In an audit of financial statements in accordance with GAAS an auditor is required to
Management is responsible for preparing the Company's financial statements and related information that appears in this annual report. Management believes that the financial statements fairly reflect the form and substance of transactions and reasonably present the Company's financial condition and results of operations in conformity with accounting principles generally accepted in the United States and International Accounting
Standards. Management has included in the Company's financial statements amounts that are based on estimates and judgments, which it believes are reasonable under the circumstances. The Company maintains a system of internal accounting policies, procedures, and controls intended to provide reasonable assurance, at appropriate cost, that transactions are executed in accordance with Company authorization and are properly recorded and reported in the financial statements, and that assets
are adequately safeguarded. Deloitte & Touche LLP audits the Company's financial statements in accordance with generally accepted auditing standards and provides an objective, independent review of the Company's internal controls and the fairness of its reported financial condition and results of operations. The Microsoft Board of Directors has an Audit Committee composed of nonmanagement Directors. The Committee meets with financial management, internal auditors, and the
independent auditors to review internal accounting controls and accounting, auditing, and financial reporting matters. Michael W. Brown We conducted our audits in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting
principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion. In our opinion, such financial statements present fairly, in all material respects, the financial position of Microsoft Corporation and subsidiaries as of June 30, 1995 and 1996, and the results of their operations and their cash flows for each of the three years ended June 30, 1996 in
conformity with accounting principles generally accepted in the United States and International Accounting Standards. Deloitte & Touche LLP
The most highly publicized statement on auditing standards in years rolled off the presses in early February. SAS no. 82, Consideration of Fraud in a Financial Statement Audit , provides expanded operational guidance on the auditors consideration of material fraud in conducting a financial statement audit. The new SAS, which supersedes SAS no. 53, The Auditors Responsibility to Detect and Report Errors and Irregularities , is effective for audits of financial statements for periods ending on or after December 15, 1997. This article explains why the American Institute of CPAs issued the new standard and how it will change what auditors do. After substantial deliberation, the ASB issued an exposure draft of a proposed SAS, Consideration of Fraud in a Financial Statement Audit , in May 1996. Although some mistakenly viewed the ED as a response to the Private Securities Litigation Reform Act of 1995, the boards consideration of fraud had started long before that legislation was signed in December 1995. After considering the issues raised in comment letters and revising the proposed SAS, in November 1996 the ASB voted to issue the final standard. Is the auditor responsible for detecting any kind of fraud that may have occurred? Absolutely not. The auditors responsibility relates to the detection of material misstatements caused by fraud and is not directed to the detection of fraudulent activity per se. Thus, the auditor of financial statements must obtain reasonable assurance that the statements are free of material misstatements, whether caused by error or fraud. Amendment to "Responsibilities and Functions of the Independent Auditor"
Some practitioners questioned the auditors responsibility to detect certain significant defalcations, such as at a retailing company where thefts are reflected in cost of goods sold after inventories are adjusted to actual quantities on hand. While the answer depends on the actual facts and circumstances involved, many believe the auditor should have a feel for when inventory shrinkage is not in line with other entities in the industry. Although some argue the amount attributed to a defalcation should be shown on a line labeled "theft expense," there is no such requirement under GAAP. How a Financial Statement Audit In an audit conducted in accordance with generally accepted auditing standards, the independent auditors objective is to express an opinion on how fairly the financial statements present—in all material respects—financial position, results of operations and cash flows in conformity with generally accepted accounting principles. A fraud audit is a separate engagement from a financial statement audit conducted in accordance with GAAS. In a fraud audit, there typically is an allegation of fraud or a fraud has already been discovered; the accountant is called in to gather evidence or to act as an expert witness in connection with legal proceedings relating to the fraud. he or she is not asked to give an opinion on the financial statements as a whole. The fraud audit typically is a consulting service; the accountant should refer to the AICPA statements on standards for consulting services for appropriate guidance. In conducting such an engagement, a practitioner also is subject to the AICPA and the applicable state CPA society Code of Professional Conduct. Additional guidance on conducting fraud investigations is available in the AICPA practice aid Fraud Investigations in Litigation and Dispute Resolution Services . SAS no. 82 requires the auditor to specifically assess the risk of material misstatement of the financial statements due to fraud in every audit. The auditor is not expected to assess the risk of fraud as high, medium or low, as might be the case in assessing control risk. Rather, SAS no. 82 asks the auditor to consider risk factors relating to fraudulent financial reporting and misappropriation of assets in each of the categories shown in paragraphs 16 and 18 of the statement. The auditor then needs to consider that risk assessment in designing the audit procedures he or she will perform. In the context of this statement, risk assessment is a process rather than a rating or a score. Does an auditor have to use the risk factors identified in the SAS? The specific risk factors can be customized as long as the auditor considers factors in each of the categories itemized in paragraphs 16 and 18. For instance, the auditor may wish to consider risk factors relevant only to a specific industry, such as banking. Under other circumstances, the auditor may wish to choose only those risk factors applicable to the small business under audit. Alternatively, an auditor may believe there are additional risk factors—not identified in the SAS—that require serious consideration. Auditors should be aware, however, that the risk factors in the SAS are discriminating and have been found to be present frequently in actual instances of fraud. What procedures should the auditor perform to ascertain that risk factors are present? Typically auditors will identify the presence of risk factors in planning the audit, in their consideration of internal control and inherent risk, from their past knowledge of the client (for ongoing clients) and in making certain inquiries of management required by SAS no. 82. Those inquiries include asking management about the risk of fraud in the entity and whether any frauds have been perpetrated on or within the entity. If the client has a program to prevent, deter or detect fraud, the auditor should ask whether it has identified any fraud risk factors. Ongoing risk assessment. Auditors should be aware of the risk factors throughout an audit, not just at the planning stage. The new SAS provides additional items, called "other conditions," that auditors need to consider in making the assessment. Examples include missing documents, unusual discrepancies between the entitys records and confirmation replies and unusual delays by the entity in providing requested information. When additional risk factors or other conditions come to their attention, auditors need to consider the impact, if any, on the risk assessment. What should the auditor do when he or she finds a misstatement due to fraud? Guidance in SASs nos. 82 and 53 on the auditors response to a detected fraud is very similar. If the misstatement resulting from fraud is not material to the financial statements, the auditor should refer the matter to an appropriate level of management at least one level above those involved and be sure the audit implications have been adequately considered. For fraud resulting in a material effect on the financial statements, or if the auditor is unable to determine the size of the misstatement, the auditor should take the actions identified above. In addition, the auditor should attempt to determine whether material fraud exists and, if so, its effect and, when appropriate, suggest that the client consult with legal counsel. Under certain circumstances, the auditor may have a responsibility to communicate outside the entity. For example, in audits of SEC registrants, the Securities and Exchange Commission requires auditors to report certain illegal acts pursuant to the Private Securities Litigation Reform Act of 1995 (codified in section 10A(b)1 of the Securities Exchange Act of 1934). When the auditor identifies fraud risk factors with control implications, he or she must consider whether they represent reportable conditions that should be reported to management and the audit committee. The View From the Inside Out: As they do with most new standards, companies have begun to consider the impact of Statement on Auditing Standards no. 82, Consideration of Fraud in a Financial Statement Audit , on their operations. Right now, theyre focusing attention on two areas, audit fees and the relationship with the external auditor. Audit fees . Although there is general agreement the standard may increase the audit fees some companies pay, the effect is likely to be minimal. Joseph P. Liotta, director—auditing for Consolidated Edison Co. of New York in New York City, said in a majority of cases SAS no. 82 will do little or nothing to audit fees. "Well-run organizations probably will not see noticeable changes." But, Liotta said, "some situations, particularly initial public offerings or certain industries, that require more effort on the public accountants part may increase fees." And in companies where management is not effectively addressing fraud risk factors, costs also may be greater. But SAS no. 82 is not the only pronouncement that generates additional compliance costs. As Liotta, a member of the American Institute of CPAs auditing standards board fraud task force, pointed out, "This can happen with any technical pronouncement; for example, a companys internal costs can go up in complying with a Financial Accounting Standards Board statement." Companies concerned about the cost of complying with SAS no. 82 can take measures—such as implementing controls designed to prevent and detect fraud—that will have the effect of reducing future fees. Relationship with external auditor. What will companies themselves have to do differently, both internally and in their interactions with their auditors? When he is asked this question, Liotta said he points to two paragraphs in SAS no. 82—paragraphs 13 and 24. Paragraph 13 requires the public accountant to make an inquiry of management to obtain its understanding about the risk of fraud in the entity and to determine whether it knows of any fraud perpetrated against the entity. "This will require companies to do some work. When well-run companies with good managements are asked straightforward questions, they like to give straightforward answers." In this case, Liotta said companies may have to do some internal assessments—carried out by the internal auditors or corporate controllers—to identify areas of risk for fraudulent financial reporting and for material misappropriation so they can give the outside auditors intelligent answers about the risk of fraud. Changes in the management representation letter are now being developed to incorporate the new fraud terminology. Liotta believes signing this letter will cause management to think carefully about what information the letter includes. Liotta said SAS no. 82 means auditors will be asking different questions of management and public accountants should bring this change to managements attention now so there is no surprise come next yearend. According to Liotta, "Research has shown that more frauds will be found by simply asking the right questions. Many people in an organization know something is going on but dont have an outlet to talk about it. If the auditor simply sits down with them, he or she can find out quite a bit." Liotta sees paragraph 24 of SAS no. 82 as an extension of paragraph 13, but more detailed. It says that if an entity has established a program designed to deter and detect fraud, the auditor may—but does not have to—consider its effectiveness. But the auditor should still question the staff overseeing the program to determine whether it has identified any fraud risk factors. Liotta said organizations have established many different programs to deter and detect fraud—internal audit departments, ethics hotlines and security departments. "The people who staff these programs have to understand they are going to be asked questions about what they find in their work." And, Liotta said, they are probably going to have to give an assessment about the overall impact of what they find on the financial statements and make a presentation to the public accountants. "Thats not going to generate more work for them," he said, "but it will put some of them in a position—perhaps for the first time—of talking to the public accountants." Because many corporations are organized as corporate holding groups or management companies and most business activities are carried out at a subsidiary level, Liotta said the real assessment of risk has to be done at the subsidiary level. He said paragraph 17 of SAS no. 82 spells out from a financial reporting point of view the fraud risk factors, which will be "very important to internal auditors" in making the risk assessment. Internal auditors wont be surprised by the factors, Liotta said, "but they will help them to look at fraudulent financial reporting from a subsidiary viewpoint." The purpose is to protect corporate management, "because the numbers that make up the consolidated financial statements come from down below and could contain some surprises." Liotta emphasized that "sometimes fraud occurs not at the highest level of the organization but, rather, at the lowest. The numbers and the effect could be significant." Overall effect. Asked about the likely impact of SAS no. 82, Liotta characterized it as an "operational document." If carried out properly, he said, it is "likely fraudulent financial reporting will be identified—if it exists." Liotta believes SAS no. 82 will increase the level of sensitivity on the part of external auditors and get them to "probe deeper." He advises chief financial officers, controllers and chief internal auditors to get copies of SAS no. 82, become familiar with its provisions and determine how their companies risk assessment processes should be modified. — Peter D. Fleming AICPA Guidance on The American Institute of CPAs is rolling out a new effort to provide user-friendly standards by offering implementation guidance on Statement on Auditing Standards no. 82, Consideration of Fraud in a Financial Statement Audit. These implementation efforts include
For information and to register, call 800-862-4272 and give the operator code WR. A video CPE self-study course based on these presentations will be available in late summer.
Note: The above prices do not include sales tax or shipping and handling. To order, call 800-862-4272 between 8:30 a.m. and 7:30 p.m. eastern time or fax 800-362-5066. What does GAAS require an auditor for?The auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of ma- terial misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures.
Which of the following documentation is required for an audit in accordance with GAAS?The correct answer is b) A client engagement letter that summarizes the timing and details of the auditor's planned fieldwork.
What is the meaning of the GAAS that requires the auditor to be independent?Auditor independence—a principle applicable to both internal and external audits and auditors—means that the individuals who conduct audits and the organizations they represent have no financial interest in and are otherwise free from conflicts of interest regarding the organizations they audit so as to remain ...
Which of the following is a principle underlying an audit conducted in accordance with GAAS?Which of the following is a principle underlying an audit conducted in accordance with generally accepted auditing standards? An auditor's opinion enhances the degree of confidence that intended users can place in the financial statements.
|