Professional scepticism
Pressure on auditors not to 'make the situation worse' for struggling companies may come at the same time as audit risk is heightened and the control environment is stressed. This is likely to be compounded by the need for auditors to ask particularly difficult questions of management, and to perform the audit differently.
Professional scepticism dictates that auditors should substantiate claims by management, not simply accept what they are told at face value, nor only look for evidence which corroborates judgements made by management. The risk of fraud and error in financial reporting may be heightened.
Fraud
COVID-19 seems likely to have exposed many entities and individuals to new variations of well-understood frauds. These include phishing attacks in which correspondence purporting to come from broadband providers, television licensing, HM Revenue & Customs, the Driver and Vehicle Licensing Agency or other government departments asks for money to prevent the termination of service, or for bank details to pay money due under COVID-19 related schemes. Requests for donations to non-existent charities, and from entities purporting to provide tests, cures or Personal Protective Equipment (PPE) are also common. CEO impersonation and technical support scams are not new, but all have taken on greater significance with staff physically distanced from each other, and less able to ask for advice quickly.
COVID-19 may also have enhanced motivations, rationalisations and opportunities for the misappropriation of assets, fraudulent financial reporting and non-compliance with laws and regulations. The Fraud Advisory Panel's COVID-19 fraud watch page sets out examples of emerging frauds. Weakened controls, including the non-performance of reconciliations and the absence of proper authorisations facilitate the theft of inventory and other assets. Communications purporting to come from suppliers detailing changes in bank accounts and sort codes, if not checked, result in unauthorised payments. The risk of fraudulent collusion between individuals both within and outside the organisation is increased when normal controls are temporarily suspended, particularly segregation of duties.
False or erroneous claims for government subsidies may give rise to penalties and financial reporting fraud or error. The risk of 'big bath' or 'kitchen sink' provisions in financial reporting in order to 'bury bad news' and improve the appearance of performance in subsequent periods is an increased risk. Auditors should pay particular attention to unusual transactions, and transactions with related parties.
Auditors need to consider how they should deal with evidence of false or erroneous claims under COVID-19-related government schemes, and other evidence giving rise to suspicions of fraud or non-compliance with laws or regulation, such as evidence suggesting that furloughed staff are still working for the entity.
An ICAEW Helpsheet Fraudulent COVID-19 claims: an ICAEW Chartered Accountant's responsibilities deals with, among other things, the need for Suspicious Activity Reports (SARs) in relation to requests to prepare claims for employees or directors engaged in revenue generation under the Job Retention Scheme during furlough, and Bounce Back loans intended for business purposes being used for personal purposes.
Team meetings
Auditing standards require auditors to specifically consider the risk of fraud and error during audit planning meetings. Centrally developed checklists covering known frauds and likely errors as they emerge may help. Simple, specific procedures such as requiring audit staff to turn on cameras during meetings (and encouraging entity staff to do the same) may help mitigate the risks of the non-identification or detection of fraud and error arising from a lack of physical proximity.
Team meetings also provide an opportunity for auditors to demonstrate that they have challenged their own judgements and assumptions in order to better challenge those of management.
Errors
Even where there is no significantly increased risk of fraud, there is likely to be an increased risk of error as a result of changes in controls and procedures as staff in finance functions move to working remotely. Management and staff may have had limited interaction during certain periods, there may have been delays in staff responding to requests by management for information, routine reviews may not have been performed and, with the best of intentions, corners may have been cut, leading to unintentional errors.
Further resources
Remote auditing in practice
PDF (392kb)
Read the full Audit & Assurance Faculty Know-how helpsheet
Download