Return to site

A guide to understanding assurance, corporate governance and fraud risk

September 4, 2024

Assurance and audit

Assurance

Reasonable Assurance:

  • the assurance provider’s opinion is stated in the positive form, indicating that the information subject to audit is materially correct and that a high level of assurance has been achieved.

Limited Assurance:

  • The Assurance provider’s opinion is stated in the negative form, indicating that the information subject to review has not been found to be materially incorrect and that nothing has come to their attention based on the limited scope procedures and that less than a high level of assurance has been achieved.

Non audit procedure

1. Review

Review of financial statement of non-public company.

  • A review is designed to obtain only limited assurance that there are no material modifications that should be made to the financial statements in order for the statements to be in conformity with the applicable financial reporting framework.
  • A review is significantly less in scope than an audit
  • Obtain a general understanding of the business
  • Inquiries and basic analytical procedures should be performed for each of the material account balances.
  • Usually involve no assessment of internal controls and no substantive tests of details

Review of interim Financial Information for Audit Clients

  • The auditor should perform review procedures on the interim financial reports.
  • The review procedures are similar to those required above
  • In addition, the auditor should
  • obtain written representations from management
  • Understand the client’s internal controls

2. Compilation

Can only be performed for non-public organizations and involve presenting, in form of financial statements, information that is the representation of the responsible party without the practitioner undertaking to express any assurance on the statements

  • No independence requirement as no assurance is provided.

3. Agreed upon procedure

“An agreed-upon procedures engagement is one in which a practitioner is engaged by a client to issue a report of findings based on specific procedures performed on subject matter”

Examples:

  • Performance of mathematical computations
  • Inspection of specified documents
  • Does not provide an opinion
  • Should not agree to perform agreed-upon procedures that are overly subjective.

 

Corporate governance

What is Corporate Governance?

A process by which the owners (stockholders) and creditors of an organization exert control and require accountability for the resources entrusted to the organization

Who are involved?

  • Board and committees
  • Shareholders, especially institutional investors/activists
  • Analysts
  • Creditors
  • Auditors (internal and external)
  • Other stakeholders such as employees

1. Board of directors

  • Elected by and represent shareholders
  • Roles: provide strategic guidance and oversight of management.
  • Compositions: consists of independent directors and executive directors
  • Committees: Audit, compensation and nomination committee

2. Governance reform

  • Regulations after Sarbanes-Oxley
  • Passed in Nov 2002, effective from 2005
  • Majority independent board
  • Independent audit committee with at least one financial expert
  • Independent compensation committee
  • Independent nomination committee

3. Audit committee

  • Role: provide oversight of the internal and external audit function, preparing financial statements
  • Select audit firms
  • Reviewing and approving internal audit
  • Discussing audit findings with internal and external auditors

Fraud risk

  • SSA 240 para 11 (a)
  • an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage
  • Fraud Vs Error: intention

Drivers of fraud

  • Incentive or pressure
  • Pressure from sources outside or inside the entity to achieve unrealistic financial results
  • Opportunity
  • A perceived opportunity for an individual to commit fraud
  • Rationalisation
  • The ability or capacity that enables people to justify or rationalise committing fraud

⚠️ Fraud risk is high when all three elements are present

Example:

  • Sam, an owner-manager of a construction company, has been offered a job to build a significant addition to a friend’s house. Sam has accepted the job on the condition that the friend pays for the work in cash and that the company does not issue any paperwork relating to the work. Sam believes that, as there is no physical evidence of the construction work in the financial records, the company does not have to declare the income received in the annual income tax return.
  • Questions: Consider the three drivers of fraud
  • Incentive or pressure: Sam has an incentive to reduce taxes that would otherwise be payable.
  • Opportunity: Sam, as the owner-manager, is able to override the internal controls over revenue recognition and not record the income from this service.
  • Rationalisation: Sam could justify this to himself as just being work for a friend and that he is entitled to the money, and also that it is acceptable for him not to record the revenue from this service as he already pays too much in taxes.
  • Other considerations:– Does size, complexity, ownership structure matter?

Small company is easier to override internal controls. If size is bigger, would be harder. For complexity, a complex firm will have more opportunities to hide the transactions, more fraudulent transactions. For ownership structures, diverse structure like public listed firms will reduce opportunities of committing fraud.

 

Fraud in context of an audit

The auditor is mainly concerned with fraud that causes a material misstatement in the financial statements.

  • Two types of misstatements
  • Fraudulent financial reporting: perpetrated by someone who has a vested interest in, or who is held accountable for, the financial performance and position of an entity
  • Misappropriation of assets: involves the theft of an entity’s assets and is usually perpetrated by employees in relatively small and immaterial amounts’
  • Responsibility for preventing and detecting fraud
  • Management and those charged with governance have primary responsibility for not only detecting, but also preventing, fraud within the entity
  • Auditor’s responsibility
  • Obtain reasonable assurance that the financial statements are free from material misstatement relating either to error or fraud.
  • due to ‘the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed’

Fraud risk assessment procedures

  • 1. Planning phase
  • Enquires of management
  • Process; policies; culture; communication
  • Problems
  • Enquires of others within the entity
  • E.g operation personnel, employee, vendor, legal counsel
  • Enquires of the internal auditors
  • Assessment, knowledge
  • Enquires of those charged with governance
  • Oversight function

Internal auditor’s view on fraud

  • Fraud risk is a compulsory assessment
  • Some process to perform:
  • Enquiries with management on awareness, understanding, history, processes and controls, reporting and other factors
  • Review of complaints register
  • Discussion with external/internal fraud committee
  • Research on typical areas of vulnerability in similar organization or process
  • Specifically consider and comment upon factors which would influence incentive, opportunity and attitude
  • 2. Risk response phase
  • Selecting journal entries for testing
  • Which journal to select? Complex transaction, end of reporting period, unusual transactions, internal control overriden
  • Review accounting estimates
  • Evaluate management judgment for possible bias
  • Perform retrospective review of significant management judgments
  • Introduce unpredictability - Modify timing, nature and extent of audit
  • E.g use different sampling technique, some testing at year end and some at interim review, increase sample size
  • 3. Reporting phase
  • Carry out final analytical review
  • Reevaluate misstatement found during audit
  • Obtain management representation letter
  • Communicating with management, those charged with governance, regulatory and enforcement authorities
  • Professional skepticism
  • Maintaining professional skepticism requires an ongoing questioning of whether the information and audit evidence obtained suggests that material misstatement due to fraud may exist
  • specifically states that unless there is reason to believe otherwise, the auditor may accept records and documents as genuine

Key issues raised

Clients

  • Expectations gap between clients and auditors
  • SMEs lack knowledge in preparing accounts
  • Unhealthy mindset in going for cheapest option

Practitioners

  • practitioners not upgrading, keeping up with accounting standards
  • “Spoiling the market” by doing everything
  • Audit sign-offs far exceeds resources and capacity
  • Fee undercutting

Other Issues

  • Talent attraction and retention
  • Shrinking pool of available accountants
  • SMPs lack profile/branding

 

How to tackle the challenges

Clients

  • Better educate/communicate changes in accounting standards
  • Practitioners
  • Invest in quality control process
  • Use ACRA Practice Monitoring Programme (PMP) to raise standards

Non-practising accountants to provide accounting services

Call for regulatory oversight

  • Require directors to attend basic accounting course
  • Subject directors to Continuing Professional Development
  • Sanction directors for not getting professional help in preparing accounts
  • Sanction accountants found negligent

Others

  • Change mindsets – narrow expectations gap
  • Encourage practitioners to push back jobs with untenable fees
  • Professional bodies (PBs) to connect SMPs with potential sources of talent