ASSESSING THE CONTROL

ENVIRONMENT AND EVALUATING RISK

OF FINANCIAL STATEMENT FRAUD

CEDANT CORPORATION

Submitted to:

Mr. Kristoffer Jayson C. Lazaro, CPA

Submitted by:

Laluon, Prince Ricky Lenard

Malijan, Joshua
Obias, Gianuel
Osuna, Jason
Suazo, Ralph Denver
BSA – 4

January 22, 2019

 CEDANT CORPORATION

1.
a) The auditor has a responsibility to plan and perform the audit to obtain reasonable
assurance about whether the financial statements are free of material misstatement,
whether caused by error or fraud. Because of the nature of audit evidence and the
characteristics of fraud, the auditor is able to obtain reasonable, but not absolute,
assurance that material misstatements are detected. The auditor has no responsibility
to plan and perform the audit to obtain reasonable assurance that misstatements,
whether caused by errors or fraud, that are not material to the financial statements
are detected.
b) Misstatements arising from fraudulent financial reporting and misstatements arising
from misappropriation of assets.
i. Misstatements arising from fraudulent financial reporting are intentional
misstatements or omissions of amounts or disclosures in financial statements
designed to deceive financial statement users where the effect causes the financial
statements not to be presented, in all material respects, in conformity with
generally accepted accounting principles.
ii. Misstatements arising from misappropriation of assets involve the theft of an
entity's assets where the effect of the theft causes the financial statements not to
be presented, in all material respects, in conformity with GAAP. Misappropriation
of assets can be accomplished in various ways, including embezzling receipts,
stealing assets, or causing an entity to pay for goods or services that have not been
received. Misappropriation of assets may be accompanied by false or misleading
records or documents, possibly created by circumventing controls. The scope of
this section includes only those misappropriations of assets for which the effect of
the misappropriation causes the financial statements not to be fairly presented, in
all material respects, in conformity with GAAP.
c) Risk factors are classified based on the three conditions generally present when fraud
exists: incentive/pressure to perpetrate fraud, an opportunity to carry out the fraud,
and attitude/rationalization to justify the fraudulent action.
d) Incentive/pressure:
i. The high expectations of management and investors: CUC’s management
allegedly inflated earnings by recording fictitious revenues and reducing expenses
to meet Wall Street analysts’ earnings expectations.
ii. Anne Pember, controller of CUC, who reported directly to Corigliano, directed
individuals to carry out some of the irregular activities.
e) Attitude/rationalization:
i. Many of the senior accounting and financial personnel participated in irregular
activities and personnel at many of the business units acquiesced in their practices
which they believed were questionable.

f) Opportunity:
 i. Senior management failed to have in place appropriate controls and procedures
that might have enabled them to detect the irregularities in the absence of actual
knowledge of those irregularities.

2. A
 Control Environment .The primary responsibility for the prevention and detection of
fraud and error rests with those charged with governance and the management of the entity. In
obtaining an understanding of the control environment, the auditor should consider the design
and implementation of entity programs and controls to address the risk of fraud.
 Risk Assessment. The auditor should obtain sufficient knowledge of the entity's risk
assessment process to understand how management considers risks relevant to financial
reporting objectives and decides about actions to address those risks.
 Control Activities. The auditor should obtain an understanding of those control activities
relevant to the audit. Control activities are the policies and procedures that help ensure that
management directives are carried out; for example, that necessary actions are taken to
address risks that threaten the achievement of the entity's objectives. Control activities,
whether automated or manual, have various objectives and are applied at various
organizational and functional levels.
 Information and Communication. The auditor should obtain an understanding of how IT
affects control activities that are relevant to planning the audit. Some entities and auditors may
view the IT control activities in terms of application controls and general controls. Application
controls apply to the processing of individual applications.
 Monitoring. The auditor should obtain an understanding of the major types of activities
that the entity uses to monitor internal control over financial reporting, including the sources of
the information related to those activities, and how those activities are used to initiate
corrective actions to its controls.

2.B
To understand and assess the control environment, auditors should consider the most
important control subcomponents:
 Integrity and Ethical Values They include management’s actions to remove or reduce
incentives and temptations that might prompt personnel to engage in dishonest, illegal,
or unethical acts. They also include the communication of entity values and behavioral
standards to personnel through policy statements, codes of conduct, and by example.
 Commitment to Competence Includes management’s consideration of the competence
levels for specific jobs and how those levels translate into requisite skills and knowledge.
 Board of Director or Audit Committee Participation An effective BOD is independent of
management, and its members stay involved in and scrutinize management’s activities.
The audit committee is charged with oversight responsibility for financial reporting.
PCAOB Standard 2 requires the auditor to evaluate the effectiveness of the audit
committee’s oversight of the company’s external financial reporting and internal control
over financial reporting.
 Management’s Philosophy and Operating Style Through its activities, management
provides clear signals to employees about the importance of internal control (does
 mgmt take significant risks, or is it risk averse? Are sales and earnings target unrealistic,
and are employees encouraged to take aggressive actions to meet those targets? Is
management “fat and bureaucratic,” “lean and mean,” or “just right?” Understanding
these and similar aspects of management’s philosophy and operating style gives the
auditor a sense of management’s attitude about internal control.
 Organizational Structure The definition of the existing lines of responsibility and
authority. By understanding the client’s organizational structure, the auditor can learn
the management and functional elements of the business and perceive how controls are
implemented.
 Human Resource Policies and Practices Because of the importance of competent,
trustworthy personnel in providing effective control, the methods by which persons are
hired, evaluated, trained, promoted, and compensated are an important part of internal
control.
C.
 During the late 80s and 90s, CUC was required to amend its financial statements filed
with the SEC several times for using aggressive accounting practices, such as capitalizing
marketing costs in place of using the standard practice of expensing them as incurred.
 Irregular charges against merger reserves (cookie jar?) In earlier acquisitions, CUC
would record a one-time expense and establish a reserve (liability) for restructuring
costs expected as a result of the merger. CUC would later use the reserve as a cushion
to offset future poor future performance.

3.
a. False coding of services sold to customers. CUC would falsely classify amounts received
from customers for deferred revenue recognition programs as amounts received from
customers for immediate revenue recognition programs. For example, CUC would
improperly record amounts received for the Shoppers Advantage program to amounts
received from the Creditline program (which allowed revenues to be recognized
immediately). this misclassification of purchased benefits allowed CUC to immediately
recognize revenues and profits instead of deferring them over the benefit period.

b.
 The nature of auditing procedures performed may need to be changed to obtain
evidence that is more reliable or to obtain additional corroborative information.
 The timing of substantive tests may need to be modified. The auditor might conclude
that substantive testing should be performed at or near the end of the reporting period
to best address an identified risk of material misstatement due to fraud.
 The extent of the procedures applied should reflect the assessment of the risks of
material misstatement due to fraud.
4. A
Misstatement Management Assertion Violated
Irregular charges against Management's acknowledgment of its responsibility for the fair
merger reserves presentation in the financial statements of financial position,
results of operations, and cash flows in conformity with generally
accepted accounting principles.
False coding of services Satisfactory title to assets, liens or encumbrances on assets, and
sold to customers assets pledged as collateral.
Delayed recognition of Compliance with aspects of contractual agreements that may
membership cancellations affect the financial statements.
and bank rejection charges
made to members’ credit
card accounts

4.B
Misstatement Management Assertion Violated
Irregular charges against During the course of the audit, the auditor may become aware of
merger reserves significant transactions that are outside the normal course of
business for the entity, or that otherwise appear to be unusual
given the auditor's understanding of the entity and its
environment. The auditor should gain an understanding of the
business rationale for such transactions and whether that
rationale suggests that the transactions may have been entered
into to engage in fraudulent financial reporting or conceal
misappropriation of assets.
False coding of services Confirming with customers certain relevant contract terms and
sold to customers the absence of side agreements, because the appropriate
accounting often is influenced by such terms or agreements.23
For example, acceptance criteria, delivery and payment terms,
the absence of future or continuing vendor obligations, the right
to return the product, guaranteed resale amounts, and
cancellation or refund provisions often are relevant in such
circumstances.
Delayed recognition of For those situations for which revenue transactions are
membership cancellations electronically initiated, authorized, processed, and recorded,
and bank rejection charges testing controls to determine whether they provide assurance
made to members’ credit that recorded revenue transactions occurred and are properly
card accounts recorded.
5.
a. They have an insight to the company's business and the industry. The external member
wouldn't have to be trained since it knows the business. The company has seen the type of
work the auditor can produce and have a good working relationship. The external auditor
would have knowledge of the audit, which would reduce any risk the company could have
in case of an illegal or inappropriate accountability in their financial.

b. There are concerns about threats to independence when clients hire firm personnel. For
example, did the individuals exercise appropriate audit skepticism prior to departure?
Would the departing auditor’s knowledge of the audit allow him or her to circumvent it as
a member of the client? Will the former auditor be able to exercise undue influence over
the audit team? Further, there have been instances where the former engagement partner
or manager joined the client in a high-level position and was alleged to have become
involved subsequently in a fraud scheme.