ICAEW.com works better with JavaScript enabled.

Auditor obligations on fraud in the spotlight

Author: ICAEW Insights

Published: 29 Aug 2024

Recent regulatory action highlights the importance of remaining alive to the risks of fraud. Auditors must be aware of how legal requirements and auditing standards guide obligations when reporting suspicions of fraudulent activities.

The primary role of auditors is to provide an opinion on the truth and fairness of the financial statements. Given their access to financial information and sensitive records, auditors are often best placed to detect discrepancies and potential fraud that might otherwise go unnoticed. 

According to ISA 240, auditors must obtain reasonable assurance that financial statements are free from material misstatements, whether caused by fraud or by error. This responsibility extends to a legal duty to report suspicions of fraud to regulators.

Substantial fines serve as a stark reminder of the severe consequences that can arise when auditors do not adequately discharge their responsibilities. Such penalties highlight the risks of failing to identify and report significant issues in a timely manner.

Auditing regulated entities

Under the Financial Services and Markets Act 2000 (FSMA), auditors of regulated entities are required to disclose information or opinions relevant to the regulator's functions, as stated in sections 342(5) and 343(5) of the Act. 

This includes any suspicions of fraud that could impact the Financial Conduct Authority’s (FCA) Principles for Business and/or the Threshold Conditions for authorisation set by both the FCA and the Prudential Regulation Authority (PRA). 

To enable information-sharing and to protect auditors, FSMA permits auditors to communicate confidential or sensitive information to the regulator if they reasonably believe it is relevant to the regulator's functions.

In instances where an auditor reasonably believes that fraud or other serious irregularities have occurred, especially involving individuals in governance, they are legally obliged to report these suspicions to the appropriate regulator without delay. While FSMA provides the legal framework, the professional standard ISA 250B (Revised) further elaborates on the auditor's duty to report.

According to ISA 250B, para 12, when an apparent breach of statutory or regulatory requirements comes to the auditor’s attention, including instances of suspected fraud, the auditor must:

  • Obtain available evidence to assess the implications for their reporting responsibilities.
  • Determine whether there is reasonable cause to believe that the breach is of material significance to the regulator.
  • Consider whether the breach constitutes criminal conduct that should be reported to the appropriate authorities.

Should a suspicion be reported?

When considering whether to report a suspicion of fraud, auditors might reflect on a range of important questions, including:

  • Is there missing or incomplete documentation that raises concerns?
  • Are there significant discrepancies between financial records and supporting evidence?
  • Do any transactions lack a legitimate business purpose?
  • Is management being defensive or obstructive in response to my enquiries?
  • Have I noticed any pressure to approve financial statements despite unresolved issues?
  • Would I be comfortable justifying my decision not to report these suspicions if scrutinised later?

In situations when auditors encounter a suspected fraud or breach, they might typically seek evidence to understand its implications before reporting it to the regulator. However, Article 28 of ISA 250B explains that their responsibility to report does not require a complete assessment of the breach's full impact beforehand. 

Instead, auditors will need to exercise professional judgement to determine whether there is reasonable cause to believe the matter is or could be materially significant to the regulator. 

To make this judgement, auditors might conduct appropriate investigations, including: 

  • reviewing relevant audit evidence; 
  • speaking with relevant staff and those charged with governance (where appropriate to do so); and 
  • reviewing related correspondence and documents to the transaction or event concerned.

It is worth noting that an apparent breach of statutory or regulatory requirements does not automatically trigger a statutory duty to report to a regulator. 

For example, as per Article 27 of ISA 250B, a minor breach that has been corrected and reported by the regulated entity and appears isolated may not warrant reporting. 

When deciding whether a breach requires a statutory report to a regulator, auditors might consider factors such as:

  • whether the breach suggests a broader compliance issue;
  • whether it has been rectified and reported by the entity;
  • whether ongoing issues or a lack of corrective action persist; and
  • whether immediate reporting is necessary to protect stakeholders.

The determination as to whether to report is also explored in para 44 of ISA 240. The standard recognises that decisions around reporting involve complex considerations and professional judgements, prompting the auditor in some cases to seek internal consultation within their firm. 

Furthermore, the auditor may consider obtaining legal advice to fully understand their options and the professional or legal implications of any potential actions.

Prompt action is required

The FSMA and ISA 250B emphasise the need for timely reporting. When suspicions of fraud arise, auditors must act quickly, as delaying a report can allow fraudulent activities to continue, potentially worsening financial damage. 

Failing to meet these obligations can have severe consequences. The substantial penalties recently imposed on audit firms underscore the seriousness of these duties and serve as a cautionary reminder to the auditing profession of the dangers of inaction. 

Audit reform

The long-awaited legislation to establish ARGA was put back on the agenda in 2024. ICAEW unpacks the key issues around audit and corporate governance reform.

A person working at a desk covered in papers, a notepad and a calculator

More audit and assurance resources

ICAEW Faculty
ICAEW's Audit and Assurance Faculty can help you stay ahead of the curve with its essential guidance and technical advice.
Audit and Assurance

An internationally recognised network of professionals focused on keeping ahead of the changes to the audit and assurance landscape.

Find out more
Latest support
lego pieces building blocks red blue green yellow on a blue background
Audit and Beyond

Audit & Beyond provides topical features and opinion pieces on audit and assurance, plus all the latest news and developments.

Read more See the archive
ICAEW support
A hand holding a magnifying glass looking at some papers
Training and events

Browse upcoming and on-demand ICAEW events, webinars and training on audit and assurance. Don't miss the latest developments in practice and regulation.

Events and webinars CPD courses and more
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields

Add this page to your CPD activity

Step 2 of 3
Mandatory field

Add activity to my record

Step 3 of 3
Mandatory field

Activity added

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250