This SSA concerns auditor’s responsibilities relating to fraud in an audit of FS.
Misstatements can be either due to error or fraud. If it’s fraud, there are 2 kinds, namely, fraudulent financial reporting or misappropriation of assets.
Management and those charged with governance are responsible for the prevention and detection of fraud. There should be a strong culture of honesty and ethical behaviour.
The auditor is responsible for providing reasonable assurance that the FS as a whole is free of material misstatement, whether caused by fraud or error. Frauds are often concealed and hence, the inherent limitations are larger. It is difficult to determine whether misstatements are due to fraud or error. Management fraud is even harder to detect due to management override of controls.
Auditor needs to assess ROMM due to fraud and also to respond to fraud/suspected fraud during the audit. Auditors need to be aware of the fraud risk factors that can be perpetuated by management. They need to maintain professional scepticism throughout the audit.
There needs to be a discussion among engagement team on how the FS can be susceptible to ROMM due to fraud, and how fraud might occur.
The auditor should question the management on what is management’s assessment of fraud risks. They should understand management’s fraud risk assessment, and the escalation process. Auditor should ask whether management has knowledge about any suspected fraud etc. It is also possible to ask the IA team about it. It is also good to understand how those charged with governance maintain oversight of fraud risk management.
Unusual relationships using analytical procedures for revenue accounts should be identified and assessed. The auditor should also examine fraud risk indicators as these are potential ROMM.
There is a presumed risk of fraud in revenue recognition and the auditor needs to investigate further. The auditor should incorporate elements of unpredictability in the testing (use different sampling methods etc, surprise audit etc) and see whether the accounting policies are subject to subjective measurements etc.
There is also a presumed risk of management override of controls. As such, the auditor needs to test appropriateness of the journal entries in the GL and adjustments made. They need to select JE near the end of the reporting period and may test JE/adjustments throughout the audit period. There is a need to review estimates for biases and determine whether they are reasonable.
Analytical procedures should be performed and an assessment must be made on whether it is in line with normal business practices/trends.
If auditor is unable to carry on the engagement, he may withdraw or report to the relevant authorities.
The auditor needs to obtain written representations from management that they acknowledge the responsibility for the design, implementation and maintenance of internal controls to prevent and detect fraud. They also need to disclose potential fraud cases and management’s assessment of the risk of fraud.
If auditor suspects fraud, this must be disclosed to those charged with governance. The auditor can also consider reporting it to the regulatory authorities.
Auditor needs to keep documentation on the understanding of entity’s environment and assessment of ROMM.
The fraud triangle: incentive (eg earning management so that can get more bonus. The auditor should analyse incentives that relate to the entity’s environment); opportunity (poor internal controls); rationalisation (sufficient pressure, poor character etc)
The SSA also goes into detail about how fraud may be perpetuated in relation to financial reporting and misappropriation of assets.
Management is often in the best position to perpetuate fraud.
There is a need to understand oversight exercised by those charged with governance. Fraud risks cannot be ranked easily.
It is possible to rebut the risk of fraud in revenue recognition if the revenue stream is simple and straightforward.
Management may not implement every control to combat fraud due to the cost-benefit analysis. Therefore, it is important for the auditor to understand which such controls are.
For accounting estimates, auditor needs to perform a retrospective review of management judgments and assumptions related to significant accounting estimates in the prior year. This is also required under SSA540. The auditor needs to look out and question complex transactions.
The SSA describes many other procedures the auditor can perform.