top of page
  • CCS

What are the Responsibilities of Auditors in relation to Fraud?

To start, it is not the responsibility of the auditor to either prevent or discover fraud within the entity that is being audited!

Management and those charged with governance are the ones responsible for this task.

However, this does not absolve the auditor of their responsibility to devise audit procedures based on their risk assessment of the possibility that the financial statements include a substantial misrepresentation due to fraud.

A particular auditing standard pertains to fraud, and it is known as ISA 240, which stands for The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements.

This standard stipulates that all auditors who perform audits under ISAs must apply it.

This ISA was created to outline the responsibilities that lie with the auditor regarding fraud matters.

Since most scams are intended to be disguised, and the perpetrators of fraud will frequently go to great lengths to ensure that they are not found, detecting fraud can be incredibly challenging simply because of the nature of fraud.

In recent years, fraud has become a serious concern within the field of accounting and auditing, particularly fraud surrounding well-publicised business disasters. Auditors have had some of the blame thrown at them for the problem.

Fraud is not an error, and ISA 240 clearly distinguishes between fraud and error.

Fraud is defined in ISA 240.11(a)) as:

… an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an un- just or illegal advantage.’

Error, on the other hand, is defined in ISA 240.11(b) as:

an unintentional misstatement in the financial statements including the omission of an amount or disclosure.’

Fraud may often be broken down into two categories:

  • "Management Fraud"; and

  • "Employee Fraud."

Management fraud involves the overriding of internal controls by management within the entity.

The actual amounts involved can be quite significant, and auditors should consider this fact carefully during the planning stage of the audit and during the detailed audit fieldwork.

Because ISA 240 contains an explicit requirement for the auditor to maintain an attitude of professional scepticism, the auditor can recognise the possibility that a material misstatement could result from fraud.

For the auditor to keep their professional scepticism, they must let go of any and all beliefs they may have regarding the honesty and integrity of management and those charged with governance.

The practice of workers taking advantage of gaps in the internal control environment to enrich themselves financially is referred to as employee fraud.

Amounts can vary and be at both ends of the spectrum (i.e. they could be very small or very substantial amounts).

Responsibilities of the Auditor

ISA 240 outlines the responsibilities of the auditor, and this ISA requires the auditor to consider fraud (and error) at the planning stage with the expectation that the financial statements may contain material misstatement as a result of fraud and/or error.

The auditor must remember that the financial statements may contain material misstatements resulting from fraud and/or error. The auditors are expected to:

  • Discuss fraud risk and incidence with management and those charged with governance;

  • Discuss with the engagement team how the financial statements could be wrong in a way that is important, either because of fraud or because of errors. Think about whether one or more signs of fraud are present;

  • Perform audit procedures to test the appropriateness of journal entries, test the risk of management override of internal controls, review accounting estimates and their appropriateness and understand the business rationale for transactions outside the normal course of business;

  • Obtain specific representations from management and those charged with governance, including its assessment of the risk of fraud, and

  • Consider the implications of the auditor's legal and regulatory obligations.


  • 与参与团队讨论财务报表如何可能因为欺诈或错误而出现重要的错误。思考是否存在一个或多个欺诈的迹象。

  • 执行审计程序,测试分录的适当性,测试管理层推翻内部控制的风险,审查会计估计及其适当性,并了解正常业务过程以外的交易的商业理由。

  • 从管理层和负责管理的人那里获得具体陈述,包括其对欺诈风险的评估,以及

  • 考虑审计师的法律和监管义务的影响。

Fraud issues must be discussed at the planning meeting for the audit team. This is a very important requirement.

This conversation must include the audit engagement partner, and it gives the engagement team's more experienced members a chance to share their ideas about how and where the financial statements may contain material misstatement because of fraud.

Usually, a discussion like this would be about:

  • How management could override the entity's internal controls, and how the financial statements could be misstated due to fraud.

  • How could the entity manipulate the financial statements for the purposes of "earnings management."

  • Whether there are incentives or pressures for management or others to commit fraud—for example, a breach of loan covenants.

  • How management and those charged with governance implement sufficient controls and oversee employees who have access to cash or other assets of the entity.

  • Whether management or other key employees have had an unusual change of lifestyle or demonstrate unexplained behaviour.

  • Ensuring that all members of the engagement team maintain a degree of professional scepticism throughout the audit engagement.

  • Whether there is any circumstances present that may give rise to a presence of fraudulent activity.

  • Discuss how unpredictable audit testing can be undertaken and the nature, timing and extent of that testing.

  • How audit procedures are selected to respond to the risk that the financial statements contain a material misstatement due to fraud.

  • Discussions concerning any allegations of fraudulent activity.


  • 管理层如何凌驾于实体的内部控制之上,以及财务报表如何因欺诈而被误报。

  • 该实体如何为 "收益管理 "的目的操纵财务报表。

  • 管理层或其他人是否有进行欺诈的动机或压力-- 例如,违反贷款契约的行为。

  • 管理层和负责管理的人如何实施足够的控制,并监督可以接触实体的现金或其他资产的员工。

  • 管理层或其他关键员工是否有不寻常的生活方式变化或表现出无法解释的行为。

  • 确保参与团队的所有成员在整个审计工作中保持一定程度的专业怀疑态度。

  • 是否存在任何可能导致存在欺诈活动的情况。

  • 讨论如何进行不可预测的审计测试以及该测试的性质、时间和范围。

  • 如何选择审计程序,以应对财务报表中因欺诈而出现重大错报的风险。

  • 讨论有关任何欺诈活动的指控。

Interaction between ISA 240 and ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment

By the provisions of ISA 315, the auditor must understand the entity and the environment in which it operates. In addition, the auditor must consider the possibility of the financial statements being material misstatements due to fraud.

When conducting their risk assessment, the auditor must ensure that they discuss with management and those charged with governance how they oversee management's internal controls and how these internal controls reduce the risk of fraud.

This discussion must take place before the auditor begins their risk assessment.

There is no absolute certainty (nor conclusive) in discussions with management and those charged with governance.

The simple fact that the auditor has discussed the risk of fraud with management and, where applicable, those charged with governance, who may confirm that no fraud has been committed during the year (or that they are not aware of any allegations of fraud), is not enough to reduce the risk of material misstatement due to fraud to an acceptable level.

In addition to this, the auditor is responsible for ensuring the following things: