The ICAEW has said that Sir Donald Brydon’s review on the quality and effectiveness of audit has noted a “perceived expectation gap related to the auditor’s responsibility for fraud”, as the FCA seeks to clarify audit fraud responsibilities.
It added that where material fraud occurs, there can be concerns about whether auditors have done enough to detect it.
It comes as in May 2021, the Financial Reporting Council (FRC) published revised ISA (UK) 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements.
According to the ICAEW, these revisions aim to “provide clarity” about the auditor’s obligations and further guidance.
While the amendments introduce several new requirements, particularly around risk assessment, the revisions mostly serve to clarify and formalise existing requirements. They will reportedly reinforce good practice.
The revisions are said to clarify the auditor’s objectives, and they also highlight that the risk of not detecting a misstatement due to fraud may be higher than the risk related to error.
Exercising professional scepticism remains pervasive in achieving these objectives, including requirements to:
- Remain unbiased and alert to both corroborative and contradictory audit evidence.
- Remain alert for conditions that might suggest that a document or record is not genuine, such as last edited dates on electronic documents being after the purported final date of the document.
- Not only investigate inconsistent responses to inquiries received, but also those that are implausible.
In addition, supplemental guidance clarifies that when performing risk assessment procedures, an understanding of fraud risk factors is required. The revisions introduce new requirements to:
- Obtain an understanding of the process management undertakes to assess, identify, respond, and communicate the risks of fraud.
- Make inquiries of any other individuals who deal with allegations of fraud raised by employees or other parties, for example, a Money Laundering Reporting Officer (‘MLRO’) if applicable.
- Discuss the risks of fraud, including those that are specific to the relevant business sector, with those charged with governance.
- Evaluate the impact on the audit of any inconsistencies between the responses to fraud inquiries received from management and others.
- Determine whether the engagement team requires specialised skills or knowledge to perform audit procedures, such as, for example, a fraud specialist.