Fraud Risk Discussions

ISA 240 requires auditors to perform specific procedures as part of the normal risk assessment procedures during audit planning to obtain information relevant to identifying risks of material misstatement, due to fraud. Included in these procedures is a requirement to make enquiries of management and those charged with governance regarding fraud-related considerations.

Auditors frequently include very limited evidence of these required discussions on the audit file, with only brief comments by the party interviewed and no further, or inadequate, audit considerations of whether these comments indicate the presence of potential fraud risks that demand further response. These comments sometimes indicate instances where fraud or theft was identified by management, but with very little follow-through by auditors to address the possible risks involved.

In addition, enquiries are not always held with all the parties required by ISA 240:

• Para 19 stipulates enquiries from management and others within the entity, as appropriate.
• Para 20 stipulates enquiries from internal auditors, for those entities that have an internal audit function.
• Paras 21 and 22 stipulate enquiries from those charged with governance, i.e. directors and the audit committee.

However, often, the only discussions documented on file are with selected members of management, and those charged with governance are often left out. The possibility that members of management are committing fraud, which skews their responses, is not considered, due to a lack of scepticism. Such fraud would only be identified, if more independent members of governance bodies were interviewed selectively on an individual basis. One party may not want to be seen to suspect a member of management in front of other members in charge of governance.

It is very important to make all the necessary enquiries to obtain a balanced view of all the required aspects, record the responses of the parties interviewed in adequate detail, and document the auditor’s evaluation of the responses to reflect all relevant considerations supporting conclusions, and raise relevant fraud risks to ensure that they are appropriately assessed, responded to during the audit, and reported to management, where appropriate. Missing out on a fraud risk could potentially result in the auditor missing a material misstatement, leading to possible audit failures that have a significant impact on the decisions made by users of the financial statements. It also exposes members of the board of directors, and others charged with governance, to undue liability.