Shifts in the economy, geopolitical landscape, and technological developments have created an environment in which companies are potentially more vulnerable to fraud. In recent years, as major corporate failures and scandals continue to be in the spotlight, fraud has become a growing area of focus. Regulators, investors, and other interested parties expect auditors to remain vigilant and to think critically about fraud.
The mitigation of fraud risk is most effective when all participants of the financial reporting ecosystem fulfill their roles in deterring and detecting fraud. Auditors, although often the last line of defense due to the scope and timing of their engagements, are among the many stakeholders whose influence and responsibilities have a significant impact on fraud deterrence and detection.
Auditors should continually strive to enhance their professional skepticism to effectively assess and respond to fraud risks, including considering when it may be important to elevate the basic level of skepticism that is applied throughout the process of any audit and being cognizant of biases that can impede professional skepticism.
The auditor’s fraud risk assessment is an iterative process that occurs throughout the audit and is a critical element of planning and performing an audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or by fraud. Auditors may consider the following as they plan and perform their fraud risk assessment and design procedures to address identified fraud risks:
- Management’s fraud risk assessment: Understanding management’s fraud risk assessment, including their anti-fraud processes and controls and the operation and results of their monitoring activities, can be helpful to the auditor in considering where and how fraud could occur.
- Fraud brainstorming: Effective fraud brainstorming involves active participation from audit team members of all levels of experience. Audit teams should have the mindset that fraud can occur at any organization and can be perpetrated by individuals across the organization.
- The fraud triangle: Auditors may find the fraud triangle helpful to consider throughout the audit. When assessing and responding to fraud risks, auditors can leverage the fraud triangle in considering specific risks of material misstatement from fraud and in designing audit responses tailored to those risks.
- Fraud expertise: To the extent fraud expertise and capabilities exist in an auditor’s firm, in certain circumstances it may be beneficial to leverage such expertise to assist with fraud risk assessment procedures, including in identifying potential fraud schemes and fraud risk factors and ultimately identifying and assessing risks of material misstatement due to fraud.
- Training: It is important that all auditors, including less experienced auditors, be trained in the auditor’s role in assessing and responding to fraud risks and evaluating audit evidence, as well as in how to maintain a “fraud lens” throughout the audit. Creating an environment that is conducive to asking questions related to fraud can elevate less experienced auditors’ fraud awareness during an audit and empower auditors to raise concerns.
This publication provides insights into practices, tools, and considerations that can help auditors, especially those with less experience, enhance their professional skepticism and overall approach to assessing and responding to the risks of material misstatement resulting from fraud during the audit. It also provides clarity and understanding of the auditor’s current role and responsibilities related to fraud, which may provide insights for those who are involved in evaluating and using financial reporting information as well as for policymakers and regulators.