FRC pushes for clarity on audit’s role in finding fraud

The Financial Reporting Council (FRC) has released a consultation on the proposed revision of its standard on audit responsibilities relating to fraud in financial statements (ISA 240) in the hopes it can clarify what an audit firm’s duties should be with regard to looking for, and reporting, potential fraud.

The proposed revisions are intended to “provide increased clarity” on auditors’ responsibilities to spot fraud, as well as to expand the requirements on an auditor to identify the “risk of material misstatement due to fraud,” the FRC said.

The proposed changes also reflect regulatory fears that companies will be tempted to hide the scale of their financial losses as the effects of the coronavirus pandemic continue to dent balance sheets.

ISA 240 came into effect in 2004 and is meant to help auditors identify and assess the risks of material misstatement due to fraud in company’s financial accounts, as well as help them design procedures to detect such misstatement. But there is little requirement for them to do much else, leading to examples of woeful inaction where audit firms should clearly have acted.

Although its provisions have been tinkered with slightly (the last time was in January), the standard has not faced any major revision in 16 years—despite a catalogue of corporate collapses and accounting scandals at Carillion, BHS, and Autonomy (and others) where the audit firms involved failed to spot serious signs of accounting fraud.

The International Auditing and Assurance Standards Board is commencing its own review of ISA 240, but the FRC said it could be several years before that revision is finalized.

The FRC said: “We believe it is important to act now to address immediate concerns about the auditor’s responsibilities in respect of fraud.”

Mark Babington, the FRC’s executive director of regulatory standards, said in a statement that to avoid “some of the misunderstandings that have been communicated around the auditor’s responsibilities in respect of fraud,” the revised standard would make auditors’ obligations clearer, enhance the risk assessment they carry out, and set clearer requirements for what the auditor then does.

The consultation runs until Jan. 29, 2021. When finalized, the revised U.K. standard is proposed to be effective for audits of periods commencing on or after Dec. 15, 2021, with early adoption permitted.

Fears over audit quality were exacerbated when the chief executive of auditor Grant Thornton said his firm was not looking for fraud when it missed a £94 million (U.S. $123 million) black hole in the accounts of café chain Patisserie Valerie, which briefly went into administration in January 2019 before being rescued in a management buyout.

In his review into the quality and effectiveness of audit published last December, Sir Donald Brydon, the former chairman of the London Stock Exchange, raised concerns about a lack of clarity in the rules for auditors regarding looking at fraud risks.

To address those concerns, he recommended putting in place measures around fraud detection and prevention; the introduction of suspicion into the qualities of auditing; the extension of the concept of auditing to areas beyond financial statements; and obligations for auditors to acknowledge external signals of concern.

The FRC has said the proposed new standard would address Brydon’s concerns—at least in terms of clarifying auditors’ duties in assessing fraud risks.

The Big Four have said they are “supportive” of the consultation, though that does not necessarily mean they are all in favor of additional responsibilities.

In a statement, EY said that while “the profession continues to evolve to meet the needs of stakeholders and serve the public interest,” it added that “holistic reform is required to enhance audit, corporate reporting, and the corporate governance ecosystem” which “must include improved director accountability and expansion of the scope of the audit.” EY also said that “management, boards and the regulations that govern their company conduct are ultimately the first lines of defense.”

PwC said in a statement that “clarity around the responsibilities of auditors is helpful for all stakeholders who rely on audited financial information.”