Audit Professional

Roles and Responsibilities

Auditors and the Audit function within organisations can wear many different hats relating to fraud depending upon how their role has been defined by the relevant organisation. Whatever the defined role those relevant responsibilities of audit, management and the board should be clearly set out in a relevant policy or statement (See our guidance on Executive Support, Senior Management Responsibility, Proportionate Financial Investment and Clear Policy and Strategy).

In general internal audit’s primary responsible is to provide active oversight and independent assurance to the Board regarding the effectiveness of the organisations’s overall fraud risk management arrangements. Our Organisational Capability Self Assessment Tool may help audit assess those arrangements against internationally agreed standards. In addition our guidance on Estimating Fraud and Error Losses is also relevant.

Auditors must consider in particular the potential for the override of controls or other inappropriate influence over the financial reporting process, such as efforts by management to manage earnings in order to influence the perceptions of analysts or other key stakeholders as to the entity’s performance and profitability. In doing so they must apply professional skepticism. (See our guidance on Risk Management, Analytical Techniques and Proactive Detection).

Audit may also have a role in investigating fraud (although this should to be assumed). Their role (if any) should be set out in a Fraud Response Plan (See Guidance on Effective Investigations). Following an incident of fraud Audit should also assist in identifying the Root Cause of the incident and in particular the design and operation of key controls.

Audit may also play a part in the proactive Fraud Proofing of Policies and Procedures.

Government standards require the following:

Proficiency
Auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organisation, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.

Due Professional Care
Internal auditors must exercise due professional care by considering the probability of significant errors, fraud and non-compliance.

Reporting to Senior Management and the Board
Reporting must also include significant risk exposures and control issues, including fraud risks as needed or requested by senior management and the board.

Risk Management
The internal audit activity must evaluate the potential for the occurance of fraud and how the organisation manages fraud risk.

Engagement Objectives
Internal auditors must consider the probability of significant errors, fraud, non compliance and other exposures when developing engagement objectives.

Financial Reporting Council (FRC) Requirements

International Standards on Auditing (ISA (UK)) 240 published by the Financial Reporting Council (revised in June 2016) sets out the  the auditor’s responsibilities relating to fraud in an audit of financial statements. This is based on the ISAs issued by the International Auditing and Assurance Standards Board (IAASB), published by the International Federation of Accountants (IFAC. This focuses on the risk of material misstatement due to fraud.

An auditor conducting an audit in accordance with ISAs (UK) is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error (fraud = intentional mis-statement, error=unintentional misstatement). Two types of intentional misstatements are relevant to the auditor – misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets.

Summary of Key Guidance and Resources

These resources may be of particular interest to an Audit Professional.