1. The audit risk model is composed of four risks. The planned detection risk is a factor of inherent risk, control risk, and acceptable audit risk. Planned detection risk is the risk the auditor fails to detect misstatements and will increase or decrease dependent on the level of risk in the other three factors. If the auditor determines it is expected that misstatements is highly likely than inherent risk increases and create a higher demand for evidence. As the same with control risk, the weaker the internal controls the higher the planned detection risk will be.
Acceptable audit risk on the other hand the lower the risk the lesser amount of evidence will be needed. 2. When assessing inherent audit risk, auditors will consider the integrity and attitude of management, influential personalities likely to have vested interest, management experience and knowledge of the finance team, and the level of pressure management is under to perform. During the audits of Comptronix the factors that I think were present to indicate a high inherent audit risk is mainly the influence of the three leaders with a significant vested interest.
Not only did they have a significant amount of stock in the company they were also the founders with probable pressure to keep the company strong in fear of failure. 3. The five components of internal control are the control environment, risk assessment, control activities, information and communication, and monitoring. The control environment is the awareness of the controls from the people within the organization. Risk assessment is the company’s identification, analysis, and management of risk in the preparation of the financial statements.
Control activities are the company’s policies and procedures to address any potential risk. Information and communication focuses on the systems used for creation of the financial statements and the communication of the outputs. Monitoring is the process in which the organization continuously assesses the quality and effectiveness of the company’s internal control. The internal control risk of Comptronix that I have identified is the ability of management to bypass its accounting systems to generate fictitious entries.
In addition, management has the authority to cut checks with only an invoice which goes against the company’s internal control of three way match (PO, receiving report, and invoice). 4. A. There are pros and cons in allowing inside directors to serve on the board. Most of which are the same causing a pro and a con at the same time. For example, inside directors have a knowledge about the company that independent directors probably don’t have on the other hand that knowledge causes other board members to be reluctant to challenge their opinions and recommendations.
Another con is generally speaking inside directors have a personal interest in the company with either bonus based on performance of the company or stock held in the company. B. Comptronix’s board of directors consisted of two inside directors which made up 28. 6% of the board. And two of the remaining five had close affiliations with management. This to me poses as a weakness of the board giving a large portion of the board with personal interest. In addition to this weakness, the audit committee was made up of individuals and the case gave no indication they had any accounting or financial reporting backgrounds. . It is required by the SEC that there be a review of interim financial information. The key requirement is the auditor must possess knowledge of the client’s internal control which allows them to identify potential misstatements. This process does not include gathering samples or any of the regular procedures of a full audit. I would assume that all companies, public and private, do not engage their auditors to perform timely reviews of interim financial statements simple because of the cost aspect of it. 6. I do not believe the Comptronix executive team was inherently dishonest from the beginning.
I think the incentives/pressures and opportunities were the primary risk factors with the executive team. They desperately wanted their company to be a success and they had a lot of opportunity to make sure that happened. 7. According to the AICPA website, there are three conditions that are generally present when fraud occurs; 1. The employees have an incentive or are under pressure. If there job depends on the performance of the company, this give more reason for unethical choices. Their bonuses paid out were based on the company’s strong financial performance. 2.
Circumstances exist such as the management’s ability to override controls and/or ineffective controls. This condition was present when the three executives were recoding fictitious entries manually to increase sales or purchases. 3. Rationalization of reasons to commit the fraud. This condition seemed apparent because I think they actually believed they were helping the company as a whole. 8. A. Management override of internal controls is the intervention by managers in handling financial information and making decisions contrary to internal control policy (Vitez, NA).
I found it interesting that backdating is a form of management control. I have seen this happen many times and I always looked at the data poses no risk so thought there was nothing wrong with it. I do understand now the risk it poses and the reasons it is not acceptable. B. Two examples of management override of internal controls for Comptronix is 1. Mr. Shifflett or Mr. Medlin would provide a fictitious invoice to an accounts payable clerk since they had the authority to approve payments solely on an invoice. 2. Mr.
Medlin would access the shipping department system and enter bogus sales into the accounting system. C. The three required auditor responses to further address the risk of management override of internal controls are; 1. Examining journal entries and other adjustments for evidence of possible material misstatement due to fraud. 2. Reviewing accounting estimates for biases that could result in material misstatement due to fraud. 3. Evaluating the business rationale for significant unusual transactions. Reference Arens, A. (2010). Auditing and Assurance Services. (13rd ed. ).
Upper Saddle River, New Jersey: Prentice Hall. (n. d. ). Business-Competence. Retrieved October 22, 2011, from http://www. business-competence. com/inherent-risk. html Bushman, M. (2007, April 06). The Five Components of Internal Control. Associated Content. Retrieved October 22, 2011, from http://www. associatedcontent. com/article/196418/the_five_components_of_internal_control. html? cat=3 Vitez, O. (n. d. ). What Is Management Override of Internal Controls?. Ehow Money. Retrieved October 22, 2011, from http://www. ehow. com/facts_6052778_management-override-internal-controls_. html