10-27: The following misstatements are included in the accounting records of the Joyce Manufacturing Company:
- A material sale was recorded on the last day of the year even though the goods were not shipped until three days later.
- Merchandise was shipped to a customer, but no bill of lading was prepared. Because billings are prepared from bills of lading, the customer was not billed.
- The controller approved a payment to a consulting firm owned by his sister. The consulting firm did not actually perform any services for the company.
- The shipping clerk included several additional valuable items in a shipment that were not included in the customer’s order and were not invoiced to the customer. The shipping clerk has an arrangement with the customer to share the proceeds from sales of the additional items shipped.
- Cash paid on accounts receivable was stolen by the mail clerk when the mail was opened.
- A sales invoice was miscalculated by $1,000 as a result of a key-entry mistake.
- Cash paid on accounts receivable that had been prelisted by a secretary was stolen by the bookkeeper, who records cash receipts and accounts receivable. He failed to record the transactions.
- Identify whether each misstatement is an error or fraud.
- For each misstatement, list one or more procedures that could be implemented to prevent it from occurring on a continuing basis.
- For each misstatement, identify evidence the auditor can use to uncover it
10-32: Each year near the balance sheet date, when the president of Bargon Construction, Inc., takes a 3-week vacation to Hawaii, she signs several checks to pay major bills during the period she is absent. Jack Morgan, head bookkeeper for the company, uses this practice to his advantage. Morgan makes out a check to himself for the amount of a large vendor’s invoice and, because there is no acquisitions journal, he records the amount in the cash disbursements journal as an acquisition from the supplier listed on the invoice. He holds the check until several weeks into the subsequent period to make sure that the auditors do not get an opportunity to examine an electronic copy of the cancelled check. Shortly after the first of the year when the president returns, Morgan resubmits the invoice for payment and again records the check in the cash disbursements journal. At that point, he marks the invoice “paid” and files it with all other paid invoices. Morgan has been following this practice successfully for several years and feels confident that he has developed a foolproof method.
a. What is the auditor’s responsibility for discovering this type of embezzlement?
b. What weaknesses in Bargon’s processes exist?
c. What evidence can the auditor use to uncover the fraud?
10-33: The following are various potential frauds in the sales and collection cycle:
1. The company engaged in channel stuffing by shipping goods to customers that had not been ordered.
2. The allowance for doubtful accounts was understated because the company altered the aging of accounts receivable to reduce the number of days outstanding for delinquent receivables.
3. The accounts receivable clerk stole checks received in the mail and deposited them in an account that he controlled. He issued credit memos to the customers in the amount of the diverted cash receipts.
4. The company contacted a major customer and asked them to accept a major shipment of goods before year-end. The customer was told that they could return the goods without penalty if they were unable to sell the goods.
5. A cashier stole cash receipts that had been recorded in the cash register.
6. The company recorded “bill-and-hold sales” at year-end. Although the invoices were recorded as sales before year-end, the goods were stored in the warehouse and shipped after year-end.
7. The company did not record credit memos for returns received in the last month of the year. The goods received were counted as part of the company’s year-end physical inventory procedures.
8. A cashier stole cash receipts by failing to record the sales in the cash register.
9. The CFO recorded fictitious credit sales at the end of the year without recording the associated cost of sales and reduction in inventory.
a. Indicate whether the fraud involves misappropriation of assets or fraudulent financial reporting.
b. For those frauds that involve misappropriation of assets, state a control that would be effective in preventing or detecting the misappropriation.
c. For those frauds that involve fraudulent financial reporting, state an audit procedure that would be effective in detecting the fraud.
11-25: The following are misstatements that have occurred in Fresh Foods Grocery Store, a retail and wholesale grocery company:
1. On the last day of the year, a truckload of beef was set aside for shipment but was not shipped. Because it was still on hand, the inventory was counted. The shipping document was dated the last day of the year, so it was also included as a current-year sale.
2. The incorrect price was used on sales invoices for billing shipments to customers because the wrong price was entered into the computer master file of prices.
3. A vendor invoice was paid even though no merchandise was ever received. The accounts payable software application does not require the input of a valid receiving report number before payment can be made.
4. Employees in the receiving department took sides of beef for their personal use. When a shipment of meat was received, the receiving department filled out a receiving report and forwarded it to the accounting department for the amount of goods actually received. At that time, two sides of beef were put in an employee’s pickup truck rather than in the storage freezer.
5. An accounts payable clerk processed payments to himself by adding a fictitious vendor address to the approved vendor master file.
6. During the physical count of inventory of the retail grocery, one counter wrote down the wrong description of several products and miscounted the quantity.
7. A salesperson sold an entire carload of lamb at a price below cost because she did not know the cost of lamb had increased in the past week.
8. A vendor’s invoice was paid twice for the same shipment. The second payment arose because the vendor sent a duplicate copy of the original 2 weeks after the payment was due.
a. For each misstatement, identify one or more types of controls that were absent.
b. For each misstatement, identify the transaction-related management assertions that have not been met.
c. For each misstatement, suggest a control that may have prevented or detected the misstatement.
11-27: The following are misstatements that can occur in the sales and collection cycle:
1. A customer number on a sales invoice was transposed and, as a result, charged to the wrong customer. By the time the error was found, the original customer was no longer in business.
2. A former computer operator, who is now a programmer, entered information for a fictitious sales return and ran it through the computer system at night. When the money came in, he took it and deposited it in his own account.
3. A nonexistent part number was included in the description of goods on a shipping document. Therefore, no charge was made for those goods.
4. A customer order was filled and shipped to a former customer, which had already filed for bankruptcy.
5. The sales manager approved the price of goods ordered by a customer, but he wrote down the wrong price.
6. A computer operator picked up a computer-based data file for sales of the wrong week and processed them through the system a second time.
7. For a sale, a data entry operator erroneously failed to enter the information for the salesman’s department. As a result, the salesman received no commission for that sale.
8. Several remittance advices were batched together for inputting. The cash receipts clerk stopped for coffee, set them on a box, and failed to deliver them to the data input personnel.
a. Identify the transaction-related management assertion(s) to which the misstatement pertains.
b. Identify one automated control that would have likely prevented each misstatement.
11-31: A growing number of organizations have been the target of hacking attacks, or cyberattacks, in recent years. High-profile examples in the U.S. include Target Corp., Home Depot Inc., the Internal Revenue Service, and other government agencies such as the Office of Personnel Management. Companies and governments need to consider the risks of a cyberattack, and consider backup plans in the event a cyberattack results in a loss of hardware, software, or data. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a thought paper, COSO in the Cyber Age, to help organizations assess and mitigate risks associated with cybersecurity through the existing COSO Framework. Visit the COSO Web site (www.coso.org), and refer to the “Guidance” tab. Read the thought paper to answer the following questions:
a. The COSO guidance acknowledges that “cyber risk is not something that can be avoided; instead it must be managed.” Why is cyber risk unavoidable? Does this acknowledgement make it more or less difficult to address and mitigate cyber risk?
b. At the control environment level (the first of the five components of internal control), what should organizations do to address cyber risk?
c. The paper identifies five broad categories of cyberattack perpetrators and motivations. Briefly describe each group of perpetrators and their motivation.
d. What types of control activities are recommended to address cyber risks?