ISA 240 The Auditor's Responsibilities Relating to Fraud

Fraud is the audit risk that keeps engagement partners awake at night. ISA 240 sets a high bar — auditors must maintain professional scepticism and actively look for fraud, not just rely on management representations. This guide covers what the standard requires and where the real judgement calls lie.

The Auditor's Mindset: Professional Scepticism

ISA 240 requires auditors to maintain professional scepticism throughout the engagement — an attitude that includes a questioning mind and critical assessment of evidence. This means not accepting explanations at face value, pursuing inconsistencies, and specifically considering whether information received might indicate fraud. The standard also requires a team discussion at the planning stage specifically to consider how fraud might occur.

The Fraud Triangle

The fraud triangle — incentive/pressure, opportunity, and rationalisation — provides the conceptual framework. Auditors assess these conditions when identifying fraud risks. High incentive (management bonuses tied to profit targets), weak opportunity controls (inadequate segregation of duties), and rationalisation ("everyone does it") together create fertile conditions for fraud.

Presumed Risk: Revenue Recognition

ISA 240 requires auditors to presume there is a fraud risk related to revenue recognition in all audits. This presumption can be rebutted, but only with documented reasons. In practice, this means revenue recognition procedures must be specifically designed to address fraud risk — not just error risk.

Specific Audit Responses

When significant fraud risks are identified, the auditor must respond at both the overall level (more experienced staff, increased unpredictability, greater scepticism in evaluating evidence) and the assertion level (specific procedures targeting the identified risk). For management override of controls — always a risk regardless of the control environment — the auditor must test journal entries, review accounting estimates for bias, and evaluate significant transactions outside the normal course.

When Fraud Is Identified or Suspected

The auditor must evaluate the implications for the audit, consider whether the fraud is material, and communicate promptly to the appropriate level. Fraud by senior management or material fraud must go to those charged with governance. Withdrawal from the engagement is a last resort but may be appropriate where the auditor cannot obtain sufficient appropriate evidence or where continuing would compromise their integrity.

Further Reading

• ISA 300 Planning an Audit
• Auditor Ethics and Independence
• Audit CPD

Study with Learnsignal: Audit CPD for qualified accountants. Browse CPD.