Revised Auditor’s Responsibilities Relating to Fraud

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 240 (REVISED OCTOBER 2021)

Audit committee members take an active role in the deterrence of fraud, they should challenge management and auditors to ensure enough is being done over the prevention and detection of fraud throughout the organisation. When financial scandals hit the headlines the ultimate question raised as to where the responsibility lies and who could have prevented this.

ISA 240 is the auditing standard on the auditor’s responsibilities relating to fraud and there have been several changes come to effect in both the UK and Ireland amending this standard. In May 2021 the FRC issued their revised ISA (UK) 240 in response to the recommendations of the Brydon Review to clarify the responsibilities of auditors. The changes to ISA (Ireland) 240, revised in October 2021 reflect corresponding changes to the UK standard.

Why is the standard being amended?

The amendment to ISA 240 was designed to address recent concerns that auditors aren’t doing enough to detect material fraud. It seeks to clarify auditor responsibility and put more of an onus on the auditor to look for any potential fraud.

The auditor’s responsibility is to plan and perform an audit to obtain reasonable assurance about whether the financial statements are free of material misstatement due to fraud. This is welcomed clarification that will enhance the identification and assessment of the risk of material misstatement due to fraud and ensure auditors develop procedures to address those risks.

What are some of the impacts you might see because of the changes?

  • Management and those charged with governance should expect to see a more interactive approach to risk assessment including additional enquiries of those within an entity who deal with allegations of fraud raised by employees or other parties’, discussions over the entities perceived risk of material fraud and any specific risks to the industry or sector the audit client is within.
  • Some entities will see a required change to the audit report to explain the extent to which the audit was considered capable of detecting irregularities, including fraud. The statement is not intended to be a ‘boilerplate’ but is required to specific to the circumstances of the audited entity. ISAs (Ireland) have limited this change to listed entities and EU PIEs. This is the key differential to ISAs (UK) were the requirement goes further and include changes to the auditor’s report for all entities. IAASA have noted they will continue to review any further FRC changes and consider whether they are appropriate to adopt in Ireland at that time.

What’s changed for auditors?

  • There is a greater focus on professional scepticism. In particular, the auditor must design and perform further audit procedures in a manner that is not biased towards obtaining audit evidence that may be corroborative or towards excluding audit evidence that may be contradictory.
  • There is emphasis on the importance of remaining alert and investigating further if there are conditions that indicate evidence provided to the auditors may not be authentic or has been tampered with (examples of conditions that indicate a record or document may not be authentic have also been added to the application material).
  • When considering if actual or suspected fraud is material, the auditor must consider both qualitative and quantitative characteristics of the fraud. An example given in the standard is if the fraud gives rise to concerns over the integrity of management this could call into question the controls relevant to the preparation of financial statements as a whole.
  • The audit team are required to consider if specialist skills are required to perform risk assessment, audit procedures or evaluate evidence obtained (for example, where an auditor identifies a misstatement due to fraud or suspected fraud, it may be appropriate to involve specialists in forensic accounting or cybersecurity, where relevant.).
  • Increased discussion amongst the audit team is expected, including the exchanging of ideas as to how management or others within the entity could perpetrate or conceal fraud. This includes consideration of whether there are any further discussions required at the later stages of an audit to consider the findings to date and any implications for the audit.

First Impressions

Overall, this standard seeks to add clarity and enhance the responsibility of the auditor to further bridge the expectation gap between the general public’s expectations of auditors and the actual obligations. It importantly highlights the role professional scepticism and effective challenge throughout the audit has on the ability to detect fraud. As with the other recent changes to auditing standards this will no doubt increase the procedures performed by audit teams. What remains unchanged is that the responsibility for the detection and prevention of fraud remains firmly with those charged with governance and members of management. It is therefore key that audit committees continue to place a strong emphasis on fraud prevention and detection.

The changes are scheduled to apply for accounting periods beginning on or after 15 December 2021, with early adoption permitted.

Claire Browne Director KPMG in Ireland