What are the auditors responsibilities for detection of frauds and errors?

Overall, this standard seeks to add clarity and enhance the responsibility of the auditor to further bridge the expectation gap between the general public’s expectations of auditors and the actual obligations. It importantly highlights the role professional scepticism and effective challenge throughout the audit has on the ability to detect fraud.

As with the other recent changes to auditing standards this will no doubt increase the procedures performed by audit teams. 

What remains unchanged is that the responsibility for the detection and prevention of fraud remains firmly with those charged with governance and members of management. 

It is therefore key that audit committees continue to place a strong emphasis on fraud prevention and detection. 

The changes are scheduled to apply for accounting periods beginning on or after 15 December 2021, with early adoption permitted.

The standards require auditors to exercise professional skepticism in performing an audit engagement, which is described as:

1)    Having a questioning mind and a critical assessment of audit evidence, and

2)    Neither assume that management is dishonest nor assume management’s unquestioned honesty.

U.S. Generally Accepted Auditing Standards (GAAS) in AU-C Section 240 and International Audit Standards (ISAs), ISA 240, respectively, state that:

“Misstatement in the financial statements can raise from either fraud or error. The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional”.

“………the auditor is primarily concerned with fraud that causes material misstatement in the financial statements. Two types of intentional misstatements are relevant to the auditor – misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets…….”

“The primary responsibility for the prevention and detection of fraud rests with both those charged with     governance of the entity and management……..”

Responsibility of the Auditor                                                                        

An auditor conducting an audit in accordance with GAAS and ISAs is responsible for obtaining reasonable assurance that the financial statements are free from material misstatement whether caused by fraud or error. In the U.S.A., an auditor’s responsibility to the public and third-party financial statement users have been clearly ratified by the courts.

Why does it Matter?

The advent of third-party investors created the need for auditors. Before the Industrial Revolution businesses were owned by individuals and families, the scale of the businesses was small and generally there was no need to raise large amounts of capital. The Industrial Revolution increased the scale of business and large factories became possible creating the demand for large amounts of capital which was provided by investors and bankers. Thus, although clients pay our fees, it is the third-party user of the client’s financial statements who created the need for our services.

Who are the Third-Party Users?

1.     For profit entities

·      Lenders

·      Investment analysts

·      Shareholders

·      Trading Partners

·      Regulatory Agencies

·      Tax Authorities

·      Journalists

2.     For Government entities

·      Citizens

·      Lawmakers and Economic Planners

·      Journalists

·      International Standardization Agencies

Risk Assessment Procedures and Related Activities

When performing risk assessment procedures and related activities to obtain an understanding of the entity and its environment, including the entity’s internal control, the auditor should perform the following procedures to obtain information for use in identifying the risks of material misstatement due to fraud.

The auditor should make inquiries of management regarding:

a)    Management’s assessment of the risk that the financial statement may be materially misstated due to fraud, including the nature, extent and frequency of such assessment,

b)    Management’s process for identifying, responding to, and monitoring the risks of fraud in the entity, including any specific risks of fraud that management has identified or that have been brought to its attention, or classes of transactions, account balances, or disclosure for which a risk of fraud is likely to exist,

c)    Management’s communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud in the entity, and

d)    Management’s communication, if any, to employees regarding its views on business practices and ethical behavior.

Evaluation of Fraud Risk Factors

The standards state that the auditor should evaluate whether the information obtained from the risk assessment procedures and related activities as to whether one or more fraud risk factors are present.

Identification and Assessment of the Risks of Material Misstatement due to Fraud

The standards also state that the auditor should identify and assess the risks of material misstatement due to fraud at:

·      the financial statement level, and

·      the assertion level for classes of transactions, account balances and disclosures

When identifying and assessing the risks of material misstatement due to fraud, the auditor should, based on the assumption that fraud exists, for example, in revenue recognition, evaluate the types of revenue, revenue transactions or assertions that give rise to such risks.

The auditor should treat the assessed risks of material misstatement due to fraud as significant risks, and to the extent not already done so, should obtain an understanding of the entity’s related control activities relevant to such risks, including an evaluation of whether the controls have been properly designed and implemented to mitigate fraud risks. 

Reponses to the Assessed Risks of Material Misstatement Due to Fraud

The standard requires the auditor to determine, in his/her professional judgement, the overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level by:

·      Assigning and supervising personnel with knowledge, skill and ability required under the circumstances,

·      Evaluating whether the selection and application of accounting policies by the entity, particularly those related to complex transactions, are indicative of fraudulent financial reporting resulting from management’s effort to manage earnings, or a bias that may create material misstatement, and

·      Incorporating an element of unpredictability in the selection of the nature, timing and extent of audit procedures.

Audit Procedures Responsive to Risks Related to Management Override of Controls

It is well documented that effective internal controls reduce the risk of fraud. The presence of anti-fraud controls is notably correlated with significant decreases in the cost and duration of occupational fraud schemes.

Management is in a unique position to perpetrate fraud because of management’s ability to manipulate accounting records and prepare fraudulent financial statements by overriding controls that otherwise appear to be operating effectively, thus the auditor should design and perform audit procedures to:

a)    Test the appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements, including entries posted directly to financial statement drafts.

In designing and performing audit procedures for such test, the auditor should:

                i.         Obtain an understanding of the entity’s financial reporting process and controls over journal entries and other adjustments and the suitability of such controls,

              ii.         Make inquiries of individuals involved in the financial reporting process about inappropriate or unusual activity relating to the processing of journal entries and other adjustments,

            iii.         Consider fraud risk indicators, the nature and complexity of accounts, and entries processed outside the normal course of business,

             iv.         Select journal entries and other adjustments made at the end of a reporting period, and

              v.         Consider the need to test journal entries and other adjustments throughout the period.

b)    Review accounting estimates for biases and evaluate whether the circumstances producing the bias, if any, represent a risk of material misstatement due to fraud. In performing the review, the auditor should:

                i.         Evaluate whether the judgements and decisions made by management in making the accounting estimates included in the financial statements, even if they are individually reasonable, indicate a possible bias on the part of the entity’s management that may represent a risk of material misstatement due to fraud. If so, the auditor should reevaluate the accounting estimates taken as a whole, and

              ii.         Performa retrospective review of management judgements and assumptions related to significant accounting estimates reflected in the financial statements of the prior year. Estimates selected for review should include those that are based on highly sensitive assumptions or are otherwise significantly affected by judgements made by management.

c)    Evaluate for significant transactions that are outside the normal course of business.

Evaluation of Audit Evidence

The standards state that the auditor should evaluate the results of the auditing procedures, including analytical procedures, at or near the end of the audit, as to whether there is a risk of material misstatement due to fraud.

If the misstatement is indicative of fraud, the auditor should evaluate the implications of the misstatement with regards to other aspects of the audit, in particular, the determination of materiality, management and employee integrity, and the reliability of management representations.

In addition, if the auditor concludes here is a misstatement, whether material or not and he or she believes that senior management is involved, the auditor should reevaluate the assessment of the risks of material misstatement due to fraud and its resulting effect on the nature, timing, and extent of audit procedures in respond to the assessed risks. At this time the auditor should also consider whether the circumstances indicate possible collusion involving employees, management, or third parties when reconsidering the reliability of evidence previously obtained.

If the auditor concludes that, or is unable to conclude, that the financial statements are materially misstated as a result of fraud, the auditor should evaluate the implications for the audit.

The Auditor’s Communication with Management and those Charged with Governance

If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor should communicate those matters on a timely basis to the appropriate level of management, and if the auditor suspects fraud involving management he or she should communicate these suspicions to those charged with governance (the board of directors or city council).