Auditing Standard No. 14
Evaluating Audit Results
Appendix C – Matters That Might Affect the Assessment of Fraud Risks
C1. If the following matters are identified during the audit, the auditor should take into account these matters in the evaluation of the assessment of fraud risks, as discussed in paragraph 28 of this standard:
- Discrepancies in the accounting records, including:
(1) Transactions that are not recorded in a complete or timely manner or are improperly recorded as to amount, accounting period, classification, or company policy. (2) Unsupported or unauthorized balances or transactions. (3) Last-minute adjustments that significantly affect financial results. (4) Evidence of employees' access to systems and records that is inconsistent with the access that is necessary to perform their authorized duties. (5) Tips or complaints to the auditor about alleged fraud.
- Conflicting or missing evidence, including:
(1) Missing documents. (2) Documents that appear to have been altered.1/ (3) Unavailability of other than photocopied or electronically transmitted documents when documents in original form are expected to exist. (4) Significant unexplained items in reconciliations. (5) Inconsistent, vague, or implausible responses from management or employees arising from inquiries or analytical procedures. (6) Unusual discrepancies between the company's records and confirmation responses. (7) Missing inventory or physical assets of significant magnitude. (8) Unavailable or missing electronic evidence that is inconsistent with the company's record retention practices or policies. (9) Inability to produce evidence of key systems development and program change testing and implementation activities for current year system changes and deployments. (10) Unusual balance sheet changes or changes in trends or important financial statement ratios or relationships, e.g., receivables growing faster than revenues. (11) Large numbers of credit entries and other adjustments made to accounts receivable records. (12) Unexplained or inadequately explained differences between the accounts receivable subsidiary ledger and the general ledger control account, or between the customer statement and the accounts receivable subsidiary ledger. (13) Missing or nonexistent cancelled checks in circumstances in which cancelled checks are ordinarily returned to the company with the bank statement. (14) Fewer responses to confirmation requests than anticipated or a greater number of responses than anticipated.
- Problematic or unusual relationships between the auditor and management, including:
(1) Denial of access to records, facilities, certain employees, customers, vendors, or others from whom audit evidence might be sought, including:2/
- Unwillingness to facilitate auditor access to key electronic files for testing through the use of computer-assisted audit techniques.
- Denial of access to key information technology operations staff and facilities, including security, operations, and systems development.
(2) Undue time pressures imposed by management to resolve complex or contentious issues. (3) Management pressure on engagement team members, particularly in connection with the auditor's critical assessment of audit evidence or in the resolution of potential disagreements with management. (4) Unusual delays by management in providing requested information. (5) Management's unwillingness to add or revise disclosures in the financial statements to make them more complete and transparent. (6) Management's unwillingness to appropriately address significant deficiencies in internal control on a timely basis.
- Other matters, including:
(1) Objections by management to the auditor meeting privately with the audit committee. (2) Accounting policies that appear inconsistent with industry practices that are widely recognized and prevalent. (3) Frequent changes in accounting estimates that do not appear to result from changing circumstances. (4) Tolerance of violations of the company's code of conduct.
1/ Paragraph 9 of Auditing Standard No. 15, Audit Evidence.
2/ Denial of access to information might constitute a limitation on the scope of the audit that requires the auditor to qualify or disclaim an opinion. (See Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, and AU sec. 508, Reports on Audited Financial Statements.)