For example, if the entity does not pay competitive salaries, then personnel who have received training
                   at the entity might leave for positions that have a higher status or better compensation package.

               –  Ineffective design or poorly executed control activities

                   For example, the entity might have a policy that credit reports be obtained on all new customers.
                   However, if goods are shipped before the credit report is obtained, then there is a chance that the
                   credit sale will not be fully collected, if at all.


               –  Ineffective technology systems
                   For example, an entity has outsourced its payroll processing to a cloud service provider and the
                   payroll system does not allow for direct deposit to employees’ bank accounts.

              Point of focus — Assesses attitudes and rationalizations

               The assessment of fraud considers how management and other personnel might engage in or justify
               inappropriate actions.
               The framework provides examples similar to the following attitudes and rationalizations:

               –  The perpetrator considers the inappropriate behavior, such as theft of cash, a “loan” and fully
                   intends to repay the “loan.”
               –  The perpetrator believes that the entity owes him or her because of reasons most likely
                   associated with job dissatisfaction (for example, the perpetrator has not received a raise for
                   several years and is entitled to the entity’s resources, being paid and not working, theft of real
                   property, and so forth).
               –  A person not understanding or not caring about the penalties associated with his or her behavior.

                   For example, an employee with a severe substance abuse condition who funds this dependency
                   by stealing company assets most likely will not care about the consequences if caught.



            AU-C section 240—Consideration of fraud in a financial statement

            audit

            AU-C section 240 notes that there are two categories of fraud: fraudulent financial reporting and
            misappropriation of assets.

            AU-C section 240 provides a list of fraud risk factors classified by either fraudulent financial reporting or
            misappropriation of assets. Additionally, within each classification, risk factors are categorized by the
            three aspects of fraud — pressure, opportunity, and rationalization. Because the framework refers
            specifically to fraud risk, the risk factors relating to fraudulent financial reporting mentioned in AU-C
            section 240 may be relevant and have been listed for reference in exhibit 4-1.










            © 2020 Association of International Certified Professional Accountants. All rights reserved.    4-14