Inflo responds to ISA (UK) 240 consultation

It is a pivotal time for the audit market in the UK and overseas against a backdrop of increased scrutiny of the accounting profession and several high-profile instances of fraud. With several fraud cases unravelling in 2020 such as Luckin Coffee and Wirecard, the spotlight is firmly on the auditor and their ability to detect fraudulent activity.

Only recently, the Royal United Services Institute (RUSI) suggested in a BBC article that fraud has reached epidemic levels in the UK and should be seen as a national security issue. The digitalisation of everyday life – accelerated by the current pandemic – has only increased these risks.

Standard setters have taken note and are looking to address concerns. The Financial Reporting Council (FRC) are keen to ensure the UK leads on this challenge, jumping ahead of the IAASB’s international review. In developing proposed revisions to ISA (UK) 240, the FRC’s seeks to address concerns regarding the relevance of audit and auditor responsibilities regarding fraud, as well as points noted in reviews such as Sir Donald Brydon’s 2019 Independent Review into the Quality and Effectiveness of Audit.

What is being proposed?

The FRC has opened a consultation on the proposed revision of ISA (UK) 240 (Updated January 2020) – The Auditor’s responsibilities Relating to Fraud in an Audit of Financial Statements.

It is a critical audit standard and contains a significant number of requirements designed to assist the auditor in identifying and assessing the risk of material misstatement due to fraud and in designing procedures to detect such misstatement.

Being over 16 years since the standard was last substantively revised, the amended standard emphasises that auditors must actively obtain “reasonable assurance” that the financial statements are free from fraud, not simply assess risks and react to them.

Why have we responded?

Our work with accounting firms, as well as Professional Bodies and international networks, provides us with a unique perspective on the UK and global audit market.

We have taken the opportunity to respond on the consultation as many of our customers, utilising Inflo to enhance their audit services, fall under the scope of the FRC’s regulation.

Supporting positive changes that will make a difference

By and large, we believe the revisions proposed, and specifically the references regarding frauds or suspected frauds potentially being material due to qualitative factors, are beneficial.

As part of the proposed revision of ISA (UK) 240, references to ‘computer assisted audit techniques’ have been updated to automated tools and techniques (ATT) as the FRC have identified that these may enable more extensive testing and assist in identifying unusual transactions or relationships. We believe ATT’s play a key role here.

Based on the changes discussed regarding journal entries, we believe the changes within paragraph 32 (a) will be helpful in clarifying some common misconceptions regarding procedures in response to fraud. The clearer articulation that journal entries include both manual and automated entries should ensure auditors no longer inappropriately exclude from journal entry testing transactions which they are assuming to be automated.

In addition, we consider any manual audit techniques which may currently be deployed by auditors to test journal entries will be ineffective across an expanded population, inclusive of automated journals throughout the period. We believe this is likely to require a greater adoption of automated tools and techniques to perform these procedures, which would benefit the quality of audit work in relation to fraud as well as the broader risk assessment and evidence gathering process.

As auditors continue to increase their use of data within the audit process, the assessment of risk and expected level of testing over the reliability and accuracy of input data, as well as management tampering, is a vital component in the adoption of ATTs. ATTs themselves can provide solutions to this problem, in particular automated data ingestion techniques which extract data using techniques that eliminate the opportunity for tampering by management, or error by auditors.

Revenue recognition is a long-established area of focus in relation to fraud, we believe consideration should also be given to a rebuttable presumption being introduced regarding cash and cash equivalents. Cash and cash equivalents are quite uniquely relevant to both the misappropriation of assets and fraudulent financial reporting. They are a highly desirable asset for a perpetrator of fraud, while often the exposure point for more complex and sophisticated frauds, where an entity is unable to demonstrate the expected outputs of, for example, fraudulent overstatement of revenue.

Were a rebuttable presumption of fraud to be introduced regarding cash and cash equivalents, then it would be worthwhile considering the requirement to perform robust audit procedures such as external confirmation of bank accounts. Yet even were this risk regarding cash and cash equivalents highlighted in such a way, the ability to rebut the risk would make it impractical to make related procedures required for all audits. A solution here is Confirmation. Confirmation pioneered the idea of digital confirmations and is a secure, online platform that allows auditors to control the audit confirmation process from start to finish. It allows banks to respond quickly and accurately to those audit requests.

You can read our full detailed response here.

Keen to learn more about Inflo and its modules? Or maybe you want to know how Inflo handles processes such as data ingestion? Read our latest blog today!