The Auditor’s Responsibilities Relating to Fraud by Phyllis Willoughby
ISA 240 defines fraud as follows:
Fraud – An intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.
The risk of not detecting a material misstatement resulting from fraud may be higher than the risk of not detecting one resulting from error. This is where fraud may have involved sophisticated and carefully organized schemes designed to conceal it, such as forgery, deliberate failure to record transactions, or intentional misrepresentations being made by the auditor. Such attempts at concealment may be even more difficult to detect when accompanied by collusion. Collusion may cause the auditor to believe that audit evidence is persuasive when it is, in fact, false. The auditor’s ability to detect a fraud is affected by factors such as the skillfulness of the perpetrator, the frequency and extent of manipulation, the degree of collusion involved, the relative size of individual amounts manipulated, and the seniority of those individuals involved. While the auditor may be able to identify potential opportunities for fraud to be perpetrated, it may be difficult for the auditor to determine whether misstatements in judgment areas such as accounting estimates are caused by fraud or error.
- Greater focus on Professional skepticism
- Further Investigation
- Increased discussions with audit team
- Specialized skills
The auditor may consider it appropriate to use the specialist skills of a forensic accountant when investigating a misstatement due to fraud or suspected fraud.
- Documentation of information that is inconsistent
- Fraud risk factors
Fraud risk factors may relate to incentives, pressures or opportunities that arise from conditions that create susceptibility to misstatement before consideration of controls.
Extend fraud risk to requirements per ISA (Ireland) 550 (Related Parties)
- Inquiries of others within the entity
Examples include:
- Employees with different levels of authority
- Employees involved in initiating, processing or recording high volumes of payments and settlements and those who supervise or monitor such employees.
- Employees responsible for the maintenance of IT systems or monitoring system logs for unusual or unauthorized activity.
Discussions between the auditor and those charged with governance about the risks of fraud in the entity, including those specific to the entity’s business sector, assists the auditor in identifying and assessing the risks of material misstatement of the financial statements due to fraud. Business sector specific risks may arise from economic, industry and operating conditions that give risk to fraud risk factors for particular classes of transactions, account balances and disclosures.
- Document style different to others of the same type from the same source (for example changes to fonts and formatting).
- ‘Copy’ documents presented rather than originals.
- Electronic documents with a last edited date that is after the date they were represented as finalized.
Update audit working papers to incorporate the content within “What’s changed for auditors”.
Step 2
Document all meetings with management, those charged with governance and others within the entity.
Step 3
Create a checklist of examples of circumstances that indicate the possibility of fraud per Appendix 3 of ISA (Ireland) 240.
Step 4
Document discussions with the Engagement Team incorporating exchange of ideas about fraud risk factors.
Step 5
Determine whether the engagement team requires specialized skills or knowledge to perform risk assessment procedures.
Step 6
Perform audit procedures to test the appropriateness of manual or automated journal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements, including consolidation adjustments in the preparation of group financial statements. Make inquiries of individuals with different levels of responsibility. Select journal entries and other adjustments made at the end of a reporting period and post-closing entries.
Step 7
Consider the reliability of information to be used as audit evidence ensuring tampering of documents is not evident.
Step 8
Automated tools and techniques may enable more extensive testing of electronic transactions and account files.
Step 9
Appendix 2 of ISA (Ireland) 240 provides examples of possible audit procedures to address the assessed risks of material misstatement due to fraud.
Step 10
Obtain written representations from management that they acknowledge their responsibility for the design, implementation and maintenance of internal controls to prevent and detect fraud and that they believe they have appropriately fulfilled those responsibilities.
https://iaasa.ie/wp-content/uploads/2022/11/ISA-240_Oct_2022.pdf
Member Services
CPA Ireland