Cendant Case Study

Question 1:

Professional standards outline the auditor's consideration of material misstatements due to errors and fraud.

a) What responsibility does an auditor have to detect material misstatements due to errors and fraud?

The purpose of assurance engagement is enhancing the reliability of the subject matters. So it is auditor's responsibility to provide a reasonable level to assure the financial report is true and fair.

Financial report is a data assembling which reflect the position of the business. Therefore these users, including investors, managements, shareholders and the other parties can make decision base on the information provided by the financial report. Then the information which impacts on the process of decision making for the uses of the financial report is defined as materiality (Kimmel, Carlon, Loftus, Mladenovic, Kieso, & Weygandt, 2006).

The fairness and trueness of the material is important to the users of financial reports. The major task of auditor is to identify the misstatement in the financial report. By definition, misstatement is a difference between the amounts, classification, presentation or disclosure of a reported financial report item and the amount, classification, presentation or disclosure that is required for the item to be in accordance with the applicable financial reporting framework. There are two kinds of misstatements and they rise from error or fraud respectively (Auditing, Assurance and Ethics Handbook, 2010).

But by the limitation of auditing, financial report audit only provides reasonable assurance instead of total responsibility to the fairness and trueness of the reports. The auditors can assure about whether the financial report is prepared in all material respects in accordance with a financial reporting framework. The reason of the limitation is determined by the nature of financial reporting, the nature of audit procedures and the need for the audit to be conducted within a reasonable period of time and at a reasonable cost (Moroney, Campell, & Hamilton, 2011).

b) What two main categories of fraud affect financial reporting?

By definition, fraud is an intentional act through the use of deception to obtain an unjust or illegal advantage. These two main categories of fraud are financial reporting fraud and misappropriation of assets fraud.

Generally say misappropriation of assets fraud involves some form of theft. Therefore misappropriation of assets fraud will decrease the assets and increase the expenses then it will reduce the owner’s equity of the company (Auditing, Assurance and Ethics Handbook, 2010). 

Financial reporting fraud is intentionally misstating items or omitting important facts from the financial report (Moroney, Campell, & Hamilton, 2011). In Cendant case, the fraud is the accounting department manipulating the revenues to meet the expectation of Wall Street analyst. Than the company can have more opportunities to merge other companies. The affect of the financial reporting fraud will increase sales therefore increase the profit of the company. The financial reporting with fraud will indicate the future earning ability to the share market therefore rising the share price in the exchange market. 

c) What types of factors should auditors consider when assessing the likelihood of material misstatements due to fraud?

First the auditors should consider the company economical environment to identify whether there are incentives and pressures to commit a fraud (Moroney, Campell, & Hamilton, 2011). CUC is in the travel service industry which is highly competitive. And CUC's revenue has dramatic doubled in the mid-1990s. To merge the other company, the company's profit has to keep increasing to meet the analysts’ expectation. So the managements of CUC have pressures to create more profit by fraud financial figures.  

Second the auditors should look into the financial report whether there are opportunities to perpetrate a fraud. (Moroney, Campell, & Hamilton, 2011) In this case, CUC made various year-end adjustments to the general ledger. Those significant adjustments created great opportunities to make a fraud.

Finally, attitudes and rationalisation to justify a fraud need to be assessed by the auditors. (Moroney, Campell, & Hamilton, 2011)CUC has been required to amend its financial statements by the Securities and Exchange Commission several times for using aggressive accounting practices in later 1980's and early 1990's. And from CUC's high speed expand, the companies top management showed high enthusiasm to maximise the share price. So the top level managements have created a flexible environment for the financial fraud.    

d) Which factors existed during the 1995 through 1997 audits of CUC that created an environment conducive for fraud?

Seeking the incentives and pressures to commit a fraud, material stated in the early and mid-1990's CUC acquired several companies to expand market share. Those acquisitions included Entertainment Publications in 1992, Net Market in 1994, Welcome Wagon International, Home Shopping Travel Club, Privacy Guard in 1995, Sierra On-Line, Davidson & Associates in 1996. CUC also came into the new contracts with big companies such as Intel, Time Warner and American Airlines. CUC had doubled revenues from 738m in 1993 to 1.4b in 1996 and at same time CUC's net income rose from 25m to 163m (CUC International Inc. - Company Profile, Information, Business Description, History, Background Information on CUC International Inc.).

CUC was in highly increasingly competitive industry. To maintain high growth rate hut pressures on the managements.

However, for year-end reporting purposes, CUC made various year-end adjustments to incorporate the misstatements into the general ledger. Those adjustments are the opportunities to perpetrate a fraud.

Question 2:

Entity's 5 interrelated components of internal control

a) What responsibility does an auditor have related to each of these five components?

Internal control is the process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity's objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations.

Internal control framework is one of the independent reference for auditors to gather. The auditors need to test the five components of the internal control to identify the level of risk to error or fraud. The auditors need to test the effectiveness, consistent, inspection of documents for evidence of authorisation, inspection of documents for evidence that details included have been checked by appropriate client personnel, personnel performing,how they perform their tasks and re-performing control procedures.

1) The control environment

The control environment is the attitudes, awareness and action of management and those charged with governance concerning the entity's internal control and its importance in the entity. And the control environment sets the foundation for effective internal control, providing discipline and structure and includes several elements such as, communication and enforcement of integrity and ethical values, commitment to competence, participation by those charged with governance, management's philosophy and operating style, organisational structure, assignment of authority and responsibility, human resource policies and practices.

The auditor should consider each of these areas and their interrelationships. Especially, the auditor need to identify the significant deficiencies.

2) The entity's risk assessment process

The entity's process for identifying and responding to business risks, in the financial reporting area, is how management find risks in the preparation of a financial report that is true and fair.

There are three kinds of risks, inherent, control and detection risks. Inherent risk is the susceptibility of an assertion to a misstatement that could be material, either individually or when aggregated with other misstatements, assuming there are no related controls. Control risk is the risk that a client's system of internal controls will not prevent or detect a material misstatement. Detection risk is the risk that the auditor's testing procedures will not be effective in detecting a material misstatement. And auditors need to assess the combined inherent, control and detection risks to evaluate the risk of the material misstatements.

3) The information system, including the related business processes, relevant to financial reporting, and communication. The role of information systems is to capture and exchange the information needed to conduct, manage and control an entity's operations. Auditors will test the information system related to the financial reporting objectives as same as initiating and recording transactions, balance and events. 

4) Control activities

Policies and procedures that help ensure that management directives are carried out. An audit need to categorise activities such as performance reviews, information processing, physical controls, segregation of incompatible duties. Those activities are easier to be test by the auditors compare those entity-level control activities.

5) Monitoring of controls

After establishing and maintaining internal controls, an important responsibility of management is to monitor the controls to assess whether they are operating as intended and modified for changes in conditions on a timely basis.

An audit needs to collect evidence about the design and effectiveness of internal controls. Those considerations include periodic evaluation, person in charge, communication channel, management implements, correcting significant deficiencies, implements reports and recommendations from regulators, function of internal audit and evaluations or observations made by the external auditors (Moroney, Campell, & Hamilton, 2011).

b) One component of internal control is the entity's control environment. What factors should an auditor consider when evaluating the control environment?

The entity's control environment includes several elements such as, communication and enforcement of integrity and ethical values, commitment to competence, participation by those charged with governance, management's philosophy and operating style, organisational structure, assignment of authority and responsibility, human resource policies and practices.

Communication and enforcement of integrity and ethical are essential elements of the control environment. Auditors should test what are the ethical and behavioural standards of the organisation and how they are communicated and they are monitored and enforced in business activities.

Commitment to competence can be judged by auditors' professional knowledge whether the employee and managements qualified with their assigned jobs and received suitable supervision.

Auditors consider the board's independence from the managements, the experience of its members, the extent of its involvement and scrutiny of management's day to day activities, and its interactions with the internal and/or external auditors. Therefore that is the way the participation by those charged with governance to be valued.

Management's philosophy and operating style need to be obtained by the auditors to identify the factors that influence management's attitudes towards internal control.

For the organisational structure, auditors need to understand the structure and its policies and procedures in matter of its size and complexity. And alternatively auditors can review the structure of the organisation through company's information systems.

The auditor also needs to gain evidence to show how authority and responsibility for operating activities are assigned, and how reporting relationships and authorisation hierarchies are established.

The competence and integrity of an entity's employees are essential so the auditors need to evaluate the human resource policies and practices. (Moroney, Campell, & Hamilton, 2011)

c) What red flags were present during the 1995 through 1997 audits of CUC that may have suggested weaknesses in CUC's control environment?

Water Forbes and Kirk Shelton did not create a control environment. Four of CUC's directors were tied with Walter Forbes through other joint investments in start-up companies.

These requirements by the Securities and Exchange Commission to change their financial statements are also reflect CUC's bad control environment.

Question 3:

Management override of controls

a) Provide an example where management override occurred in the Cendant fraud.

Management override is the management not complying with the exiting internal control regulation to fraud the financial figures in the financial report. This is normally happened when the management has incentive and pressure to achieve business target.

In CUC, the management recognised the deferred revenue as revenue immediately. That is an example for the management of CUC override the internal control.     

b) What are the required auditor responses to further address the risk of management override of internal controls?

Although internal control over financial report is effective and well-designed, the management override still happened in many entities. Senior management might perpetrate financial statement.

It is difficult to identify the risk of management override fraud because management is in charge of the design, implementation and maintenance of internal controls. Actions need to be taken to address the risk of management override of controls. Maintaining scepticism is an attitude to know the fraud risk including management override existing in every entity. Auditors should strengthen understanding of the business to form the foundation of the business. Team of auditors can use brainstorming to identify the fraud risk. Auditors can use the code of conduct to assess financial reporting culture. And the governance should create a whistle-blower program and a broad information and feedback network.

These activities could not guarantee to prevent, deter or detect fraud through management override of internal controls. But as result these activities can help auditors to establish oversight of management. (Management Override of Internal Controls: The Achilles' Heel of Fraud Prevention, 2005)

Question 4:

Several misstatements were identified as a result of the fraud perpetrated by CUC management

a) For each misstatement identified, indicate one management assertion that was violated.

There are three misstatements identified in the CUC and they are irregular charges against merger reserves, false coding of services sold to customers and delayed recognition of membership cancellations and bank rejection of charges made to members' credit card accounts.

Irregular charges against merger reserves are artificially inflate earning by fictitiously recording revenues or reducing expenses and reducing the merger reserve in CUC. An audit can used the assertions used for transactions and events, including income statement items. The accuracy assertion is to test amounts and other data relating to recorded transactions and events have been recorded appropriately. In this case the expense and revenue for the merges should be recorded correctly.

False coding of services sold to customers is a classification fraud. Classification is that transactions and events have been recorded in the proper accounts. CUC put the revenue into a different account it can be recognised as income immediately instead of deferred income therefore the revenue is inflated.

Delayed recognition of membership cancellations and bank rejection of charges made to members' credit card accounts is a cut-off matter. Transactions and events have been recorded in the correct accounting period. This will increase the revenue in the accounting period. 

b) For each misstatement identified, indicate one audit procedure the auditor could have used to detect the misstatement.

When testing for accuracy, an auditor needs to search for evidence that transactions and event have been recorded at appropriate amounts. In the CUC case, the auditors should collect the contract and transaction record relates to the merge to calculate what the correct amount is should be included in the financial report.

When testing for classification, an auditor needs to make sure that transactions and events have been recorded in the proper accounts. The auditors working on the CUC case should test the accounts to identify whether or not all the transactions in the particular account belong to the correct account.

When testing for cut-off, an auditor searches for evidence that transactions have been recorded in the correct accounting period. The auditors working on the CUC case need to test all the possible transactions which had happened have been recorded in the correct accounting period. (Moroney, Campell, & Hamilton, 2011) 

Question 5:

Some of the members of CUC's financial management team were former auditors for Ernst&Young, LLP.

a) Why would a company want to hire a member of its external audit team?

A company may want to hire a member of an external audit team simply for expertise.  For instance, if an audit manager has worked on a particular engagement for several years, that manager may know more about the operations of the audited entity than anyone else they could hire.  In that instance, there may be no other motive. However, if a company consistently hires from the external audit team pool, one would have to wonder about the overall integrity of management and the audit team. (Moroney, Campell, & Hamilton, 2011)

b) If the client has hired former auditors, how might this affect the independence of the existing external auditors?

Hiring a member of an external audit team may not necessarily impair independence.  However, if there was an unreported attempt to hire an audit team member or an unreported attempt to be hired during the audit, independence is impaired.  Other independence issues may arise after the person is hired but must be considered on an individual basis.

Independence is the ability to act with integrity, objectivity and professional scepticism.

In CUC case, familiarity threat will be arise which refers to the threat that can occur when a close relationship exits or develops between the assurance firm and the client or between members of the assurance team and directors or employees of the client. The result can be that the assurance team become too sensitive to the needs of the client and lose their objectivity. (Moroney, Campell, & Hamilton, 2011)

References List

Auditing, Assurance and Ethics Handbook. (2010). Pearson Australia.

CUC International Inc. - Company Profile, Information, Business Description, History, Background Information on CUC International Inc. (n.d.). Retrieved 4 2, 2011, from Reference for Business: http://www.referenceforbusiness.com/history2/69/CUC-International-Inc.html

Kimmel, P. D., Carlon, S., Loftus, J., Mladenovic, R., Kieso, D. E., & Weygandt, J. J. (2006). Accounting Buidling Business Skills 2nd edition. Milton: John Wiley & Sons Australia, Ltd.

Management Override of Internal Controls: The Achilles' Heel of Fraud Prevention. (2005). Retrieved 4 3, 2011, from Aerican Institute of Certified Public Accountants: http://www.aicpa.org/ForThePublic/AuditCommitteeEffectiveness/AuditCommitteeBrief/DownloadableDocuments/management%20override%20achilles_heel.pdf

Moroney, R., Campell, F., & Hamilton, J. (2011). Auditing A Practical Approach. Milton: John Wiley & Sons Australia, Ltd.