Chapter Overview

11.01 This chapter provides selected general auditing considerations on the application of generally accepted auditing standards (GAAS) during an investment company audit. The chapter begins with general audit planning considerations that focus on the audit risk assessment process and the design of audit procedures that respond to identified risks. Audit planning considerations are followed by other general considerations for audits of investment companies. After other general considerations are discussed, the chapter turns to focus on auditing procedures specific to the investment portfolio accounts of an investment company. A variety of relevant subtopics are discussed in this section, including: the custody of securities, tests of portfolio transactions (including transactions with affiliates), income from securities, testing net asset value per share, and testing the valuation of portfolio investments. The chapter concludes with three appendixes that provide detailed considerations pertaining to (a) the auditor’s responsibility for other information in documents containing audited financial statements, (b) reports on controls at outside service organizations, and (c) fraud risk assessment and audit responses.

11.02 Although this chapter is dedicated to general and investment portfolio auditing considerations, other chapters throughout this guide also contain auditing considerations directly related to those respective chapter topics. The following table may be helpful for readers interested in auditing considerations specific to the following topics.

11.03 AU-C section 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards,³ addresses the independent auditor’s overall responsibilities when conducting an audit of financial statements in accordance with GAAS. Specifically, it sets out the overall objectives of the independent auditor (the auditor) and explains the nature and scope of an audit designed to enable the auditor to meet those objectives. It also explains the scope, authority, and structure of GAAS and includes requirements establishing the general responsibilities of the auditor applicable in all audits, including the obligation to comply with GAAS.⁴

General Audit Planning Considerations

Other General Considerations for Audits of Investment Companies

11.17 AU-C section 501, Audit Evidence—Specific Considerations for Selected Items,⁹ addresses specific considerations by the auditor in obtaining sufficient appropriate audit evidence, in accordance with AU-C section 330; AU-C section 500, Audit Evidence; and other relevant AU-C sections, regarding, among other things, certain aspects of investments in securities and derivative instruments. AU-C section 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures, addresses the auditor’s responsibilities relating to accounting estimates, including fair value accounting estimates and related disclosures, in an audit of financial statements. Specifically, it expands on how AU-C sections 315 and 330 and other relevant AU-C sections are to be applied with regard to accounting estimates. It also includes requirements and guidance related to misstatements of individual accounting estimates and indicators of possible management bias. See paragraphs 11.60–.76 for further discussion on the guidance contained in AU-C section 540. The audit of an investment company’s investment accounts is a significant portion of the overall audit because of the relative significance of those accounts and the related income accounts. In auditing the investment accounts, the auditor could test various aspects of the investment company’s transactions with brokers, custodians, and pricing services. See the “Auditing Procedures for the Investment Portfolio Accounts” section of this chapter for more information.

11.18 Economic conditions in the jurisdictions in which funds invest may affect the auditor’s assessment of inherent risks for relevant assertions in investment companies’ financial statements. Factors that the auditor could evaluate include local rates of inflation, government stability, and local tax rules. An auditor could consider whether such indicators create, intensify, or mitigate inherent risk.

11.19 An auditor ordinarily does not have a sufficient basis for recognizing possible violations of security regulations or laws concerning compliance with investment restrictions because they relate more to the entity’s operating aspects than its financial and accounting aspects. Even when violations of such laws can have consequences material to the financial statements, the auditor may not become aware of the existence of these acts of noncompliance unless the auditor is informed by the client, or there is evidence of a governmental agency investigation or enforcement proceeding in the records, documents, or other information inspected in an audit of financial statements. When an auditor becomes aware of the possibility of noncompliance, he or she should refer to AU-C section 250, Consideration of Laws and Regulations in an Audit of Financial Statements.

11.20 The auditor may review such relevant investment company documents as the latest private placement memorandum, offering memorandum, prospectus, statement of additional information, certificate of incorporation, bylaws, and minutes of the board of directors’ or trustees’ and shareholders’ meetings to gain an understanding of the investment company’s investment restrictions and consider whether management has a program to prevent, deter, or detect noncompliance with the investment company’s investment restrictions. As part of that consideration, the auditor could also obtain the written compliance policies and procedures designed to prevent the violation of federal securities laws (the “compliance program”) and could meet with the designated chief compliance officer responsible for administering those policies and procedures (see paragraph 2.52 and paragraph C.34 in appendix C of this chapter). The auditor could also consider whether the compliance program has identified noncompliance with the stated investment restrictions and test the operation of the program to the extent considered necessary. An investment company’s failure to comply with its stated investment restrictions may be considered a possible act of noncompliance that may have an indirect effect on the financial statements of the fund. Auditors of registered investment companies may also be required, under certain circumstances, pursuant to the Private Securities Litigation Reform Act of 1995 (codified in section 10A[b]1 of the Securities Exchange Act of 1934) to make a report to the SEC relating to an illegal act that has a material effect on the financial statements.

11.21 In reading the board of directors’ or trustees’ minutes, the auditor should note such significant items as dividend declarations, capital changes, and amendments to and continuation of contracts and agreements with such entities as the adviser, distributor, transfer agent, custodian, and underwriter. The auditor should note changes in fee structures or expense limitations for reference in auditing expenses.

11.22 As part of the certification of financial statements required by the Sarbanes-Oxley Act of 2002, the principal executive officer and principal financial officer of an investment company filing financial statements on Form N-CSR are required to disclose to the investment company’s audit committee and independent auditors all significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting that are reasonably likely to adversely affect the investment company’s ability to record, process, summarize, and report financial information. Further, they are to disclose to the audit committee and auditors any fraud, regardless of whether it is material, that involves management or other employees who have a significant role in the investment company’s internal control over financial reporting.

11.23 AU-C section 230, Audit Documentation, addresses the auditor’s responsibility to prepare audit documentation for an audit of financial statements. The exhibit, “Audit Documentation Requirements in Other AU-C Sections” (see paragraph .A30 of AU-C section 230), lists other AU-C sections that contain specific documentation requirements and guidance. The specific documentation requirements of other AU-C sections do not limit the application of AU-C section 230. Law, regulation, or other standards may establish additional documentation requirements.

11.24 AU-C section 260, The Auditor’s Communication With Those Charged With Governance, addresses the auditor’s responsibility to communicate with those charged with governance in an audit of financial statements. Although AU-C section 260 applies regardless of an entity’s governance structure or size, particular considerations apply when all those charged with governance are involved in managing an entity. This section does not establish requirements regarding the auditor’s communication with an entity’s management or owners unless they are also charged with a governance role. See the exhibit “Requirements to Communicate With Those Charged With Governance in Other AU-C Sections” that lists requirements for the auditor to communicate with those charged with governance in other AU-C sections.

11.25

Considerations for Audits Performed in Accordance With PCAOB Standards

AS 1301, Communications with Audit Committees, establishes certain required communications between the auditor and the audit committee regarding the conduct of the audit. The standard also establishes requirements that the auditor obtain certain information from the audit committee relevant to the audit. The timing, form, and documentation of the established communications are also discussed in the standard. As it relates to the timing of communications between the auditor and the audit committee, paragraph .26 of AS 1301 states

All audit committee communications required by this standard should be made in a timely manner and prior to the issuance of the auditor’s report. The appropriate timing of a particular communication to the audit committee depends on factors such as the significance of the matters to be communicated and corrective or follow-up action needed, unless other timing requirements are specified by PCAOB rules or standards or the securities laws.

[Note: An auditor may communicate to only the audit committee chair if done in order to communicate matters in a timely manner during the audit. The auditor, however, should communicate such matters to the audit committee prior to the issuance of the auditor’s report.]

Footnote 43 of AS 1301 specifically expands on this requirement for registered investment companies:

Consistent with Rule 2-07 of SEC Regulation S-X, in the case of a registered investment company, audit committee communication should occur annually, and if the annual communication is not within 90 days prior to the filing of the auditor’s report, the auditor should provide an update in the 90-day period prior to the filing of the auditor’s report, of any changes to the previously reported information.

11.26 AU-C section 265, Communicating Internal Control Related Matters Identified in an Audit, addresses the auditor’s responsibility to appropriately communicate to those charged with governance and management deficiencies in internal control that the auditor has identified in an audit of financial statements.

Auditing Procedures for the Investment Portfolio Accounts

Appendix A—Auditor’s Responsibility for Other Information in Documents Containing Audited Financial Statements¹

Readers are encouraged to review the preface of this guide for the authoritative status of this appendix.

A.01 An entity may publish various documents that contain information in addition to audited financial statements (for example, annual reports and proxies). Other information in a document may be relevant to an audit performed by an independent auditor or the continuing propriety of the auditor’s report.

A.02 AU-C section 720, Other Information in Documents Containing Audited Financial Statements,² addresses the auditor’s responsibility with respect to other information in documents containing audited financial statements and the auditor’s report thereon. Paragraph .02 of AU-C section 720 explains that, among other matters, the phrase documents containing audited financial statements refers to annual reports (or similar documents) that are issued to owners (or similar stakeholders). Paragraph .01 of AU-C section 720 states that in the absence of any separate requirement in the particular circumstances of the engagement, the auditor’s opinion on the financial statements does not cover other information, and the auditor has no responsibility for determining whether such information is properly stated. AU-C section 720 requires the auditor to read the other information of which the auditor is aware because the credibility of the audited financial statements may be undermined by material inconsistencies between the audited financial statements and other information. If the auditor identifies a material inconsistency, the auditor should determine whether the audited financial statements or the other information needs to be revised in accordance with paragraph .09 of AU-C section 720. Paragraph .10 of AU-C section 720 states that if a material inconsistency identified prior to date of the auditor’s report that requires revision to the audited financial statements, and management refuses to make the revision, the auditor should modify the auditor’s opinion. If a material inconsistency identified prior to the report release date that requires revision of the other information and management refuses to make the revision, the auditor should communicate this matter to those charged with governance and: include in the auditor’s report an other-matter paragraph describing the material inconsistency in accordance with AU-C section 706, Emphasis-of-Matter Paragraphs and Other-Matter Paragraphs in the Independent Auditor’s Report; withhold the auditor’s report; or withdraw from the engagement (if possible under applicable law or regulation) in accordance with paragraph .12 of AU-C section 720.

A.03 Paragraph .A3 of AU-C section 720 explains that other information may comprise the following: a report by management or those charged with governance on operations, financial summaries or highlights, employment data, planned capital expenditures, financial ratios, names of officers and directors, and selected quarterly data. Paragraph .A4 of AU-C section 720 further explains that, for purposes of generally accepted auditing standards (GAAS), other information does not encompass, for example, the following: a press release or similar memorandum, information contained in analyst briefings, and information contained on the entity’s website.

A.04 Paragraph .03 of AU-C section 725, Supplementary Information in Relation to the Financial Statements as a Whole, states that the objective of the auditor, when engaged to report on supplementary information in relation to the financial statements as a whole, is to evaluate the presentation of the supplementary information in relation to the financial statements as a whole, and to report on whether the supplementary information is fairly stated, in all material respects, in relation to the financial statements as whole. Supplementary information (for purposes of GAAS) is defined as information presented outside the basic financial statements, excluding required supplementary information that is not considered necessary for the financial statements to be fairly presented in accordance with the applicable financial reporting framework. Such information may be presented in a document containing audited financial statements or separate from the financial statements. Paragraphs .A7–.A8 of AU-C section 725 explain that supplementary information includes additional details or explanations of items in or related to the basic financial statements, consolidating information, historical summaries of items extracted from the basic financial statements, statistical data, and other material, some of which may be from sources outside the accounting system or outside the entity. Supplementary information may be prepared in accordance with an applicable financial reporting framework, by regulatory or contractual requirements, in accordance with management’s criteria, or in accordance with other requirements. The auditor may report on such information using the guidance in paragraphs .09–.13 of AU-C section 725 and the related interpretative guidance in AU-C section 9725, Supplementary Information in Relation to the Financial Statements as a Whole: Auditing Interpretations of Section 725.

A.05

Considerations for Audits Performed in Accordance With PCAOB Standards

AS 2701, Auditing Supplemental Information Accompanying Audited Financial Statements,³ sets forth the auditor’s responsibilities when the auditor of the financial statements is engaged to perform audit procedures and report on supplemental information that accompanies financial statements audited pursuant to PCAOB standards. The objective of the auditor is to obtain sufficient appropriate audit evidence to express an opinion on whether the supplemental information is fairly stated, in all material respects, in relation to the financial statements as a whole. Supplemental information, for purposes of AS 2701, includes

•     supporting schedules that brokers and dealers are required to file pursuant to SEC Rule 17a-5;

•     supplemental information (a) required to be presented pursuant to the rules and regulations of a regulatory authority and (b) covered by an independent public accountant’s report on that information in relation to financial statements that are audited in accordance with PCAOB standards; or

•     information that is (a) ancillary to the audited financial statements, (b) derived from the company’s accounting books and records, and (c) covered by an independent public accountant’s report on that information in relation to the financial statements that are audited in accordance with PCAOB standards.

Paragraph .04 of AS 2701 includes auditor performance requirements to

•     obtain an understanding of the purpose of the supplemental information and the criteria management used to prepare the supplemental information, including relevant regulatory requirements;

•     obtain an understanding of the methods of preparing the supplemental information, evaluate the appropriateness of those methods, and determine whether those methods have changed from methods used in the prior period and, if the methods have changed, determine the reasons for and evaluate the appropriateness of such changes;

•     inquire of management about any significant assumptions or interpretations underlying the measurement or presentation of the supplemental information;

•     determine that the supplemental information reconciles to the underlying accounting and other records or to the financial statements, as applicable;

•     test the completeness and accuracy of the supplemental information, to the extent that it was not tested as part of the audit of the financial statements; and

•     evaluate whether the supplemental information, including its form and content, complies with relevant regulatory requirements or other applicable criteria, if any.

Practitioners should review and consider all of the auditor’s performance and reporting requirements contained in AS 2701.

11.102

Appendix B—Reports on Controls at Outside Service Organizations¹

Readers are encouraged to review the preface of this guide for the authoritative status of this appendix.

B.01 AU-C section 402, Audit Considerations Relating to an Entity Using a Service Organization,² addresses a user auditor’s responsibility for obtaining sufficient appropriate audit evidence in an audit of the financial statements of a user entity that uses one or more service organizations. AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, contains performance and reporting requirements and application guidance for a service auditor examining controls at organizations that provide services to user entities when those controls are likely to be relevant to user entities’ internal control over financial reporting (for example, bank trust departments, plan recordkeepers, and payroll processing service organizations). Reports issued under AT-C section 320 will herein after be referred to as SOC 1 reports.

B.02 Paragraph .03 of AU-C section 402 states that services provided by a service organization are relevant to the audit of a user entity’s financial statements when those services and the controls over them affect the user entity’s information system, including related business processes, relevant to financial reporting. Although most controls at the service organization are likely to relate to financial reporting, other controls also may be relevant to the audit, such as controls over the safeguarding of assets. A service organization’s services are part of the user entity’s information system, including related business processes, relevant to financial reporting if these services affect any of the following:

a.     The classes of transactions in the user entity’s operations that are significant to the user entity’s financial statements.

b.     The procedures within both IT and manual systems by which the user entity’s transactions are initiated, authorized, recorded, processed, corrected as necessary, transferred to the general ledger (or equivalent such as a trust statement), and reported in the financial statements.

c.     The related accounting records, supporting information, and specific accounts in the user entity’s financial statements that are used to initiate, authorize, record, process, and report the user entity’s transactions. This includes the correction of incorrect information and how information is transferred to the general ledger; the records may be in either manual or electronic form.

d.     How the user entity’s information system captures events and conditions, other than transactions, that are significant to the financial statements.

e.     The financial reporting process used to prepare the user entity’s financial statements, including significant accounting estimates and disclosures.

f.     Controls surrounding journal entries, including nonstandard journal entries used to record nonrecurring, unusual transactions, or adjustments.

B.03 If a fund uses a service organization, certain controls and records of the service organization may be relevant to the fund’s ability to records, process, summarize, and report financial data in a manner consistent with the assertions in the fund’s financial statements. Consistent with paragraph .07 of AU-C section 402, the objectives of the user auditor, when the user entity uses the services of a service organization, are to

a.     obtain an understanding of the nature and significance of the services provided by the service organizations and their effect on the user entity’s internal control relevant to the audit, sufficient to identify and assess the risks of material misstatement.

b.     design and perform audit procedures responsive to those risks.

B.04 Paragraph .A1 of AU-C section 402 states that information about the nature of the services provided by a service organization may be available from a wide variety of sources, such as user manuals; system overviews; technical manuals; the contract or service level agreement between the user entity and the service organization; reports by service organization, the internal audit function, or regulatory authorities on controls at the service organization; and reports by the service auditor, if available. When obtaining an understanding of the user entity in accordance with AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, paragraph .09 of AU-C section 402 states that the user auditor should obtain an understanding of how the user entity uses the service of a service organization in the user entity’s operations, including the following:

a.     The nature of the services provided by the service organization and the significance of those services to the user entity, including their effect on the user entity’s internal control

b.     The nature and materiality of the transactions processed or accounts or financial reporting processes affected by the service organization

c.     The degree of interaction between the activities of the service organization and those of the user entity

d.     The nature of the relationship between the user entity and the service organization, including the relevant contractual terms for the activities undertaken by the service organization

B.05 Nature of services provided by the service organization. As explained in paragraphs .A3–.A4 of AU-C section 402, a user entity may use a service organization, such as one that processes transactions and maintains the related accountability for the user entity or records transactions and processes related data. Examples of services provided by service organization that may be relevant to the audit include maintenance of the user entity’s accounting records; management of the user entity’s assets; and initiating, authorizing, recording, or processing transactions as an agent of the user entity.

B.06 Nature and materiality of transactions processed by the service organization. As explained in paragraph .A6 of AU-C section 402, a service organization may establish policies and procedures (controls) that affect the user entity’s internal control. These controls are at least in part physically and operationally separate from the user entity. The significance of the controls of the service organization to the user entity’s internal control depends on the nature of the services provided by the service organization, including the nature and materiality of the transactions it processes for the user entity. In certain circumstances, the transactions processed and the accounts affected by the service organization may not appear to be material to the user entity’s financial statements, but the nature of the transactions processed may be significant and the user auditor may determine that an understanding of controls over the processing of those transactions is necessary in the circumstances.

B.07 The degree of interaction between the activities of the service organization and the user entity. As explained in paragraph .A7 of AU-C section 402, the significance of the controls at the service organization to the user entity’s internal control also depends on the degree of interaction between the service organization’s activities and those of the user entity. The degree of interaction refers to the extent to which a user entity is able to and elects to implement effective controls over the processing performed by the service organization. For example, a high degree of interaction exists between the activities of the user entity and those at the service organization when the user entity authorizes transactions and the service organization processes and accounts for those transactions. In these circumstances, it may be practicable for the user entity to implement effective controls over those transactions. On the other hand, when the service organization initiates or initially records, processes, and accounts for the user entity’s transactions, a lower degree of interaction exists between the two organizations. In these circumstances, the user entity may be unable to, or may elect not to, implement effective controls over these transactions at the user entity and may rely on controls at the service organization.

B.08 In accordance with paragraphs .11–.12 of AU-C section 402, the user auditor should determine whether a sufficient understanding of the nature and significance of the services provided by the service organization and their effect on the user entity’s internal control relevant to the audit has been obtained to provide a basis for the identification and assessment of risks of material misstatement. If the user auditor is unable to obtain sufficient understanding from the user entity, the user auditor should obtain that understanding from one or more of the following procedures:

a.     Obtaining and reading a type 1 or type 2 SOC 1 report, if available

b.     Contacting the service organization, through the user entity, to obtain specific information

c.     Visiting the service organization and performing procedures that will provide the necessary information about the relevant controls at the service organization

d.     Using another auditor to perform procedures that will provide the necessary information about the relevant controls at the service organization

B.09 A type 1 SOC 1 report is a report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date. A type 2 SOC 1 report is a report that also includes (a) the service auditor’s opinion on the operating effectiveness of the controls and (b) a detailed description of the service auditor’s tests of the operating effectiveness of the controls and the results of those tests throughout a specified period.

B.10 Type 1 SOC 1 reports are designed to provide information about the flow of transactions within and controls over relevant applications at the service organization, and whether such controls were suitably designed and had been placed in operation. Such a report, either alone or in conjunction with controls at the user entity, does not provide any evidence of the operating effectiveness of the relevant controls.

B.11 Type 2 SOC 1 reports provide additional information about the nature, timing, extent, and results of the service auditor’s tests of specified controls at the service organization that may be useful if the user auditor intends to place reliance on controls at the service organization to reduce the extent of their substantive procedures. Although a type 2 SOC 1 report may provide a basis for assessing control risk below the maximum, it does not permit the auditor to assess the level of control risk so low to eliminate the need to perform substantive tests for the fund’s accounts and transactions.

B.12 Paragraphs .13–.14 of AU-C section 402 provide audit requirements on using a type 1 or type 2 SOC 1 report to support the user auditor’s understanding of the service organization.

B.13 Paragraph .21 of AU-C section 402 states that the user auditor should not refer to the work of a service auditor in the user auditor’s report containing an unmodified opinion. However, as stated in paragraph .A45 of AU-C section 402, when the user auditor expresses a modified opinion because of a modified opinion in a service auditor’s report, the user auditor is not precluded from referring to the service auditor’s report if such reference assists in explaining the reason for the user auditor’s modified opinion. In such circumstances, the user auditor need not identify the service auditor by name and may need the consent of the service auditor before making such a reference.³

11.103

Appendix C—Consideration of Fraud in a Financial Statement Audit

Readers are encouraged to review the preface of this guide for the authoritative status of this appendix.

C.01 AU-C section 240, Consideration of Fraud in a Financial Statement Audit),¹ addresses the auditor’s responsibilities relating to fraud in an audit of financial statements. Specifically, it expands on how AU-C sections 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, and 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained, are to be applied regarding risks of material misstatement due to fraud.

C.02 Paragraph .03 of AU-C section 240 states, although fraud is a broad legal concept, for the purposes of generally accepted auditing standards (GAAS), the auditor is primarily concerned with fraud that causes a material misstatement in the financial statements. The two types of intentional misstatements relevant to the auditor are misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets. Although the auditor may suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has actually occurred.

C.03 Paragraph .A1 of AU-C section 240 explains that fraud, whether fraudulent financial reporting or misappropriation of assets, involves incentive or pressure to commit fraud, a perceived opportunity to do so, and some rationalization of the act.

C.04 In accordance with AU-C section 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards, paragraph .12 of AU-C section 240 states that the auditor should maintain professional skepticism throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor’s past experience of the honesty and integrity of the entity’s management and those charged with governance.

C.05 Paragraphs .A9–.A10 of AU-C section 240 further explain that maintaining professional skepticism requires an ongoing questioning of whether the information and audit evidence obtained suggests that a material misstatement due to fraud may exist. It includes considering the reliability of the information to be used as audit evidence and the controls over its preparation and maintenance when relevant. Although the auditor cannot be expected to disregard past experience of the honesty and integrity of the entity’s management and those charged with governance, the auditor’s professional skepticism is particularly important in considering the risks of material misstatement due to fraud because there may have been changes in circumstances.

C.06 When responses to inquiries of management, those charged with governance, or others are inconsistent or otherwise unsatisfactory (for example, vague or implausible), paragraph .14 of AU-C section 240 requires the auditor to further investigate the inconsistencies or unsatisfactory responses.

C.07 AU-C section 315 requires a discussion among the key engagement team members, including the engagement partner, and a determination by the engagement partner of which matters are to be communicated to those team members not involved in the discussion. Paragraph .15 of AU-C section 240 states this discussion should include an exchange of ideas or brainstorming among the engagement team members about how and where the entity’s financial statements might be susceptible to material misstatement due to fraud, how management could perpetrate and conceal fraudulent financial reporting, and how assets of the entity could be misappropriated. The discussion should occur setting aside beliefs that the engagement team members may have that management and those charged with governance are honest and have integrity, and should, in particular, also address

a.     known external and internal factors affecting the entity that may create an incentive or pressure for management or others to commit fraud, provide the opportunity for fraud to be perpetrated, and indicate a culture or environment that enables management or others to rationalize committing fraud;

b.     the risk of management override of controls;

c.     consideration of circumstances that might be indicative of earnings management or manipulation of other financial measures and the practices that might be followed by management to manage earnings or other financial measures that could lead to fraudulent financial reporting;

d.     the importance of maintaining professional skepticism throughout the audit regarding the potential for material misstatement due to fraud; and

e.     how the auditor might respond to the susceptibility of the entity’s financial statements to material misstatement due to fraud.

Communication among the engagement team members about the risks of material misstatement due to fraud should continue throughout the audit, particularly upon discovery of new facts during the audit.

C.08 Exhibit 11-1, “Fraud Risk Factors,” which appears at the end of this appendix, contains a list of fraud risk factors that auditors may consider as part of their planning and audit procedures.

C.09

Considerations for Audits Performed in Accordance With PCAOB Standards

AS 2110, Identifying and Assessing Risks of Material Misstatement,² requires a discussion among the key engagement team members of specified matters regarding fraud, including how and where the company’s financial statements might be susceptible to material misstatement due to fraud, known fraud risk factors, the risk of management override of controls, and possible responses to fraud risks. Certain matters are also required to be emphasized to all engagement team members, including the need to maintain a questioning mind throughout the audit and to exercise professional skepticism in gathering and evaluating evidence, to be alert for information or other conditions that might affect the assessment of fraud risks, and actions to be taken if information or other conditions indicate that a material misstatement due to fraud might have occurred.

C.10 When performing risk assessment procedures and related activities to obtain an understanding of the entity and its environment, including the entity’s internal control, required by AU-C section 315, paragraph .16 of AU-C section 240 states that the auditor should perform the procedures in paragraphs .17–.24 of AU-C section 240 to obtain information for use in identifying the risk of material misstatement due to fraud. As part of this work, the auditor should perform the following procedures:

a.     Hold fraud discussions with management, others within the entity, and those charged with governance (unless all those charged with governance are involved in managing the entity). See specific inquiries the auditor should make in paragraphs .17–.19 and .21 of AU-C section 240.

b.     Obtain an understanding of how those charged with governance exercise oversight of management’s process for identifying and responding to the risks of fraud in the entity and the internal control that management has established to mitigate these risks, unless all those charged with governance are involved in managing the entity (see paragraphs .20 and .A21–.A23 of AU-C section 240).

c.     Evaluate whether unusual or unexpected relationships that have been identified (based on analytical procedures performed as part of risk assessment procedures) indicate risks of material misstatement due to fraud (see paragraphs .22, .A24–.A26, and .A46 of AU-C section 240).

d.     Consider whether other information obtained by the auditor indicates risks of material misstatement due to fraud (see paragraphs .23 and .A27 of AU-C section 240).

e.     Evaluate whether the information obtained from the risk assessment procedures and related activities performed indicates that one or more fraud risk factors are present (see paragraphs .24 and .A28–.A32 of AU-C section 240 and paragraphs C.13–.15 of this appendix).

C.11

Considerations for Audits Performed in Accordance With PCAOB Standards

AS 2110 requires the auditor to make specific inquiries of management and the audit committee, among other matters, regarding tips or complaints about the company’s financial reporting. The auditor is required to use his or her knowledge of the company and its environment, as well as information from other risk assessment procedures, to determine the nature of inquiries about risks of material misstatement. The auditor must take into account the fact that management is often in the best position to commit fraud when evaluating management’s responses to inquiries about fraud risks.

C.12 Based on analytical procedures performed as part of risk assessment procedures, paragraph .22 of AU-C section 240 states that the auditor should evaluate whether unusual or unexpected relationships that have been identified indicate risks of material misstatement due to fraud. To the extent not already included, the analytical procedures, and evaluation thereof, should include procedures relating to revenue accounts.³ For example, in the investment company industry, the following unusual or unexpected relationships may indicate a material misstatement due to fraud:

a.     Investment performance substantially higher (or lower) when compared with industry peers or other relevant benchmarks, which cannot be readily attributed to the performance of specific securities when prices are readily available in an active market. Particular considerations include the following:

i.     Significant gains (or losses) from securities held for extremely short periods of time

ii.     Significant gains (or losses) from instruments not typically acquired by the fund

b.     Unusually high levels of investment purchases and sales in relation to total fund net assets without apparent economic purpose.

c.     A net investment income ratio substantially higher than the industry peers or other relevant benchmarks, particularly in a fund marketed with the objective of making current income distributions.

d.     Expense ratios that change significantly from year to year with inadequate explanation.

e.     Expense ratios and transaction costs exceed industry norms.

f.     Significant differences between the prices at which securities are sold to third parties from the values reflected in the fund’s net asset value in the days prior to the sale.

g.     Unusually high volumes of gross fund share sales and redemptions in relation to total shares outstanding.

Evaluation of Fraud Risk Factors

C.13 The auditor may identify events or conditions that indicate an incentive or pressure to perpetrate fraud, provide an opportunity to commit fraud, or indicate attitudes or rationalizations to justify a fraudulent action. For purposes of GAAS, such events or conditions are defined as fraud risk factors. Although fraud risk factors may not necessarily indicate the existence of fraud, paragraph .24 of AU-C section 240 states that they have often been present in circumstances in which frauds have occurred and, therefore may indicate risks of material misstatement due to fraud.

C.14 Paragraph .A31 of AU-C section 240 states that the size, complexity, and ownership characteristics of the entity have a significant influence on the consideration of relevant fraud risk factors. Additional fraud risk factor considerations on large and smaller, less complex entities can be found in paragraphs .A31–.A32 of AU-C section 240.

C.15 Appendix A, “Examples of Fraud Risk Factors,” of AU-C section 240 identifies examples of fraud risk factors that may be faced by auditors in a broad range of situations. Exhibit 11-1 at the end of this appendix contains a list of fraud risk factors specific to the investment company industry. Remember that fraud risk factors are only one of several sources of information that an auditor considers when identifying and assessing risks of material misstatement due to fraud.

C.16 In accordance with AU-C section 315, paragraph .25 of AU-C section 240 states that the auditor should identify and assess the risks of material misstatement due to fraud at the financial statement level, and at the assertion level for classes of transactions, account balances, and disclosures.⁴ The auditor’s risk assessment should be ongoing throughout the audit, following the initial assessment.

C.17

Considerations for Audits Performed in Accordance With PCAOB Standards

Paragraph .59 of AS 2110 states that the auditor should identify the risks of material misstatement at the financial statement level and the assertion level, and describes the steps the auditor should take during the identification process. Among others, the identification of fraud risks is one of the identified steps in this process. The factors relevant to identifying fraud risks are discussed in paragraphs .65–.69 of AS 2110.

C.18 The fact that significant amounts of investments are valued by management, either judgmentally or through valuation models, presents a number of risks that the auditor should address. The following are illustrative risk factors related to the fair valuation of investments that the auditor could consider:

a.     Lack of approval or oversight, or both, of a fair valuation policy by the board of directors or trustees

b.     Lack of specificity in a fair valuation policy and procedures

c.     Lack of consistency in the application of valuation procedures

d.     Inordinate influence of portfolio management personnel over fair valuation decisions

e.     Fair valuation by management when market values appear to be reasonably available

f.     Lack of monitoring or follow up, or both, of fair valuation actions taken

g.     Lack of evidence for fair valuation decisions made

h.     Significant amounts of investments traded in “thin” markets, particularly through one market maker (either exclusively or primarily)

i.     For securities not traded in organized markets (in particular, private placements) a determination of whether a purchase of investments has occurred, requiring the initiation of valuation procedures, or whether a sale has occurred for recognition of realized gain or loss, or both

j.     Increases in the value of investments valued by management shortly after their acquisition without adequate explanation of the circumstances

C.19 In addition to fair valuation, risks are present in daily market valuation, as well. Risks that the auditor could consider include the following:

a.     Use of a pricing service with inadequate capabilities or controls

b.     Ability of portfolio management or other unauthorized individuals to override prices

c.     Lack of consideration or availability of secondary or comparative, or both, pricing sources

d.     Significant levels of pricing from brokers

e.     Manual entry or override of prices

C.20 Derivative instruments are another class of transactions characterized by high inherent risk. The auditor could consider the following risk factors associated with derivatives:

a.     Lack of a policy governing derivative investments, including a clear definition of derivatives

b.     Lack of oversight over the use of derivative investments, including an ongoing risk assessment of derivative instruments

c.     Lack of adequate procedures to value derivatives

d.     Lack of an awareness or understanding of derivative transactions on the part of senior management or the board of directors or trustees

C.21 Trading of investment securities also poses some risks that could include the following factors:

a.     Lack of segregation of duties between portfolio management and trading functions

b.     Lack of a developed and consistently applied and enforced trade allocation policy

c.     Trading through unapproved counterparties

d.     Lack of enforcement of a personal trading (code of ethics) policy

e.     Lack of monitoring of commission levels and volume of trading by a broker

C.22 The auditor could consider the following factors for transfer agency or capital stock activity, or both:

a.     High volume of cancel, rebook, or “as-of” activity

b.     Credible shareholder complaints

c.     Activity on dormant accounts

d.     Inadequate segregation of duties among mail processing, transaction processing, and reconciliation functions

e.     Inadequate segregation of duties within transaction processing, such as allowing processors to change an address or banking instructions and initiate a redemption

C.23 Other areas that the auditor could consider because they involve a high degree of management judgment and subjectivity and are susceptible to manipulation by management include the following:

a.     Income recognition on high-yield debt instruments when collectability is in question or on asset-backed securities requiring significant estimates regarding the timing of expected cash flows

b.     Major judgments made in determining that a regulated investment company (RIC) has qualified for “pass-through” status under IRC Subchapter M, which may include determining issuers for diversification status, major determinations of classification of revenue items as ordinary income or (long-term) realized gain, and satisfaction of the minimum distribution requirement

c.     Significant elements of incentive fee computations (including the computation of any benchmarks against which performance is to be measured)

Risks of Fraud in Revenue Recognition

C.24 Paragraph .26 of AU-C section 240 states that when identifying and assessing the risks of material misstatements due to fraud, the auditor should, based on a presumption that risks of fraud exist in revenue recognition, evaluate which types of revenue, revenue transactions, or assertions give rise to such risks. Paragraph .46 of AU-C section 240 specifies the documentation required when the auditor concludes that the presumption is not applicable in the circumstances of the engagement and, accordingly, has not identified revenue recognition as a risk of material misstatement due to fraud. (See paragraphs .A33–.A35 of AU-C section 240 for application guidance on revenue recognition fraud risks).⁵

C.25 The risks of material misstatement of an investment company’s financial statements due to improper revenue recognition will generally be considered inherently low. Valuations can be readily established for securities traded on active markets; interest on fixed-income securities can be readily computed as the product of coupon rate and par value, and dividend income can be readily determined through the use of widely-available reporting sources. The more that a particular fund departs from this model, the greater the risks of material misstatement due to fraud relating to revenue recognition. For example, as discussed previously, revenue recognition on certain asset-backed securities depends heavily on management’s estimation of future cash flows, and management must estimate the collectability of interest (including unamortized discount) on high-yield securities when the underlying issuer is experiencing financial difficulty.

C.26 Various risks exist to the extent that securities cannot be valued on the basis of prices determined in an active market. To the extent that management is estimating the value of portfolio investments, the risk of fraudulent misstatement from systematic bias ordinarily exists, even when using generally recognized models. If an investment is valued through a single market maker (often the counterparty that sold the investment to the investment company), there is a risk that collusion occurred between that market maker and management in establishing a valuation for the investment. In many cases, independent valuation services provide estimates of value for fixed-income securities based on observable market transactions and financial information (including security ratings) available publicly. In some cases, however, the independent valuation service estimates value for securities that are not traded in the market, and for which the investment company may be the predominant or sole holder of the securities, based predominantly or solely on information that is provided by the investment company. In these infrequent cases, there is a risk that the information provided by management to the independent valuation service is incomplete or otherwise biased. If the market for a security is “thin,” there is a risk that the investment company (or related investment companies) may be able to manipulate the quoted price by systematic purchases of the security in the market. An auditor would not ordinarily be expected to identify price manipulation but may be able to identify a “thin” market in which trades are typically sporadic, so that small changes in supply or demand can have a significant effect on quoted prices. Usually, such securities only have an extremely small “float” (that is, freely tradable amounts owned by the public).

C.27 The auditor could consider the following factors related to the recognition of interest and dividend revenues:

•     Cash receipts for interest or dividend payments are significantly different from accrued amounts.

•     Receivable balances include potentially uncollectible interest or dividends, such as significantly overdue amounts.

•     Interest or dividend accrual policies do not comply with U.S. generally accepted accounting principles or are not enforced.

•     Daily interest income is erratic, rather than reasonably consistent.

•     Procedures in place to identify dividends earned are lax.

•     Interest or dividends receivable may be written off without independent approval.

C.28 Factors that the auditor could consider with respect to revenue recognition for realized and unrealized gains include the following:

•     The stated policy for purchase lot selection on security sales is not followed.

•     Realized gains are not properly calculated on sales.

C.29 The auditor also should determine that an investment company does not record capital contributions from affiliates as revenues (see paragraphs 7.137–.143 of this guide for guidance on accounting for payments by affiliates and corrections of investment restriction violations).

Identifying and Assessing the Risks of Material Misstatement Due to Fraud and Understanding the Entity’s Related Controls

C.30 Paragraph .27 of AU-C section 240 states that the auditor should treat those assessed risks of material misstatement due to fraud as significant risks and, accordingly, to the extent not already done so, the auditor should obtain an understanding of the entity’s related controls, including control activities, relevant to such risks, such as the evaluation of whether such controls have been suitably designed and implemented to mitigate such fraud risks. (See paragraphs .A36–.A37 of AU-C section 240 for application guidance on identifying and assessing the risks of material misstatement due to fraud and understanding the entity’s related controls.)

C.31 Most investment advisers maintain extensive portfolio management controls, including the following:

•     Separation of portfolio management and trading functions

•     Attribution analysis, which is an explanation of portfolio performance against a stated benchmark, identifying industry or security exposures that caused the performance difference, to assist management in identifying abnormal items for their own follow up

•     Dispersion analysis, which is comparing the performance of similar portfolios managed by the same individual or group with an analysis of any outlying performance, to assist management in identifying abnormal items for their own follow up

•     Frequent reconciliation of cash and portfolio holdings to custodian records

•     Comparison of trade terms to broker confirmation prior to recording the transaction

•     Extra level of approval for nonstandard wire transfers

•     Monitoring of activity on dormant shareholder accounts

•     Review of nonstandard journal entries

C.32 Many investment companies also maintain extensive controls over the valuation of securities not traded on active markets, including the following:

•     Written valuation policies and procedures

•     Valuation committees comprising accounting, portfolio management, and administrative or legal personnel to assess valuation procedures and significant valuation estimates. Some registered investment companies place such committees under the oversight of the board of directors or trustees, or both, and occasionally, board members will participate in committee deliberations on significant matters

•     Tracking of actual sale prices against valuations as determined by management or market makers

•     Use of secondary pricing services for comparison with the primary source

•     “Stale price” and “large price change” reports to identify securities for which prices may not have been updated on a timely basis or that have experienced unusual or abnormal changes

•     Segregation of portfolio management from valuation functions

C.33 Examples of broader programs designed to prevent, deter, and detect fraud include the following:

•     Code of conduct regarding ethical behavior, compliance with which is typically documented

•     Code of ethics regarding personal trading, compliance with which is typically documented

•     Compliance programs

•     Periodic documentation of compliance of an investment company with its investment objectives and restrictions

•     Systems controls, such as security access

•     Channels available for employees to report any fraud concerns

C.34 The SEC requires both registered investment companies and registered investment advisers to adopt and implement written policies and procedures reasonably designed to prevent the violation of federal securities laws.⁶ Both funds and advisers are required to appoint chief compliance officers responsible for administering these policies and procedures and to review the policies and procedures annually for adequacy and effectiveness of implementation. Among other things, the designation of a chief compliance officer of a registered investment company is required to be approved by the investment company’s board of directors or trustees, and the chief compliance officer is to report directly to the board of directors or trustees and meet in an executive session with independent directors or trustees at least annually.

Overall Responses

C.35 In accordance with AU-C section 330, paragraphs .28–.29 of AU-C section 240 state that the auditor should determine overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level. Accordingly, the auditor should

a.     assign and supervise personnel, taking into account the knowledge, skill and ability of the individuals to be given significant engagement responsibilities and the auditor’s assessment of the risks of material misstatement due to fraud for the engagement;

b.     evaluate whether the selection and application of accounting policies by the entity, particularly those related to subjective measurements and complex transactions, may be indicative of fraudulent financial reporting resulting from management’s effort to manage earnings, or a bias that may create a material misstatement; and

c.     incorporate an element of unpredictability in the selection of the nature, timing, and extent of audit procedures.

See paragraphs .A38–.A42 of AU-C section 240 for additional application guidance on overall responses to the assessed risks of material misstatement due to fraud.

Audit Procedures Responsive to Assessed Risks of Material Misstatement Due to Fraud at the Assertion Level

C.36 In accordance with AU-C section 330, paragraph .30 of AU-C section 240 states that the auditor should design and perform further audit procedures whose nature, timing, and extent are responsive to the assessed risks of material misstatement due to fraud at the assertion level (see paragraphs .A43–.A46 for further application guidance).

C.37 Investment company audit procedures that may be considered include the following:

a.     Analytical procedures, such as comparing fund performance to benchmark indexes and net investment income ratios to yield indexes for comparable securities or investment funds

b.     Reading compliance summaries for individual funds and testing compliance determinations contained therein

c.     Comparisons of valuations of securities determined by management or a single market maker during the year with prices received on actual sales

d.     Attempting to obtain market quotations for certain securities from broker-dealers or recognized pricing sources other than the primary pricing source (however, this may not always be possible, and even when received, the quotations may be of lesser quality because the secondary source may not have the same access to information about the security as the primary source)

e.     Testing inputs to valuation models for reasonableness in relation to published data or financial information services

f.     Reviewing minutes of board valuation committee meetings and considering whether the minutes adequately support the valuations determined or the procedures used to reach them

g.     Testing management’s assumptions regarding the collectability of interest or projected cash flows for asset-backed securities by reference to issuer data available from public sources or financial information services

C.38

Considerations for Audits Performed in Accordance With PCAOB Standards

AS 2301, The Auditor’s Responses to the Risks of Material Misstatement, requires the auditor to design and implement audit responses that address the risks of material misstatement that are identified and assessed in accordance with AS 2110. These audit responses include those that have an overall effect on how the audit is conducted; and those involving the nature, timing, and extent of the audit procedures to be performed. The auditor is required to determine whether it is necessary to make pervasive changes to the nature, timing, or extent of audit procedures to adequately address the assessed risk of material misstatement.

Audit Procedures Responsive to Risks Related to Management Override of Controls

C.39 Even if the auditor does not identify specific risks of material misstatement due to fraud, paragraph .32 of AU-C section 240 states that a possibility exists that management override of controls could occur. Accordingly, the auditor should address the risk of management override of controls apart from any conclusions regarding the existence of more specifically identifiable risks by designing and performing audit procedures to

a.     test the appropriateness of journal entries recorded in the general ledger and other adjustments made in preparation of the financial statements, including entries posted directly to financial statement drafts;

b.     review accounting estimates for biases and evaluate whether the circumstances producing the bias, if any, represent a risk of material misstatement due to fraud; and

c.     evaluate, for significant transactions that are outside the normal course of business for the entity or that otherwise appear to be unusual given the auditor’s understanding of the entity and its environment and other information obtained during the audit, whether the business rationale (or lack thereof) of the transactions suggests that they may have been entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets.

Key Estimates

C.40 The financial statements of investment companies are typically less complicated than those of other entities and have relatively few estimates. Most key estimates relate to revenue recognition, including portfolio valuation, as well as interest recognition on high-yield and asset-backed securities, which are discussed in paragraphs C.24–.25 of this appendix. Material expense accruals (in particular, performance fees) and the effect of shareholder activity not yet fully processed by the transfer agent on shares outstanding ordinarily require significant estimation procedures.

C.41 Often, nonaccounting estimates are integral to measuring a portfolio’s compliance with its investment restrictions and characteristics (for example, the duration of a fixed-income portfolio often is a key characteristic, and estimates are required to measure the duration of asset-backed and other securities subject to prepayment). Although these nonaccounting measures typically are not explicitly tested in an audit of financial statements, the auditor could become aware of their existence and consider how management controls their use. However, the auditor is not responsible for assessing whether the fund is meeting its investment objectives, its investment strategies, or complying with its investment restrictions, laws, and regulations.

C.42 Paragraphs .34–.37 and .A56–.A62 of AU-C section 240 provide requirements and application guidance for evaluating audit evidence. The auditor should evaluate, at or near the end of the audit, whether the accumulated results of auditing procedures, including analytical procedures, that were performed as substantive tests or when forming an overall conclusion, affect the assessment of the risks of material misstatement due to fraud made earlier in the audit or indicate a previously unrecognized risk of material misstatement due to fraud.

Consideration of Identified Misstatements

C.43 If the auditor identifies a misstatement, the auditor should evaluate whether such a misstatement is indicative of fraud. If such an indication exists, the auditor should evaluate the implications of the misstatement with regard to other aspects of the audit, particularly the auditor’s evaluation of materiality, management and employee integrity, and the reliability of management representations, recognizing that an instance of fraud is unlikely to be an isolated occurrence. Furthermore, if the auditor identifies a misstatement, whether material or not, and the auditor has reason to believe that it is, or may be, the result of fraud and that management (in particular, senior management) is involved, the auditor should reevaluate the assessment of the risks of material misstatement due to fraud and its resulting effect on the nature, timing, and extent of audit procedures to respond to the assessed risks. The auditor should also consider whether circumstances or conditions indicate possible collusion involving employees, management, or third parties when reconsidering the reliability of evidence previously obtained.

C.44 If the auditor concludes that, or is unable to conclude whether, the financial statements are materially misstated as a result of fraud, the auditor should evaluate the implications for the audit. AU-C sections 450, Evaluation of Misstatements Identified During the Audit, and 700, Forming an Opinion and Reporting on Financial Statements, address the evaluation and disposition of misstatements and the effect on the auditor’s opinion in the auditor’s report.

C.45 Paragraph .38 of AU-C section 240 states that, if, as a result of identified fraud or suspected fraud, the auditor encounters circumstances that bring into question the auditor’s ability to continue performing the audit, the auditor should

a.     determine the professional and legal responsibilities applicable in the circumstances, including whether a requirement exists for the auditor to report to the person or persons who engaged the auditor or, in some cases, to regulatory authorities;

b.     consider whether it is appropriate to withdraw from the engagement, when withdrawal is possible under applicable law or regulation; and

c.     if the auditor withdraws

i.     discuss with the appropriate level of management and those charged with governance the auditor’s withdrawal from the engagement and the reasons for the withdrawal, and

ii.     determine whether a professional or legal requirement exists to report to the person or persons who engaged the auditor or, in some cases, to regulatory authorities, the auditor’s withdrawal from the engagement and the reasons for the withdrawal.

Given the nature of the circumstances and the need to consider the legal requirements, paragraph .A65 states that the auditor may consider it appropriate to seek legal advice when deciding whether to withdraw from an engagement and in determining an appropriate course of action, including the possibility of reporting to regulators or others.⁷ For additional application guidance, including examples of circumstances that may arise and bring into question the auditor’s ability to continue performing the audit, see paragraphs .A63–.A65 of AU-C section 240.

C.46

Considerations for Audits Performed in Accordance With PCAOB Standards

AS 2810, Evaluating Audit Results, requires the auditor to perform procedures to obtain additional audit evidence to determine whether fraud has occurred or is likely to have occurred, and, if so, its effect on the financial statements and the auditor’s report if the auditor believes that a misstatement is or might be intentional, and if the effect on the financial statement cannot be readily determined.

C.47 Paragraph .39 of AU-C section 240 addresses the auditor’s requirements regarding communications to management and with those charged with governance. If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor should communicate these matters on a timely basis to the appropriate level of management in order to inform those with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities. Paragraph .A67 of AU-C section 240 explains that this is true even if the matter might be considered inconsequential (for example, a minor defalcation by an employee at a low level in the entity’s organization). Paragraph .40 of AU-C section 240 states that unless all of those charged with governance are involved in managing the entity, if the auditor has identified or suspects fraud involving (a) management, (b) employees who have significant roles in internal control, or (c) others, when the fraud results in a material misstatement in the financial statements, the auditor should communicate these matters to those charged with governance on a timely basis. If the auditor suspects fraud involving management, the auditor should communicate these suspicions to those charged with governance and discuss with them the nature, timing, and extent of audit procedures necessary to complete the audit. In addition, paragraph .41 of AU-C section 240 states that the auditor should communicate with those charged with governance any other matters related to fraud that are, in the auditor’s professional judgment, relevant to their responsibilities. See paragraphs .A68–.A71 of AU-C section 240 for further application guidance concerning communications with those charged with governance.

C.48

Considerations for Audits Performed in Accordance With PCAOB Standards

AS 1301, Communications with Audit Committees, establishes certain required communications related to the communication of fraud. The requirements of the standard are substantially consistent with those established by the AICPA Auditing Standards Board (as discussed throughout this chapter). AS 1301 specifically discusses the following requirements associated with fraud procedures and communication of fraud-related matters:

•     Paragraph .08 of AS 1301 requires the auditor to inquire of the audit committee about whether it is aware of matters relevant to the audit, including, but not limited to, violations or possible violations of laws or regulations. In addition to this inquiry, paragraphs .05(f) and .54–.57 of AS 2110 describe the auditor’s inquiries of the audit committee, or equivalent (or its chair) regarding the audit committee’s knowledge of the risks of material misstatement, including fraud risks. These inquiries include, among other things, whether the audit committee is aware of tips or complaints regarding the company’s financial reporting.

•     Paragraph .13 of AS 1301 discusses various matters that the auditor should communicate to the audit committee, including the auditor’s understanding of the business purpose (of lack thereof) for significant unusual transactions. As discussed further in paragraph C.39c of this appendix, while gaining an understanding of the business rationale for such transactions, the auditor should assess the risk of management override of controls to achieve fraudulent financial reporting or to conceal misappropriation of assets.

•     Paragraph .24 of AS 1301 discusses the auditor’s requirements for communicating other matters to the audit committee. The standard refers to guidance in paragraphs .79–.81 of AS 2401, Consideration of Fraud in a Financial Statement Audit, for specific communication requirements relating to fraud. These paragraphs of AS 2401 are substantially consistent with paragraphs .39–.41 of AU-C section 240 and related application paragraphs .A67, .A69, and .A71 of AU-C section 240. See the previous paragraph of this appendix for discussion of paragraph .39 of AU-C section 240.

C.49 Paragraphs .43–.46 of AU-C section 240 address requirements to document certain matters related to the auditor’s consideration of fraud in a financial statement audit.

Two types of fraud are relevant to the auditor’s consideration, namely, fraudulent financial reporting and the misappropriation of assets. For each of these types of fraud, the risk factors are further classified based on the three conditions generally present when material misstatements due to fraud occur, which are incentives and pressures, opportunities, and attitudes and rationalizations. The following are examples of conditions that may indicate the presence of fraud in investment companies. Although the risk factors cover a broad range of situations, they are only examples; accordingly, the auditor may identify additional or different risk factors. The order of the examples of risk factors provided is not intended to reflect any relative importance or frequency of occurrence.

Paragraph .03 of AU-C section 240 states that the auditor is primarily concerned with fraud that causes a material misstatement in the financial statements. Some of the following factors and conditions are present in entities in which specific circumstances do not present a risk of material misstatement. Also, specific controls may exist that mitigate the risk of material misstatement due to fraud, even though risk factors or conditions are present. When identifying risk factors and other conditions, the auditors might assess whether those risk factors and conditions, individually and in combination, present a risk of material misstatement of the financial statements.

Part 1: Fraudulent Financial Reporting

A. Incentives and Pressures

1.     Financial stability or profitability is threatened by economic, industry, or entity operating conditions, such as (or as indicated by) the following:

a.     High degree of competition or market saturation, accompanied by declining margins

b.     High vulnerability to rapid changes, such as changes in technology, product obsolescence, or interest rates

c.     Significant declines in customer demand and increasing business failures in either the industry or overall economy

d.     Operating losses making the threat of bankruptcy, foreclosure, or hostile takeover imminent

e.     Recurring negative cash flows from operations or an inability to generate cash flows from operations while reporting earnings and earnings growth

f.     Rapid growth or unusual profitability especially compared to that of other companies in the same industry

g.     New accounting, statutory, or regulatory requirements

2.     Excessive pressure exists for management to meet the requirements or expectations of third parties due to the following:

a.     Profitability or trend level expectations of investment analysts, institutional investors, significant creditors, or other external parties (particularly expectations that are unduly aggressive or unrealistic), including expectations created by management in, for example, overly optimistic press releases or annual report messages

b.     Need to obtain additional debt or equity financing to stay competitive—including financing of major research and development or capital expenditures

c.     Marginal ability to meet exchange listing requirements or debt repayment or other debt covenant requirements

d.     Perceived or real adverse effects of reporting poor financial results on significant pending transactions, such as business combinations or contract awards

e.     A need to achieve financial targets required in bond covenants

f.     Pressure for management to meet the expectations of legislative or oversight bodies or to achieve political outcomes, or both

3.     Information available indicates that the personal financial situation of management or those charged with governance is threatened by the entity’s financial performance arising from the following:

a.     Significant financial interests in the entity

b.     Significant portions of their compensation (for example, bonuses, stock options, and earn-out arrangements) being contingent upon achieving aggressive targets for stock price, operating results, financial position, or cash flow⁸

c.     Personal guarantees of debts of the entity

4.     Management or operating personnel are under excessive pressure to meet financial targets established by those charged with governance, including sales or profitability incentive goals.

B. Opportunities

1.     The nature of the industry or the entity’s operations provides opportunities to engage in fraudulent financial reporting that can arise from the following:

a.     Significant related party transactions not in the ordinary course of business or with related entities not audited or audited by another firm, such as

i.     significant transactions with affiliates that are not approved by the board of directors or trustees, in accordance with Section 17 of the 1940 Act, and

ii.     transactions involving affiliates that are not readily apparent in the circumstances or are apparent but not properly disclosed.

b.     Significant investments for which readily available market quotes are not available and inadequate procedures have been performed for estimating these values

c.     Significant investments in derivative financial instruments for which value is very difficult to estimate

2.     Components of internal control may be deficient as a result of the following:

a.     Management’s failure to display and communicate an appropriate attitude regarding internal control and the financial reporting process

b.     Unusual and considerable influence of the portfolio manager over the pricing sources, fair valuation methodology, or inputs used to value securities

c.     Lack of board of directors’ or trustees’ involvement in the establishment of the fair valuation policies and procedures or lack of oversight over those policies and procedures

d.     Management’s ability to unilaterally override internal controls, particularly security valuations

e.     Lack of adviser’s supervisory or oversight procedures over its own employees or the subadviser, or both

f.     Inadequate controls around the calculation of the daily net asset value

g.     Reconciliation of security holdings with the custodian that is infrequent or incomplete

h.     Inadequate monitoring of the fund’s tax status as a RIC

i.     Inadequate monitoring of the fund’s compliance with its prospectus requirements

j.     Ineffective transfer agency controls or ineffective implementation of user controls

k.     Lack of an appropriate policy regarding corrections of net asset value errors or failure to comply with the policy

l.     Board of directors’ or trustees’ limited or lack of understanding of how portfolio management intends to implement the fund’s investment restrictions, thereby creating a situation in which management can aggressively interpret or disregard adopted policies

m.     Board of directors’ or trustees’ limited or lack of understanding of derivatives used by portfolio managers and involvement in approving or disapproving the use of specific strategies, such as embedded leverage, thereby creating a situation in which management can aggressively interpret or disregard adopted policies

n.     Incomplete or insufficient description of portfolio positions in accounting records to permit adequate monitoring of prospectus requirements

o.     Inadequate segregation of duties between operating (for example, portfolio management, fund distribution) and compliance monitoring functions

p.     Inadequate monitoring of compliance by subservicing agents and intermediaries with prospectus requirements regarding transactions in fund shares

C. Attitudes and Rationalizations

1.     Nonfinancial management’s excessive participation in, or preoccupation with, the selection of accounting principles or the determination of significant estimates, such as the following:

a.     An excessive focus on maintaining a high rate of dividend payments, regardless of the fund’s actual investment income

b.     A significant number of investments are valued by management, either judgmentally or through valuation models

2.     Known history of violations of securities laws or other laws or regulation, or claims against the entity, its senior management, or members of the board of directors or trustees alleging fraud or violations of laws and regulations, such as the following:

a.     Past suspensions of the ability to act as an investment adviser or a requirement that the adviser be supervised by others

b.     Significant deficiencies cited in inspection letters by the SEC or other regulatory bodies, with a heightened emphasis on deficiencies cited in prior inspections that management has not remedied

3.     The practice by management of committing to analysts, creditors, and other third parties to achieve aggressive or unrealistic forecasts, such as the following:

a.     Commitment to preserve principal or maintain a certain income or distribution yield

b.     Commitment to achieve a targeted level of assets under management by a specified date

c.     Commitment to achieve a targeted level of gross or net fund share sales during a defined period

4.     Adviser’s fee revenues (including performance incentives) directly related to either the value of fund assets or performance, if the adviser has substantial discretion in valuing portfolio investments, and changes in fee revenues may be significant to the adviser

5.     Undisclosed use of soft-dollar credits and other items (for example, to reduce a gross ratio below a cap, so the adviser does not have to reimburse the fund for excess expenses)

Part 2: Misappropriation of Assets

Risk factors that relate to misstatements arising from misappropriation of assets are also classified according to the three conditions generally present when fraud exists: incentives and pressures, opportunities, and attitudes and rationalization. Some of the risk factors related to misstatements arising from fraudulent financial reporting also may be present when misstatements arising from misappropriation of assets occur. For example, ineffective monitoring of management and other deficiencies in internal control that are not effective may be present when misstatements due to either fraudulent financial reporting or misappropriation of assets exist. The following are examples of risk factors related to misstatements arising from misappropriation of assets.

A. Incentives and Pressures

1.     Personal financial obligations may create pressure on management or employees with access to cash or other assets susceptible to theft to misappropriate those assets.

2.     Adverse relationships between the entity and employees with access to cash or other assets susceptible to theft may motivate those employees to misappropriate those assets. For example, adverse relationships may be created by the following:

a.     Known or anticipated future employee layoffs

b.     Recent or anticipated changes to employee compensation or benefit plans

c.     Promotions, compensation, or other rewards inconsistent with expectations

B. Opportunities

1.     Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation. For example, opportunities to misappropriate assets increase with the use of soft dollar arrangements for the benefit of the adviser without client consent (including the existence of undocumented or ill-defined arrangements).

2.     Inadequate internal control over assets may increase the susceptibility of misappropriation of those assets. For example, misappropriation of assets may occur because of the following:

a.     Access to funds and securities, and accounting for them is directly controlled by the adviser, with inadequate segregation of duties (or no direct communication between the custodian and accounting personnel)

b.     Lack of any periodic review of a transfer agency’s control design and operation by an independent auditor knowledgeable in the area (such as a SOC 1 report)

c.     Infrequent and incomplete reconciliation of security holdings with the custodian

d.     Lack of a clearly defined policy with respect to personal investing activities (for example, front-running fund trades or taking investment opportunities for personal use)

e.     Ineffective transfer agency controls or ineffective implementation of user controls in a service center environment, particularly inadequate controls over uncashed dividend or redemption check listings that are returned by the post office and other inactive shareholder accounts; and reconciliations of transfer agency bank accounts

f.     Lack of segregation of duties between portfolio management and trading or an absence of an independent review of trading executions (for example, unexpected concentrations of trading with counterparties, poor trade executions, or higher-than-normal commissions that may indicate the existence of collusion between portfolio personnel and counterparties)

C. Attitudes and Rationalizations

1.     Disregard for the need for monitoring or reducing risks related to misappropriations of assets

2.     Disregard for internal control over misappropriation of assets by overriding existing controls or by failing to take appropriate remedial action on known deficiencies in internal control

3.     Behavior indicating displeasure or dissatisfaction with the entity or its treatment of the employee

4.     Changes in behavior or lifestyle that may indicate assets have been misappropriated

5.     The belief by some government or other officials that their level of authority justifies a certain level of compensation and personal privileges

6.     Tolerance of petty theft