This course will address the risk of fraud in all businesses, including not-for-profit organizations, as well as the increasing use of technology by CPA firms that has created the need for proactive and robust cybersecurity risk management practices. Fraud often goes undetected for years and, when uncovered, management and the board may question why the auditor did not identify it. The auditor’s responsibility in a financial statement audit is to assess risk and perform sufficient procedures to obtain reasonable assurance that the financial statements are free from material misstatement due to fraud or error. However, failure to perform an adequate fraud risk assessment and report deficiencies in internal control, such as lack of segregation of duties can leave a firm vulnerable. This course will discuss the audit procedures that should be performed in accordance AU-240 as recently amended, best practices in performing fraud risk assessment procedures, when and how to report control deficiencies noted in an audit, the most frequent types of fraud found in small to mid-size entities, along with internal controls that could be implemented to help prevent and detect them. Case studies will be used to support this content. The secondary portion of the course will explore the most common technology risks and trends that every CPA should know to better advise and serve clients. In addition, this course explores audit procedures that can be performed to address the risk in this area.
CPAs in public practice with accounting, financial reporting, or attest responsibilities.
- Understand the drivers of fraud risk in a financial statement audit, conduct procedures required by professional literature to assess the risk of fraud, and evaluate case examples for ways fraud can be detected and prevented
- Develop discussion points to review with management and those charged with governance, including current trends in information technology
- Identify the main types of fraud and information technology-related risks that occur in small to mid-size companies and develop internal controls to be responsive to those risks
- Describe the nonattest and attest service options available to assist clients with cybersecurity risk management
- Fraud landscape in the United States
- Fraud risk procedures as updated by recently issued standards
- Most likely fraud types found in small to mid-size entities
- Internal controls to prevent and detect fraud
- What to do when fraud or suspected fraud is identified
- Case studies based on recent frauds
- Importance of securing client data
- Recent SEC cybersecurity guidance
- Risks from the use of audit software
- Threats to independence resulting from hosting the client’s data
- How data analytics are being applied in audits
- Migrating data to a cloud-based environment
- The recent Cybersecurity Risk Management Framework
Course materials are distributed electronically. To access the materials visit My Events
. Download to your laptop or tablet prior to the seminar, handouts are added as received.