The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements

CAS 240

The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements

CAS 240

Objectives
  • The objectives of the auditor are:
    1. To identify and assess the risks of material misstatement of the F/S due to fraud
    2. To obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud; and
    3. To respond appropriately to fraud or suspected fraud identified during the audit
Definitions
  • Fraud = an intentional act involving deception to get an unjust or illegal advantage
  • Error = not intentional
  • Fraud risk factors =
    • factors that indicate an incentive or pressure to commit fraud; or
    • provide an opportunity to commit fraud
Requirements
Professional skepticism
  • The auditor needs to maintain professional skepticism throughout the audit (see CAS 200), recognizing the possibility of misstatements due to fraud could exists
  • Unless the auditor has reason to believe the contrary, the auditor may accept records and documents as genuine
    • If there is a reason to question the authenticity of documents; confirm directly with the third party or use the work of an expert to assess the document’s authenticity
  • If responses to questions asked to management/board are inconsistent; you need to investigate the inconsistencies
Discussion among the Engagement Team
  • Discuss how and where the F/S may be prone to material misstatement due to fraud, including how fraud might occur
  • Other things to consider and discuss with team
    • Fraud risk factors that create pressure/incentive to mgm’t to commit fraud
    • Management’s controls over assets susceptible to theft (i.e. cash)
    • Unusual behaviour/lifestyle change by management
The auditor should ask the following to management
  • Management’s assessment of the risk that the F/S may be materially misstated due to fraud; including the nature, extent and frequency of such assessments done by mgm’t
  • Management’s process for identifying and responding to the risks of fraud
  • Specific risks of fraud that management has identified or been brought to its attention
  • Management’s communication to the board on its processes for managing the risks of fraud
  • Management’s communication to employees regarding its views on ethical behavior
  • Whether management (and internal auditors, if any) have knowledge of any actual, suspected or alleged fraud affecting the entity
The auditor should ask the following to those charged with governance (BOD, audit committee)
  • How they oversee management’s processes for managing the risks of fraud and the internal control that management has established to mitigate risk of fraud
  • Whether they have knowledge of any actual, suspected or alleged fraud (you then corroborate this info with answer from management/internal auditors)
Evaluate fraud risk factors
  • See if there are any incentives or pressure to commit fraud
  • See if there is an opportunity to commit fraud
  • Examples of fraud risk factors:
    • Need to meet third party expectations (incentive/pressure)
    • Need to meet unrealistic profit targets for bonus (incentive)
    • A weak control env’t (opportunity)
Identifying and Assessing the Risks of Material Misstatement Due to Fraud
  • Assess the risks of material misstatement due to fraud at the F/S level and assertion level
  • Assume that there are risks of fraud in revenue recognition and evaluate which types of revenue, revenue transactions or assertions give rise to such risks
    • If the auditor concluded that this assumption is not applicable in the engagement, the auditor needs to document the reasons for that conclusion
Responses to the Assessed Risks of Material Misstatement Due to Fraud
  • Assign and supervise personnel taking account of the knowledge, skill and ability
  • Evaluate whether accounting policies may be indicative of fraudulent financial reporting
  • Incorporate an element of unpredictability in the nature, timing and extent of audit procedures (i.e. Perform procedures on an unannounced basis, substantive procedures on accounts usually not tested)
  • At the assertion level, design and perform further audit procedures whose nature, timing and extent are responsive to the assessed risks of material misstatement due to fraud
  • If management has the opportunity to commit fraud by overriding controls, it is a risk of material misstatement due to fraud and thus a significant risk and the following is done:
    • Test the appropriateness of journal entries/adjustments made to the F/S
    • Review accounting estimates for biases
    • Review if unusual (not normal) transactions are entered into to engage in fraud
Evaluation of Audit Evidence
  • Evaluate whether analytical procedure performed @ end of audit indicate a previously unrecognized risk of misstatement due to fraud
    • If indication exists, you need to consider the implication on other aspects of the audit, especially the reliability of management’s representations
  • If a misstatement is identified (material or not) and the auditor has reasons to believe that it may be due to fraud and that management is involved
    • The auditor must re-evaluate the risk of material misstatement due to fraud and the nature, timing, and extent of procedures
    • Consider also if collusion may have taken place by mgm’t, employees or third parties
Auditor Unable to Continue the Engagement
  • If due to misstatement from fraud or suspected fraud, the auditor faces a situation that brings into question the auditor’s ability to continue performing the audit; the auditor should
    • Determine professional and legal responsibilities
    • Consider withdrawing from the engagement (if allowed by law)
    • If the auditor withdraw
      • Discuss with management the withdrawal and the reasons for withdrawal
      • Determine if you have a legal/professional duty to report to the person who appointed the auditor
    • For example, if the auditor suspects fraud and possible management involvement, it will inherently increase the audit risk due to the untrustworthiness of management representations
Written Representations
  • obtain written representations from management and those charged with governance that:
    • They acknowledge their responsibility to design, implement and maintain internal control to prevent and detect fraud
    • They have disclosed to the auditor the results of management’s assessment of the risk that the F/S may be materially misstated as a result of fraud
    • They have disclosed to the auditor their knowledge of fraud, or suspected fraud
Communications to Management and with Those Charged with Governance
  • If the auditor has identified or suspects fraud (even minor fraud), the auditor needs to communicate this to the appropriate level of management on a timely basis
    • This is usually at least one level above the persons who appear to be involved with the suspected fraud
  • Inform the those charged with governance if identified/suspected fraud involving:
    • Management
    • Employees with significant roles in internal control; or
    • Others where fraud results in a material misstatement
Communications to Regulatory and Enforcement Authorities
  • The auditor has professional duty to maintain the confidentiality of client information; for this reason you may not be able to report identified or suspected fraud
  • But the auditor’s legal responsibilities may override the duty of confidentiality in some circumstances
  • Seek legal advice before going on with reporting a client

Spread the Word!

Scroll to Top
Scroll to Top