The Risk-Based Approach to Audit and Forensic Investigations Essay

Abstract

Financial Statements are crucial material or an important source for various parties relying upon it for analysis and decision-making. Therefore, the information included in the financial statements should be accurate and should present a true and fair view of the information contained therein. Thus the role of the auditor becomes all the more significant, as he has to audit the financial statements verifying the data and material in it to ensure that the financial statements are not materially misstated. The auditor conducts his audit using various procedures and techniques. It isn’t necessary that the client’s financial statements are risk free and therefore the auditor adopts a risk-based approach to auditing. This approach, as discussed hereunder, is expected to be used significantly in the years to come.

The Risk-Based Approach to Audit and Forensic Investigations

Part:A

Explanation
There are various approaches to audit of financial statements of an entity. One of them is the risk-based approach. Due to inherent limitations of audit, there is no guarantee to the auditor that there is no fraud or error. The primary responsibility, however, of the prevention and detection of fraud and errors is of management and those charged with governance and not of the auditor. The frauds could be of various types including fraudulent financial reporting, misappropriation of assets etc. In this approach, the auditor identifies and evaluates the risks faced by the business and accordingly identifies the areas where the chances of fraud or error or omission might take place and accordingly allocates time money and resources to those areas. Risks differ for various entities and there is no standardized set of rules and regulations to ensure an efficient and accurate audit.

Audit Risk. Audit risk is the risk that the auditor might give an

inappropriate audit opinion, say due to negligence or inefficient audit procedures, where the financial statements are materially misstated as a consequence of fraud or error or omission. Essentially audit risk is the sum total of inherent risk, control risk and detection risk. Audit risk does not include business risk of an auditor as well as inappropriate audit reporting decisions resulting from inappropriate audit procedures. Inherent risk is a natural risk wherein the chances of an item being materially misstated are higher assuming the non-existence of internal control. For example, comparing cash and inventories, the likelihood of cash being misappropriated is higher. So there is inherent risk that cash may be mistaken in the financial statement, because of misappropriation/fraud. Control risk is the risk that despite having an internal control system, misstatement of balances of specific transaction balances cannot be prevented or detected on timely basis.

Detection risk is the risk that despite following the regular audit procedures, the auditor will fail to detect a material misstatement inherent in an item of financial statement.   After an evaluation of the inherent and control risk in the presence of fraud risk factors, the auditor should design substantive procedures to reduce to a minimum the detection risk. When the auditor gets indications that the material misstatements may be materially misstated as a result of fraud or error, he should perform procedures to determine the same, modify the nature, timing and extent of his audit procedures, consider the effect of fraud or error on auditors report and even go to the extent of considering change in assignment of audit team members.

As far as the effect of fraud and error on the auditors report is concerned, irrespective of whether the auditor is able or unable to confirm his suspicion on the material misstatement as a result of fraud or error, the effect of both will be on the auditors report. The auditor, based on his findings may give an unqualified, qualified, adverse or disclaimer report, as appropriate under the circumstances.

Also the auditor should document in his working papers the risk factors identified and his response to those risk factors, inquiring of the risk of fraud in the concern from the management, knowledge of the management of the fraud occurred, and the entity’s action plan to prevent/detect fraud. (Rawat, 2007) When considering the risk based approach, the auditor should consider at the beginning of the audit his knowledge of the clients business and the external and internal business environment and the various policies and procedures. The auditor should consider the concept of materiality and apply it the various circumstances based on his knowledge and experience and depending on the circumstances of each case. It might not be possible for the auditor to have a 100% check of the transactions and books of accounts. Therefore appropriate sampling procedures should be applied depending on the facts given to him. At the end, the auditor should report the matter of fraud or error to the management and those charged with governance. Ideally, the auditor should ensure to report the matter to the concerned authorities at a higher level than the one in which the accused are involved. In case the auditor finds that the higher authorities are involved, he should seek legal help to determine further course of action.

Thus, as the auditor is required to focus on the entity and its environment when making risk assessments, this is known as the ‘top down’ approach to identifying risks. The word ‘top’ refers to the daily operations of the entity and the environment in which it operates; ‘down’ is referred with respect to the financial statements of the entity.

In summary, this approach requires auditors to identify the key day-to-day risks faced by a business, to consider the impact these risks could have on the financial statements, and then to plan their audit procedures accordingly.

The audit risk approach has grown significantly in recent years. This is a result of auditing firms making their audit work more cost effective, whilst still maintaining audit quality. Compared to the older substantive testing and system based auditing, risk based auditing takes account of substantive test risks and includes, inherent risk, control risk, detection risk and sampling risk as well as other risk tests not mentioned in this report (i.e. analytical control risk). This system of assessing risk and focusing the audit on the high-risk areas minimises the auditor’s risk against paying damages to a client through negligent work. (2008)

Statutory Audit and Forensic Accounting Investigation

An audit is an independent examination of financial information of any entity, when such an examination is conducted with a view to expressing an opinion thereon.

An investigation implies systematic, critical and special examination of the records of a business for a specific purpose.

Based on the above, the objective of a statutory audit is to express opinion as to ‘true ; fair’ presentation of financial statements, whereas in forensic audit, the objective is to determine correctness of accounts or whether any fraud has actually taken place. The techniques used in statutory audit are ‘substantive’ and ‘compliance’ procedures, whereas in forensic investigation, analysis of past trend and substantive or ‘in depth’ checking of selected transactions takes place.

In statutory audit, normally all transactions for the particular accounting period are covered, whereas in forensic audit, there are no such limitations. Accounts may be examined in detail from the beginning or over various years. In statutory audit, reliance is placed on the management representations, whereas in forensic audit independent verification of suspected/selected items are carried out.

In statutory audit, documents are used to verify the arithmetic accuracy and compliance with procedures, whereas in forensic audit regularity and propriety of these transactions/contracts are examined. In statutory audit, negative findings or qualified opinion are expressed/reported, with or without quantification, whereas in forensic audit, legal determination of fraud and naming persons behind such frauds is determined. (Sekar, Prasath, 2007)

Part-B

WorldCom Fraud:

This scandal came to the knowledge of the world on 26th June 2002.The financial statements of WorldCom were misrepresented to the tune of $ 4 Billion. Fraudulent accounting practices occurred in four quarters of 2001 and one quarter of 2002.However, the company’s auditor Arthur Andersen accused the top executives of the company for withholding crucial aspects of its bookkeeping practices in order to wash its hands of the entire saga.

However in August 2002,the company reported improper reporting again to the extent of $ 3.3 Billion, which was done through clever manipulation of the EBITDA during the years 1999-2001 as well as the first quarter of 2002. (ICMR India)

The gimmick used by WorldCom is explained as under:

Step 1.The Company pays costs suspected to include wages and salaries to workers who performed maintenance and development work on the telecom systems.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Step 2.As a result of not showing these costs on the income statement as required, the net income of WorldCom is inflated.

Step 3.These costs were then transferred to the balance sheet on the assets side.

Step 4. These costs are then amortised from the net income over a period of time. Only part of the costs are included on the income statement which automatically artificially inflates the cash flows, profit margins ultimately the net incomes, which are actually the important measures used to value a company’s stock. (USA today)

Factors that could have alerted the auditors as to the fraud.

If the auditors had performed detailed analytical procedures,they would have performed a high level of audit testing which would have revealed high differences or variations in cashflows,expenses and assets and consequently profits/earnings etc.It would have been shown that the Internal control risk was very high, due to the factors of huge amount of loans made to the top management,dependency on stock for compensation,falling stock prices etc.And if the control risk would have been classified as high,the auditors would have become aware of ways in which the earnings could be manipulated including recognising revenue,assets being overvalued,not classifying costs in the income statement and then capitalising them and amortising over a period of time.The auditors should have conducted detailed sampling procedures on any suspected unusual items. The auditors should have secured a detailed knowledge of the entity and its internal and external environment.Since chances of revenue recognition mistakes are high,the auditors should have gone into detailed understanding of the revenue recognition policy.(Rittenberg)

Since the telecommunications industry wasn’t doing too well around 2000,the continuous meeting of targets and being able to maintain expenditure to earnings ratio should have raised questions.Thus the substantive tests and procedures carried out turned out to be ineffective. The management integrity should have been checked and their powers and authorities examined in great detail to detect inherent risk as also the approval of transactions and mergers by the board of directors and top management with respect to the information at hand.The related party transactions should have been examined in great detail.The internal auditors were underinfluenced which affected internal control. There was a failure of corporate governance.(2004)

Enron fraud:

After committing fraud through following irregular accounting procedures throughout the 90’s period, Enron filed for bankruptcy in late 2001 .In addition the scandal caused the dissolution of Arthur Andersen, one of the top accounting firms at that time. The firm was accused of obstructing justice for destruction of documents concerned with the audit of Enron and was prevented from further audit of public companies. The scandal resulted into shares value falling from about $ 90 to less than a dollar. Enron, to plan for and avoid taxes, created entities, through which it exercised ownership, management and control as well as flow of currency movement so as to enable it to hide its losses. This created a picture of higher profitability, and led to excessive financial deception to create an illusion of huge profits in billions. Stock prices rose, and consequently insider trading and information commenced. Also, the company had reported false profits, used accounting methods, which weren’t based on the generally accepted procedures. The controls, failed in its purpose of detecting the losses for a long duration of time. Various agencies like the accounting firms, credit rating agencies etc.failed to bring to the knowledge of the public, about the business losses. It was also revealed that huge amounts of money had been paid to the top 200 executives of the company i.e. more than a billion dollars in salary, bonuses and share options in 2000,before the bankruptcy took place. The majority of the increase was in the form of stock options. What is even more startling is the fact that the Board’s compensation committee never evaluated or raised questions about a single award and also the records were incomplete of some of the transactions. It was also suggested that between 1996-1999,Enron reported profits to shareholders as against reporting losses to the Tax Authorities, which was accomplished through complicated tax schemes including improper transactions with banks and others. The most disturbing aspect was the collaboration of professionals such as lawyers, accountants and bankers in presenting different picture to both the shareholders and the tax authorities as probably their service fees were at stake. The public kept on buying shares with the belief that all was well with the company and the value of the stock would go upwards with time. At the same time, Enron executives sold millions of dollars of stock. Another discrepancy that occurred was that the Enron executives had authorized a few changes in the company’s pension plan that made the pension plan worthless since the workers retirement funds in Enron stock froze as the price plummeted down.

Factors that could have alerted auditor as to the fraud.

Since the company had a fraudulent past, the auditors should have exercised professional skepticism right from the beginning. The transactions with special purpose entities on which Enron had control relates to related party transactions. The auditors should have gone into greater detail as to the transactions between them to unearth the losses. The various innumerable tax schemes introduced by the company should have been investigated as to its purposes to avoid manipulation of information. The compensation of the company’s top management was based on stock values and therefore the board compensation committee’s role and interests should have been verified. The fact that pension funds of the employees were connected with stock options should have been investigated. There was a conflict of interests of company, employees and auditors. The fact that the top management was influencing the auditors should have alerted the auditors. The fact that appointment of auditors was done by senior management and not shareholders should have raised questions. Insider trading should have been checked in greater detail. A few months before the bankruptcy, there were credit rating downgrades of the company. The off balance sheet subsidiaries losses should have been verified. The interests of the top management should have been verified.

Xerox fraud:

The securities and exchange commission filed a complaint against Xerox on April 11,2002.In the complaint, it was alleged that Xerox defrauded the public between 1997-2000 by employing accounting tricks, the most important one being a change in which Xerox recorded revenue from copy machine leases in the period of signing of a lease contract rather than recognising revenue ratably over the entire length of the contract. There are certain criteria given in the US GAAP to recognize the entire proceeds of the sale of equipment. If the criteria are not fulfilled, the sale is treated, in fact as lease and only the current period rental payments are treated as revenue in the current period. The charge against Xerox was that the change in accounting principles violated GAAP provisions and intended to fool everybody including Wall Street. The senior management at Xerox wanted a new partner to be assigned to its account when KPMG questioned the validity of the accounting practices followed by the company. However to keep its longstanding relationship with Xerox intact, and to recover audit and non-audit fees to the tune of $82 million between 1997-2000,KPMG followed management instructions. (Corporate NARC)

Xerox, over a period of 5 years improperly classified about $ 6 billion, causing an overstatement of earnings by nearly $ 2 billion. The first manipulation involved keeping revenue outside balance sheet and then with strategic calculations releasing the stored funds whenever there was a lag in earnings. The second and more significant manipulation was the increase in revenue from short-term equipment rentals, improperly classified as long term leases. The difference was significant since the entire value of a long-term lease can be included in the very first year of the agreement as revenue. The rental value however is spread over the period of contract. These manipulations increased short-term profits and enabled the company to meet profit expectations from 1997-1999.Thus Xerox spread its income over a period in a fraudulent manner. These manipulations became necessary because corporations were expected to keep up short term earnings, otherwise there would be a drop in share prices and consequently threaten their debt financing apart from financial consequences for top executives whose incomes are related with stock options. (Kay, 2002)

Factors that should have alerted the auditor as to fraud.

There were improper revenue recognition policies, which should have been detected through analysis of the accounting policies followed by the company. There was pressure on employees to meet revenue estimates. The authority of the top management should have been verified and the purpose of the approvals granted for various accounting treatments and transactions should have been verified. The capitalization policies and transactions should have been verified. The internal controls should have been tested in great detail through substantive procedures since there were improper accounting practices to boost current revenues and also the expectations of the analysts with respect to the performance of the company should have been verified. The internal control structure was inadequate which is a basic requirement before audit to check, and if had been checked, the auditor would have been in a better position to assess the risks involved. The documentation involved was inaccurate and should have been verified. The fact that the company did not follow GAAP requirements should have raised alarm bells. The fraud could have been avoided had it not been for the collusion of the management. Therefore the roles and responsibilities allocated should have been verified. There were manipulations of earnings reserves and bad debts. There were no compensation controls with respect to the management. Also the known reportable conditions were not corrected on a timely basis. There was also excessive participation by the no financial management in the selection of accounting principles and accounting estimates. The compensation of the top management was based on the stock prices which were based on the earnings of the company and this in itself should have alerted the auditors.

PART-C

Benefits of risk-based approach to auditing:

Risk based auditing tries to fulfill management goals and vision. One of the biggest benefits of this approach is that the level of risk of a particular area of audit can be assessed i.e. of specific balances and accounts. Consequently auditors can plan their audit more effectively and prioritise more efficiently leading to quality audit work. This approach tries to increase the scope of audit.

Since lot of testing is done, the procedures tend to become efficient over time.

Due to this approach, the auditors can advise the client better and give appropriate suggestions for improvement in their internal control structure and better financial reporting. Besides, the financial reporting is more value and purpose based and helps to evaluate the actual brand value of the company audited. Since the risk-based approach is based on knowledge of the clients business, its external and internal environment and ultimately helps to plan the audit work and design of custom made plans, procedures and tests unique to each clients requirements, it tends to be an efficient approach. The auditor tries to identify the areas with the maximum risk along with ensuring that no area of audit is neglected, thus making the audit more scientific and systematic. Also the Auditor through performing detailed substantive and analytical procedures acquires more knowledge of the client organisation, which helps him to better perform his functions during the audit process. Since the auditor plans the audit in a systematic manner, even the allocation of personnel to specified areas of the audit helps in efficient audit.

Compared to the previous approaches to audit, the risk based approach takes all the different types of risk into account namely sampling risk, analytical control risk etc. Also, in a risk based approach, the auditors knowledge of the clients operations and his prior audit experience helps him to understand what level of testing and application of procedures are required by him to gain satisfaction as to the accuracy of the system, controls and transactions. The auditor focuses on areas of high risk thus ensuring that the chances of errors and frauds are reduced to an absolute minimum. The sampling procedures designed in this approach are flexible in nature, which adds to quality of audit and saves time. The quality of the information content is rich in quality in this approach.

Limitations of risk-based approach to auditing:

One of the biggest limitations of this approach to auditing is that it is too time consuming with respect to information and data acquisition and therefore the costs are proportionately higher. Also when evaluating which areas of the entity audited are to be assessed as high risk areas, the auditor sometimes face difficulties in how much time to be allocated to a particular area, or what evidence to be extracted and in what proportions. Another disadvantage could be that expert knowledge on the risk evaluation techniques must be possessed by the auditor, otherwise the chances of efficient audit being conducted are very less.

Also, there is dependency on the client entity for cooperation in certain areas of audit. Also there could be conflict of interests between the client and the auditor.

Also, there is no one agreed or definite standardized approach, which helps the auditor to gather sufficient evidence through substantive and sampling procedures to support the specific assertions. Also the audit risk approach may sometimes fail to take post audit-planning changes into account i.e. events that are material which occur during the audit itself, which might lead to material misstatements still remaining in the accounts once the auditors have completed their procedures and tests. Also, it can be argued that the risk based approach might tend to make the auditors interested in raising the fees by performing detailed audit planning and thus consuming more time so as to raise their audit fees rather than focusing on improving the quality of the audit methods and systems. Sometimes, the risk concepts aren’t clearly understood and so there is an inefficient follow up to the risk mitigation procedures introduced which raises the chances of fraud or error creeping into the financial statements of the audited entity. Also, due to lack of time in some cases, there might not be too much time for planning an audit and therefore this approach becomes redundant.

Benefits of forensic accounting investigations:

Forensic accounting is a very important component in safeguarding the business assets of the enterprise.

Forensic accounting helps in assessing the damage to the clients and helps to prevent disputes from escalating. Two of the most important functions which forensic accounting takes care of are the prevention and detection of fraud, which helps in protecting the organisation. Forensic accountants can be used to testify as well at the trial when disputes occur. Forensic accounting enables early detection of any indications of fraud or error. It also creates more time for the forensic accountant to analyze in-depth and in greater detail of unusual or suspected transactions and balances. Detailed investigation of individuals and their backgrounds and their interests are also carried out in great detail. Forensic accounting goes beyond the normal conventional procedures of auditing and goes to the roots of the fraud with a view to bringing the perpetrators of the fraud to justice. The forensic accounting takes into account the past periods to get to the cause of the fraud. The suspected transactions are independently verified rather than seeking management representations.

Limitations of forensic accounting investigations:

Forensic accounting doesn’t always guarantee results. Therefore, if the forensic investigators and the audit entity start believing in forensic accounting that it would give accurate results, there would be complacency on their part and lots of discrepancies might get undetected. There are chances of the evidence assimilated during forensic investigation not standing in the court of law especially with respect to evidence obtained by automated forensics. The forensic accounting investigation is carried out only when it is requested by the management or there is information received from a ‘whistleblower’ or there are questions raised during normal audit. Thus it is not a necessary obligation on the part of a company. Forensic audit is not a primary audit like statutory audit.

The interested parties cannot request information from the entity while the forensic audit is going on. It is time consuming and costly.

References

Association of Chartered Certified Accountants Global (2008,February). Risk. Retrieved November 30,2008,from http://www.accaglobal.com/pubs/students/publications/student_accountant/archive/sa_feb08_pine.pdf

Corporate Narc.Xerox Accounting Scandal. Retrieved December 04,2008,from

http://www.corporatenarc.com/xeroxscandal.php

ICFAI center for management research. The WorldCom Accounting Scandal. Retrieved December 01,2008,from http://www.icmrindia.org/casestudies/catalogue/Finance/The%20WorldCom%20Accounting%20Scandal.htm

Public Company Accounting Oversight Board (2004,September 8-9). Financial Fraud. Retrieved December 03,2008,from http://www.pcaobus.org/standards/standing_advisory_group/meetings/2004/09-08/fraud.pdf

Rawat, D.S. (2007) Students Guide to Auditing Standards. New Delhi: Taxmann

Sekar, G., Prasath, B.S. (2007). Students Handbook on Advanced Auditing.Chennai: C.Sitaraman ; Co.Pvt.Ltd.

Southwestern. How the Risk-Based Approach to auditing should have detected WorldCom and other recent frauds. Retrieved December 02,2008,from http://www.swlearning.com/accounting/rittenberg/fifth_edition/detecting_fraud.html

USAtoday.Accounting Fraud. Retrieved December 02,2008, from http://www.usatoday.com/educate/college/business/casestudies/20030128-accountingfraud1.pdf

World Socialist Website (2002,July 1). Xerox restates billions in revenue: yet another case of accounting fraud.Retrieved December 04,2008,from http://www.wsws.org/articles/2002/jul2002/xero-j01.shtml

Abstract

Financial Statements are crucial material or an important source for various parties relying upon it for analysis and decision-making. Therefore, the information included in the financial statements should be accurate and should present a true and fair view of the information contained therein. Thus the role of the auditor becomes all the more significant, as he has to audit the financial statements verifying the data and material in it to ensure that the financial statements are not materially misstated. The auditor conducts his audit using various procedures and techniques. It isn’t necessary that the client’s financial statements are risk free and therefore the auditor adopts a risk-based approach to auditing. This approach, as discussed hereunder, is expected to be used significantly in the years to come.

The Risk-Based Approach to Audit and Forensic Investigations

Part:A

Explanation
There are various approaches to audit of financial statements of an entity. One of them is the risk-based approach. Due to inherent limitations of audit, there is no guarantee to the auditor that there is no fraud or error. The primary responsibility, however, of the prevention and detection of fraud and errors is of management and those charged with governance and not of the auditor. The frauds could be of various types including fraudulent financial reporting, misappropriation of assets etc. In this approach, the auditor identifies and evaluates the risks faced by the business and accordingly identifies the areas where the chances of fraud or error or omission might take place and accordingly allocates time money and resources to those areas. Risks differ for various entities and there is no standardized set of rules and regulations to ensure an efficient and accurate audit.

Audit Risk. Audit risk is the risk that the auditor might give an

inappropriate audit opinion, say due to negligence or inefficient audit procedures, where the financial statements are materially misstated as a consequence of fraud or error or omission. Essentially audit risk is the sum total of inherent risk, control risk and detection risk. Audit risk does not include business risk of an auditor as well as inappropriate audit reporting decisions resulting from inappropriate audit procedures. Inherent risk is a natural risk wherein the chances of an item being materially misstated are higher assuming the non-existence of internal control. For example, comparing cash and inventories, the likelihood of cash being misappropriated is higher. So there is inherent risk that cash may be mistaken in the financial statement, because of misappropriation/fraud. Control risk is the risk that despite having an internal control system, misstatement of balances of specific transaction balances cannot be prevented or detected on timely basis.

Detection risk is the risk that despite following the regular audit procedures, the auditor will fail to detect a material misstatement inherent in an item of financial statement.   After an evaluation of the inherent and control risk in the presence of fraud risk factors, the auditor should design substantive procedures to reduce to a minimum the detection risk. When the auditor gets indications that the material misstatements may be materially misstated as a result of fraud or error, he should perform procedures to determine the same, modify the nature, timing and extent of his audit procedures, consider the effect of fraud or error on auditors report and even go to the extent of considering change in assignment of audit team members.

As far as the effect of fraud and error on the auditors report is concerned, irrespective of whether the auditor is able or unable to confirm his suspicion on the material misstatement as a result of fraud or error, the effect of both will be on the auditors report. The auditor, based on his findings may give an unqualified, qualified, adverse or disclaimer report, as appropriate under the circumstances.

Also the auditor should document in his working papers the risk factors identified and his response to those risk factors, inquiring of the risk of fraud in the concern from the management, knowledge of the management of the fraud occurred, and the entity’s action plan to prevent/detect fraud. (Rawat, 2007) When considering the risk based approach, the auditor should consider at the beginning of the audit his knowledge of the clients business and the external and internal business environment and the various policies and procedures. The auditor should consider the concept of materiality and apply it the various circumstances based on his knowledge and experience and depending on the circumstances of each case. It might not be possible for the auditor to have a 100% check of the transactions and books of accounts. Therefore appropriate sampling procedures should be applied depending on the facts given to him. At the end, the auditor should report the matter of fraud or error to the management and those charged with governance. Ideally, the auditor should ensure to report the matter to the concerned authorities at a higher level than the one in which the accused are involved. In case the auditor finds that the higher authorities are involved, he should seek legal help to determine further course of action.

Thus, as the auditor is required to focus on the entity and its environment when making risk assessments, this is known as the ‘top down’ approach to identifying risks. The word ‘top’ refers to the daily operations of the entity and the environment in which it operates; ‘down’ is referred with respect to the financial statements of the entity.

In summary, this approach requires auditors to identify the key day-to-day risks faced by a business, to consider the impact these risks could have on the financial statements, and then to plan their audit procedures accordingly.

The audit risk approach has grown significantly in recent years. This is a result of auditing firms making their audit work more cost effective, whilst still maintaining audit quality. Compared to the older substantive testing and system based auditing, risk based auditing takes account of substantive test risks and includes, inherent risk, control risk, detection risk and sampling risk as well as other risk tests not mentioned in this report (i.e. analytical control risk). This system of assessing risk and focusing the audit on the high-risk areas minimises the auditor’s risk against paying damages to a client through negligent work. (2008)

Statutory Audit and Forensic Accounting Investigation

An audit is an independent examination of financial information of any entity, when such an examination is conducted with a view to expressing an opinion thereon.

An investigation implies systematic, critical and special examination of the records of a business for a specific purpose.

Based on the above, the objective of a statutory audit is to express opinion as to ‘true & fair’ presentation of financial statements, whereas in forensic audit, the objective is to determine correctness of accounts or whether any fraud has actually taken place. The techniques used in statutory audit are ‘substantive’ and ‘compliance’ procedures, whereas in forensic investigation, analysis of past trend and substantive or ‘in depth’ checking of selected transactions takes place.

In statutory audit, normally all transactions for the particular accounting period are covered, whereas in forensic audit, there are no such limitations. Accounts may be examined in detail from the beginning or over various years. In statutory audit, reliance is placed on the management representations, whereas in forensic audit independent verification of suspected/selected items are carried out.

In statutory audit, documents are used to verify the arithmetic accuracy and compliance with procedures, whereas in forensic audit regularity and propriety of these transactions/contracts are examined. In statutory audit, negative findings or qualified opinion are expressed/reported, with or without quantification, whereas in forensic audit, legal determination of fraud and naming persons behind such frauds is determined. (Sekar, Prasath, 2007)

Part-B

WorldCom Fraud:

This scandal came to the knowledge of the world on 26th June 2002.The financial statements of WorldCom were misrepresented to the tune of $ 4 Billion. Fraudulent accounting practices occurred in four quarters of 2001 and one quarter of 2002.However, the company’s auditor Arthur Andersen accused the top executives of the company for withholding crucial aspects of its bookkeeping practices in order to wash its hands of the entire saga.

However in August 2002,the company reported improper reporting again to the extent of $ 3.3 Billion, which was done through clever manipulation of the EBITDA during the years 1999-2001 as well as the first quarter of 2002. (ICMR India)

The gimmick used by WorldCom is explained as under:

Step 1.The Company pays costs suspected to include wages and salaries to workers who performed maintenance and development work on the telecom systems.

Step 2.As a result of not showing these costs on the income statement as required, the net income of WorldCom is inflated.

Step 3.These costs were then transferred to the balance sheet on the assets side.

Step 4. These costs are then amortised from the net income over a period of time. Only part of the costs are included on the income statement which automatically artificially inflates the cash flows, profit margins ultimately the net incomes, which are actually the important measures used to value a company’s stock. (USA today)

Factors that could have alerted the auditors as to the fraud.

If the auditors had performed detailed analytical procedures,they would have performed a high level of audit testing which would have revealed high differences or variations in cashflows,expenses and assets and consequently profits/earnings etc.It would have been shown that the Internal control risk was very high, due to the factors of huge amount of loans made to the top management,dependency on stock for compensation,falling stock prices etc.And if the control risk would have been classified as high,the auditors would have become aware of ways in which the earnings could be manipulated including recognising revenue,assets being overvalued,not classifying costs in the income statement and then capitalising them and amortising over a period of time.The auditors should have conducted detailed sampling procedures on any suspected unusual items. The auditors should have secured a detailed knowledge of the entity and its internal and external environment.Since chances of revenue recognition mistakes are high,the auditors should have gone into detailed understanding of the revenue recognition policy.(Rittenberg)

Since the telecommunications industry wasn’t doing too well around 2000,the continuous meeting of targets and being able to maintain expenditure to earnings ratio should have raised questions.Thus the substantive tests and procedures carried out turned out to be ineffective. The management integrity should have been checked and their powers and authorities examined in great detail to detect inherent risk as also the approval of transactions and mergers by the board of directors and top management with respect to the information at hand.The related party transactions should have been examined in great detail.The internal auditors were underinfluenced which affected internal control. There was a failure of corporate governance.(2004)

Enron fraud:

After committing fraud through following irregular accounting procedures throughout the 90’s period, Enron filed for bankruptcy in late 2001 .In addition the scandal caused the dissolution of Arthur Andersen, one of the top accounting firms at that time. The firm was accused of obstructing justice for destruction of documents concerned with the audit of Enron and was prevented from further audit of public companies. The scandal resulted into shares value falling from about $ 90 to less than a dollar. Enron, to plan for and avoid taxes, created entities, through which it exercised ownership, management and control as well as flow of currency movement so as to enable it to hide its losses. This created a picture of higher profitability, and led to excessive financial deception to create an illusion of huge profits in billions. Stock prices rose, and consequently insider trading and information commenced. Also, the company had reported false profits, used accounting methods, which weren’t based on the generally accepted procedures. The controls, failed in its purpose of detecting the losses for a long duration of time. Various agencies like the accounting firms, credit rating agencies etc.failed to bring to the knowledge of the public, about the business losses. It was also revealed that huge amounts of money had been paid to the top 200 executives of the company i.e. more than a billion dollars in salary, bonuses and share options in 2000,before the bankruptcy took place. The majority of the increase was in the form of stock options. What is even more startling is the fact that the Board’s compensation committee never evaluated or raised questions about a single award and also the records were incomplete of some of the transactions. It was also suggested that between 1996-1999,Enron reported profits to shareholders as against reporting losses to the Tax Authorities, which was accomplished through complicated tax schemes including improper transactions with banks and others. The most disturbing aspect was the collaboration of professionals such as lawyers, accountants and bankers in presenting different picture to both the shareholders and the tax authorities as probably their service fees were at stake. The public kept on buying shares with the belief that all was well with the company and the value of the stock would go upwards with time. At the same time, Enron executives sold millions of dollars of stock. Another discrepancy that occurred was that the Enron executives had authorized a few changes in the company’s pension plan that made the pension plan worthless since the workers retirement funds in Enron stock froze as the price plummeted down.

Factors that could have alerted auditor as to the fraud.

Since the company had a fraudulent past, the auditors should have exercised professional skepticism right from the beginning. The transactions with special purpose entities on which Enron had control relates to related party transactions. The auditors should have gone into greater detail as to the transactions between them to unearth the losses. The various innumerable tax schemes introduced by the company should have been investigated as to its purposes to avoid manipulation of information. The compensation of the company’s top management was based on stock values and therefore the board compensation committee’s role and interests should have been verified. The fact that pension funds of the employees were connected with stock options should have been investigated. There was a conflict of interests of company, employees and auditors. The fact that the top management was influencing the auditors should have alerted the auditors. The fact that appointment of auditors was done by senior management and not shareholders should have raised questions. Insider trading should have been checked in greater detail. A few months before the bankruptcy, there were credit rating downgrades of the company. The off balance sheet subsidiaries losses should have been verified. The interests of the top management should have been verified.

Xerox fraud:

The securities and exchange commission filed a complaint against Xerox on April 11,2002.In the complaint, it was alleged that Xerox defrauded the public between 1997-2000 by employing accounting tricks, the most important one being a change in which Xerox recorded revenue from copy machine leases in the period of signing of a lease contract rather than recognising revenue ratably over the entire length of the contract. There are certain criteria given in the US GAAP to recognize the entire proceeds of the sale of equipment. If the criteria are not fulfilled, the sale is treated, in fact as lease and only the current period rental payments are treated as revenue in the current period. The charge against Xerox was that the change in accounting principles violated GAAP provisions and intended to fool everybody including Wall Street. The senior management at Xerox wanted a new partner to be assigned to its account when KPMG questioned the validity of the accounting practices followed by the company. However to keep its longstanding relationship with Xerox intact, and to recover audit and non-audit fees to the tune of $82 million between 1997-2000,KPMG followed management instructions. (Corporate NARC)

Xerox, over a period of 5 years improperly classified about $ 6 billion, causing an overstatement of earnings by nearly $ 2 billion. The first manipulation involved keeping revenue outside balance sheet and then with strategic calculations releasing the stored funds whenever there was a lag in earnings. The second and more significant manipulation was the increase in revenue from short-term equipment rentals, improperly classified as long term leases. The difference was significant since the entire value of a long-term lease can be included in the very first year of the agreement as revenue. The rental value however is spread over the period of contract. These manipulations increased short-term profits and enabled the company to meet profit expectations from 1997-1999.Thus Xerox spread its income over a period in a fraudulent manner. These manipulations became necessary because corporations were expected to keep up short term earnings, otherwise there would be a drop in share prices and consequently threaten their debt financing apart from financial consequences for top executives whose incomes are related with stock options. (Kay, 2002)

Factors that should have alerted the auditor as to fraud.

There were improper revenue recognition policies, which should have been detected through analysis of the accounting policies followed by the company. There was pressure on employees to meet revenue estimates. The authority of the top management should have been verified and the purpose of the approvals granted for various accounting treatments and transactions should have been verified. The capitalization policies and transactions should have been verified. The internal controls should have been tested in great detail through substantive procedures since there were improper accounting practices to boost current revenues and also the expectations of the analysts with respect to the performance of the company should have been verified. The internal control structure was inadequate which is a basic requirement before audit to check, and if had been checked, the auditor would have been in a better position to assess the risks involved. The documentation involved was inaccurate and should have been verified. The fact that the company did not follow GAAP requirements should have raised alarm bells. The fraud could have been avoided had it not been for the collusion of the management. Therefore the roles and responsibilities allocated should have been verified. There were manipulations of earnings reserves and bad debts. There were no compensation controls with respect to the management. Also the known reportable conditions were not corrected on a timely basis. There was also excessive participation by the no financial management in the selection of accounting principles and accounting estimates. The compensation of the top management was based on the stock prices which were based on the earnings of the company and this in itself should have alerted the auditors.

PART-C

Benefits of risk-based approach to auditing:

Risk based auditing tries to fulfill management goals and vision. One of the biggest benefits of this approach is that the level of risk of a particular area of audit can be assessed i.e. of specific balances and accounts. Consequently auditors can plan their audit more effectively and prioritise more efficiently leading to quality audit work. This approach tries to increase the scope of audit.

Since lot of testing is done, the procedures tend to become efficient over time.

Due to this approach, the auditors can advise the client better and give appropriate suggestions for improvement in their internal control structure and better financial reporting. Besides, the financial reporting is more value and purpose based and helps to evaluate the actual brand value of the company audited. Since the risk-based approach is based on knowledge of the clients business, its external and internal environment and ultimately helps to plan the audit work and design of custom made plans, procedures and tests unique to each clients requirements, it tends to be an efficient approach. The auditor tries to identify the areas with the maximum risk along with ensuring that no area of audit is neglected, thus making the audit more scientific and systematic. Also the Auditor through performing detailed substantive and analytical procedures acquires more knowledge of the client organisation, which helps him to better perform his functions during the audit process. Since the auditor plans the audit in a systematic manner, even the allocation of personnel to specified areas of the audit helps in efficient audit.

Compared to the previous approaches to audit, the risk based approach takes all the different types of risk into account namely sampling risk, analytical control risk etc. Also, in a risk based approach, the auditors knowledge of the clients operations and his prior audit experience helps him to understand what level of testing and application of procedures are required by him to gain satisfaction as to the accuracy of the system, controls and transactions. The auditor focuses on areas of high risk thus ensuring that the chances of errors and frauds are reduced to an absolute minimum. The sampling procedures designed in this approach are flexible in nature, which adds to quality of audit and saves time. The quality of the information content is rich in quality in this approach.

Limitations of risk-based approach to auditing:

One of the biggest limitations of this approach to auditing is that it is too time consuming with respect to information and data acquisition and therefore the costs are proportionately higher. Also when evaluating which areas of the entity audited are to be assessed as high risk areas, the auditor sometimes face difficulties in how much time to be allocated to a particular area, or what evidence to be extracted and in what proportions. Another disadvantage could be that expert knowledge on the risk evaluation techniques must be possessed by the auditor, otherwise the chances of efficient audit being conducted are very less.

Also, there is dependency on the client entity for cooperation in certain areas of audit. Also there could be conflict of interests between the client and the auditor.

Also, there is no one agreed or definite standardized approach, which helps the auditor to gather sufficient evidence through substantive and sampling procedures to support the specific assertions. Also the audit risk approach may sometimes fail to take post audit-planning changes into account i.e. events that are material which occur during the audit itself, which might lead to material misstatements still remaining in the accounts once the auditors have completed their procedures and tests. Also, it can be argued that the risk based approach might tend to make the auditors interested in raising the fees by performing detailed audit planning and thus consuming more time so as to raise their audit fees rather than focusing on improving the quality of the audit methods and systems. Sometimes, the risk concepts aren’t clearly understood and so there is an inefficient follow up to the risk mitigation procedures introduced which raises the chances of fraud or error creeping into the financial statements of the audited entity. Also, due to lack of time in some cases, there might not be too much time for planning an audit and therefore this approach becomes redundant.

Benefits of forensic accounting investigations:

Forensic accounting is a very important component in safeguarding the business assets of the enterprise.

Forensic accounting helps in assessing the damage to the clients and helps to prevent disputes from escalating. Two of the most important functions which forensic accounting takes care of are the prevention and detection of fraud, which helps in protecting the organisation. Forensic accountants can be used to testify as well at the trial when disputes occur. Forensic accounting enables early detection of any indications of fraud or error. It also creates more time for the forensic accountant to analyze in-depth and in greater detail of unusual or suspected transactions and balances. Detailed investigation of individuals and their backgrounds and their interests are also carried out in great detail. Forensic accounting goes beyond the normal conventional procedures of auditing and goes to the roots of the fraud with a view to bringing the perpetrators of the fraud to justice. The forensic accounting takes into account the past periods to get to the cause of the fraud. The suspected transactions are independently verified rather than seeking management representations.

Limitations of forensic accounting investigations:

Forensic accounting doesn’t always guarantee results. Therefore, if the forensic investigators and the audit entity start believing in forensic accounting that it would give accurate results, there would be complacency on their part and lots of discrepancies might get undetected. There are chances of the evidence assimilated during forensic investigation not standing in the court of law especially with respect to evidence obtained by automated forensics. The forensic accounting investigation is carried out only when it is requested by the management or there is information received from a ‘whistleblower’ or there are questions raised during normal audit. Thus it is not a necessary obligation on the part of a company. Forensic audit is not a primary audit like statutory audit.

The interested parties cannot request information from the entity while the forensic audit is going on. It is time consuming and costly.

References

Association of Chartered Certified Accountants Global (2008,February). Risk. Retrieved November 30,2008,from http://www.accaglobal.com/pubs/students/publications/student_accountant/archive/sa_feb08_pine.pdf

Corporate Narc.Xerox Accounting Scandal. Retrieved December 04,2008,from

http://www.corporatenarc.com/xeroxscandal.php

ICFAI center for management research. The WorldCom Accounting Scandal. Retrieved December 01,2008,from http://www.icmrindia.org/casestudies/catalogue/Finance/The%20WorldCom%20Accounting%20Scandal.htm

Public Company Accounting Oversight Board (2004,September 8-9). Financial Fraud. Retrieved December 03,2008,from http://www.pcaobus.org/standards/standing_advisory_group/meetings/2004/09-08/fraud.pdf

Rawat, D.S. (2007) Students Guide to Auditing Standards. New Delhi: Taxmann

Sekar, G., Prasath, B.S. (2007). Students Handbook on Advanced Auditing.Chennai: C.Sitaraman & Co.Pvt.Ltd.

Southwestern. How the Risk-Based Approach to auditing should have detected WorldCom and other recent frauds. Retrieved December 02,2008,from http://www.swlearning.com/accounting/rittenberg/fifth_edition/detecting_fraud.html

USAtoday.Accounting Fraud. Retrieved December 02,2008, from http://www.usatoday.com/educate/college/business/casestudies/20030128-accountingfraud1.pdf

World Socialist Website (2002,July 1). Xerox restates billions in revenue: yet another case of accounting fraud.Retrieved December 04,2008,from http://www.wsws.org/articles/2002/jul2002/xero-j01.shtml