AUDITING THEORY - MODULE 7

THE AUDITOR’S RESPONSIBILITIES RELATING

TO FRAUD IN AUDIT OF FINANCIAL
STATEMENTS
 The purpose of PSA 240 (Redrafted) is to establish basic principles and essential procedures and to
provide guidance on the auditor’s responsibility to consider fraud in an audit of financial statements and
expand on how the standards and guidance in PSA 315 Redrafted, “Identifying and Assessing the Risks of
Material Misstatements Through Understanding the Entity and Its Environment” and PSA 330 Redrafted,
“The Auditor’s Responses to Assessed Risks” are to be applied in relation to the risks of material
misstatements due to fraud.

It is an auditor’s responsibility to plan and perform the audit to obtain reasonable assurance about whether
the financial statements are free of material misstatement, whether caused by error or fraud. Concerning
fraud, the emphasis in the Professional Standards is on situations in which it causes material misstatements,
not on making determinations of whether legally fraud has occurred in any situation.

This standard deals with the auditor’s responsibility as it relates to the risk of material misstatement due to
fraud. Its major standard describes
A. Characteristics of fraud
B. Professional skepticism
C. Staff discussion of the risk of material misstatement
D. Obtaining the information needed to identify risks of material misstatement due to fraud
E. Identifying risks that may result in a material misstatement due to fraud
F. Assessing the identified risks after considering the client’s programs and controls
G. Responding to the results of the assessment
H. Evaluating audit evidence
I. Communicating about fraud to management, the audit committee, and others
J. Documenting the auditor’s consideration of fraud

A. Characteristics of fraud
1. Fraud is intentional, errors are unintentional
a. Although fraud is considered an intentional act, when a misstatement exists, intent is often difficult
to determine.
b. “Error” refers to an unintentional misstatement in financial statements including the omission of an
amount or a disclosure, including:
1. A mistake in gathering or processing data from which financial statements are prepared.
2. An incorrect accounting estimate arising from oversight or misinterpretation of facts.
3. A mistake in the application of accounting principles relating to measurement, recognition,
classification, presentation, or disclosure.
c. “Fraud” refers to the intentional act by one or more individuals among management, those charged
with governance, employees, or third parties, involving the use of deception to obtain an unjust or
illegal advantage.

Page|2
2. Types of intentional misstatements

a. Fraudulent financial reporting – intentional misstatements, omissions of amounts or disclosures

to deceive financial statement users.

It may be accomplished by the following:

1. Manipulation, falsification (including forgery), or alteration of accounting records or supporting
documentation from which the financial statements are prepared.
2. Misrepresentation in, or intentional omission from the financial statements of events,
transactions or other significant information.
3. Intentional misapplication of accounting principles relating to amounts, classifications, manner
of presentation, or disclosure.

This involves management override of controls that otherwise may appear to be operating
effectively. Techniques include the following:
1. Recording fictitious journal entries, particularly close to the end of an accounting period to
manipulate operating results or achieve other objectives.
2. Inappropriately adjusting assumptions and changing judgments used to estimate account
balances.
3. Omitting, advancing or delaying

b. Misappropriation of assets – theft of an entity’s assets, also referred to as defalcation

3. Three conditions are generally present when fraud occurs

a. Incentive/pressure – a reason to commit fraud
b. Opportunity – for example, ineffective controls, override of controls
c. Attitude/rationalization – ability to justify the fraud to oneself

4. Management has a unique ability to perpetrate fraud because it can directly or indirectly manipulate
accounting records and present fraudulent financial information; it may
a. Override controls
b. Direct or solicit employees to carry out fraud

5. Although fraud is ordinarily concealed, certain conditions (e.g. missing documents) may suggest the
possibility of fraud

6. An auditor is unable to provide absolute assurance of detecting fraud

B. Professional Skepticism
1. Professional skepticism is an attitude that includes a questioning mind and critical assessment of audit
evidence.
2. An audit should be conducted with a mindset that recognizes the possibility of material misstatement
due to fraud, even if
a. Past Experience with the client has not revealed fraud, and

Page|3
 b. Regardless of the auditor’s belief about management’s honesty and integrity.

3. An auditor should not be satisfied with less than persuasive evidence because of a belief that
management is honest

C. Staff discussion of the risk of material misstatement

1. Prior to or in conjunction with obtaining information to identify risks of fraud, the audit team should
discuss the potential for a material misstatement due to fraud, including
a. “Brainstorming” among team members about how and where the financial statements might be
susceptible to fraud, how management could perpetrate and conceal fraudulent financial reporting,
and how assets could be misappropriated.
b. Emphasizing the importance of maintaining the proper state of mind regarding the potential for
material misstatement due to fraud

2. The discussion should

a. Include consideration of known factors affecting incentives/pressures for fraud, opportunities,
and culture or environment that enables management to rationalize committing fraud
b. Emphasize the need to maintain a questioning mind and to exercise professional skepticism
c. Include key members of the audit team
(1) If multiple locations are involved, there could be multiple discussions in different locations.
(2) It may be useful to include any specialists assigned to the audit team in the discussion.

D. Obtaining the information needed to identify risks of material misstatement due to fraud;
procedures should include

1. Inquiries of management and others

2. Considering the results of analytical procedures performed in planning the audit
3. Considering fraud risk factors
a. Fraud risk factors are events or conditions that indicate incentives/pressures to perpetrate
fraud, opportunities to carry out fraud, or attitude/rationalizations to justify a fraudulent
action.
b. The auditor should use professional judgment in determining whether a risk factor is present
and in identifying and assessing the risk of material misstatement due to fraud.
c. While fraud risk factors do not necessarily indicate the existence of fraud, they often are
present when fraud exists
4. Consider other information: the discussion among audit team members, review of interim financial
statements, consideration of identified inherent risks.

Page|4
 EXAMPLES OF FRAUD RISK FACTORS

Risk Factors Relating to Fraudulent Financial Reporting

1. Management characteristics
• Management does not display and communicate an appropriate attitude regarding internal control and
the financial reporting process.
• Management’s compensation is based on unreasonable targets for operating results or financial
position.
• Management tries to increase the stock price or earnings trend by using aggressive accounting practices.
• Senior management or board members turn over rapidly.
• Management and its current or predecessor auditor have strained relationship.

2. Industry Conditions
• New accounting, statutory or regulatory requirements impair the financial stability or profitability of
the entity.
• A high degree of competition or market saturation causes or accompanies declining margins.
• The client is in a declining industry with frequent business failures.
• The industry experiences rapidly changing customer demand, technology or product obsolescence.

3. Operating characteristics and Financial Stability

• The client is under significant pressure to obtain needed capital for major research or capital
expenditures.
• The financial statements are based on subjective estimates that are subject to potential significant
change in the near term.
• The financial structure of the client makes it highly vulnerable to changes in interest rates.
• The client is threatened with imminent bankruptcy or foreclosure.
• The client has reported earnings growth, but cannot generate cash flows from operations.
• Unusually complex transactions occur near the end of the year.

Risk Factors Relating to Misappropriation of Assets

1. Susceptibility of Assets to Misappropriation

• Large amounts of cash are processed.
• Inventory consists of small high value items.

2. Employee Relationship or Pressures

• Dissatisfied employees have access to assets.
• Employees exhibit a lifestyle that is beyond their means.
• Employee behavior changes in unusual and unexplained ways.

3. Controls
• Management fails to provide adequate oversight.

Page|5
 • Job applicants are inadequately screened.
• The accounting system is in disarray.

E. Identifying risks that may result in a material misstatement due to fraud

1. It is helpful at this stage to consider the three conditions present when a material misstatement due to
fraud ordinarily occurs – incentives/pressures, opportunities, and attitudes/rationalizations
2. The auditor should evaluate whether identified risks of material misstatement due to fraud can be related
to specific accounts, assertions, or whether they relate more pervasively to the financial statements as a
whole.
3. The identification of a risk of material misstatement due to fraud includes consideration of
a. Type of risk that may exist (fraudulent financial reporting or misappropriation of assets)
b. Significance of risk (magnitude)
c. Likelihood of risk
d. Pervasiveness of risk (overall financial statements, or a particular assertion or account)
4. A presumption of improper revenue recognition is a fraud risk.
5. The auditor should always address the risk of management override of controls.\

F. Assessing the identified risks after considering programs and controls

1. PSA 315 Redrafted requires the auditor to obtain an understanding of internal control sufficient to plan
the audit; this understanding allows the auditor to
a. Identify types of potential misstatements
b. Consider factors that affect the risk of material misstatement
c. Design tests of controls when applicable
d. Design substantive tests
2. As a part of obtaining an understanding of internal control sufficient to plan the audit, the auditor should
evaluate whether the client’s programs and controls that address the identified risks of material misstatement
due to fraud have been suitably designed and placed in operation.
3. After the auditor has evaluated the client’s programs and controls in this area, the auditor’s assessment of
the risk of material misstatement due to fraud should consider these results.

G. Responding to the results of the assessments – as risk increases

1. Overall responses
a. Assign personnel with more experience and have more supervision
b. More carefully consider significant accounting policies
c. Make auditing procedures less predictable

2. Responses that address specifically identified risks

a. General types of responses

(1) Nature – more reliable evidence or additional corroborative information

Page|6
(2) Timing – perform at or near end of reporting period, but apply substantive procedures to transactions
occurring throughout the year

(3) Extent – increase sample sizes, perform more detailed analytical procedures

b. Example of modification of the nature, timing, and extent of procedures

(1) Perform procedures on a surprise or unannounced basis (e.g. inventory observations, counting of
cash)
(2) Request inventory counts at end of reporting period
(3) Make oral inquiries of major customers and suppliers in addition to written confirmations
(4) Perform substantive analytical procedures using disaggregated data
(5) Interview personnel in areas where risk of material misstatement due to fraud has been identified
(6) Discuss the situation with any other auditors involved with audit (e.g. an “other auditor” who audits
subsidiary)

c. Additional example of responses for a high risk of fraudulent financial reporting may result in
increased
(1) Analysis of revenue recognition
(2) Consideration of inventory quantities
(3) Consideration of management estimates (e.g. allowance for doubtful accounts)

d. Additional responses for a high risk of misappropriation of assets

(1) If a particular asset is susceptible to misappropriation, obtain an understanding of controls and/or
physical inspection may be appropriate
(2) More precise analytical procedures may be used

3. Responses to further address the risk of management override of controls

a. Examine journal entries and other adjustments for evidence of possible material
misstatement due to fraud
b. Review accounting estimates for biases, including a retrospective review of previous year
estimates so as to provide guidance on management’s past performance in this area
c. Evaluate the business rationale for significant unusual transactions

Note: 1, through 3, above are distinct types of responses – (1) overall responses, (2) responses that address
specifically identified risks, and (3) responses for management override of controls. Although differing
combinations of each might be expected on an audit, those for management override are ordinarily
required on an audit.

H. Evaluating audit evidence

1. The assessment of risks of material misstatement should be ongoing throughout the audit.
2. Conditions identified during fieldwork may change or support a judgment concerning the assessment
a. Discrepancies in accounting records;
b. Conflicting or missing audit evidence policies
c. Problematic or unusual relationships between auditor and management; examples

Page|7
 3. The auditor should evaluate whether analytical procedures performed as substantive tests or in the overall
review stage indicate a previously unrecognized risk of material misstatement due to fraud.
4. The auditor should evaluate risks of material misstatement due to fraud at near completion of fieldwork.
5. When audit procedures identify misstatements, the auditor should consider whether such misstatements
may indicate fraud.
6. When misstatements are or may be the result of fraud, but the effects are not material to the financial
statements, the auditor should evaluate the implications.
7. If the auditor believes the misstatements may be the result of fraud and has determined it could be material
to the financial statements, but has been unable to evaluate whether the effect is material, the auditor should
a. Attempt to obtain audit evidence to determine whether fraud has occurred and its effect.
b. Consider implications for other aspects of the audit.
c. Discuss the matter and an approach for further investigation with an appropriate level of
management at least one level above those involved, and with senior management and the audit
committee.
d. If appropriate, suggest the client consult with legal counsel

8. The risk of fraud may be so high as to cause the auditor to consider withdrawing from engagement;
factors affecting decision include
a. Implications about integrity of management.
b. Diligence and cooperation of management or the board of directors.

I. Communicating about fraud to management, the audit committee, and others

1. Whenever there is evidence that fraud may exist, the matter should be brought to an appropriate level of
management, even if the matter might be considered inconsequential
a. All fraud involving senior management, and any fraud (by anyone) that causes a material
misstatement should be reported directly by the audit committee
b. The auditor should reach an understanding with the audit committee regarding communications
about misappropriations perpetrated by lower-level employees

2. If risks have continued control implications, the auditor should determine whether they represent significant
deficiencies and need to be communicated to the audit committee

3. The auditor may choose to communicate other risks of fraud

4. Disclosure of fraud beyond senior management and its audit committee is not ordinarily a part of the auditor’s
responsibility, unless
a. Required by specific legal and regulatory requirements
b. To a successor auditor
c. In response to a subpoena
d. To a funding agency or other specified agency in accordance with requirements of audits of entities
that receive governmental financial assistance

Page|8
 J. Documenting the auditor’s consideration of fraud; document the following:

1. Discussion among audit team of risk of material misstatement due to fraud, including how and when discussion
occurred, participants and subject matter
2. Procedures performed to obtain information to identify and assess risks of material misstatement due to fraud
3. Specific risks of material misstatement due to fraud that were identified and auditor’s response to those risks
4. If auditor has not identified improper revenue recognition as a risk of material misstatement due to fraud, the
reasons for that conclusion
5. Results of procedures performed to further assess risk of management override of controls
6. Other conditions and analytical relationships or other responses required and any further responses the auditor
concluded were appropriate to address such risks or conditions
7. Nature of communications about fraud made to management, the audit committee, and others.

B. PSA 250 Redrafted, “Consideration of Laws and Regulations in an Audit of Financial

Statements”

Overall Objectives and Approach – This standard presents guidance on the auditor’s responsibility to
consider laws and regulations in an audit of financial statements. This also includes nature and extent of
consideration given to client noncompliance during audits. The guidance relates both to considering the
possibility of noncompliance, and to the responsibility when such noncompliance are detected.

A. Overall definition of Noncompliance and Summary of Auditor Responsibility

1. Noncompliance – refers to acts of omission or commission by the entity being audited, either intentional or
unintentional, which are contrary to the prevailing laws and regulations. Such acts include transactions
entered into by, or in the name of, the entity or on its behalf by its management or employees.
a. Noncompliance by clients are acts attributable to entity under audit acts of management, or
employees acting on behalf of entity.
b. Noncompliance by clients do not include personal misconduct by entity’s personnel that is
unrelated to business.

2. Determination of legality of act is normally beyond auditor’s professional competence and depends on legal
judgment

3. The further removed illegal act is from the events and transactions ordinarily reflected in financial
statements the less likely it is that the auditor will become aware
a. Examples of noncompliance more likely to be detected (those with a direct and material effect on
determination of financial statement amounts)
(1) Tax laws affecting accruals
(2) Revenue accrued on government contracts

b. Examples of noncompliance less likely to be detected (those with an indirect effect on financial
statements – often a contingent liability)
(1) Laws related to securities trading

Page|9
 (2) Occupational safety and health
(3) Price fixing

Note: a. items typically relate to financial and accounting aspects; b. items typically relate more to an
entity’s operating aspects. The auditor’s responsibility for noncompliance having a direct and material
effect on determination of financial statement amounts (a.) is the same as for errors and fraud – to design
the audit to provide reasonable assurance of their detection when they are material; see PSA 240
Revised. An auditor does not ordinarily have a sufficient basis for recognizing possible violations of those
Noncompliance having only indirect effects (b.).

B. Management’s responsibility for the compliance of laws and regulations

1. It is the management’s responsibility to prevent and detect non-compliance by means of:
1. Monitoring legal requirements and ensuring that operating procedures are designed to meet these
requirements.
2. Instituting and operating appropriate systems of internal control.
3. Developing, publicizing appropriate systems of internal control.
4. ensuring employees are properly trained and understand the Code of Conduct
5. Monitoring compliance with the Code of Conduct and acting appropriately to discipline employees
who fail to comply with it
6. Engaging legal advisors to assist in monitoring legal requirements.
7. Maintaining a register of significant laws with which the entity has to comply within its particular
industry and a record of complaints.

In larger entities, these policies and procedures may be supplemented by assigning appropriate
responsibilities to:
1. An internal audit functions
2. Audit committee

C. The Auditor’s Consideration of Compliance with Laws and Regulations

1. The auditor is not, and cannot be held responsible for preventing noncompliance. The fact that an annual
audit is carried out may, however, act as a deterrent.

2. An audit is subject to the unavoidable risk that some material misstatements of the financial
statements will not be detected, even though the audit is properly planned and performed in
accordance with PSAs.

3. In accordance with PSA 200 “Objective and General Principles Governing an Audit of Financial
Statements,” the auditor should plan and perform the audit with an attitude of professional skepticism
recognizing that the audit may reveal conditions or events that would lead to questioning whether an
entity is complying with laws and regulations.

P a g e | 10
4. In order to plan the audit, the auditor should obtain a general understanding of the legal and regulatory
framework applicable to the entity and the industry and how the entity is complying with that
framework.

5. In obtaining this general understanding, the auditor would particularly recognize that some laws and
regulations may have a fundamental effect on the operations of the entity. That is, noncompliance with
certain laws and regulations may cause the entity to cease operations, or call into question the entity's
continuance as a going concern. For example, noncompliance with the requirements of the entity's
license or other title to perform its operations could have such an impact (for example, for a bank,
noncompliance with capital or investment requirements).

6. To obtain the general understanding of laws and regulations, the auditor would ordinarily:
a. Use the existing knowledge of the entity's industry and business.
b. Inquire of management concerning the entity's policies and procedures regarding compliance with
laws and regulations.
c. Inquire of management as to the laws or regulations that may be expected to have a fundamental
effect on the operations of the entity.
d. Discuss with management the policies or procedures adopted for identifying, evaluating, and
accounting for litigation claims and assessments.
e. Discuss the legal and regulatory framework with auditors of subsidiaries in other countries (for
example, if the subsidiary is required to adhere to the securities regulations of the parent company).

7. After obtaining the general understanding, the auditor should perform procedures to help identify
instances of noncompliance with those laws and regulations where noncompliance should be considered
when preparing financial statements, specifically:
a. Inquiring of management as to whether the entity is in compliance with such laws and regulations.
b. Inspecting correspondence with the relevant licensing or regulatory authorities.

8. The auditor should obtain sufficient appropriate audit evidence about compliance with those laws and
regulations generally recognized by the auditor to have an effect on the determination of material amounts
and disclosures in financial statements. The auditor should have a sufficient understanding of these laws
and regulations in order to consider them when auditing the assertions related to the determination of the
amounts to be recorded and the disclosures to be made.

9. The auditor should be alert to the fact that procedures applied for the purpose of forming an opinion on
the financial statements may bring instances of possible noncompliance with laws and regulations to the
auditor’s attention. For example, such procedures include reading minutes; inquiring of the entity's
management and legal counsel concerning litigation, claims and assessments; and performing substantive
tests of details of transactions or balances.

10. The auditor should obtain written representations that management has disclosed to the auditor all known
actual or possible noncompliance with laws and regulations whose effects should be considered when
preparing financial statements.

P a g e | 11
11. In the absence of evidence to the contrary, the auditor is entitled to assume the entity is in compliance
with these laws and regulations.

Procedures When Noncompliance is Discovered

12. When the auditor becomes aware of information concerning a possible instance of noncompliance, the
auditor should obtain an understanding of the nature of the act and the circumstances in which it has
occurred, and sufficient other information to evaluate the possible effect on the financial statements.

13. When evaluating the possible effect on the financial statements, the auditor considers:
1. The potential financial consequences, such as fines, penalties, damages, threat of expropriation of
assets, enforced discontinuation of operations and litigation.
2. Whether the potential financial consequences require disclosure.
3. Whether the potential financial consequences are so serious as to call into question the fair
presentation given by the financial statements.

14. When the auditor believes there may be noncompliance, the auditor should document the findings and
discuss them with management. Documentation of findings would include copies of records and documents
and making minutes of conversations, if appropriate.

15. If management does not provide satisfactory information that it is in fact in compliance, the auditor
would consult with the entity's lawyer about the application of the laws and regulations to the circumstances
and the possible effects on the financial statements. When it is not considered appropriate to consult with
the entity's lawyer or when the auditor is not satisfied with the opinion, the auditor would consider consulting
the auditor's own lawyer as to whether a violation of a law or regulation is involved, the possible legal
consequences and what further action, if any, the auditor would take.

16. When adequate information about the suspected noncompliance cannot be obtained, the auditor should
consider the effect of the lack of audit evidence on the auditor’s report.

17. The auditor should consider the implications of noncompliance in relation to other aspects of the audit,
particularly the reliability of management representations. In this regard, the auditor reconsiders the risk
assessment and the validity of management representations, in case of noncompliance not detected by
internal controls or not included in management representations. The implications of particular instances
of noncompliance discovered by the auditor will depend on the relationship of the perpetration and
concealment, if any, of the act to specific control procedures and the level of management or employees
involved.

Reporting of Noncompliance To Management

18. The auditor should, as soon as practicable, either communicate with the audit committee, the board of
directors and senior management, or obtain evidence that they are appropriately informed, regarding
noncompliance that comes to the auditor’s attention. However, the auditor need not do so for matters that
are clearly inconsequential or trivial and may reach agreement in advance on the nature of such matters to
be communicated.

P a g e | 12
19. If in the auditor’s judgment the noncompliance is believed to be intentional and material, the auditor
should communicate the finding without delay.

20. If the auditor suspects that members of senior management, including members of the board of directors,
are involved in noncompliance, the auditor should report the matter to the next higher level of authority at
the entity, if it exists, such as an audit committee or supervisory board. Where no higher authority exists,
or if the auditor believes that the report may not be acted upon or is unsure as to the person to whom to
report, the auditor would consider seeking legal advice.

To the Users of the Auditor's Report on the Financial Statements

21. If the auditor concludes that the noncompliance has a material effect on the financial statements, and
has not been properly reflected in the financial statements, the auditor should express a qualified or an
adverse opinion.

22. If the auditor is precluded by the entity from obtaining sufficient appropriate audit evidence to evaluate
whether noncompliance that may be material to the financial statements has, or is likely to have occurred,
the auditor should express a qualified opinion or a disclaimer of opinion on the financial statements on the
basis of a limitation on the scope of the audit.

23. If the auditor is unable to determine whether noncompliance has occurred because of limitations imposed
by the circumstances rather than by the entity, the auditor should consider the effect on the auditor’s report.

To Regulatory and Enforcement Authorities

[Link] auditor's duty of confidentiality would ordinarily preclude reporting noncompliance to a third
party. However, in certain circumstances, that duty of confidentiality is overridden by statute, law or by
courts of law (for example, in some countries the auditor is required to report noncompliance by financial
institutions to the supervisory authorities). The auditor may need to seek legal advice in such circumstances,
giving due consideration to the auditor's responsibility to the public interest.

Withdrawal from the Engagement

25. The auditor may conclude that withdrawal from the engagement is necessary when the entity does not
take the remedial action that the auditor considers necessary in the circumstances, even when the
noncompliance is not material to the financial statements. Factors that would affect the auditor's conclusion
include the implications of the involvement of the highest authority within the entity which may effect the
reliability of management representations, and the effects on the auditor of continuing association with the
entity. In reaching such a conclusion, the auditor would ordinarily seek legal advice.

26. On receipt of an inquiry from the proposed auditor, the existing auditor should advise whether there are
any professional reasons why the proposed auditor should not accept the appointment or engagement. The
extent to which an existing auditor can discuss the affairs of a client with a proposed auditor will depend on
whether the client's permission to do so has been obtained and/or the legal or ethical requirements that apply
relating to such disclosure. If there are any such reasons or other matters which need to be disclosed, the

P a g e | 13
 existing auditor would, taking account of the legal and ethical constraints, including where appropriate
permission of the client, give details of the information and discuss freely with the proposed auditor all
matters relevant to the appointment. If permission from the client to discuss its affairs with the proposed
auditor is denied by the client, that fact should be disclosed to the proposed auditor.

Indications That Noncompliance May Have Occurred

Examples of the type of information that may come to the auditor's attention that may indicate that
noncompliance with laws or regulations has occurred are listed below:
1. Investigation by government departments or payment of fines or penalties.
2. Payments for unspecified services or loans to consultants, related parties, employees or government
employees.
3. Sales commissions or agent's fees that appear excessive in relation to those ordinarily paid by the entity
or in its industry or to the services actually received.
4. Purchasing at prices significantly above or below market price.
5. Unusual payments in cash, purchases in the form of cashiers' checks payable to bearer or transfers to
numbered bank accounts.
6. Unusual transactions with companies registered in tax havens.
7. Payments for goods or services made other than to the country from which the goods or services
originated.
8. Payments without proper exchange control documentation.
9. Existence of an accounting system which fails, whether by design or by accident, to provide an adequate
audit trail or sufficient evidence.
10. Unauthorized transactions or improperly recorded transactions
11. Media comment.

C. PSA 260 Revised and Redrafted “Communication With Those Charged With Governance”

This establishes standards and provides guidance on communication of audit matters arising from the audit
of financial statements between the auditor and those charged with governance of an entity. These
communications relate to audit matters of governance interest

A. Auditor’s Responsibility

1. The auditor should communicate audit matters of governance interest arising from the audit of financial
statements with those charged with governance of an entity.

“Governance” is the term used to describe the role of persons entrusted with the supervision, control and
direction of an entity. Those charged with governance ordinarily are accountable for ensuring that the entity
achieves its objectives, financial reporting, and reporting to interested parties. Those charged with
governance include management only when it performs such function.

P a g e | 14
 “Audit matters of governance interest” are those that arise from the audit of financial statements and, in
the opinion of the auditor, are both important and relevant to those charged with governance in overseeing
the financial reporting and disclosure process. Audit matters of governance interest include only those
matters that have come to the attention of the auditor as a result of the performance of the audit. The auditor
is not required, in an audit in accordance with PSAs, to design procedures for the specific purpose of
identifying matters of governance interest.

For corporations covered by the SEC Code of Corporate Governance, as well as banks, the board of
directors is primarily responsible for corporate governance of such entities. One of the duties of the board
of directors is the creation of an audit committee that will be responsible for the set-up of internal audit
functions.

B. Audit matters of governance interest to be communicated

The Auditor should consider audit matters of governance interest that arise from the audit of the financial
statements and communicate them on a timely basis with those charged with governance.

These matters include:

1. The general approach and overall scope of the audit, including any expected limitations thereon, or any
additional requirements;
2. The selection of, or changes in, significant accounting policies and practices that have, or could have, a
material effect on the entity’s financial statements;
3. The potential effect on the financial statements of any significant risks and exposures, such as pending
litigation, that are required to be disclosed in the financial statements;
4. Audit adjustments, whether or not recorded by the entity that have, or could have, a significant effect
on the entity’s financial statements;
5. Material uncertainties related to events and conditions that may cast significant doubt on the entity’s
ability to continue as a going concern;
6. Disagreements with managements about matters that, individually or in aggregate, could be significant
to the entity’s financial statements or the auditor’s report. These communications include consideration
of whether the matter has, or has not, been resolved and the significance of the matter;
7. Expected modifications to the auditor’s report;
8. Other matters warranting attention by those charged with governance, such as material weaknesses in
internal control, questions regarding management integrity, and fraud involving management;
9. Any other matters agreed upon in the terms of the audit engagement.

The auditor’s communications with those charged with governance may be made orally or in writing. The
auditor’s decision whether to communicate orally or in writing is affected by factors such as:

1. The size, operating structure, legal structure, and communications processes of the entity being audited;
2. The nature, sensitivity and significance of the audit matters of governance interest to be communicated;
3. The arrangements made with respect to periodic meetings or reporting of audit matters of governance
interest;

P a g e | 15
4. The amount of on-going contact and dialogue the auditor has with those charged with governance.

When audit matters of governance interest are communicated orally, the auditor documents in the working
papers the matters communicated and any response to those matters. This documentation may take the form
of a copy of the minutes of the auditor’s discussion with those charged with the governance. In certain
circumstances, depending on the nature, sensitivity, and significance of the matter, it may be advisable for
the auditor to confirm in writing with those charged with governance any oral communications on audit
matters of governance interest.

********

P a g e | 16