Fraud Discussions Among Audit Teams – Part 1 of 2

Fraud Discussions Among Audit Teams – Part 1 of 2

by | Sep 20, 2023 | Blog, News

The ‘fraud triangle’ (shown below) is a well-known tool for enabling discussions among audit teams about the possible ‘climatic’ factors that may be present in an audit client. Where all three coincide, fraud is much more likely to be present.

ISA 240 ‘The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements’ was re-issued in October 2022 with additional requirements (among other topics) to do with the audit engagement team discussion.

For the purposes of this blog (Part 1 of a 2 part series) we are focusing on the main areas of the audit team discussion.

‘The discussion shall include an exchange of ideas among engagement team members about fraud risk factors, including:

  • incentives for management or others within the entity to commit fraud;
  • how management could perpetrate and conceal fraudulent financial reporting; and
  • how assets of the entity could be misappropriated (ISA 240.16.1)

For a group audit, the discussion among the group engagement team shall include matters to discuss with the component auditor of a significant component about the susceptibility of the component to material misstatement of the financial information of that component due to fraud. (ISA 240.16.2)

If allegations of fraud come to the auditor’s attention, the discussion shall include how to investigate and respond to those allegations. (ISA 240.16.3) see last week’s blog on the expanded Protected Disclosures  regime now in force in Ireland and which will have implications for auditors of the affected entities.

The standard allows for the initial engagement team discussion to be later revisited and revised, where necessary, when ‘fraud risk factors that have been identified during the course of the audit and the implications for the audit’ considered (ISA 240.16.4)

Basically the audit engagement team is expected to document a discussion of how fraud might be perpetrated in the audit client. That discussion needs to be structured around the headline items shown below:

The guidance focuses on:

  • incentives to manage earnings or key performance indicators derived from the financial statements in order to deceive financial statement users by influencing their perceptions as to the entity’s performance and profitability;
  • A consideration of circumstances that might be indicative of earnings management and the practices that might be followed by management to manage earnings that could lead to fraudulent financial reporting.
  • A consideration of the risk that management may attempt to present disclosures in a manner that may obscure a proper understanding of the matters disclosed (for example, by including too much immaterial information or by using unclear or ambiguous language).
  • A consideration of the known external/internal factors affecting the entity that may create an incentive or pressure for management or others to commit fraud, provide the opportunity for fraud to be perpetrated, and indicate a culture or environment that enables management or others to rationalize committing

Further guidance on these topics is given in Application paragraphs A12 and A12-1 in the standard. We will say more about this topic next week.

IT Controls Assessment

Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying And Assessing The Risks Of Material Misstatement for accounting periods commencing 15 December 2021, which in practical terms means, accounting periods Ended 31 December 2022 and later.

Auditors dealing with the audits of entities with such accounting periods affected by these change will need, to adopt new audit programmes and, in additional to the normal audit tests, to also assess the entity’s IT controls (no ,matter what the size of that entity).

This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.

For an easy to implement additional (two page) IT Controls Questionnaire  to help document the above process, please click on this link to download immediately for only €60 + VAT.

Please go to our website to see our:

  • letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
  • ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.

Protected Disclosures Expanding from 17 December 2023

Protected Disclosures Expanding from 17 December 2023

by | Sep 20, 2023 | Blog, News

The Protected Disclosures (Amendment) Act 2022 (the Act) requires certain entities to have in place procedures to establish internal reporting channels and procedures to enable workers make protected disclosures (defined as a ‘relevant wrongdoing’). From 17 December 2023 its scope will be expanded to employers with over 50 employees.

The Act already applies to certain entities from 1 January 2023 including entities employing over 250 employees and certain financial services (regardless of employee numbers) entities like AIFMs, MiFID firms, Irish UCITS management companies and other Irish financial service providers, as well as Irish domiciled corporate funds.

The 2022 Act expands the scope of the Protected Disclosures Act, 2014 to include areas such as:

  • public procurement;
  • financial services;
  • anti-money laundering (AML);
  • product safety and compliance;
  • transport safety;
  • environmental protection;
  • radiation and nuclear safety;
  • food and animal health and welfare;
  • public health;
  • consumer protection; and
  • the protection of privacy and personal data.

Its scope is being enhanced from 17 December 2023 when employers with over 50 employees will need to have such a policy in place. The basic steps for employers are:

  • the establishment, maintenance and operation of a secure and confidential internal reporting channel for workers who wish to make a protected disclosure, whether in writing, orally or both;
  • the designation of an impartial and competent person who may be internal/external; and
  • an obligation to provide workers with information on the internal/external protected disclosure reporting process.

The Act also creates a newly established Office of the Protected Disclosures Commissioner (www.opdc.ie) which will forward reports of work-related wrongdoing to the most appropriate body for initial assessment and follow-up.

Employees are given protection from dismissal from employment (among other protections) when they report a ‘relevant wrongdoing’ (defined which are defined to include:

  • Where an offence has been or is likely to be committed;
  • Non-compliance with a legal obligation – the 2014 Act excludes obligations arising under the worker’s contract of employment;
  • A miscarriage of justice;
  • Danger to the health and safety of any individual;
  • Damage to the environment;
  • An unlawful or otherwise improper use of funds or resources of a public body;
  • Oppression, gross neglect or gross mismanagement by a public body; and
  • Other breaches related to the financial interests of the EU the internal market, EU competition and state aid rules and internal market rules on corporate tax.

The legislation is complex and we cannot cover all its aspects in the space of a blog.  We urge our readers to seek independent professional and legal advice where necessary.

IT Controls Assessment

Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying And Assessing The Risks Of Material Misstatement for accounting periods commencing 15 December 2021, which in practical terms means, accounting periods Ended 21 December 2022 and later.

Auditors dealing with the audits of entities with such accounting periods affected by these change will need, to adopt new audit programmes and, in additional to the normal audit tests, to also assess the entity’s IT controls (no ,matter what the size of that entity).

This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.

For an easy to implement additional (two page) IT Controls Questionnaire  to help document the above process, please click on this link to download immediately for only €60 + VAT.

Please go to our website to see our:

  • letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
  • ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.

CRA Annual Report 2022

CRA Annual Report 2022

by | Sep 6, 2023 | News

The Charities Regulatory Authority (CRA) published its 2022 Annual Report in July 2023.

The Annual Report shows some interesting developments across the charity sector. Some headlines are:

  • Almost three-quarters (73%) of registered charities declared full compliance with the Charities Governance Code.
  • On the downside, only two out of every five charities filed an annual report to the CRA on time during 2022. All charities are legally required to file such a report within 10 months of their financial year-end. The contents of these reports are published on the Register of Charities and provide essential information to help inform donors and the general public.
  • 41% of registered charities are legally formed as companies, followed by schools representing 32% of registered charities.
  • Nearly one in five registered charities had annual income in 2022 of less than €10,000.

Auditors of charities that have accounting years ended 31 December 2022 and later will need, in additional to the normal audit tests, to also assess the charity’s IT controls.

For an easy to implement additional (two page) IT Controls Questionnaire  to help document the above process, please click on this link to download immediately for only €60 + VAT.

Please go to our website to see our:

  • letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
  • ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.

Monitoring Inspection Feedback

Monitoring Inspection Feedback

by | Mar 22, 2021 | Blog, News

Recent feedback from professional accountancy body inspections which readers may find useful, has come to our attention. In no particular sequence, this selection of findings applies mainly to small/medium practices:

  • Systems of internal controls – there is only a basic understanding on the file – a more complete understanding (with flow diagrams) could be used properly to help reduce sample sizes and cut down on unnecessary audit work.
  • Work in progress – the evidence on the audit file of long term work in progress valuations and estimation of profit allocations, can be improved by auditors attending close out meetings as observers alongside senior client personnel when they are negotiating with third party contractors and/or quantity surveyors.
  • Recoverability of debtors – not well supported by evidence on the file. The auditor does not display sufficient scepticism (and seek sufficient, independent, corroborative evidence e.g. latest audited accounts of the debtor) and seems to believe, with little questioning, whatever they are told by management about debtor recoverability.
  • Net Realisable Value of some stock lines is verified but other material stock lines are ignored with no explanation given for the lack of consistent approach.
  • Valuation of investments/properties – no evidence on the audit file that the impact of Covid has been considered. The file could be improved if there was evidence of the auditor speaking with the valuation expert , even to establish a proper understanding of the basis of valuation.
  • Letters of representation – over reliance on these letters to close the gap in audit evidence that is apparent elsewhere on the audit file. For example with letters of support there needs to be sufficient, appropriate audit evidence on the audit file that the third party providing the support is ‘good’ for it i.e. a parent company audited accounts showing their solvency or perhaps the support is provided by a significantly wealthy related party Director, for which there ought to be an up to date statement of their personal financial affairs on the file, ideally prepared by an independent financial adviser.
  • Fraud – only a cursory consideration given to this area by accepting management assertions too easily. Audit files need to contain evidence of considering the possibility of Government Covid supports being abused in some circumstances and the related possibility of fraudulent accounting to cover up the abuse.
  • Going concern/subsequent events – budgets/forecasts not well evidenced on the file for up to 12 months from the date of approval of the financial statements.
  • Identification of related parties – not fully documented on file.
  • Long association – Responsible Individual in office longer than 10 years – ‘expect challenge’ to scepticism. Need to evidence hot file or second partner review of independence and any other contentious areas of the file, in line with Section 3 of the Auditor Code of Ethics. . Note that the current Ethical Standard for Auditors (Ireland) will be replaced with effect from 15 July 2021.

At www.jmcc.ie we have recently refreshed most of our letters or engagement templates and added some new ones which may be viewed at this link.