The Financial Reporting Council (FRC) is to update the UK auditing standard covering the auditor’s responsibility relating to fraud, amid concerns that the 16-year old regulations are not sufficiently clear about what the requirements are
The regulator has opened a consultation on the proposed revision of ISA (UK) 240 (Updated January 2020) - The Auditor's responsibilities Relating to Fraud in an Audit of Financial Statements.
ISA (UK) 240 contains a significant number of requirements designed to assist the auditor in identifying and assessing the risks of material misstatement due to fraud and in designing procedures to detect such misstatement.
However, a string of high profile corporate collapses and accounting errors such as those uncovered at Patisserie Valerie after auditors had signed off the annual accounts, have raised questions about whether auditors are doing enough work to detect material fraud.
Specific concerns about a lack of clarity in the standard as to the auditors’ obligations have been raised, including by Sir Donald Brydon's review of the quality and effectiveness of audit.
ISA (UK) 240 was first adopted in the UK in 2004. Since then it has received relatively minor updates, but has not been substantively revised.
The International Auditing and Assurance Standards Board (IAASB) is commencing its own review of ISA 240, but the FRC said it could be several years before that revision is finalised.
The FRC said: ‘We believe it is important to act now to address immediate concerns about the auditor’s responsibilities in respect of fraud.
‘At the same time, we will continue to contribute to the wider debate about the implementation of the Brydon review by government, including whether even more substantial changes to standards are required in due course, as well as developments at the IAASB.’
The proposed changes include providing increased clarity as to the auditors’ obligations together with enhancements to the requirements for the identification and assessment of risk of material misstatement due to fraud and the procedures to respond to those risks.
The revisions aim to clarify that the evaluation of whether suspected or identified fraud is material takes into account the qualitative as well as quantitative characteristics of the fraud.
A new paragraph is added to clarify that while the risk of not detecting a material misstatement resulting from fraud may be higher than the risk of detecting one resulting from error, that does not diminish the auditor's responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement due to fraud. Reasonable assurance is a high, but not absolute, level of assurance.
As regards professional scepticism, the revisions require that the auditor shall undertake risk assessment procedures and design and perform further audit procedures in a manner that is not biased towards obtaining audit evidence that may be corroborative or towards excluding audit evidence that may be contradictory.
They also require the auditor to remain alert for conditions that indicate a record or document may not be authentic. In addition to investigating inconsistent responses to inquiries, auditors will be required to investigate responses to inquiries of management, those charged with governance or others in the entity that appear implausible.
The new requirements also provide more detailed descriptions in areas such as engagement with the team and risk assessments. Risk assessment procedures must be designed in a manner that is not biased towards obtaining audit evidence that may be corroborative or towards excluding audit evidence that may be contradictory.
New paragraphs have been added to the standard specifying particular matters to cover in the discussion, including how management could perpetrate and conceal fraudulent financial reporting and how assets of the entity could be misappropriated; the susceptibility of a significant component in a group audit to material misstatement of the financial information of that component due to fraud; and how to investigate allegations of fraud that may have come to the auditor's attention. When finalised, the revised UK standard is proposed to be effective for audits of periods commencing on or after 15 December 2021 with early adoption permitted.
This is the same effective date as for ISA (UK) 315 (Revised July 2020) - Identifying and Assessing the Risks of Material Misstatement - and will enable firms to address both revised standards in a single update of their procedures rather two separate updates within a relatively short period of time.
Mark Babington, FRC executive director of regulatory standards, said: ‘The UK supports the development and adoption of high quality global standards for corporate reporting and audit, enabling the UK to attract high quality global investment.
‘However, sometimes the UK needs to show leadership and move in advance of international standards to address urgent stakeholder concerns in the public interest – we believe that some of the misunderstandings that have been communicated around the auditor’s responsibilities in respect of fraud meet this test.
‘In response, we have developed a revised standard which makes auditors’ obligations clearer, enhances the risk assessment they carry out, and sets clearer requirements for what the auditor then does.’
The consultation runs until 29 January 2021.