USPF College of Accountancy

Topic: Quality Control Considerations, Fraud, Error and Noncompliance

PART I. PSQC 1

1. The firm should establish a System of Quality Control to provide it with reasonable assurance that:
a. The firm and its personnel comply with professional standards and regulatory and legal requirements; and
b. The reports issued by the firm or engagement partners are appropriate in the circumstances.

2. Elements of a System of Quality Control

a. Leadership responsibility for quality within the firm
b. Ethical requirements
c. Acceptance and continuance of client relationships and specific engagements.
d. Human resources
e. Engagement performance
f. Monitoring

PART II. Quality Control for Audits of Historical Financial Information

1. The engagement team should implement quality control procedures that are applicable to the individual audit
engagement.

2. The engagement partner should

a. Take responsibility for the overall quality on each audit engagement to which that partner is assigned.
b. Consider whether members of the engagement team have complied with ethical requirements.
c. Be satisfied that appropriate procedures regarding the acceptance and continuance of client relationships
and specific audit engagements have been followed, and that conclusions reached in this regard are appropriate and have
been documented.
d. Be satisfied that the engagement team collectively has the appropriate capabilities, competence and time to perform
the audit engagement in accordance with professional standards and regulatory and legal requirements, and to enable an
auditor’s report that is appropriate in the circumstances to be issued.
e. Take responsibility for the direction, supervision and performance of the audit engagement in compliance with
professional standards and regulatory and legal requirements, and for the auditor’s report that is issued to be appropriate in
the circumstances.
f. Be satisfied that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for
the auditor’s report to be issued.

PART III. The Auditor’s Responsibility to consider Fraud in an Audit of Financial Statements

FRAUD refers to an intentional act by one party or more individuals among management, those charged with governance,
employees or third parties, involving the use of deception to obtain an unjust or illegal advantage

Fraud involves:
o Incentive or pressure to commit fraud
o A perceived opportunity to act or to do so
o Some rationalization of the act

• Management fraud - fraud involving one or more members of management or those charged with governance
• Employee fraud - fraud involving only employees of the entity
(In either case, there may be collusion within the entity or with third parties outside of the entity)

TWO TYPES OF FRAUD

1. FRAUDULENT FINANCIAL REPORTING

• Involves intentional misstatements including omissions of amounts or disclosures in financial statements to deceive
financial statement users
• often involves management override of controls that otherwise may appear to be operating effectively can be caused
by the efforts of management to manage earnings in order to deceive financial statements users by influencing their
perceptions as to the entity’s performance and profitability
• may be accomplished by the following
a. manipulation, falsification (including forgery), or alteration of accounting records or supporting documentation
from which the financial statements are prepared
b. misrepresentation in, or intentional omission from, the financial statements of events, transactions or other
significant information
 c. intentional misapplication of accounting principles relating to amounts, classifications, manner of presentation, or
disclosure

2. MISAPPROPRIATION OF ASSETS
• Involves the theft of an entity’s assets and is often perpetrated by employees in
relatively small and immaterial amounts
• Can also involve management who are usually more able to disguise or conceal misappropriations in ways that are
difficult to detect
• Often accompanied by false or misleading records or documents in order to conceal the fact that the aspects are
missing or have been pledged without proper authorization
• Can be accompanied in a variety of ways including:
o Embezzling receipts
o Stealing physical assets or intellectual property
o Causing an entity to pay for the goods and services not received
Using an entity’s assets for personal use

Responsibilities of Those charged with Governance and of Management

1. The primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the
entity and with management
2. It is important management, with the oversight of those charged with governance, place a strong emphasis on fraud
prevention, which may reduce opportunities for fraud to take place, and fraud deterrence, which could persuade in individuals
not to commit fraud because of the likelihood detection and punishment
3. It is the responsibility of those charged with governance of the entity to ensure , through oversight of management, that the
entity establishes and maintains internal control to provide reasonable assurance with regard to reliability of financial
reporting, effectiveness and efficiency of operations and compliance with applicable law and regulations
4. It is the responsibility of management, with oversight from those charged with governance, to establish a control
environment and maintain policies and procedures to assist in achieving the objective ensuring, as far as possible, the orderly
and efficient conduct of the entity’s business

Inherent limitations of an Audit in the context of Fraud

1. Owing to inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial
statements will not be detected, even though the audit is properly planned and performed in accordance with PSAs
2. The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting a material
misstatement resulting from error because fraud may involve sophisticated and carefully organized schemes designed to
conceal it, such as:
o Deliberate failure to record transactions
o Intentional misrepresentation being made to the auditor
o Forgery
3. The risk of the auditor not detecting a material misstatement resulting from management fraud is greater than for employee
fraud, because management is frequently in a position to directly or indirectly manipulate accounting records and present
fraudulent financial information
4. The subsequent discovery of a material misstatement of the financial statements resulting from fraud does not, in and of
itself, indicate a failure to comply with PSAs

Responsibilities of the auditor for detecting material misstatements due to fraud

1. An auditor conducting an audit in accordance with PSAs obtains reasonable assurance that the financial statements taken as
a whole are free from material misstatement, whether caused by fraud or error
2. An auditor cannot obtain absolute assurance that material misstatements in the financial statement will be detected
because of such factors as of the following:
o use of judgment
o use of testing
o inherent limitations of internal control
o the fact that much of the audit evidence available to the auditor is persuasive rather than conclusive in nature
3. The auditor should maintain an attitude of professional skepticism throughput the audit, recognizing the possibility that a
material misstatement due to fraud could exist, notwithstanding the auditor’s past experience with the entity about the
honesty and integrity of management and those charged with governance
4. Members of the engagement team should discuss the susceptibility of the entity’s financial statements to material
misstatement due to fraud
5. Risk assessment procedures

The auditor should perform risk assessment procedures to obtain an understanding of the entity and its environment, including
its internal control. As part of this work, the auditor performs the following procedures to obtain information that is used to
identify the risks of material misstatements due to fraud:
a. Makes inquiries of management, of those charged with governance, and of others within the entity as appropriate
and obtains an understanding of how those charged with governance exercise oversight of management’s processes for
identifying and responding to the risks of fraud and he internal control that management has established to mitigate these
risks
b. Considers whether one or more fraud risk factors are present
c. Considers any unusual or unexpected relationships that have been identified in performing analytical procedures
d. Considers other information that may be helpful in identifying the risks of material misstatement due to fraud.

Responses to the risks of material misstatement due to fraud

1. The auditor should determine overall responses to address he assessed risks of material misstatement due to fraud at the
financial statement level and should design and perform further audit procedures whose nature, timing and extent are
responsive to the assessed risks at the assertion level
2. In determining overall responses to address the risks of material misstatement due to fraud at the financial statement level
the auditor should:
• Consider the assignment and supervision of personnel
• Consider the accounting policies used by the entity; and
• Incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures
3. Audit procedures responsive to risks of material misstatement due to fraud at the assertion level

The auditor’s responses may include changing the nature, timing, and extent of audit procedures in the following ways:
a. The nature of audit procedures to be performed may need to be changed to obtain audit evidence that is more reliable
and relevant to obtain additional corroborative information
b. The timing of substantive procedures may need to be modified. The auditor may conclude that performing substantive
testing at or near the period end better addresses an assessed risk of material misstatement due to fraud
c. The extent of the procedures applied reflects the assessment of the risks of material misstatement due to fraud. For
example, increasing sample sizes or performing analytical procedures at a more detailed level may be appropriate
4. To respond to the risk of management override of controls, the auditor should design and perform audit procedures to:
a. Test the appropriateness of journal entries recorded in the general ledger and other adjustments made in the
preparation of the financial statements
b. Review accounting estimates for biases that could result to material misstatement due to fraud
c. Obtain an understanding of the business rationale of significant transactions that the auditor become aware of that are
outside the normal course of the business for the entity, or that otherwise appear to be unusual given the auditor’s
understanding of the entity and its environment

Communication with management and those charged with governance

1. If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor should
communicate these matters as soon as practicable to the appropriate
level of management
2. If the auditor has identified fraud involving management, employers who have significant roles in internal control, or others
where the fraud results in a material misstatement in the financial statements, the auditor considers seeking legal advice to
assist in the determination of the appropriate course of action
3. If the integrity or honesty of management or those charged with governance is doubted, the auditor considers seeking
legal advice to assist in the determination of the appropriate course of action
4. The auditor should make those charged with governance and management aware, as soon as practicable, and at the
appropriate level of responsibility, of material weaknesses in the design or implementation of internal control to prevent
and detect fraud which may have come to the auditor’s attention
5. The auditor’s professional duty to maintain the confidentiality of client information may preclude reporting fraud to a
party outside the client the entity. However, the duty of confidentiality may be overridden by regulatory requirements
Auditor unable to continue the engagement
1. If , as a result of a misstatement resulting from fraud or suspected fraud, the auditor encounters exceptional circumstances
that bring into question the auditor’s ability to continue performing audit, the auditor should:
a. Consider the professional and legal responsibilities applicable in the circumstances, including whether there is a
requirement for the auditor to report to the person or persons who made the audit appointment or, I some cases, to
regulatory authorities
b. Consider the possibility of withdrawing from the engagement; and

2. If the auditor withdraws:

i. Discuss the appropriate level of management and those charged with governance the auditor’s withdrawal from the
engagement and the reasons for the withdrawal; and
ii. Consider whether there is a professional or legal requirement to report to the person or persons who made the
audit appointment or, in some cases, to regulatory authorities, the auditor’s withdrawal from the engagement and the reasons
for the withdrawal

PART III. The Auditor’s Conideration of Laws and Regulations in an Audit of Financial Statements

1. “Noncompliance” as used in PSA 250 refers to acts of omission or commission by he entity being audited, either
intentional and unintentional, which are contrary to the prevailing laws and regulations
2. Noncompliance does not include personal misconduct (unrelated to the business activities of the entity) by the entity’s
management or employees
3. When planning and performing audit procedures and in evaluating and reporting the results thereof, the auditor should
recognize that noncompliance by the entity with laws and regulation may materially affect the financial statements

Responsibility of management for the compliance with laws and regulations

1. It is management’s responsibility to ensure that the entity’s operations conducted in accordance with laws and regulations
2. The responsibility for the prevention and detection of noncompliance rests with management
3. The following policies and procedures, among others, may assist management in discharging its responsibilities for the
prevention and detection of noncompliance:
o Monitoring legal requirements and ensuring that operating procedures are designed to meet these requirements
o Instituting and operating appropriate systems of internal control
o Developing, publicizing and following a Code of Conduct
- Ensuring employees are properly trained and understand the Code of Conduct
- Monitoring compliance with the Code of Conduct and acting appropriately to discipline employees who fail to
comply with it
o Engaging legal advisors to assist in monitoring legal requirements
o Maintaining a register of significant laws with which the entity has to comply within its
particular industry and a record of complaints

The auditor’s consideration of compliance with laws and regulations

1. The auditor is not, and cannot be held responsible for preventing noncompliance
2. The auditor should plan and perform the audit with an attitude of professional skepticism recognizing that the audit may
reveal conditions or events that would lead to questioning whether an entity is complying with laws and regulations
3. In order t plan the audit, the auditor should a general understanding of the legal and regulatory framework applicable to the
entity and the industry and how the entity is complying wih that framework
4. After obtaining the general understanding, the auditor should perform procedures to help identify instances of
noncompliance with those laws and regulations where non compliance should be considered when preparing financial
statements specifically:
a. Inquiring of management as to whether the entity is in compliance with such laws and regulations
b. On receipt of an inquiry from the proposed auditor, the existing auditor should advise whether there are any
professional reasons why the proposed auditor should not accept the appointment. If permission from the client to discuss its
affairs with the proposed auditor of denied by the client, the fact should be disclosed to the propose auditor

NOTHING FOLLOWS

“Let your life shows both wins and losses, but don’t let it show you didn’t try.”