Identifying Fraud Risks: Advanced Audit & Assurance

Opportunity as a Risk Factor

Squeeze Ltd (SL) is a manufacturer of quality bedding. The SL group's IT system has a master file which contains taxation schedules, payroll information and employee details. Only senior members of the accounts and human resources departments have access to the master file in order to make any necessary alterations. All alterations are alerted by email to the chief information officer, Robin Beard, along with the code identification of the staff member making the changes. SL's information system allows the accounts function of all group companies to interact with each other.

Robin's duties include making all software application changes to the IT system and preparing a report for the chief executive officer detailing the changes after they have been implemented. Robin also operates the IT system when the computer operator is on leave. SL has a policy of promoting and transferring staff between divisions and companies within the group. While new members of staff are given new IT access, members who have been transferred within the group still retain their existing access. The IT department receives requests for new access levels for a given employee (which have been approved by that employee's manager), and these accesses are then added to the employee's account. To enable a smooth transition, the transferring ernployee's original access entitlements are retained, as the employees are often still completing tasks from their previous role.

SL offers customers a range of payment options, including an interest-free finance option. These arrangements involve customers signing a consumer credit contract with an interest free term of up to 2 years. The growing demand for these interest free sales has begun to stretch SL's cash position and it has had to take on additional debt to fund the cash flow timing differential between its receivables and payables. SL must comply with various financial covenants for its debt facilities with its bank, Aussie Bank Ltd, including meeting the specified debt-to-equity ratio at 30 June 20X4 and meeting profit targets for the 20X4 financial year. SL is close to breaching these covenants. Aussie Bank Ltd has requested a copy of the 30 June 20X4 audited financial report as soon as it is completed.

The significant growth in interest-free business is due in part to effective incentive schemes that operate across all sections of the business. Sales staff are paid monthly bonuses based on the value of new finance contracts signed up. At the end of each month, each staff member emails the payroll department a log of contracts listing contract number and value. The payroll department processes the bonuses based on this information. 

Required:
Identify fraud risk factors, and explain why each is a risk factor.

Oldbury Ltd has installed a new fixed assets system. The system maintains the details for each of Oldbury's fixed assets. It records acquisitions and disposals. It also calculates depreciation and gain/loss on disposals, and accumulates the provision for depreciation. It is fully integrated with the general ledger.

Required:

Evaluate the suitability of the following computer-assisted audit techniques (CAATs) for testing this system: generalised audit software, test data, simulation and an integrated test facility. In each case, define the nature of the CAAT and explain how it could be applied to this audit. Be specific about which assertions are being tested.

According to Business Dictionary (2017), fraud is “an action of trickery perpetrated with an intention of disguising the truth, through taking advantage of loopholes within processes, through corruption where the party induces another party with incentives with intents of self-gain, or through a forceful manner.” Businesses are posed to fraud risks eminent from risk factors that are within their business environs. The successful frauds have a positive correlation to direct financial losses which at extreme levels would ultimately result in business closure. American Institute of Certified Public Accountants (2013), classifies risk factors into three types characterized by the nature of the fraud; “where there is an incentive or pressure, a chance or loophole within the system or and an attitude of committing fraud.” In relations to audit and assurance fraud factors are plausible to be seen in financial statement reporting or and misappropriation of assets.

Squeeze limited herein referred to as “SL”, is a quality bedding manufacturing firm. The firm is depicted to suffer from fraud risks emanating from the Company’s operating environment. Risk factors that are depicted from the company’s process can be related to the three classifications cited by the American Institute of Certified Public Accountants.

Collins English Dictionary (2017) defines opportunity as “a favorable chance of attaining a goal.” The SL group's IT system data which contains taxation schedules, payroll information, and employee details is controlled with access only given to senior members of the accounts and human resources departments which have capabilities of making alterations through email notification to Mr. Robin Beard who acts as the chief information officer (CIO).  All alterations are alerted by email to the chief information officer, Robin Beard, along with the code identification of the staff member making the changes. The mandates given to the CIO creates opportunities for misuse of assets, where Mr. Robin can alter information of files with credentials of staff. As an example; he can alter his payroll details increase his salary using the human resource code and disguise the information by not showing the changes in the report that he forwards to the CEO. Opportunities are also evident in the process of promotions and transfers across the business, as IT staff are given access to systems while retaining former mandates.

Shawn Grimsley (2016), stated that an “incentive is a motivating factor that determines behavior.” SL offers customers an interest-free finance payment option whose optimum tenure is 2 years. The incentive has resulted in an increased company’s sales growth which has negative impacts to the firm’s liquidity position. The deficit in liquidity has implicated the firm to debt from Aussie Bank Ltd. The Bank, however, issues restrictions to unstable firms through the scrutiny of firm’s financial statement. For instance, debt-to-equity ratio, profit targets are required when applying for the debt. As for SL, the firm succumbs to the pressure of sustaining performance and debt ratios for them to be admissible for the loan grant. This pressure may result in the firm misstating its financial statements prepared on 30 June 20X4.

Incentive as a Risk Factor

Oldbury Ltd installed a new fixed assets system which is embedded to the general ledger that maintains details for each of Oldbury's fixed assets. The firm fixed assets master file has got 18 columns where it records content of its fixed assets acquisitions and disposals. The system also has an additional functionality of calculating depreciation, disposals profits/losses, and depreciation provisions.

According to Anatha (2003), CAATs is defined as “using computers to perform audits as a result of businesses operating in an environment that have huge volumes of data and massive transactions.” As for Oldbury Ltd, the use of generalized audit software - CAATs is necessary as it would assist the auditor in verifying that the new software is able to capture all fixed assets records from the manual listing by querying the clients fixed assets software. This can be achieved by selecting a sample. For instance, the firm’s fixed assets register has 19 columns one can check through whether all data has been captured correctly.

Dejan (2009) denotes test of data as “a distinguished functionality where an auditor is able to evaluate the process controls, logic and also output through the client's system; whether it has correct or incorrect data functionalities.” For instance, an auditor can test whether the system is able to differentiate “location code” as a number character against a letter character by inputting words as location codes, if the system rejects the command then the audit affirms the control. Integrated test facility. Another example would be to input, a past disposal date for an asset or a negative cost of the asset to ensure that only positive quantities are accepted.

According to Alan (1999), “Simulation involves an old and new system in a parallel manner for the purposes of ensuring that there are zero reconciliations needed.” For instance using Oldbury fixed assets file master, one can verify the closing cost of all assets acquired from 2011 to 2016 and match it with the old records. Limitations have been cited on parallel running related to additional cost in inputting data in the two systems to achieve the accuracy and timeliness as the audit test requires to done at a specified time before the company assumes the usage of the old system.

Dejan (2009), defines integrated test facilities as “built-in test environments within a system which is primarily used where a firm has large-scale, online systems serving multiple locations within the organization.” Integrated test facility is a variation of test data technique. For instance, an auditor can check whether Oldbury fixed assets system is able to calculate accurately the gain or loss on disposal of assets at a given time by the plugin in dummy data in the test environment.

References

Alan Trenerry (1999), Principles of Internal Control, University of South Wales,Sydney Australia, 224-225.

Anantha Sayana, S. (2003). Using CAATs to Support IS Audit.Information Systems Control Journal, 3.

American Institute of Certified Public Accountants (2013), Employee Benefit Plan, Audit Quality Center Inc., New York, New York, 1.

Dejan Jaksic (2009), Implementation of Computer Assisted Audit Techniques in Application Controls Testing, Management Information Systems, Vol. 4, 10.

Dejan Jaksic (2009), Implementation of Computer Assisted Audit Techniques  in Application Controls Testing, Management Information Systems, Vol. 4, 12.

Fraud. BusinessDictionary.com. Retrieved March 12, 2017, from BusinessDictionary.comWebsite: https://www.businessdictionary.com/definition/fraud.html 

Opportunity. (n.d.). Collins English Dictionary - Complete & Unabridged 10th Edition.Retrieved March 14, 2017 from Dictionary.com website. https://www.dictionary.com/browse/opportunityShawn Grimsley (2016), Economic Incentives, study.com,

Website: https://study.com/academy/lesson/economic-incentives-definition-examples-quiz.html