TWSA240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements

Status

Revised by Auditing Standards Committee in Taiwan on 4 October, 2022

Summary

This Standard deals with the auditor’s responsibilities relating to fraud in an audit of financial statements.

The primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. An auditor conducting an audit in accordance with TWSAs is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed in accordance with the TWSAs.

When obtaining reasonable assurance, the auditor is responsible for maintaining professional skepticism throughout the audit, considering the potential for management override of controls and recognizing the fact that audit procedures that are effective for detecting error may not be effective in detecting fraud.

The auditor shall maintain professional skepticism throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor’s past experience of the honesty and integrity of the entity’s management and those charged with governance.

The discussion among the engagement team members shall place particular emphasis on how and where the entity’s financial statements may be susceptible to material misstatement due to fraud, including how fraud might occur.

When performing risk assessment procedures and related activities to obtain an understanding of the entity and its environment, including the entity’s internal control, the auditor shall perform the following procedures to obtain information for use in identifying the risks of material misstatement due to fraud:

1.Make inquiries of management regarding:

(a)  Management’s assessment of the risk that the financial statements maybe materially misstated due to fraud;

(b)  Management’s process for identifying and responding to the risks of fraud in the entity;

(c)  Management’s communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud in the entity; and

(d)  Management’s communication, if any, to employees regarding its views on business practices and ethical behavior.

2.   Make inquiries of management, appropriate individuals within the internal audit function (if any), and others within the entity as appropriate, to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity.

3.   Obtain an understanding of how those charged with governance exercise oversight of management’s processes for identifying and responding to the risks of fraud in the entity and the internal control that management has established to mitigate these risks, and make inquiries of those charged with governance to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity.

4.   Evaluate whether unusual or unexpected relationships that have been identified in performing analytical procedures.

5.   Consider whether other information obtained by the auditor indicates risks of material misstatement due to fraud.

6.   Evaluate whether the information obtained from the other risk assessment procedures and related activities performed indicates that one or more fraud risk factors are present.

When identifying and assessing the risks of material misstatement due to fraud, the auditor shall, based on a presumption that there are risks of fraud in revenue recognition, evaluate which types of revenue, revenue transactions or assertions give rise to such risks, and treat those assessed risks of material misstatement due to fraud as significant risks.

In determining overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level, the auditor shall:

1.   Assign and supervise personnel taking account of the knowledge, skill and ability of the individuals to be given significant engagement responsibilities and the auditor’s assessment of the risks of material misstatement due to fraud for the engagement;

2.   Evaluate whether the selection and application of accounting policies by the entity may be indicative of fraudulent financial reporting resulting from management’s effort to manage earnings; and

3.   Incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures.

The auditor shall design and perform further audit procedures whose nature, timing and extent are responsive to the assessed risks of material misstatement due to fraud at the assertion level. In addition, irrespective of the auditor’s assessment of the risks of management override of controls, the auditor shall design and perform audit procedures to:

1.    Test the appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements.

2.   Review accounting estimates for biases and evaluate whether the circumstances producing the bias, if any, represent a risk of material misstatement due to fraud.

3.   For significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual given the auditor’s understanding of the entity and its environment and other information obtained during the audit, the auditor shall evaluate whether the business rationale (or the lack thereof) of the transactions suggests that they may have been entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets.

The auditor shall evaluate whether analytical procedures that are performed near the end of the audit, when forming an overall conclusion as to whether the financial statements are consistent with the auditor’s understanding of the entity, indicate a previously unrecognized risk of material misstatement due to fraud.

1.   Determine the professional and legal responsibilities applicable in the circumstances;

2.   Consider whether it is appropriate to withdraw from the engagement, where withdrawal is possible under applicable law or regulation; and

3.   If the auditor withdraws, the auditor shall discuss with the appropriate level of management and those charged with governance the auditor’s withdrawal from the engagement and the reasons for the withdrawal and determine whether there is a professional or legal requirement to report to the person or persons who made the audit appointment or, in some cases, to regulatory authorities, the auditor’s withdrawal from the engagement and the reasons for the withdrawal.

Effective date

This Standard is effective 15 December, 2022.