Audit and assurance

` If the material weaknesses are found, auditors are responsible for:

– Reporting these to management
– Carrying out additional tests of details to uncover any potential errors as a result of the
weakness.

4 Fraud
Section overview
` The auditor is responsible for drawing a conclusion as to whether the financial statements are free
from material misstatement (which can be caused by fraud).
` The auditor's responsibilities with regard to fraud are set out in ISA 240 The Auditor's Responsibility
to Consider Fraud in an Audit of Financial Statements and include:
– Assessing risks of material misstatement
– Discussing the susceptibility of the financial statements to material misstatement caused by fraud
` A key issue in relation to discovering material misstatements caused by fraud is professional
scepticism.
` When the auditors become aware of possible non-compliance, they should evaluate the possible
effect on the financial statements and on other audit evidence obtained and need to make reports to
management.

4.1 Definition of fraud

Fraud is a word we normally use to cover a wide range of illegal acts.
For audit purposes, ISA 240, The Auditor's Responsibility to Consider Fraud in an Audit of Financial
Statements, identifies two types of risk of misstatement which can arise from fraud:
` Misstatements arising from fraudulent financial reporting
` Misstatements arising from misappropriation of assets
In order to have a reasonable expectation of detecting fraud or error, auditors should follow the
procedures in ISA 240.

4.2 Responsibilities regarding fraud

ISA 240 sets out management and auditor responsibilities regarding fraud.
Regarding management, the ISA states that the primary responsibility for the prevention and detection of
fraud rests with both those charged with governance of the entity and with management. To fulfill this
responsibility, various actions can be taken including:
` Demonstrating that management follow a culture of honesty and ethical behaviour and communicating
that they expect all employees to adhere to this culture
` Establishing a sound system of internal control
` From the point of view of those charged with governance, ensuring that management implement
policies and procedures to ensure, as far as possible, the orderly and efficient conduct of the
company’s business.
Regarding the auditor, the ISA states that the auditor must obtain reasonable assurance that the financial
statements, taken as a whole, are free from material misstatement, whether caused by fraud or error. The
auditor does not therefore offer complete assurance that the financial statements are free from fraud
and/or error as audit testing is not designed to provide this assurance.

28
 RESPONSIBILITIES 2

4.3 Risk assessment

Part of an auditor's work must include assessing the risk of a fraud existing. We will consider risk
assessment procedures in more detail in Chapter 9. The appendix to ISA 240 is a very useful document as it
gives examples of the many ways in which risk is affected.
However, it should not be used as a list to be regurgitated in the examination, as risks are always specific to
the client.
ISA 240 sets out that auditors are:
` Entitled to accept representations as truthful and records as genuine, unless there is evidence to the
contrary; but also
` Required to bring professional scepticism (as defined) to the work.
Auditors should also carry out a discussion of the susceptibility of the entity's financial statements to fraud.
This will usually include a consideration of:
` Where the company's system is weak and how management could perpetrate fraud
` The circumstances that could indicate earnings management which could lead to fraudulent financial
reporting
` The known internal and external factors that could be an incentive to fraud being carried out
` Management's involvement in overseeing employees with access to cash or other assets which could
be misappropriated
` Any unusual or unexplained changes in behaviour/lifestyle of management or employees
` The need for professional scepticism
` The type of circumstances that could lead to suspicions of fraud
` How unpredictability will be incorporated into the way the audit is carried out
` What audit procedures might be responsive to fraud
` Any allegations of fraud that have been made
` The risk of management override of controls

4.4 Where fraud is suspected

If the auditors identify misstatements which might indicate that fraud has taken place, they should consider
the implications of this for other aspects of the audit, particularly management representations which may
not be trustworthy if fraud is indicated. This may lead to a limitation in the scope of the audit.

4.5 Management representations

Auditors are required to obtain particular written representations from management that management
acknowledges its responsibility to design and implement internal controls to prevent and detect fraud and
that management has disclosed any known or suspected frauds by management, employees with a significant
role in internal control, or any other frauds which might have a material impact on the financial statements
to the auditor.
In addition, management confirm in writing that it has disclosed the results of its own assessment of
whether the financial statements may be materially affected by fraud.

29
 Audit and assurance

4.6 Reporting frauds or suspected frauds

The ISA requires that the auditors should discuss suspected or actual fraud with the directors and make the
appropriate reports, as set out below:

MANAGEMENT 5 If they actually discover fraud

5 If they suspect fraud
5 If they discover substantial error
4 If they think the suspected fraud casts doubt on the integrity of the directors
SHAREHOLDERS 5 Only if fraud or error causes the financial statements to not give a true and fair
view or there is a fundamental uncertainty – in which case it should be included
in the audit report in the usual way
THIRD PARTIES 5 If it is in the public interest to report a fraud to the proper authorities and the
directors refuse to do so

Interactive question 3: Fraud [Difficulty level: Exam standard]

During the course of your audit of Slipstream Ltd the credit controller asks for a private interview with
you. During this interview she makes it known that she suspects the chief accountant of misappropriating
company funds received from debtors and altering the books.
What steps would you take to enable you to assess whether the credit controller's suspicions are
reasonable?
See Answer at the end of this chapter.

Interactive question 4: Reporting fraud [Difficulty level: Exam standard]

During the course of the audit you discover that the wages clerk has been defrauding the client through not
deleting leavers from the payroll until two months after departure, and was pocketing the money herself.
What should you do with regard to:
(a) Informing the client?
(b) The audit report?
See Answer at the end of this chapter.

4.7 Concluding on fraud

Fraud is a major cost for business and the statutory audit is not designed to identify every fraud in an audit,
merely those with a material effect. However, many users of accounts expect that the audit process should
uncover all instances of fraud in a company. This is a feature of the expectations gap (discussed below in
section 8).
From time to time, the issue of whether auditors' duties should be extended in relation to fraud is
discussed. It can be argued that the auditors have closer contact with an organisation than any other
external advisers and therefore they are in a position to gain a detailed understanding of the organisation
and its systems which should lead to an ability to discover all frauds at an organisation.
However, this argument ignores the inherent limitations of the audit process, which you are aware of from
your earlier studies in Assurance, and also opens up the possibility that audit becomes seen simply as a
fraud investigation and the wider objective of reporting on the financial statements is lost.

30
 RESPONSIBILITIES 2

Another key issue is the cost to businesses that this would represent, as the level of testing in a fraud
investigation would be far more detailed than the sample based testing required for the purpose of an audit,
which most businesses would find prohibitive.
It must be concluded that attempts to make auditors more responsible for discovering fraud also miss the
point that management ultimately is responsible for everything within the company, including the prevention
and detection of fraud. Management should not be able to hide behind the auditors when fraud is eventually
discovered or blame the auditors for not discovering the fraud earlier. Implementing and reporting on the
principles of corporate governance is one way to enhance the performance of management in establishing
effective systems, managing the risks to the security of the organisation's assets and promoting high
standards of conduct by all those within the organisation.
Lastly it must be emphasised that this expectation gap with relation to fraud is generally associated with the
statutory audit. If an assurance firm is engaged to carry out a different assurance engagement, or a non-
statutory audit, then the terms of that engagement will be set out between the parties and all parties should
be very clear what the role of the assurance providers in relation to discovering fraud, will be on that
assignment. Bear in mind that the cost of providing a service to uncover frauds might be high and therefore
this might be rare in practice. Of course, in order to close the gap in understanding of what the purpose of
a statutory audit is in relation to fraud, the auditors' responsibilities are set out in the audit engagement
letter. However, this letter is a private matter between the directors and the firm, and therefore this
measure does not tackle the issue that the view is widely held in 'society at large' that auditors should
detect frauds.

5 Compliance with laws and regulations

Section overview
` Management is responsible for ensuring that the company complies with laws and regulations.
` Auditors are responsible for concluding that the financial statements are free from material
misstatements caused by non-compliance with laws and regulations.
` Auditors are required to have a general understanding of the legal and regulatory framework within
which the company operates.

5.1 Non-compliance with laws and regulations

Auditors are interested in two categories of law and regulations:
` Those with a direct impact on the financial statements, for example, the Companies Act
` Those which provide a legal framework within which the company operates
The auditor should obtain an understanding of the legal framework within which the company operates as
part of his understanding of the entity and its environment (discussed in Chapter 8).
Areas of law which affect all businesses will be:
` Employment law. (For example, the auditor should note if work on the payroll appears to indicate that
the company pays employees less than the minimum wage.)
` Social security law. (For example, the auditor should ensure that the company appears to be paying
over the correct amounts to HMRC in respect of PAYE, NI and payments such as maternity pay and
paternity pay.)
` Health and safety law. (For example, the auditor might notice if a company did not have clear safety
notices on manufacturing premises and did not display clear fire exit and procedures notifications.)

31