ETHICAL ISSUES RELATED TO AUDITING (STUDY OBJECTIVE 12)

All types of auditors must follow guidelines promoting ethical conduct. For financial statement auditors, the PCAOB/AICPA has established a Code of Professional Conduct, commonly called its code of ethics. This code of ethics is made up of two sections, the principles and the rules. The principles are the foundation for the honorable behavior expected of CPAs while performing professional duties, whereas the rules provide more detailed guidance. Following are the six principles of the code:

  1. Responsibilities. In carrying out their professional duties, CPAs should exercise sensitive professional and moral judgments in all their activities.
  2. The Public Interest. CPAs should act in a way that will serve the public interest, honor the public trust, and demonstrate commitment to professionalism.
  3. Integrity. To maintain and broaden public confidence, CPAs should perform their professional duties with the highest sense of integrity.
  4. Objectivity and Independence. CPAs should maintain objectivity and be free of conflicts of interest in the performance of their professional duties. CPAs in public practice should be independent in fact and appearance when providing auditing and other attestation services.
  5. Due Care. CPAs should observe the profession's technical and ethical standards, strive continually to improve competence and the quality of services, and discharge professional responsibility to the best of their ability.
  6. Scope and Nature of Services. CPAs in public practice should observe the principles of the Code of Professional Conduct in determining the scope and nature of services to be provided.

Internal auditors and IT auditors must abide by ethical standards established by the IIA and ISACA, respectively. The IIA Code of Ethics is founded on the principles of integrity, objectivity, confidentiality, and competency. Similarly, ISACA's Code of Professional Ethics recognizes due diligence, objectivity, competency, communication, maintaining privacy and confidentiality, and serving in the interests of stakeholders.

These professional codes of ethics are adopted by their respective constituencies in recognition of their ethical responsibilities to others. Compliance with a code of conduct depends primarily upon the understanding and voluntary actions of its members. In the United States, many states and professional organizations have special committees that are responsible for enforcing the code of ethics. These committees consider cases of wrongdoing. Committee actions may include informal discussions, investigating complaints, issuing warning letters, holding hearings and trials, and suspension or expulsion of the professional certification.

Of all the ethical principles applicable to auditors, the one that generally receives the most attention is the requirement for financial statement auditors to maintain independence. The early pages of this chapter described the importance of auditors being unbiased, which is the essence of independence. The requirement for independence makes the CPA profession unique compared with other business professionals. CPA firms are restricted from performing audit engagements when they have financial or personal relationships with clients or when they have the ability to influence their clients.

The Phar-Mor example illustrates the point that an auditor's independence may be jeopardized if the auditors become too friendly with their clients. Auditors have an ethical obligation to never let anything, including close relationships with their clients, compromise their independence and objectivity.

THE REAL WORLD

In the case of the Phar-Mor pharmaceutical company fraud, the auditors became too close to the management of Phar-Mor and shared audit information that they should not have. For example, the auditors told management which stores they would select for inventory testing. Phar-Mor managers were then able to move inventory between stores to conceal inventory shortages in the stores that were to be audited by the CPA firm.

images The Sarbanes–Oxley Act placed restrictions on auditors by prohibiting certain types of services historically performed by auditors for their clients. For example, auditors can no longer perform IT design and implementation services for companies which are also audit clients. The Act regards IT services as involving management decisions that would affect the financial information provided by the company. This would ultimately place the audit firm in a position of auditing its own work and would therefore violate its objectivity.

The Sarbanes–Oxley Act also increases management's responsibilities regarding the fair presentation of the financial statements. It requires public companies to have an audit committee as a subcommittee of the board of directors. The audit committee is charged with the responsibility for overseeing the audit functions and approving all services provided by its auditors. In addition, the Sarbanes–Oxley Act requires top management to verify in writing that the financial statements are fairly stated and that the company has adequate internal controls over financial reporting.

Auditors who are responsible for auditing financial statements and for reporting on the effectiveness of their clients' internal controls should not be in a position of making managerial decisions, designing or implementing policies and procedures, or preparing financial information for their clients, as such tasks would jeopardize their objectivity. If auditors were to be engaged in such tasks, they could not possibly audit the client's underlying financial statements and internal controls in a truly unbiased manner.

In fulfilling their ethical responsibilities, auditors must practice professional skepticism during the audit. Professional skepticism means that the auditors should not automatically assume that their clients are honest, but must have a questioning mind and a persistent approach to evaluating evidence for possible misstatements. Misstatements may result from error or fraud, and auditors have equal responsibility for searching for both causes of material misstatements.

THE REAL WORLD

A widely publicized case of management fraud involved Crazy Eddie's electronics retail stores in New York. This case is particularly outrageous because the management of the company, including Eddie Antar and his family, used nearly every trick in the book to commit financial statement fraud and con the auditors in the process. Some of the tactics used by Antar included the reporting of fictitious sales and overstated inventories, hiding liabilities and expenses, and falsifying financial statement disclosures. The Antars used their employees and suppliers to help carry out their illegal schemes. They also tampered with audit evidence.

Because the auditors were too trusting and did not carefully protect the audit files when they went home at the end of the day, the client (Crazy Eddie's) had the opportunity to alter audit documents. Even though this fraud occurred over two decades ago, it still provides a clear example of how management fraud can be pulled off and how auditors can be deceived.

Concerning fraud in the business organization, recall from Chapter 3 the distinction between employee fraud and management fraud: Employee fraud involves stealing assets, whereas management fraud is the intentional misstatement of financial information. Fraud may be difficult for auditors to find, because the perpetrator often tries to hide the fraud. Auditors must recognize that management may be in a position to override established controls, and that employees may work in collusion to carry out a fraudulent act. This makes it even more difficult for auditors to detect fraud.

The example of fraud perpetrated by Crazy Eddie's describes the importance to auditors of knowing their clients well and exercising professional skepticism. In the exercise of professional skepticism, auditors should make sure that the audit procedures include the following:

  • Examination of financial reporting for unauthorized or unusual entries
  • Review of estimated information and changes in financial reporting for possible biases
  • Evaluation of a reasonable business purpose for all significant transactions

It is important for auditors to consider the conditions under which fraud could be committed, including the possible pressures, opportunities, and rationalization for committing dishonest acts. In the context of a client's IT systems, auditors should also think about the possibility that computer programs could be altered to report information in a manner that is favorable for the company.

Modern financial statement auditing tends to concentrate on analyzing risks, evaluating clients' computer systems, and testing the related controls, with reduced emphasis on substantive procedures. Although it is important to understand the company's accounting systems and to determine whether related controls are effective, this type of testing is not enough to satisfy the responsibilities of the audit profession. Auditors should be careful about balancing the mix of audit procedures between tests of controls and substantive tests. Emphasis on computer processes and internal controls may lead to an overreliance on the accounting system, which could be circumvented by management. Therefore, it is important to also perform substantive procedures that focus on the actual transactions and account balances that make up the financial statements.

THE REAL WORLD

Examples of management fraud were discovered at Enron, Xerox, WorldCom, and other large, well-known companies during the past 15 years. In fact, many of the big corporate fraud cases that have been in the news in recent years involved the company's chief executive or top accounting managers. The financial statement misstatements resulting from these frauds have been staggering. At WorldCom, for example, nearly $4 billion in operating expenses were hidden when management decided to capitalize the expenditures rather than report them on the income statement. This illustrates the importance to auditors of varying the mix of audit procedures to include a reasonable combination of tests of controls and substantive tests. Even in large companies with sophisticated systems of internal control, the audit needs to include tests of the accounting balances in order to increase the chances of discovering whether management may have circumvented controls in order to perpetrate fraud.

Accountants are sometimes called upon to perform a specialized type of assurance service called forensic auditing. Forensic auditing is designed specifically for finding and preventing fraud and is used for companies where fraud is known or believed to exist. Some accountants who work on forensic audits become certified fraud examiners (CFEs) and are considered experts in the detection of fraud. Some CFEs specialize in computer forensics, which involves the detection of abuses within computer systems. IT auditors may play an instrumental role in gathering and analyzing data needed to perform or assist in a forensic audit. The need for the services of these types of auditors is expected to grow in the future, because cyber crimes will likely increase as cloud computing becomes more widespread.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.148.144.139