The issues of fraud and going concern in an audit of financial statements are an important topic in standard setting. This article covers the Institute’s response to a discussion paper on the topics and potentially enhancing the auditing standards.
In February, the Hong Kong Institute of CPAs responded to the International Auditing and Assurance Standards Board’s (IAASB) Discussion Paper Fraud and Going Concern in an Audit of Financial Statements. Through the paper, the IAASB is investigating whether the International Standards on Auditing (ISAs) related to fraud and going concern need to be updated and explored possible actions to help narrow the expectation gap by seeking comments from stakeholders. The submission is available on the Institute’s website.
The expectation gap
The expectation gap between what the public expects that auditors do, and what auditors actually do, has long been an issue for the profession. A 2019 paper from the Association of Chartered Certified Accountants proposed three components of the expectation gap: knowledge, performance, and evolution. The Institute’s outreach to stakeholders helped to inform its view that the gap is mainly a combination of the knowledge gap and the evolution gap.
The knowledge gap
The knowledge gap comes from the observation that the general public and audit report users may not have a thorough understanding or knowledge of the role of auditors, and the approaches used and procedures they carry out under the auditing standards. Hence, the public may over-expect what auditors actually do during an audit engagement.
The evolution gap
The business world is constantly changing, and though we believe the extant auditing standards remain robust and fit for purpose, stakeholders who are preparers of financial statements expressed observations that the current auditing standards may not have kept up with the rapid changes in financial markets and technological advancements. This lag in the development of new standards is identified as the evolution gap.
Based on the feedback from stakeholders, the Institute recommend that the IAASB work with accountancy bodies and standard setters to educate the general public, and is willing to help organize forums or develop publications in Hong Kong. A full understanding of the work performed by auditors and its limitations and the responsibility of those charged with governance (TCWG) related to fraud and going concern would be helpful to narrow the expectation gap.
Current requirements in relation to fraud in an audit of financial statements
The ISAs prescribe specific procedures targeted at identifying and assessing risks of material misstatement, including procedures targeted at identifying risks of material misstatement arising from fraud, and procedures to respond to those risks. The standards also require the auditor to evaluate the implications when a possible misstatement may be indicative of fraud.
The paper notes however, that due to the inherent limitations of an audit, where most of the audit evidence obtained is persuasive rather than conclusive, there is always the unavoidable risk that some material misstatements may not be identified.
The paper asks whether enhanced audit procedures, including the use of specialists, are needed to account for the risks of missing fraud.
The Institute’s views
The Institute agrees that there may be certain entities or circumstances when it is appropriate to enhance procedures, but does not agree that engaging forensic specialists should be mandatory for every audit. As audit is not a forensic investigation process, and the mandatory use of forensic specialists would involve significant costs and may cause inefficiencies.
Engaging forensic specialists for certain regulated entities (e.g. banks, insurance companies with high-risk-financial instruments) may be reasonable since fraud activities arising in these entities are usually sophisticated and concealed, and may be difficult to be discovered by standard audit procedures. For other entities, including listed entities, unless red-flags or risk factors are identified during the audit, the audit team should not be mandated to engage forensic specialists. The Institute suggests that the IAASB develops guidance for circumstances in which audit teams should engage or consult with forensic specialists.
Auditors need to assess cautiously, both qualitative and quantitative indicators, to determine whether an identified non-material fraud is truly inconsequential and thus requires no further audit procedures. It is also important for auditors to communicate with appropriate stakeholders, such as TCWG, when non-material fraud is identified. The Institute also agrees that the audit should focus on the fraud related to financial statement audit as it would be extremely challenging for the auditor if fraud related to a third party is also included in the scope of an audit.
The IAASB should carefully consider incorporating the concept of “suspicious mindset” in its auditing pronouncements. The term “suspicious mindset” appears to extend far beyond the current professional scepticism concept, and some stakeholders have questioned whether this would mean the auditor needs to presume the client to be incorrect until proven otherwise. Some stakeholders commented to the Institute that being overly suspicious may lead to low audit efficiency and put relationships with audit clients in jeopardy.
The IAASB would also need to provide guidance under what circumstances auditors should have a suspicious mindset, instead of applying professional scepticism.
Current requirements in relation to going concern in an audit of financial statements
The “going concern” basis of accounting prepares financial statements on the assumption that an entity will continue its operations for the foreseeable future. An entity’s management must make an assessment of its ability to continue as a going concern when preparing the financial statements, which provides the foundation for the auditor’s procedures.
The Institute’s views
Our stakeholders generally consider the extant audit requirements for the assessment of the appropriateness of the management’s use of the going concern basis of accounting sufficient.
Some stakeholders commented that the auditor should consider and evaluate management’s assessment of the entity’s ability to continue as a going concern over a period of at least 12 months from the date of approval of the financial statements. Different jurisdictions and regulations have divergent requirements for the period subject to the going concern assessment – whether it should be from the date of the balance sheet or the date of the audit report. Alignment of the going concern assessment period across jurisdictions could enhance the comparability of financial statements and help to reduce the expectation gap. The same stakeholders also indicated the going concern assessment period for a period of at least 12 months from the date of approval of the financial statements could provide a longer period. The Institute would encourage the IAASB to communicate with international accounting standard setters to explore whether the disclosure and basis for going concern assessment should be re-considered and updated to meet stakeholders’ expectations.
While we acknowledge that disclosure on an entity’s going concern by way of emphasis of matter paragraph, key audit matter paragraph etc in auditor’s reports would be an alert to users of financial statements and helps to narrow the gap, it would not fully eliminate the expectation gap due to an unpredictable material uncertainty that is beyond the control of management – for example, the current outbreak of COVID-19. A stakeholder also indicated that the auditor’s approach and evidence obtained to assess an entity’s going concern should be included in the audit report.
The IAASB was also interested in perspectives about whether more information is needed in the auditor’s report regarding fraud or going concern and about the auditor’s communication with TCWG.
The Institute’s views
Good corporate culture and integrity of the management team lay the foundations of corporate governance and internal controls system of the entity, which is important to detect and prevent fraudulent activities in an entity. The importance of setting the “tone at the top” by senior management should be periodically reiterated. The Institute recommends that the IAASB together with professional accountancy bodies continuously educate stakeholders that not all misstatements in the financial statements will be detected, even though the audit is properly planned and performed in accordance with ISAs.
While the current auditing standards do not require auditors to express an opinion on an entity’s internal controls over financial reporting, the Institute suggests that the IAASB and professional accountancy bodies highlight the value an audit brings (e.g. identification of weak internal controls) to management and TCWG. Given that all parties in the financial ecosystem have a role to play, the Institute also recommends that the IAASB to communicate with relevant regulators to consider if additional provisions (such as disclosures by entities on internal controls over financial reporting or an assurance report on the effectiveness of internal controls) may be useful.
This article was contributed by the Institute’s Standard Setting Department