Auditing Theory (AT-09)

CKC- BSA 3

PSA 240 (REVISED 2006) THE AUDITOR’S RESPONSIBILITY TO CONSIDER FRAUD IN AN

AUDIT OF FINANCIAL STATEMENTS

PSA 250 CONSIDERATIONS OF LAWS AND REGULATIONS IN AN

AUDIT OF FINANCIAL STATEMENTS

PSA 260 COMMUNICATIONS OF AUDIT MATTERS WITH THOSE

CHARGED WITH GOVERNANCE

PSA 240 (REVISED 2006)

THE AUDITOR’S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIALSTATEMENTS

FRAUD refers to an intentional act by one party or more individuals among management, those charged
with governance, employees or third parties, involving the use of deception to obtain an unjust or illegal
advantage

Fraud involves:
 Incentive or pressure to commit fraud
 A perceived opportunity to act or to do so
 Some rationalization of the act

Management fraud - fraud involving one or more members of management or those charged with
governance
Employee fraud - fraud involving only employees of the entity
(In either case, there may be collusion within the entity or with third parties outside of the entity)

TWO TYPES OF FRAUD

1. FRAUDULENT FINANCIAL REPORTING
 Involves intentional misstatements including omissions of amounts or disclosures in
financial statements to deceive financial statement users
 often involves management override of controls that otherwise may appear to be
operating effectively
 can be caused by the efforts of management to manage earnings in order to deceive
financial statements users by influencing their perceptions as to the entity’s
performance and profitability
 may be accomplished by the following
 manipulation, falsification (including forgery), or alteration of
accounting records or supporting documentation from which the
financial statements are prepared
 misrepresentation in, or intentional omission from, the financial
statements of events, transactions or other significant information
 intentional misapplication of accounting principles relating to amounts,
classifications, manner of presentation, or disclosure

2. MISAPPROPRIATION OF ASSETS
 Involves the theft of an entity’s assets and is often perpetrated by employees in
relatively small and immaterial amounts
 Can also involve management who are usually more able to disguise or conceal
misappropriations in ways that are difficult to detect
 Often accompanied by false or misleading records or documents in order to conceal the
fact that the aspects are missing or have been pledged without proper authorization
 Can be accompanied in a variety of ways including:
o Embezzling receipts
o Stealing physical assets or intellectual property
o Causing an entity to pay for the goods and services not received
o Using an entity’s assets for personal use
Responsibilities of Those charged with Governance and of Management
1. The primary responsibility for the prevention and detection of fraud rests with both those
charged with governance of the entity and with management
2. It is important management, with the oversight of those charged with governance, place a
strong emphasis on fraud prevention, which may reduce opportunities for fraud to take place,
and fraud deterrence, which could persuade in individuals not to commit fraud because of the
likelihood detection and punishment
3. It is the responsibility of those charged with governance of the entity to ensure , through
oversight of management, that the entity establishes and maintains internal control to provide
reasonable assurance with regard to reliability of financial reporting, effectiveness and efficiency
of operations and compliance with applicable law and regulations
4. It is the responsibility of management, with oversight from those charged with governance, to
establish a control environment and maintain policies and procedures to assist in achieving the
objective ensuring, as far as possible, the orderly and efficient conduct of the entity’s business

Inherent limitations of an Audit in the context of Fraud

1. Owing to inherent limitations of an audit, there is an unavoidable risk that some material
misstatements of the financial statements will not be detected, even though the audit is
properly planned and performed in accordance with PSAs
2. The risk of not detecting a material misstatement resulting from fraud is higher than the risk of
not detecting a material misstatement resulting from error because fraud may involve
sophisticated and carefully organized schemes designed to conceal it, such as:
 Forgery
 Deliberate failure to record transactions
 Intentional misrepresentation being made to the auditor

3. The risk of the auditor not detecting a material misstatement resulting from management fraud
is greater than for employee fraud, because management is frequently in a position to directly
or indirectly manipulate accounting records and present fraudulent financial information
4. The subsequent discovery of a material misstatement of the financial statements resulting from
fraud does not, in and of itself, indicate a failure to comply with PSAs

Responsibilities of the auditor for detecting material misstatements due to fraud

1. An auditor conducting an audit in accordance with PSAs obtains reasonable assurance that the
financial statements taken as a whole are free from material misstatement, whether caused by
fraud or error
2. An auditor cannot obtain absolute assurance that material misstatements in the financial
statement will be detected because of such factors as of the following:
 use of judgment
 use of testing
 inherent limitations of internal control
 the fact that much of the audit evidence available to the auditor is persuasive
rather than conclusive in nature
3. The auditor should maintain an attitude of professional skepticism throughput the audit,
recognizing the possibility that a material misstatement due to fraud could exist,
notwithstanding the auditor’s past experience with the entity about the honesty and integrity of
management and those charged with governance
4. Members of the engagement team should discuss the susceptibility of the entity’s financial
statements to material misstatement due to fraud
5. Risk assessment procedures
The auditor should perform risk assessment procedures to obtain an understanding of
the entity and its environment, including its internal control. As part of this work, the
auditor performs the following procedures to obtain information that is used to identify
the risks of material misstatements due to fraud:
1. Makes inquiries of management, of those charged with governance, and of others
within the entity as appropriate and obtains an understanding of how those charged
with governance exercise oversight of management’s processes for identifying and
responding to the risks of fraud and he internal control that management has
established to mitigate these risks
2. Considers whether one or more fraud risk factors are present
3. Considers any unusual or unexpected relationships that have been identified in
performing analytical procedures
4. Considers other information that may be helpful in identifying the risks of material
misstatement due to fraud.
Responses to the risks of material misstatement due to fraud
1. The auditor should determine overall responses to address he assessed risks of material
misstatement due to fraud at the financial statement level and should design and perform
further audit procedures whose nature, timing and extent are responsive to the assessed risks at
the assertion level
2. In determining overall responses to address the risks of material misstatement due to fraud at
the financial statement level the auditor should:
 Consider the assignment and supervision of personnel
 Consider the accounting policies used by the entity; and
 Incorporate an element of unpredictability in the selection of the nature, timing
and extent of audit procedures
3. Audit procedures responsive to risks of material misstatement due to fraud at the assertion
level
The auditor’s responses may include changing the nature, timing, and extent of audit
procedures in the following ways:
a. The nature of audit procedures to be performed may need to be changed to obtain
audit evidence that is more reliable and relevant to obtain additional corroborative
information
b. The timing of substantive procedures may need to be modified. The auditor may
conclude that performing substantive testing at or near the period end better addresses
an assessed risk of material misstatement due to fraud
c. The extent of the procedures applied reflects the assessment of the risks of material
misstatement due to fraud. For example, increasing sample sizes or performing
analytical procedures at a more detailed level may be appropriate
4. To respond to the risk of management override of controls, the auditor should design and
perform audit procedures to:
a. Test the appropriateness of journal entries recorded in the general ledger and other
adjustments made in the preparation of the financial statements
b. Review accounting estimates for biases that could result to material misstatement due
to fraud
c. Obtain an understanding of the business rationale of significant transactions that the
auditor become aware of that are outside the normal course of the business for the
entity, or that otherwise appear to be unusual given the auditor’s understanding of the
entity and its environment

Evaluation of audit evidences

1. The auditor should consider whether analytical procedures that are performed at or near the
end of audit when forming an overall conclusion as to whether the financial statements as a
whole are consistent with auditor’s knowledge of the business indicate a previously
unrecognized risk of material misstatement due to fraud
2. When the auditor identifies the misstatement, the auditor should consider whether such a
misstatement may be indicative of fraud and if there is such an indication the auditor should
consider the implications of the misstatement in relation to other aspects of the audit,
particularly the reliability of management representations
3. When the auditor confirms that, or is unable to conclude whether, the financial statements are
materially misstated as a result of fraud, the auditor should consider the implications for the
audit

Management representations
The auditor should obtain written representations from management that:
a. It acknowledges its responsibility for the design and implementation of internal control to
prevent and detect fraud
b. It has disclosed to the auditor the results of its assessment of the risk that the financial
statements may be materially misstated as a result of fraud
c. It has disclosed to the auditor its knowledge of fraud or suspected fraud affecting the entity
involving:
i. Management
ii. Employees who have significant roles in internal control
iii. Others where the fraud could have a material effect on the financial statements
and
d. It has disclosed to the auditor its knowledge of any allegations of fraud, or suspected
fraud, affecting the entity’s financial statements communicated by the employees,
former employees, analysts, regulators or others.
Communication with management and those charged with governance
1. If the auditor has identified a fraud or has obtained information that indicates that a fraud may
exist, the auditor should communicate these matters as soon as practicable to the appropriate
level of management
2. If the auditor has identified fraud involving management, employers who have significant roles
in internal control, or others where the fraud results in a material misstatement in the financial
statements, the auditor considers seeking legal advice to assist in the determination of the
appropriate course of action
3. If the integrity or honesty of management or those charged with governance is doubted, the
auditor considers seeking legal advice to assist in the determination of the appropriate course of
action
4. The auditor should make those charged with governance and management aware, as soon as
practicable, and at the appropriate level of responsibility, of material weaknesses in the design
or implementation of internal control to prevent and detect fraud which may have come to the
auditor’s attention
5. The auditor’s professional duty to maintain the confidentiality of client information may
preclude reporting fraud to a party outside the client the entity. However, the duty of
confidentiality may be overridden by regulatory requirements

Auditor unable to continue the engagement

1. If , as a result of a misstatement resulting from fraud or suspected fraud, the auditor encounters
exceptional circumstances that bring into question the auditor’s ability to continue performing
audit, the auditor should:
a. Consider the professional and legal responsibilities applicable in the circumstances,
including whether there is a requirement for the auditor to report to the person or
persons who made the audit appointment or, I some cases, to regulatory authorities
b. Consider the possibility of withdrawing from the engagement; and
c. If the auditor withdraws:
i. Discuss the appropriate level of management and those charged with
governance the auditor’s withdrawal from the engagement and the reasons for
the withdrawal; and
ii. Consider whether there is a professional or legal requirement to report to the
person or persons who made the audit appointment or, in some cases, to
regulatory authorities, the auditor’s withdrawal from the engagement and the
reasons for the withdrawal

Documentation
1. The documentation of the auditor’s understanding of the entity and its environment and the
auditor’s assessment of the risks of material misstatement should include:
a. The significant decisions reached during the discussion among the engagement
team regarding the susceptibility of the entity’s financial statements to material
misstatement due to fraud
b. The identified and assessed risks of material misstatement due to fraud at the
financial statement level and at the assertion level
2. The documentation of the auditor’s responses to the assessed risks of material misstatement
should include:
a. The overall responses to the assessed risks of material misstatement due to fraud at
the financial statement level and the nature, timing and extent of audit procedure,
and the linkage of those procedures with the assessed risks of material
misstatement due to fraud at the assertion level
b. The results of the audit procedures, including those designed to address the risk of
management override of controls
3. The auditor should document the communications about fraud made to management, those
charged with governance, regulators and others
4. When the auditor has concluded that the presumption that there is a risk of material
misstatement due to fraud related to revenue recognition is not applicable in the circumstances
of the engagement, the auditor should document the reasons for that conclusion
PSA 250
CONSIDERATION OF LAWS AND REGULATIONS IN AN AUDIT OF FINANCIAL STATEMENTS
1. “Noncompliance” as used in PSA 250 refers to acts of omission or commission by the entity
being audited, either intentional and unintentional, which are contrary to the prevailing
laws and regulations
2. Noncompliance does not include personal misconduct (unrelated to the business activities of
the entity) by the entity’s management or employees
3. When planning and performing audit procedures and in evaluating and reporting the
results thereof, the auditor should recognize that noncompliance by the entity with laws
and regulation may materially affect the financial statements

Responsibility of management for the compliance with laws and regulations

1. It is management’s responsibility to ensure that the entity’s operations conducted in
accordance
with laws and regulations
2. The responsibility for the prevention and detection of noncompliance rests with management
3. The following policies and procedures, among others, may assist management in
discharging its responsibilities for the prevention and detection of noncompliance:
 Monitoring legal requirements and ensuring that operating procedures are
designed to meet these requirements
 Instituting and operating appropriate systems of internal control
 Developing, publicizing and following a Code of Conduct
 Ensuring employees are properly trained and understand the Code of Conduct
 Monitoring compliance with the Code of Conduct and acting appropriately to
discipline employees who fail to comply with it
 Engaging legal advisors to assist in monitoring legal requirements
 Maintaining a register of significant laws with which the entity has to comply
within its particular industry and a record of complaints

The auditor’s consideration of compliance with laws and regulations

1. The auditor is not, and cannot be held responsible for preventing noncompliance
2. The auditor should plan and perform the audit with an attitude of professional
skepticism recognizing that the audit may reveal conditions or events that would
lead to questioning whether an entity is complying with laws and regulations
3. In order t plan the audit, the auditor should a general understanding of the legal and
regulatory framework applicable to the entity and the industry and how the entity is
complying wih that framework
4. After obtaining the general understanding, the auditor should perform procedures to
help identify instances of noncompliance with those laws and regulations where non
compliance should be considered when preparing financial statements specifically:
a. Inquiring of management as to whether the entity is in compliance with such
laws and regulations
b. On receipt of an inquiry from the proposed auditor, the existing auditor should
advise whether there are any professional reasons why the proposed auditor
should not accept the appointment. If permission from the client to discuss its
affairs with the proposed auditor of denied by the client, the fact should be
disclosed to the proposed auditor.