Beyond the EU: DORA and NIS 2 Directive's Global Impact
2018 chapter 6 aud40AT
1. TOPIC UNDER DISCUSSION
AUDITOR’S RESPONSIBILITY IN RELATION TO FRAUD IN AN
AUDIT OF AFS (ISA 240)
Prescribed textbook
Dynamic Auditing
12th edition
2
2. PREVIOUS STUDY UNITS
(RECALL)
You learnt about:
• Identification and assessing the risk of material misstatement:
- At the financial statement level
- At assertion level (classes of tractions, account balances and
disclosures
• (How - To provide a basis for designing and performing audit
procedures)
3
3. TOPICS: OVERVIEW
COURSE OUTCOMES:
After having completed this module, students should be able to:
• Apply the principles and statutory provisions governing auditor’s
responsibility in respect of fraud and error in practical scenarios
• Discuss matters auditors should consider in pre-engagement and
planning activities in various pragmatic contexts
• Discuss sources and methods of gathering audit evidence and apply
related assertions during different stages of audit process
• Evaluate a computerized information system and recommend
improvements in the auditing context
• Evaluate sampling approaches adopted for audit execution
purposes
• Apply the framework for internal control in various real business
scenarios
4
4. TOPIC 1: OVERVIEW
• Introduction and overview
Learning outcomes/(Expectations) – refer to page 17, para. 3.2 study guide
NB: After this session, you should be able to:
- Apply the principles and statutory provisions governing auditor’s
responsibility in respect of fraud and error in practical scenarios
5
5. TOPIC 1: OVERVIEW
Assessment criteria
• Auditor responsibilities for the prevention and detection of fraud can
be described
• Circumstances under which fraud is committed and who commits it
can be described
• Elements of fraud and error can be explained
• Common indicators and detection techniques associated with fraud
can be identified
• Processes of communicating with governance can be described
• Relevant procedures that the auditor should consider in resect of
fraud and errors can be explained
• Do Activity 1 (Student activity)
6
6. ASSESSMENT METHODS
• Written test(s) (Formative assessment) =50%
• Written exam(s) (Summative assessment)=50%
• Final grading to pass = 50%
7
7. Overview: Financial Statements
8
• Are structured representation of historical financial information
• They include notes which communicates an entity’s economic
resources and obligations
• Notes ordinarily comprise a summary of accounting policies, and
other explanatory information
• NB: Refers to a complete set as determined by the requirements of
the applicable financial reporting framework
8. Overview: Auditors’ Responsibilities regarding Fraud
• Major scandals that have affected the accounting profession in
recent times have usually been as a result of fraud
• Therefore, in order to maintain confidence in the profession, it is
important for auditors and directors to understand their role in the
prevention and detection of fraud
• NB: ISA 240 the Auditor's Responsibilities Relating to Fraud in an
Audit of Financial Statements recognises that misstatement in the
financial statements can arise from either fraud or error
• The differentiating factor is whether the underlying action that
resulted in the misstatement was intentional or unintentional
9
9. Overview: Auditors’ Responsibilities regarding Fraud
Misstatement of the financial statements my consist of any of the
following:
• A difference between the amount, classification or presentation of a
reported financial statement
• The omission of a financial statement element or item
• The financial statement disclosure that is not presented in
accordance with the applicable financial reporting
• Omission of information required to be disclosed in accordance with
the applicable financial reporting framework
10
10. Overview: Auditors’ Responsibilities regarding Fraud
What causes the misstatements?
• Misstatements can result from error or fraud
Error: is unintentional misstatements or omissions of amounts or
disclosures and involve:
- Mistakes in gathering or processing of data from which financial
statements are prepared
- Misinterpretation of facts
- Mistakes in the application of accounting principles relating to
amount, classification, presentation or disclosure
11
11. Overview: Auditors’ Responsibilities regarding Fraud
Fraud:
• An intentional act
• By one or more individuals among management, those charged with
governance, employees or third parties involving the use of
deception to obtain an unjust or illegal advantage
12
12. Overview: Auditors’ Responsibilities regarding Fraud
Here are key distinction between FRAUD and ERROR:
• Fraud = Deliberate/intention
• Error = Unintentional
NB:
• There may be little or no difference between fraud and error
• They both have an impact on the audit of financial statements
13
13. Overview: Auditors’ Responsibilities regarding Fraud
Now – I want you to think about the following terms:
• Forensic accounting
• Forensic audits
• Forensic investigation
NB: these terms are closely connected
Definitions:
• Forensic: in general terms is used in connection with courts of laws
• In accounting terms: it refers to the use of accounting information
for legal purposes (to resolve legal disputes)
14
14. Overview: Auditors’ Responsibilities regarding Fraud
Forensic accounting
• It involves preparing financial information for use as evidence by a
court of law
Forensic investigation
• Is a forensic audit carried out in response to a suspicion of wrong
doing (to prove or disprove certain assumptions)
• For example = Person X is carrying out fraud
= Person Y was negligent in carrying out his or her
work
Forensic audit
• It refers to the methods and procedures used to obtain audit
evidence
15
15. Overview: Auditors’ Responsibilities regarding Fraud
• NB: It is important to note that fraud is a criminal activity. It is not the role
of an auditor to determine whether fraud has actually occurred. That is the
responsibility of a management’s system. Auditors must be aware of the
impact of both fraud and error on the accuracy of the financial statements
Fraud can be further split into two types:
• fraudulent financial reporting - deliberately misstating the accounts
to make the company look better/worse than it actually is
• misappropriation of assets - the theft of the company's assets such
as cash or inventory.
16
16. Overview: Auditors’ Responsibilities regarding Fraud
Misstatement arising from fraudulent financial reporting
Examples:
- Write-offs of uncollectible accounts
- Making fictitious journal entries, the effect of which was to
understate doubtful accounts expense
Misstatement arising from misappropriation of assets
Examples:
• It involves theft:
- Embezzling cash
- Stealing assets
- Causing the business organisation to pay goods or services not
received
17
17. Overview: Auditors’ Responsibilities regarding Fraud
The external auditor's responsibilities
• The external auditor is responsible for obtaining reasonable
assurance that the financial statements, taken as a whole, are free
from material misstatement, whether caused by fraud or error
• Therefore, the external auditor has some responsibility for
considering the risk of material misstatement due to fraud
• NB: In order to achieve this auditors must maintain an attitude of
professional scepticism
• This means that the auditor must recognise the possibility that a
material misstatement due to fraud could occur, regardless of the
auditor's prior experience of the client's integrity and honesty
18
18. Overview: Auditors’ Responsibilities regarding Fraud
Professional scepticism:
• An attitude that includes a questioning mind, being alert to conditions which
may indicate possible misstatement due to error or fraud, and a critical
assessment of evidence
• The auditor shall plan and perform an audit with professional scepticism
recognising that circumstances may exist that cause the financial
statements to be materially misstated
Professional scepticism includes being alert to, for example:
• Audit evidence that contradicts other audit evidence obtained
• Information that brings into question the reliability of documents and
responses to inquiries to be used as audit evidence
• Conditions that may indicate possible fraud
• Circumstances that suggest the need for audit procedures
19
19. Overview: Auditors’ Responsibilities regarding Fraud
• ISA 315 Identifying and Assessing the Risks of Material
Misstatement Through Understanding the Entity and Its Environment
goes further than this general concept and requires that
engagement teams discuss the susceptibility of their clients to fraud
• The engagement team should also obtain information for use in
identifying the risk of fraud when performing risk assessment
procedures
• To be able to make such an assessment auditors must identify,
enquiry how management assesses and responds to the risk of
fraud
• The auditor must also enquire of management, internal auditors
and those charged with governance if they are aware of any
actual or suspected fraudulent activity
• Management’s communication to employees regarding its views on
business practices and ethical behaviour
20
20. Overview: Auditors’ Responsibilities regarding Fraud
Reporting fraud – par 2.7
• If the auditors identify a fraud, they should communicate the matter
on a timely basis to the appropriate level of management (i.e. those
with the primary responsibility for prevention and detection of fraud)
• If the suspected fraud involves management the auditor shall
communicate such matters to those charged with governance
• If the auditor has doubts about the integrity of those charged with
governance they should seek legal advice regarding an appropriate
course of action
• In addition to these responsibilities the auditor must also consider
whether they have a responsibility to report the occurrence of a
suspicion to a party outside the entity
• Whilst the auditor does have an ethical duty to maintain
confidentiality, it is likely that any legal responsibility will take
precedent. In these circumstances it is advisable to seek legal
advice
21
21. Overview: Auditors’ Responsibilities regarding Fraud
Responsibility of Management and those charged with governance:
• The management/directors have a primary responsibility for the
prevention and detection of fraud
• By implementing an effective system of internal control they should
reduce the possibility of undetected fraud occurring to a minimum
• The directors should be aware of the potential for fraud and this
should feature as an element of their risk assessment and corporate
governance procedures. The audit committee should review these
procedures to ensure that they are in place and working effectively.
This will normally be done in conjunction with the internal auditors.
Internal auditors may be given an assignment:
• to assess the likelihood of fraud, or if a fraud has been discovered,
• to assess its consequences and
• to make recommendations for prevention in the future
22
22. Overview: Auditors’ Responsibilities regarding Fraud
Audit procedures
• Discussion amongst the engagement team regarding the susceptibility of
the client to fraud;
• Consider the risk of fraud when documenting and testing internal controls;
• Enquiring of management how they: assess the risk of fraud; and identify
and respond to the risks of fraud;
• Enquiring of management whether they have any knowledge of actual or
suspected frauds;
• Enquiring of internal audit whether they have any knowledge of actual or
suspected frauds;
• Enquiring of those charged with governance how they exercise oversight of
management's process for identifying and responding to the risk of fraud;
and
• Enquiring of those charged with governance whether they have any
knowledge of actual or suspected frauds;
23
23. Overview: Auditors’ Responsibilities regarding Fraud
Three Conditions That Increase the Risk of Fraud
An incentive/pressures
An opportunities
An attitudes/rationalization
NB: The key to deterring fraud is to understand how and why people commit
fraud.
• Knowing the “how” helps managers and business owners create policies
and design internal controls to reduce the occurrence of fraud
• The “why” is much more complicated, but just (if not more) important.
(Financial pressures; personal habits (gambling, drugs, alcohol);
underpaid, not promoted, high debt level).
24
24. Responsibility for prevention and detection of fraud
• Management}
• Oversight structures}
• Auditors
The auditor should perform the following procedures to obtain information to
identify the risks of material misstatement due to fraud:
• Discussion among the audit team members regarding the risks of material
misstatements due to fraud
• Inquire of management, those charged with governance about their views of
fraud and how it is addressed
• Consider any unusual or unexpected relationships that have been identified
in performing analytical procedures
• Consider whether one or more fraud risk factors exist
• Consider any other information that might indicate the possibility of fraud
25
25. PROFESSIONAL SCEPTICISM
Professional Scepticism:
Is an attitude that includes a questioning mind
Being alert to conditions which may indicate possible misstatement
due to error or fraud
Having a critical assessment of evidence
26
26. PROFESSIONAL SCEPTICISM
Student Do Activity 1
Explain the aspects to be considered by an auditor in an attitude of
professional scepticism.
Answer (Refer: p6-7 of the prescribed book)
27
27. FRAUD RISK FACTORS
There are three (3) conditions for fraud:
An incentive/pressures
An opportunities
An attitudes/rationalization
28
28. FRAUD RISK FACTORS
UNDERSTANDING FRAUD AND CORRUPTION TRIANGLE
• Pressure may take one or a combination of the following forms:
– Financial pressures;
– Personal habits (gambling, drugs, alcohol);
– Work-related factors (overworked, underpaid, not promoted);
– Achieve financial and other targets for compensation or other
incentive(s);and
– High debt level.
29
29. FRAUD RISK FACTORS
UNDERSTANDING FRAUD AND CORRUPTION TRIANGLE
• Opportunities may arise due to one or a combination of the
following:
– Poor internal control;
– No/inadequate fraud awareness;
– Treat fraudster with leniency;
– Rapid turnover of employees;
– Use of different banks;
– Weak subordinate personnel; and
– Absence of mandatory vacations.
30
30. FRAUD RISK FACTORS
UNDERSTANDING FRAUD AND CORRUPTION TRIANGLE
• Rationalisation may take one or a combination of the following
forms:
– I am only borrowing the money and will pay it back;
– Nobody will get hurt;
– The organisation treats me unfairly and owes me;
– It is for a good purpose; and
– No one will ever find out.
NB: More examples (para. 2.9, page 6-10 to 12)
31
31. REPORTABLE IRREGULARITIES
Section 45 (1) of the APA defines a reportable irregularity as follows:
• “reportable irregularity” means any unlawful act or omission
committed by any person responsible for the management of an
entity, which —
(a) has caused or is likely to cause material financial loss to the
• entity or to any partner, member, shareholder, creditor or
• investor of the entity in respect of his, her or its dealings with
• that entity; or
(b) is fraudulent or amounts to theft; or
(c) represents a material breach of any fiduciary duty owed by such
• person to the entity or any partner, member, shareholder,
• creditor or investor of the entity under any law applying to the
• entity or the conduct or management thereof.
32
32. REPORTABLE IRREGULARITIES
Fiduciary = (A person who has a fiduciary duty)
• An individual in whom another has placed the utmost trust and
confidence to manage and protect property or money
• The relationship wherein one person has an obligation to act for
another's benefit
• It encompasses the idea of faith and confidence (Mere respect for
another individual's general trust or character is insufficient for the
creation of a fiduciary relationship)
• The duties of a fiduciary include loyalty and reasonable care of the
assets within custody
33
33. REPORTABLE IRREGULARITIES
An unlawful act or omission
• For a reportable irregularity to exist there must be an unlawful act or
omission, committed by any person responsible for the management
of an entity.
• An unlawful act would be an act which is contrary to any law
passed by a government which applies to the activities of the entity,
an act which is contrary to regulation and an act which is contrary to
accepted common law principles.
34
34. Overview: Auditors’ Responsibilities regarding Fraud
REPORTABLE IRREGULARITIES
• The Independent Regulatory Board for Auditors, the regulator of
the auditing profession - requires all Registered Auditors to comply
with Section 45(1) of the Auditing Profession Act, Act 26 of 2005
In terms of section 45 of the Auditing Profession Act, the process that
the auditor must follow when a potential reportable irregularity is
discovered is as follows:
• An individual registered auditor that is satisfied or has reason to
believe that a reportable irregularity has taken place or is taking
place must, without delay, send a written report to the Regulatory
Board;
35
35. Overview: Auditors’ Responsibilities regarding Fraud
REPORTABLE IRREGULARITIES
• The registered auditor must within three days after sending the
report in notify members of the management board that he had
sent such report;
• The registered auditor must, within 30 days after having sent the
first report to the Regulatory Board, take reasonable measures to
discuss the matters with the members of the management board,
obtaining representations from them, and then send a second
report to the Regulatory Board which either confirms or dispels the
auditor's initial suspicion.
36
36. Overview: Auditors’ Responsibilities regarding Fraud
REPORTABLE IRREGULARITIES
Send another report to the Regulatory Board, which report must include
— a statement that the registered auditor is of the opinion that —
• no reportable irregularity has taken place or is taking place; or
• the suspected reportable irregularity is no longer taking place and
that adequate steps have been taken for the prevention or recovery
of any loss as a result thereof, if relevant; or
• the reportable irregularity is continuing; and
37
37. Overview: Auditors’ Responsibilities regarding Fraud
The impact of reportable irregularities on the audit opinion
• Section 44 of the APA – an auditor may not express an opinion that
the financial statements fairly present
• The auditor may modify
• An appropriate modification is required in the event that:
- The reporting process to IRBA is incomplete
- A reportable irregularity did exist
- A reportable irregularity existed and is continuing
38
38. Overview: Auditors’ Responsibilities regarding Fraud
Situations which may require action in terms of section 45
• Fraud in relation to the financial statements
• Clients trading while their liabilities exceeded their assets
• Non- compliance with laws and regulations
• Incomplete tax or other returns issued to SARS
• Bribery and other illegal acts
• Failure to present books for audit
• Failure to issue financial statements within six months of year end
39
39. Overview: Auditors’ Responsibilities regarding Fraud
AUDTIOR’S LIABILITY
• Auditors are potentially liable for both criminal and civil offences
• This occurs when individual auditor or organisations (audit firm)
breach a government imposed law; in other words criminal law
governs relationships between entities and the state. Civil law, in
contrast, deals with disputes between individual auditor and/or
organisations (audit firm)
The following are the main relevant considerations:
Breach of contract
Common law delict
Liability under sec 46 of the APA of 2005
40
40. AUDTIOR’S LIABILITY
• Duty
– Defined in the engagement letter
• Breach of contract
– Auditor did not perform obligations listed in the engagement
letter or
– Performance did not meet professional standards
41
41. AUDTIOR’S LIABILITY
Breach of contract
Criminal offences:
• Individual or organisation auditors are bound by the laws in the
countries in which they operate
• Auditors could be prosecuted for acts such as fraud
• For example, an auditor knowingly, or recklessly report any matter
that is misleading, false or deceptive
• This means that auditors could be prosecuted in a criminal court for
either knowingly or recklessly issuing an inappropriate audit opinion
NB: for any damage, the following will have to be proved:
• Contractual relationship
• Breach of contract
• Loss suffered as a result of the breach
42
42. AUDTIOR’S LIABILITY
Common Law delict
• An auditor could be sued by the shareholders, therefore shareholders can
seek remedy from an auditor if they fail to comply with the terms of an
engagement letter
• Under the law, an auditor can be sued for negligence if they breach a duty
of care towards a third party who consequently suffers some form of loss
• In order to claim against the auditor, the following requirements must be
met:
- Incorrect stated financial position of the company was an intentional or
negligent
- An auditor knew that the financial statements will be relied upon
- Loss suffered by the third party was caused by relying on incorrect financial
statements
- Loss suffered was a financial loss
- An auditor failed to observe necessary degree of care and skill
43
43. AUDTIOR’S LIABILITY
Measures to manage the risk of legal liability:
• Identify the terms of the engagement
• Define the specific tasks to be undertaken
• Define the responsibilities to be undertaken by the client
• Specify any limitations on the work to be performed
• Define the purpose of reports
• Restricting the use of the accountant’s name
• Identifying the authorised recipients of reports
• Limiting or excluding liability to a third party
• Defining the scope of professional competence
44
44. ISA 250
Consideration of laws and regulations in an audit of AFS
Student Do Activity 2
Describe the audit procedures which an auditor could perform when a
non-compliance is identified or suspected.
Feedback: (para.4.2, page 6/17-18)
45
45. Communication to those charged with governance
Role of communication
• Assist the auditor and governance to understand the matters related
to the audit
• Assist the auditor in obtaining information relevant to the audit
• Assist governance in fulfilling their responsibility to oversee the
financial reporting process
Matters to be communicated
• Responsibilities of the auditor in relation to the financial statements
audit
• Planned scope and timing of the audit
• Significant findings from the audit
• Issues regarding auditors independence
• Preliminary views on key audit matters
46
46. MONEY LAUNDERING
Money laundering:
• is the process by which criminals attempt to hide and disguise the
true origin and ownership of the proceeds of their criminal activities,
thereby avoiding prosecution, conviction and confiscation of the
criminal funds
• It is commonly known as the proceeds of crime
Stages of Money Laundering
Placement: Physical disposal of cash proceeds derived from illegal
activity
Layering: Separating illicit proceeds from their source by creating
complex layers of financial transactions designed to
hamper audit trail, disguise origin of funds and provide
anonymity to true owner
Integration: Placing laundered proceeds back into financial system in
such a way as to appear to be legitimate business funds
47
47. MONEY LAUNDERING
South African Anti-Money Laundering Legislation:
• Prevention of Organised Crime Act, 121 of 1998 (POCA)
• Financial Intelligence Centre Act, 38 of 2001 (FICA)
• Protection of Constitutional Democracy Against Terrorist and
Related Activities Act, 2004 (PPOOCDATARA)
48
48. MONEY LAUNDERING
POCA
• Introduce measures to combat organised crime, money laundering
and criminal gang activities
• Prohibit certain activities relating to racketeering (the crime of
making money from illegal activities)
• Provide for the prohibition of money laundering
• Create an obligation to report certain information
• Criminalise certain activities associated with gangs
• Provide for the recovery of the proceeds of unlawful activity
49
49. MONEY LAUNDERING
FICA
• Establishment of the Financial Intelligence Centre (FIC)
• Establishment of the Money Laundering Advisory Council
• Deals with administrative duties and reporting obligations
50
50. MONEY LAUNDERING
POCDATARA
• Provide for measures to prevent and combat terrorist and related
activities, and the financing of terrorism and related activities
• Provide for the offence of terrorism
• Provide for Convention offences
• Give effect to international instruments dealing with terrorist and
related activities
• Provide for a mechanism to comply with UN Security Council
resolutions
• Provide for investigative measures in respect of terrorist and related
activities
51
52. Misstatement due to Fraud and Error
Corruption:
– is defined as the misuse of power by someone to whom it has been
entrusted, for his/her own private gain. The most common form of
corruption is bribery, which is the giving or receiving of money, a gift
or other advantage as an inducement to do something that is
dishonest, illegal or a breach of trust in the course of doing business
(RSA, PSC).
53
53. Aspects of audit importance
DISCUSSION AMONG ENGAGEMENT TEAM
Starts from planning
By the engagement partner
NB: THE OBJECTIVES OF THE DISCUSSION INCLUDE:
Share their insights about the entity and environment
Business risks
To provide an opportunity for the team members to discuss how and where
fraud the entity might be susceptible to fraud
Issues of Professional Scepticism – (Emphasize the importance of
maintaining the proper state of mind)
54