PROFE04- AUDITING AND ASSURANCE_PRINCIPLES AND SPECIALIZED INDUSTRIES

CHAPTER 4 FRAUD AND ERROR

LEARNING OBJECTIVES:
Understand the auditor’s responsibility to consider fraud in an audit of
financial statements.
Learn considerations of laws and regulations in an audit of financial
statements.
Discuss communications of audit matters with those charged with
governance.
Explain the auditor’s responsibility to consider fraud in an audit of financial
statements.

FRAUD refers to an intentional act by one party or more individuals among

management, those charged with governance, employees or third parties, involving the
use of deception to obtain an unjust or illegal advantage

Fraud involves:
 Incentive or pressure to commit fraud
 A perceived opportunity to act or to do so
 Some rationalization of the act

Management fraud - fraud involving one or more members of management or those

charged with governance
Employee fraud - fraud involving only employees of the entity
(In either case, there may be collusion within the entity or with third parties
outside of the entity)

TWO TYPES OF FRAUD

1. FRAUDULENT FINANCIAL REPORTING
 Involves intentional misstatements including omissions of amounts or
disclosures in financial statements to deceive financial statement users

1
 PROFE04- AUDITING AND ASSURANCE_PRINCIPLES AND SPECIALIZED INDUSTRIES

 often involves management override of controls that otherwise may

appear to be operating effectively
 can be caused by the efforts of management to manage earnings in order
to deceive financial statements users by influencing their perceptions as to
the entity’s performance and profitability
 may be accomplished by the following
 manipulation, falsification (including forgery), or alteration of
accounting records or supporting documentation from which
the financial statements are prepared
 misrepresentation in, or intentional omission from, the
financial statements of events, transactions or other
significant information
 intentional misapplication of accounting principles relating to
amounts, classifications, manner of presentation, or
disclosure

2. MISAPPROPRIATION OF ASSETS
 Involves the theft of an entity’s assets and is often perpetrated by
employees in relatively small and immaterial amounts
 Can also involve management who are usually more able to disguise or
conceal misappropriations in ways that are difficult to detect
 Often accompanied by false or misleading records or documents in order
to conceal the fact that the aspects are missing or have been pledged
without proper authorization
 Can be accompanied in a variety of ways including:
o Embezzling receipts
o Stealing physical assets or intellectual property
o Causing an entity to pay for the goods and services not received
o Using an entity’s assets for personal use

Responsibilities of Those charged with Governance and of Management

1. The primary responsibility for the prevention and detection of fraud rests with
both those charged with governance of the entity and with management
2. It is important management, with the oversight of those charged with
governance, place a strong emphasis on fraud prevention, which may reduce
opportunities for fraud to take place, and fraud deterrence, which could persuade
in individuals not to commit fraud because of the likelihood detection and
punishment
3. It is the responsibility of those charged with governance of the entity to ensure ,
through oversight of management, that the entity establishes and maintains
internal control to provide reasonable assurance with regard to reliability of

2
 PROFE04- AUDITING AND ASSURANCE_PRINCIPLES AND SPECIALIZED INDUSTRIES

financial reporting, effectiveness and efficiency of operations and compliance

with applicable law and regulations
4. It is the responsibility of management, with oversight from those charged with
governance, to establish a control environment and maintain policies and
procedures to assist in achieving the objective ensuring, as far as possible, the
orderly and efficient conduct of the entity’s business

Inherent limitations of an Audit in the context of Fraud

1. Owing to inherent limitations of an audit, there is an unavoidable risk that some
material misstatements of the financial statements will not be detected, even
though the audit is properly planned and performed in accordance with PSAs
2. The risk of not detecting a material misstatement resulting from fraud is higher
than the risk of not detecting a material misstatement resulting from error
because fraud may involve sophisticated and carefully organized schemes
designed to conceal it, such as:
 Forgery
 Deliberate failure to record transactions
 Intentional misrepresentation being made to the auditor

3. The risk of the auditor not detecting a material misstatement resulting from
management fraud is greater than for employee fraud, because management is
frequently in a position to directly or indirectly manipulate accounting records and
present fraudulent financial information
4. The subsequent discovery of a material misstatement of the financial statements
resulting from fraud does not, in and of itself, indicate a failure to comply with
PSAs

Responsibilities of the auditor for detecting material misstatements due to fraud

1. An auditor conducting an audit in accordance with PSAs obtains reasonable
assurance that the financial statements taken as a whole are free from material
misstatement, whether caused by fraud or error
2. An auditor cannot obtain absolute assurance that material misstatements in the
financial statement will be detected because of such factors as of the following:
 use of judgment
 use of testing
 inherent limitations of internal control
 the fact that much of the audit evidence available to the auditor is
persuasive rather than conclusive in nature
3. The auditor should maintain an attitude of professional skepticism throughput the
audit, recognizing the possibility that a material misstatement due to fraud could

3
 PROFE04- AUDITING AND ASSURANCE_PRINCIPLES AND SPECIALIZED INDUSTRIES

exist, notwithstanding the auditor’s past experience with the entity about the
honesty and integrity of management and those charged with governance
4. Members of the engagement team should discuss the susceptibility of the entity’s
financial statements to material misstatement due to fraud
5. Risk assessment procedures
The auditor should perform risk assessment procedures to obtain an
understanding of the entity and its environment, including its internal
control. As part of this work, the auditor performs the following procedures
to obtain information that is used to identify the risks of material
misstatements due to fraud:
1. Makes inquiries of management, of those charged with governance,
and of others within the entity as appropriate and obtains an
understanding of how those charged with governance exercise
oversight of management’s processes for identifying and responding to
the risks of fraud and he internal control that management has
established to mitigate these risks
2. Considers whether one or more fraud risk factors are present
3. Considers any unusual or unexpected relationships that have been
identified in performing analytical procedures
4. Considers other information that may be helpful in identifying the risks
of material misstatement due to fraud.

Responses to the risks of material misstatement due to fraud

1. The auditor should determine overall responses to address he assessed risks of
material misstatement due to fraud at the financial statement level and should
design and perform further audit procedures whose nature, timing and extent are
responsive to the assessed risks at the assertion level
2. In determining overall responses to address the risks of material misstatement
due to fraud at the financial statement level the auditor should:
 Consider the assignment and supervision of personnel
 Consider the accounting policies used by the entity; and
 Incorporate an element of unpredictability in the selection of the
nature, timing and extent of audit procedures
3. Audit procedures responsive to risks of material misstatement due to fraud
at the assertion level
The auditor’s responses may include changing the nature, timing, and extent of
audit procedures in the following ways:
a. The nature of audit procedures to be performed may need to be changed
to obtain audit evidence that is more reliable and relevant to obtain
additional corroborative information

4
 PROFE04- AUDITING AND ASSURANCE_PRINCIPLES AND SPECIALIZED INDUSTRIES

b. The timing of substantive procedures may need to be modified. The

auditor may conclude that performing substantive testing at or near the
period end better addresses an assessed risk of material misstatement
due to fraud
c. The extent of the procedures applied reflects the assessment of the risks
of material misstatement due to fraud. For example, increasing sample
sizes or performing analytical procedures at a more detailed level may be
appropriate
4. To respond to the risk of management override of controls, the auditor should
design and perform audit procedures to:
a. Test the appropriateness of journal entries recorded in the general ledger
and other adjustments made in the preparation of the financial statements
b. Review accounting estimates for biases that could result to material
misstatement due to fraud
c. Obtain an understanding of the business rationale of significant
transactions that the auditor become aware of that are outside the normal
course of the business for the entity, or that otherwise appear to be
unusual given the auditor’s understanding of the entity and its environment

Evaluation of audit evidences

1. The auditor should consider whether analytical procedures that are performed at
or near the end of audit when forming an overall conclusion as to whether the
financial statements as a whole are consistent with auditor’s knowledge of the
business indicate a previously unrecognized risk of material misstatement due to
fraud
2. When the auditor identifies the misstatement, the auditor should consider
whether such a misstatement may be indicative of fraud and if there is such an
indication the auditor should consider the implications of the misstatement in
relation to other aspects of the audit, particularly the reliability of management
representations
3. When the auditor confirms that, or is unable to conclude whether, the financial
statements are materially misstated as a result of fraud, the auditor should
consider the implications for the audit

Management representations
The auditor should obtain written representations from management that:
a. It acknowledges its responsibility for the design and implementation of internal
control to prevent and detect fraud
b. It has disclosed to the auditor the results of its assessment of the risk that the
financial statements may be materially misstated as a result of fraud

5
 PROFE04- AUDITING AND ASSURANCE_PRINCIPLES AND SPECIALIZED INDUSTRIES

c. It has disclosed to the auditor its knowledge of fraud or suspected fraud affecting
the entity involving:
i. Management
ii. Employees who have significant roles in internal control
iii. Others where the fraud could have a material effect on the financial
statements and
d. It has disclosed to the auditor its knowledge of any allegations of fraud, or
suspected fraud, affecting the entity’s financial statements communicated
by the employees, former employees, analysts, regulators or others

Communication with management and those charged with governance

1. If the auditor has identified a fraud or has obtained information that indicates that
a fraud may exist, the auditor should communicate these matters as soon as
practicable to the appropriate level of management
2. If the auditor has identified fraud involving management, employers who have
significant roles in internal control, or others where the fraud results in a material
misstatement in the financial statements, the auditor considers seeking legal
advice to assist in the determination of the appropriate course of action
3. If the integrity or honesty of management or those charged with governance is
doubted, the auditor considers seeking legal advice to assist in the determination
of the appropriate course of action
4. The auditor should make those charged with governance and management
aware, as soon as practicable, and at the appropriate level of responsibility, of
material weaknesses in the design or implementation of internal control to
prevent and detect fraud which may have come to the auditor’s attention
5. The auditor’s professional duty to maintain the confidentiality of client information
may preclude reporting fraud to a party outside the client the entity. However, the
duty of confidentiality may be overridden by regulatory requirements

Auditor unable to continue the engagement

1. If , as a result of a misstatement resulting from fraud or suspected fraud, the
auditor encounters exceptional circumstances that bring into question the
auditor’s ability to continue performing audit, the auditor should:
a. Consider the professional and legal responsibilities applicable in the
circumstances, including whether there is a requirement for the auditor
to report to the person or persons who made the audit appointment or,
I some cases, to regulatory authorities
b. Consider the possibility of withdrawing from the engagement; and
c. If the auditor withdraws:

6
 PROFE04- AUDITING AND ASSURANCE_PRINCIPLES AND SPECIALIZED INDUSTRIES

i. Discuss the appropriate level of management and those charged

with governance the auditor’s withdrawal from the engagement and
the reasons for the withdrawal; and
ii. Consider whether there is a professional or legal requirement to
report to the person or persons who made the audit appointment or,
in some cases, to regulatory authorities, the auditor’s withdrawal
from the engagement and the reasons for the withdrawal

Documentation
1. The documentation of the auditor’s understanding of the entity and its
environment and the auditor’s assessment of the risks of material misstatement
should include:
a. The significant decisions reached during the discussion among the
engagement team regarding the susceptibility of the entity’s financial
statements to material misstatement due to fraud
b. The identified and assessed risks of material misstatement due to
fraud at the financial statement level and at the assertion level
2. The documentation of the auditor’s responses to the assessed risks of material
misstatement should include:
a. The overall responses to the assessed risks of material misstatement
due to fraud at the financial statement level and the nature, timing and
extent of audit procedure, and the linkage of those procedures with the
assessed risks of material misstatement due to fraud at the assertion
level
b. The results of the audit procedures, including those designed to
address the risk of management override of controls
3. The auditor should document the communications about fraud made to
management, those charged with governance, regulators and others
4. When the auditor has concluded that the presumption that there is a risk of
material misstatement due to fraud related to revenue recognition is not
applicable in the circumstances of the engagement, the auditor should document
the reasons for that conclusion

7
 PROFE04- AUDITING AND ASSURANCE_PRINCIPLES AND SPECIALIZED INDUSTRIES

PSA 250 CONSIDERATIONS OF LAWS AND REGULATIONS IN AN AUDIT OF

FINANCIAL STATEMENTS

1. “Noncompliance” as used in PSA 250 refers to acts of omission or commission

by the entity being audited, either intentional and unintentional, which are
contrary to the prevailing laws and regulations
2. Noncompliance does not include personal misconduct (unrelated to the business
activities of the entity) by the entity’s management or employees
3. When planning and performing audit procedures and in evaluating and reporting
the results thereof, the auditor should recognize that noncompliance by the entity
with laws and regulation may materially affect the financial statements

Responsibility of management for the compliance with laws and regulations

1. It is management’s responsibility to ensure that the entity’s operations conducted
in accordance with laws and regulations
2. The responsibility for the prevention and detection of noncompliance rests with
management
3. The following policies and procedures, among others, may assist management in
discharging its responsibilities for the prevention and detection of noncompliance:
 Monitoring legal requirements and ensuring that operating procedures are
designed to meet these requirements
 Instituting and operating appropriate systems of internal control
 Developing, publicizing and following a Code of Conduct
 Ensuring employees are properly trained and understand the Code of
Conduct
 Monitoring compliance with the Code of Conduct and acting appropriately
to discipline employees who fail to comply with it
 Engaging legal advisors to assist in monitoring legal requirements
 Maintaining a register of significant laws with which the entity has to
comply within its particular industry and a record of complaints

The auditor’s consideration of compliance with laws and regulations

8
 PROFE04- AUDITING AND ASSURANCE_PRINCIPLES AND SPECIALIZED INDUSTRIES

1. The auditor is not, and cannot be held responsible for preventing noncompliance
2. The auditor should plan and perform the audit with an attitude of professional
skepticism recognizing that the audit may reveal conditions or events that would
lead to questioning whether an entity is complying with laws and regulations
3. In order t plan the audit, the auditor should a general understanding of the legal
and regulatory framework applicable to the entity and the industry and how the
entity is complying with that framework
4. After obtaining the general understanding, the auditor should perform procedures
to help identify instances of noncompliance with those laws and regulations
where non compliance should be considered when preparing financial
statements specifically:
a. Inquiring of management as to whether the entity is in compliance with
such laws and regulations
b. On receipt of an inquiry from the proposed auditor, the existing auditor
should advise whether there are any professional reasons why the
proposed auditor should not accept the appointment. If permission
from the client to discuss its affairs with the proposed auditor of denied
by the client, the fact should be disclosed to the propose auditor

Reference:
Compilation of Lecture Notes by Dean Rene Boy R. Bacay, CPA, MBA, FRIAcc

For further discussion please refer to the link provided:

Auditor’s Responsibilities Regarding Fraud- https://www.youtube.com/watch?v=ybi4EZ-zrKs

PSA 260 Communications of Audit Matters- https://www.youtube.com/watch?v=kDoHfMAaSx0

PSA 240 (REVISED 2006) The Auditor’s Responsibility to Consider Fraud- https://www.youtube.com/watch?v=RaSlVxADoKc