Auditors’ responsibilities regarding fraud

Over the past few years, it can be seen that auditors’ responsibilities towards reporting any possible gaps in the financial statements have increased exponentially.

This is primarily because of the major scandals that have greatly impacted the accounting profession as a result of the fraud.

Therefore, in order to maintain integrity and confidence in the profession of accounting, it becomes rudimentary for auditors and directors to understand their role in the prevention and detection of fraud.

ISA 240 – Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements

In this regard, a lot of governing bodies have set up laws and schemes to prevent such incidents from taking place.

ISA 240, has been specifically designed in order to reflect the auditor’s responsibilities relating to fraud in an audit of financial statements.

Specifically, this particular standard recognizes that any material misstatement in the financial statements can arise from either fraud or error.

The differentiating factor is whether the causal action that subsequently resulted in the misstatement was intentional or unintentional.

Therefore, it can be seen that the main role of the auditor in any audit is to determine if the fraud has actually occurred.

It becomes the primary responsibility of the auditor to ensure that he discloses the impact of the fraud on the overall accuracy of the published financial statements.

The external auditor is mainly responsible for obtaining reasonable assurance that the financial statements, do not have any signs of material misstatement, regardless of the misstatement being fraud or error.

Given the fact that an auditor is primarily responsible for this specific aspect, it only makes sense to imply that an auditor also has the responsibility to take ownership of his work and provide reasonable assurance that there is no fraud or error involved.

Professional Skepticism

Professional skepticism in this regard becomes highly integral for the auditor, without which it is going to be increasingly challenging to point out any material misstatements from the financial statements.

Professional skepticism basically means that that the auditor recognizes the overall possibility that a material misstatement due to fraud could occur, regardless of the auditor’s prior experience of the client’s integrity and honesty.

ISA 315 – Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

Another important responsibility of the auditor also stems from ISA 315, which is about Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment.

This requires the auditor to evaluate the overall susceptibility of their clients to fraud. The engagement team should also obtain information for use in identifying the risk of fraud when performing risk assessment procedures.

This is another important responsibility of the auditor when it comes to the identification of possible fraudulent activities in this case.

However, applying all these standards into practice still does not entirely mitigate the overall possibility of a material misstatement failing from being disclosed.

The risk of fraudulent activities, in this case, might be higher than error, primarily because of the fact that fraudulent activities are often well-planned, and well-executed.

Reporting Fraud

In the case where the auditor is able to identify fraud, he is entitled and responsible to communicate the matter on an urgent basis to the appropriate management level.

However, if the fraud involves the management, then the auditor is responsible for reporting to the people charged with governance.

Furthermore, the auditor should also consider their responsibility to report the occurrence of suspicion to a party outside the entity

Fraud: Definition, Types, Reasons, and Managing


Fraud is the intentional activity to gain personal benefit directly or indirectly illegally, against organization or entity policy. It is ultimately different from error and corruption. 

The very simple example of fraud is that the accounting staff pay salary to fake employee’s account that creates by himself is also called fraud.

In such a case, accounting staff is intentionally creating the name of the employee, and bank account order to make payment and then get a direct benefit from it. 

It happens in various forms and differently from time to time based on the situation and opportunity that fraudster has and It also based on the subject matter.

Fraud is one of the highest expenses in the organization that could lead to bankruptcy, and having a strong control should be one of the most important tasks to be done by leaders in the organization.

In this article, we will discuss the most important part of the fraud including types, reasons why it happens, and the presentation program that

Types of Fraud

Fraud is classed into two main different types,

Misappropriation of Company Assets

Misappropriation of company assets is a kind of fraud that mostly committed at the staff level by stealing company’ assets; for example, cash, inventories, care or other assets for personal use or sell.

Such kind of fraud could be prevented by setting up strong internal control, segregation of duty or job rotation.

Creating the fake customer’s name or account in order to get the commission, creating the fake suppliers’ accounts or making payment to the fake supplier is also the common type of misappropriation of assets. We will talk about its prevention in detail in this article.

Fraud over Financial Reporting

Fraud Over the Financial Statements is done by management manipulating the financial figure in the financial statements. This type of fraud is committed at the management level.

There are many ways that management could manipulate the figure in the Financial Statements.

For example, management could improve the Net Profit for the year by decreasing depreciation expenses through depreciation policies.

Normally, deprecation policies are decided by the management and yes they could affect the net profit by this.

Preparing the Financial Statements is significantly affected by many assumptions and judgments made by management and somehow management could them as the opportunity to make sure the Financial Statements look like what they want to be.

Another example of how management could commit it through Financial Statements is by revenue recognition.

Let say, the management team will be awarded the bonus if the revenue reach target gets to say, USD 100,000,000 at the ended of the year 31 December 2016.

Right now, 25 December 2016, and the sale revenue is USD 98,000,000. See, by this figure, management almost reaches its target.

In such a case, management could manipulate the sale revenue that not exists to make sure the sale revenue reaches 100M then they take the bonus.

Here is how,

Let say that, management knows that in January 2017 there will be a big contract with new customers, they then sign the contract with customers and recognize part of the revenue in 2017 as the revenue in 2016 through manipulation of accounting treatments.

In this case, if external audit and internal audit could found or figure out any error in the revenue recognition, then management could get their bonus easily.

This is how frauds happen through Financial Statements; however, it is just a simple example.

In real practice, there are many types and ways on how to manipulate the financial figure especially when management has the incentive to do it.

Why does Fraud Happen?

Well, there are many factors that lead to fraud, but here are the three common reasons cause frauds to the organization and also they are also the three factors that we need to assess whether it could possibly happen.

Inventive and Pressure

Employees in the organization have come from many different backgrounds, live style, as well as living conditions.

The study found that if the employees face financial pressure, for example, they need a lot of money to pay for car rental or home, and then they will find the way to obtain another source of finance like by borrowing from bank, company or sometimes they think about commit fraud in the company if they could. Don’t be confused with opportunity, they are different.

When people face financial pressure, they will find solutions and among the best solution, fraud could be one of them. This is how it starts.


Normally, the opportunity is the main factors lead to fraud and it results from the leak of internal control over those opportunities.

Let say, the employee are responsible for purchasing and also making payment to suppliers while there is no one control over them. See the opportunity here?

The fraud could be happening by employee paying to suppliers for those goods or products are not received by the company; in the state, by employees themselves.  

Another example is that sales staff could access that warehouse and no one control or check him whenever he took the goods in the warehouse.

By leaking of internal control on this part, the employee could see the opportunity to bring the goods outside and sell for himself.

Opportunity normally happens when there is weak internal control and putting too much trust in people who link with finance pressure.

When employees have financial pressure, and they then see opportunities, fraud could have happened.


The fraud might happen when the employee or management team think that they get less than what it should be. For example, the company this year gain a lot of profit but the management salary and bonus for them is quite small.

In such a case, it could lead them to think about if there is any way to get some more benefit. Rationalization is sometimes linking from financial pressure and opportunity.

For example, cashier work a very long time with the company and the company never have any experience with her about the cash she controls.

One time she has some financial pressure and she noted that she could make money for a while to solve her financial problem, and then she will take it without any authorization.

If the auditor found the problem, she just proves that she borrows the money and she will return it back.

So, the fraud is happened because of these three reasons: Inventive or Pressure, Opportunity, and finally, rationalization.

Managing Fraud in Your Company

  • Employee Due Diligence

Well, this is the important point to do and it normally does at the time of recruitment.

The company has to set proper recruitment policies and procedures to ensure that all-important information about employees is obtained, and the background is checked. Doing this company could minimize the risk of hiring an employee whose fraud ever committed.

  • Mandatory Job Vacation

This is one of the most recommended procedures that the company should have in order to managed fraud, especially for high-risk positions.

Those positions include payments, correction, purchasing, and sales. Sale says, the correction officer is a vacation for three weeks and replace the new one and let see if the new one found and problem made by the old. These policies are mandatory and should not have any exception.

  • Setting up Internal Audit or “Fraud Department”

Setting up the internal audit department or fraud department is one type of fraud risk management by the Board of Director and now it is globally aware and accepted word wild as an effective strategy.

For effective use of internal audit, internal audit must be a disconnect with the operation and under supervised by the audit committee or by Board. For a small company, the management and owner are the same.

No matter it is, the audit department must be under control of the owner.

  • Build the Culture of Honesty and Integrity

This is an important part of fraud risk management and morally done by top management by showing a sense of honesty and integrity.

Management should show a sense of honesty to its staff and then make it become culture and core value.

  • Whistle-blowing Policies

Well, whistle-blowing policies are morally set when the Board of Directors want to promote Honesty and Integrity in the company.

This also set when the Board believes that staff might know it has happened in the company, but they are afraid to disclose to management.

The concept of whistle-blowing is that it allows staff to report the fraud that they found to the top management, normally audit committee or board. The report could be done by email, phone or mailbox.

  • Setting up Sound Strong Internal Control

The company should set up sound string internal control for example segregation of duty, physical control. Segregation of duty; for example, one person should not control the whole process.

One person responsible for purchasing, receiving goods and paying to suppliers, for example. The security camera should be set at the warehouse, cashiers or at the other sensitives place.

Internal Auditor’s Responsibilities on Fraud

Establishing the internal audit department is part of internal control and risk management in the organization and this is the reason why the internal audit department exists.

The risks that internal auditors should oversee only limited to internal control, operational risks, compliance risk, financial risks, but also including the risk of fraud.

In this article, we will discuss the role of an internal auditor with the fraud investigation, fraud prevention, and fraud detection in the organization.

Does internal audit responsible for fraud?

Based on International Standard for the professional practice of internal auditing, 1210A—Internal auditors must have sufficient knowledge to evaluate the Risk of Fraud and the manner in which it is managed by the organization but are not expected to have the expertise of a person whose primary responsibilities are detecting and investigating fraud.

Based on this, we are very clear that the Internal Auditor is expected to have and maintain its knowledge—qualification and awareness about the industry, organization as well as the business activities in order to help them to be able to assess the risks fraud which could happen in the company.

However, the responsibilities to detect fraud in the company are not auditor primary responsibilities, and also they do not require to be an expert in this area. The risk of fraud still primarily responsible for management.

However, 2120.A2 stated that the audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.

This means internal audit has to have the proper risk assessment in what areas that the risk of fraud is likely to happen.

At this point, the internal audit does also has responsibilities on fraud risk, but the responsibilities are indirect.

The gaps of misunderstanding among shareholders, public, management, and audit about the roles of internal audit-related to fraud still big, and there are many debates about this.

For example, when there is fraud happened in an organization, there will be the questions from the shareholders, management as well as the public what is the internal audit doing? Why the frauds are not detected by them?

Just like an external auditor, Internal Audit is independent of the operation and the main responsibilities to fraud are still with management. Fraud is the action that intentionally commits by people and it is difficult to detect.

Moreover, its management is the one who committed that fraud, then it’s hard for both external and internal auditors to control and detect.

To avoid these Responsibilities, any audit engagements must clearly define the role of internal audit about the fraud clearly so that the confusion maybe minimize.

The auditor might need to have properly met and explained to them verbally before going into a formal agreement.

Hopefully, this article provides you with some more understanding about the role and responsibilities of internal auditors related to fraud that happens in the organization.

In case you have any questions and want us to clarify some points in this article. Please just leave a comment below.