The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
ISA 240 – Fraud definition
An intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.
ISA 240 – Fraud risk factors definition
Events or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity to commit fraud.
ISA 240 Scope
- ISA 240 deals with auditor’s responsibilities relating to fraud in an audit of financial statements.
- Identifying and assessing the risks of material misstatement due to fraud.
Effective Date on or after 15 December 2009
ISA 240 Objective
ISA 240 objectives are;
- To identify and assess the risks of material misstatement of the financial statements due to fraud.
- To obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses.
- To respond appropriately to fraud or suspected fraud identified during the audit.
ISA 240 Requirements
ISA 240 requirements are;
- The auditor shall maintain professional skepticism throughout the audit.
- Where responses to inquiries of management or those charged with governance are inconsistent, the auditor shall investigate the inconsistencies.
- Discuss among team members;
- How and where the entity’s financial statements may be susceptible to material misstatement due to fraud including how fraud might occur.
- Make inquiries of management about;
- Management assessment of risk of that the financial statements may be materially misstated due to fraud, including the nature, extent and frequency of such assessments.
- Management’s process for identifying and responding to the risks of fraud in the entity, including any specific risks of fraud that management has identified or that have been brought to its attention, or classes of transactions, account balances, or disclosures for which a risk of fraud is likely to exist.
- Management’s communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud in the entity.
- Management’s communication, if any, to employees regarding its views on business practices and ethical behavior.
- Management, internal audit and others within the entity as appropriate, to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity.
- Unless all of those charged with governance are involved in managing the entity, the auditor shall make inquiries of those charged with governance to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity. These inquiries are made in part to corroborate the responses to the inquiries of management.
- The auditor shall obtain an understanding of how those charged with governance exercise oversight of management’s processes for identifying and responding to the risks of fraud in the entity and the internal control that management has established to mitigate these risks.
- Auditor shall evaluate whether unusual or unexpected relationships that have been identified in performing analytical procedures, including those related to revenue accounts, may indicate risks of material misstatement due to fraud.
- The auditor shall evaluate whether the information obtained from the other risk assessment procedures and related activities performed indicates that one or more fraud risk factors are present.
- When identifying and assessing the risks of material misstatement due to fraud, the auditor shall, based on a presumption that there are risks of fraud in revenue recognition, evaluate which types of revenue, revenue transactions or assertions give rise to such risks.
- In determining overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level, the auditor shall;
- Assign and supervise personnel
- Evaluate whether the selection and application of accounting policies by the entity, particularly those related to subjective measurements and complex transactions, may be indicative of fraudulent financial reporting resulting from management’s effort to manage earnings
- Incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures.
- Auditor shall design and perform procedure that are responsive to assessed risk.
- Auditor shall perform following procedure due to risk of Management override of control;
- Test the appropriateness of journal entries, for end of period and throughout period and inquire about any unusual transaction.
- Review accounting estimates for biases by evaluation and retrospective review.
- For significant transaction outside the normal course of business, evaluate the business rationale.
Evaluation of Audit Evidence
- Evaluate the result of analytical procedure that are performed at the end of audit for consistency with assessed risk
- Evaluate identified misstatement weather material or not, if its indicative of fraud or not.
- If the auditor confirms that, or is unable to conclude whether, the financial statements are materially misstated as a result of fraud the auditor shall evaluate the implications for the audit
Auditor Unable to Continue the Engagement
- Determine the professional and legal responsibilities
- Determine its appropriate to withdraw or not
- If withdraw
- Discuss with the appropriate level of management and those charged with governance the auditor’s withdrawal from the engagement and the reasons for the withdrawal.
- Determine whether there is a professional or legal requirement to report to the person or persons who made the audit appointment or, in some cases, to regulatory authorities, the auditor’s withdrawal from the engagement and the reasons for the withdrawal.
Written Representations
The auditor shall obtain written representations from management and, where appropriate, those charged with governance that:
- They acknowledge their responsibility for the design, implementation and maintenance of internal control to prevent and detect fraud;
- They have disclosed to the auditor the results of management’s assessment of the risk that the financial statements may be materially misstated as a result of fraud
- They have disclosed to the auditor their knowledge of fraud, or suspected fraud, affecting the entity involving
- Management
- Employees who have significant roles in internal control
- Others where the fraud could have a material effect on the financial statements
- They have disclosed to the auditor their knowledge of any allegations of fraud, or suspected fraud, affecting the entity’s financial statements communicated by employees, former employees, analysts, regulators or others.
Communications to Management and with Those Charged with Governance
-
If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor shall communicate these matters on a timely basis to the appropriate level of management in order to inform those with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities
Consider the responsibility of reporting to regulatory and enforcement authorities.
Documentation
- Discussion among team and its significant decision
- The identified and assessed risks of material misstatement due to fraud at the financial statement level and at the assertion level
- Overall response to assessed risk
- Result of procedures for
- Communications with client
- Presumption that there is a risk of material misstatement due to fraud related to revenue recognition is not applicable in the circumstances of the engagement, the auditor shall include in the audit documentation the reasons for that conclusion.