● Examining the entity's inventory records to identify locations or items that require specific attention during or after the physical inventory count.
● Performing additional procedures during the count, such as rigorously examining the contents of boxes, checking for hollow squares in the manner in which goods are stacked, or examining the quality of liquid substances for purity, grade, or concentration.
● Performing additional testing of count sheets, tags, or other records to reduce the possibility of subsequent alteration or inappropriate compilation.
● Performing additional procedures to test the reasonableness of quantities counted, such as comparing quantities for the current period with prior periods by class or category of inventory or location.
● Using CAATs.
Management estimates. The auditor may want to supplement the audit evidence obtained. The auditor may:
● Engage a specialist to develop an independent estimate for comparison.
● Extend inquiries to individuals outside of management and the accounting department to corroborate management's ability and intent to carry out plans that are relevant to developing the estimate.
Examples of Responses to Identified Risks of Misstatements Arising from Misappropriation of Assets
The auditor will usually direct a response to identified risks of misstatements arising from misappropriation of assets to certain account balances. The scope of the work should be linked to the specific information about the identified misappropriation risk. (AU-C 240 Appendix B) The auditor may consider some of the procedures listed in the preceding section, “Examples of Responses to Identified Risks of Misstatements Arising from Fraudulent Financial Reporting.” However, in some cases, the auditor may:
● Obtain an understanding of the controls related to preventing or detecting the misappropriation and testing of such controls.
● Physically inspect assets near the end of the period.
● Apply substantive analytical procedures, such as the development by the auditor of an expected dollar amount at a high level of precision to be compared with a recorded amount.
NOTE: Audit procedures may involve both substantive tests and tests of controls. However, since management may be able to override controls, it is unlikely that audit risk can be reduced to an appropriate level by performing only tests of controls.
Addressing the Risk of Management Override
The auditor should perform the following procedures to specifically address the risk for management's override of controls.
Examining journal entries and other adjustments for evidence of possible material misstatement due to fraud, and testing the appropriateness and authorization of such entries. (AU-C 240.A49-.A50) The following procedures should help the auditor in addressing possible recording of inappropriate or unauthorized journal entries or making financial statement adjustments, such as consolidating adjustments, report combinations, or reclassifications not reflected in formal journal entries. The auditor should specifically:
1. Understand the financial reporting process, understand the design of controls over journal entries and other adjustments, and determine that such controls are suitably designed and placed in operation.
2. Identify and select journal entries and other adjustments for testing, while considering the following:
● What is our assessment of the risk of material misstatement due to fraud? (The auditor may identify a specific class of journal entries to examine after considering a specific fraud risk factor.)
● How effective are controls over journal entries and other adjustments? (Even if controls are implemented and operating effectively, the auditor should identify and test specific items.)
● Based on our understanding of the entity's financial reporting process, what is the nature of evidence that can be examined? (Regardless of whether journal entries are automated or processed manually, the auditor should select journal entries to be tested from the general ledger, and examine support for those items. In addition, if journal entries and adjustments are in electronic form only, the auditor may require that an information technology [IT] specialist extract the data.)
NOTE: Computer-assisted audit techniques (CAATs) such as data extraction applications frequently are the most effective and efficient means for identifying and selecting journal entries and adjustments for testing.
● What are the characteristics of fraudulent entries or adjustments, or the nature and complexity of accounts? Illustration 3 at the end of this chapter provides a worksheet to use in identifying characteristics of fraudulent journal entries or adjustments, or accounts that may be more likely to contain inappropriate journal entries or adjustments. (When audits involve multiple locations, the auditor should consider whether to select journal entries from various locations.)
● Are there any journal entries or other adjustments processed outside the normal course of business (i.e., nonstandard or nonrecurring entries)? The auditor should consider placing additional emphasis on identifying and testing items processed outside the normal course of business, because such items may not be subject to the same level of internal control as other entries.
3. Determine the timing of testing. Fraud may occur throughout a period, so the auditor should consider the need to test journal entries throughout the period under audit. However, the auditor should also consider that fraudulent journal entries are often made at the end of the reporting period and should focus on entries made during that time.
4. Ask individuals in the financial reporting process about inappropriate or unusual activity relating to journal entries and adjustments.
NOTE: The auditor should document the results of procedures performed to address the possibility that management might override controls.
Reviewing accounting estimates for biases that could result in fraud. (AU-C 240.A52-.A53) The auditor should consider whether differences between amounts supported by audit evidence and the estimates included in the financial statements, even if individually reasonable, indicate a possible bias on the part of entity's management. If so, the auditor should reconsider the estimates taken as a whole.
The auditor should retrospectively review significant accounting estimates in prior years' financial statements to determine whether there is a possible bias on the part of management. (Significant accounting estimates are those based on highly sensitive assumptions or significantly affected by management's judgment.) The review should provide information to the auditor about a possible management bias that can be helpful in evaluating the current year's estimates. If a management bias is identified, the auditor should evaluate whether the bias represents a risk for material misstatement due to fraud.
Evaluating whether the rationale for significant unusual transactions is appropriate. (AU-C 240.A54) Personnel at the entity engaged in trying to hide a theft or commit fraudulent financial reporting might use unusual or nonstandard transactions to conceal the fraud. The auditor should understand the business rationale for such transactions and whether the rationale suggests that the transactions are fraudulent. When evaluating the transactions, the auditor should consider:
● Is the transaction overly complex?
● Has management discussed the nature and accounting for the transaction with the audit committee or board of directors?
● Is management focusing more on achieving a particular accounting treatment than the underlying economics?
● Have any transactions involving special purpose entities or other unconsolidated related parties been approved by the audit committee or board of directors?
● Do transactions involve previously unidentified related parties?
● Do transactions involve parties that cannot support the transaction without the help of the audited entity?
Evaluating Audit