Page 24 - CA Final PARAM Digital Book.
P. 24
Risk factors that relate to misstatements arising from misappropriation of assets are also classified
according to the three conditions generally present when fraud exists: incentives/pressures,
opportunities, and attitudes/rationalization.
Incentives/Pressures
Personal financial obligations may create pressure on management or employees with access to cash
or other assets susceptible to theft to misappropriate those assets.
Adverse relationships between the entity and employees with access to cash or other assets
susceptible to theft may motivate those employees to misappropriate those assets. For example,
adverse relationships may be created by the following:
(i) Known or anticipated future employee layoffs.
(ii) Recent or anticipated changes to employee compensation or benefit plans.
(iii) Promotions, compensation, or other rewards inconsistent with expectations.
Opportunities
Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation.
For example, opportunities to misappropriate assets increase when there are the following:
(i) Large amounts of cash on hand or processed.
(ii) Inventory items that are small in size, of high value, or in high demand.
(iii) Easily convertible assets, such as bearer bonds, diamonds, or computer chips.
(iv) Fixed assets which are small in size, marketable, or lacking observable identification of
ownership.
Inadequate internal control over assets may increase the susceptibility of misappropriation of those
assets. For example, misappropriation of assets may occur because there is the following:
(i) Inadequate segregation of duties or independent checks.
(ii) Inadequate oversight of senior management expenditures, such as travel and other
reimbursements.
(iii) Inadequate management oversight of employees responsible for assets, for example,
inadequate supervision or monitoring of remote locations.
(iv) Inadequate job applicant screening of employees with access to assets.
(v) Inadequate record keeping with respect to assets.
(vi) Inadequate system of authorization and approval of transactions (for example, in purchasing).
(vii) Inadequate physical safeguards over cash, investments, inventory, or fixed assets.
(viii) Lack of complete and timely reconciliations of assets.
(ix) Lack of timely and appropriate documentation of transactions, for example, credits for
merchandise returns.
(x) Lack of mandatory vacations for employees performing key control functions.
(xi) Inadequate management understanding of information technology, which enables information
technology employees to perpetrate a misappropriation.
(xii) Inadequate access controls over automated records, including controls over and review of
computer systems event logs.
Attitudes/Rationalizations
(i) Disregard for the need for monitoring or reducing risks related to misappropriations of assets.
(ii) Disregard for internal control over misappropriation of assets by overriding existing controls or
by failing to take appropriate remedial action on known deficiencies in internal control.
(iii) Behaviour indicating displeasure or dissatisfaction with the entity or its treatment of the
employee.
(iv) Changes in behaviour or lifestyle that may indicate assets have been misappropriated.
(v) (v) Tolerance of petty theft.
www.auditguru.in PARAM 2.3 | P a g e
