The role of an auditor is crucial in judging the accuracy and authenticity of financial records. When auditors verify the books of an entity, they seek to ensure that the books are drawn correctly, follow the generally accepted accounting principles, and are free from fraud or error. In fact, it is one of the important duties of auditors to detect and prevent different kinds of frauds and errors in the books of their client(s). They hold a great responsibility towards shareholders and external parties for assuring that the financial statements are reliable. Here in this blog, we have tried to discuss the professional perspective of law and auditing standards about an auditor’s duty regarding detection and prevention of frauds and errors.
Who holds the primary responsibility? (for Detection and Prevention of errors and frauds)
According to SA 240 on “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements”, the primary responsibility for detection and prevention of errors and frauds rests with the management of an entity and those charged with governance.
It is important that the entity’s management should take steps to prevent fraud from taking place in the first place and employ some kind of punitive measures. When employees know that they will be punished for fraud detection, it acts as a deterrent to committing fraud. A culture of honesty and ethical behaviour should be developed in the entity and this should be actively overseen by management and those charged with governance. Such a system would reduce, if not eliminate, the possibility of fraud or error.
Auditor’s duty regarding Detection and Prevention of Errors and Frauds
In accordance with SAs, the responsibility of an auditor is to obtain reasonable assurance (and not absolute assurance) that the financial statements of the client are free from material misstatements.
SA 200 on “Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing” describes that because of the inherent limitations of an audit, there is always an unavoidable risk that certain errors or fraud may not be detected even when the audit is properly planned and performed in accordance with the applicable Standards on Auditing.
Now, the risk of not detecting a misstatement resulting from fraud is higher than the risk of not detecting a misstatement resulting from an error. This is so because fraud is usually difficult to detect as it may involve carefully planned schemes to conceal the real picture. It may involve forgery, deliberate failure to record transactions, or intentional misrepresentations being made to the auditor. Moreover, such attempts to conceal the business’s real picture may become even more difficult to detect when they are made collectively by many members of the entity. It may cause the auditor to believe that audit evidence is persuasive when it is false. His ability to detect fraud will depend on many factors such as:
- The skilfulness of the persons committing the fraud
- Fraud involving collusion and the degree of collusion involved
- The frequency and extent of manipulation
- The relative size of the amounts that have been manipulated
- The seniority of the persons involved (higher the seniority, the difficult it becomes to detect), etc.
Generally, the risk of not detecting a misstatement arising due to management fraud is more as compared to the risk of not detecting a misstatement arising due to employee fraud. This is so because the entity’s management is usually in a position to manipulate the books more easily, directly or indirectly alter the figures & records, and present fraudulent information. Further, the management may also override the internal control procedures operating in the entity to prevent such fraud.
Nevertheless, the auditor is expected to be utmost careful when carrying out his audit work. When obtaining reasonable assurance, he is responsible for maintaining an attitude of professional skepticism throughout his audit. While planning and conducting his audit work, he should consider the possibility that controls may be overridden by the management and that audit procedures that are effective for detecting errors may not be that effective for detecting fraud.
The auditor should discuss with his audit team the possibility that the entity’s financial statements may have material misstatements resulting from fraud and error. Based on such discussions, he should design his audit procedures.
He should remain alert at all times to any signs of misstatement. If there are any doubtful situations, the auditor should extend his procedures to confirm or dispel that doubt. But except when the auditor has reasons to believe to the contrary, he is justified in accepting the client’s records as genuine.
Where misstatements are identified, the auditor holds the responsibility to communicate the same to the appropriate level of management on a timely basis. He should also consider the need to report such misstatements to those charged with governance. The auditor may also want to obtain legal advice before reporting on the financial information or before deciding to withdraw from his engagement.
In addition, the auditor should also evaluate whether the representations given by the management are satisfactory or not.
In the case where the existence of fraud or error is proved, it is important that the auditor should satisfy himself that the effect of such fraud is properly reflected in the financial information or that the error is corrected or adjusted.
Further, the auditor is also needed to consider the implications of fraud and errors and draft his audit report accordingly. Where there is a fraud, the same must be appropriately disclosed in the financial statements of the entity. But if adequate disclosure in FS is not made, there should be proper disclosure of such fraud in his audit report. In any which way, it is important to disclose the existence of frauds and errors.
Reporting of fraud under the Companies Act
Sometimes if there is a responsibility to report the occurrence of misstatements to regulatory or enforcement authorities under any law, the auditor must abide by that.
In this regard, Section 143(12) of the Companies Act, 2013 provides that if an auditor of a company, during the course of his audit work, has reasons to believe that a fraud (of a prescribed amount) is being or has been committed by the company’s officers or employees, the matter should be reported to the Central Government immediately within such time and in such manner as may be prescribed.
Responsibility of an auditor for subsequent discovery of fraud
It may be noted that an auditor is not responsible for the subsequent discovery of fraud if he can prove that he followed adequate procedures necessary for the proper conduct of an audit. His primary role is to only make sure that adequate audit procedures are adopted and that a fair opinion is given in his audit report based on sufficient audit evidence.
Thus, the subsequent discovery of misstatements in financial statements resulting from any fraud or error existing during the accounting period covered under the auditor’s report does not, by itself, show whether the auditor has properly complied with the basic principles governing an audit or not.
In fact, the question of whether or not he has complied with the basic principles governing an audit (for example, the conduct of the audit work with required skills and competence, complete documentation of all matters, designing of the audit plan, reliance placed on internal controls, nature, and extent of compliance & substantive tests carried out, etc.) is determined by the level of adequacy of audit procedures undertaken in the relevant circumstances and the suitability of audit report based on the results of such procedures.
The auditor shall be liable for failure to detect fraud only when such failure is substantially due to a lack of reasonable care and skill being exercised on his part.
For more details on the liabilities of an auditor, please refer to this blog:
List of a few references used:
You might also like: