5503 Discussions Among the Engagement Team

Oct-2019

OAG Guidance

The engagement leader uses professional judgment, prior experience with the entity and knowledge of current developments to determine which other members of the engagement team are included in the discussion. The discussion will include participation by most, if not all, engagement team members including:

• All other engagement and quality reviewers (as applicable).
• Other key members of the engagement team.
• Internal Specialist for Fraud, where heightened risk exists
• Key members from other relevant lines of service (IT Audit specialist, Data Analytics specialists, etc.).

The discussion of fraud risk could be a part of the team planning meeting (Develop Audit Strategy meeting), or it could be a separate meeting (OAG Audit 4010). If the discussion of fraud risk is part of a larger meeting, sufficient time is allowed for a proper discussion, with a focus on “What could go wrong?”

In addition to matters referred to in CAS 240.A12, the discussion would ordinarily also cover:

• Review with the entire team of any fraud risk conditions identified in the Acceptance & Continuance process.

• Qualitative and quantitative factors to be considered in assessing risk of fraud.

• Audit team needs to have professional skepticism at all times and sufficient appropriate audit evidence to support the audit opinion.

• Determination of specific procedures to be conducted as part of the audit to address any fraud risks identified in this meeting, including determination of the use of fraud experts, and the plan for reviewing results with engagement leadership.

• Discussion of evidential fraud risk factors to be aware of at all times during the audit. For examples of evidential risk factors see OAG Audit 5502.

• Tone at the top is critical.

• Reaffirm the need to assess the risk of fraud at each stage of the audit and for engagement team members to communicate about the risks of material misstatement due to fraud.

• Discussion regarding fraud and new issues arising since the date of the last audit that may potentially affect the entity. Such discussion may include recent frauds in the industry in which the company operates.

Communication among the team continues throughout the audit, and therefore, fraud risk is ordinarily included on the agenda for “taking stock” meetings.

Group Audit guidance:

For group audits, team meetings are held in all locations where there is a significant component. The meeting of the group engagement team will take place in advance of local team meetings so that any relevant issues from a group perspective can be communicated to local teams.

These discussions provide an opportunity to:

• Share knowledge of the components and their environments, including entity-level controls.

• Exchange information about the business risks of the components or the group.

• Exchange ideas about how and where the group financial statements (including the individual statements and the disclosures) may be susceptible to material misstatement due to fraud or error, how group management and component management could perpetrate and conceal fraudulent financial reporting, and how assets of the components could be misappropriated.

• Identify practices followed by group or component management that may be biased or designed to manage earnings that could lead to fraudulent financial reporting, for example revenue recognition practices that do not comply with the applicable financial reporting framework.

• Consider known external and internal factors affecting the group that may create an incentive or pressure for group management, component management or others to commit fraud, provide the opportunity for fraud to be perpetrated, or indicate a culture or environment that enables group management, component management or others to rationalize committing fraud.

• Consider the risk that group or component management may override controls.

• Consider whether uniform accounting policies are used to prepare the financial information of the components for the group financial statements and, where not, how differences in accounting policies are identified and adjusted (where required by the applicable financial reporting framework).

• Discuss fraud that has been identified in components or information that indicates existence of a fraud in a component.

• Share information that may indicate non-compliance with laws or regulations, for example payments of bribes and improper transfer pricing practices.

Practice Aids available

For further guidance on team planning meetings, see OAG Audit 4010.

Taking stock meetings—In addition to the team planning meetings, engagement team members are also able to communicate and share information obtained throughout the audit that may affect the assessment of or responses to risks, at Taking Stock meetings. For further guidance on Taking Stock meetings, see OAG Audit 7022.

Specimen Agenda for Engagement Team Discussion

Include the following matters in the agenda for the team discussion (Consider in conjunction with CAS 240.A12):

• Impact of any issues emerging from Acceptance & Continuance, including consideration of risk conditions relating to fraud. For the sake of expediency, it is recommended that attendees consider the fraud risk factors in advance so as to be able to participate in an informed discussion during the meeting.

• Entity’s stated or known business objectives.

• General risks of material misstatement from fraudulent financial reporting and misappropriation of assets arising from those objectives.

• Specific types of financial fraud schemes the entity may be at risk of based on the objectives.

• Financial statement line items where the entity’s financial statements might be susceptible to fraud.

• Operating locations for which fraud is a greater risk.

• External and internal factors affecting the entity, including:

  • Incentives/pressures for management and others to commit fraud.
  • Opportunity for fraud to be perpetuated.
  • Culture or environment that enables management to rationalize committing fraud.

• Presumption of risk of improper revenue recognition.

• Risk of management override of controls.

• Past experience: Any frauds previously uncovered.

• Consideration of any allegations of fraud that have come to our attention.

• Consideration of circumstances that might be indicative of earnings management and the practices that might be followed by management to manage earnings that could lead to fraudulent financial reporting.

• Consideration of the risk that management may attempt to present disclosures in a manner that may obscure a proper understanding of the matters disclosed (for example, by including too much immaterial information or by using unclear or ambiguous language).

• Consideration of management’s involvement in overseeing employees with access to cash or other assets susceptible to misappropriation.

• Consideration of any unusual or unexplained changes in behavior or lifestyle of management or employees which have come to the attention of the engagement team.

• Need to involve the Internal Specialist for Fraud to assist in planning or implementation of specific fraud audit procedures (See OAG Audit 5513 for more guidance on the Internal Specialist for Fraud).

• Information needed to assess the risk of material misstatement due to fraud and how it will be gathered.

  • Inquiries of management.
  • Analytical procedures.
  • Fraud risk factors identified, if any.
  • Other information.

• Other steps required.

  • Using information obtained to identify fraud risk.
  • Assessing fraud risks identified taking into account an evaluation of relevant controls.
  • Responding to the results of the assessment additional procedures or other responses, as appropriate.
  • Consideration of how an element of unpredictability will be incorporated into the nature, timing and extent of the audit procedures to be performed.
  • Evaluating audit evidence.

• Evidential indicators to look out for and what to do about them.

• Reaffirmation by engagement leader of the importance of an appropriate degree of professional skepticism.

• How to document audit work in relation to the consideration of fraud risk.

• Determination of specific procedures to address identified fraud risk.

• Communication with engagement team members in other locations.

See OAG Audit 4010 for related guidance on team planning meetings.

As legislative auditors, based on risk assessment of the entity, we may perform additional audit work with respect to executive and board compensation, and travel, hospitality, conference and event expenditures. See OAG Audit 11031 for further guidance related to the audit of executive and board compensation, and travel, hospitality, conference and event expenditures.