Over recent years, auditors have intensified their efforts to increase the likelihood that they will be better able to apprehend fraud during financial statement audits – and for a variety of reasons. Many of the drivers were rehearsed in a recent Audit & Beyond article that introduced the faculty’s upcoming publication Sharpening the Focus on Corporate Fraud – An Audit Firm Perspective.
Firms ICAEW spoke to for this paper are taking various steps to deter and detect fraud. They range far and wide: from behavioural initiatives designed to reshape audit firm culture, to processes and tools (such as project management software) designed to enhance an audit team’s resource management. The paper offers insights and lessons that could benefit other audit firms of all sizes and across all jurisdictions. An upcoming webcast from the faculty will also see a panel of interviewees from the publication discuss this further.
Looking for fraud
The Financial Reporting Council (FRC) has revised the fraud auditing standard ISA (UK) 240, which UK firms are in the process of implementing. It is effective for audits of financial statements for periods starting on or after 15 December 2021 and you will find some tips on fraud detection and pointers to implementation support resources from ICAEW, the FRC and the International Auditing and Assurance Standards Board (IAASB) in a March 2022 Audit and Beyond article.
The ICAEW material includes fraud-related resources from the faculty, such as ‘How to report on irregularities, including fraud, in the auditor’s report – a guide for auditors’ and a version for first-time reporters; plus the pandemic-related ‘Fraud and government support – a guide for auditors’.
Since then, fraud related to government support has also been the topic of ICAEW Insights articles. For example, there is an article emphasising the need for vigilance and highlighting red flags to watch out for, and another, based on real life examples, considering a scenario that is commonly found in the context of COVID-19 support schemes and outlining how an auditor and ICAEW’s Technical Advisory Service (TAS) responded.
Additional fraud-related resources recently made available by the faculty include a live webinar on ‘Fraud risk factors in a financial statement audit’, which can now be accessed as a recording.
The webinar offers insights into changes in the revised ISA (UK) 240 and practical pointers on: fraud risk assessment, including what to look for when performing preliminary analytical reviews; consideration of fraud risk factors and circumstances which could indicate the possibility of fraud; the auditor’s response to fraud risks; and offers examples of fraud case studies and lessons learned. Some of the webinar is specific to ISA(UK) 240, but much of it is relevant to auditors applying non-UK variants of ISA 240.
The revised ISA (UK) 240 was the subject of a John Selwood Q&A in the June edition of Audit & Beyond, highlighting noteworthy changes in the revised ISA (UK) 240. It also addresses some of the perennial problems that auditors face when endeavouring to find fraud during financial statement audits, such as how to detect falsified documents – with indicators to look out for. It offers some background on coming changes to the IAASB’s ISA 240 too.
The IAASB recently approved a project proposal to revise ISA 240 with final approval scheduled towards the end of 2024. Ahead of this, in May 2022, the IAASB released non-authoritative guidance, The Fraud Lens – Interactions Between ISA 240 and Other ISAs. It illustrates relationships and linkages between ISA 240 and other ISAs when planning, performing and reporting on an audit engagement, and shows this in a diagram that many auditors may find helpful.
Raising standards on auditing
It is important to note that the resources mentioned here will do most to enhance the likelihood of detecting fraud during a financial statement audit if they are considered alongside the auditing standard on fraud. Appendices list circumstances that may indicate the possibility of fraud, and offer examples of fraud risks factors and possible audit procedures to address the assessed risk of material misstatement due to fraud. Both ISA (UK) 240 and the ISA 240 on which it is based can be invaluable to a firm that is trying to maximise the likelihood that their audits and auditors will find fraud. Do not overlook them.
Webinar: fraud risk factors in a financial statement audit
In May 2021, the Financial Reporting Council (FRC) issued a revised version of the fraud auditing standard, ISA (UK) 240. In this faculty webinar, Jenny Reed, Head of Audit and Assurance at Baker Tilly International, looks at key elements of the revised standard and provides practical hints and tips for assessing and responding to the risk of fraud. Emma Cross, Technical Manager, Audit and Assurance, shares some highlights.
Remaining sceptical
“One of the first things you will see in the revised ISA is a number of new requirements and changes to existing requirements relating to professional scepticism,” says Reed. One such requirement is the need for auditors to remain alert to conditions indicating that audit evidence may not be genuine – something that is particularly relevant in current times. “As technology develops, fake documents are becoming easier to make and harder to spot. The move towards more remote auditing due to the pandemic has not helped because, increasingly, auditors are relying on inspecting electronic copies and scans of documents rather than originals.”
Another requirement highlighted under the heading of professional scepticism, and one that is starting to appear more in the ISAs, is the need for auditors to carefully consider their risk assessment and risk response procedures to ensure that they are neither biased towards obtaining corroborative or excluding contradictory audit evidence.
Talking points
Reed explores the fraud risk assessment procedures that auditors need to perform, including what to discuss at the mandatory client fraud discussion and who should be involved. She says: “The ISA is quite explicit regarding the need to discuss fraud with a wide range of people at the client, not just the finance director.” There is a greater emphasis within the revised ISA on looking for inconsistencies in audit evidence, and discussing fraud with the client is no exception: “We should determine whether responses from those charged with governance corroborate or contradict those from management,” says Reed.
Discussing fraud at the engagement team meeting is also an important risk assessment procedure, but something that Reed suggests should be done last. “This is so that the team will have performed all the other planning and fraud risk assessment procedures and so have that information available to discuss.” To pool knowledge effectively, Reed stresses the need for attendance by all members of the engagement team whenever possible, and considers how best to approach the fraud discussion. Ask yourself: if I was going to commit fraud, how would I do it?
Brought to life
Evaluating fraud risk factors and circumstances that could give rise to the possibility of fraud is a vast topic, but examples are illustrated through case studies looking at both fraudulent financial reporting and misappropriation of assets. Those matters that may impact the need to use specialist skills or knowledge on the audit are also highlighted: “As auditors we need to be conscious of client circumstances where we are out of our depth and need to call in the cavalry.”
There are also useful tips when undertaking preliminary analytical review procedures and, in particular, trend analysis: “Consider showing data so that the year end is in the middle of the graph and not at the end. This can highlight cut-off issues more easily.”
Responding to risks
While discussing the auditor’s response to fraud risks, Reed points to Appendix 2 of the ISA, which provides a wide range of examples of responses to the risk of material fraud. She dives into the specific requirements of the ISA in this area and discusses tricky areas, including journal testing.
The faculty webinar Fraud risk factors in a financial statement audit is available to watch on demand.
Audit & Beyond
This article was first featured in the July/August 2022 edition of Audit & Beyond.