Page 232 - COSO Guidance Book
P. 232

Exhibit 4-1: Fraud risk factors from AU-C section 240 (continued)

                   A strained relationship between management and the current or predecessor auditor, as
                    exhibited by the following:
                    –  Frequent disputes with the current or predecessor auditor on accounting, auditing, or
                        reporting matters
                    –  Unreasonable demands on the auditor, such as unreasonable time regarding the
                        completion of the audit or the issuance of the auditor’s report
                    –  Restrictions on the auditor that limit access inappropriately to people or information or
                        the ability to communicate effectively with those charged with governance
                    –  Domineering management behavior in dealing with the auditor, especially involving
                        attempts to influence the scope of the auditor’s work or the selection or continuance of
                        personnel assigned to, or consulted on, the audit engagement





            Knowledge check

            3.  Which is an example of an attitude or a rationalization risk factor to commit fraudulent financial
               reporting?
                   a.  Management failing to remedy known significant deficiencies or material weaknesses in
                       internal control on a timely basis.
                   b.  High turnover rates of employment of accounting, internal audit, or IT staff who are not
                       effective.
                   c.  Weak controls over budget preparation, budget development, and compliance with laws and
                       regulations.
                   d.  Significant, unusual, or highly complex transactions (especially those close to period-end) that
                       pose difficult “substance over form” questions.



            Risk assessment principle 9: Identifies and analyzes significant change


            The organization identifies and assesses changes that could significantly affect the system of internal
            control.

            The framework provides the following three points of focus for this principle:

              Point of focus — Assesses changes in the external environment
               The risk identification process considers factors such as changes to the regulatory, economic, and
               physical environment in which the entity operates.

               An example of a changing regulatory environment of a local faith-based organization would be a new
               requirement to provide additional documentation in order to maintain a nontaxable status for federal
               income tax purposes. There is a risk that if the faith-based organization does not develop methods to
               record and report this additional information in a timely manner, the organization could lose its
               nontaxable status.



            © 2020 Association of International Certified Professional Accountants. All rights reserved.    4-18
   227   228   229   230   231   232   233   234   235   236   237