While performing tests of controls for the cash-in-vault account ($50,000 total as of the Balance Sheet date) of P-Town Hotel, you realize that – contrary to the company’s written controls description and your earlier walk through evidence – the Front-Desk manager has access via a vault key, can input transactions to the only set of records for cash-in-vault and even performs all the reconciliations between the cash in the vault and the records. Based on this newly discovered information, you decide to investigate further and discover that the Front-Desk manager has stolen cash and there is no money left in the vault. Because the P-Town Hotel has significant cash reserves, your materiality threshold for cash is $200,000.
I have an issue with this question. This narrative implies that the auditor performed follow-up work without proper authorization. It also does not state how the auditor “knows” there is fraud. Both of these imply ethical issues. Suggestion: Make this clearer by having the employee CONFESS the theft (I would avoid the “fraud” label).
Even though the fraud you’ve found is below your materiality threshold, do you need to take further steps? If so, what steps will you take? Does the fraud impact your audit opinion on ICFR effectiveness?