FraudPrevention
FRAUD PREVENTION
Fraud, laws and regulations
Identifying fraud against a business can be caught either by internal processes or during audits. Here, we explain why audits should not be relied upon
Words: Steve Collings Illustration: Michał Bednarski
At a glance
This is an extract from Steve Collings’ book, An Auditor’s Guide to Auditing Financial Statements in the UK, published by Bloomsbury Professional.
AAT members are entitled to a 20% discount using the code BP-Audit20 when ordering from Bloomsbury Professional’s website.
This extract covers fraud detection, along with defining what auditors’ responsibilities are and are not in relation to fraud and error.
Fraud has been in the news a lot over recent years, with a number of well-known companies in the headlines. For example, in 2019, Patisserie Valerie was caught up in a financial manipulation scheme that forced the company into administration, while the most famous is, of course, Enron’s collapse in 2001.
It is important to clearly understand the auditor’s responsibility where fraud and compliance with laws and regulations is concerned, as well as management’s responsibility.
Fraud committed by employees usually arises through the manipulation of weaknesses in the organisation’s system of internal control. This can arise, for example, through a lack of segregation of duties or a lack of oversight by responsible individuals. This type of risk is assessed through the auditor’s consideration of controls. Where a fraud risk factor comes to the attention of the auditor, they will tailor their procedures to address the issue.
DETECTION
Fraud vs error
At the outset it is important that the auditor clearly understands the difference between ‘fraud’ and a ‘fraud risk factor’ and ‘error’. During the course of an audit, it is very likely that the auditor will discover some errors in the financial statements.
Common reasons for errors arising in the financial statements, which the auditor may identify at the planning stage of the audit include:
· errors in gathering the relevant data and information from which the financial statements are drawn up;
· errors in applying the requirements of an accounting standard;
· misinterpretation of facts giving rise to an error in an accounting estimate; or
· incorrect classification in the financial statements.
Common errors
All audits will generally reveal an error of some sort in the financial statements. While effective internal controls can help to prevent and detect errors, there is no system of internal control which is perfect, so it is not unusual to identify errors during an audit. As the audit progresses any errors will be carried forward to an ‘audit error schedule’ or ‘schedule of unadjusted misstatements’. Typical errors discovered may include:
· understated accruals due to goods and/or services being received up to the year end, but not accrued for;
· depreciation charges calculated incorrectly;
· directors’ remuneration posted to staff salaries;
· transactions denoted in a foreign currency translated at the wrong rate;
· disclosure notes omitted or inadequate.
Some errors may be factual. Others may result from extrapolated differences on test differences. Once all the audit work is completed, the auditor must review the total errors and misstatements discovered which will help them form a conclusion as to the adequacy of the accounting records.
Types of fraud
ISA (UK) 240 recognises two types of fraud which the auditor is concerned with:
Misappropriation of assets
This type of fraud involves the theft of assets, such as cash, high-value stock and computer equipment. In addition, using a company’s assets for personal use is classified as misappropriation of assets – for example, if an employee uses a company vehicle for private use against company policy.
Fraudulent financial reporting
Fraudulent financial reporting refers to the deliberate manipulation of the financial statements so that they show a pre-determined outcome. This can include falsification of accounting records; omissions of transactions, balances or disclosures from the financial statements; or the deliberate misapplication of accounting standards. The objective of fraudulent financial reporting is to present the financial statements with a particular bias, especially if the entity is trying to secure bank finance, or perhaps understating profits to reduce taxes. Fraudulent financial reporting is characterised by a deliberate breach of accounting standards.
Fraudulent financial reporting
The audit manager of Vizsla Audit Ltd has recently started planning the audit of a new client, Dalmatian Enterprises Ltd, for the year ended 31 August 2023. The previous auditor resigned due to ‘difficulties in agreeing the appropriateness of the client’s accounting policies’.
Analytical review procedures have suggested profit before tax has remained consistent, although provisions for liabilities have reduced by some 20%. Revenue is also down on the previous year by approximately 18% while administrative expenses have also seen a significant decrease by 32%.
During the pre-planning meeting, the finance director made this startling revelation: “I need to emphasise the importance of us reporting a profit before tax of £1.3m. Under no circumstances can we have anything lower than this figure because this is what we have told the shareholders they can expect. The starting point for profit and loss is, therefore, what the shareholders want to see and we work up from there.”
Aggravating factor
Further discussions concerning the provisions revealed the following admission by the finance director: “The provisions are made ‘just in case’ we have any claims brought against us. I suppose you could say they are a ‘buffer’ or a ‘cushion’ against any unexpected costs.”
The analytical review carried out has already highlighted potential sources of misstatement with revenue, administrative expenses and provisions. It would appear that the provisions are not true provisions and when judged against the recognition criteria in FRS 102, Section 21 Provisions and Contingencies, they would fail to meet the recognition criteria.
It would be fair to conclude that the entity is committing the act of fraudulent financial reporting by deliberating manipulating the financial statements to achieve a pre-determined outcome for the shareholders. This is accentuated by the fact that profit before tax has remained consistent with the prior year, but revenue is significantly down.
Carefully planned audit procedures would need to be applied – particularly over the provisions for liabilities – given the reasons for their inclusion.
No system of internal control will ever be so robust that it will entirely prevent a fraud or error.
Who is responsible?
Fraud, by its very nature, can be difficult to detect. In some cases it can be years before suspicions are roused. When a fraud is discovered, it can lead to tensions within the organisation and can be a very distressing time.
When a fraud has been going on for a long time, quite often the auditors are questioned as to why they did not spot it in prior year audits. Management may often try to blame the auditor. However, ISA (UK) 240 makes it very clear that the auditor does not bear the responsibility for the prevention and detection of fraud.
Management’s responsibilities
ISA (UK) 240 states that the primary responsibility for the prevention and detection of fraud rests with those charged with governance and management of the entity. Hence, it is not the auditor’s responsibility to prevent and detect fraud.
Establishing a sound system of internal control will help to reduce the risk of fraud and error. An effective system of internal control will reduce the opportunities for fraud to arise and it will also increase the likelihood of fraud being discovered if it does arise. In addition, management should create a culture of honesty, ethical behaviour and active oversight by those charged with governance.
A weak system of internal control can easily create fraud risk factors. Management must be made aware of any weaknesses in the entity’s system of internal control that create a fraud risk factor so they can implement measures to reduce the risk of fraud arising to an acceptable level. This will involve either implementing internal controls or strengthening existing ones.
Management should be aware of fraud risks within the business, and this will inform elements of their risk assessment and any corporate governance procedures they may have in place. Where the entity has an audit committee, this committee should review these procedures to ensure that they are in place and are working effectively. This will usually be done in conjunction with the internal audit function (if one exists).
For many companies, the internal audit function is a key element in the battle against fraud. The role of internal audit is to review systems of internal control; their role is not to implement such controls because otherwise they will be reviewing their own work. The mere presence of an internal audit function can also act as a deterrent to fraud itself as there is more chance of a fraud being detected.
Auditor’s responsibilities
The auditor’s responsibility is set out clearly in ISA (UK) 240. The auditor is responsible for obtaining reasonable assurance (remember, it is not absolute assurance) about whether the financial statements as a whole are free from material misstatement because of fraud. This includes:
· identifying and assessing the risks of material misstatement of the financial statements due to fraud;
· obtaining sufficient appropriate audit evidence concerning the assessed risks of material misstatement due to fraud (this is done through designing and implementing appropriate auditor responses); and
· responding appropriately to fraud, or suspected fraud, identified during the audit.
This is an extract from Steve Collings’ book An Auditor’s Guide to Auditing Financial Statements in the UK, published by Bloomsbury Professional. AAT members are entitled to a 20% discount using the code BP-Audit20 when ordering from Bloomsbury Professional’s website.
Connect, celebrate and be inspired
Join us on Friday, 8 November, at The Brewery in London. Enjoy talks from leading experts, one-on-one clinics to answer your questions, and connect with peers at the AAT Impact Awards. Click here to find out more.
FRAUD PREVENTION