Fraud is a complex issue, with misunderstandings rife around what constitutes fraud and at what point auditors can be expected to spot it. Illegality is not always immediately obvious – and not just to auditors – and the difference between error and fraud can be unclear. Firms do not set out to miss frauds. Nor do they relish the prospect of dealing with accounting issues that over time, become fraudulent in nature, even if they did not start out that way. Flagging the risk of fraud, and stopping it in its tracks, is just as important as detecting it.

The emphasis in ISA 240 is on risk identification and assessment and responding to the risks of material misstatement through modifying the nature, timing and extent of the work effort when there is a risk of material misstatement due to fraud. This highlights the importance of obtaining an understanding of the entity and its environment, the applicable financial reporting framework and the entity’s system of internal control with a fraud lens.

Although the auditor's approach to Fraud is limited in ISA240, the public's expectation

differs. The auditor's primary responsibility within independent auditing is not fraud detection.

Still, there is a perception in the public that the auditor has a responsibility in this regard.

This public perception regarding the auditor's role against Fraud is ancient; it is seen that the public

misunderstood the auditors' responsibility and expect a fraud-based. The public expects the auditors to provide complete assurance regarding the accuracy of the financial statements, the management's efficiency, the appropriateness of the financial policies, and the detection of all Fraud and irregularities. Audit firms do not operate in a vacuum and they are not the only stakeholders whose influence and responsibilities have a significant impact on fraud deterrence and detection. How then should audit firms respond to this expectation gap?

Practical actionable points for audit firms

• consider doing things differently:

Digitisation, innovation and intelligent data use are all tools that radically transform the audit process, including in relation to fraud. Assess the need for greater specialist and forensic involvement at all stages of the audit, on a risk-assessed basis; step up efforts to change ingrained cultures, behaviours and mindsets. Put emphasis on the art of conversation in audit interviews when it comes to detecting fraud. Workflow and practice management tools are not to be underestimated in managing audit timetables, in particular the flow of information between auditors and audited entities during an audit, especially during the closedown period.

• consider doing more:

Reinforce professional scepticism; embed fraud related learnings across the firm; widen the scope of the risk assessment using external data and information; encourage the robust challenge of management. The auditor should document in the work papers the assessment of the risk of material misstatement due to fraud. At a minimum, the auditor needs to document those risk factors identified in the audit engagement and the auditors response to them. If other risk factors are identified during the audit that cause the auditor to believe an additional response is required, he or she should document those factors or conditions and any further response the auditor concluded was appropriate.

• prepare for change:

Consider the implications of management and voluntary auditor reporting on internal controls and need for audit committees to develop audit and assurance policies. In most jurisdictions, financial crimes legislations require auditors to report fraud to the relevant authorities if they come across it in the process of auditing. Prioritise fraud-related training and technology adoption. 

Professional scepticism is critical in the fight to detect and prevent fraud, but ultimately it is the responsibility of an organisation’s senior management to ensure the right culture, checks and balances are in place. In the meantime, auditors should continue to apply their expert judgement.

Trust is hard won, and easily lost. The objective of an external audit is to provide confidence in the quality of financial reporting and improve trust in the corporate reporting regime more widely. When a company fails because of fraud, or a fraud is uncovered not long after an unqualified audit report has been issued, it damages stakeholder trust in financial reporting, as well as audit quality, auditors and, in particular, the audit firm involved. Reputational damage spreads far and wide.

Firms should recognise the significance of audit firm culture in creating the foundations on which many of their fraud-related initiatives stand. Audit firm culture shapes thinking and behaviour. It provides a moral compass, enabling auditors and audit teams to support and challenge each other, and the entities they audit, in ways that will help to improve fraud detection. Being able to challenge, and being open to challenge, is key and while audit software technology is not a panacea to fraud, its importance can not be downplayed.