top of page
  • Writer's pictureCCS

What are the Responsibilities of Auditors in relation to Fraud?

To start, it is not the responsibility of the auditor to either prevent or discover fraud within the entity that is being audited!

Management and those charged with governance are the ones responsible for this task.

However, this does not absolve the auditor of their responsibility to devise audit procedures based on their risk assessment of the possibility that the financial statements include a substantial misrepresentation due to fraud.

A particular auditing standard pertains to fraud, and it is known as ISA 240, which stands for The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements.

This standard stipulates that all auditors who perform audits under ISAs must apply it.

This ISA was created to outline the responsibilities that lie with the auditor regarding fraud matters.

Since most scams are intended to be disguised, and the perpetrators of fraud will frequently go to great lengths to ensure that they are not found, detecting fraud can be incredibly challenging simply because of the nature of fraud.

In recent years, fraud has become a serious concern within the field of accounting and auditing, particularly fraud surrounding well-publicised business disasters. Auditors have had some of the blame thrown at them for the problem.

Fraud is not an error, and ISA 240 clearly distinguishes between fraud and error.

Fraud is defined in ISA 240.11(a)) as:

… an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an un- just or illegal advantage.’

Error, on the other hand, is defined in ISA 240.11(b) as:

an unintentional misstatement in the financial statements including the omission of an amount or disclosure.’

Fraud may often be broken down into two categories:

  • "Management Fraud"; and

  • "Employee Fraud."

Management fraud involves the overriding of internal controls by management within the entity.

The actual amounts involved can be quite significant, and auditors should consider this fact carefully during the planning stage of the audit and during the detailed audit fieldwork.

Because ISA 240 contains an explicit requirement for the auditor to maintain an attitude of professional scepticism, the auditor can recognise the possibility that a material misstatement could result from fraud.

For the auditor to keep their professional scepticism, they must let go of any and all beliefs they may have regarding the honesty and integrity of management and those charged with governance.

The practice of workers taking advantage of gaps in the internal control environment to enrich themselves financially is referred to as employee fraud.

Amounts can vary and be at both ends of the spectrum (i.e. they could be very small or very substantial amounts).

Responsibilities of the Auditor

ISA 240 outlines the responsibilities of the auditor, and this ISA requires the auditor to consider fraud (and error) at the planning stage with the expectation that the financial statements may contain material misstatement as a result of fraud and/or error.

The auditor must remember that the financial statements may contain material misstatements resulting from fraud and/or error. The auditors are expected to:

  • Discuss fraud risk and incidence with management and those charged with governance;

  • Discuss with the engagement team how the financial statements could be wrong in a way that is important, either because of fraud or because of errors. Think about whether one or more signs of fraud are present;

  • Perform audit procedures to test the appropriateness of journal entries, test the risk of management override of internal controls, review accounting estimates and their appropriateness and understand the business rationale for transactions outside the normal course of business;

  • Obtain specific representations from management and those charged with governance, including its assessment of the risk of fraud, and

  • Consider the implications of the auditor's legal and regulatory obligations.


  • 与参与团队讨论财务报表如何可能因为欺诈或错误而出现重要的错误。思考是否存在一个或多个欺诈的迹象。

  • 执行审计程序,测试分录的适当性,测试管理层推翻内部控制的风险,审查会计估计及其适当性,并了解正常业务过程以外的交易的商业理由。

  • 从管理层和负责管理的人那里获得具体陈述,包括其对欺诈风险的评估,以及

  • 考虑审计师的法律和监管义务的影响。

Fraud issues must be discussed at the planning meeting for the audit team. This is a very important requirement.

This conversation must include the audit engagement partner, and it gives the engagement team's more experienced members a chance to share their ideas about how and where the financial statements may contain material misstatement because of fraud.

Usually, a discussion like this would be about:

  • How management could override the entity's internal controls, and how the financial statements could be misstated due to fraud.

  • How could the entity manipulate the financial statements for the purposes of "earnings management."

  • Whether there are incentives or pressures for management or others to commit fraud—for example, a breach of loan covenants.

  • How management and those charged with governance implement sufficient controls and oversee employees who have access to cash or other assets of the entity.

  • Whether management or other key employees have had an unusual change of lifestyle or demonstrate unexplained behaviour.

  • Ensuring that all members of the engagement team maintain a degree of professional scepticism throughout the audit engagement.

  • Whether there is any circumstances present that may give rise to a presence of fraudulent activity.

  • Discuss how unpredictable audit testing can be undertaken and the nature, timing and extent of that testing.

  • How audit procedures are selected to respond to the risk that the financial statements contain a material misstatement due to fraud.

  • Discussions concerning any allegations of fraudulent activity.


  • 管理层如何凌驾于实体的内部控制之上,以及财务报表如何因欺诈而被误报。

  • 该实体如何为 "收益管理 "的目的操纵财务报表。

  • 管理层或其他人是否有进行欺诈的动机或压力-- 例如,违反贷款契约的行为。

  • 管理层和负责管理的人如何实施足够的控制,并监督可以接触实体的现金或其他资产的员工。

  • 管理层或其他关键员工是否有不寻常的生活方式变化或表现出无法解释的行为。

  • 确保参与团队的所有成员在整个审计工作中保持一定程度的专业怀疑态度。

  • 是否存在任何可能导致存在欺诈活动的情况。

  • 讨论如何进行不可预测的审计测试以及该测试的性质、时间和范围。

  • 如何选择审计程序,以应对财务报表中因欺诈而出现重大错报的风险。

  • 讨论有关任何欺诈活动的指控。

Interaction between ISA 240 and ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment

By the provisions of ISA 315, the auditor must understand the entity and the environment in which it operates. In addition, the auditor must consider the possibility of the financial statements being material misstatements due to fraud.

When conducting their risk assessment, the auditor must ensure that they discuss with management and those charged with governance how they oversee management's internal controls and how these internal controls reduce the risk of fraud.

This discussion must take place before the auditor begins their risk assessment.

There is no absolute certainty (nor conclusive) in discussions with management and those charged with governance.

The simple fact that the auditor has discussed the risk of fraud with management and, where applicable, those charged with governance, who may confirm that no fraud has been committed during the year (or that they are not aware of any allegations of fraud), is not enough to reduce the risk of material misstatement due to fraud to an acceptable level.

In addition to this, the auditor is responsible for ensuring the following things:

  • Consider whether one or more fraud risk factors are present.

  • Perform analytical procedures to identify whether any unusual or unexpected trends have occurred in the financial statements.

  • Refer to other information that has come to light which may indicate whether the financial statements contain a material misstatement due to fraud.

Fraudulent Financial Reporting

Fraudulent financial reporting is the act of management and those charged with governance to deceive the users of the financial statements by manipulating them in such a way as to achieve the desired outcome (usually by focusing on levels of profits management and those charged with governance wish to report and therefore manipulating the figures above this line or focusing on stories of net assets).

This practice is also referred to as "earnings management".

A wide variety of objectives, including the desire to decrease taxes liabilities, the production of statistics that do not break loan covenants, and the enhancement of investor trust in the entity, can all be considered potential motivations for engaging in fraudulent financial reporting.

Altering the accounting records or other supporting documents used as a basis for preparing financial statements is the primary tool of fraudulent financial reporting. In addition to this, fraudulent financial reporting can be accomplished by misapplying accounting principles or through:

  • Recording fictitious journal entries, particularly those close to the year-end;

  • Inappropriately adjusting assumptions and changing judgements used to estimate account balances;

  • Omitting, advancing or delaying recognition in the financial statements of events and transactions that have occurred during the reporting period;

  • Concealing or not disclosing facts that could affect the amounts recorded in the financial statements;

  • Engaging in deliberately complex transactions that are structured to misrepresent the financial position or financial performance of the entity; and

  • Altering records and terms related to significant and unusual transactions.

Audit Procedures in relation to Fraud

The auditor should establish audit procedures with the risk assessment in mind that the financial statements may include material misrepresentation due to fraud.

When carrying out the auditing procedure, the auditor must always keep some healthy professional scepticism in mind.

The following are audit tests that cover a wide variety of scenarios, and each auditor should design their own methods to be client-specific when it comes to addressing potential instances of fraud:

  • Unannounced visits by the auditor to conduct inventory counts at locations not previously visited by the auditor.

  • Developing an element of unpredictability in audit procedures.

  • Reviews management information for periods other than the reporting date and investigate any unusual transactions or amendments.

  • Performing substantive analytical procedures using disaggregated data. For example, looking at the gross profit margins by location, line of business or month and comparing the results of these procedures to the auditor's expectations.

  • Seeking additional audit evidence from sources outside the entity.

  • Where other firms of auditors are used (component auditors), for example, at one or more subsidiaries, divisions or branches, discussing with them the extent of the work necessary to address the risk of material misstatement due to fraud.

  • Performing computer-assisted audit techniques such as data mining to test for anomalies in a population.

  • Where an act of fraud has been committed, discuss with the entity's staff the controls in place and how they address the risk.

  • Performing procedures on account reconciliations for periods other than the reporting date.

  • Testing the integrity of computer-produced records and transactions.


  • 审计师进行突击拜访,在审计师以前没有访问过的地方进行库存清点。

  • 在审计程序中推敲不可预测的因素。

  • 审查报告日期以外的管理信息,调查任何不寻常的交易或修正。

  • 使用分类数据执行实质性分析程序。例如,按地点、业务范围或月份查看毛利率,并将这些程序的结果与审计师的预期相比较。

  • 从实体以外的来源寻求额外的审计证据。

  • 在使用其他审计师事务所(组成审计师)的情况下,例如,在一个或多个子公司、部门或分支机构,与他们讨论应对欺诈导致的重大错报风险所需的工作范围。

  • 执行电脑辅助审计技术,如数据挖掘,以测试人口中的异常情况。

  • 在欺诈行为已经发生的情况下,与该实体的工作人员讨论现有的控制措施以及它们如何应对风险。

  • 对报告日期以外的时期进行账户核对的程序。

  • 测试电脑产生的记录和交易的完整性。

Our website's articles, templates, and material are solely for you to look over. Although we make every effort to keep the information up to date and accurate, we make no representations or warranties of any kind, either express or implied, regarding the website or the information, articles, templates, or related graphics that are contained on the website in terms of its completeness, accuracy, reliability, suitability, or availability. Therefore, any reliance on such information is strictly at your own risk.

Keep in touch with us so that you can receive timely updates |


1. Website ✍️ 2. Telegram ✍️ 3. Facebook ✍

Recent Posts

See All


bottom of page