Wiley Practitioner's Guide to GAAS 2017. Flood Joanne M.

      1. Complying with certain legal and regulatory requirements

      2. Responding to a successor auditor's inquiries

      3. Responding to a subpoena

      4. Complying with requirements of a funding agency or other specified agency for audits that receive governmental financial assistance

      (AU-C 240.A72)

      NOTE: The auditor should document these communications to management, the audit committee, and others.

      1. Consider the implications for other aspects of the audit.

      2. Reevaluate the assessment of the risk of fraud.

      3. Discuss the matter and the approach to further investigation with the appropriate level of management.9

      4. Obtain additional evidentiary matter, including suggesting that the client consult with legal counsel.

      5. Consider whether any risk factors identified represent reportable conditions (Section 325).

      6. Consider withdrawing from the engagement and communicating the reasons to those charged with governance.

      7. Report the fraud to the audit committee or, in a small business, to the owner-manager.

      NOTE: If the perpetrator controls the audit committee or board of directors, go directly to client's legal counsel. If the perpetrator is a general partner acting against the interests of the limited partners, obtain legal advice and consider communicating to the limited partners. If the perpetrator is the owner-manager of a small business, the auditor has little choice but to communicate with the perpetrator and has no obvious course of action but to withdraw. However, first the auditor should consult with his or her legal counsel.

      8. Insist that the financial statements be revised and, if they are not, express a qualified or adverse opinion (if precluded from obtaining needed evidence, disclaim an opinion or withdraw).

      1. Follow the steps in the Situation 1 checklist plus additional items 2–4 below.

      2. Consider Section 10A(b) of the Securities Exchange Act of 1934 (Title III, Private Securities Litigation Reform Act of 1995):

      a. Matter is reported to board of directors and it does not take appropriate action.

      b. Auditor concludes that failure to take remedial action is expected to cause departure from standard audit report or cause withdrawal.

      c. Auditor should report conclusion in item b of this list to board of directors as soon as practicable (e.g., on Monday).

      d. Client is required to notify SEC (within one business day) of auditor's conclusion described in item b (e.g., by Tuesday).

      e. Client is required to furnish report to SEC in item d to auditor within one business day (e.g., by Tuesday).

      f. If auditor doesn't receive report in item e, auditor notifies SEC within one business day following failure to receive (e.g., on Wednesday).

      3. If the auditor withdraws or resigns from the engagement, the auditor must send a copy of resignation to the SEC within five business days.

      4. Follow SEC requirements for reporting on Form 8-K:

      a. Upon auditor's withdrawal, client must disclose within four business days the following information on a Form 8-K, filed with the SEC, with a copy to the auditor on the same day:

      ● Auditor's resignation

      ● Auditor's conclusion that the information coming to his or her attention has a material impact on the fairness or reliability of the client's financial statements or audit report and that this matter was not resolved to the auditor's satisfaction before resignation

      b. Auditor must prepare a letter stating agreement or disagreement with client's statements after reading Form 8-K. If auditor disagrees, he or she must disclose differences of opinion in a letter to client as promptly as possible. Client must then file the letter with the SEC within ten business days after filing the Form 8-K. Notwithstanding the ten-business-day requirement, client has two business days from the date of receipt to file the letter with the SEC.

      1. Evaluate the implications for other aspects of the audit, especially organizational positions of persons involved.

      2. Bring to the attention of, and discuss with, the appropriate level of management (even if inconsequential).

      3. Communicate the matter to those charged with governance unless the matter is clearly below the communication threshold previously agreed to by the auditor and those charged with governance.

      4. Consider whether any risk factors identified represent reportable conditions (Section 265).

      ● The engagement team's discussion, when planning the audit, about the entity's susceptibility to fraud; the documentation should include how and when the discussion occurred, audit team members participating, and the subject matter covered.

      ● Procedures performed to obtain the information for identifying and assessing the risks of material misstatements due to fraud.

      ● Specific risks of material misstatement due to fraud identified by the auditor, and a description of the auditor's response to those risks.

      ● If improper revenue recognition has not been identified as a risk factor, the reasons supporting such conclusion.

      ● The results of procedures performed that addressed the risk that management would override controls.

      ● Other conditions and analytical relationships that caused the auditor to believe that additional procedures or responses were required, and any other further responses to address risks or other conditions.

      ● The nature of communications about fraud to management, those charged with governance, and others.

      (AU-C 240.43-.46)

      ● Create and maintain a culture of honesty and high ethics.

      ● Evaluate the risks of fraud and implement the processes, procedures, and controls needed to mitigate the risks and reduce the opportunities for fraud.

      ● Develop an appropriate oversight process.

      ●