Client Acceptance: Ocean Manufacturing, Inc.
Question 1
It is important to review all the acceptance decisions as they arise, whether with a previously engaged client or a new client. This is one of the codes of conduct stipulated by the International Federation of Accountants. Therefore, the process of accepting a client is very elaborate and complex as there are various steps involved. They include a review of the industry in which the client operates, an analysis of the top management structure, a check on the existing systems within the company, a review of the financial statements, a background check on the company and its executives and a review of the ownership and business interests of the audit firm employees so as to maintain independence. In reviewing the client’s industry, an auditor will be interested in understanding the extent of the work at hand so as to project the scope of work both in time and other resources required, for example, financial implication. Further, a review of the systems helps the auditor in knowing if accounting procedures have been adhered to by the prospective client. Also, it is important to understand the top management structure as, including its turnover, so as to predict the kind of risk that might be encountered. This, coupled with the maintenance of sound financial statements, enables the auditor to conduct a fair due diligence of the client before accepting to offer services.
Out of the above, the international auditing standards require the following procedures to be followed. They include an analysis of any threat or unethical behavior by the client's activities and its management and top executives so as to avert any risks associated with the audit, the independence of the audit firm employees and the extent and suitability of the work to be done.
Question 2
In common practice, clients request their auditors to offer nonfinancial audit services such as due diligence and forensic audits. However, as an audit firm, this request should be approached with a lot of caution as it might affect the intended relationship with the client as there are various ethical and professional considerations to be looked at. What is the effect of the request on the objectivity of the audit? This is the major question that will need to be answered before such a request is accepted. As such, it is important to review this threat to objectivity. However, if safeguards will not be in place, this request should be rejected and thus will affect taking Ocean as a client. Further, the threat of objectivity should look at the role of management in undertaking such nonfinancial functions and how the audit firm is taking up that important internal responsibility. Similarly, if the threat is expected to be minimized and the audit firm takes up the request, the financial and other resources (time and human resources) implications will need to be analyzed and, thus, affecting the acceptance decision.
Professional and Ethical Issues: Hollinger International
Question 1
a)
According to the International Standards on Auditing, reasonable assurance, defined in terms of what is not as opposed to an explicit definition, refers to the extent of confidence that a company’s financial statements exhibit and, thus, an auditor, while exercising his/her professional mandate, can attain an audit from. Therefore, the statements should not be misstated and, thus, any evidence provided for review should provide a true picture of the audit. Further, the standards acknowledge the extensive nature of financial documents that limit a review of each and every transaction and, hence, limiting an auditor to absolutely qualify the audit. In describing the meaning of reasonable assurance, Ms. Stitt describes that it is not absolute assurance because of the various characteristics of fraud and the nature and extent of transactions within a company thus corroborating and giving a correct meaning as per the auditing standards.
b)
Audit evidence is the source of the auditor’s conclusions. Obtained from audit procedures and various other sources, this information either affirms the management’s presentation of financial statements and their internal procedures and controls or contradict the same. Therefore, it is important to collect audit evidence which in turn informs the auditor’s notes. In order for the auditor’s notes to be reasonable, the audit evidence should be sufficient and appropriate. Sufficiency refers to the amount (quantity) of evidence available. However, this quantity can be limited or affected by the quality of the evidence provided and a misstatement of the financial statements. On the other hand, appropriateness is the relevance and reliability of the audit evidence (quality).
c)
A cover up of fraud within an organization compromises the existing statements and, therefore, an audit cannot give the true picture on the state of the organization. However, as described by Ms. Stitt and in reference to the audit standards, it is not the work of the auditors to outright expose fraud, but rather to look at the organizational processes and procedures that expose the company. This happens when the auditor is obtaining information on the organization and the environment in which it operates. As the profession dictates, the auditor should identify potential risks of material misstatement that arise from fraud by obtaining the views of the management and other employees on the fraud risks and any measures put in place to mitigate the same, consider any unusual behavior or relationships that have preoccupied the planning procedures of the audit, take into account existence of risk factors that condone fraud and generally consider any information that might be helpful. Therefore, Ms. Stitt’s statement is consistent with the international standards on auditing.
Question 4
a)
Audit documentation, also referred to as auditor’s working paper, acts as the auditor’s evidence for the work done. Further, documentation informs the quality of the audit done by highlighting the work done – its nature, timing and extent – and the professional analysis made by the audit team and everyone engaged in the audit. Similarly, audit documentation is essential as it helps in the performance review as it assists the reviewer written basis to check on the quality of the work that was done and the conclusions reached.
b)
An experienced auditor is an individual, with the right skills to conduct an audit. The auditor is supposed to be aware of the audit processes, the regulatory and legal requirements, the environment where the business operates in and the auditing and financial requirements of the organization. The documentation presented by the auditor is important as it helps the experienced auditor, who has no previous knowledge of the audit, an understanding of auditing procedures (extent, nature and timing) and their consistency with the existing standards, an analysis of the results of the procedures and evidence of the audit, a comparison between the accounting records and the financial records and the conclusions reached by the auditor.
c)
A preparer and reviewer of audit documentation should be registered with a public accounting firm and should not have ties with or interests in the client firm. Further, a quality preparer and reviewer should have high levels of integrity, competence, be objective in doing the work and exercise high levels of independence and, therefore, be able to perform in line with the auditing standards. In presenting the audit findings to the audit committee, Ms. Stitt was categorical in highlighting the level of independence that was exercised in preparing the documentation.
d)
The auditing standards highlight a number of responsibilities of a reviewer in audit documentation. They include evaluating the engagement planning by reviewing the judgments that went into it, evaluate how the engagement team analyzed the audit responses (including identification of risks), review how the firm’s independence was exercised, confirm if all matters were resolved, review the documentation (financial documentation and the internal control report as presented by the management), evaluate the level of consultation that was exercised and if it meets the auditing standards and, finally, evaluate the extent and nature of the communication (communication to the audit committee, management and regulatory bodies, where applicable).
Société Générale
Question 1
The tone at the top, acting as the cover of the general control measures, is essential in protecting an environment against risks that might lead to massive losses as experienced in Société Générale as it represents the procedures, actions and policies of the top management. The management of the bank was so interested in making profits that most times it did not matter how the profits have been generated. This kind of ‘look the other way’ approach exposed the bank while giving staff a leeway to take more risks. Further, the teams that were supposed to monitor (back office) the trading desk were seriously understaffed and the relationship between the two sets of employees as not cordial and, thus, leading to an attitude that whenever something was flagged by the back office, they did not follow it up as they thought it is not their work. Also, the bank invested a lot of resources at the major trading desk while neglecting Delta One desk as no major trading was expected to take place. Therefore, this exposed Delta One desk to fraud. Similarly, all the red flags that were raised were casually addressed as the system, as it was set, was not looking at each and every transaction but rather the net transactions. Further, against common practice, a manager was not replaced for a few months, thus prompting more risk transactions that were not reviewed by the incoming manager. Even though systems cannot be full proof, the attitude of the management is to blame for the massive losses at Société Générale.
Question 4
a)
Initially, Kerviel worked in the back office which was deemed non-prestigious and, thus, getting into the front office, to him, was an achievement. Also, working at the Delta One office – that was not regarded by the management – made Kerviel to want to prove himself. Furthermore, having been so low on the pecking order – sometimes not regarded as a trader – Kerviel was motivated to do all he can. Similarly, the low annual income and reduced bonuses did not go well with Kerviel. Therefore, these were rationalizations and incentives enough for Kerviel to commit fraud.
b)
Kerviel, having put himself in a good position – the trading desk, was able to exploit his knowledge of the internal control systems. Further, the management’s lack of close transaction monitoring of Delta One desk presented a good opportunity for fraud. For instance, from one of his trading, Kerviel made huge profits that were detected by the bank, but he was never warned as the practice was deemed normal among most employees. Such an opportunity of beating the system, taking advantage of the lack of close monitoring and the bad relationship with the back office gave Kerviel a leeway to continue with his fictitious trading undeterred.
Question 5
There were three major control failures at Société Générale and they include a lack of segregation of duties as a back office staff (Kerviel) was promoted to the trading desk, but retained his rights to the back office (including passwords and log in credentials), organizational culture that puts profits ahead of everything and, thus, having incentives on profits irrespective of how they were achieved and, finally, viewing good internal controls as an unnecessary cost. The lack of segregation of duties is an operational issue which can be mitigated by separation of asset management, spreading authority levels and separating access of IT responsibilities from the users. On the other hand, concentrating on the equity side of the bank by centering on profit-making and not investing in control mechanisms creates a design imbalance within the bank. This risk can be mitigated by recognizing that it is cheaper to prevent fraud than to let it happen and, therefore, the management should invest more time and resources both internally and externally. Similarly, the culture within the organization, which is a design issue, should be re-evaluated to ensure that the management takes responsibility for whatever their employees are doing as opposed to ignoring glaring errors in the name of profit-making.