Question

1a.) “A system of internal control can only give reasonable assurance against fraud and error, rather than absolute assurance.”

Explain this statement, giving practical examples to illustrate your points.

b.) Auditing Standards identify a number of types of fraud. Define these different types of fraud, giving examples of each.

c.) Why should the auditing profession be unwilling to take full responsibility for the prevention and detection of fraud as part of the annual statutory audit?

Answer 1

(a) "A system of internal control can only give reasonable assurance against fraud and error, rather than absolute assurance."

Absolute assurance is the highest level of assurance an auditor can provide. This is possible only when the auditor checks each and every transaction in detail. However, due to time & cost constraint, this is not possible. Hence, an auditor restricts his audit based on samples selected and their indepth audit testing and control checks. Based on the outcome of these samples, an auditor can only provide reasonable assurance that the controls are in place against fraud and error but can't provide absolute assurance as to the correctness of each and every transaction. Also, the audit requires lot of judgements to be applied during the audit process. An auditor can't provide absolute assurance based on the judgement made in his professional capacity with limited audit review and testing.

Examples of reasonable & limited assurance include:

• assurance on meeting compliance requirements
• assurance on meeting regulatory requirements
• assurance on policy adherence

(b) Audting Standards identify a number of types of fraud.

While there can be multiple types of fraud, Public Company Accounting Oversight Board (PCAOB) has defined and specified types of fraud under AS 2401: Consideration of Fraud in a Financial Statements Audit

It not only defines fraud but also specifies it's risks and response mechanism.

As per AS 2401, fraud is an intentional act that results in a material misstatement in financial statements that are the subject of an audit.

Broadly, two types of misstatements are considered relevant:

1. Misstatement arising from fraudulent financial reporting - They are intentional misstatements or omissions of amounts or disclosures in financial statements designed to deceive it's end users and may be accomplished by following:
   1. Manipulation, falsification or alteration of accounting records - e.g. Creation of fake/false invoices and vouchers to support payment
   2. Misrepresentation in or intentional omission from the financial statements of events, transactions, or other significant information - e.g. Non-disclosure of bad debts, legal cases lost, future liabilities
   3. Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure - e.g. Calculation of inventory based on different methods for different periods to reflect lesser profits & evade taxes, unapproved changes in depreciation calculation
2. Misstatements arising from misappropriation of assets - This involves theft of company's assets where the effect of the theft causes the financial statements not to be presented in conformity with GAAP. They may be accompanied by misleading reports or documents, possibly created by circumventing controls. For e.g.. inventory calculation of FOC (free of cost) items where controls are bypassed to take FOC items without showing impact in inventory value.

There are three primary conditions present when fraud occurs.

First, the management or other employees have an incentive or under pressure to commit fraud.

Second, circumstances exist, for the opportunity of fraud to be perpetrated.

Third, those involved are able to rationalize committing a fraudulent act.

(c) The statutory auditor performs the duty as an auditor in a restricted capacity. Being outsiders, they're in no position to identify the frauds perpetrated by the management or it's representatives and concealed from outsiders. Since, the auditors are not in a position to check each and every transaction in detail, they're dependent on the representations and assurance received from the internal auditors and the management.

If the management or internal auditor are unable to disclose any material misstatement made or intentionally deceive the statutory auditor, there're limited or no means to reveal the same. Hence, an auditor can only provide limited assurance on the same. Also, the statutory auditor doesn't vouch on the accuracy of the financial statements but only assure a "true and fair view" on the basis of financial statements presented to them. If we read the audit report carefully, it states" in our opinion and to the best of our information and according to the explanations given to us" which broadly sums up the view of the statutory auditor in his limited capacity.