Auditors’ duties in relation to fraud – the beginnings of a revised ISA (Ireland) 240

• Ireland

• Fraud and financial crime
• Litigation and dispute management
• Financial services

03-08-2021

On 19 July 2021, the Irish Auditing and Accounting Supervisory Authority (“IAASA”) issued a consultation paper on its proposal to revise the current audit standard known as ISA (Ireland) 240, The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements (“ISA (Ireland) 240”).

The proposed changes will place a greater onus on auditors to detect potential fraud in company accounts.

The consultation paper is available to view here (the “Consultation Paper”). The proposed draft revised standard is available to view here (the “Revised Standard”). 

Background

The International Standards on Accounting (“ISA”) are professional standards for the auditing of financial information issued by the International Auditing and Assurance Standards Board. As such, the ISA have international application, applying to both Ireland and the UK, and where necessary, can be augmented with additional requirements to address specific UK and Irish legal and regulatory requirements.

The UK’s audit regulator, the Financial Reporting Council (“FRC”), issued a consultation on proposals to revise ISA (UK) 240 in November 2020, and subsequently issued the revised UK standard and a feedback statement on its consultation in May 2021.

The proposed changes to ISA (Ireland) 240 reflect corresponding changes to the UK standard, and IAASA “do not propose to add any new Irish requirements to the changes made by the UK’s FRC”, as per the Consultation Paper.

Audit Expectations Gap

The longstanding concept of the audit “expectations gap” relates to the gap between the general public’s expectations of auditors and the actual obligations of auditors. If you were to take a poll on what auditors’ work entails, the response “to spot fraud” is likely to emerge as a top answer. This has not necessarily been reflected in the international auditing standards.

The problem with this gap is that it leads to concerns about the auditing process in general, sometimes resulting in unreasonable expectations being placed on auditors. Concerns were raised during the consultation period in the UK, in respect of ISA (UK) 240, that the changes were merely adding to an auditor’s already extensive list of “tick box” requirements, without necessarily increasing the likelihood of an auditor spotting a sophisticated fraud.

The broad role and responsibilities of auditors are: to obtain reasonable assurance that the financial statements as a whole are free from material misstatement, whether due to fraud or error; to consider audit risk; to exercise professional scepticism throughout the planning and performance of the audit while considering the potential for management override of controls; and to identify suspected non-compliance with laws and regulations and communicate and document same in an appropriate manner.

Auditors are also obliged to report suspected instances of fraud to the client and/or regulatory authorities, and cease an engagement where necessary and appropriate.

The changes to ISA Ireland 240 aim to renew these existing duties on auditors and introduce enhanced obligations for the identification and assessment of risk of material misstatement due to fraud.

Why the changes?

The greater focus on the role of auditors in detecting fraud and rule tightening stems from changes at an international level and from ongoing concerns over audit quality in the UK in light of recent high profile financial scandals and the proposals put forward in the Brydon Independent Review of the Quality and Effectiveness of Audit (the “Brydon Review”), available to view here. 

The Brydon Review called for clarity around the obligations of auditors and made a number of recommendations relating to fraud detection and prevention, including clarifying that an auditor should endeavour "to detect material fraud in all reasonable ways".

What is changing?

The main proposed changes are as follows:

• The objectives have been strengthened to emphasise that auditors must aim to “obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement due to fraud”, not simply to assess risks and respond to these.
• There is now a greater emphasis placed on the need for professional scepticism including alertness to indications that records or documents may not be authentic. Auditors are also tasked with investigating inconsistent responses to inquiries of management, and those which “appear implausible".
• The importance of initiating discussions relating to fraud risk among the engagement team have been highlighted as well as the responsibility of the auditor to investigate and respond to any fraud allegations, supported by examples in the application material of the matters that may be discussed.
• The risk assessment procedures have been updated to charge the auditor with making enquiries of those within an entity who deal with allegations of fraud raised by employees or other parties. The auditor should also now consider the risk of material fraud within the entity, particularly in relation to those charged with governance.
• A requirement that the auditor assesses whether the team needs specialised skills or knowledge to perform audit procedures or to evaluate the audit evidence obtained.
• A requirement that the auditor undertakes an evaluation before the conclusion of the audit to determine whether fraud related risk assessments remain appropriate and whether sufficient appropriate audit evidence has been obtained regarding the assessed risks of material misstatement due to fraud.
• The auditor’s report, for audits of public interest entities and listed entities, should detail whether the audit was considered capable of detecting irregularities, including fraud.
• A requirement that if the auditor identified information that is inconsistent with the auditor’s final conclusion regarding a significant matter, the auditor shall document how he/she addressed the inconsistency.

What is the proposed effective date?

The changes are scheduled to apply for accounting periods beginning on or after 15 December 2021.

When does the consultation period end?

Comments are invited by 5pm on 3 September 2021.

Commentary

The additional audit steps and discussions required may have an impact on management as well as auditors in terms of the risk of detection of fraud. In light of the changes, it will be ever more important for auditors to maintain a comprehensive audit file, carefully documenting all discussions both with the management team and employees at all levels in the entity, and complying with each of the steps set out in the Revised Standard when carrying out risk assessments.

For more information, please contact