The recent Parliamentary Joint Committee Inquiry into Audit Quality made two significant proposals, which have the capacity to bridge the expectation gap by tackling stakeholders’ greatest concerns: fraud and unexpected corporate collapse.
- The first proposal is the introduction of an internal controls reporting regime, under which an entity assesses and reports on the effectiveness of its internal controls framework for financial reporting, which is then assured by an external auditor.
- The second is a formal review of the sufficiency and effectiveness of reporting in relation to the prevention and detection of fraud and management’s assessment of going concern.
Issues of ongoing concern are top of mind
These proposals are of special significance in the current economic climate when many businesses have ongoing concern issues. In our last article, we discussed the role of an external auditor in assessing the impact of COVID-19 on business performance and future profitability. Clearly, auditors make an assessment of a business’s financial viability at a point in time and cannot predict future events. Corporate failure should not be attributed to auditors, this is the responsibility of managers and directors. So, what can the auditor do to help management identify and address issues relating to the prevention and detection of fraud?
The primary responsibility of the external auditor is to check that ‘the financials are right.’ However, it’s clear from the Parliamentary Inquiry that stakeholders also expect that auditors should be involved in checking that the control environment is sound and giving some confidence that the business is going to continue to exist in the medium term. Should issues relating to fraud be included?
What do Auditing Standards say?
ASA 240 (The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report) suggests that the auditor’s duties in relation to the detection of fraud and misconduct are limited to that which would have a material impact on the audited entity’s financial statements.
The standard identifies 3 key objectives of the auditor in relation to fraud (s11):
- To identify and assess the risks of material misstatement of the financial report due to fraud;
- To obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; and
- To respond appropriately to fraud or suspected fraud identified during the audit.
So who is responsible for the detection and prevention of fraud?
There are 2 main views. One states that management is responsible for the detection and prevention of fraud. Management:
- Is responsible for day-to-day business operations;
- Is responsible for developing and implementing controls;
- Has authority over people, systems and records; and
- Has the knowledge and authority to make decisions.
Therefore, fraud prevention and detection is their problem.
Auditors, on the other hand:
- Have expertise in the evaluation and design of controls;
- Review and evaluate business operations and controls; and
- Have a requirement to exercise due diligence in the execution of audit reports.
The reality is that both management and auditors have roles to play in the prevention and detection of fraud. The best scenario is one where management, employees, internal and external auditors work together to combat fraud and misstatement. Internal controls alone are not sufficient. It’s clear from some recent corporate collapses that business culture and management style are a high-risk factor for corporate fraud. And external auditors have no control over firm culture … or do they?
What should those charged with governance do to prevent fraud?
In most entities, governance is the collective responsibility of a governing body, such as a board of directors, a supervisory board, partners, proprietors, a committee of management, trustees, or equivalent persons. Those charged with governance are also responsible for the prevention and detection of fraud and error.
It is not possible to achieve absolute assurance against fraud and error, but the implementation and continued operation of adequate accounting and internal control systems may reduce the likelihood of such occurrences. Steps that should be taken may include:
- Developing and implementing appropriate frameworks to support a culture of honesty and ethical behaviour. For example:
- Code of Conduct;
- Risk Management;
- Fraud and Corruption Control;
- Internal Audit; and
- Whistle-blower Policy and Procedures.
- Identifying key internal control activities (eg segregation of duties) and periodically testing controls to ensure their effectiveness; and
- Allocating appropriate resources (including systems, training and staffing) and demonstrating commitment to the prevention and detection of fraud (tone from the top).
What should external auditors do to prevent fraud?
Auditors should take steps to ensure that senior management and those charged with governance are aware of the risk and materiality of fraud. All instances of fraud should be identified and made known to employees and other stakeholders; Other steps auditors may take in the prevention of fraud include:
- Encouraging management to develop internal controls that can quickly identify potential issues relating to fraud and misconduct, noting that even simple controls around access to data are important;
- Recommending fraud awareness training and a fraud policy that extends beyond misappropriation of funds and goods to consider material misstatement; and
- Commenting on business goals and objectives to identify unrealistic or stretching performance measures that could result in aberrant behaviour.
In 2022, as businesses emerge from COVID-19 lockdowns, the role of external auditor in providing an accurate assessment on business performance has never been more critical.
The team at National Audits Group recognises the emerging role of external auditor in assisting clients to develop internal controls to ensure that financial information is accurate and reliable. If you’d like further feedback on how we can assist, contact us on Ph 1300 734 707.
Chang Chow | Senior Audit Engagement Manager | National Audits Group | https://www.audits.com.au/
Email: chang.chow@audits.com.au
- Update – Prevention and detection of fraud through audit reporting - 6 October 2021