Sie sind auf Seite 1von 9

THE AUDITORS RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS ISA240

1.

Introduction

Scope:
Consider the risk of fraud in financial statements:

in planning and performing the audit

to reduce risk to acceptably low level


Characteristics of Fraud:
Error : Unintentional
Mistake in gathering or processing data
Incorrect accounting estimate
Mistake in the application of accounting principles
Fraud : Intentional
Fraud involves the use of deception to obtain an unjust or illegal advantage. Auditor is
concerned with fraud which results in misstatement in financial statements.
3 Areas:
Accounting records or supporting documentation
Events, transactions or other significant information
Accounting principles
Management fraud: involving one or more member of management
Employee fraud: involving only employees
Intentional misstatements: relevant for auditor are misstatements from:

financial reporting

misappropriation of assets
Fraudulent financial reporting often involves management override of controls that appear to
be operating effectively and it may be accomplished by the following:

Manipulation, falsification (including forgery), or alteration

Misrepresentation in, or intentional omission from, the financial statements of events,


transactions or other significant information

Intentional misapplication of accounting principles

Techniques may include:

fictitious journal entries

change in estimation

omitting, advancing or delaying recognition of events

concealing facts to be disclosed

engaging in complex transactions

altering records
Misappropriation of assets can be made in any of the following ways:

embezzling receipts

stealing physical assets or intellectual property

causing entity to pay for goods or services not to be received

using entitys assets for personal use


Fraud involves:

incentive or pressure to commit fraud (e.g. persons living beyond their means,
performance pressures)
Page 1 of 9

THE AUDITORS RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS ISA240

perceived opportunity (when internal controls can be overridden, an individual is in a


position of trust of has knowledge of weakness)
rationalization (good reason / explanation) of the act

Responsibility for the Prevention and Detection of Fraud


Primary responsibility for prevention and detection rests with both TCWG and with
management.
Strong emphasis on fraud prevention and deterrence may be placed through culture of
honesty and ethical behavior
Responsibilities of the Auditor
Risk of not detecting a fraud is higher than that of error because fraud may involve
sophisticated and carefully organized schemes to conceal it. Collusion may cause the auditor
to believe that evidence is persuasive when in fact it is false.
It is difficult to distinguish between fraud or error in case of misstatement in accounting
estimates.
Risk of non detection of management fraud is higher than employee fraud.
Subsequent discovery of financial material misstatement does not itself indicate a failure to
comply with ISAs.
Remain skeptic, consider the potential of management override, Recognize that procedures
effective for error may not be effective for fraud.
2.

Objectives

(a) To identify and assess the risks of material misstatement of the financial statements due to
fraud;
(b) To obtain sufficient appropriate audit evidence regarding the assessed risks of material
misstatement due to fraud, through designing and implementing appropriate responses; and
(c) To respond appropriately to fraud or suspected fraud identified during the audit.
Consider Risk Respond Design Procedures
3.
Definitions
Fraud An intentional act by one or more individuals among management, those charged
with governance, employees, or third parties, involving the use of deception to obtain an
unjust or illegal advantage.
4.

Requirements

4.1

Professional Skepticism:

Auditor should maintain an attitude of professional skepticism irrespective (although it can not
be disregarded fully) of auditors past experience about the honesty and integrity of
management and TCWG.
Authentication/Completeness of evidence Generally accept as genuine
Reason to believe of the contrary Investigate, further procedures
4.2

Discussion Among the Engagement Team:

Members of the team should discuss the susceptibility of the fraud. Discussion includes the
engagement partner who uses professional judgment, past experience and knowledge of
current developments.
Page 2 of 9

THE AUDITORS RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS ISA240

Ordinarily, discussion involves the key members. Engagement partner should consider which
matters are to be communicated to members of the members not involved in the discussion.

Opportunity to share insight

Enables consider responses and responsibilities

Permits planning of sharing results and dealing with fraud allegations

Discussion ordinarily includes:


1. exchange of ideas about how financial statements may be susceptible to fraud, how
management could perpetrate and conceal fraud
2. consideration of circumstances indicative of fraud
3. consideration of internal and external factors
4. consideration of managements involvement
5. consideration of unusual or unexplained changes in behavior or lifestyles
6. An emphasis on maintaining professional state of mind
7. consideration of type of circumstances
8. consideration of element of unpredictability in audit procedures
9. consideration of audit procedures in response to risks
10.consideration of allegations of fraud
11.consideration of risk of override of controls
After the initial discussion team members should continue to communicate and share
information obtained that may affect the assessment of fraud.
4.3

Risk Assessment Procedures and related activities:

To obtain an understanding of the entity and its environment including internal control, the
auditor performs risk assessment procedures. Following procedures are used to identify the
risk of fraud;
a)
management and others within the entity
b)
TCWG
c)
consider any unusual or unexpected relationships
d)
consider other information
e)
consider fraud risk factors
(a)

management and others within the entity:

When obtaining an understanding of the entity and its environment including internal control,
auditor should make inquiries of management regarding:

Managements assessment of the fraud risk

Managements process for identifying and responding to fraud risk including specific
risks that management has identified

Managements communication to TCWG regarding its process for identifying and


responding to the risks

Managements communication to employees regarding its views on business practices


and ethical behavior
Nature, extent and frequency of managements assessment are relevant to the auditors
understanding of control environment. Auditor inquires about process to respond to internal
and external allegations of fraud. For entities with multiple locations, auditor inquires about
particular operating locations with more risk of fraud.
Auditor should make inquiries of the following (within the entity) to determine whether they
have knowledge of any actual, suspected or alleged fraud:

Management

internal audit
Page 3 of 9

THE AUDITORS RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS ISA240

others within the entity (identified through professional judgment)

Discussion with internal audit personnel involves:

whether they have performed any procedures to identify fraud

whether management has made satisfactory response to the findings


Others within the entity may include:

operating personnel not involved in reporting

employees with different level of authority

employees dealing with complex transactions

in-house legal department

Chief ethics officer

persons charged with dealing with fraud


(b) Those Charged With Governance
Auditor should obtain an understanding of how TCWG exercise oversight of managements
process for identifying and responding to the risks of fraud and internal control that
management has established.
The auditor should make inquiries of those charged with governance to determine whether
they have knowledge of any actual, suspected or alleged fraud affecting the entity.
Understanding of may be obtained by:
attending meetings where such discussions take place
reading the minutes from such meetings
making inquiries
(c)

Unusual or unexpected relationship identified:

When performing analytical procedures the auditor should consider unusual or unexpected
relationships that may indicate risk of fraud, including those related to revenue accounts.
(d) Other information:
When obtaining an understanding, auditor should consider whether other information obtained
indicates risks of fraud. Other information may come from client acceptance and retention
process, experience gained on other engagements performed for the entity.
(e)
Evaluation of Fraud Risk Factors (FRF):
When obtaining an understanding of the entity and its environment, auditor should consider
whether information obtained indicates one or more FRF are present.
FRFs may not necessarily indicate the risk of fraud infact they have often been present in
circumstances where frauds have occurred.
These illustrative risk factors are classified based on the three conditions that are generally
present when fraud exists
An incentive or pressure to commit fraud;
A perceived opportunity to commit fraud; and
An ability to rationalize the fraudulent action.
FRFs can not be ranked in order of importance. Auditor exercises professional judgment in
determining whether a FRF is present and whether it is to be considered in assessing the risks
of material misstatement.
The size, complexity and ownership characteristics of the entity have a significant influence on
the consideration of relevant FRFs. For example, in case of a large entity, the auditor considers
factors that generally constrain improper conduct by the management such as effectiveness
of TCWG and internal audit, existence and enforcement of formal code of conduct.
Page 4 of 9

THE AUDITORS RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS ISA240

Please refer Appendix 1 for fraud risk factors


4.4
Identification and Assessment of the Risks of Material Misstatement Due to
Fraud:
When identifying and assessing the risks of material misstatement at the financial statement
level and at the assertion level, the auditor should identify and assess the risks of fraud.
Risks of Fraud in Revenue Recognition: Auditor ordinarily presumes that there are risks of
fraud in revenue recognition. If the auditor has not identified revenue recognition as a risk of
fraud, the auditor documents the reasons supporting the auditors conclusion.
Premature revenue recognition, recording fictitious revenues or shifting revenues to a later
period. Higher risk in listed entities, cash revenue entities.
It is important for the auditor to obtain an understanding of the controls that management has
designed and implement to prevent and detect fraud because in designing and implementing
such controls, management may make informed judgments on the nature and extent of the
controls it chooses to assume. Management may consciously choose to accept the risk by not
implementing a control.
4.5

Responses to the Risks of Material Misstatement Due to Fraud:

Auditor should determine overall response to address the assessed risks of fraud at the
financial statement level and perform further audit procedures whose nature, timing and
extent are responsive to the assessed risks at the assertion level. Auditors responds in the
following way:
response that has an overall effect
response to identified risks at assertion level
response to identified risks involving management override of controls
Response to address the assessed risks may affect the auditors professional skepticism in the
following ways:
Overall Response:
increased sensitivity in selection of nature, timing and extent of documentation to be
examined in support of material transaction
increased recognition of the need to corroborate management explanations or
representation concerning material matters
In determining overall response the auditor should:
consider the assignment and supervision of personnel (knowledge, skill and ability of the
personnel are considered. Even such as forensic and IT experts may assigned)
consider the accounting policies used by the entity (consider selection and application of
the policies particularly those related to subjective measurement and complex
transactions)
incorporate an element of unpredictability in the selection of the nature, timing and extent
of the audit procedures
Audit Procedures Responsive to Risks of Material Misstatement Due to Fraud at the
Assertion Level
Page 5 of 9

THE AUDITORS RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS ISA240

Such response may include changing the nature, timing and extent of audit procedures in the
following ways:
Nature of audit procedures may need to be changed to obtain evidence that is more
reliable and relevant or to obtain additional corroborative information. This may affect both
type and combination of the procedures.
Timing of substantive procedures may need to be modified
Extent of the procedures reflects the assessment of the risk of fraud (e.g. increasing
sample sizes or performing analytical procedures at a more detailed level.
(Examples of procedures in Appendix 2)
Audit Procedures Responsive to Management Override of Controls
To respond to risk of override of controls, the auditor should design and perform audit
procedures to:
Test the appropriateness of journal entries and other adjustments
Review accounting estimates for biases
Obtain an understanding of the business rationale of significant transactions that the
auditor becomes aware of that outside of the normal course of the business or otherwise
appear to be an unusual
a.
Journal Entries and Other Adjustments
In designing and performing audit procedures to test the appropriateness of journal entries
and other adjustments made, the auditor:

making inquiries of individuals involved in financial reporting process about inappropriate


or unusual activity relating to processing of journal entries and other adjustments
select journal entries at the end of the reporting period
Consider the need to test journal entries and other adjustments throughout the period.

For the purpose of identifying and selecting journal entries and other adjustments for testing
and determining the appropriate method of examining the underlying support, the auditor
considers the following:
The assessment of fraud the presence of FRF and other information obtained may assist
to identify specific class of journal entries and other adjustments
Controls that have been implemented over journal entries and other adjustments
effective controls may reduce the extent of substantive testing necessary

The entitys financial reporting process and nature of evidence that can be obtained
when IT is used in the financial reporting process, journal entries and other adjustments
may exist only in electronic form
The characteristics of fraudulent entries or other adjustments inappropriate journal
entries normally have following characteristics:
o made to unrelated, unusual or seldom used accounts
o made by individuals who typically do not made these entries
o recorded at the end of the period or post closing entries having little or no explanation
or description
o made either before or during the preparation of financial statements that do not have
account numbers
o containing round numbers or consistent ending numbers
The nature and complexity of the accounts inappropriate journal entries or adjustments
may be applied to the accounts that:
o contain complex or unusual transactions
o contain significant estimates or prior year adjustments
o have been prone to misstatements in the past
o have not been reconciled on a timely basis or contain un reconciled differences
Page 6 of 9

THE AUDITORS RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS ISA240

o contain inter company transactions


o are otherwise associated with an identified risk
Journal entries or adjustments outside the normal course of the business non standard
journal entries may not be subject to the same level of internal control

b.

Accounting Estimates

In reviewing accounting estimates for biases, the auditor:


considers whether differences between estimates best supported by audit evidence and
the estimates reported indicate a possible bias on the part of management
performs a retrospective review of management judgments and assumptions related to
significant estimates reported last year (also required by ISA 540)
If the auditor identifies possible bias, the auditor evaluates whether the circumstances
producing such a bias represent a risk of fraud.
c. Business Rationale for Significant Transactions
Auditor obtains an understanding of the business rationale of business rationale for significant
transactions that are outside the normal course of the business or that otherwise appear to be
unusual. In gaining such understanding the auditor considers the following:
whether the form of the transaction appears overly complex
whether there is adequate documentation
whether management has discussed the nature and accounting treatment with TCWG
whether management is placing more emphasis on need for particular treatment
whether the transaction that involve non-consolidated related parties have been approved
by TCWG
whether the transaction involves previously unidentified related parties that do not have
substance or financial strength to support transaction without assistance of the entity
4.6

Evaluation of Audit Evidence:

Based on the audit procedures performed and the audit evidence obtained, the auditor
evaluates whether the assessment of the risks at the assertion level remain appropriate.

Auditor should consider whether analytical procedures that are performed at or near
the end of the audit when forming an overall conclusion, indicate a previously
unrecognized risk due to fraud. Determining which particular trend or relationship
indicates the risk of fraud, requires professional judgment.

When the auditor identifies a misstatement, the auditor should consider whether
such may be indicative of fraud and if there is such an indication, the auditor should
consider implication to other aspects of the audit, particularly reliability of
managements representation.

Auditor can not assume that the instance of fraud is an isolated occurrence.

If the auditor believes that a misstatement is or may be the result of fraud, but the
effect of misstatement is not material, the auditor evaluates the implications,
especially those dealing with the organizational position of the individuals involved.

When the auditor confirms that, or is unable to conclude whether, the financial
statements are materially misstated as a result of fraud, the auditor should consider the
implications for the audit.

4.7

Auditor Unable to Continue to Engagement:

Page 7 of 9

THE AUDITORS RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS ISA240

If as a result of misstatement resulting from fraud, the auditors encounters exceptional


circumstances that bring into question the auditors ability to continue performing the audit
the auditor should:
consider the professional and legal responsibilities applicable whether there is a
requirement for auditor to report to persons who made the appointment or to regulatory
authorities.
consider the possibility of withdrawing
if the auditor withdraws:
o discuss with appropriate level of management and TCWG the reasons of withdrawal
o consider whether there is a professional or legal requirement to report to persons who
made the appointment or to regulatory authorities
Exceptional circumstances: management doesnt take action, risk of material and pervasive
fraud, significant concern about the competence or integrity.
Auditor may consider it appropriate to seek legal advice.
4.8

Written Representations:

Auditor should obtain written representation from management that:


they acknowledge their responsibility for the design and implementation of the internal
control
they have disclosed to auditor (as a result of assessment) that financial statements may be
materially misstated as a result of fraud
they have disclosed to the auditor its knowledge of fraud or suspected fraud affecting the
entity involving:
o management
o employees (having significant roles in internal control)
o others (where fraud could have material effect)
they have disclosed to auditor its knowledge of any allegations of fraud or suspected fraud
communicated by current or former employees, analysts, regulators or others.
4.9

Communication with Management and TCWG:

If the auditor has identified a fraud or has obtained information that indicates a fraud may
exist, the auditor should communicate these matters as soon as practicable to the appropriate
level of management. This is so even if the matter might be considered inconsequential (e.g.
minor defalcation by an employee at lower level).
The determination of which level of management to communicate is the appropriate one is a
matter of professional judgment and is affected by factors such as:
likelihood of collusion
nature and magnitude of suspected fraud
If the auditor has identified fraud involving:
management
employees (having significant roles in internal control)
others (where fraud could have material effect)
the auditor should communicate these matters to TCWG as soon as practicable. Such
communication may be made orally or in writing depending on the significance.
If the integrity or honesty of the management or TCWG is doubted, the auditor considers
seeking legal advice.

Page 8 of 9

THE AUDITORS RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS ISA240

The auditor should make TCWG and management aware, as soon as practicable, and at the
appropriate level of responsibility, of material weaknesses in the design or implementation of
internal control which may have come to the auditors attention.
Auditor should consider whether there are any other matters to be discussed with the TCWG.
(Controls over frauds, managements inadequate responses, control environment,
managements actions indicative of fraud, authorizations of unusual transactions)
4.10 Communication Regulatory and Enforcement Authorities:
Auditors professional duty to maintain confidentiality may preclude reporting fraud to a party
outside the client entity. The auditor considers obtaining legal advice to determine the
appropriate course of action.
4.11 Documentation:
Documentation of the auditors understanding and the assessment of the risks of fraud should
include:
significant decisions reached during the discussion among the team regarding
susceptibility of financial statements to fraud
identified and assessed risks of fraud at the financial statement level and at assertion level
Documentation of the auditors responses to the assessed risks of material misstatement
should include:

overall response to the assessed risks at financial statement level and the nature, timing
and extent of audit procedures, and the linkage of those procedures with the assessed risks
at the assertion level
Results of the audit procedures, including those designed to address the risk of
management override of controls
The auditor should document communication about fraud to management, TCWG, regulators
and others.
When the auditor has concluded that the presumption that there is a risk of fraud related to
revenue recognition is not applicable, the auditor should document the reasons for that
conclusion.

Page 9 of 9