A refresher on fraud and the responsibility for its detection

Reviewing the accountant’s responsibilities for fraud when performing an assurance engagement.
By Dave Arman, CPA

IMAGE BY ANDREI AKUSHEVICH/GETTY IMAGES
IMAGE BY ANDREI AKUSHEVICH/GETTY IMAGES

Reviewing the accountant’s responsibilities for fraud when performing an assurance engagement.

Fraud is a serious concern that can have devastating consequences. With that in mind, there may be no better time than now for a quick refresher on the practitioner’s responsibilities relating to fraud in an assurance engagement.

Remember: there is no substitute for the AICPA Professional Standards; this discussion is not intended to cover all the requirements contained in the relevant sections of that authoritative guidance.

The accountant’s responsibilities relating to fraud depend on the type of engagement being performed. Our discussion will cover engagements covered by AICPA Statements on Standards for Accounting and Review Services (SSARSs) and AICPA Statements on Auditing Standards (SASs). Let’s begin with the SSARSs.

As with an audit of financial statements, when performing a preparation, compilation, or review engagement the accountant begins with engagement acceptance or continuance procedures. These include obtaining (usually via an engagement letter) the agreement of management, where management acknowledges and understands its responsibilities with respect to fraud. Management’s responsibilities include the prevention and detection of fraud, as well as the design, implementation, and maintenance of a system of internal control relevant to the preparation and presentation of financial statements that are free from material misstatement, whether due to fraud or error unless the accountant decides to accept responsibility for such internal control.

RESPONSIBILITIES FOR FRAUD IN A PREPARATION OR COMPILATION ENGAGEMENT

When performing a preparation engagement, where the objective is to prepare financial statements pursuant to a specified financial reporting framework, the auditor’s main responsibility is the requirement to obtain management’s agreement that it acknowledges and understands its responsibility for preventing and detecting fraud. This is equally true in the case of a compilation engagement, where the objective is to apply accounting and financial reporting expertise to assist management in the presentation of the financial statements and to report in accordance with AR-C Section 80, Compilation Engagements, without undertaking to obtain or provide any assurance that there are no material modifications that should be made to the financial statements for them to be in accordance with the applicable financial reporting framework.

In detailing the accountant’s responsibilities in the engagement letter — and in the interest of transparency — it is recommended (but not required) that the accountant convey to management that a preparation or compilation engagement cannot be relied on to identify or disclose any financial statement misstatements, including those caused by fraud or error, or to identify or disclose any wrongdoing within the entity or noncompliance with laws and regulations.

RESPONSIBILITIES FOR FRAUD IN A REVIEW ENGAGEMENT

Recall that in conducting a review of financial statements, one of the accountant’s objectives is to obtain limited assurance as a basis for reporting whether, for the statements to be in accordance with the applicable financial reporting framework, they are aware of any material modifications that should be made to them.

When setting out to obtain limited assurance, the accountant must (under AR-C Section 90, Review of Financial Statements) make inquiries of individuals in management who have responsibility for financial and accounting matters (and make inquiries of others within the entity, as appropriate) about the existence of any actual, suspected, or alleged fraud. Such inquiries are most effective when the accountant’s understanding of the entity informs their questions. It’s important for the accountant to remain inquisitive throughout the review engagement and to carefully evaluate the responses in the context of the specific engagement while maintaining appropriate professional skepticism.

When there are indications that fraud has or might have occurred — the effects of which should be considered when preparing the financial statements — the accountant is required to communicate such as soon as practical either to the appropriate level of senior management, preferably at a level above those involved with the suspected fraud, or to those charged with governance. As appropriate, the accountant should request management’s assessment of the effects, if any, on the financial statements; consider the effect, if any, of management’s assessment of the effects of fraud on the accountant’s conclusion on the financial statements and the accountant’s report; and determine whether they, as the accountant, have broader communication responsibilities to any parties outside of the entity. Because potential conflicts with the accountant’s ethical and legal obligations regarding confidentiality may be complex, the accountant may consult with legal counsel before discussing with parties outside the entity.

If the fraud either results in a material misstatement of the financial statements or involves senior management, the accountant is required to communicate the matter directly to those charged with governance.

In a review engagement, the accountant is required to obtain specific written representations from management regarding fraud, including that management has disclosed to the accountant significant facts relating to any fraud or suspected fraud known to management that may have affected the entity, involving management, employees who have significant roles in internal control, or others, when the fraud could have a material effect on the financial statements.

Finally, the written review report is required to include an explanation that management is responsible for the preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework. This responsibility includes the design, implementation, and maintenance of a system of internal control relevant to the preparation of the financial statements so that they are free from material misstatement, whether due to fraud or error.

RESPONSIBILITIES FOR FRAUD IN AN AUDIT ENGAGEMENT

AU-C Section 240, Consideration of Fraud in a Financial Statement Audit, addresses the auditor’s responsibilities relating to fraud in an audit of financial statements. Specifically, it expands on how AU-C Section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, and AU-C Section 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained, are to be applied regarding risks of material misstatement due to fraud.

AU-C Section 240.04 notes that the primary responsibility for fraud prevention and detection lies with the entity’s management, including the entity’s system of internal control. Furthermore, those charged with governance have oversight responsibility, which includes considering the potential for override of controls or other inappropriate influence over the financial reporting process.

AUDITOR RESPONSIBILITIES

As we know, the auditor is responsible for obtaining reasonable assurance in an audit that the financial statements are free of material misstatements, whether due to fraud or error. Although reasonable assurance is a high level of assurance, there is an unavoidable risk that some material misstatements in the financial statements may not be detected, even though the audit is properly planned and performed in accordance with generally accepted auditing standards (GAAS). The inherent limitations of an audit are particularly significant when misstatement results from fraud — more so when management is the source of the fraud.

When performing an engagement, it behooves the auditor to consider the fraud-risk triangle and how its three elements might be present within the specific client. Are there events or conditions that represent incentive or pressure to perpetrate fraud, that provide opportunity to commit fraud, or that could be a basis for trying to rationalize or justify fraud?

To meet GAAS requirements, auditors are generally required to:

■ Maintain professional skepticism.

• Discuss among key engagement team members how and where the entity’s financial statements might be susceptible to material misstatement due to fraud.

• Identify client-specific fraud risks and don’t forget to document this brainstorming session.

As a part of risk assessment procedures and related activities in accordance with AU-C Section 315:

■ Make inquiries of management regarding

• Management’s assessment of the risk that the financial statements may be materially misstated due to fraud, its identification and monitoring processes, and any related communications regarding fraud. Be alert for changes in internal control due to a remote or reduced work force. Watch for nonverbal cues during these interviews; body language can be revealing.

• Whether the entity has entered into any significant or unusual transactions (or both) and, if so, their nature, terms, and business purpose.

■ Make inquiries of management and of others within the entity about whether they have knowledge of any actual, suspected, or alleged fraud.

■ Evaluate unusual or unexpected relationships identified during analytical procedures.

■ Evaluate whether there are indications of fraudrisk factors.

■ Identify and assess the risk of material misstatement due to fraud.

■ Respond to assessed risks of material misstatement due to fraud, in accordance with AU-C Section 330.

■ Document the linkage between the assessed risk and response.

■ Consider other audit procedures not required by AU-C Section 240, as appropriate, to respond to identified risks of management override.

■ Communicate required information to management and to those charged with governance and, if determined to be required, to regulatory and enforcement authorities.

■ Include documentation as required by AU-C Sections 240, 315, and 330 as well as that required by any other relevant AU-C sections.

Note that an auditor may consider the necessity of withdrawing from an engagement if, as a result of identified or suspected fraud, the auditor encounters circumstances that bring into question the auditor’s ability to continue performing the audit.

As with a review engagement, in an audit engagement the auditor will obtain representations from management regarding fraud. Specifically, management will represent that it has notified the auditor of any known significant facts relating to actual or suspected fraud and any allegations of known or suspected fraud that may have affected the entity’s financial statements.

THE AUDITOR’S REPORT

Finally, a section titled “Responsibilities of Management for the Financial Statements” within the auditor’s report will include an explanation that management is responsible for the preparation and fair presentation of the financial statements and is responsible for the design, implementation, and maintenance of a system of internal control relevant to the preparation and fair presentation of the financial statements that are free from material misstatement, whether due to fraud or error.


About the author

Dave Arman, CPA, MBA, is the senior manager — Audit Quality at AICPA & CIMA, together as the Association of International Certified Professional Accountants. To comment on this article or to suggest an idea for another article, contact Dave Strausfeld at David.Strausfeld@aicpa-cima.com.


LEARNING RESOURCE

MBAexpress: Preventing and Detecting Fraud - V 2.0

This course discusses common warning signs of fraud and offers prevention techniques to protect your company.

CPE SELF-STUDY

For more information or to make a purchase, go to aicpa-cima.com/cpe-learning or call 888-777-7077.


AICPA & CIMA RESOURCES

Article

Auditing Best Practices: What Academic Fraud Research Reveals,“ JofA, Jan. 20, 2023

SPONSORED REPORT

Be prepared for tax season early

Our expert tax report highlights the important issues that tax preparers and their clients need to address for the 2024 tax year. Stay informed and proactive with guidance on critical tax considerations before year-end.