Módulos

61

 Communication gap

 Performance gap

 Standards gap; and

 Liability gap

2. Discuss the responsibilities of management with regard to the financial statements of their company.

3.2 THE AUDITOR AND FRAUD AND ERROR IN THE AUDIT OF FINANCIAL

62 Error may be defined as unintentional misapplication of accounting policies, oversights, unintentional clerical mistakes, or unintentional misinterpretation of facts.

The key distinction between fraud and error is therefore whether the effect on the financial statements is deliberate (fraud) or unintentional (error). However, there may be little or no difference between fraud and error as far as the impact on the audit is concerned. In both cases the auditor will be concerned about the impact on the ‘true and fair view’ presented by the financial statements.

The main difference between fraud and error may arise in relation to any national reporting requirements. There may be requirements to report suspicions of fraud, but not error.

3.2.2 Responsibilities with regard to fraud and error

Management and those charged with governance in an entity are primarily responsible for preventing and detecting fraud.

Auditors are responsible for carrying out an audit in accordance with international auditing standards, one of which is ISA 240/NSA 5 The auditor's responsibility to consider fraud in an audit of financial statements.

Responsibilities of management: Management is responsible for preparing financial statements that show a ‘true and fair view’. This role is reinforced by principles of good corporate governance, which require management to set up appropriate internal control systems and corporate governance systems. Management is therefore responsible for the prevention and detection of fraud and error. This is usually effected by having a commitment to creating a culture of honesty and ethical behaviour and an active oversight by those charged with governance.

Responsibilities of the Auditor

The auditor is responsible for reporting on whether the financial statements are fairly presented.

He is concerned with fraud and error that has a material effect on the true and fair view of the financial statements. His responsibility therefore is to obtain reasonable assurance that the financial statements, taken as a whole, are free from material misstatement, whether caused by fraud or error. Though audit may act as a deterrent to fraud, it is not the auditor’s primary responsibility to prevent or detect fraud.

Some frauds or errors may go undetected during an audit due to the inherent limitations in any audit. The risk of not detecting a material misstatement from fraud is higher than from error because of the following reasons:

 the fact that there may be deliberate and sophisticated schemes to conceal fraud from the auditor.

 Fraud may be perpetuated by individuals in collusion

 Management fraud is harder to detect because management is in a position to manipulate accounting records or override controls.

3.2.3 Professional Scepticism and Fraud

63 The auditor is required to maintain professional skepticism throughout an audit.

Professional scepticism refers to “an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.”

ISA 240/NSA 5 The auditor's responsibility to consider fraud in an audit of financial statements requires that the auditor should maintain an attitude of professional scepticism throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor's past experience with the entity about the honesty and integrity of management and those charged with governance.

Though past experience with the entity about the integrity and honesty of management and those charged with governance is important, there could be changes in circumstances that may necessitate the maintenance of an attitude of professional scepticism.

However, the auditor is entitled to take documents on face value unless he has reason to believe otherwise. Where the auditor’s suspicion is aroused, then he should make further enquiry to confirm or allay his suspicion.

In the light of the above it is important that:

i. The audit team should discuss the possibility of fraud in the context of the specific characteristics of the audit engagement.

ii. Discussions be held with management on the procedures (controls) in place to detect or prevent fraud.

iii. The risks of possible fraud should be identified and its possible impact on the financial statements should be evaluated.

iv. Audit procedures should be designed to obtain evidence that fraud, which may impair the financial statements, has not occurred, or has been detected and corrected (or disclosed in the financial statements).

3.2.4 Risk assessment procedures

Both ISA 240 and 315 require discussion among engagement team members on how and where the financial statements may be susceptible to fraud.

Risk assessment procedures to obtain information in identifying the risks of material misstatement due to fraud shall include:

Enquiries of management regarding:

 Management's assessment of the risk that the financial statements may be materially misstated due to fraud;

 Management's process for identifying and responding to the risks of fraud in the entity;

 Management's communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud ;

 Management's communication, if any, to employees regarding its views on business practices and ethical behaviour; and

 knowledge of any actual, suspected or alleged fraud affecting the entity.

Obtaining an understanding of how those charged with governance exercise oversight of management's processes for identifying and responding to the risks of fraud and the internal control established to mitigate these risks.

64 Inquiries of those charged with governance for knowledge of any actual, suspected or alleged fraud affecting the entity.

Evaluating whether any unusual relationships have been identified while performing analytical procedures that may indicate risk of material misstatement due to fraud.

Evaluating whether any fraud risk factors are present.

Fraud risk factors include:

 The need to meet expectations of third parties to obtain additional equity financing may create pressure to commit fraud.

 The granting of significant bonuses if unrealistic profit targets are met may create an incentive to commit fraud; and

 An ineffective control environment may create an opportunity to commit fraud.

Examples of fraud risk factors

ISA 240/NSA 5 does not attempt to provide a definitive list of risk factors but, in an appendix, identifies and gives examples of two types of fraud that are relevant to auditors:

 Fraudulent financial reporting, and

 Misstatements arising from misappropriation of assets

For each of these, the risk factors are classified according to three conditions that are generally present when misstatements due to fraud occur:

 Incentives/pressures

 Opportunities

 Attitudes/rationalizations Fraudulent financial reporting Incentives/pressures

 Financial stability/profitability is threatened by economic, industry or entity operating conditions.

 Pressure for management to meet the expectations of third parties

 Personal financial situation of management threatened by the entity's financial performance

 Excessive pressure on management or operating personnel to meet financial targets.

. Opportunities

 Significant related-party transactions

 Assets, liabilities, revenues or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to collaborate.

 Domination of management by a single person or small group without compensating controls.

 Complex or unstable organisational structure as evidenced by difficulty in determining organizations or individuals that have controlling interest in the entity, high turnover of senior management, legal counsel etc

 Internal control components are deficient e.g due to inadequate monitoring of controls, ineffective accounting and information systems etc

Attitudes/rationalizations

 Ineffective communication or enforcement of the entity's values or ethical standards by management

 Known history of violations of securities laws or other laws and regulations

 A practice by management of committing to analysts, creditors or other third parties to achieve aggressive or unrealistic forecasts

 Low morale among senior management

65

 Relationship between management and the current or predecessor auditor is strained Misappropriation of assets

Incentives/pressures,

 Personal financial obligations

 Adverse relationships between the entity and employees with access to cash or other assets susceptible to theft e.g known or anticipated employee layoffs.

Opportunities,

 Large amounts of cash on hand or processed

 Inventory items that are small in size, of high value, or in high demand

 Easily convertible assets, such as bearer bonds, diamonds, or computer chips

 Inadequate internal control over assets

 Overriding existing controls

 Failing to correct known internal control deficiencies Attitudes/rationalizations

 Behaviour indicating displeasure or dissatisfaction with the entity

 Changes in behaviour or lifestyle that may indicate assets have been misappropriated.

 Tolerance of petty theft Note: Above list not exhaustive.

Management override of controls is a strong factor that creates opportunities for fraud.

To respond to the risk of management override of controls, the auditor should design and perform audit procedures to:

 Test the appropriateness of journal entries in the general ledger and other adjustments made in the preparation of the financial statements

 Review accounting estimates for biases that could result in material misstatements due to fraud; and

 Obtain an understanding of the business rationale of significant transactions that the auditor becomes aware of that are outside the normal course of business for the entity or otherwise appear to be unusual given the auditor’s understanding of the entity and its environment.

3.2.5 Written Representation

ISA 240 requires that the auditor obtains written representations from management and those charged with governance that:

 They acknowledge their responsibility for the design, implementation and maintenance of internal control to prevent and detect fraud

 They have disclosed to the auditor management’s assessment of the risk of fraud in the financial statements.

 They have disclosed to the auditor their knowledge of fraud/suspected fraud involving management, employees with significant roles in internal control, and others where fraud could have a material effect on the financial statements.

 They have disclosed to the auditor their knowledge of any allegations of fraud/suspected fraud communicated by employees, former employees, analysts, regulators and others.

3.2.6 Auditor’s Communication Responsibility When fraud/irregularity is suspected

66 1. Any identified fraud or information indicating that fraud may exist should be communicated as soon as practicable to the appropriate level of management.

2. The auditor’s professional duty to maintain the confidentiality of client information may preclude reporting fraud to parties outside the client entity. But where the relevant anti-fraud Act/regulatory authority mandates that such frauds should be reported to the Regulatory and Enforcement Authorities, the auditor should obtain legal advice(if need be) and act appropriately.

For example, S. 45, FRCN Act, No.6, 2011 stipulates:

i. Where during the course of the audit of an entity, a professional Accountant is satisfied or has reason to believe that a material irregularity has taken or is taking place, he shall without delay –

(c) Notify in writing the CEO of the public entity and all members of the Board of the entity of the irregularity, giving particulars of the irregularity; and

(d) Request every person referred to in (a) above, either individually or collectively to take such action as the professional accountant may deem necessary.

ii. The professional accountant shall within 30 days of the issuance of the notice in sub-section 1, notify the Council of the material irregularity, together with any other relevant information

Note: It is important that the auditor obtains a written representation that management accepts responsibility for the prevention and detection of fraud and that management has made all relevant disclosures to the auditor.

3.2.7 Summary of Auditor’s procedures when fraud or error is suspected The auditor should take the following steps when fraud or error is suspected:

i. Identify the extent and possible impact on the financial statements of the fraud or error.

Document the facts fully in the audit files. Additional testing may be required to establish the likely extent of any misstatement.

ii. Consider the possible impact on other areas of the audit and on the overall assessment of audit risk. This may result in a revision to the original audit plan.

iii. The findings should be discussed with management, regardless of the extent of the problem, and management should be kept informed of developments.

iv. The auditor should determine the action that management should take. This should include the possibility of seeking legal advice if fraud is suspected.

v. The auditor should normally communicate on a formal basis to management at an appropriate level. In the case of a company, the auditor communicates formally with the board of directors or the audit committee. However, if management themselves are involved in a suspected fraud, the auditor should consider taking legal advice to decide the best course of action. In extreme cases, the auditor may feel it is appropriate to resign.

vi. The auditor should consider the impact on his audit report to the shareholders, in terms of any impact on the true and fair view presented by the financial statements.

vii. The auditor should consider whether there is any requirement to report to appropriate authorities. This must be considered in the context of the auditor’s duty of confidentiality to his client.

67 4.0 Conclusion

The users of auditor’s services often have expectations regarding the roles, duties and responsibilities of an auditor that far exceed the current practice in the profession and indeed beyond the bounds defined by the statutes, guidelines and standards. This has given rise to the so-called ‘audit expectation gap’. In some cases, the expectation of the public may be appropriate, as when the auditor’s performance falls below the prescribed standard, but in some other cases inappropriate as when the public expect the auditor to prevent and/or detect fraud.

Thus, the issue of fraud is one of the major areas of expectation gap. Thus far, the position of the profession is that management has the responsibility to prevent and/or detect fraud.

5.0 Summary

In this unit, the concept and types of audit expectation gap are explained, as well as guidance given by legislation and the profession to reduce the expectation gap. Also discussed are the concepts of fraudulent financial reporting and misappropriation of assets; the respective responsibilities of the auditor and management in the detection of fraud and the role of professional scepticism in the detection of fraud. The unit went further to identify some fraud risk factors, the auditor’s procedures when fraud and error are suspected as well as his communication responsibility in the event of fraud being suspected.