AT -04

CPA’s Responsibility

THE AUDITOR’S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF

FINANCIAL STATEMENTS (PSA 240)
This Philippine Standard on Auditing (PSA) deals with the auditor’s responsibilities relating to
fraud in an audit of financial statements. Specifically, it expands on how PSA 315, “Identifying
and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its
Environment,” and PSA 330, “The Auditor’s Responses to Assessed Risks,” are to be applied in
relation to risks of material misstatement due to fraud.

This standard deals with the auditor’s responsibility as it relates to the risk of material
misstatement due to fraud. Its major standard describes
 Characteristics of fraud
 Professional skepticism
 Staff discussion of the risk of material misstatement
 Obtaining the information needed to identify risks of material misstatement due to fraud
 Identifying risks that may result in a material misstatement due to fraud
 Assessing the identified risks after considering the client’s programs and controls
 Responding to the results of the assessment
 Evaluating audit evidence
 Communicating about fraud to management, the audit committee, and others
 Documenting the auditor’s consideration of fraud

Characteristics of Fraud
Fraud
- Refers to an intentional act by the management involving the use of deception to obtain
unjust/illegal advantage.

• Two types of Fraud

o Fraudulent Financial Reporting (FRR)
 Involves the intentional misstatement in the in the financial statements to
deceive intended user.
o Misappropriation of asses (MOA)
 Involves the theft of company’s asset
• Other types of fraud
o Management fraud
 Fraud that involves one or more members of the management. This type
of fraud is commonly associated with FFR since FFR involves members of
the management.
o Employee fraud
 Involves the employee of the entity. This type of fraud is commonly
associated with MOA since MOA is often perpetrated by employees in
relatively small and immaterial amounts.

• Characteristics of Fraud
 o Incentive/Pressure
o Opportunityt
o Rationalization act

Professional Skepticism
- Professional skepticism is an attitude that includes a questioning mind and critical
assessment of audit evidence.
- An audit should be conducted with a mindset that recognizes the possibility of material
misstatement due to fraud, even if
o Experience with the client has not revealed fraud, and
o Regardless of the auditor’s belief about management’s honesty and integrity.
- An auditor should not be satisfied with less than persuasive evidence because of a belief
that management is honest.

Staff discussion of the risk of material misstatement

- Members of the engagement team should discuss the susceptibility of the entity’s
financial statements to material misstatement. Prior to or in conjunction with obtaining
information to identify risks of fraud, the audit team should discuss the potential for a
material misstatement due to fraud including:
- Fraud brainstorming – Exchanging of ideas among team members about how
and where the FS might be susceptible to fraud, how could management
perpetrate and conceal FFR and MOA
- Fraud discussion – Emphasizing the importance of maintaining the proper state
of mind regarding potential for material misstatement due to fraud.

Obtaining the information needed to identify risks of material misstatement due to

fraud
• Inquire with management and others
• Consider whether one or more fraud risk factors are present
• Consider any unusual/unexpected relationship that have been identified in performing
analytical procedure
• Consider other information that may be helpful in identifying the risk of material
misstatement due to fraud

Fraud risk factors

• Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting
- Management characteristics
o Management does not display and communicate an appropriate attitude
regarding internal control and the financial reporting process.
o Management’s compensation is based on unreasonable targets for operating
results or financial position
o Management tries to increase the stock price or earnings

- Industry Conditions
o A high degree of competition or market saturation causes or accompanies
declining margins.
 o The client is in a declining industry with frequent business failures.

- Operating characteristics and Financial Stability

o The client is under significant pressure to obtain needed capital for major
research or capital expenditures
o The client is threatened with imminent bankruptcy or foreclosure

• Risk Factors Relating to Misappropriation of Assets

- Susceptibility of Assets to Misappropriation
o Large amounts of cash are processed
o Inventory consists of small high value items.

- Employee Relationship or Pressures

o Employees exhibit a lifestyle that is beyond their means.
o Employee behavior changes in unusual and unexplained ways.
o Dissatisfied employees have access to assets.

- Controls
o Management fails to provide adequate oversight.
o The accounting system is in disarray.

Identifying risks that may result in a material misstatement due to fraud

- It is helpful at this stage to consider the three conditions present when a material
misstatement due to fraud ordinarily occurs – incentives/pressures, opportunities, and
attitudes/rationalizations.
- The auditor should evaluate whether identified risks of material misstatement due to
fraud can be related to specific accounts, assertions, or whether they relate more
pervasively to the financial statements as a whole.
- The identification of a risk of material misstatement due to fraud includes consideration
of:
o Type of risk that may exist (fraudulent financial reporting or misappropriation of
assets)
o Significance of risk (magnitude)
o Likelihood of risk
o Pervasiveness of risk
- A presumption of improper revenue recognition risk
- The auditor shall always address the risk of management override of controls
Assessauing the identified risks after considering the client’s programs and
controls
- PSA 315 Redrafted requires the auditor to obtain an understanding of internal control
sufficient to plan the audit; this understanding allows the auditor to
a) Identify types of potential misstatements
b) Consider factors that affect the risk of material misstatement
c) Design tests of controls when applicable
d) Design substantive tests
 - As a part of obtaining an understanding of internal control sufficient to plan the
audit, the auditor should evaluate whether the client’s programs and controls that
address the identified risks of material misstatement due to fraud have been
suitably designed and placed in operation.
- After the auditor has evaluated the client’s programs and controls in this area, the
auditor’s assessment of the risk of material misstatement due to fraud should
consider these results.

Responding to the results of the assessment

- The auditor should determine the overall responses to address the assessed ROMM at
due to fraud at the financial statement level and should design and perform further audit
procedures.

General types of responses

o Nature – more reliable evidence or additional corroborative information
o Timing – perform at or near end of reporting period, but apply substantive
procedures to transactions occurring throughout the year
o Extent – increase sample sizes, perform more detailed analytical procedures

Example of modification of the nature, timing and extent of procedures

o Perform procedures on a surprise or unannounced basis (e.g. inventory
observations, counting of cash)
o Request inventory counts at end of reporting period
o Make oral inquiries of major customers and suppliers in addition to written
confirmations
o Perform substantive analytical procedures using disaggregated data
o Interview personnel in areas where risk of material misstatement due to fraud
has been
o identified
o Discuss the situation with any other auditors involved with audit (e.g. an “other
auditor” who audits subsidiary)

Evaluating audit evidence

- The auditor shall evaluate whether analytical procedures that are performed at/or near
the end date of the audit when forming an overall conclusion as to whether the financial
statement as a whole are consistent with the auditor’s knowledge of the business indicate
a previously unrecognized ROMM due to fraud.
- When the auditor identifies a misstatement, the auditor should consider whether such
misstatement may be indicative of fraud and if there is such indication, the auditor
should consider the implication of the misstatement in relation to other aspects of the
audit.

Communicating about fraud to management, the audit committee, and others J.

Documenting the auditor’s consideration of fraud
 - If the auditor has identified a fraud or has obtained information that indicates that a
fraud exist, the auditor should communicate this as soon as practicable to the
appropriate level of management.
- All fraud involving senior management, and any fraud (by anyone) that causes a material
misstatement should be reported directly by the audit committee
Documenting the auditor’s consideration of fraud
- Discussion among audit team of risk of material misstatement due to fraud, including
how and when discussion occurred, participants and subject matter
- Procedures performed to obtain information to identify and assess risks of material
misstatement due to fraud
- Specific risks of material misstatement due to fraud that were identified and auditor’s
response to those risks
- If auditor has not identified improper revenue recognition as a risk of material
misstatement due to fraud, the reasons for that conclusion
- Results of procedures performed to further assess risk of management override of
controls
- Other conditions and analytical relationships or other responses required and any
further responses the auditor concluded were appropriate to address such risks or
conditions
- Nature of communications about fraud made to management, the audit committee, and
others.

CONSIDERATION OF LAWS AND REGULATIONS IN AN AUDIT OF FINANCIAL

STATEMENTS (PSA 250)
Non-compliance
- Refers to acts or omissions by the entity, either intentionally or unintentionally, which
are contrary to prevailing laws or regulations.
- Non-compliance does not include personal misconduct by those charged with
governance, management, or employee of the entity.
- Determination of legality of act is normally beyond auditor’s professional competence
and depends on legal judgment
- The further removed illegal act is from the events and transactions ordinarily reflected in
financial statements the less likely it is that the auditor will become aware
a. Examples of noncompliance more likely to be detected (those with a direct and
material effect on determination of financial statement amounts)
(1) Tax laws affecting accruals
(2) Revenue accrued on government contracts
Note:
The auditor is not and cannot be held responsible for preventing non-compliance. However,
audit procedures may act as deterrent for non-compliance.

Responsibility for the compliance with laws and regulations

- The management has the sole responsibility to ensure that the entity’s operation are
conducted in accordance with laws and regulations, including compliance with the
provision of laws and regulations that determine the reported amounts and disclosure in
an entity’s financial statements.
 - The following are examples of the types of policies and procedures an entity may
implement to assist in the prevention and detection of non-compliance with laws and
regulations:
o Monitoring legal requirements and ensuring that operating procedures are
designed to meet these requirements.
o Instituting and operating appropriate systems of internal control.
o Developing, publicizing and following a code of conduct.
o Ensuring employees are properly trained and understand the code of conduct.
o Monitoring compliance with the code of conduct and acting appropriately to
discipline employees who fail to comply with it.
o Engaging legal advisors to assist in monitoring legal requirements.
o Maintaining a register of significant laws and regulations with which the entity
has to comply within its particular industry and a record of complaints.

- Non-compliance by the entity with laws and regulations may result in a material
misstatement of the financial statements. Detection of non-compliance, regardless of
materiality, may affect other aspects of the audit including, for example, the auditor’s
consideration of the integrity of management or employees

- Whether an act constitutes non-compliance with laws and regulations is a matter for
legal determination, which is ordinarily beyond the auditor’s professional competence to
determine. Nevertheless, the auditor’s training, experience and understanding of the
entity and its industry or sector may provide a basis to recognize that some acts, coming
to the auditor’s attention, may constitute non-compliance with laws and regulations.

Note: In the public sector, there may be additional audit responsibilities with respect to the
consideration of laws and regulations which may relate to the audit of financial statements or
may extend to other aspects of the entity’s operations

The Auditor’s Consideration of Compliance with Laws and Regulations

- Obtaining an Understanding of the Legal and Regulatory Framework
o To obtain a general understanding of the legal and regulatory framework, and
how the entity complies with that framework, the auditor may, for example:
 Use the auditor’s existing understanding of the entity’s industry,
regulatory and other external factors;
 Update the understanding of those laws and regulations that directly
determine the reported amounts and disclosures in the financial
statements;
 Inquire of management as to other laws or regulations that may be
expected to have a fundamental effect on the operations of the entity;
 Inquire of management concerning the entity’s policies and procedures
regarding compliance with laws and regulations; and
 Inquire of management regarding the policies or procedures adopted for
identifying, evaluating and accounting for litigation claims
 - Auditor should obtain sufficient appropriate evidence regarding compliance with the
provisions of those laws and regulations generally recognized to have a direct effect on
the determination of material amounts and disclosure in the FS.
- The auditor should obtain written representations that management has disclosed to the
auditor all known actual or possible noncompliance with laws and regulations whose
effects should be considered when preparing financial statements.

- Perform specified audit procedure to help identify in

- In the absence of evidence to the contrary, the auditor is entitled to assume the entity is
in compliance with these laws and regulations.

Audit procedures when noncompliance is identified

- When noncompliance is identified, the auditor shall obtain:
o Understanding of the nature of the act and the circumstances in which it has
occurred
o Sufficient information to evaluate possible effect on the financial statement

- The auditor shall discuss the matter with the management. The purpose of this is to
obtain sufficient information that supports the entity is in compliance with laws and
regulations when, in the auditor’s judgment, the effect of the suspected non compliance
may be material to the FS.
o If the management did not provide sufficient information the auditor shall
consider the need to obtain legal advice.
o If sufficient information cannot be obtained, the auditor shall evaluate the effect
of the lack of sufficient appropriate audit evidence on the auditor’s report. (Scope
limitation)

Reporting of noncompliance
- The auditor should, as soon as practicable, either communicate with the audit
committee, the board of directors and senior management, or obtain evidence that they
are appropriately informed, regarding noncompliance that comes to the auditor’s
attention. However, the auditor need not do so for matters that are clearly
inconsequential or trivial and may reach agreement in advance on the nature of such
matters to be communicated.

- If the noncompliance referred to be material and intentional, the auditor shall

communicate the matter to the management as soon as practicable.

- If the auditor suspects that management or those charged with governance are involved
in non-compliance, the matter should be discussed to the next higher level of authority at
the entity.

- If there’s no higher level of authority, the auditor shall consider to obtain legal advise.

In the Auditor’s report

 - If the auditor concludes that noncompliance has a material effect on the financial
statements and has not been properly reflected in the financial statements, the auditor
shall express Qualified or Adverse opinion.

- If the auditor was precluded by the management to obtain sufficient appropriate

evidence to evaluate whether noncompliance may be material to the FS, the auditor shall
express a Qualified or Disclaimer of Opinion.

- If the auditor is unable to determine whether noncompliance has occurred because of

limitations imposed by the circumstances rather than by the entity, the auditor should
consider the effect on the auditor’s report.

To regulatory and Enforcement authorities

- If the auditor has identified such or suspects non-compliance with laws and regulations,
the auditor shall determine whether the auditor has responsibility to report the
identified or suspected non-compliance to outside parties. Although the auditor’s
professional duty to maintain confidentiality, the auditor’s legal responsibilities may
override the duty of confidentiality in some circumstances.

Note: The auditor can withdraw from the engagement when the entity does not take remedial
action that the auditor considers necessary in the circumstances.

COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE (PSA 260)

Those Charged with Governance
- The auditor shall determine the appropriate person(s) within the entity’s governance
structure with whom to communicate.
- When the auditor communicates with a subgroup of those charged with governance, for
example, an audit committee, or an individual, the auditor shall determine whether the
auditor also needs to communicate with the governing body

Matters to be Communicated
- The Auditor’s Responsibilities in Relation to the Financial Statement Audit
o The auditor shall communicate with those charged with governance the
responsibilities of the auditor in relation to the financial statement audit,
including that:
 The auditor is responsible for forming and expressing an opinion on the
financial statements that have been prepared by management with the
oversight of those charged with governance; and
 The audit of the financial statements does not relieve management or
those charged with governance of their responsibilities

- Planned Scope and Timing of the Audit

o The auditor shall communicate with those charged with governance an overview
of the planned scope and timing of the audit.

- Significant Findings from the Audit

o The auditor shall communicate with those charged with governance:
  The auditor’s views about significant qualitative aspects of the entity’s
accounting practices, including accounting policies, accounting estimates
and financial statement disclosures. When applicable, the auditor shall
explain to those charged with governance why the auditor considers a
significant accounting practice, that is acceptable under the applicable
financial reporting framework, not to be most appropriate to the
particular circumstances of the entity;
 Significant difficulties, if any, encountered during the audit;
 Unless all of those charged with governance are involved in managing the
entity:
 Material weaknesses in the design, implementation or operating
effectiveness of internal control that have come to the auditor’s
attention and have been communicated to management as
required by PSA 315 or by PSA 330
 Significant matters, if any, arising from the audit that were
discussed, or subject to correspondence with management; and
 Written representations the auditor is requesting
 Other matters, if any, arising from the audit that, in the auditor’s
professional judgment, are significant to the oversight of the financial
reporting process.

- Auditor Independence
o In the case of listed entities, the auditor shall communicate with those charged
with governance:
 A statement that the engagement team and others in the firm as
appropriate, the firm and, when applicable, network firms have complied
with relevant ethical requirements regarding independence;
 All relationships and other matters between the firm, network firms, and
the entity that, in the auditor’s professional judgment, may reasonably be
thought to bear on independence. This shall include total fees charged
during the period covered by the financial statements for audit and non-
audit services provided by the firm and network firms to the entity and
components controlled by the entity. These fees shall be allocated to
categories that are appropriate to assist those charged with governance in
assessing the effect of services on the independence of the auditor; and
 The related safeguards that have been applied to eliminate identified
threats to independence or reduce them to an acceptable level.

Communication process
- The auditor shall communicate with those charged with governance the form, timing and
expected general content of communications.
- The auditor shall communicate in writing with those charged with governance regarding
significant findings from the audit when, in the auditor’s professional judgment, oral
communication would not be adequate. Written communications need not include all
matters that arose during the course of the audit
- The auditor shall communicate with those charged with governance on a timely basis
Note: Auditor’s communication may be made orally. When audit matters of governance interest
are communicated orally, the auditor documents in the working papers the matters
communicated and any response to those matters. This documentation may take the form of a
copy of the minutes of the auditor’s discussion with those charged with the governance.