Auditing: Assessing Risk of Fraud: Lecture 9 - Professor Helen Brown Liburd (Spring 2014)

http://bit.do/dj6SW Link-Assistant secret sale page.
Principles of Auditing: Professor Liburd Lecture 9 Assessing Risk of Fraud, Internal Controls, & Control Risk Assessment 3/14/14 Please visit our website at http://raw.rutgers.edu TIME STAMPS 0:09 Exceptions / Red Flags to Fraud 7:48 Required Risk Assessments 13:17 Responding to the Risk of Fraud 17:33 Evaluate Audit Evidence 18:41 Communicate Fraud Matters 20:21 Document Fraud Matters 20:54 Corporate Governance Oversight to Reduce Fraud Risks 22:38 Initial Detection Method for Million-Dollar Schemes 23:44 Organizational Factors Contributing to Risk of Fraud 26:14 Professional Skepticism 30:39 New Topic: Internal Controls & Control Risk Assessment 31:34 Internal Control (definition & significance / importance) 34:42 Management & Auditor Responsibilities to Internal Control 38:02 Audit Risk Model for Planning 38:33 Components of Internal Control (Overview) 42:17 The Control Environment 42:42 Risk Assessment 44:51 Control Activities 47:40 Adequate Separation of Duties 50:03 Information & Communication 50:18 Monitoring 50:22 Process for Understanding Internal Control & Assessing Control Risk 52:09 Obtain & Document Understanding of Internal Control 52:32 Evaluating Internal Control Operation 53:20 Assess Control Risk 54:28 Why Assess Control Risk 54:47 Documenting Internal Control Understanding 55:59 Should Test of Controls be Completed Red flags that should alert an auditor to potential fraud include missing documents, alterations on documents, photocopied documents, second endorsements on checks, unusual endorsements, old outstanding checks, unexplained adjustments to accounts receivable and inventory balances, unusual patterns in deposits in transit, general ledgers that do not balance, cash shortages and overages, excessive voids and credit memos, customer complains, common names or addresses for refunds, increased past due receivables, inventory shortages, increased scrap, duplicate payments, employees that cannot be found, dormant accounts that have become active. Auditors must always presume that improper revenue recognition is a fraud risk. Auditors must identify risks of management override of controls, examine journal entries and other adjustments, review accounting estimates for biases, and evaluate business rationale for significant unusual transactions. Auditors must change the overall conduct of the audit to respond to identified fraud risks (i.e. assigning more experienced personnel to the audit or even a fraud specialist). They should design and perform audit procedures to address identified risks. Appropriate audit procedures used to address specific fraud risks depend on the account being audited and type of fraud risk identified. Further red flags to auditors include discrepancies in the accounting records, conflicting or missing evidential matter, problematic or unusual relationships between the auditor and management, results from substantive of final review stage analytical procedures, and vague, implausible or inconsistent responses to inquiries. Evidence that fraud may exist MUST be communicated to the appropriate level of management. Sarbanes Oxley states that significant deficiencies must be communicated to those charged with governance. Any fraud committed by management (no matter how small) is material. It is important to have a culture of honesty and high ethics (i.e. management "setting the tone at the top). Management must create a positive workplace environment, hire and promote appropriate employees, provide adequate training, and require employees to periodically confirm their responsibilities for complying with the code of conduct. Management has the responsibilities to evaluate risks of fraud, having to identify and measure fraud risks, and design and implement controls to mitigate fraud risks. For high fraud risk areas, management should periodically evaluate whether appropriate antifraud programs and controls have been implemented and operating effectively. Auditors are required to be skeptical (professional skepticism). Auditors should not dismiss information that may be important to an audit. This information may include observations about employee behavior that might indicate a willingness to participate in fraud. Internal control is a management process involving the people of the organization (the responsibility lies with management and the board of directors). Internal controls are designed to provide reasonable assurance regarding the safeguarding of assets, ensuring financial statement reliability, promoting operational efficiency, and encouraging compliance with management's directives. To receive additional updates regarding our library please subscribe to our mailing list using the following link: http://rbx.business.rutgers.edu/subscribe.html