Basics of Audit: Frauds and Errors (SA 240)

Summary: SA 240 addresses misstatements in financial statements arising from fraud or error. Fraud involves intentional acts of deception by management, employees, or third parties for illegal advantage, manifesting as either asset misappropriation (“employee fraud”) or financial misrepresentation (“management fraud”). In contrast, errors are unintentional mistakes like clerical errors or misapplied accounting policies. Fraud risk factors include undue pressure to meet financial targets, ineffective internal controls, unusual transactions, and inadequate documentation. Auditors must evaluate these factors and maintain professional skepticism throughout the audit, recognizing potential material misstatements from fraud. Their responsibilities include conducting risk assessments, discussing vulnerabilities with management, analyzing unusual relationships, and responding to identified risks through tailored audit procedures. Key responses involve evaluating accounting policies, incorporating unpredictability in audit procedures, and addressing management overrides of control. Communication is vital, as auditors must report fraud or suspected fraud to appropriate authorities while adhering to legal obligations. Documentation requirements include recording significant decisions, identified risks, responses, and communications related to fraud. Despite auditors’ efforts, audits have inherent limitations, such as selective verification and reliance on evidence, making fraud detection challenging, especially in cases involving collusion or management fraud.

Basics of Audit :-Frauds and Errors (SA 240)

Frauds and Errors explained – Misstatements in the financial Statements can arise from either fraud or error. Fraud is defined in SA 240 as follows :

Fraud – An intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.

Although fraud is also a legal concept but in accounting we are concerned with misrepresentation in financial statements. Frauds are generally committed in form of either misappropriation of assets which is called “Employee Fraud” and fraud committed by manipulation of accounts that may be referred as “Management Fraud”. The term ‘fraud’ refers to intentional misrepresentation of financial information by one or more individuals among management, employees or third parties.

However error is not defined anywhere but in common parlance term error refers to un intentional mistake in financial information i.e.  mathematical or clerical mistake, oversight or misinterpretation of facts, or unintentional misapplication of accounting policies.

Frauds Vs. Error 

Fraud risk factors – Events or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity to commit fraud. Fraud risk factors are also defined under SA 240. The auditor shall evaluate whether the information obtained from the other risk assessment procedures and related activities performed indicates that one or more fraud risk factors are present. While fraud risk factors may not necessarily indicate the existence of fraud, they have often been present in circumstances where frauds have occurred and therefore may indicate risks of material misstatement due to fraud.

Examples of fraud risk factors :

• The need to meet expectations of third parties to obtain additional equityØ financing may create pressure to commit fraud;
• The granting of significant bonuses if unrealistic profit targets are met may create an incentive to commit fraud; and
• A control environment that is not effective may create an opportunity to commit fraud.
• Weakness in the design of internal control system and non compliance with prescribed identified control procedures.
• Doubts regarding integrity or competence of management : If management is dominated by one person, unwanted complex corporate structure, continues failures to correct internal controls, high turnover of accounting and finance professional, not adequate staffing in accounts department, changes in legal counsel or auditors.
• Unusual pressure within an entity (e.g. need for a rising profit trend due to an ensuing public issue): Industry is declining and failures are increasing, inadequate working capital, quality of revenue is declining (Cash sales is reducing and credit sales is increasing), desperate need of book profit for survival, dependency on single product and customers and pressure to make financial statement in short time.
• Unusual transactions : Specially near the year end, transactions with related party and excessive payment for services
• Problem faced while obtaining sufficient appropriate audit evidence: inadequate record, inadequate documentation of transactions and events, difference from third party confirmation and evasive or unreasonable response to third party inquiry.

Examples of fraud risk factors in EDP environment: Inability to extract information from computer files due to lack of, or noncurrent, documentation of record contents and programs. Large number of program changes which are not documented, approved or tested. Inadequate overall balancing of computer transactions and data bases to financial record.

Responsibility of Prevention and detection of fraud: The responsibility of prevention and detection of frauds and errors rests with the management. However an auditors has to obtain a reasonable assurance that financial information is properly stated in all material respects. This implies that auditor seek reasonable assurance that auditor seek reasonable assurance that fraud and error which have a material effect on financial statements have not occurred or if, they have occurred, the effect of fraud is properly reflected in the financial information or the error is corrected. This responsibility includes the responsibility to create a culture of honest and ethical behavior.

Inherent Limitation of Audit : Since the objective of audit is to establish the true and fair view of the financial statements and not detection of frauds and errors. Further, auditor seeks to obtain persuasive rather than conclusive audit evidence and relies on selective verification (e.g. test checks), there is a possibility that some material misstatement resulting from frauds and errors may not be detected by him. The risk of non detection of misstatements for frauds is greater than risk of non detection of errors. This is because fraud usually involves acts designed to conceal it. An auditor is entitled to accept representation as truthful and records as genuine unless his examination reveals evidence to the contrary. The auditor’s ability to detect frauds depends on : 1. Skillfulness of fraudster, 2. Frequency and extent of manipulation involved, degree of collusion involved, the relative size of individual amount manipulated and seniority of person involved. Non detection of management fraud is more likely than non detection of employee fraud.

What is Required from Auditor in respect of frauds (Requirements):

Professional Skepticism: He must recognize the possibility throughout the audit that a material misstatement fraud could exist. This is notwithstanding his prior experience of honesty and integrity about entity’s management. Unless the auditor has “reason to believe”  to the contrary he may accept records, documents and representations as genuine. Reason to suspect is subordinate to reason to believe and cannot be equated with reason to believe. The information received is at best allegations only which can raise suspicion in the mind of the auditors. Based on the information and evidence, an enquiry can be triggered to find out whether there is any material leading to formation of reason to believe. The auditor needs to undertake independent inquiry, due diligence to convert the information, allegation or reason to suspect in to reason to believe. The inquiry necessitates analysis of information as well as collection of additional evidences that would make him believe that the information in his possession can lead to reason to believe.

Discussion among management team: Discussion shall place particular emphasis on how and where the entity’s financial statements may be susceptible to material misstatement due to fraud. This discussion shall be notwithstanding the integrity and honesty of management.

Risk Assessment Procedure: Auditor shall make inquiries from management regarding : their assessment of risk, their process of identifying and responding to risk, management’s  communication in this respect to person charged with governance and employees. Similarly auditor shall also inquire internal auditors about their assessment of risk of current and probable frauds. Those in charge of governance shall also be inquired about their view on risk related with frauds.

Other requirements: Unusual or unexpected relationships identified out of analytical procedures employed – auditor shall further evaluate it may indicate fraud or error. Evaluation of fraud risk factor (Discussed at length earlier).

 Responses to the assessed risk :

A. To the Risk of Material Misstatement due to fraud

Response to the Assessed Risk of Material Misstatement Due to Fraud  Per SA 330, the auditor to determine overall responses to address the assessed risk through:

1. Assign and supervise personnel taking significant engagement responsibilities

2. Evaluate accounting policies to be indicative of fraudulent financial reporting

3. Incorporate audit procedures to be executed to include an element of unpredictability

4. Presume fraud risk in revenue recognition and management override of controls

B. To the Risk related to Management Overrides of Control

Audit Procedure Responsive to Risk Related to Management Overrides of Control : In order to mitigate the risk of management override of controls, auditor to design and perform the following Audit procedures:

Evaluation of Audit Evidence, Auditor to follow these with respect to audit evidence:

1. Analytical procedure performed indicates a previously unrecognised risk of material misstatement due to fraud

2. On identification of a misstatement, auditor to evaluate  whether it is indicative of fraud

3. In case of fraudulent misstatement where auditor believes management is involved, then re-evaluate the response to the assessed risk

4. If unable to conclude if the financials are fraudulently misstated, then the auditor to evaluate the implications for the audit

If the fraudulent misstatement encounters auditor from continuing the audit, then the auditor shall withdraw from the audit if appropriate and report to the person who made audit appointment.

Management Representation : Shall reconsider all the representations made by the management

Communication

1. On identification of fraud or suspecting of fraud existence, then auditor has to communicate to the appropriate level of management on timely basis

2. Communicate as appropriate to those charged with governance if the suspected fraud involves management, employee performing internal control or any others.

3. Determine if the information about the fraud has to be communicated to a party outside the entity. Here the auditor’s legal responsibility overrides the duty of confidentiality

Documentation

1. Significant decisions taken w.r.t susceptibility of material misstatement in financial due to fraud

2. Identified and assessed risk of material misstatement due to fraud at the financial statements level and at the assertion level

3. Overall responses to the addressed risk mentioned above

4. Audit procedures conclusion including those designed for management override of controls

5. To document communications made about the fraud to the management and others