Introduction
ISA (UK) 240: The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
Fraud is a highly controversial area, and the extent of auditor responsibility for the prevention and detection of fraud has generated considerable discussion in recent years.
On 27 May 2021, the Financial Reporting Council (FRC) issued a revision of its UK auditing standard on the responsibilities of auditors relating to fraud (ISA (UK) 240).
The revised version of ISA (UK) 240 is effective for periods commencing on or after 15 December 2021, with early adoption permitted.
The standard has been revised with the aim of addressing concerns that auditors are not doing enough to detect material fraud.
The reason for this is largely due to a lack of clarity as to their obligations with respect to fraud.
The Changes
The changes to the standard do not alter the scope of audit when it comes to fraud.
It focuses on clarifying the auditor’s role and objectives in identifying fraud.
It does not change the emphasis on directors’ responsibilities in tackling fraud.
The audit standard change is designed to coincide with the government’s proposed changes to directors’ reporting around fraud.
The revisions to the fraud audit standard clarify the auditor’s objective to “obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement due to fraud.
This includes identifying and assessing risks of material misstatement and obtaining sufficient appropriate audit evidence.”
The standard also addresses the inherent limitations and challenges of an audit in relation to fraud, particularly where management are colluding in fraud.
Despite those challenges, it is still the auditor’s responsibility to obtain sufficient, appropriate audit evidence.
ISA (UK) 240 also makes provision for a new stand back requirement to evaluate whether sufficient appropriate audit evidence has been obtained regarding the assessed risks of material misstatement due to fraud and whether the financial statements are materially misstated as a result of fraud.
Auditing in Practice
For most auditors, these changes will not be particularly significant, representing minor changes to audit work and methodologies with respect to fraud rather than wholesale reforms.
The FRC has introduced new requirements for auditors to consider what specialist knowledge and expertise they need to carry out an effective risk assessment for an audit that may have indicators of fraud.
The auditor must consider the need for these skills at both the risk assessment and the investigation phase.
This enables them to formulate the appropriate response in the circumstances of each specific audit.
Auditors should assess whether they have sufficient appropriate audit evidence and consider whether they’ve done enough to seek out contradictory as well as corroborative evidence.
Useful Links
FRC: ISA (UK) 240