By Fergal McManus, Account Manager, Ireland & Channel Islands at Confirmation, part of Thomson Reuters
In July, the Irish Times published an article: “Irish auditors face increased pressure to detect fraud”. This increased pressure stems from the Irish Auditing and Accounting Supervisory Authority (IAASA), which had begun consulting on its exposure draft of ISA (Ireland) 240, defining the auditor's responsibilities relating to fraud in an audit of financial statements.
The newspaper went on to report that “the IAASA is planning to put a greater onus on auditors to look for potential fraud in company accounts, following on from a series of financial scandals” in the UK.
And in its recent publication, Developments in Audit 2020, the FRC reported that audit quality remains inconsistent, with 49 out of the 130 audits inspected in their 2019/20 inspection cycle requiring improvement. What is driving this inconsistent audit quality, and how can we achieve a healthier and more resilient audit market?
The FRC’s own analysis echoed one of Sir Donald Brydon’s key findings, that auditors need to be more energetic in their investigations, providing “appropriate challenge to management, assessing critically information and explanations received for signs of over-optimism, judgmental bias or possible fraud”.
The IAASA gave a clear indication of its intentions in its recent comment letter to the international regulator, asserting that the “difficulty in detecting material misstatements in the financial statements resulting from fraud does not reduce the auditor’s responsibility”.
The revised ISA (Ireland) 240 sets out that responsibility very clearly. It insists that auditors interrogate management about their assessment of the risk of fraud, and it obliges auditors to maintain a questioning approach to their assignments – one of professional skepticism.
This includes “being alert for conditions that indicate a record or document may not be authentic” and being aware that “collusion may cause the auditor to believe that audit evidence is persuasive when it is, in fact, false”. For example, can a confirmation from a particular third party be authenticated, and is it reliable as audit evidence?
During the research for Confirmation’s recent white paper, Welcome to the new era of audit quality and efficiency, we discovered that the postal service is used by 30% of auditors and email by 28%. Such legacy practices, which are found within most audit firms, make it harder to obtain reliable evidence, and they have a negative impact on the quality of audits.
In this context, it is essential that firms seek to benefit from the growing range of audit technologies. ISA (Ireland) 240 emphasises the value of using automated tools and techniques, such as advanced data analytics software which trawls for “unusual or unexpected relationships” that may indicate fraudulent misstatement.
ISA (Ireland) 240 also recommends that audit engagement team members exchange ideas and working collaboratively to identify potential fraud. They are encouraged to develop specialised skills and knowledge (for example, in using the available technology effectively), design and perform suitable risk assessment procedures, and document their findings in detail.
By publishing its revised version of ISA 240, the IAASA has followed the FRC in defining a practical and rigorous approach to fraud detection. This initiative is a vital means of raising audit quality and improving the reputation of the audit profession, one that auditors in Ireland and internationally should be eager to adopt.
Confirmation, part of Thomson Reuters, pioneered the idea of digital confirmations in 2000 and still leads the industry today. More than 16,000 audit firms, 4,000 banks and departments, and 5,000 law firms have put our platform to work. We span 170 countries and process more than one trillion dollars in confirmations each year.
(This article is sponsored by Confirmation.)