Auditing Principles” Enron: The Control Environment
Paragraph 65 of PCAOB Auditing Standard No. 12 provides that the auditor should assess the information gathered during the risk assessment to identify the existence of fraud risk factor (“Auditing Standard No. 12”, 2017). It further provides that fraud risk factors include the incentive or pressure to commit fraud, opportunity to conduct fraudulent activities and rationalization or justification of the fraud action. The existence of these factors does not imply an occurrence of fraud by an increased risk of fraud. Paragraph 66 indicates that the presence of any of the three factors indicates the existence of a fraud risk. Therefore, it is not a requirement that all the three conditions must exist.
Based on the information provided, the incentive or pressure to commit fraud was the most prevalent at Enron. Executives had the incentive to report high-revenue growth since the compensation was linked to the reported revenues. Enron’s performance review committee (PRC) assessed the performance of employees semi-annually. It determined the salary and benefits of employees based on their feedback reports. Employees’ performance was rated on a scale from 1 to 5. Those with ratings of between 1 and 3 earned large bonuses thereby creating the incentive to manipulate earnings to increase their compensation. Besides, employees that scored lower ratings were given one year to improve failure to which, they would be fired. This constituted the pressure to commit fraud to avoid being fired.
The incentive and pressure to commit fraud motivated the executives to fraudulently report earnings and hide certain liabilities from the balance sheet. In 2000, the company reported revenues of $100 billion but one year later, it filed for bankruptcy. The only explanation to this is that the $100 billion revenues reported in 2000 were non-existent. Paragraphs 67- 69 of Auditing Standard No. 12 provides that an auditor should consider the risk of omitted, incomplete and inaccurate disclosures as well as management override of controls (“Auditing Standard No. 12”, 2017).
Paragraph 25 of PCAOB Auditing Standard No. 5 underscores the importance to effective financial reporting. The COSO framework highlights the control environment as the foundation and the most essential of the five parts of the internal control. The control environment refers processes, standards, policies, and structures in an organization that provides the basis for conducting internal control in the organization. A weak control environment leads to weak internal control systems.
Components of the control environment include integrity and ethical value, the competence of employees, management style and philosophy, responsibility and authority and management direction. These factors influence the accuracy of financial reporting. For instance, an entity with competent staff in the accounting function will likely have accurate financial reporting than an entity where the accounting function is conducted by incompetent staff. Integrity and ethics in an entity, especially the senior management, influence the occurrence of fraudulent activities. For instance, Enron’s executives were not people of integrity and focused on fraudulent ways of enriching themselves at the detriment of shareholders of the company.
Paragraph 25 requires the auditor to assess the control environment (“Auditing Standard No. 5”, 2017). This involves determining whether the operation style and philosophy of the management improves the effectiveness of the internal control over financial reporting. The auditor should also assess whether the audit committee of the board is independent and oversees the financial reporting and internal control processes. The independence of the audit committee is critical for accurate financial reporting. It also emphasizes the need to assess the integrity and ethical values, especially of the top management. The commitment of the top management to integrity and social values influences the other employees and the entire control environment.
According to Paragraph 21 of PCAOB Auditing Standard No. 5, an auditor should use the top-down approach in the audit of controls over financial reporting (“Auditing Standard No. 5”, 2017). The approach starts at the financial statements level based on the understanding of the controls over financial reporting. The auditor then assesses the entity-level controls and works down to accounts, disclosures, and assertions. This helps the auditor to identify accounts with risks of material misstatements. This then guides the auditor is determining the appropriate tests.
Paragraph 22 states that the auditor should test the entity-level controls to determine whether the controls over financial reporting are effective (“Auditing Standard No. 5”, 2017). This will determine the amount of testing required for other controls. Entity-level controls include internal audit, risk assessment process, code of conduct, policies and procedures, oversight by the management, among others.
Understanding the control environment would help in implementing the top-down approach for an internal control audit. The control environment influences the control over financial reporting since it entails procedures, structures, and policies, among other essential elements of financial reporting. A deep understanding of the control environment will enable me to identify accounts that have a significant risk of material misstatement as well as the necessary tests required. Without an understanding of the control environment, it would not be possible to identify accounts that face a significant risk of material misstatement. For instance, some entity-level controls affect the likelihood that a material misstatement will not be prevented or detected. This influences the nature and timing of other controls the auditor will select for testing.
Section 204 of SARBOX provides that an auditor should provide a report to the audit committee of the client. The report should include all the accounting policies and practices used, written communications between the auditor and the management of the client as well as the alternative treatments of financial information within GAAPs and the treatments preferred by the auditor.
Section 301 SARBOX requires the formation of an independent audit committee to oversee financial reporting. The section further requires the SEC to prohibit the listing of any company that does not comply with the requirement to form an effective board with an independent audit committee. The committee should be composed of all independent non-executive directors.
Audit committees play an important role in corporate governance and financial reporting. The committee appoints and dismisses the auditor, determines the remuneration of the external auditor and determines the scope of the external audit. It also oversees the financial reporting process and ensures the establishment and operation of effective controls over financial reporting. Thus, the committee enhances the independence of the external auditor by limiting interference from the company’s executives. This avoids fraudulent financial reports by minimising possible collusion between the auditor and the executive. For instance, in this case of Enron, the company’s executives who were responsible for financial reporting, had the authority to appoint and determine the remuneration of the external auditor. The external auditor gave a clean audit report despite the fact that Jeff Skilling and other executives fraudulently excluded certain debts from the company’s liabilities. Therefore, Audit committees can be effective in providing management oversight and prevent fraudulent financial reporting as well as corporate and audit scandals.
Section 302 provides that the management of the client has the primary responsibility for financial reporting and the effectiveness of internal controls. It requires that the management prepare a statement certifying the appropriateness of the financial statements and that they present the true and fair view of the financial state of the client. The statement should also indicate that the management is responsible for financial reporting. This implies that should there be errors and material misstatements in the financial report, the management of the client will bear the primary responsibility. This statement is attached to the audit report.
Section 305 prescribes the penalties for violating SEC regulations on financial reporting. Where the directors issued financial statements with material misstatements, they may be required to restate the statements and to reimburse any bonuses received based on the materially misstated statements. The courts may grant any equitable reliefs to investors. The section further prohibits that the SEC is mandated to permanently, temporarily, conditionally or unconditionally prohibit any director or officer from serving as a director or officer in any publicly listed firm if the directors are found to have violated the SEC rules.
These provisions help deter fraud by the top management. This is because they are held responsible for fraud and material misstatements in the client’s financial statements. The penalties are grave hence they have a deterrence effect on management fraud. Although corporations are legally separate entities, the directors and other company executives are personally held responsible for fraudulent activities. Before the enactment of this law, there were several corporate scandals since there were specific guidelines on the responsibility of the management. However, penalties alone cannot prevent fraudulent activities by the top management. Thus, a company should institute an effective and independent board with the necessary committees. It should also have strong internal controls high standards of ethics and integrity to prevent management override of internal controls.
Auditing Standard No. 12. (2017). Pcaobus.org. Retrieved 12 October 2017
Auditing Standard No. 5. (2017). Pcaobus.org. Retrieved 12 October 2017