AA Capital's Internal Control
I agree with you that it was appropriate for Ernst & Young to decide not to rely on AA Capital’s internal control during 2004. The E&Y took the required (Sarbanes-Oxley) precaution of conducting and audit of the internal control system over financial reporting which led to the discovery of the $1.92 million of cash transfer made to Orecchio; even though it did not stop the fraud. Auditors can choose not to rely on a client internal control after obtaining and understanding the client’s system and the auditors determine that there is material weakness over financial reporting. PCAOB AS No. 5 “An Audit of Internal Control over Financial Reporting That Is Integrated with an Audit of Financial Statements” states, “if one or more material weaknesses
exist, the company's internal control over financial reporting cannot be considered effective” (PCAOB)
I would like to also add some procedures required by the auditing standards that auditors can apply to relate-party transactions. In this case the related-party transactions are those “tax transfers” made to Orecchio. The AU-C Section 550.A22 states that when records or documents inspected indicate the existence of related party transactions that management has not previously disclosed to the auditor, the auditor should apply the some of the following procedures (AICPA, 2015):
- obtained confirmations from third party (in addition to bank and legal confirmations;
- examine entity income tax returns, contracts and agreements with key management or those charged with governance;
- examine records of the entity's investments and those of its benefit plans, specific invoices and correspondence from the entity's professional advisors. I believe obtaining confirmation regarding the “tax transfers” form the third party, which in this case will be the IRS, would have resulted in discovering that the transactions were fraudulent. That is if Orecchio will give permission to E&Y to contact the IRS.
exist, the company's internal control over financial reporting cannot be considered effective” (PCAOB)
I would like to also add some procedures required by the auditing standards that auditors can apply to relate-party transactions. In this case the related-party transactions are those “tax transfers” made to Orecchio. The AU-C Section 550.A22 states that when records or documents inspected indicate the existence of related party transactions that management has not previously disclosed to the auditor, the auditor should apply the some of the following procedures (AICPA, 2015):
- obtained confirmations from third party (in addition to bank and legal confirmations;
- examine entity income tax returns, contracts and agreements with key management or those charged with governance;
- examine records of the entity's investments and those of its benefit plans, specific invoices and correspondence from the entity's professional advisors. I believe obtaining confirmation regarding the “tax transfers” form the third party, which in this case will be the IRS, would have resulted in discovering that the transactions were fraudulent. That is if Orecchio will give permission to E&Y to contact the IRS.