STATEMENT OF AUDING STANDARD ( SAS 300).   Term Paper ID:29016 Click to get this paper

Essay Subject: Examines SAS requirements for effective internal control procedures.... More...

14 Pages / 3150 Words 26 sources, 37 Citations, APA Format $56.00 Return to List of Papers

Paper Abstract: Examines SAS requirements for effective internal control procedures. Its importance in corporate governance. Need for auditors to be fully familiar with internal control systems in organizations they audit. Recommendations of the Cadbury Report. Effects of SAS 300. Importance of internal control. Two types of financial fraud. Paper Introduction: EXAMINING THE SAS 300 REQUIREMENT FOR EFFECTIVE INTERNAL CONTROL PROCEDURES Introduction Statement of Auditing Standard (SAS) 300 emphasizes the importance of the role of effective internal control procedures in corporate governance, along with the need for auditors to be fully familiar with the internal control systems in organizations that they are called upon to audit (Auditing Practices Board, 1995). SAS 300 was issued by the Auditing Practices Board in 1995 (“Introducing the new SASs,” 1995). Before the 1995 version of SAS 300 was issued, SAS 300 dealt only with risk assessment. The 1995 version deals with both risk assessment and internal controls (“Revision Of Auditing Standards And Guidelines,” 1993). The SAS 300 requirements note Text of the Paper: The entire text of the paper is shown below. However, the text is somewhat scrambled. We want to give you as much information as we possibly can about our papers and essays, but we cannot give them away for free. In the text below you will find that while disordered, many of the phrases are essentially intact. From this text you will be able to get a solid sense of the writing style, the concepts addressed, and the sources used in the research paper. R. Domineering management behavior or attempts to influenceaudit scope; and j. Catch up with CAATs. Corporate governance. 24). (1995, June). Large amounts of cash on hand; b. 3 ). Readily convertible assets, e.g., bearer bonds, preciousstones, or computer chips; and d. References Auditing Practices Board. If this outcome ofan audit is to be attained, two significant actions by the auditor arerequired to gain and maintain public confidence. "Small practitionersspecifically asked for guidance in this area because they were more likelyto encounter misappropriations than fraudulent financial reporting.Auditors from larger firms were more concerned about fraudulent financialreporting from a materiality standpoint" (Mancino & Fleming, 1997, p. Among the areas requiring improvement are "auditor independence,responsibilities for fraud and internal controls, efforts to enhance auditquality, accounting and auditing standard setting" (Carmichael, 1997, p.18). Unreasonable demands for auditor completion of the auditor report issuance; h. (1994, May). Management disregard for regulatory authorities; f. Ineffective communication and support of entity values orethics; d. Fraud also maybe distinguished within the context of motivation-fraud on behalf of acompany and fraud against a company (Weisenborn & Norris, 1997). Additionally, to be effective, the reports preparedand the records maintained by an internal auditing function must berelevant, reliable, accessible, complete, accurate, and timely (CharteredInstitute of Management Accountants, 1999). Report of the Committee on the Financial Aspects of CorporateGovernance. Database environments affect the process of accounting byintroducing several different data structures and access concepts, controltechniques, and system software components into the accounting function.The external auditor must apply tests to determine what effects databaseenvironments may have on the validity and reliability of internal auditdata. Within this context, it was observed that, while "current auditingstandards have been changed to require auditors to plan the audit to detectmaterial fraud, there is little evidence that auditors have changed the wayaudits are conducted" (Chernok, 1995, p. Todetect such fraud, the external auditor must focus on the investigatoryprocedures, risk assessments, and reporting obligations. (2 ).Financial transparency and accountability initiative: overall observations.Paris: Organization for Economic Cooperation and Development. The advent of SAS 3 requirementshas enhanced this responsibility. (1992,December 1). A. Known history of securities law violations or fraud orallegations of such. External auditors, thus, must assess risk factorsassociated with a potential for fraud. Two a primary types of fraud are fraudulent financial reportingpractices and misappropriation of assets (Mancino & Fleming, 1997). Ofthe several types of fraud, the type most relevant to the process ofauditing by the accounting profession is management fraud. Misappropriation of assets. The certifications of financialstatements by independent, external auditors are intended to assure theusers of such statements that financial performance has been presentedfairly in accordance with generally accepted accounting principles ("TheMeaning Of Present Fairly In Conformity With Generally Accepted AccountingPrinciples In The Independent Auditor's Report," 1992). In 1995, however, a widely accepted assessment was that the issue offraud detection continued "to be quite troublesome" (Chernok, 1995, p. Organization for Economic Cooperation and Development. Carmichael, D. Singleton-Green, B. Inadequate record keeping, especially relating to easilymisappropriated assets; d. Extensive market competition or saturation, accompaniedby declining margins. Hundreds of millions of dollars have beeninvolved in some individual cases" (Weisenborn & Norris, 1997, p. Behind the basic reason for a failure to disclose financialinformation are diverse motives. National Public Accountant, 42(2), 29-34. Commitments to analysts or creditors of unduly aggressiveor unrealistic forecasts; b. Discovering opportunities for a newworking relationship between internal and external auditors. Actions That Should Be Taken by An External Auditor to Establish the Reliability of Internal Audit Data Perhaps in no other facet of accounting have the changes brought aboutby the increasing role of electronic data processing (EDP) been as greatand caused as many problems for the professionals concerned as has occurredin auditing (Colbert, 1993). McConnell and Banks (1997) observed that, as fraud "schemes typicallyare concealed," and can involve both "collusion, which is extremelydifficult to detect in an audit, and falsified documentation" (p. Fifteen years of meeting the challenges.Journal of Accountancy, 179( 6), 66-75. First, the externalauditor must distance herself, or himself, from the company audited.Second, fraud detection must be the primary focus of the external audit(Matsumura & Tucker, 1992). Monks, R. Bank accounts or operations in tax-haven locales withoutclear business purpose; d. (1995, May). Revision of auditing standards and guidelines. The Organization forEconomic Cooperation and Development (OECD) stated that (2 ) Certain components of internal control frameworks are particularly effective in the prevention of illegal acts including bribery. 33). Internal audit.London: Chartered Institute of Management Accountants. Control models in perspective.Internal Auditor, 51(6), 46-52. Rogers, D. European Business Journal,12(3), 116-118. The causes of the contemporary predicament into which the practice ofauditing has fallen are found in the increasingly complex demands beingplaced on auditors (Reed & Cangemi, 1992). The meaning of present fairly in conformity with generally acceptedaccounting principles in the independent auditor's report. (1994, March). (1994, October). NationalPublic Accountant, 38, 4 -42, 44, 46. One test is concerned with the potential that the greater the numberof transaction types that update the same financially significant dataelements, the greater the impact of the database environment on theaccounting information. Accounting Review, 67, 753-782. L. Just wired about software. A company that "shipscustomers goods that have not been ordered and then records the revenue asif it met all the criteria for revenue recognition" commits fraudulentfinancial reporting (Mancino & Fleming, 1997, p. 33). 1). The Effects of SAS 3 Requirements on the Role of the Internal Audit Function Within Organizations Internal auditors focus on providing data for the internal use of anorganization's managers, while independent, external auditors focus onproviding data for external uses by investors and creditors (Singleton-Green, 1994). New accounting, statutory, or regulatory requirementsthat could impair profitability or financial stability; and b. SAS 3 was issued by the AuditingPractices Board in 1995 ("Introducing the new SASs," 1995). Poorly safeguarded, readily convertible liquid assets orinventories; g. 2. (1992, March).Journal of Accounting, 173, 1 8-111. If, onthe other hand, those who access the financial accounting data within adatabase have the ability to delete and update the data, the EDPenvironment will have a significant impact on the external auditingfunction. Lack of timely and appropriate transaction documentation;and i. The 1995 version deals with both risk assessment and internalcontrols ("Revision Of Auditing Standards And Guidelines," 1993). Lack of mandatory vacations for persons with key controlresponsibilities. Significant, unusual, or highly complex transactions,especially near year-end that raise substance over form questions; c. Weisenborn and Norris (1997) noted that: "Over the last four decadesthere has been a marked increase in the number of frauds and their costs"(p. 35). Factors relating to operating characteristics and financialstability: a. P. J. M., & Tucker, R. Periods of fiscal turmoil and economic difficulties lead to anincreased frequency of abuses and deceptions among members of the businessand financial communities. Red flags ofmanagement fraud. Internal Auditing, 49, 15. Statement of Auditing Standards3 . (1997, January). 24).Risk factors relating to misappropriation of assets are categorized as the"susceptibility of assets to misappropriation and lack of controls. Theextent of the auditor's consideration of the latter is influenced by theexistence of risk factors in the former" (McConnell & Banks, 1997, p. Accountancy, 115(1221), 1 5-1 6. Wright, A., & Wright, S. (1995, March). Factors relating to industry conditions: a. A second test is concerned with the potential that the greater thenumber of diverse users that share financial accounting data, the greaterthe impact of the database environment on the accounting information. Suchinformation would include timely and objective evidence about electronicdata processing controls design and operation. The advent of electronic accounting databases, in conjunction with therequirements of SAS 3 , introduce a need for additional control overaccess-update and the coordination of activities related to the maintenanceof the accounting database. Suchtendencies have always placed a burden on the external auditor to bevigilant for such data manipulations. (1995, August). Poor job applicant screening procedures for employeeswith access to assets easily misappropriated; c. Internal control is no longer a function that is of interest only tothe organization. Companyrepresentatives who provide "customers with a side agreement granting'right of return' for any reason" or make "payment for the goods contingenton receipt of funding or some other event" and who then fail to disclosethe side agreement to the "auditor because the underlying transaction wouldnot meet the criteria for revenue recognition under generally acceptedaccounting principles" commits fraudulent financial reporting (Mancino &Fleming, 1997, p. London: Committee on the Financial Aspects of CorporateGovernance. M. The increasing role and presence of EDP inaccounting creates significant concerns for external auditors other thantheir need to audit computerized financial records. Crane, M. CPA Journal, 67(6), 22-28. The Committee went on to enumerate a number of actions that theyconsidered to be essential for an effective internal control functionwithin an organization. R. To accomplish this objective,external auditors must perform a specific fraud risk assessment in everyaudit engagement, "including inquiries of management concerning areas ofpotential fraud risk in the entity" (McConnell & Banks, 1997, p. CAMagazine, 127, 56-58. McNamee and Selem (1999) contend that the evolvinginternal control system is leading to an extension of the internal auditingprofession's traditional control models into new models that are more risk-based than control-based. Such internal control components are integral to effective corporate governance practices and include the following: setting the "tone at the top" which includes making top management of a company responsible for establishing and maintaining an effective internal control system with appropriate oversight by corporate monitoring bodies; adopting a code of conduct which provides information and guidance to those within a company about the company's philosophy toward ethical business conduct and the basic principles governing that conduct; and establishing processes to monitor compliance with policies and procedures that are implemented to prevent and/or detect illegal acts including bribery (p. Essentials Required for An Effective Internal Audit Function The Report of the Committee on the Financial Aspects of CorporateGovernance, more generally known as the Cadbury Report taken from the nameof the Committee Chair Adrian Cadbury, noted that "an effective internalcontrol system is a key aspect of the efficient management of a company"(Committee on the Financial Aspects of Corporate Governance, 1992, Section4.32). Mancino, J., & Fleming, P. Audit regulation-where are wenow?" Accountancy, 113, 81-82. "While control-based auditing, which involvesstarting an audit with an auditable unit's internal control system ratherthan its purpose, has been found to be irrelevant and too focused oninternal control, risk-based auditing is deemed as a tool toward improvinginternal audit performance and organizational risk management. Auditing in an EDPenvironment. (1996). Threat of imminent bankruptcy or hostile takeover; and f. London: Auditing Practices Board. Fraud detection: Atheoretical foundation. 23). 23).Traditional external auditors, according to McConnell and Banks (1997)further, are "neither trained nor expected to be experts in ascertainingdocument authenticity. SAS 3 requirements and the increased use of computerizedaccounting information have enhanced the role of the internal auditingfunction by placing the responsibility on the internal auditor to establishan estimated control risk level for which computerized information frominternal auditors can be used by independent, external auditors. Unusual growth or profitability compared to others in theindustry; e. K., Fox, M., & Muth, M. The new fraud auditstandard. In addition to directives from accounting bodies such asthe Auditing Practices Board, new legislation has codified many of therecommendations made in the Cadbury Report and the Turnbull Report.Internal control is now considered to be central to the process ofcorporate governance. Fearnley, S., & Page. (1999). These motives include a desire tomaintain the market price of a company's stock, the creation of an image ofprofitability as a means of favorably influencing potential lenders, tosatisfy management greed and ego, and a desire to either maintain or createa demand for a company's stock so that management can dump the stock beforeany adverse information about the company surfaces (Crane, 1993). 29). (1997, April). 33). With the continually growing presence and role of EDP in accounting,the role of the external auditor is in a state of dynamic change (Rogers &Sheehy, 1994). McNamee and Selem (1999) identified risk-based auditing as a new roleacquired by internal auditing. 32). Instead ofexcessively dwelling on history, risk-based internal auditing addressespresent concerns and the organization's preparedness to handle any problemsin the future by anticipating change and assessing how management canbetter deal with future risks" (McNamee & Selem, 1999, p. Inadequate segregation of duties or independent checks; e. Pursuit of inappropriate means to minimize earnings fortax motivated purposes; c. Inventories small in size, or of high value or demand; c. These essential actions were as follows: (1) thedirectors of an organization should report on the effectiveness of theirsystem of internal control, and this report should be included in theorganization's annual report; and (2) organizations should develop a set ofcriteria for assessing the effectiveness of their internal controlfunctions (Committee on the Financial Aspects of Corporate Governance,1992, Section 5.16). (2 , Autumn).International corporate governance reform. Colbert, J. Risk factors associated with misstatements related to themisappropriation of assets also must be assessed. Thistest means simply that, when a wide spectrum of organizational units withina firm have access to financial accounting data contained in a database,the EDP environment will significantly affect the external auditingfunction. A third test three concerns the type of access individuals within anorganization have to financial accounting data within a database. Thus, the role of the internal auditor has becomemuch more prominent that it once was (Dove, 1994; Galloway, 1994). Weisenborn and Norris (1997) noted that fraud can be defined "as theact of knowingly making misrepresentations of fact with the intent ofgaining unfair advantage over another person or organization" (p. Reed, P. The auditors, their client, fraud anderror. Furthermore, external auditors must applyprofessional judgment in identifying and evaluating fraud risk factors.Consequently, the external auditor can provide only reasonable assurancethat material fraudulent circumstances will be detected" (McConnell &Banks, 1997, p. Cambridge:Blackwell Publishers. Formal or informal restrictions on auditor access topeople or information; i. The relationship between assessmentsof internal control strength and error occurrence, impact and cause.Accounting and Business Research, 27(1), 58-71. Introducing the new SASs. Factors relating to management characteristics and influenceover the control environment: a. Factors relating to controls: a. Accounting and internalcontrol systems and audit risk assessments. (1993, January). Inability to generate operating cash while reportingearnings growth; b. (1995). If theaccess is generally restricted to an ability to read the data, the effectof the EDP environment on the accounting function will be lessened. Internal Auditor, 56(3), 35-38. Dove, R. Norburn, D., Boyd, B. A fourth test is concerned with the definitions and directory systemof an EDP financial database. (1993, October).Accountancy, 112(12 2), 111-12 . 7 ). Weisenborn, D., & Norris, D. D. Galloway, D. J., & Cangemi, M. Management failure to correct known reportableconditions; e. 2. 3. Chenok, P. examining the SAS 3 requirement for effective internal control procedures INTRODUCTION Statement of Auditing Standard (SAS) 3 emphasizes the importance ofthe role of effective internal control procedures in corporate governance,along with the need for auditors to be fully familiar with the internalcontrol systems in organizations that they are called upon to audit(Auditing Practices Board, 1995). W., & Sheehy, D. The auditor and fraud.Journal of Accountancy, 183(4), 32-36. G., & Minow, N. B. What are auditors meant to bedoing? This responsibility stems in part from therisk audit function imposed on the external auditor by both the CadburyReport and SAS 3 . Both the Cadbury Report and SAS 3 are parts ofan international reform of the concept of corporate governance (Norburn,Boyd, Fox, & Muth, 2 ; Monks, & Minow, 1995). With regard to each of these requirements, theexternal auditor is often confronted with conflicting demands. Committee on the Financial Aspects of Corporate Governance. Factors relating to susceptibility of assets tomisappropriation: a. Within this environment, the role of theinternal auditor is enhanced through the assumption of greaterresponsibility for the development and application of additional controlsbecause of the impact of either the absence controls or weak controls mayhave on the integrity of the accounting data (Wright & Wright, 1996). Chapman (1995) noted that the role of the internal auditor has beenchanged dramatically by computer processing and especially by computersoftware. CPA Journal, 67(1), 18-23. Basically, however, there exists a desire tocreate an appearance of financial stability and prosperity where eithersuch conditions do not exist, or where the situation is such that thoseconditions may not exist in the near future (Fearnley & Page, 1994). The next step in riskmanagement. The issue of concern to the external auditor isnot the volume of EDP transactions, but, rather, the volume of transactiontypes affecting the same financial data elements that will cause an EDPenvironment to significantly affect the external auditing function. (1999, June). The reason for the lessening of the impact is thatsuch a dictionary-directory system makes it easier for the external auditorto understand and evaluate the EDP environment. Chapman, C. Fraudulent financial reporting. (1997, June). The benefits ofmanagement fraud are escalating. Small sized, readily marketable fixed assets. The increasing frequency of fraud cases "has been attributed toan increase in the advantages received from committing fraudulent acts anda decrease in the risk of being caught and punished. Thefts of cash, inventory orsecurities are misappropriations of assets. Inappropriate systems of authorizations and approvals; f. InternalAuditor, 52(4), 24-35. 2. K., & Banks, G. Before the1995 version of SAS 3 was issued, SAS 3 dealt only with riskassessment. Poor or worsening financial position when management haspersonally guaranteed significant entity debt. Matsumura, E. Examples of the twotypes of fraud are as follows: 1. Materialmisstatements and nonmaterial misstatements also must be distinguished bythe external auditor (Mancino & Fleming, 1997, p. (1993, December). The motives for a failure to disclose financialinformation are numerous. (1997, March-April). 24).The specific risks that must be assessed by the external auditor withrespect to fraudulent financial reporting are as follows (McConnell &Banks, 1997): 1. A database with an accurate and completedictionary-directory system lessens the impact of the EDP environment onthe auditing function. Accountancy, 113, 92. McNamee, D., & Selem, G. Y. 3 ). Inadequate management oversight; b. The SAS3 requirements noted above are investigated within the context of threefocal issues, as follows: (1) the essentials required for an effectiveinternal control function are examined; (2) the effects of the SAS 3 requirements on the internal audit function are discussed; and (3) actionsthat should be taken by an external auditors to establish the reliabilityinternal audit data are considered. The specific risks thatmust be assessed by the external auditor are as follows (McConnell & Banks,1997): 1. Management continuing to employ ineffective accounting,information technology, or internal audit staff; g. McConnell, D. 7 ). Risk factors relating to misstatements arising from fraudulentfinancial reporting are categorized as management characteristics andinfluence over the control environment, industry conditions, and "operatingcharacteristics and financial stability" (McConnell & Banks, 1997, p. (1994, December). Chartered Institute of Management Accountants. (1992, June). (1994, February). Report card on the accountingprofession. (1992, October). A facelift for international auditing.Accountancy, 114(1214), 133-134. Accountancy, 112, 95-96. These tools facilitate the work of the internal auditor inmeeting the new responsibilities accruing to the internal audit function asa consequence of changes in the approach to corporate governance and therequirements of SAS 3 . If this paper is not what you are looking for, you can search again: Search for: or Click here to request an essay written just for you.