EXPECT EXPECT EXPECTA EXPECT EXPECT AA AATION GAP TION GAP TION GAP TION GAP TION GAP

2.82.8 2.8

2.8 EXPECTEXPECTEXPECTAEXPECTEXPECTAAAATION GAPTION GAPTION GAPTION GAPTION GAP

The role of an auditor is usually misconstrued by the public including the investment community. While some people think that the auditor is responsible

only very few people really understand how restricted the role of the auditor is.

People generally expect more from an auditor than what he/she is actually statutorily required to do and that is really the cause of the expectation gap.

ISA 200 makes an essential point on this issue by stating that:

“While the auditor is responsible for forming and expressing an opinion on these financial statements, the responsibility for preparing and presenting the financial statements in accordance with the applicable financial reporting framework is that of the management of the entity with oversight from those charged with governance. The audit of the financial statements does not relieve management or those charged with governance of their responsibilities”.

It is also important to note the fact that contrary to public expectation, the auditor is merely a watch-dog rather than a bloodhound. (Re Kingston Cotton Mill Co., 1896). In other words, the auditor does not have primary responsibility as regards prevention and detection of fraud; though the detection of fraud may be incidental to his duties. It is management and those charged with governance that are primarily responsible for prevention and detection of frauds.

FFFFFraudsraudsraudsraudsrauds

Fraud consists of both the use of deception to obtain an unjust or illegal financial advantage and intentional misrepresentations affecting the financial statements by one or more individuals among management, employees or third parties.

Errors ErrorsErrors Errors Errors

Errors are unintentional mistakes in financial statements resulting in material mis-statement. The mistake may be committed at any stage in the accounting cycle and may be mathematical, clerical, or simply in the application of accounting policies.

TTTTTypes of Fypes of Fypes of Fypes of Fraudypes of Fraudraudraudraud

There are two types of fraud that can cause material misstatement in financial statements. These are:

(a) Fraudulent financial reporting such as:

(i) Misrepresentation or omission of events or transactions in the financial statements;

(ii) Intentional misapplication of accounting principles; and

(iii) Manipulation, falsification or alteration of accounting records/

supporting documents.

(b) Misappropriation of assets such as:

(i) Stealing of physical assets or intellectual property (cash, inventory or selling data);

(ii) Causing an entity to pay for goods not received;

(iii) Embezzling receipts of cash and cheques (diverting same to private bank accounts); and

(iv) Using entity’s assets for personal purpose.

It should be noted that fraudulent financial reporting usually involves management when embarking on window dressing or creative accounting in their bid to have aggressive earnings.

ISA 240 deals with “Fraud and Error”. It gives guidelines on how the auditor is to handle the possibility of the occurrence of fraud. Some of the key guidelines in the audit standard include the following:

(a) In planning and performing the audit to reduce audit risk to an acceptably low level, the auditor should consider the risks of material misstatements in the financial statements due to fraud (ISA 240.3);

(b) The auditor should maintain an attitude of professional scepticism throughout the audit, recognising the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor’s past experience with the entity about the honesty and integrity of management and those charged with governance (ISA 240.24);

(c) Members of the engagement team should discuss the susceptibility of the entity’s financial statements to material misstatements due to fraud (ISA 240.27); and

(d) When obtaining an understanding of the entity and its environment, including its internal control, the auditor should make enquiries of management regarding:

(i) management’s assessment of the risk that the financial statements may be materially misstated due to fraud;

(ii) management’s process for identifying and responding to the risks of fraud in the entity including any specific risks of fraud that management has identified or account balances, classes of transactions or disclosures for which a risk of fraud is likely to exist;

(iii) management’s communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud in the entity; and

(iv) management’s communication, if any, to employees regarding its views on business practices and ethical behaviour (ISA 240.34);

(e) The auditor should make enquiries of management, internal audit and others within the entity as appropriate, to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity (ISA 240.38);

(f) The auditor should obtain understanding of how those charged with governance exercise oversight of management’s processes for identifying and responding to the risks of fraud in the entity and the internal control that management has established to mitigate these risks (ISA 240.43);

(g) The auditor should make enquiries of those charged with governance to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity (ISA 240.46);

(h) When obtaining an understanding of the entity and its environment, including its internal control, the auditor should consider whether the information obtained indicates that one or more fraud risk factors are present (ISA 240.48);

(i) When identifying and assessing the risks of material misstatements at the financial statement level, and at the assertion level for classes of transactions, account balances and disclosures, the auditor should identify and assess the risks of material misstatement due to fraud.

Those assessed risks that could result in a material misstatement due to fraud are significant risks and accordingly, to the extent not already done so, the auditor should evaluate the design of the entity’s related controls, including relevant control activities, and determine whether they have been implemented (ISA 240.57);

(j) The auditor should determine overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level and should design and perform further audit procedures whose nature, timing and extent are responsive to the assessed risks at the assertion level (ISA 240.61);

(k) In determining overall responses to address the risks of material mis-statement due to fraud at the financial mis-statement level, the auditor should:

(i) consider the assignment and supervision of personnel;

(ii) consider the accounting policies used by the entity; and

(iii) incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures (ISA 240.66).

(l) To respond to the risk of management override of controls, the auditor should design and perform audit procedures to:

(i) test the appropriateness of journal entries in the general ledger and other adjustments made in the preparation of the financial statements;

(ii) review accounting estimates for biases that could result in material misstatements due to fraud; and

(iii) obtain an understanding of the business rationale of significant transactions that the auditor becomes aware of that are outside of the normal course of business for the entity, or that otherwise appear to be unusual given the auditor’s understanding of the entity and its environment (ISA 240.76).

(m) If the auditor has identified a fraud or has obtained information that indicates a fraud may exist, the auditor should communicate these matters as soon as practicable to the appropriate level of management (ISA 240.93);

(n) If the auditor has identified fraud involving:

(i) Management;

(ii) Employees who have significant roles in internal control; or (iii) Others where the fraud results in a material misstatement in the

financial statements;

the auditor should communicate these matters to those charged with governance as soon as practicable (ISA 240.93).

In all the above guidelines, the engagement partner should ensure that all the procedures are adhered to. As he is the one responsible for the entire engagement, he should make the engagement team carry out all the procedures.

In addition to the above, it is necessary to note that the need for documentation cannot be over-emphasised. The following should be properly documented:

(a) The important decisions of the audit engagement team emanating from their discussions with regard to fraud;

(b) The identified and assessed risks of material misstatement due to fraud;

(c) The overall responses to assessed risks;

(d) Results of specific audit tests; and

(e) Any communications with management.

An important communication with management is obtaining a written representation that management accepts its responsibility for the prevention and detection of fraud and that it has made all relevant disclosures to the auditors. The auditor should consider seriously the need to withdraw from the engagement if he uncovers exceptional circumstances with regard to fraud.