FRC proposes revisions to auditing standard on fraud
FRC proposes to revise auditing standard for the auditor's responsibilities relating to fraud.
The Financial Reporting Council (FRC) has issued a consultation paper proposing revisions to its International Standard on Auditing (UK) 240 (Updated January 2020) ‘The Auditor's responsibilities Relating to Fraud in an Audit of Financial Statements’. This standard, first adopted in the UK in 2004 has only received minor amendments since first being introduced.
Although ISA (UK) 240 contains a significant number of requirements designed to assist the auditor in identifying and assessing the risks of material misstatement due to fraud and in designing procedures to detect such misstatement, concerns have been raised that auditors are not doing enough work to detect material fraud, including by Sir Donald Brydon in his review of the quality and effectiveness of audit.
The revisions the FRC is proposing in this consultation include addressing recommendation 14.1.5 in Sir Donald’s report to clarify the obligations of auditors. The FRC is also proposing further supplemental requirements and guidance to enhance the auditors’ procedures to identify and assess risks of material misstatement due to fraud and to plan and perform procedures responsive to those risks.
The FRC notes that BEIS is likely to consult on statutory requirements for directors to report on the actions they have taken to fulfil their obligations and for auditors to report in relation to such a director's statement (recommendations 14.2.2 and 14.3.5 in Sir Donald’s report). They plan to address these recommendations in due course, taking account of the outcome of the BEIS consultation.
The proposed changes to ISA (UK) 240 include the following:
Introduction
- Supplementing the material to paragraph 3 to clarify that the evaluation of whether suspected or identified fraud is material takes into account the qualitative as well as
quantitative characteristics of the fraud. - Incorporating a new paragraph, 7-1, to clarify that while the risk of not detecting a
material misstatement resulting from fraud may be higher than the risk of detecting one
resulting from error, that does not diminish the auditor's responsibility to plan and
perform the audit to obtain reasonable assurance about whether the financial
statements are free of material misstatement due to fraud.
Objectives
- Supplementing the lead in text in paragraph 10 to clarify and emphasise that the objectives of the auditor include to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement due to fraud.
Professional scepticism
- Adding a new paragraph, 12-1, to further promote the need for auditors to exercise professional scepticism, requiring that the auditor shall undertake risk assessment procedures and design and perform further audit procedures in a manner that is not biased towards obtaining audit evidence that may be corroborative or towards excluding audit evidence that may be contradictory. This approach is consistent with other recently revised ISAs.
- Including a new paragraph, 13-1, to clarify that the auditor shall remain alert for
conditions that indicate a record or document may not be authentic. - Adding new supporting application material at paragraph A9-1, to give examples of
conditions that may indicate a physical or electronic document is not authentic or has
been tampered with. - Revising paragraph 14 to require that the auditor shall, in addition to investigating
inconsistent responses to inquiries, investigate responses to inquiries of management,
those charged with governance or others in the entity that appear implausible.
Engagement team discussion
- Adding new paragraphs, 15-1 to 15-3, to specify particular matters to cover in the audit team discussion, including how management could perpetrate and conceal fraudulent financial reporting and how assets of the entity could be misappropriated; the susceptibility of a significant component in a group audit to material misstatement of the financial information of that component due to fraud; and how to investigate allegations of fraud that may have come to the auditor's attention.
Risk assessment procedures and related activities
- Supplementing paragraph 16 to clarify that the understanding obtained by the auditor includes the fraud risk factors relevant to the entity that affect the susceptibility
of assertions to material misstatement due to fraud. - Adding paragraph 18-1 which requires that persons within the entity whom the auditor makes inquiries of, include those who are responsible for dealing with allegations of fraud raised by employees or other parties.
- Adding paragraph 21-1 to emphasise that if the responses to inquiries of those charged with governance, or others within the entity, are inconsistent with the responses to the inquiries of management, the auditor shall determine the implications for the audit in accordance with ISA (UK) 500 ‘Audit Evidence’.
- Adding paragraphs 24-1 and 27-1 to require that the auditor shall determine whether the engagement team requires specialized skills or knowledge to perform particular procedures and, If the auditor identifies a misstatement due to fraud or suspected fraud, the auditor shall determine whether a forensic expert is needed to investigate further. Application material (paragraph A27-1) has been added giving examples of matters that may affect the auditor’s determination of whether the engagement team requires specialized skills or knowledge.
Responses to the assessed risks
- Adding paragraph 32-1 to emphasise that, in obtaining and evaluating audit evidence regarding possible management bias in making accounting estimates, the auditor shall also comply with the relevant requirements in ISA (UK) 540 (Revised December 2018).
- Adding paragraph 36-1 to emphasise that in performing the stand-back and overall evaluation of the sufficiency and appropriateness of audit evidence obtained, the auditor shall, taking into account all relevant audit evidence obtained, whether corroborative or contradictory, evaluate whether:
(a) The assessments of the risks of material misstatement at the assertion level due
to fraud remain appropriate;
(b) Sufficient appropriate audit evidence has been obtained regarding the assessed
risks of material misstatement due to fraud, and shall conclude whether, the financial
statements are materially misstated as a result of fraud.
The auditor's report
- Adding paragraph 39-1 to emphasise that, as required by ISA (UK) 700, the auditor's report shall explain to what extent the audit was considered capable of detecting irregularities, including fraud. To clarify that this is not intended to be 'boilerplate', it is required that this explanation shall be specific to the circumstances of the audited entity and take account of how the auditor planned and performed.
Communications to management and those charged with governance
- Supplementing paragraph 42 to require that in communicating matters related
to fraud, the auditor shall consider the matters, if any, to communicate regarding
management’s process for identifying and responding to the risks of fraud in the entity
and the auditor's assessment of the risks of material misstatement due to fraud.
Documentation
- Adding a new paragraph, 45-1 to emphasise that, as required by ISA (UK) 230,
if the auditor identified information that is inconsistent with the auditor’s final conclusion
regarding a significant matter, the auditor shall document how the auditor addressed the inconsistency.
Other possible revisions
The FRC is also seeking comments on some other potential changes to ISA 240. These include whether more could be done within the standard to improve the interaction with ISA 250 in relation to the auditor’s additional responsibilities that arise as a result of money laundering, terrorist financing and proceeds of crime legislation in the UK.
Effective date
The revised UK standard when finalised is proposed to be effective for audits of periods commencing on or after 15 December 2021 with early adoption permitted. This is the same effective date as for ISA (UK) 315 (Revised July 2020) - Identifying and Assessing the Risks of Material Misstatement - and would enable audit firms to address both revised standards in a single update of their procedures rather two separate updates within a relatively short period of time.
International developments
The International Auditing and Assurance Standards Board is also currently seeking comments on a recent discussion paper which it issued on fraud and going concern. This has a deadline for comments of 12 January 2021.