ICPAK AUDIT MANUAL

8.
8.1.

AUDITORS RESPONSIBILITY TO CONSIDER FRAUD (INCORPORATING ISA 240)

Introduction

The auditor, in the conduct of an audit, is required to obtain reasonable assurance that the financial
statements taken as a whole are free from material misstatements. Misstatements in the financial
statement could arise as a result of fraud or error. The distinguishing factor between fraud and
error is whether the underlying action that results in the misstatement is intentional (fraud) or
unintentional (error).
Error refers to an unintentional misstatement in the financial statements, including the omission of
an amount or a disclosure, which could include:
A mistake in gathering or processing data from which financial statements are prepared.
An incorrect accounting estimate arising from oversight or misinterpretation of facts.
A mistake in the application of accounting polices relating to measurement, recognition,
classification, presentation or disclosure.
Fraud refers to an intentional act by one or more individuals among management, those charged
with governance, employees, or third parties, involving the use of deception to obtain an unjust or
illegal advantage. Though fraud is a broad legal concept, the auditor is just concerned with fraud
that causes a material misstatement in the financial statements. In carrying out an audit, we are not
required to make legal determination of whether the fraud has actually occurred. The two types of
fraud relevant to in the conduct of an audit are:
Misstatements resulting from fraudulent financial activities.
Misstatements resulting from misappropriation of assets.
Fraud involving one or more members of management or those charged with governance is referred
to as management fraud; while fraud involving only employees of the entity is referred to as
employee fraud. In either case, there may be collusion with third parties outside the entity.
While the general audit procedures that the engagement team is required to follow to detect
misstatements are covered in the other sections of the manual, this chapter provides additional
considerations that the team should take into account in designing the audit procedures to enable
them to have reasonable expectations to detecting misstatements arising from fraud. Owing to the
inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the
financial statements will not be detected, even though the audit is properly planned and performed in
accordance with the ISAs. An audit does not guarantee all material misstatements will be detected
because of such factors as the use of judgment, the use of testing, the inherent limitations of internal
control and the fact that much of the evidence available to the auditor is persuasive rather than
conclusive in nature. For these reasons, one can only obtain reasonable assurance that material
misstatements in the financial statements will be detected. The fact that an audit is carried out may
act as a deterrent, but the auditor is not and cannot be held responsible for the prevention of fraud
and error.

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

1 of 20

ICPAK AUDIT MANUAL

8.2.

Characteristics of Fraud

The following are some of the ways in which fraud can be perpetrated within an entity:
Fraudulent financial reporting involving intentional misstatements including omissions of amounts
or disclosures in financial statements to deceive financial statement users. Fraudulent financial
reporting may be accomplished by:
Manipulation, falsification (including forgery), or alteration of accounting records or supporting
documents from which the financial statements are prepared.
Misrepresentation in, or intentional omission from, the financial statements of events,
transactions or other significant information.
Intentional misapplication of accounting principles relating to amounts, classification, manner of
presentation, or disclosure.
Management override of controls that otherwise may appear to be operating effectively using such
techniques as:
Recording fictitious journal entries, particularly close to the end of an accounting period, to
manipulate operating results or achieve other objectives.
In appropriately adjusting assumptions and changing judgements used to estimate account
balances.
Omitting, advancing or delaying recognition in the financial statements of events and
transactions that have occurred during the reporting period.
Concealing, or not disclosing, facts that could affect the amounts recorded in the financial
statements.
Engaging in complex transactions that are structures to misrepresent the financial position or
financial performance of the entity.
Altering records and terms related to significant and unusual transactions.
Managing earnings in order to deceive financial statement users by influencing their perception as
to the entitys performance and profitability. Such situations could occur where the management
wants to maximise performance based compensation, inflating earnings to secure a bank loan or
to minimise the tax liabilities.
Misappropriation of assets involving the theft of an entitys assets. Misappropriation of assets can
be accomplished in a variety of ways including embezzling receipts, stealing physical or intangible
assets, or causing an entity to pay for goods and services not received. It is often accompanied by
false or misleading records or documents in order to conceal the fact that the assets are missing.
Incentives or pressures from sources from within or outside to commit a fraud. A perceived
opportunity for fraudulent financial reporting or misappropriation of asset may exist when an
individual believes that internal controls may be overridden. Even honest individuals can commit
fraud in an environment that imposes sufficient pressures on them.
Fraud is usually concealed making it difficult to detect. Nevertheless, by obtaining an understanding of
the entity and its environment, including internal controls, the engagement team may identify events
8. Auditors Responsibility to Considering Fraud
Version 1 - 9th October 2006

2 of 20

ICPAK AUDIT MANUAL

or conditions that indicate an incentive or pressures to commit fraud or to provide an opportunity to
commit fraud. Such events and conditions are referred to as fraud risk factors. While fraud risk
factors may not necessarily indicate the existence of fraud, they are often present circumstances
where fraud has occurred, and would therefore affect the engagement teams assessment of the risks
of material misstatements. Such factors could include:
The need to meet expectations of third parties to obtain additional equity financing.
The granting of significant bonuses if unrealistic profit targets are met.
An ineffective control environment.
Appendix 1 - Examples of Fraud Risk Factors provides examples of such factors that may be
faced by auditors in a broad range of situations. It should be noted that not all the situations
identified may be relevant in all entities and some may be of greater significance in entities of different
sizes, ownership structures or circumstances.
8.3.

Professional Scepticism

The primary responsibility for the prevention and detection of fraud rests with those charged with the
governance of the entity and with the management.
Governance: It is the responsibility of those charged with governance of an entity to ensure,
through oversight of management, that the entity establishes and maintains internal control to
provide reasonable assurance with regard to reliability of financial reporting, effectiveness and
efficiency of operations and compliance with applicable laws and regulations.
Management: It is the responsibility of management to place a strong control on fraud prevention,
which may reduce opportunities from fraud to take place, and fraud deterrence, which could
persuade individuals to persuade individuals not to commit fraud because of the likelihood of
detection or punishment. This involves creating a culture of honesty and ethical behaviour. It is
also the responsibility of the management to establish a control environment and maintain policies
and procedures to assist in achieving the objective of ensuring, as far as possible, the orderly and
efficient conduct of the entitys business.
Professional scepticism is an attitude of that includes a questioning mind and a critical assessment
of audit evidence. Professional scepticism requires an ongoing questioning of whether the information
and audit evidence obtained suggests that a material misstatement due to fraud may exist.
The engagement team is required to obtain reasonable assurance that the financial statements taken
as a whole are free from material misstatement whether caused by fraud or error. When obtaining
reasonable assurance, the team maintains an attitude of professional scepticism throughout the
audit, considers the potential for management override of controls and recognises the fact that the
audit procedures that are effective for detecting errors may not be appropriate in the context of an
identified risk of material misstatement due to fraud. The engagement team should maintain
professional scepticism throughout the audit, recognising the possibility that a material misstatement
due to fraud may exist, notwithstanding the firms past experience with the entity about the honesty
and integrity of the management and those charged with governance.

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

3 of 20

ICPAK AUDIT MANUAL

Although the engagement team cannot fully disregard past experience of the entity with respect to the
honesty and the integrity of management and those charged with governance, the maintenance of an
attitude of professional scepticism becomes important as there may have been changes in
circumstances. When carrying out other audit procedures, the engagement team should not be
satisfied with less-than-persuasive evidence that the management and those charged with
governance are honest and have integrity. In respect to those charged with governance, the
engagement team should carefully consider the reasonableness of responses to inquiries and other
information obtained from them in light of all other evidence obtained during the audit.
An audit rarely involves the authentication of documents, nor is an auditor trained as or expected to
be an expert in such authentication. Unless the auditor has reason to believe to the contrary, the
auditor ordinarily accepts records and documents as genuine. Where conditions exist causing the
engagement team to believe that the documents may not be authenticated or have been modified, the
engagement team should undertake further investigation e.g. by direct third party confirmation or by
using the work of an expert.
8.4.

Audit Procedures in Relation to Fraud

8.4.1. Preliminary Engagement Activates

Engagement letter
The audit engagement letter should clearly spell out that the responsibility for the prevention and
detection of fraud rests with the management. It should also state that while the audit will be planned
to have a reasonable expectation to detect material misstatements arsing from fraud, due to the
inherent nature of the audit, an audit should not be relied upon to detect all misstatements that may
exist. If a special examination of potential misstatements arising from fraud is required by the client,
this should be specified and agreed in the engagement letter, quite separately from the audit scope.
This is covered in the specimen Engagement Letter set out in Appendix 1 of Section 5 of the
Manual.
8.4.2. Audit Planning
Discussion Among the Engagement Team
The engagement team should discuss the susceptibility of the entitys financial statements to material
misstatement due to fraud. The engagement partner should use his professional judgement, prior
experience with the entity to determine which members of the team should be included in the
discussions. Ordinarily this would involve key members. The engagement partner should also
consider which matters are to be communicated to members of the engagement team not involved in
the discussions. The discussion would include:
Identification of areas where the entitys financial statements would be susceptible to material
misstatement due to fraud, how the management could perpetrate and conceal fraudulent
financial reporting and how the assets of the entity could be misappropriated.

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

4 of 20

ICPAK AUDIT MANUAL

Practices followed by management to manage earnings that could lead to fraudulent financial
reporting.
External and internal factors that may create an incentive or pressure for management and
others to commit fraud.
Managements involvement in overseeing employees with access to cash and assets
susceptible to misappropriation.
Unusual or unexplained changes in behaviour or lifestyle of management or employees.
An emphasis on maintaining a proper state of mind throughout the audit regarding the potential
material misstatement due to fraud and consideration of types of circumstances that, if
encountered, might indicate the possibility of fraud.
Consideration of the risk of management override of controls.
Considerations of the audit procedures to be adopted in response to the susceptibility of the
entitys financial statements to material misstatements due to fraud and how an element of
unpredictability will be incorporated into the nature, timing and extent of the audit procedures to
be performed.
To determine how any allegations of fraud that come to the attention of the engagement team
will be dealt with.

Risk Assessment Procedures

When obtaining a general understanding of the entity and its control environment, the engagement
team should ascertain the following:
How those charged with governance exercise oversight of the managements process for
identifying and responding to the risks of fraud and the internal controls that management has
established to prevent and detect risks.
Managements process of identifying and responding to the risks of fraud including and specific
risk that the management has identified or account balances, classes of transactions or
disclosures for which a risk of fraud is likely to exist.
Managements communications if any, to those charged with governance regarding the
processes for identifying and responding to the risks of fraud.
Managements communication, if any, to employees regarding its view on business practices
and ethical behaviour.
Whether there have been any actual, suspected or alleged frauds by making inquiries of
management, internal audit and any other appropriate person within the entity. It should be
noted that while such inquiries may provide useful information concerning material
misstatements in the financial statements resulting from employee fraud, they will not provide
useful information regarding the risk of material misstatements arising from management
fraud.
The attitude of the internal audit, where it exists, towards the risk of fraud, and whether during
the year, internal audit has performed audits to detect fraud and whether the management has
satisfactorily responded to the findings arising from such audits.
While the managements approach to risk assessment will vary between entities, the fact that the
management has not made an assessment of the risk of fraud may in some circumstances be
8. Auditors Responsibility to Considering Fraud
Version 1 - 9th October 2006

5 of 20

ICPAK AUDIT MANUAL

indicative of the lack of importance that the management places on internal controls. In ownermanaged entities, the management may have a more effective oversight than in larger entities,
thereby compensating for the generally more limited opportunities for segregation of duties. On the
other hand, the owner-manager may be more able to override controls. This needs to be considered
by the engagement team at the risk assessment stage.
Based on the above the engagement team should:
Consider whether one or more fraud risk factors are present.
Consider any unusual or unexpected relationships that have been identified when performing
the preliminary analytical review.
Document the fraud risk factors identified as being present during the engagement teams
assessment process and document the response to any such factors.
The fraud risk factors identified should be recorded in Form 5.11 - Assessment of Fraud Risk
in Part E of the Manual. The key issues identified should also be summarised in Form 5.01 Audit Plan.
8.4.3. Execution
As the assessed risks due to fraud are significant risks, the engagement team should, to the extent
not done so, evaluate the design of the entitys related controls, including relevant control activates,
and determine whether they have been implemented. The team uses professional judgement to:
Identify classes of transactions, account balances and disclosures in the financial statements that
may be susceptible to fraud.
Relate the identified risks of fraud to what can go wrong at the assertion level.
Consider the likely magnitude of the potential misstatement including the possibility that the risk
might give rise to multiple misstatements and the likelihood of the risk occurring.
Based on this, the team should determine the overall response to address the assessed risk of
material misstatement at the financial statement level, and design substantive procedures whose
nature, timing and extent, reduce to an acceptably low level, the risk from misstatements resulting
from fraud. The engagement team also incorporates an element of unpredictability in the selection of
the nature, extent and timing of audit procedures to be performed. This can be achieved by:
Performing substantive procedures on selected account balances and assertions not otherwise
tested due to materiality or risk.
Adjusting the timing of audit procedures from that otherwise expected.
Using different sampling methods.
Performing audit procedures at different locations or at locations on an unannounced basis.
If during the performance of the audit, fraud risk factors are identified that cause the engagement
team to believe that additional audit procedures are necessary, the team should document the
presence of such risk factors and the response to them.
The knowledge, skill, and ability of the individuals assigned significant engagement responsibilities
should be commensurate with the engagement partners assessment of the risk. This could include

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

6 of 20

ICPAK AUDIT MANUAL

assigning additional individuals with specialised skill and knowledge or by assigning more
experienced individuals to the engagement.

Audit Procedures Responsive to Risks of Material Misstatements Due to Fraud

The audit procedures at the assertion level may include changing the nature, timing and the extent of
audit procedures to obtain audit evidence that is more reliable and relevant or by obtaining more
corroborative information. This can be achieved by:
Physical observation or inspection of certain assets.
Use of computer assisted audit techniques to gather more evidence about data contained in
significant accounts or electronic transaction files.
Obtaining additional corroborative evidence e.g. between high earnings and cut-off errors in the
recording of sales.
Extended use of external confirmation to also confirm the terms of trade.
Modifying the timing of substantive procedures e.g. applying substantive procedures at or near the
period end where cut-off errors are more likely, or applying them to transactions occurring earlier
in or throughout the reporting period.
Increasing the sample size or performing analytical procedures to at a more detailed level.
Appendix II: Audit Procedures to Address the Risk of Material Misstatement Due to Fraud
provides examples of responses to the auditors assessment of the risk of material
misstatement resulting from both fraudulent financial reporting and misappropriation of
assets.
Audit Procedures Responsive to Management Override of Controls
The engagement team should design and perform audit procedures to:
Test the appropriateness of journal entries recorded in the general ledger and other adjustments
made in the preparation of financial statements (covered in the 06.02 - Trial Balance Audit
Programme in Part E of the Manual).
Review accounting estimates for biases that could result in material misstatements due to fraud.
Obtain an understanding of the business rationale of significant transactions that the engagement
team becomes aware of that are outside of the normal course of business for the entity, or that
otherwise appear to be unusual given the teams understanding of the entity and its environment.
The audit procedures to be adopted in response to the identified fraud risk factors should be
recorded in Form 5.11 - Assessment of Fraud Risk in Part E of the Manual. Summarise the
key responses in Form 5.01 - Audit Plan.
8.5.

Evaluation of Audit Evidence

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

7 of 20

ICPAK AUDIT MANUAL

The engagement team, based on the audit procedures performed and the audit evidence obtained,
should evaluate whether the assessment of the risks of material misstatements at the assertion level
remains appropriate. This evaluation is primarily a qualitative matter based on judgement. Such an
evaluation may provide further insight about the risks of material misstatements due to fraud and
whether there is a need to perform additional or different audit procedures. The engagement partner
should also considers if there has been appropriate communication with other engagement team
members throughout the audit regarding information or conditions indicative of material misstatement
due to fraud.
Appendix III: Circumstances That Indicate Possibility of Fraud gives situations that may
indicate the possibility of fraud.
In forming an opinion on the financial statements, the engagement partner should consider:
Whether analytical procedures that are performed at or near the end of the audit when forming an
overall conclusion as to whether the financial statements as a whole are consistent with the firms
knowledge of the business indicate a previously unrecognised risk of material misstatement due to
fraud.
Whether misstatements identified may be indicative of fraud, and if there is such an indication, the
engagement team should consider the implications of the misstatement in relation to other aspects
of the audit, particularly the reliability of management representations.
Management Representations
Written representations should obtain from the management that:
It acknowledges its responsibility for the design and implementation of internal control to prevent
and detect fraud.
It has disclosed to the auditor the results of its assessment of the risk that the financial statements
may be materially misstated as a result of fraud.
It has disclosed to the auditor its knowledge of fraud or suspected fraud affecting the entity and
involving management, employees who have significant roles in internal control or others where
the fraud could have a material effect on the financial statements.
It has disclosed to the auditor of its knowledge of any allegations of fraud or suspected fraud
affecting the entitys financial statements communicated by employees, former employees,
analysts, regulators or others.
The representations are covered in the specimen Letter of Representation set out as From
02.03 in Part E of the Manual.
8.6.

Reporting

Where the engagement team confirms that, is unable to conclude whether, the financial statements
are materially misstated as a result of fraud, the engagement partner should consider the implications
on the audit report. (See Section 26.2 and 26.3)
Communicating with Management and Those Charged with Governance

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

8 of 20

ICPAK AUDIT MANUAL

Where the engagement team identifies a fraud or has obtained information that indicates that a fraud
may exist, this should be communicated as soon as practicable to the appropriate level of
management, even if the matter might be considered inconsequential. The determination of the level
of management on which the communication is to take place is a matter of professional judgement
and would ordinarily involve at least one level above the person who appears to be involved with the
suspected fraud.
Where the fraud involves the management, employees who have significant role in internal control or
others where the fraud has resulted in a material misstatement, the reporting should be done to those
charged with governance.
The engagement partner should also communicate at the appropriate level of responsibility, material
weaknesses in the design or implementation of internal controls to prevent and detect fraud which
may have come to the engagement teams attention and also consider whether any other matters
related to fraud need to be discussed with governance of the entity including:
Concerns about the nature, extent and frequency of managements assessment of the controls in
place to prevent and detect fraud and of the risk that the financial statements may be misstated.
A failure by management to appropriately address identified material weaknesses in internal
control.
A failure by management to appropriately respond to an identified fraud.
The auditors evaluation of the entitys environment including questions regarding the competence
and integrity of management.
Actions by management that may be indicative of fraudulent financial reporting.
Concerns about the adequacy and completeness of the authorisation of transactions that appear
to be outside the normal course of business.
See Section 27.3 and 27.4 on the procedures to be adopted when communicating with
management and those charged with governance.
Communications with Regulatory and Enforcement Authorities
The auditors professional duty to maintain confidentiality of client information generally precludes
reporting of fraud to a party outside the entity. However, where such requirements are enshrined in
law, the engagement partner should consider obtaining legal advice on the appropriate course of
action.
Withdrawal from the Engagement
If as a result of a misstatement resulting from fraud or suspected fraud the engagement team
encounters exceptional circumstances that bring into question the firms ability to continue performing
the audit, the engagement partner should
Consider the professional and legal responsibilities applicable in the circumstances, including
whether there is a requirement for the firm to report to the person or persons who made the audit
appointment or, in some cases, to regulatory authorities;
Consider the possibility of withdrawing from the engagement; and
If the firm withdraws:
8. Auditors Responsibility to Considering Fraud
Version 1 - 9th October 2006

9 of 20

ICPAK AUDIT MANUAL

Discuss with the appropriate level of management and those charged with governance the firms
withdrawal from the engagement and the reasons for the withdrawal; and
Consider whether there is a professional or legal requirement to report to the person or persons
who made the audit appointment or, in some cases, to regulatory authorities, the withdrawal
from the engagement and the reasons for the withdrawal.
APPENDIX I - EXAMPLES OF FRAUD RISK FACTORS
Although the fraud risk factors given here cover a broad range of situations, they are only examples
and, accordingly, the auditor may identify additional or different risk factors. The order of the
examples provided does not reflect their relative importance or frequency of occurrence.
Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting
Incentives / Pressures
Financial stability or profitability is threatened by economic, industry, or entity operating
conditions such as:
High degree of competition or market saturation, accompanied by declining margins.
High vulnerability to rapid changes, such as changes in technology, product obsolescence, or
interest rates.
Significant declines in customer demand and increasing business failures either within the
industry or overall economy.
Operating losses making the threat of bankruptcy, foreclosure, or hostile takeover imminent.
Recurring negative cash flows from operations or an inability to generate cash flows from
operations while reporting earnings and earnings growth.
Rapid growth or unusual profitability especially compared to that of other companies in the
same industry.
New accounting, statutory, or regulatory requirements.
Excessive pressure on management to meet the requirements or expectations of third parties
due to the following:
Unduly aggressive or unrealistic profitability or trend level expectations of investment
analysts, institutional investors, significant creditors, or other external parties, including
expectations created by management in, for example, overly optimistic press releases or
annual report messages.
Need to obtain additional debt or equity financing to stay competitive, including financing of
major research and development or capital expenditures.
Marginal ability to meet exchange listing requirements or debt repayment or other debt
covenant requirements.
Perceived or real adverse effects of reporting poor financial results on significant pending
transactions, such as business combinations or contract awards.

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

10 of 20

ICPAK AUDIT MANUAL

Information available indicates that the personal financial situation of management or those
charged with governance is threatened by the entitys financial performance arising from:
Significant financial interests in the entity.
Significant portions of their compensation (for example, bonuses) being contingent upon
achieving aggressive targets for share price, operating results, financial position, or cash
flow.
Personal guarantees of debts of the company.
Excessive pressure on management or operating personnel to meet financial targets established
by those charged with governance, including sales or profitability incentive goals.
Opportunities
The nature of the industry or the entitys operations e.g.:
Significant related party transactions not in the ordinary course of business or with related
entities that are not audited or are audited by another firm.
A strong financial presence or the ability to dominate a certain industry sector that allows the
entity to dictate terms or conditions to suppliers or customers that may result in inappropriate
or non-arms length transactions.
Assets, liabilities, revenues, or expenses based on significant estimates involving subjective
judgments or uncertainties that are difficult to corroborate.
Significant, unusual, or highly complex transactions, especially those close to the period end
that raise difficult substance over form questions.
Significant operations located or conducted across international borders in jurisdictions
where differing business environments and cultures exist.
Use of business intermediaries for which there appears to be no clear business justification.
Significant bank accounts or subsidiary or branch operations in tax haven jurisdictions for
which there appears to be no clear business justification.
Ineffective monitoring of management as a result of:
Domination of management by a singe person or small group without compensating controls.
Ineffective oversight by those charged with governance over the financial reporting process
and internal control.
Complex or unstable organisational structure, as evidenced by:
Difficulty in determining the organisation or individuals that have controlling interest in the
entity.
Overly complex organisational structure involving unusual legal entities or managerial lines of
authority.
High turnover of senior management, legal counsel, or those charged with governance.
Internal control components are deficient as a result of:
Inadequate monitoring of controls, including automated controls and controls over interim
financial reporting (where external reporting is required).
High turnover rates or employment of ineffective accounting, internal audit, or information
technology staff.
Ineffective accounting and information systems, including situations involving material
weaknesses in internal control.
8. Auditors Responsibility to Considering Fraud
Version 1 - 9th October 2006

11 of 20

ICPAK AUDIT MANUAL

Attitudes / Rationalisations
Ineffective communication, implementation, support, or enforcement of the entitys values or
ethical standards by management or the communication of inappropriate values or ethical
standards.
Non-financial managements excessive participation in or preoccupation with the selection of
accounting policies or the determination of significant estimates.
Known history of violations of stock market laws or other laws and regulations, or claims against
the entity, its senior management, or those charged with governance alleging fraud or violations
of laws and regulations.
Excessive interest by management in maintaining or increasing the entitys share price or
earnings trend.
Practice by management of committing to analysts, creditors, and other third parties to achieve
aggressive or unrealistic forecasts.
Management failing to correct known material weaknesses in internal control on a timely basis.
An interest by management in employing inappropriate means to minimize reported earnings for
tax-motivated reasons.
Low morale among senior management.
The owner-manager makes no distinction between personal and business transactions.
Dispute between shareholders in a closely held entity.
Recurring attempts by management to justify marginal or inappropriate accounting on the basis
of materiality.
The relationship between management and the current or predecessor auditor is strained, as
exhibited by the following:
Frequent disputes with the current or predecessor auditor on accounting, auditing, or
reporting matters.
Unreasonable demands on the auditor, such as unreasonable time constraints regarding the
completion of the audit or the issuance of the auditors report.
Formal or informal restrictions on the auditor that inappropriately limit access to people or
information or the ability to communicate effectively with those charged with governance.
Domineering management behaviour in dealing with the auditor, especially involving
attempts to influence the scope of the auditors work or the selection or continuance of
personnel assigned to or consulted on the audit engagement.
Risk Factors Arising from Misstatements Arising from Misappropriation of Assets
Incentives / Pressures
Personal financial pressures on management or employees with access to cash or other assets
susceptible to fraud.
Adverse relationships between the entity and employees with access to cash or other assets
susceptible to theft. For example, adverse relationships may be created by the following:
Known or anticipated future employee layoffs.
Recent or anticipated changes to employee compensation or benefit plans.
Promotions, compensation, or other rewards inconsistent with expectations.
8. Auditors Responsibility to Considering Fraud
Version 1 - 9th October 2006

12 of 20

ICPAK AUDIT MANUAL

Opportunities
Certain characteristics and circumstances increase the susceptibility of assets to
misappropriation. For example:
Large amounts of cash on hand.
Inventory items that are small in size, of high value, and in high demand.
Easily convertible assets such as bearer bonds.
Property, plant and equipment items that are small in size, marketable, or lacking observable
identification of ownership.

Inadequate internal control over assets. For example:

Inadequate segregation of duties or independent checks.
Inadequate oversight of senior management expenditure, such as travel and other reimbursements.
Inadequate management oversight of employees responsible for assets, e.g. inadequate
supervision or monitoring of remote locations.
Inadequate job applicant screening.
Inadequate record keeping with respect to assets.
Inadequate system of authorisation and approval of transactions.
Inadequate physical safeguards over cash, inventory or property, plant and equipment.
Lack of complete and timely reconciliations of assets.
Lack of timely and appropriate documentation of transactions, e.g. credits for return of goods.
Lack of mandatory leave for employees performing key control functions.
Inadequate management understanding of information technology (IT), which enables IT
personnel to perpetrate a misappropriation.
Inadequate access controls over automated records, including controls over and review of
computer systems event logs.
Attitudes / Rationalisations
Disregard for the need for monitoring or reducing risks related to misappropriation of assets.
Disregard for the need for internal controls related to the misappropriation of assets by
overriding existing controls or by failing to correct known internal control deficiencies.
Behaviour indicating displeasure or dissatisfaction with the entity or its treatment of the
employees.
Changes in behaviour or lifestyle that may indicate that assets have been misappropriated.
Tolerance of petty theft.

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

13 of 20

ICPAK AUDIT MANUAL

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

14 of 20

ICPAK AUDIT MANUAL

APPENDIX II - AUDIT PROCEDURES TO ADDRESS THE ASSESSED RISK OF FRAUD
Although the audit procedures given here cover a broad range of situations, they are only examples
and, accordingly, they may not be the most appropriate nor necessary in each circumstance. Also
the order of procedures given is not intended to reflect their relative importance.
Consideration at the Assertion Level
Visiting certain locations or performing certain tests on a surprise or unannounced basis. E.g.,
observing inventory count or counting cash at a particular date on a surprise basis.
Requesting that inventories be counted at the end of the reporting period or on a date closer to
period end to minimize the risk of manipulation of balances in the period between the date of
completion of the count and the end of the reporting period.
Altering the audit approach in the current year. E.g., contacting major customers and suppliers
orally in addition to sending written confirmation, sending confirmation requests to a specific
party within an organization, or seeking more or different information.
Performing a detailed review of the entitys quarter-end or year-end adjusting entries and
investigating any that appear unusual as to nature or amount.
For significant and unusual transactions, particularly those occurring at or near year-end,
investigating the possibility of related parties and the sources of financial resources supporting
the transactions.
Performing substantive analytical procedures using disaggregated data. For example,
comparing sales and cost of sales by location, line of business or month to expectations
developed by the auditor.
Conducting interviews of personnel involved in areas where a risk of material misstatement due
to fraud has been identified, to obtain their insights about the risk and whether, or how, controls
address the risk.
When other independent auditors are auditing the financial statements of one or more
subsidiaries, divisions or branches, discussing with them the extent of work necessary to be
performed to address the risk of material misstatement due to fraud resulting from transactions
and activities among these components.
If the work of an expert becomes particularly significant with respect to a financial statement item
for which the risk of misstatement due to fraud is high, performing additional procedures relating
to some or all of the experts assumptions, methods or findings to determine that the findings are
not unreasonable, or engaging another expert for that purpose.
Performing audit procedures to analyse selected opening balance sheet accounts of previously
audited financial statements to assess how certain issues involving accounting estimates and
judgments, for example an allowance for sales returns, were resolved with the benefit of
hindsight.
Performing procedures on account or other reconciliations prepared by the entity, including
considering reconciliations performed at interim periods.
Performing computer-assisted techniques, such as data mining to test for anomalies in a
population.
Testing the integrity of computer-produced records and transactions.
Seeking additional audit evidence from sources outside of the entity being audited.
8. Auditors Responsibility to Considering Fraud
Version 1 - 9th October 2006

15 of 20

ICPAK AUDIT MANUAL

Specific Responses - Misstatement Resulting From Fraudulent Financial Reporting

Revenue Recognition
Performing substantive analytical procedures relating to revenue using disaggregated data, for
example, comparing revenue reported by month and by product line or business segment during
the current reporting period with comparable prior periods. Computer-assisted audit techniques
may be useful in identifying unusual or unexpected revenue relationships or transactions.
Confirming with customers certain relevant contract terms and the absence of side agreements,
because the appropriate accounting often is influenced by such terms or agreements and basis
for rebates or the period to which they relate are often poorly documented. For example,
acceptance criteria, delivery and payment terms, the absence of future or continuing vendor
obligations, the right to return the product, guaranteed resale amounts, and cancellation or
refund provisions often are relevant in such circumstances.
Inquiring of the entitys sales and marketing personnel or in-house legal counsel regarding sales
or shipments near the end of the period and their knowledge of any unusual terms or conditions
associated with these transactions.
Being physically present at one or more locations at period end to observe goods being shipped
or being readied for shipment (or returns awaiting processing) and performing other appropriate
sales and inventory cut-off procedures.
For those situations for which revenue transactions are electronically initiated, processed, and
recorded, testing controls to determine whether they provide assurance that recorded revenue
transactions occurred and are properly recorded.
Inventory Quantities
Examining the entity's inventory records to identify locations or items that require specific
attention during or after the physical inventory count.
Observing inventory counts at certain locations on an unannounced basis or conducting
inventory counts at all locations on the same date.
Conducting inventory counts at or near the end of the reporting period to minimize the risk of
inappropriate manipulation during the period between the count and the end of the reporting
period.
Performing additional procedures during the observation of the count, for example, more
rigorously examining the contents of boxed items, the manner in which the goods are stacked or
labelled, and the quality (that is, purity, grade, or concentration) of liquid substances such as
perfumes or specialty chemicals. Using the work of an expert may be helpful in this regard.
Comparing the quantities for the current period with prior periods by class or category of
inventory, location or other criteria, or comparison of quantities counted with perpetual records.
Using CAATs to further test the compilation of the physical inventory counts - for example,
sorting by tag number to test tag controls or by item serial number to test the possibility of item
omission or duplication.
8. Auditors Responsibility to Considering Fraud
Version 1 - 9th October 2006

16 of 20

ICPAK AUDIT MANUAL

Management Estimates
Using an expert to develop an independent estimate for comparison to managements estimate.
Extending inquiries to individuals outside of management and the accounting department to
corroborate managements ability and intent to carry out plans that are relevant to developing
the estimate.
Specific Responses - Misstatements Due to Misappropriation of Assets
Counting cash or inventories at or near year-end.
Confirming directly with customers the account activity (including credit memo and sales return
activity as well as dates payments were made) for the period under audit.
Analyzing recoveries of written-off accounts.
Analysing inventory shortages by location or product type.
Comparing key inventory ratios to the industry norm.
Reviewing supporting documentation for reductions to the perpetual inventory records.
Performing a computerized match of the vendor list with a list of employees to identify matches
of addresses or phone numbers.
Performing a computerized search of payroll records to identify duplicate addresses, employee
identification or taxing authority numbers or bank accounts.
Reviewing personnel files for those that contain little or no evidence of activity, for example, lack
of performance evaluations.
Analysing sales discounts and returns for unusual patterns or trends.
Confirming specific terms of contracts with third parties.
Obtaining evidence that contracts are being carried out in accordance with their terms.
Reviewing the propriety of large and unusual expenses.
Reviewing the authorisation and carrying value of senior management and related party loans.
Reviewing the level and propriety of expense reports submitted by senior management.

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

17 of 20

ICPAK AUDIT MANUAL

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

18 of 20

ICPAK AUDIT MANUAL

APPENDIX III - CIRCUMSTANCES THAT INDICATE POSSIBILITY OF FRAUD
Discrepancies in the accounting records, including:
Transactions that are not recorded in a complete or timely manner or are improperly
recorded as to amount, accounting period, classification, or entity policy.
Unsupported or unauthorised balances or transactions.
Last-minute adjustments that significantly affect financial results.
Evidence of employees access to systems and records inconsistent with that necessary to
perform their authorised duties.
Tips or complaints to the auditor about alleged fraud.
Conflicting or missing evidence such as:
Missing documents.
Documents that appear to be altered.
Unavailability of original documentation, i.e. documents available are photocopies or
electronically transmitted.
Significant unexplained items on reconciliations.
Unusual balance sheet changes, or changes in trends or important financial statement ratios
or relationships, e.g., receivables growing faster than revenues.
Inconsistent, vague or implausible responses from management or employees arising from
inquiries or analytical procedures.
Unusual discrepancies between the entitys records and confirmation replies.
Large number of credit entries and other adjustments made to the accounts receivable
records.
Unexplained or inadequately explained differences between the accounts receivable ledgers
and control account, or between the customers statements and the accounts receivable
ledgers.
Missing or non-existent cancelled cheques.
Missing inventory or other tangible assets of significant magnitude.
Unavailable or missing electronic evidence, inconsistent with the entitys record retention
practices or policies.
Fewer responses to confirmations than anticipated or a greater number of responses than
anticipated.
Inability to produce evidence of key systems development and program change testing and
implementation activities for current-year system changes and deployments.
Problematic or unusual relationships between the auditor and management, including the
following:
Denial of access to records, facilities, certain employees, customers, vendors, or others from
whom audit evidence might be sought.
Undue time pressures from management to resolve complex or contentious issues.
Complaints by management about the conduct of the audit or management intimidation of
engagement team members, particularly in connection with the auditors critical assessment
of audit evidence or in the resolution of potential disagreements with management.
Unusual delays by the entity in providing requested information.
8. Auditors Responsibility to Considering Fraud
Version 1 - 9th October 2006

19 of 20

ICPAK AUDIT MANUAL

Unwillingness to facilitate auditor access to key electronic files for testing through the use of
CAATs.
Denial of access to key IT operations staff and facilities, including security, operations, and
systems development personnel.
Unwillingness to add or revise disclosures in the financial statements to make them more
complete and understandable.
Unwillingness to address identified weaknesses in internal control on a timely basis.
Unwillingness of management to permit the auditor to meet privately with those charged with
governance.
Others:
Accounting policies that are not in line with industry norms.
Frequent changes in accounting estimates that do not appear to result from changes in
circumstances.
Tolerance of violations of the entitys code of conduct.

8. Auditors Responsibility to Considering Fraud

Version 1 - 9th October 2006

20 of 20