a scope limitation has precluded the auditor from obtaining sufficient
appropriate evidence to evaluate the effect of noncompliance with laws and
regulations, the auditor should express a qualified opinion of a disclaimer of
opinion,
The fraud risk factors identified below are examples of such factors typically
faced by auditors in a broad range of situations. However, the fraud risk factors
listed below are only examples; not all of these factors are likely to be present in
all audits, nor is the list necessarily complete. Furthermore, the auditor exercises
professional judgment when considering fraud risk factors individually or in
combination and whether there are specific controls that mitigate the risk.
Fraud Risk Factors Relating to Misstatements Resulting from Fraudulent
Financial Reporting
An audit is subject to the unavoidable risk that some material misstatements in
the financial statements will not be detected, even though the audit is
properly planned and performed in accordance with PSAs. This risk is
higher with regard to material misstatements resulting from
noncompliance with laws and regulations because:
Fraud risk factors that relate to misstatements resulting from fraudulent financial
reporting may be grouped in the following three categories:
1. Management's Characteristics and Influence over the
Control Environment.
There are many laws and regulations relating principally to the operating
aspects of the entity that typically do not have a material effect on the
financial statements and are not captured by the accounting and
internal control systems. Auditors are primarily concern with the
noncompliance that will have a direct and material effect in the financial
statements. Hence, auditors do not normally design audit procedures to
detect noncompliance that will
2. 3.
Industry Conditions Operating Characteristics and
Financial Stability.
77

maud risk factors Lancial reporting

For each of these three categories, examples of fraud tie relating to misstatements arising from
fraudulent financial are set out below.

1.
racteristics and
Fraud Risk Factors Relating to Management's Characterist: Influence over the Control Environment
There is a failure by management to display and communicate an appropriate
attitude regarding internal control and the financial reporting process. Specific indicators might
include the following:
These fraud risk factors pertain to management's abili pressures, style, and attitude
relating to internal cont the financial reporting process.
ernal control and
- Management does not effectively communicate and support the entity's
values or ethics, or management communicates inappropriate values or ethics.

There is motivation for management to enga fraudulent financial reporting.

Specific indicators in include the following:
Management is dominated by a single person or a small group without compensating
controls such as effective oversight by those charged with governance.

Management does not monitor significant controls adequately.

A significant portion of management's compensation is represented by
bonuses, stock options or other incentives, the value of which is contingent
upon the entity achieving unduly aggressive targets for operating results,
financial position or cash flow.
b
e
Management fails to correct known material weaknesses in internal control on a
timely basis.

Management sets unduly aggressive financial targets

and expectations for operating personnel.
There is excessive interest by management in maintaining or increasing
the entity's stock price of earnings trend through the use of unusually
aggressive accounting practices.
Management displays a significant disregard for regulatory authorities.

|--
Management commits to analysts, creditors and other third parties to
achieving what appear to be unduly aggressive or clearly unrealistic
forecasts.
Management continues to employ ineffective accounting, information technology
or internal auditing staff.

Management has an interest in pursuing inappropriate means to

minimize reported earnings for tax-motivated reasons.
Non-financial management participates excessively in, or is preoccupied
with, the selection of accounting principles or the determination of
significant estimates.

There is a high turnover of management, counsel or board

members.

78

There is a strained relationship between management and the current or predecessor

auditor. Specific indicato might include the following:
2.
Fraud Risk Factors Relating to Industry Conditions

-
Frequent disputes with the current or a predecesso. auditor on accounting, auditing or
reporting matter
These fraud risk factors involve the economic and regulatory environment in which the
entity operates.

New accounting, statutory or regulatory requirements that could impair the financial
stability of profitability of the entity.
Unreasonable demands on the auditor, includino unreasonable time constraints
regarding the completion of the audit or the issuance of the auditor's report.
A high degree of competition or market saturation, accompanied by declining margins.
Formal or informal restrictions on the auditor that inappropriately limit the auditor's
access to people or information, or limit the auditor's ability to communicate
effectively with those charged with governance.
A declining industry with increasing business failures and significant declines in
customer demand.

Rapid changes in the industry, such as high vulnerability to rapidly changing technology
or rapid product obsolescence.
Domineering management behavior in dealing with the auditor, especially
involving attempts to influence the scope of the auditor's work.
3.
Fraud Risk Factors Relating to Operating Characteristics and Financial Stability

There is a history of securities law violations, or claims against the entity

or its management alleging fraud or violations of securities laws.
These fraud risk factors pertain to the nature and complexity of the entity and its
transactions, the entity's financial condition, and its profitability.

•
The corporate governance structure is weak or ineffective, which may be
evidenced by, for example:
Inability to generate cash flows from operations while reporting earnings and
earnings growth.

A lack of members who are independent of management

Significant pressure to obtain additional capital necessary to stay competitive,
considering the financial position of the entity (including a need for funds
to finance major research and development of capital expenditures).
Little attention being paid to financial reporting matters and to the
accounting and internal control systems by those charged with
governance.
Assets, liabilities, revenues or expenses based on significant estimates
that involve unusually subjective judgments or uncertainties, or that are
subject to potential
81
O

oner that may

entity (for sirables, the to of financial
luation of
Unrealistically aggressive sales or profitability incentive programs.
significant change in the near term in a manner have a financially disruptive effect on the
entir example, the ultimate collectibility of receivable timing of revenue recognition, the realizability
of fin instruments based on highly-subjective valuatio collateral or difficult-to-assess
repayment sources significant deferral of costs).
A threat of imminent bankruptcy, foreclosure or hostile
sources, or a
takeover.

Adverse consequences on significant pending transactions (such as a business

combination of contract award) if poor financial results are reported.
Significant related party transactions which are not in ordinary course of business.
Significant related party transactions which are not avdi or are audited by another firm.
A poor or deteriorating financial position when management has personally
guaranteed significant debts of the entity.
Significant, unusual or highly complex transaction (especially those close to
year-end) that pose difficul questions concerning substance over form.
Fraud Risk Factors Relating to Misstatements Resulting from Misappropriation
of Assets
Fraud risk factors that relate to misstatements resulting from misappropriation of
assets may be grouped in the following two
categories:
Significant bank accounts or subsidiary or branch operations in tax-haven
jurisdictions for which there appears to be no clear business justification.
1. 2.
Susceptibility of Assets to Misappropriation. Controls.
An overly complex organizational structure involving numerous or unusual
legal entities, managerial lines of authority or contractual arrangements
without apparent business purpose.
For each of these two categories, examples of fraud risk factors relating to
misstatements resulting from misappropriation of assets are set out below. The extent
of the auditor's consideration of the fraud risk factors in category 2 is influenced by
the degree to which fraud risk factors in category 1 are present.
Difficulty in determining the organization or person (or persons)
controlling the entity.
1.
Fraud Risk Factors Relating to Susceptibility of Assets to Misappropriation
Unusually rapid growth or profitability, especially compared with
that of other companies in the same industry.
These fraud risk factors pertain to the nature of an entity's assets and the degree to
which they are subject to theft.

Especially high vulnerability to changes in interest rates.

Large amounts of cash on hand or processed. Inventory characteristics,
such as small size combined with high value and high demand.
 .. Unusually high dependence on debt, a marginal ability to meet
debt repayment requirements, or debt covenants that are difficult to maintain.