The huge impact that Covid-19 has had on businesses and personal working patterns has created many challenges, including heightening the risk of fraud. At the start of the pandemic, the audit industry was concerned that changes in working arrangements could result in checks and balances being less robust, while financial pressures on individuals and businesses might make them more likely to commit fraud. Indeed, headlines about fraud connected to government financial help and procurement came thick and fast in the press.
As we enter 2021, the risks and uncertainties continue but businesses have had a chance to adapt and consider what the future operating environment will look like. However, that does not necessarily mean they can simply draw a line under heightened fraud risk and move on.
A disrupted period
Companies with December and later year-ends will have to consider how to account for this disrupted period, including, for example, how to account for government furlough payments or loans, arrangements reached with suppliers and rent concessions. Some technical guidance has been issued, for example around leases and there is some clarity around the liability of insurance companies regarding disruption claims, but it is far from comprehensive.
We have also seen several recent headlines about historic fraud, notably in the U.S., where regulators hit Luckin Coffee with a $180m (£130m) penalty after finding that the Chinese chain altered bank records and set up a fake database as part of an effort to fabricate its accounts. In the U.K., meanwhile, Patisserie Valerie’s liquidators are in the process of suing Grant Thornton for £200m for the firm’s role in the café chain’s collapse after the hole in its finances was more than twice estimates.
We’re only likely to see more of these stories appearing as further frauds are discovered or reported. The most common types of financial statement fraud remain relevant, particularly with the changes and uncertainties experienced in 2020. These include:
- Bringing forward revenue or deferring costs to later reporting periods
- Fictitious revenue transactions
- Concealed liabilities and expenses
- Improper asset valuation
- Non-disclosure of related party transactions
The challenge of detecting these frauds depends on whether management have been involved, which in turn influences the auditor’s ability to identify them. Since early 2020, auditors have faced considerable challenges in undertaking remote audits, attending stocktakes, and obtaining sufficient and appropriate audit evidence. At the same time, they are under the spotlight like never before following recent high-profile failures to detect fraud. It was therefore timely that in October 2020, the Financial Reporting Council (FRC) launched a consultation on the proposed revision of its UK auditing standard ISA (UK) 240 which was updated shortly before the pandemic began in January 2020.
Titled “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements”, ISA (UK) 240 was first issued in 2004 and has only received minor updates in the past 16 years. However, as highlighted above, during these 16 years there have been several substantial frauds and the complexity of some of these has been significant.
The intention of the consultation is to address concerns that auditors are not doing enough to detect fraud. It will provide more clarity around auditor’s obligations, as well as enhanced requirements for the identification and assessment of fraud risk and the procedures to address it. When finalised, the revised standard will apply to audits of periods commencing on or after 15 December 2021, with early adoption permitted. This is the same effective date as for ISA (UK) 315 (Revised July 2020) – Identifying and Assessing the Risks of Material Misstatement.
One year later
October 2020 also saw an extension of the requirement to include in all audit reports an explanation of how effective the audit was at detecting irregularities, including fraud. This was already a requirement for auditors of public interest entities (PIEs) but the revised version of ISA (UK) 700 goes further, requiring auditors of all entities to provide this explanation for financial periods commencing on or after 15 December 2019.
As we near the one-year milestone since the epidemic first reached the UK’s shores, the heightened risk and opportunity for fraud remain, as do the challenges faced by auditors whose actions are coming under increasing scrutiny. A focus on the widely recognised and well-established categories of financial statement fraud will continue to be critical in this environment and the new revisions to existing standards are a welcome development in providing additional guidance.
Byline by Phil Crooks, managing director at BRG