Procedures performed to obtain the information for identifying and assessing the risks of material misstatements due to fraud.
Specific risks of material misstatement due to fraud identified by the auditor. Description of the auditor’s overall response to those risks.
If improper revenue recognition has not been identified as a risk factor, the reasons supporting such conclusion.
The results of procedures performed that addressed the risk that management would override controls.
Other conditions and analytical relationships that caused the auditor to believe that additional procedures or responses were required, and any other further responses to address risks or other conditions.
The nature of communications about fraud to management, those charged with governance, and others.
(AU-C 240.43–.46)
Antifraud Programs and Controls
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control—Integrated Framework (2013) includes a discussion of expectations related to preventing and detecting fraud.
In 2017, COSO updated its Enterprise Risk Management—Integrated Framework to address the evolving business environment.
The guidance in AU-C 240 is based on the presumption that entity management has both the responsibility and the means to take action to reduce the occurrence of fraud at the entity. To fulfill this responsibility, management should:
Create and maintain a culture of honesty and high ethics.
Evaluate the risks of fraud and implement the processes, procedures, and controls needed to mitigate the risks and reduce the opportunities for fraud.
Develop an appropriate oversight process.
Culture of Honesty and Ethics
A culture of honesty and ethics includes these elements:
A value system founded on integrity
A positive workplace environment where employees have positive feelings about the entity
Human resource policies that minimize the chance of hiring or promoting individuals with low levels of honesty, especially for positions of trust
Training—both at the time of hire and on an ongoing basis—about the entity’s values and its code of conduct
Confirmation from employees that they understand and have complied with the entity’s code of conduct and that they are not aware of any violations of the code
Appropriate investigation and response to incidents of alleged or suspected fraud
Evaluating Antifraud Programs and Controls
The entity’s risk assessment process (as described in the separate chapter on AU-C 315) should include the consideration of fraud risk. With an aim toward reducing fraud opportunities, the entity should take steps to:
Identify and measure fraud risk.
Mitigate fraud risk by making changes to the entity’s activities and procedures.
Implement and monitor an appropriate system of internal control.
Develop an Appropriate Oversight Process
The entity’s audit committee or board of directors should take an active role in evaluating management’s:
Creation of an appropriate culture
Identification of fraud risks
Implementation of antifraud measures
To fulfill its oversight responsibilities, audit committee members should be financially literate, and each committee should have at least one financial expert. Additionally, the committee should consider establishing an open line of communication with members of management one or two levels below senior management to assist in identifying fraud at the highest levels of the organization or investigating any fraudulent activity that might occur.
AU-C 240 ILLUSTRATIONS
Illustration 1. Risk Factors—Fraudulent Financial Reporting
The following are examples of risk factors, reproduced with permission from AU-C Section 240 Appendix A, relating to misstatements arising from fraudulent financial reporting:
Incentives/Pressures
1 Financial stability or profitability is threatened by economic, industry, or entity operating conditions, such as (or indicated by):High degree of competition or market saturation, accompanied by declining margins.High vulnerability to rapid changes, such as changes in technology, product obsolescence, or interest rates.Significant declines in customer demand and increasing business failures in either the industry or overall economy.Operating losses making the threat of bankruptcy, foreclosure, or hostile takeover imminent.Recurring negative cash flows from operations or an inability to generate cash flows from operations while reporting earnings and earnings growth.Rapid growth or unusual profitability, especially compared to that of other companies in the same industry.New accounting, statutory, or regulatory requirements.
2 Excessive pressure exists for management to meet the requirements or expectations of third parties due to the following:Profitability or trend-level expectations of investment analysts, institutional investors, significant creditors, or other external parties (particularly expectations that are unduly aggressive or unrealistic), including expectations created by management in, for example, overly optimistic press releases or annual report messages.Need to obtain additional debt or equity financing to stay competitive—including financing of major research and development or capital expenditures.Marginal ability to meet exchange listing requirements or debt repayment or other debt covenant requirements.Perceived or real adverse effects of reporting poor financial results on significant pending transactions, such as business combinations or contract awards.A need to achieve financial targets required in bond covenants.Pressure for management to meet the expectations of legislative or oversight bodies or to achieve political outcomes, or both.
3 Information available indicates that management’s or the board of directors’ personal financial situation is threatened by the entity’s financial performance arising from the following:Significant financial interests in the entity.Significant portions of their compensation (for example, bonuses, stock options, and earn-out arrangements) being contingent upon achieving aggressive targets for stock price, operating results, financial position, or cash flow.5Personal guarantees of debts of the entity.
4 There is excessive pressure on management or operating personnel to meet financial targets set up by the board of directors or management, including sales or profitability incentive goals.
Opportunities
1 The nature of the industry or the entity’s operations provides opportunities to engage in fraudulent financial reporting that can arise from the following:Significant related-party transactions not in the ordinary course of business or with related entities not audited or audited by another firm.A strong financial presence or ability to dominate a certain industry sector that allows the entity to dictate terms or conditions to suppliers or customers that may result in inappropriate or non-arm’s-length transactions.Assets,