- Financial audit being post facto, it relies on evidence, often 'triangulating' it by seeking consistent evidence from multiple sources. However, collusion between management and third parties(bank officials, warehouse keepers etc) may cause the auditor to believe that audit evidence is persuasive when it is, in fact, false. For example, non existent customers may confirm debts!
- With the advent of principles based accounting rules(IFRS/Indian GAAP), it is difficult for the auditor
to determine whether misstatements in judgment areas such as accounting estimates are caused by fraud or error. At best, the auditor can insist on the company tabulating a sensitivity analysis to show range of P&L outcomes, but this may easily be overlooked. And remember that the auditor cannot second guess management judgement, even if it is at the aggressive end of a valid/possible range.
- Like most other professional standards(even other professions like valuers do this), tone at the top is assumed, that management will create a culture of honesty and ethical behavior. Investors are not babes in the wood, and often know which companies(even those in Nifty/Sensex) are not having that tone at the top. When that is the case, the investors should know that they are knowingly bearing greater fraud risk, and should not protest too much on fraud being discovered.
- While management has discretion to select and apply accounting policies(compliant with AS), auditor shall, to check for earnings management efforts, evaluate whether that choice is indicative of fraudulent reporting. Some examples(personal, not in SA 240) are including cost of land for measuring percentage completion, overuse of 'strategic investment rationale' to defer impairment charges, using gross method over net method etc. As these examples show, that risk is more for transactions involving subjective measurements and complex transactions.
- Good professionals will accept clients only when convinced of their integrity. This may make them unsuspecting.To prevent bias, SA 240 mandates professional skeptism, despite the auditor's belief that management and those charged with governance are honest and have integrity
- Fraudsters should be fooled by randomness! So an element of unpredictability in the selection of the
nature, timing and extent of audit procedures is desired.
While an auditors have an unique(less than only promoters/management) access to the books/records/operations, fraud may involve sophisticated and carefully organized schemes designed to conceal it, such as forgery, deliberate failure to record transactions, or intentional misrepresentations being made to the auditor. Auditors are capable of uncovering the fraud, but like other professionals must operate within the scope of their mandate. Fraud check would need expensive forensic accounting/investigative skills, which not all companies can afford. While law mandates having an internal audit system appropriate to the size/set up of the company, this cannot avert management fraud-where management itself overrides the system.