For audits of financial periods commencing on or after 15 December 2019, auditors are required to explain in the auditor’s report to what extent the audit was considered capable of detecting irregularities, including fraud.
This was already a requirement for auditors of public interest entities (PIEs) in ISA (UK) 700 Forming an Opinion and Reporting on Financial Statements (Revised June 2016), but the revised version of ISA (UK) 700 goes further to require auditors of all entities (where ISAs (UK) apply) to provide this explanation.
A new Know-How guide from ICAEW’s Audit and Assurance Faculty examines the changes. It focuses primarily on the implications for the auditor’s report, rather than reporting to those charged with governance or to regulators and covers:
- What irregularities are and a reminder of the extant auditing standards
- How the requirements have changed in ISA (UK) 700 (Revised January 2020)
- What should be reported on in the auditor’s report
- How COVID-19 may impact what is reported.
The guide includes suggested wording from the FRC to use in the section of the auditor’s report which describes the auditor’s responsibilities for the audit of the financial statements. However, the reporting should then be tailored to each entity’s individual circumstances, ensuring the auditor reports matters of significance clearly and concisely, without the use of boilerplate text.
The level of detail required will depend on the specific circumstances of the entity and the significance of the irregularities in the context of the financial statements as a whole.
To help determine what information the auditor should include in the auditor’s report, the guide includes examples of aspects of the auditor’s approach which may be relevant. Some of these examples are:
- The auditor’s assessment of the susceptibility of the entity’s financial statements to material misstatement, including how fraud might occur
- Which laws and regulations the auditor identified as being of significance in the context of the entity
- How the auditor obtained an understanding of:
- The legal and regulatory framework applicable to the entity and how the entity is complying
- The entity’s policies and procedures on compliance with laws and regulations, including documentation of any instances of non-compliance
- The entity’s policies and procedures on fraud risks, including knowledge of any actual, suspected or alleged fraud.
The guide also explains that the auditor should consider how their approach to the audit has affected the likelihood of detection. This will be affected by the inherent difficulty in detecting irregularities, the effectiveness of the entity’s controls, and the nature, timing and extent of the audit procedures performed.
Detail on the auditor’s understanding of the industry or sector the entity operates in, its performance and its remuneration policies, may help provide an understanding of the risks of non-compliance with laws and regulations and fraud.
The guide also lists examples of the auditor’s response. This includes enquiry of management, those charged with governance and the entity’s solicitors (or in-house legal team), enquiry of entity staff in tax and compliance functions to identify any instances of non-compliance with laws and regulations, reviewing minutes, reviewing internal audit reports, and auditing the risk of management override of controls. But again, the approach will be individual to the entity’s risks.
The guide ends by explaining how these disclosures interact with Key Audit Matters and considers some of the factors brought about by COVID-19 which may influence what auditors should be considering concerning fraud and non-compliance with laws and regulations.
The full guide is available here.