Mon - Fri, 09.00 - 17.00
5 Lloyds Avenue, London, EC3N 3AE
Revised UK Auditing Standard on Fraud now effective 10 Jan
The revised standard is in line with changes proposed by the Government in its White Paper “Restoring trust in audit and corporate governance” and addresses auditors’ obligations in dealing with fraudulent misstatements in company accounts. The standard introduces tougher rules, particularly around the question of risk assessment and practitioners must be alert to the stricter obligations that apply to them.
“Reasonable Assurance”
Auditors are required to obtain “reasonable assurance” as to whether a company’s financial statements are free from material misstatement due to fraud and the revisions highlight that the risk of not detecting a misstatement due to fraud may be higher than the risk related to misstatements due to error.
Guidance is provided as to what comprises “reasonable assurance”. The revisions note that reasonable assurance “is a high, but not absolute, level of assurance”. In practice, this gives auditors some breathing space – they will not be expected to spot every possible fraud, no matter how hidden, nor to question every piece of information they are given. Rather, they are expected to carry out their duties and checks with “professional scepticism”. What constitutes professional scepticism is not entirely clear and there is an element of subjectivity to it, but the guidance provided states that auditors should remain alert to:
The revised standard does stress the need for auditors to remain unbiased (which stands to reason) and makes it clear (which is a criticism levelled at audit firms in many recent high-profile cases) that auditors must not let their past experience with a business or their opinion of a management team’s integrity affect their audit approach.
Procedure
The FRC has also provided guidance as to auditors’ performance of risk assessment procedures and has stressed that the relevant auditor must have a clear understanding of fraud risk factors. Consideration must also be given to the specialist expertise required in the event that indicators of fraud, in order to ensure that an effective risk assessment is carried out. The audit report is now required to set out the extent to which the audit was considered capable of detecting irregularities, including fraud, and how the auditor put in place procedures to assist in the identification and assessment of risks of material misstatements.
Management
It is still the case that the primary responsibility for the prevention and detection of fraud rests with an entity’s management. However, the revised standards do make it clear that UK auditors will be expected to challenge the management’s assessment and to audit the evidence perhaps more robustly than might previously have been the case.
Summary
Fraud detection is a difficult issue and it is evident from the revised guidance that the FRC is seeking to press auditors to be more robust in their approach. However, fraud is often very difficult to identify and there is little guidance in the new rules as to steps an auditor can take to enhance their prospects of spotting fraud. Limited guidance coupled with tougher obligations on, and expectations of, auditors might simply result in an increase in the instances of auditors facing enforcement action by the FRC – particularly at a time when remote working and the challenges of operating during the pandemic may have increased the prospects for fraudulent activity. However, if the revised standards tackle what has often been considered the somewhat “chummy” relationship between firms and their auditors, particularly at the level of large multi-nationals, they will be a welcome development.