Major scandals that have
affected the accounting profession in recent times have usually been as a
result of fraud. Therefore, in order to maintain confidence in the profession
it is important for auditors and directors to understand their role in the
prevention and detection of fraud.
ISA 240 the Auditor's Responsibilities Relating
to Fraud in an Audit of Financial Statements recognises that misstatement in
the financial statements can arise from either fraud or error. The
distinguishing factor is whether the underlying action that resulted in the
misstatement was intentional or unintentional.
It is important to note that
fraud is a criminal activity. It is not the role of an auditor to determine
whether fraud has actually occurred. That is the responsibility of a country's
legal system. Auditors must be aware of the impact of both fraud and error on
the accuracy of the financial statements.
Fraud can be further split into two types:
- fraudulent financial reporting - deliberately misstating the accounts to make the company look better/worse than it actually is
- misappropriation of assets - the theft of the company's assets such as cash or inventory.
The external auditor's responsibilities
The external auditor is
responsible for obtaining reasonable assurance that the financial statements,
taken as a whole, are free from material misstatement, whether caused by fraud
or error. Therefore, the external auditor has some responsibility for
considering the risk of material misstatement due to fraud.
In order to achieve this
auditors must maintain an attitude of professional scepticism. This means that the auditor must recognise
the possibility that a material misstatement due to fraud could occur,
regardless of the auditor's prior experience of the client's integrity and
honesty.
ISA 315 Identifying and Assessing the Risks of
Material Misstatement Through Understanding the Entity and Its Environment goes
further than this general concept and requires that engagement teams discuss
the susceptibility of their clients to fraud. The engagement team should also
obtain information for use in identifying the risk of fraud when
performing risk assessment procedures.
To be able to make such an
assessment auditors must identify, through enquiry, how management assesses and
responds to the risk of fraud. The auditor must also enquire of
management, internal auditors and those charged with governance if
they are aware of any actual or suspected fraudulent activity.
Despite these requirements,
owing to the inherent limitations of an audit, there is an unavoidable risk
that some material misstatements may not be detected, even when the audit is
planned and performed in accordance with ISAs. The risks in respect of fraud
are higher than those for error because fraud may involve sophisticated and
carefully organised schemes designed to conceal it.
Reporting fraud
If the auditor identifies a
fraud they should communicate the matter on a timely basis to the appropriate
level of management (i.e. those with the primary responsibility for prevention
and detection of fraud). If the suspected fraud involves management the auditor
shall communicate such matters to those charged with governance. If the auditor
has doubts about the integrity of those charged with governance they should
seek legal advice regarding an appropriate course of action.
In addition to these
responsibilities the auditor must also consider whether they have a
responsibility to report the occurrence of a suspicion to a party outside the
entity. Whilst the auditor does have an ethical duty to maintain
confidentiality, it is likely that any legal responsibility will take
precedent. In these circumstances it is advisable to seek legal advice.
Directors' responsibilities
The directors have a primary responsibility for the
prevention and detection of fraud. By implementing an effective system of
internal control they should reduce the possibility of undetected fraud
occurring to a minimum.
The directors should be aware
of the potential for fraud and this should feature as an element of their risk
assessment and corporate governance procedures. The audit committee should
review these procedures to ensure that they are in place and working
effectively. This will normally be done in conjunction with the internal
auditors.
Internal auditors may be given an assignment:
- to assess the likelihood of fraud, or if a fraud has been discovered,
- to assess its consequences and
- to make recommendations for prevention in the future.
Audit procedures
As well as adopting an
attitude of professional scepticism the auditor is required to perform the
following procedures in light of the risk of fraud:
- Discussion amongst the engagement team regarding the susceptibility of the client to fraud;
- Consider the risk of fraud when documenting and testing internal controls;
- Enquiring
of management how they: assess the risk of fraud; and identify and respond
to the risks of fraud
by cindy
No comments:
Post a Comment