There has been debate, and confusion, over an auditor’s responsibility in the detection of fraud in financial statements. The economic downturn is changing the nature and scale of fraud and the integrity risks that organisations face; there is more focus on an auditor’s responsibility in unearthing the likelihood of fraud.
While an audit is not designed to detect fraud, auditors need to be aware that the possibility always exists, even if the internal controls are well-designed and operating well. This includes an increased emphasis on consideration of potential management bias, incomplete or omitted disclosures, and the risk of overlooking unusual circumstances.
reporting responsibility
The auditor’s objective is to express an opinion on the financial statements. He should plan and perform the audit to obtain reasonable assurance that the statements are free of material misstatement due to error or fraud.
According to the reporting requirements laid down by the Companies Act of India 1956, an auditor is required to comment on whether any fraud by the company has been noticed or reported during the year. If yes, then the nature and the amount involved has to be indicated. Two types of misstatements are relevant — those arising from fraudulent financial reporting, and those arising from misappropriation of assets.
The Standard on Auditing 240 issued by the CA Institute sets out the guidelines for auditors.
An auditor should maintain a high level of professional scepticism, and be on the lookout for circumstances that could cause financial statements to be materially misstated. This calls for a questioning mind and a critical assessment of audit evidence. Moreover, the auditor should not be satisfied with less-than-persuasive evidence.
He/she should evaluate and design appropriate audit procedures for specific fraud risks in a company. These include recognition of revenue, management override of controls, significant related party transactions and unusual or highly complex transactions, among others. In addition, the management’s attitude towards risk assessment, internal control deficiencies, and whistleblower programmes (including oversight) play a significant role in the auditor’s evaluation of fraud risks. Probing questions should be high on an auditor’s agenda, and these should be addressed to the management, audit committees or equivalent, and those charged with governance.
Tone at the top
Going by the proposals of the Companies Bill 2011, the law is set to enforce strict measures with regard to fraud in the affairs of a company or corporate body. For the first time, the Bill includes the meaning of fraud, and prescribes substantial penalties, including imprisonment between six months and 10 years, and fines ranging from the amount involved in the fraud to three times the amount. The Bill also contains a provision that makes the auditor or partner(s) of the audit firm liable for fine and punishment under certain circumstances. Whilst this is just a bird’s-eye view, the devil is in the details.
To conclude, it is for those charged with governance to set the right tone at the top, with the CEO’s active support, and take the lead on fraud and integrity issues. The management should not rely on the auditor alone to detect or scout for fraud, as they are responsible for the prevention, detection and deterrence.
Arvind Nath is Associate Director Price Waterhouse