To start, it is not the responsibility of the auditor to either prevent or discover fraud within the entity that is being audited!
Management and those charged with governance are the ones responsible for this task.
However, this does not absolve the auditor of their responsibility to devise audit procedures based on their risk assessment of the possibility that the financial statements include a substantial misrepresentation due to fraud.
A particular auditing standard pertains to fraud, and it is known as ISA 240, which stands for The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements.
This standard stipulates that all auditors who perform audits under ISAs must apply it.
This ISA was created to outline the responsibilities that lie with the auditor regarding fraud matters.
Since most scams are intended to be disguised, and the perpetrators of fraud will frequently go to great lengths to ensure that they are not found, detecting fraud can be incredibly challenging simply because of the nature of fraud.
In recent years, fraud has become a serious concern within the field of accounting and auditing, particularly fraud surrounding well-publicised business disasters. Auditors have had some of the blame thrown at them for the problem.
Fraud is not an error, and ISA 240 clearly distinguishes between fraud and error.
Fraud is defined in ISA 240.11(a)) as:
‘… an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an un- just or illegal advantage.’
Error, on the other hand, is defined in ISA 240.11(b) as:
‘… an unintentional misstatement in the financial statements including the omission of an amount or disclosure.’
Fraud may often be broken down into two categories:
"Management Fraud"; and
Management fraud involves the overriding of internal controls by management within the entity.
The actual amounts involved can be quite significant, and auditors should consider this fact carefully during the planning stage of the audit and during the detailed audit fieldwork.
Because ISA 240 contains an explicit requirement for the auditor to maintain an attitude of professional scepticism, the auditor can recognise the possibility that a material misstatement could result from fraud.
For the auditor to keep their professional scepticism, they must let go of any and all beliefs they may have regarding the honesty and integrity of management and those charged with governance.
The practice of workers taking advantage of gaps in the internal control environment to enrich themselves financially is referred to as employee fraud.
Amounts can vary and be at both ends of the spectrum (i.e. they could be very small or very substantial amounts).
Responsibilities of the Auditor
ISA 240 outlines the responsibilities of the auditor, and this ISA requires the auditor to consider fraud (and error) at the planning stage with the expectation that the financial statements may contain material misstatement as a result of fraud and/or error.
The auditor must remember that the financial statements may contain material misstatements resulting from fraud and/or error. The auditors are expected to:
Discuss fraud risk and incidence with management and those charged with governance;
Discuss with the engagement team how the financial statements could be wrong in a way that is important, either because of fraud or because of errors. Think about whether one or more signs of fraud are present;
Perform audit procedures to test the appropriateness of journal entries, test the risk of management override of internal controls, review accounting estimates and their appropriateness and understand the business rationale for transactions outside the normal course of business;
Obtain specific representations from management and those charged with governance, including its assessment of the risk of fraud, and
Consider the implications of the auditor's legal and regulatory obligations.
Fraud issues must be discussed at the planning meeting for the audit team. This is a very important requirement.
This conversation must include the audit engagement partner, and it gives the engagement team's more experienced members a chance to share their ideas about how and where the financial statements may contain material misstatement because of fraud.
Usually, a discussion like this would be about:
How management could override the entity's internal controls, and how the financial statements could be misstated due to fraud.
How could the entity manipulate the financial statements for the purposes of "earnings management."
Whether there are incentives or pressures for management or others to commit fraud—for example, a breach of loan covenants.
How management and those charged with governance implement sufficient controls and oversee employees who have access to cash or other assets of the entity.
Whether management or other key employees have had an unusual change of lifestyle or demonstrate unexplained behaviour.
Ensuring that all members of the engagement team maintain a degree of professional scepticism throughout the audit engagement.
Whether there is any circumstances present that may give rise to a presence of fraudulent activity.
Discuss how unpredictable audit testing can be undertaken and the nature, timing and extent of that testing.
How audit procedures are selected to respond to the risk that the financial statements contain a material misstatement due to fraud.
Discussions concerning any allegations of fraudulent activity.
该实体如何为 "收益管理 "的目的操纵财务报表。
Interaction between ISA 240 and ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment
By the provisions of ISA 315, the auditor must understand the entity and the environment in which it operates. In addition, the auditor must consider the possibility of the financial statements being material misstatements due to fraud.
When conducting their risk assessment, the auditor must ensure that they discuss with management and those charged with governance how they oversee management's internal controls and how these internal controls reduce the risk of fraud.
This discussion must take place before the auditor begins their risk assessment.
There is no absolute certainty (nor conclusive) in discussions with management and those charged with governance.
The simple fact that the auditor has discussed the risk of fraud with management and, where applicable, those charged with governance, who may confirm that no fraud has been committed during the year (or that they are not aware of any allegations of fraud), is not enough to reduce the risk of material misstatement due to fraud to an acceptable level.
In addition to this, the auditor is responsible for ensuring the following things: