1. Assess the risk of material misstatement due to fraud throughout the audit.
2. Evaluate whether analytical procedures performed as substantive tests or in the overall review indicate a previously unidentified fraud risk.
3. Evaluate the risk of material misstatement due to fraud at or near the completion of fieldwork.
4. Respond to misstatements that may result from fraud.
5. Consider whether identified misstatements may be indicative of fraud, and, if so, evaluate their implications.
(AU-C 240.34-.37)
Evaluating Analytical Procedures
The auditor should consider whether analytical procedures performed as substantive tests or in the overall review stage of the audit indicate a risk of material misstatement due to fraud. The auditor should perform analytical procedures relating to revenue through the end of the reporting period, either as part of the overall review of the audit or separately. If such procedures are not included during the overall review stage of the audit, the auditor should perform analytical procedures specifically related to potentially fraudulent revenue recognition.
The auditor should be alert to responses to inquiries about analytical relationships that are:
● Vague or implausible
● Inconsistent with other audit evidence
NOTE: The auditor should document other conditions or analytical relationships that result in additional procedures, and any other responses the auditor feels are necessary.
As part of the auditor's evaluation of analytical procedures performed as substantive tests or in the overall review stage of the audit, and those analytical procedures that relate to revenue through the end of the reporting period, the auditor may find it helpful to consider the following issues:
1. Are there any unusual relationships involving revenues and income at year-end, such as an unexpectedly large amount of revenue reported at the very end of the reporting period from nonstandard transactions, or income that is not consistent with cash flow trends from operations?
2. Are there other unusual or unexpected analytical relationships that should be evaluated? The guidance provides the following examples:
● An unusual relationship between net income and cash flows from operations may occur if management recorded fictitious revenues and receivables but was unable to manipulate cash.
● Inconsistent changes in inventory, accounts payable, sales, or cost of sales between the prior period and the current period may indicate a possible employee theft of inventory, because the employee was unable to manipulate all of the related accounts.
● Comparing the entity's profitability to industry trends, which management cannot manipulate, may indicate trends or differences for further consideration.
● Unexplained relationships between bad debt write-offs and comparable industry data, which employees cannot manipulate, may indicate a possible theft of cash receipts.
● Unusual relationships between sales volume taken from the accounting records and production statistics maintained by operating personnel – which may be more difficult for management to manipulate – may indicate a possible misstatement of sales.
(AU-C 240.A58)
Evaluating Fraud Risk at or Near the Completion of Fieldwork
The auditor should, at or near the end of fieldwork, evaluate whether the results of auditing procedures and observations affect the earlier assessment of the risk of material misstatement due to fraud. When making this evaluation, the auditor with final responsibility for the audit should confirm that all audit team members have been communicating information about fraud risks to each other throughout the audit.
Responding to misstatements that may result from fraud. When misstatements are identified, the auditor should consider whether they are indicative of fraud. The auditor may need to consider the impact on materiality and other related responses.
If the auditor believes that the misstatements are fraudulent or may result from fraud, but the effect is not material to the financial statements, the auditor should evaluate the implications for the rest of the audit. If the auditor determines that there are implications, such as implications about management's integrity, the auditor would reevaluate the assessment of the risk of material misstatement due to fraud and its impact on the nature, timing, and extent of substantive tests and the assessment of control risk if control risk were assessed below the maximum.
If the auditor believes that the misstatements are fraudulent or may result from fraud, and the effect is material (or if the auditor cannot evaluate the materiality of the effect), the auditor should:
1. Try to obtain additional evidence to determine whether fraud occurred and what its effect would be.
2. Consider how it affects the rest of the audit.
3. Discuss the matter and a plan for further investigation with a level of management at least one level above those involved, as well as senior management and those charged with governance (if senior management is involved, it may be appropriate for the auditor to hold the discussion with those charged with governance).
4. Consider suggesting that the client consult legal counsel.
After evaluating the risk of material misstatement, the auditor may determine that he or she should withdraw from the engagement and communicate the reason to those charged with governance. The auditor may wish to consult legal counsel when considering withdrawing from the engagement.
NOTE: Because of the wide variety of circumstances involved, it is not possible to definitively point out when the auditor should withdraw. However, the auditor may want to consider the implications of the fraud for management's integrity and the cooperation and effectiveness of management and/or the board of directors when considering whether to withdraw.
Communication about Possible Fraud to Management and Those Charged with Governance
When the auditor discovers or suspects fraud, the actions and communications required are somewhat complex, especially when an SEC client is involved. The actions/communications required by Title III of the Private Securities Litigation Reform Act of 1995, by the SEC Practice Section (SECPS) for its members, and by the SEC in Form 8-K add to the complexity.
The auditor should communicate on a timely basis any evidence that fraud may exist, even if such fraud is inconsequential, to the appropriate level of management. (AU-C 240.39)
The auditor should directly inform those charged with governance about:
● Fraud involving management
● Fraud involving employees who have significant roles in internal control
● Fraud that causes a material misstatement of the financial statements
(AU-C 240.40)
The auditor should reach an understanding with those charged with governance about the nature and extent of communications that need to be made to them about misappropriations committed by lower-level employees.
The auditor should consider whether the following are reportable conditions that should be communicated to senior management and those charged with governance:
● Identified risks of material misstatement due to fraud that have continuing control implications (whether or not transactions or adjustments that could result from fraud have been detected)
● A lack of, or deficiencies in, programs and controls to mitigate the risk of fraud
The auditor may also want to communicate other identified risks of fraud to those charged with governance, either in the overall communication of business and financial statement risks affecting the entity or in the communication about the quality of the entity's accounting principles (see Section 260).
Ordinarily, the auditor is not required to disclose possible fraud to anyone other than the client's