Reporting on irregularities, including fraud, has always been a requirement for large, listed entities (known as Public Interest Entities or PIEs in the legislation).
A revised version of ISA (UK) 700 was issued in January 2020, extending this requirement to all statutory audits.
The regulatory authorities determined that the revision was necessary following corporate collapses such as Patisserie Valerie, aiming to reduce the difference between the general public’s perception of what auditors do, in relation to fraud, and the actual audit work required by auditing standards.
The revised ISA came into force for periods commencing on or after 15 December 2019 (so practically speaking, December 2020 year end accounts onwards) and requires the auditor to explain to what extent the audit was considered capable of detecting irregularities, including fraud.
So what does this actually mean for audit reports? Essentially they will now be longer, as they must explain how the auditor has addressed the likely areas where irregularities including fraud, could occur and the work which was carried out to satisfy the auditor the accounts were materially correct.
In explaining the capability of the audit to detect irregularities, including fraud, the auditor should consider, among other things:
•whether any laws and regulations were identified by the auditor as being significant to the entity;
•how the auditor obtained an understanding of the legal and regulatory framework applicable to the entity and how the entity is complying with that framework;
•the auditor’s assessment of the susceptibility of the entity’s financial statements to material misstatement, including how fraud might occur;
•the engagement partners must also assess whether the engagement team had the appropriate competence and capabilities to identify non-compliance with laws and regulations;
•the auditor’s understanding of the entity’s activities, plus where it is a regulated entity (e.g. FCA registered) the scope of its authorisation and the effectiveness of its internal control environment;
•if the audit is a group audit, the auditor must consider how they addressed these matters at both the group and component level; and
•communications with the engagement team regarding non-compliance with laws and regulations and fraud.
When considering how the audit approach has affected the likelihood of detection of irregularities, the auditor should review the nature, timing and extent of audit procedures performed and consider other influencing factors, such as the inherent difficulty in detecting fraud or irregularities and the effectiveness of the entity’s controls.
For the users of the accounts, the explicit detailing of audit work carried out which may detect fraud should provide useful additional information. However, the tendency of the accounting profession towards “boilerplate” standard reports and over-use of jargon may end up rendering the additional information useless.
It is also questionable whether the stated aims of the regulators will be achieved by this change – for example, how many non-accountants, even experienced investors, actually read a company audit report anyway? Following on from that, will making the reports longer and more complicated lead to more or less people reading them? Time will tell, but I certainly doubt it.