1. Professional auditing standards present the audit risk model, which is used to determine the nature, timing, and extent of audit procedures. Describe the components of the model and discuss how changes in each component affect the auditor’s need for evidence. The audit risk model is used to determine the nature, timing, and extent of substantive audit procedures. The components of audit risk model usually stated as follows: DR = AR/(IR x CR)
Where: DR = detection risk; AR = audit risk; IR = inherent risk; CR = control risk Detection Risk: auditors’ procedures will lead them to conclude that a financial statement assertion is not materially misstated when in fact such misstatement does exist.
If auditors want to decrease DR, they had better collect more evidence and make sure the validity of evidence. Audit Risk: auditors may unknowingly fail to appropriately modify their opinion on financial statements that are materially misstated. If AR should be keep in low level, which means the other risks also should be low.
Inherent Risk: The risk of material misstatement of a financial statement assertion, assuming there were no related controls. As inherent risk increases, PDR decreases, which in turn increases the auditor’s need for stronger evidence. Control risk: The risk that a material misstatement that could occur in an account will not be prevented or detected on a timely basis by internal control. If the strength of internal control is assessed as decreasing, the auditor should pay more attention to control risks.
2. One of the components of the audit risk model is inherent risk.
Describe typical factors that auditors evaluate when assessing inherent risk. With the benefit of hindsight, what inherent risk factors were present during the audits of the 1989 through 1992 Comptronix financial statements? Inherent risk is a measure of the auditor’s assessment of the susceptibility of an assertion to a material misstatement assuming there are no related internal controls. Some believe that inherent risk would be greater for some assertions and related account based on some conditions as follows:
•Complex calculations rather than simple calculations.
Once the company lost their a key customer, Management have a strong motivation manipulate sales and operating performance to satisfy investor expectations because the loss of a key customer put too much pressure on management to meet the requirements of external users. •Public Offering of Stock: After Comptronix made its public offering of stock , they have the pressure which push the management to manipulate operating performance too meet the expectations from the external users.
•Technological Improvement: Comptronix is a manufacture company which main products are circuit boards and the circuit boards’ development depend on technological improvement.
The technological improvement has a negative impact on operating performance. •Pressures from a new star Company: By the first year of the fraud (1989), Comptronix became a new company which can employ more than 1,800 employees in less than a decade , and at same time, the company expanded its the size of the company in three different locations. The rapid development of company made the management adjusted their operations instead of monitoring company operations. •Estimation of Accounts: The high inherent risk accounts include Accounts receivable/ payable, inventory, and property, plant, and equipment. But all the accounts’ computation is based on estimation which led the numbers are very unreliable and subjective.
•Cash Flow Pressures: Comptronix suffered net losses from 1986. Until the company attracted a venture capitalist, the company was able to generate strong sales and profits. Prior to 1989, Comptronix had generated only two consecutive years of profit after several years of net losses. cash flow of financial statement cannot cover many years of recurring losses. The management has motives to make up operating accounts to look perfect to attract more
investors. 3. Another component of the audit risk model is control risk. Describe the five components of internal control. What characteristics of Comptronix’s internal control increased control risk for the audits of the 1989-1992 year-end financial statements?
Five components of control risk are: control environment, risk assessment, control activities, information and communication, and monitoring. Control environment set the tone of an organization by influencing the control consciousness of people. Risk assessment is management’s process for identifying, analyzing, and responding to the risks. Control activities are policies and procedures that help ensure that management’s directives are carried out. Information is needed at all levels of an organization to assist management in meeting the organization’s objectives.
Monitoring of controls is a process to assess the quality of internal control performance over time. The information and communication is seriously weak in that he three executives were able to perpetrate the fraud by bypassing the existing accounting system. They could record the fictitious entries manually and other employees were excluded from the manipulations to minimize the likelihood of the fraud being discovered.
Besides, the weak control activity and monitoring is represented by the fact that Mr. Shifflett or Mr. Medlin could approve payments based solely on an invoice. Therefore, the fraud team was able to bypass internal controls over cash disbursements.
Internal controls were also insufficient to detect the manipulation of sales and accounts receivable. Mr. Medlin had the ability to access the shipping department system.
4. The board of directors, and its audit committee, can be an effective corporate governance mechanism. Discuss the pros and cons of allowing inside directors to sere on the board. Describe typical responsibilities of audit committees.What strengths or weaknesses were present related to Comptronix’s board of directors and audit committee?
As shareholders have limited access to the sufficient information, they are hard to monitor the daily transactions and management. They would delegate the responsibilities to the board of directors. Then, board of directors require inside directors to provide sufficient information in order to make decisions those are in the maximum profits of shareholders. However, if the inside directors have improper purposes, it’s easily to be a manipulation tool for management.
Audit committee is responsible for ensuring that the company’s financial statements and reports are accurate and use fair and reasonable estimates. More specifically, it is charged with overseeing the financial reporting and disclosure process, monitoring choice of accounting policies and principles, overseeing hiring, performance and independence of the external auditors, oversight of regulatory compliance, monitoring the internal control process, overseeing the performance of the internal audit function, and discussing risk management policies and practices with management.
The control environment is significantly influenced by the effectiveness of its board of directors or its audit committee. Factors that bear on the effectiveness of the board or audit committee include the extent of its independence from management, the experience and stature of its members. However, among the seven individuals in Comptronix board of directors, five members are either inside directors or directors had close affiliations with management.
In addition, the primary responsibility of the board of directors is to protect the shareholders’ assets and ensure they receive a decent return on their investment. Board members act as trustees of the organization’s assets and must exercise due diligence to oversee that the organization is well managed and that its financial situation remains sound. But the composition of Comptronix’s board of directors obviously lacks objectivity.
A qualifying audit committee should be composed of independent directors who are not officers or employees of the organization and who do not have other relationships that impair independence. However, The audit committee of Comptronix is made up two outside directors and one gray director, which would inevitably impair the independence. What’s more, to qualify, the committee must be composed of outside director with at least one qualifying as a financial expert. Nevertheless, for Comptronix Corporation, there is no indication of whether any of these individuals had accounting or financial reporting backgrounds. Lastly, the audit committee met only twice during 1991, it was not efficiently and sufficiently to monitor and oversee the financial reporting.
5. Public companies must file quarterly financial statements in Form 10-Qs, that have been reviewed by the company’s external auditor. Briefly describe the key requirements of Auditing Standards (AU) Section 722, Interim Financial Statements. Why wouldn’t all companies (public and private) engage their auditors to perform timely reviews of interim financial statements?
The term interim financial information means financial information or statements covering a period less than a full year or for a 12-month period ending on a date other than the entity’s fiscal year end.
A review consists principally of performing analytical procedures and making inquiries of persons responsible for financial and accounting matters, and does not contemplate (a) test of accounting records through inspection, observation, or confirmation; (b) tests of controls to evaluate their effectiveness; (c) the obtain net of corroborating evidence in response to inquiries; or (d) the performance of certain other procedures ordinarily performed in an audit.
The decision to have a review engagement is a joint decision of the client and auditor. So a review would be performed when the benefits to the auditor and to the client exceed the costs to both parties. In general, firms with high complexity are more likely to be reviewed than firms with low complexity. Firms with high growth opportunities a less likely to be reviewed than those with low growth opportunities for they may be associated with higher information and litigation risks. And it’s also about the firms’ audit assurance and insurance needs.
6. Describe whether you think Comptronix’s executive team was inherently dishonest from the beginning. How is it possible for otherwise honest people to become involved in frauds like the one at Comptronix?
We don’t think Comptronix’s executive team was inherently dishonest from the beginning. In opposite, we think there are two main reasons for the company committed the fraud.
The first is its weak internal control.
First comes to the company’s board of director. The board of directors is responsible for overseeing the actions of management. Factors that bear on the effectiveness of the board include the extent of its independence from management, the experience and stature of its members, the extent to which it raises and pursues difficult questions with management, and its interaction with the internal and external auditors. the audit committee of the board of directors should be composed of independent directors who are not officers or employees of the organization and who do not have other relationships that impair independence. In addition, the audit committee should have one or more members who have financial reporting expertise.
However, Comptronix’s board of directors consist of the CEO and the COO of the company, And two of the other five directors who had close affiliations with management, one served as the company’s outside general legal counsel and the other who served as vice president of manufacturing for a significant customer of Comptronix, and one of the remaining outside directors who was a partner in the venture capital firm that owned 574,978 shares (5.3%) of Comptronix’s common stock, the second outside director who was the vice chairman and CEO of the local bank originally loaning money to the company, and the third outside director who was president of an international components supplier based in Taiwan.
And there was no indication of whether any of these individuals had accounting or financial reporting backgrounds. 28.6% of the board consisted of inside directors. And even all of the board of directors disobey the independence and effectiveness of the formation of the board of directors. The interest relationship with the company increased the potential risk for the management to commit fraud.
The second reason is the huge pressure of harsh competition for the companies in the industry. The fraud was motivated by the loss of a key customer in 1989 to the three executives’ former employer, SCI. Since the first manipulation of the financial statement, they were forced to manipulate the other years and evidences to hide the manipulation, which created a vicious circle.
In conclusion, the weak internal control system provided a good environment for the commission of fraud. The huge pressure of the company brought the motivation of the fraud. Both of them played important roles for the honest people to become involved in frauds.
7. Auditing Standards (AU) Section 316, Consideration of Fraud in a Financial Statement Audit, notes that three conditions are generally present when fraud occurs. Research the authoritative standards for auditors and provide a brief summary of each of the three fraud conditions. Additionally, provide an example from the Comptronix fraud of each of the three fraud conditions.
(1) Three fraud conditions
First, management or other employees have an incentive or are under pressure, which provides a reason to commit fraud. Second, circumstances exist—for example, the absence of controls, ineffective controls, or the ability of management to override controls—that provide an opportunity for a fraud to be perpetrated. Third, those involved are able to rationalize committing a fraudulent act. Some individuals possess an attitude, character, or set of ethical values that allow them to knowingly and intentionally commit a dishonest act.
The incentive for top company executive to do fraud is that after the company went public, the company needed an increasing number for profit on the income statement, to attract more investors and make the stock price higher and higher.
One of the opportunities for fraud perpetrated in Comptronix is that their internal controls were so insufficient. The three executives had so many authorities to get access to various accounts. They can get control of both checks and accounts payable, which enable them to make fake equipment purchasing recording.
Because Comptronix`s quarterly filings were unaudited, the executives were successful in manipulating quarterly financial statements. After they successfully manipulated 1989 year-end sales and receivables, they thought their performance may not be discovered by external auditors and SEC, so they began recording fictitious quarterly sales frequently.
8. Auditing Standards Section 316, Consideration of Fraud in a Financial Statement Audit, notes that there is a possibility that management override of controls could occur in every audit and accordingly, the auditor should include audit procedures in every audit to address that risk.
a. What do you think is meant by the term “management override”?
Management override of internal controls is the intervention by managers in handling financial information and making decisions contrary to internal control policy. Managers may think they have the ability to operate outside of the internal controls, but this is not true.
b. provide two examples of where management override of controls occurred in the Comptronix fraud.
For example, Mr. Medilin, as controller and treasurer, has the authorization to manipulate both sales documents and accounts receivable documents. Thus he can enter bogus sales into the accounting system then make fake accounts receivable to overstate the company`s earnings. Moreover, in order to overstate the equipment and accounts payable, the three company executives cut fake checks to the bogus accounts payable vendors associated with the fake purchases of equipment. However, the check preparing and recording of equipment purchases jobs should be distributed to different staff. Handling these two jobs at the same time by same executives provide them opportunity to make overstated recording of equipment purchasing.
c. Research AU Section 316 to identify the three required auditor responses to further address the risk of management override of internal controls.
Three required auditor responses to further address the risk of management override: (1) Examining journal entries and other adjustments for evidence of possible material misstatement due to fraud. (2) Reviewing accounting estimates for biases that could result in material misstatement due to fraud. (3) Evaluating the business rationale for significant unusual transactions.