Fraud Discussions Among Audit Teams – Part 2 of 2

Fraud Discussions Among Audit Teams – Part 2 of 2

by | Oct 14, 2023 | Blog, News

Continuing from last week’s blog we are looking at the guidance issued in ISA 240 ‘The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements’

I

Continuing the items to be documented by the audit engagement team in their discussion of how fraud might be perpetrated in the audit client. That discussion needs to be structured around these headline items (continued from last week):

  • Whether there are economic, industry and operating conditions that give rise to fraud risk factors for particular classes of transactions, account balances and disclosures. (Examples of economic, industry and operating conditions that may give rise to fraud risk factors are included in the examples of incentives/pressures and opportunities in Appendix 1.)
  • A consideration of any material frauds of which team members have experience in companies in the same industry and whether there are similar risks – see our blog of 3 October about the Protected Disclosures
  • A consideration of management’s involvement in overseeing employees with access to cash or other assets susceptible to misappropriation.
  • A consideration of any unusual or unexplained changes in behavior or lifestyle of management or employees which have come to the attention of the engagement
  • An emphasis on the importance of maintaining a proper state of mind throughout the audit regarding the potential for material misstatement due to fraud.
  • A consideration of the types of circumstances that, if encountered, might indicate the possibility of fraud.
  • A consideration of how an element of unpredictability will be incorporated into the nature, timing and extent of the audit procedures to be performed.
  • A consideration of the audit procedures that might be selected to respond to the susceptibility of the entity’s financial statement to material misstatement due to fraud and whether certain types of audit procedures are more effective than
  • A consideration of any allegations of fraud that have come to the auditor’s
  • A consideration of the risk of management override of controls.
  • A consideration of the extent of segregation of duties and whether and how that may be overridden.
  • A consideration of how those charged with governance and management promote a culture of honesty and integrity; what policies they have to facilitate and encourage reporting of wrongdoing (see the Protected Disclosures regime mentioned above); and how they respond to any such reports.
  • A consideration of audit team experience, or other knowledge, of the competencies and attitudes of employees in areas where there are risks of material misstatement.
  • Circumstances where it may be beneficial to have further discussion(s) among the engagement team at later stages in the audit may include, for example, when the auditor’s evaluation of audit evidence has provided further insight about the risks of material misstatement due to fraud (see more in ISA 240 paragraph A50) or members of the audit team have identified:
  • Fraud risk factors that were not covered in the original discussion.
  • Actual or suspected fraud.

Further guidance on these topics is given in Application paragraphs A12 and A12-1 in the standard.

IT Controls Assessment

Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying and Assessing the Risks of Material Misstatement for accounting periods commencing 15 December 2021, which in practical terms means, accounting periods Ended 31 December 2022 and later.

Auditors dealing with the audits of entities with such accounting periods affected by these change will need, to adopt new audit programmes and, in additional to the normal audit tests, to also assess the entity’s IT controls (no matter what the size of that entity).

This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.

For an easy to implement additional (two page) IT Controls Questionnaire to help document the above process, please click on this link to download immediately for only €60 + VAT.

Please also go to our website to see our:

  • Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
  • ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.

Fraud Discussions Among Audit Teams – Part 1 of 2

Fraud Discussions Among Audit Teams – Part 1 of 2

by | Sep 20, 2023 | Blog, News

The ‘fraud triangle’ (shown below) is a well-known tool for enabling discussions among audit teams about the possible ‘climatic’ factors that may be present in an audit client. Where all three coincide, fraud is much more likely to be present.

ISA 240 ‘The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements’ was re-issued in October 2022 with additional requirements (among other topics) to do with the audit engagement team discussion.

For the purposes of this blog (Part 1 of a 2 part series) we are focusing on the main areas of the audit team discussion.

‘The discussion shall include an exchange of ideas among engagement team members about fraud risk factors, including:

  • incentives for management or others within the entity to commit fraud;
  • how management could perpetrate and conceal fraudulent financial reporting; and
  • how assets of the entity could be misappropriated (ISA 240.16.1)

For a group audit, the discussion among the group engagement team shall include matters to discuss with the component auditor of a significant component about the susceptibility of the component to material misstatement of the financial information of that component due to fraud. (ISA 240.16.2)

If allegations of fraud come to the auditor’s attention, the discussion shall include how to investigate and respond to those allegations. (ISA 240.16.3) see last week’s blog on the expanded Protected Disclosures  regime now in force in Ireland and which will have implications for auditors of the affected entities.

The standard allows for the initial engagement team discussion to be later revisited and revised, where necessary, when ‘fraud risk factors that have been identified during the course of the audit and the implications for the audit’ considered (ISA 240.16.4)

Basically the audit engagement team is expected to document a discussion of how fraud might be perpetrated in the audit client. That discussion needs to be structured around the headline items shown below:

The guidance focuses on:

  • incentives to manage earnings or key performance indicators derived from the financial statements in order to deceive financial statement users by influencing their perceptions as to the entity’s performance and profitability;
  • A consideration of circumstances that might be indicative of earnings management and the practices that might be followed by management to manage earnings that could lead to fraudulent financial reporting.
  • A consideration of the risk that management may attempt to present disclosures in a manner that may obscure a proper understanding of the matters disclosed (for example, by including too much immaterial information or by using unclear or ambiguous language).
  • A consideration of the known external/internal factors affecting the entity that may create an incentive or pressure for management or others to commit fraud, provide the opportunity for fraud to be perpetrated, and indicate a culture or environment that enables management or others to rationalize committing

Further guidance on these topics is given in Application paragraphs A12 and A12-1 in the standard. We will say more about this topic next week.

IT Controls Assessment

Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying And Assessing The Risks Of Material Misstatement for accounting periods commencing 15 December 2021, which in practical terms means, accounting periods Ended 31 December 2022 and later.

Auditors dealing with the audits of entities with such accounting periods affected by these change will need, to adopt new audit programmes and, in additional to the normal audit tests, to also assess the entity’s IT controls (no ,matter what the size of that entity).

This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.

For an easy to implement additional (two page) IT Controls Questionnaire  to help document the above process, please click on this link to download immediately for only €60 + VAT.

Please go to our website to see our:

  • letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
  • ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.

Challenges for Auditors During the Pandemic – Part 3

Challenges for Auditors During the Pandemic – Part 3

by | Aug 20, 2021 | Blog, News

This is our third and final blog about the results of audit monitoring inspections during the Pandemic.

In Part 2 last week, we looked at going concern (ISA 570), subsequent events (ISA 560) and the lack of financial statement disclosures regarding COVID.

In Part 1 two weeks ago, we looked at stock attendance (ISA 501), fraud (ISA 240) and accounting systems and controls (ISA 315).

Other matters that we have seen on cold file reviews and on recent audit monitoring visits include:

Walk-through testing

Walk through tests that appear on audit files often start from within the client’s accounting system which is the wrong place to start. For walk through tests to be fully effective, they need to commence outside the main system i.e., at the authorisation stage for purchases, at the customer order stage for sales, using clock cards, timesheets and/or employment contracts for wages etc.

Ethical Standards for Auditors

The new IAASA Ethical Standards for Auditors (Ireland) 2020 are effective from 15 July 2021.

Sometimes auditors do not appreciate the implications of certain ethical standards which require appropriate safeguards to mitigate the threats posed. The most common threats we see are Long Association with Audit Engagements (audit partner in place for 10+years) and Provision of Non-Audit Services (especially for the provision of accounting, tax and company secretarial services).  Firms are reminded to review the Ethical Standards (Sections 3 and 5 respectively) to ensure they have dealt appropriately with the threats and identified/implemented relevant safeguards. Quite often the only practical safeguard for sole practitioners with a long association problem is to arrange for an annual hot issue or a hot file review (also known as an Engagement Quality Control Review (EQC Review) in year 11 onwards. The implementation of safeguards needs to be properly documented.

It may be possible to apply Provisions Available for Audits of Small Entities (Section 6 PAASE) to deal with threats arising from economic dependence or where tax or accounting services are provided to certain ‘small’ entities, as defined in Section 6.  Where PAASE is applied, two matters arise:

  1. the auditors’ report must disclose this fact and
  2. either the financial statements notes or the auditors’ report must include the relevant disclosures specified in ES PAASE para 6.15(b).

Small Companies Exemption Incorrectly Claimed – Schedule 5 Companies Act 2014

A reminder that entities listed in Schedule 5, Companies Act 2014 are deemed ‘large’ and often include entities regulated by the Central Bank of Ireland (e.g., ‘insurance intermediaries’).  Please note that such entities cannot:

  • Use FRS 102 Section 1A (which is only for certain ‘small’ entities;
  • Use the Provisions Available for Audits of Small Entities;
  • Avail of small companies’ audit exemption; and
  • File abridged financial statements with the CRO.

Such companies must also produce a Statement of Cash Flows and disclose the remuneration of their auditors in four stated categories (for the current/prior years) for:

  1. audit of the company/group;
  2. other assurance services;
  3. tax advisory services; and
  4. other non-audit services.

For bespoke training on any of the topics mentioned here, please see our website.

Challenges for Auditors During the Pandemic – Part 2

Challenges for Auditors During the Pandemic – Part 2

by | Aug 13, 2021 | Blog, News

This is Part 2 of our series of three blogs about the impact that the Coronavirus (COVID-19) is having on evidencing of audit work.

In Part 1 last week, we looked at issues like stock attendance (ISA 501), fraud (ISA 240) and accounting systems and controls (ISA 315). Here are some other problem areas seen during recent audit monitoring inspections.

Going concern (ISA 570)

Going concern has always been a key audit area and remains so, particularly at the moment.  Monitoring inspectors often see excellent examples of audit work on going concern including consideration of worst case scenarios when assessing forecasts, and good documentation of the thought processes supporting the auditor’s conclusions on this topic. This will include evidence of scepticism and challenge of management’s assumptions.

In other cases with less than ideal inspection outcomes, audit work on going concern may have been carried out but inadequately documented, or in some cases insufficient audit work on going concern is performed.  Areas giving rise to findings on monitoring visits include lack of, or insufficient challenge and assessment of management assumptions or the lack of alternative audit procedures on the audit file, where for example formal future cash flow forecasts are not prepared, particularly on smaller clients. These need to be on file for a period of at least 12 months from the date of sign-off of the financial statements.

Please remember ISA 570 (Revised) (effective for audits of financial statements for periods commencing on or after 15 December 2019) contains increased requirements in relation to audit work on going concern.

Subsequent events (ISA 560)

Inspectors also see cases where there has been a delay in signing some financial statements due to the Pandemic.  Don’t forget to ensure that appropriate subsequent events procedures are performed up to the date of the auditor’s report in such circumstances. This should include details of the date/time/place and names of those attending the final close off meeting, even if this s a brief 5-minute phone call. The notes should also contain details of action points agreed and matters forward to the next audit.

Financial Statement disclosures – COVID

There are often comprehensive disclosure in financial statements regarding the impact of COVID.  Unfortunately in other cases, there are only brief or no disclosures.

Even where the directors consider COVID has had no impact on the entity, it may still be appropriate to include disclosure in the financial statements to that effect.  Disclosure should be sufficient to enable the reader of the financial statements to understand why the directors believe this to be the case.  Information disclosed in the directors’ report must be consistent with the information disclosed in the financial statements.

See the final Part 3 of this blog next week.

 

Challenges for Auditors During the Pandemic – Part 1

Challenges for Auditors During the Pandemic – Part 1

by | Aug 3, 2021 | Blog, News

The Coronavirus (COVID-19) has caused auditors to develop new techniques in carrying out their audit work, mainly involving greater use of technology. In this, the first blog of our three-part series, we will look at some recent audit monitoring inspection reports that have highlighted the most common problem areas for auditors.

Stock Attendance (ISA 501)

Many firms have not been able to attend clients’ premises for inventory counts. In these circumstances the auditor must attempt to perform alternative procedures e.g., where the client takes a live video call from the auditor and ‘walks’ the auditor remotely through the stock count location.   Details of alternative procedures like this, and the auditors’ conclusions following the procedures, must be documented on the audit file.  If adequate alternative procedures cannot be performed the audit file needs to document a consideration of the impact on the auditor’s report.

Where audit clients have not traded for significant periods of time, the audit file needs to show some consideration of potential stock impairment or obsolescence. A sceptical approach by auditors is always prudent. The ICAS has issues excellent guidance on attendance at stocktakes during the coronavirus outbreak. It’s worth looking at.

Fraud (ISA 240)

Audit files should fully document consideration of fraud (including the scope for fraud involving Government Covid subsidies/grants), especially where the audit firm may not have direct access to its audit client and/or where audit clients may not have direct access to their customers.

Common findings on monitoring visits include poor or inadequate completion of fraud checklists with no additional consideration documented regarding:

  • fraud risk assessment;
  • insufficient documentation of discussions between the auditor and management;
  • lack of evidence of the auditor’s assessment of fraud and
  • lack of evidence of the auditor’s conclusions regarding fraud risk.

Accounting systems and controls (ISA 315)

The Coronavirus (COVID-19) has challenged client’s accounting systems and controls like nothing has ever before.

Audit firms need to consider whether the audit clients’ accounting systems and controls remain appropriate during Covid-19, especially with few or no client staff working from their office location.  A common failing at monitoring visits is the carrying forward of systems notes from prior years with little evidence of written assessment of the impact of the Coronavirus on the accounting systems and controls. The notes on file must take account of the impact on the client’s operations of remote working and/trading in an online environment.

See Part 2 of this blog next week.