Auditor's Responsibility to Consider Fraud in an Audit of Financial Statements
Project completed - February 2004
The objective of this project was to revise ISA 240, The Auditor's Responsibility to Consider Fraud and Error in an Audit of Financial Statements.
The project revised ISA 240 to align extant ISA 240 with the audit risk model and to adopt the basic principles and essential procedures contained in the US SAS 99, Consideration of Fraud in a Financial Statement Audit.
In March 2001, the IAPC issued ISA 240. In March 2001, the US ASB invited representatives of the IAPC to attend meetings of the US ASB's Fraud Task Force. The IAPC accepted the invitation with the view to obtaining an understanding of the development of a revised US SAS 82 so that ISA 240 could be revised to converge with the final revised US SAS 82, subject to any differences necessary to take account of the international environment.
In February 2002, the US ASB issued an exposure draft Consideration of Fraud in a Financial Statement Audit. The IAASB issued a response letter to this exposure draft.
In October 2002, the US ASB issued SAS 99.
ISA 240 (Revised) deals with an auditor's responsibility to consider fraud in the audit of financial statements.
The revised ISA builds on the Audit Risk Standards (i.e. ISA 315, ISA 330 and ISA 500 (Revised)) issued in 2003.
The revised ISA:
- Distinguishes fraud from error and describes the two types of fraud that are relevant to the auditor, that is, misstatements resulting from misappropriation of assets and misstatements resulting from fraudulent financial reporting; describes the respective responsibilities of those charged with governance and the management of the entity for the prevention and detection of fraud, describes the inherent limitations of an audit in the context of fraud, and sets out the responsibilities of the auditor for detecting material misstatements due to fraud;
- Requires the auditor to maintain an attitude of professional skepticism recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor's past experience with the entity about the honesty and integrity of management and those charged with governance;
- Requires members of the engagement team to discuss the susceptibility of the entity's financial statements to material misstatement due to fraud and requires the engagement partner to consider which matters are to be communicated to members of the engagement team not involved in the discussion;
- Requires the auditor to:
- Perform procedures to obtain information that is used to identify the risks of material misstatement due to fraud;
- Identify and assess the risks of material misstatement due to fraud at the financial statement level and the assertion level; and for those assessed risks that could result in a material misstatement due to fraud, to evaluate the design of the entity's related controls, including relevant control activities, and to determine whether they have been implemented;
- Determine overall responses to address the risks of material misstatement due to fraud at the financial statement level and consider the assignment and supervision of personnel; consider the accounting policies used by the entity, and incorporate an element of unpredictability in the selection of the nature, timing and extent of the audit procedures to be performed;
- Design and perform audit procedures to respond to the risk of management override of controls;
- Determine responses to address the assessed risks of material misstatement due to fraud;
- Consider whether an identified misstatement may be indicative of fraud;
- Obtain written representations from management relating to fraud; and
- Communicate with management and those charged with governance;
- Provides guidance on communications with regulatory and enforcement authorities;
- Provides guidance if, as a result of a misstatement resulting from fraud or suspected fraud, the auditor encounters exceptional circumstances that bring into question the auditor's ability to continue performing the audit; and
- Establishes documentation requirements.
Task Force progress / Board discussions to date
At the July 2003 IAASB meeting, the IAASB approved the proposed revised ISA for exposure. The exposure draft comment period ended on November 15, 2003.
The IAASB approved the proposed ISA 240 (Revised) in February 2004. The revised ISA is effective for audits of financial statements for periods beginning on or after December 15, 2004.