Cendat CorreptionThis case is about the Candent Corporation scandal. The auditor is responsible to perform and plan audit to obtain reasonable assurance that the financial statements are free from fraud or error; for that reason, auditor should identify and assess the risk of material misstatement due to fraud or error and design procedures to detect the fraud (AU-C 240). The financial reporting fraud and misappropriation of assets fraud are categories of fraud that influence the financial statement (AU-C 240). The auditor should consider the incentives or pressures, opportunity and rationalization to commit fraud when assessing the material misstatement due to fraud (AU-C 240). Pressures incentives to meet the Wall street analysts’ earnings expectations was the important factor, for CUC’s management, to commit the fraud by recording fictitious revenues and reducing the expenses, and the end-year adjustments to the general ledger made an opportunity to commit the fraud during the 1995 through 1997 audits.
The auditor is responsible to understand the entity’s control environment, its risk assessment process, its information system, control activities relevant to the audit and monitoring of the control in order to identify and assess the level of risk due to fraud or error (AU-C 315). When the auditor evaluates the entity’s control environment, the auditor should consider these elements: communication and enforcement of integrity and ethical values, commitment to competence, participation by those charged with governance, management’s philosophy and operating style, organizational structure, assignment of authority and responsibility, and human resource practices and policies.There are many examples of management override of CUC’s internal control. For example, CUC’s management recoded the amounts received from customers for deferred revenue as immediate revenue recognition.
The auditor may in its discretion make a change to the control or conduct a change without notice to the user’s users, if it is determined that an audit of business operations, including the audit report, will result in loss for the business that is not recoverable as a result of the change. For example, a change to the control involves:
(a) transferring ownership of the affected business and all records that can be used for the audit to a trust; using the audit to determine its liability; and assessing potential damage to property or infrastructure as a result of a failure to implement controls, including those for the audit.
CUCs management should include in their audits the following:
Management (including the employee, an approved expert witnesses in the case, an auditor general or an arbitrator), as well as information about the business and information provided by the customer regarding its control environment.
Information disclosed to the customer if the auditor determines that information on the business’s control environment is not covered by a disclosure agreement.
When a business has implemented or approved a control, the auditor will include this in a report.Â
Information obtained in the course of the audit.
Information provided to the customer by the client which has in place a record in writing of information that is necessary or appropriate to protect the privacy of the client or the client’s business. The customer can obtain both information and copies of the records or copies of the records if these two would be reasonably required on a customer’s behalf.