Continuing from last week’s blog we are looking at the guidance issued in ISA 240 ‘The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements’
Continuing the items to be documented by the audit engagement team in their discussion of how fraud might be perpetrated in the audit client. That discussion needs to be structured around these headline items (continued from last week):
- Whether there are economic, industry and operating conditions that give rise to fraud risk factors for particular classes of transactions, account balances and disclosures. (Examples of economic, industry and operating conditions that may give rise to fraud risk factors are included in the examples of incentives/pressures and opportunities in Appendix 1.)
- A consideration of any material frauds of which team members have experience in companies in the same industry and whether there are similar risks – see our blog of 3 October about the Protected Disclosures
- A consideration of management’s involvement in overseeing employees with access to cash or other assets susceptible to misappropriation.
- A consideration of any unusual or unexplained changes in behavior or lifestyle of management or employees which have come to the attention of the engagement
- An emphasis on the importance of maintaining a proper state of mind throughout the audit regarding the potential for material misstatement due to fraud.
- A consideration of the types of circumstances that, if encountered, might indicate the possibility of fraud.
- A consideration of how an element of unpredictability will be incorporated into the nature, timing and extent of the audit procedures to be performed.
- A consideration of the audit procedures that might be selected to respond to the susceptibility of the entity’s financial statement to material misstatement due to fraud and whether certain types of audit procedures are more effective than
- A consideration of any allegations of fraud that have come to the auditor’s
- A consideration of the risk of management override of controls.
- A consideration of the extent of segregation of duties and whether and how that may be overridden.
- A consideration of how those charged with governance and management promote a culture of honesty and integrity; what policies they have to facilitate and encourage reporting of wrongdoing (see the Protected Disclosures regime mentioned above); and how they respond to any such reports.
- A consideration of audit team experience, or other knowledge, of the competencies and attitudes of employees in areas where there are risks of material misstatement.
- Circumstances where it may be beneficial to have further discussion(s) among the engagement team at later stages in the audit may include, for example, when the auditor’s evaluation of audit evidence has provided further insight about the risks of material misstatement due to fraud (see more in ISA 240 paragraph A50) or members of the audit team have identified:
- Fraud risk factors that were not covered in the original discussion.
- Actual or suspected fraud.
Further guidance on these topics is given in Application paragraphs A12 and A12-1 in the standard.
IT Controls Assessment
Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying and Assessing the Risks of Material Misstatement for accounting periods commencing 15 December 2021, which in practical terms means, accounting periods Ended 31 December 2022 and later.
Auditors dealing with the audits of entities with such accounting periods affected by these change will need, to adopt new audit programmes and, in additional to the normal audit tests, to also assess the entity’s IT controls (no matter what the size of that entity).
This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.
For an easy to implement additional (two page) IT Controls Questionnaire to help document the above process, please click on this link to download immediately for only €60 + VAT.
Please also go to our website to see our:
- Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
- AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
- letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
- ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.
We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.