ISA 240 (Redrafted) DEALS with the auditor’s responsibilities relating to FRAUD in an ‘audit‘ of Financial Statements.
Table of Contents
- ISA 240 (Redrafted) – Introduction
- ISA 240 – Objectives
- ISA 240 – Definitions
- ISA 240 – Requirements
- 1. Professional Skepticism
- 2. Discussion Among the Engagement Team
- 3. Risk Assessment Procedures and Related Activities
- 4. Identification and Assessment of the Risks of Material Misstatement Due to Fraud
- 5. Responses to the Assessed Risks of Material Misstatement Due to Fraud
- 6. Evaluation of Audit Evidence
- 7. Auditor Unable to Continue the Engagement
- 8. Written Representations
- 9. Communications to Management and With Those Charged With Governance
- 10. Reporting Fraud to an Appropriate Authority Outside the Entity
- 11. Documentation
ISA 240 (Redrafted) – Introduction
1. Scope of this ISA
ISA 240 EXPANDS on how ISA 315 and ISA 210 are to be applied in relation to risks of material misstatement due to fraud.
2. Effective Date
This ISA is EFFECTIVE for audits of financial statements for periods beginning on or after December 15, 2009.
ISA 240 – Objectives
The objectives of the auditor are:
- To identify and assess the risks of material misstatement of the Financial Statements due to fraud;
- To obtain sufficient appropriate audit evidence regarding the assessed risks through designing and implementing appropriate responses; AND
- To respond appropriately to fraud or suspected fraud identified during the audit.
ISA 240 – Definitions
An intentional act by one or more individuals among management, those charged with governance, employees or third parties involving the use of deception to obtain an UNJUST or ILLEGAL advantage.
2. Fraud Risk Factors
Events or conditions that indicate an incentive or pressure to commit FRAUD or provide an opportunity to commit fraud.
ISA 240 – Requirements
1. Professional Skepticism
In accordance with ISA 200, the auditor shall MAINTAIN professional skepticism throughout the audit, notwithstanding the auditor’s past experience of honesty and integrity of the entity’s management and those charged with governance.
2. Discussion Among the Engagement Team
ISA 315 requires a discussion and a DETERMINATION by the engagement partner of which matters are to be communicated to those members not involved in the discussion.
3. Risk Assessment Procedures and Related Activities
When obtaining an understanding of the entity and its environment including the entity’s internal control as per ISA 315, the auditor shall PERFORM the procedures to obtain information for use in identifying the risks of material misstatement due to fraud.
3.1 Management and Others Within the Entity
The auditor shall make INQUIRIES of management as per ISA 240 regarding:
- Management’s assessment of the risk relating to fraud;
- Management’s process for identifying and responding to the risks of fraud in the entity;
- Management’s communication if any to those charged with governance; AND
- Management’s communication if any to employees.
The auditor shall make INQUIRIES of management and others within the entity, to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity.
3.2 Those Charged With Governance
Unless all those charged with governance are involved in managing the entity, the auditor shall OBTAIN an understanding regarding oversight of management’s process for identifying and responding to the risks of fraud.
3.3 Unusual or Unexpected Relationships Identified
The auditor shall EVALUATE whether such relationships that have been identified in performing ANALYTICAL PROCEDURES including those related to revenue accounts may indicate risks of material misstatement due to fraud.
3.4 Other Information
The auditor shall CONSIDER whether ‘Other Information’ obtained by the auditor indicates risks of material misstatement due to fraud.
3.5 Evaluation of Fraud Risk Factors
The auditor shall EVALUATE whether the information obtained from the other risk assessment procedures and related activities performed indicates that one or more fraud risk factors are present.
4. Identification and Assessment of the Risks of Material Misstatement Due to Fraud
In accordance with ISA 315, the auditor shall IDENTIFY and ASSESS the risks of material misstatement due to fraud at the financial statement level and at the assertion level for classes of transactions, account balances and disclosures.
The auditor shall TREAT those assessed risks as ‘significant risks‘ and shall OBTAIN an understanding of the entity’s related controls including control activities.
5. Responses to the Assessed Risks of Material Misstatement Due to Fraud
5.1 Overall Responses
In accordance with ISA 330, the auditor shall DETERMINE overall responses to address the assessed risks at the Financial Statement level.
The auditor shall:
- ASSIGN and SUPERVISE personnel taking account of the knowledge, skill and ability of the individuals;
- EVALUATE whether the selection and application of accounting policies may be indicative of fraudulent financial reporting; AND
- INCORPORATE an element of unpredictability in the selection of the nature, timing and extent of audit procedures.
5.2 Audit Procedures Responsive to Assessed Risks of Material Misstatement Due to Fraud at the Assertion Level
In accordance with ISA 330, the auditor shall DESIGN and PERFORM ‘further audit procedures‘ whose nature, timing and extent are responsive to the assessed risks of material misstatement due to fraud at the assertion level.
5.3 Audit Procedures Responsive to Risks Related to Management Override of Controls
Irrespective of the auditor’s assessment of the risks of Management Override of Controls, the auditor shall DESIGN and PERFORM audit procedures to:
|(a) Test the appropriateness of journal entries recorded in the general ledger and other adjustments.|
The auditor shall:
– MAKE inquiries of individuals involved in the financial reporting;
– SELECT journal entries and other adjustments made at the end of the reporting period; AND
– CONSIDER the need to test journal entries and other adjustments throughout the period.
|(b) Review the accounting estimates for biases.|
The auditor shall:
– EVALUATE whether the judgments and decisions indicate a possible bias; AND
– PERFORM a retrospective review of management judgments and assumptions reflected in the Financial Statements of the prior year.
|(c) For significant transactions that are outside the normal course of business for the entity, the auditor shall EVALUATE the business rationale.|
6. Evaluation of Audit Evidence
The auditor shall EVALUATE as per ISA 240, whether ANALYTICAL PROCEDURES that are performed near the end of the audit, indicate a previously unrecognized risk of material misstatement due to fraud.
If the auditor identifies a misstatement, the auditor shall EVALUATE whether such a misstatement is indicative of fraud.
If the auditor identifies a misstatement, whether material or not and that management (in particular, senior management) is involved, the auditor shall RE-EVALUATE the assessment of the risks of material misstatement.
If the auditor confirms that or is unable to conclude, the auditor shall EVALUATE the implications for the audit.
7. Auditor Unable to Continue the Engagement
If auditor encounters exceptional circumstances under, the auditor shall:
|(a) DETERMINE the professional and legal responsibilities to report to the person or persons who made the audit appointment;|
|(b) CONSIDER whether it is appropriate to withdraw from the engagement; AND|
|(c) If the auditor withdraws:|
– DISCUSS with the appropriate level of management and those charged with governance; AND
– DETERMINE whether there is professional or legal requirement to report.
8. Written Representations
The auditor shall OBTAIN ‘Written Representations’ from management and where appropriate those charged with governance that:
- They acknowledge their responsibility for the design, implementation and maintenance of internal control;
- They have disclosed to the auditor the results of management’s assessment of the risk that the financial statements may be materially misstated as a result of fraud;
- They have disclosed to the auditor their knowledge of fraud or suspected fraud; AND
- They have disclosed to the auditor their knowledge of any allegations of fraud or suspected fraud.
9. Communications to Management and With Those Charged With Governance
If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor as per ISA 240 shall COMMUNICATE these matters on a ‘timely basis‘.
The auditor shall COMMUNICATE unless prohibited by law or regulation with those charged with governance any other matters related to fraud.
10. Reporting Fraud to an Appropriate Authority Outside the Entity
If the auditor has identified or suspects a fraud, the auditor shall DETERMINE whether law, regulation or relevant ethical requirements:
- REQUIRE the auditor to report to an appropriate authority outside the entity;
- ESTABLISH responsibilities under which reporting to an appropriate authority outside the entity may be appropriate.
The auditor shall INCLUDE the following in the ‘Audit Documentation’ of the auditor’s understanding of the entity and its environment required by ISA 315:
|(a) The significant decisions reached during the discussion among the engagement team; AND|
|(b) The identified and assessed risks of material misstatement due to fraud at the financial statement level and at the assertion level.|
The International Standard on Auditing ISA 240 ‘The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements‘ DEALS with the auditor’s responsibilities relating to fraud in an ‘audit‘ of Financial Statements.
[200-299] General Principles and Responsibilities → Articles @ EntreprenurialHub by Jhanzayb
Chartered Accountant (Institute of Chartered Accountants of Pakistan)
Bachelor of Accounting Honours (Asia e University, Malaysia)