Cost/benefit balance: Has the time come to re-think the auditor’s responsibilities relating to fraud?

When it comes to the auditor’s responsibilities relating to fraud, many see a significant expectation gap between what auditors are required to do and what stakeholders expect them to do.

When it comes to the auditor’s responsibilities relating to fraud, many see a significant expectation gap between what auditors are required to do and what stakeholders expect them to do. A recent publication of the United Kingdom (U.K.) Financial Reporting Council (FRC), which focused on the auditor’s identification of and response to fraud risks, and the auditor’s consideration of laws and regulations, shines a light on this gap.

The FRC visited the six largest firms in the U.K. to review their audit methodology along with their guidance and training provided to staff in respect of fraud risks and consideration of laws and regulations. The FRC stated “Our findings and recommendations identify some specific areas in which auditors should review and improve their performance with a view to better fulfilling their professional responsibilities.” A reading of the FRC’s overview and key messages does indicate areas where some of the audits reviewed by the FRC did not appear to fully comply with existing auditing standards. However, there were a number of other FRC recommendations which I believe some might argue go beyond existing standards relating to fraud. Here are a few of such recommendations:

  1. The auditor should use forensic specialists in fraud risk discussions and in running computer assisted auditing techniques (CAATs) for journal testing.
  2. The auditor should use CAATs on all audits to test journal entries.
  3. When assessing fraud risk factors, auditors should consider the incentive for management to manipulate other information disclosed in the annual report, outside of the financial statements, to achieve remuneration targets.

Under existing auditing standards, auditors are required to design and perform procedures to test the appropriateness of journal entries recorded in the entity’s accounting ledgers to address the threat of management manipulation of the accounting records. This testing is a focus for attention by audit inspectors. In fact, over the last few years, I understand that many audit firms have been upgrading their work in this area. Auditors acknowledge that although the concept may be relatively simple, effective execution can be complex and time consuming. The FRC publication contains a number of specific recommendations on how auditors should improve this work. But while there may be some risk of fraud through inappropriate journal entries, is this really an area where auditors need extensive focus? Some question whether a significant fraud would be perpetrated in this manner these days, particularly given that management knows that auditors are specifically required to test journal entries.

There may be different views as to whether the FRC recommendations will put auditors in a better position to detect possible material misstatements due to fraud and, thereby, improve audit quality. They would certainly increase the cost of an audit in my view. But this may be appropriate if it is in the public interest for auditors to take more responsibility for detecting fraud, and stakeholders are willing to pay for it. To me, the question that needs to be answered is – what is the appropriate threshold for an auditor’s responsibilities relating to fraud?

The existing premise in the Canadian Auditing Standards (CASs) is to assist the auditor in identifying and assessing the risks of material misstatement due to fraud and in designing procedures to detect such misstatement. It recognizes there is an unavoidable risk that some material misstatements of the financial statements will not be detected, even though the audit is properly planned and performed in accordance with the CASs. In particular, the risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting one resulting from error.

But perhaps the auditor should be required to go further, for example by using forensic techniques to search for fraud, or looking at management’s discussion and analysis with an eye for fraud. Perhaps now is the time to re-open the discussion with stakeholders as to the appropriate responsibilities of the auditor in relation to fraud in the public interest. There is obviously an appropriate cost/benefit balance to be achieved. Such a balance would also need to consider the implications it may have for smaller audit firms that may not have resources available to them to use such things as forensic techniques or CAATs – would it put audit engagements out of reach for smaller entities and smaller firms?

Keep the conversation going….do you think current standards are appropriate relating to fraud? Have society’s expectations in this area been increasing?

Post a comment below; or email me directly.


Conversations about Audit Quality is designed to create an exchange of ideas on global audit quality developments and issues and their impact in Canada.

About the Author

Eric Turner, CPA, CA

Director, Auditing and Assurance Standards, CPA Canada