Appendix 1: How irregularities, including fraud are addressed in other ISAs (UK)
This guide concentrates on the requirements for reporting in the auditor’s report, but for reference we include below the requirements of other ISAs (UK) with respect to the auditor’s responsibilities for irregularities, including fraud.
ISA (UK) 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing (UK) states that ‘the auditor shall maintain professional scepticism throughout the audit, recognising the possibility of a material misstatement due to facts or behaviour indicating irregularities, including fraud, or error, notwithstanding the auditor's past experience of the honesty and integrity of the entity's management and of those charged with governance’.
ISA (UK) 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements states that ‘for audits of financial statements of PIEs, when an auditor suspects or has reasonable grounds to suspect that irregularities, including fraud with regard to the financial statements of the entity, may occur or has occurred, the auditor shall, unless prohibited by law or regulation, inform the entity and invite it to investigate the matter and take appropriate measures to deal with such irregularities and to prevent any recurrence of such irregularities in the future’.
According to ISA (UK) 240 auditors must (unless prohibited by law or regulation) evaluate the risk of misstatements in financial statements arising from fraud; and report suspected fraud cases to those charged with governance / management.
For audits of financial statements of PIEs, if the company refuses to investigate the potential fraud, the auditor has a duty to inform the authorities responsible for investigating such irregularities. There is also a duty to report any actual or suspected non-compliance with laws and regulations to the audit committee. Auditors should also be aware that tipping off the entity about potential breaches of money laundering rules due to non-compliance may be prohibited under UK law. ICAEW’s Technical Advisory Service gives further guidance in its helpsheet on tipping off.
ISA (UK) 240 also states that auditors should use professional judgment when considering whether to report irregularities to authorities if they decide that a PIE has not taken appropriate action to deal with the actual or potential risks of fraud identified or the action taken would fail to prevent future occurrences of fraud.
ISA (UK) 250A Consideration of Laws and Regulations in an Audit of Financial Statements describes the auditor’s consideration of compliance with laws and regulations, including audit procedures when non-compliance is identified or suspected, communicating with those charged with governance, and implications on the financial statements.
ISA (UK) 250A states that if management or, as appropriate, those charged with governance do not provide sufficient information that supports that the entity is in compliance with laws and regulations and, in the auditor's judgment, the effect of the suspected non-compliance may be material to the financial statements, the auditor shall consider the need to obtain legal advice. ISA (UK) 250A (Revised November 2019) built on the December 2017 version to further define ‘material’ as ‘either quantitatively or qualitatively, and where there is more than one occurrence both individually and in aggregate’.