SA 240-The Auditor’s Responsibilities relating to Fraud
Introduction:
The standard adopts a Risk-based approach to Auditor’s responsibility relating to fraud in an audit of Financial Statements. Standard explains how the material misstatements in the financial statements due to fraud can be identified, assessed and appropriate procedures to detect can be implemented.
Effective Date:
This SA is effective for audits of financial statements for period beginning on or after April 1, 2009.
Characteristics of Fraud:
- Misstatements in Financial Statements can be arise from either Error or Fraud. The distinguishing factor between Error and Fraud is the underlying actions performed by management i.e intentional or unintentional.
- Two types of intentional misstatements that are relevant to audit are Misstatements resulting from i) Fraudulent Financial Reporting and ii) Misappropriation of Assets.
Responsibility of Prevention and Detection of Frauds:
- The Primary responsibility of prevention and detection of frauds is lies with the management.
- The Management and Those charged with governance should implement the internal controls for prevention of frauds.
Responsibilities of Auditor:
- An Auditor conducting an Audit in accordance with SA’s is responsible for obtaining the reasonable assurance that the financial statements are free from Material Misstatements i.e., From Error or Fraud.
- While obtaining the reasonable assurance, the auditor is responsible for maintaining professional skepticism throughout the audit.
- As inscribed in SA 200, owing to certain inherent limitations of an audit, an Auditor cannot obtain absolute Audit assurance that the Financial Statements are free from material misstatement whether due to Fraud or Error.
- Further, the risk of non detection of fraud is higher than the non detection of Errors. Because, Frauds are intentionally done by Management or Employees and they may involve sophisticated and carefully organized schemes designed to conceal it.
- The requirements in this SA are designed to assist the auditor in identifying and assessing the risks of material misstatements due to fraud and in designing procedures to detect such misstatement.
Objectives of Auditor:
- To identify and assess the risks of material misstatement in the Financial Statements due to Fraud
- To obtain Sufficient appropriate Audit evidence about the assessed risks of material misstatement due to fraud.
- To respond appropriately to identified or suspected Fraud.
Requirements:
- Professional Skepticism: In Accordance with SA 200, Auditor should maintain the professional skepticism throughout the audit, recognizing the possibility of material misstatement due to fraud. If the Auditor cannot believe the records and documents provided by the management then, he must investigate further.
- Risk Assessment Procedures and Related Activities: Perform risk assessment procedures and related activities to obtain an understanding of the entity and its environment , including entity’s internal control. The Auditor shall perform the relevant Audit procedures to obtain information in identifying the risks of material misstatements due to Fraud.
- Discussion among Engagement Team: SA 315 requires discussion among the team members. The discussion shall place particular emphasis on how and where the entity’s Financial Statements may be suspectable to material misstatement due to Fraud.
- Management and Others within the Entity: The Auditor shall make enquiries to management regarding :
- Management’s assessment of risk that the financial statements may be materially misstated due to fraud, including nature, extent, and frequency of such assessments.
- Management’s process of identifying and responding to the risks of frauds within the entity.
- Enquire those charged with governance whether they have knowledge of any actual, suspected or alleged fraud affecting the entity.
- Unusual or Unexpected Relationships Identified: The Auditor should evaluate whether there are any unusual or unexpected relationships that have been identified in performing analytical procedures, including those related to revenue accounts, may indicate risks of material misstatements due to fraud.
- Evaluation of Fraud Risk Factors: The Auditor shall evaluate whether the information obtained from other risk assessment procedures and related activities performed indicates one or more risk factors that may exist. The risk factors exist not only in the case of detected frauds but also which may lead to a fraud.
- Identification and Assessment of the risks of Material Misstatement due to Fraud: When identifying and assessing the risks of material misstatement due to fraud, the Auditor shall, based on a presumption that there are risks of fraud in revenue recognition, evaluates which types of revenue, revenue transactions or assertions give rise to such risks.
- Responses to Assesses Risks of Material Misstatement due to Fraud: In accordance with SA330, the Auditor shall determine the overall responses to address the assessed risks of material misstatement due to fraud at the Financial Statement level.
Management Representations: The Auditor shall obtain written representations from management and, where applicable, those charged with governance that :
- They Acknowledge their responsibility for the design, implementation and maintenance of internal control to prevent and detect Fraud.
- They have disclosed to the Auditor their knowledge of fraud or suspected fraud affecting entity involving:
- Management,
- Employees who have significant role in Internal Controls,
- Others, where the fraud could have a material affect on the Financial Statements.
Communications to Management and with those charged with Governance:
- If the Auditor has identified or suspects fraud involving:
- Management,
- Employees who have significant roles in internal control,
- Others, where the Fraud results in material misstatements in the Financial Statements,
The Auditor shall communicate these matters to those charged with governance on a timely basis. If the Auditor suspects fraud involving management, the Auditor shall communicate these suspicions to those charged with governance and discuss with them the nature, timing and extent of Audit procedures necessary to complete the Audit.
Communications to Regulatory and Enforcement Authorities:
Further he shall communicate such fraud details to regulatory Authorities if such communication is required as per Applicable Financial Reporting Framework. (E.g., Sec. 143(12) of Companies Act, 2013)
Auditor Unable to Continue Engagement: As a Result of a Fraud or Suspected Fraud resulting to Material Misstatement, if the Auditor encounters exceptional circumstances that bring into question the Auditor’s ability to perform the Audit, The Auditor shall:
- Determine the professional and legal liabilities applicable in the circumstances.
- Consider whether to withdraw from the engagement, where withdrawal from engagement is legally permitted.
- If the Auditor withdraws:
- Discuss with appropriate level of management and those charged with governance, the Auditor’s withdrawal from the engagement and the reasons for withdrawal.
- Determine whether there is a legal or professional requirement to report by whom Auditor is appointed.
Introduction:
The standard adopts a Risk-based approach to Auditor’s responsibility relating to fraud in an audit of Financial Statements. Standard explains how the material misstatements in the financial statements due to fraud can be identified, assessed and appropriate procedures to detect can be implemented.
Effective Date:
This SA is effective for audits of financial statements for period beginning on or after April 1, 2009.
Characteristics of Fraud:
- Misstatements in Financial Statements can be arise from either Error or Fraud. The distinguishing factor between Error and Fraud is the underlying actions performed by management i.e intentional or unintentional.
- Two types of intentional misstatements that are relevant to audit are Misstatements resulting from i) Fraudulent Financial Reporting and ii) Misappropriation of Assets.
Responsibility of Prevention and Detection of Frauds:
- The Primary responsibility of prevention and detection of frauds is lies with the management.
- The Management and Those charged with governance should implement the internal controls for prevention of frauds.
Responsibilities of Auditor:
- An Auditor conducting an Audit in accordance with SA’s is responsible for obtaining the reasonable assurance that the financial statements are free from Material Misstatements i.e., From Error or Fraud.
- While obtaining the reasonable assurance, the auditor is responsible for maintaining professional skepticism throughout the audit.
- As inscribed in SA 200, owing to certain inherent limitations of an audit, an Auditor cannot obtain absolute Audit assurance that the Financial Statements are free from material misstatement whether due to Fraud or Error.
- Further, the risk of non detection of fraud is higher than the non detection of Errors. Because, Frauds are intentionally done by Management or Employees and they may involve sophisticated and carefully organized schemes designed to conceal it.
- The requirements in this SA are designed to assist the auditor in identifying and assessing the risks of material misstatements due to fraud and in designing procedures to detect such misstatement.
Objectives of Auditor:
- To identify and assess the risks of material misstatement in the Financial Statements due to Fraud
- To obtain Sufficient appropriate Audit evidence about the assessed risks of material misstatement due to fraud.
- To respond appropriately to identified or suspected Fraud.
Requirements:
- Professional Skepticism: In Accordance with SA 200, Auditor should maintain the professional skepticism throughout the audit, recognizing the possibility of material misstatement due to fraud. If the Auditor cannot believe the records and documents provided by the management then, he must investigate further.
- Risk Assessment Procedures and Related Activities: Perform risk assessment procedures and related activities to obtain an understanding of the entity and its environment , including entity’s internal control. The Auditor shall perform the relevant Audit procedures to obtain information in identifying the risks of material misstatements due to Fraud.
- Discussion among Engagement Team: SA 315 requires discussion among the team members. The discussion shall place particular emphasis on how and where the entity’s Financial Statements may be suspectable to material misstatement due to Fraud.
- Management and Others within the Entity: The Auditor shall make enquiries to management regarding :
- Management’s assessment of risk that the financial statements may be materially misstated due to fraud, including nature, extent, and frequency of such assessments.
- Management’s process of identifying and responding to the risks of frauds within the entity.
- Enquire those charged with governance whether they have knowledge of any actual, suspected or alleged fraud affecting the entity.
- Unusual or Unexpected Relationships Identified: The Auditor should evaluate whether there are any unusual or unexpected relationships that have been identified in performing analytical procedures, including those related to revenue accounts, may indicate risks of material misstatements due to fraud.
- Evaluation of Fraud Risk Factors: The Auditor shall evaluate whether the information obtained from other risk assessment procedures and related activities performed indicates one or more risk factors that may exist. The risk factors exist not only in the case of detected frauds but also which may lead to a fraud.
- Identification and Assessment of the risks of Material Misstatement due to Fraud: When identifying and assessing the risks of material misstatement due to fraud, the Auditor shall, based on a presumption that there are risks of fraud in revenue recognition, evaluates which types of revenue, revenue transactions or assertions give rise to such risks.
- Responses to Assesses Risks of Material Misstatement due to Fraud: In accordance with SA330, the Auditor shall determine the overall responses to address the assessed risks of material misstatement due to fraud at the Financial Statement level.
Management Representations: The Auditor shall obtain written representations from management and, where applicable, those charged with governance that :
- They Acknowledge their responsibility for the design, implementation and maintenance of internal control to prevent and detect Fraud.
- They have disclosed to the Auditor their knowledge of fraud or suspected fraud affecting entity involving:
- Management,
- Employees who have significant role in Internal Controls,
- Others, where the fraud could have a material affect on the Financial Statements.
Communications to Management and with those charged with Governance:
- If the Auditor has identified or suspects fraud involving:
- Management,
- Employees who have significant roles in internal control,
- Others, where the Fraud results in material misstatements in the Financial Statements,
The Auditor shall communicate these matters to those charged with governance on a timely basis. If the Auditor suspects fraud involving management, the Auditor shall communicate these suspicions to those charged with governance and discuss with them the nature, timing and extent of Audit procedures necessary to complete the Audit.
Communications to Regulatory and Enforcement Authorities:
Further he shall communicate such fraud details to regulatory Authorities if such communication is required as per Applicable Financial Reporting Framework. (E.g., Sec. 143(12) of Companies Act, 2013)
Auditor Unable to Continue Engagement: As a Result of a Fraud or Suspected Fraud resulting to Material Misstatement, if the Auditor encounters exceptional circumstances that bring into question the Auditor’s ability to perform the Audit, The Auditor shall:
- Determine the professional and legal liabilities applicable in the circumstances.
- Consider whether to withdraw from the engagement, where withdrawal from engagement is legally permitted.
- If the Auditor withdraws:
- Discuss with appropriate level of management and those charged with governance, the Auditor’s withdrawal from the engagement and the reasons for withdrawal.
- Determine whether there is a legal or professional requirement to report by whom Auditor is appointed.