Written by: Jonathan Millar, Product Manager (Audit)
Fraud seems to be a word that has never been far away from the headlines in the past few weeks. Whether it is on Donald Trump’s Twitter account claiming voting irregularities in the Presidential Election or reports of incorrect application of schemes associated with the Chancellor’s package of measures to support the economy during the pandemic, fraud seems to be big business.
With the raft of acronyms launched by Rishi Sunak over the past 9 months (Coronavirus Job Retention Scheme (CJRS), Job Retention Bonus (JRB), Self-Employment Income Support Scheme (SEISS) to name a few), many more ways of obtaining public money by fraud have quickly arisen.
The National Audit Office1 has suggested the taxpayer could foot a bill of between £16bn and £26bn in fraud and bad debts on the bounce back loans (BBL) alone, although the true scale of any fraud would not be clear for months, and in September HMRC told the Public Accounts Committee2 that up to £3.5bn in CJRS payments may have been claimed fraudulently or paid out in error.
ISA 240 – The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
Since this snappily titled ISA was adopted in the UK in 2004, auditors have had a specific responsibility in respect of assessing the risks of material misstatement in the financial statements due to fraud and in designing procedures to detect such misstatements. The auditor is responsible for obtaining reasonable assurance that the financial statements as a whole are free from material misstatement, whether caused by fraud or error.
In October, the Financial Reporting Council (FRC) launched a consultation on a proposed revision of its UK standard ISA (UK) 2403. In their notes accompanying the exposure draft4, the FRC explain that since its adoption 16 years ago, the ISA has only received relatively minor updates, and has not been substantively revised over the intervening period.
It goes on to say that concerns have been raised that auditors are not doing enough work to detect material fraud, including by Sir Donald Brydon in his review of the quality and effectiveness of audit. Some high profile business collapses very soon after audit reports were signed off have amplified this situation.
Although the international Auditing and Assurance Standards Board (IAASB) is commencing its own review of ISA 240 the FRC is concerned it could take a number of years before that is finalised and believe it is important to act now to address immediate concerns currently identified in the UK about the auditor’s responsibilities in respect of fraud.
Consultation Paper and Impact Assessment
The Consultation Paper and Impact Assessment accompanying the exposure draft5, goes into greater detail and explanations of the proposed key changes. A revision of the ISA (UK) now also enables the FRC to incorporate changes being brought in by ISA (UK) 315 (Revised July 2020). Both ISA (UK) 315 and the proposed revision to ISA (UK) 240 will have an effective date of accounting periods beginning on or after 15th December 2021.
The consultation is open for comment up until 29th January 2021.
ICAEW Know-How guide
Although the proposed revision will only affect audits in a couple of years’ time, the issues arising out of the current pandemic will be presenting themselves to auditors in this current round of the audit cycle.
To that end the ICAEW’s Audit and Assurance Faculty has issued a Know-How guide ‘How to report on irregularities, including fraud, in the auditor’s report – a guide for auditors’6.
This guide goes on to explain how the requirements changed with ISA (UK) 700 (Revised January 2020) so that for the audit of financial periods commencing on or after 15 December 2019, auditors (where ISAs (UK) apply) are required to explain in the auditor’s report to what extent the audit was considered capable of detecting irregularities, including fraud.
These changes are being included in the latest updates to the CaseWare Audit manuals.
Although the old adage, an auditor “is a watchdog, not a bloodhound” is still in the case law books (Kingston Cotton Mills Company – 1986), it is clear that the current direction of travel in respect of addressing matters arising out of fraud is only going one way.