Question

fraud auditing and IT auditing. 1-Describe the different kinds of fraud andthe Fraud Triangle, an auditor's responsibility to identify and assess fraud. 2-Describe the specific risks, benefits, and internal controls associated with IT functions.

Answer 1

(1) Fraud Auditing:- Fraud is defined as the deceptiveness for the purpose of personal or financial gain. In the auditing world, fraud is defined as the deliberate misstatement of the financial statements. In auditing there are two types of fraud. This paper will discuss both of the types of fraud in detail. Also in this paper we will describe the Fraud Triangle and the auditor’s responsibility to identify and assess fraud. This paper will also cover topics such as the specific risk, benefits, and internalcontrols associated with IT functions

Different Kinds of Frauds are:-

1) Fraudulent Financial Reporting :-

-Usually perpetrated by senior management (CEO, CFO, COO)

-Committed by the organization

-Benefits the organization/company

-Auditor are highly concerned about this

2) Misappropriation of Assets :-

-Usually perpetrated by lower level employees

-Committed against the organization

-Benefits the individual/employee

-Rarely material and less of a concern for an auditor

Fraud Trangle:-

The fraud triangle refers to conditions that are generally present when material misstatements due to fraud occur.

1) Incentives/Pressures :-

- Generally, refers to companies undergoing excessive pressure to meet analysts’ or investors’ expectations

- Stock options and bonuses based on net income are also examples of such incentives and/or pressures

2) Opportunities for Fraud :-

- Ineffective governance – for example, the Board of Directors is not committed to ethical policies and morals

- Significant subjective judgment calls or estimates are involved in accounting

3) Potential Problems arising from Attitudes/Rationalization :-

- Management is very aggressive, has a risk-taking mentality, and makes highly unrealistic forecasts that need to be met

- The ethical tone at the top is poor, which allows perpetrators to rationalize their actions

An auditor's responsibility to identify and assess fraud are:-

When the auditor is considering the potential for fraud in an audit, they will focus on risk assessment procedures in the planning stage. Remember that auditors must maintain an attitude of professional skepticism. One of the auditor’s responsibilities includes asking management and the audit committee if they know of any unusual situation or any employee who is acting strangely, because the prevention and detection of fraud is ultimately their responsibility.

Fraud isn’t just about catching unusual transactions and relationships in the numbers in the books but also about examining the general behavioral patterns of employees and any hardships, financial or otherwise, that they may be suffering at the time.

In addition, the auditor will consider the fraud triangle and look for any fraud risk factors (red flags) that indicate an incentive/pressure to commit fraud. Finally, in the planning stage, auditors will also carry out ratio and trend analyses to look for any unusual patterns or unexpected results in relation to previous year/industry data.

(2) Risks associated with IT Functions:-

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

Benefits associated with IT Functions :-

The primary benefit of IT Functions is their ability to provide a user with the information needed to do any task effectively and efficiently. Computer databases and paper records provide data, but information systems provide the appropriate data about each user's tasks in a format best suited to that user.

Internal Controls associated with IT Functions :-

Internal control is defined as a process affected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical and intangible. At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective internal control procedures reduce process variation, leading to more predictable outcomes. Internal controls within business entities are also referred to as operational controls.