Fraud Risk Assessment
(Following draft may be used as an example)
Purpose:
This Note documents the auditor's identification and assessment of risks of material misstatement due to fraud, and the planned responses, in the audit of {{client_name}} for the year ended {{period_end}}, in compliance with SA 240, 'The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements'.
1. Auditor's Responsibility
Under SA 240, the auditor is responsible for obtaining reasonable assurance that the financial statements are free from material misstatement, whether caused by fraud or error. The primary responsibility for the prevention and detection of fraud rests with both Those Charged With Governance (TCWG) and management of the entity. The auditor maintains professional scepticism throughout the audit, recognising the possibility of fraud notwithstanding the auditor's past experience of the honesty and integrity of management and TCWG.
2. Discussion Among the Engagement Team (SA 240 Paragraph 15)
- Held a planning discussion with the engagement team covering: how and where the financial statements may be susceptible to material misstatement due to fraud, including how fraud might occur.
- Discussed circumstances that might be indicative of earnings management.
- Emphasised professional scepticism — particularly questioning the reliability of accounting records and documents and considering the need to corroborate explanations.
- Documented attendees, key risks identified and assigned ownership for each risk.
3. Inquiries of Management, Internal Audit and TCWG
- Inquired of management about its assessment of the risk that the financial statements may be materially misstated due to fraud, including the nature, extent and frequency of such assessment.
- Inquired about management's process for identifying and responding to fraud risks, including any specific risks identified, classes of transactions / accounts / disclosures for which a fraud risk is likely.
- Inquired about management's communication, if any, to employees regarding business practices and ethical behaviour.
- Inquired of internal audit (where applicable) and TCWG about knowledge of any actual, suspected or alleged fraud.
4. Identification of Fraud Risk Factors
The following fraud-risk factors have been considered. Tick where present and document evidence:
| Category | Risk factor | Present? (Y/N) | Source / Evidence |
|---|
| Incentives / Pressures | Aggressive profit / growth targets linked to compensation | | |
| Incentives / Pressures | Loan covenants / debt-service pressure | | |
| Incentives / Pressures | Need to maintain stock price / equity valuation | | |
| Incentives / Pressures | Threatened personal financial situation of management / KMP | | |
| Opportunities | Significant related-party transactions outside normal course | | |
| Opportunities | Complex / unusual transactions difficult to evaluate | | |
| Opportunities | Ineffective monitoring of management by TCWG | | |
| Opportunities | Inadequate segregation of duties / IT controls | | |
| Opportunities | High turnover of senior accounting / finance personnel | | |
| Attitudes / Rationalisations | History of accounting estimates being adjusted late in close | | |
| Attitudes / Rationalisations | Management's domination by a single person without compensating controls | | |
| Attitudes / Rationalisations | Repeated disputes between management and auditors | | |
5. Presumed Fraud Risks (SA 240 Paragraph 26 and 27)
- Risk of fraud in revenue recognition is presumed. Unless rebutted with documented reasoning, design and perform procedures specific to revenue cut-off, unusual journal entries to revenue, and significant non-standard sales arrangements (e.g. side letters, bill-and-hold).
- Risk of management override of controls is presumed in every audit. Design procedures to: (a) test journal entries and other adjustments, (b) review accounting estimates for bias, and (c) evaluate the business rationale of significant unusual transactions.
6. Planned Responses
| Identified risk | Affected assertion / area | Planned audit response |
|---|
| Revenue recognition — channel-stuffing risk | Cut-off, Existence of Trade Receivables | Cut-off testing 7 days pre/post year-end; confirmation of receivables on a higher sample; review subsequent collection |
| Management override — late adjusting entries | Completeness / Accuracy of P&L | Journal Entry Testing — non-standard JEs, JEs to revenue, JEs posted by senior personnel; documented in WP 4.6 |
| Estimates — provisions, ECL, depreciation life | Valuation | Independent recomputation, review of historical accuracy of estimates, sensitivity analysis |
| Related-party / Section 188 transactions | Existence, Disclosure | Confirmation, Section 188 board / shareholder approval review, comparability with arm's-length |
| Inventory existence / valuation | Existence, Valuation | Year-end physical observation, NRV testing, weighted-average reconciliation |
| Cash misappropriation in petty cash / collections | Cash existence | Cash count at year-end, surprise count, review of segregation in collections |
7. Fraud-Risk Communication
- Significant findings or issues arising during the audit in relation to fraud will be communicated to management and TCWG (SA 240 Paragraph 41, 42, 43).
- If we identify a fraud or have information that a fraud may exist, we will communicate these matters on a timely basis to the appropriate level of management.
- Where management or TCWG is involved in the suspected fraud, communicate the matter to the next higher level of authority, if it exists, or consult with our legal counsel.
- Compliance with Section 143(12) of the Companies Act, 2013 — reporting to the Central Government for frauds involving amount of ₹1 crore or above; reporting to the Audit Committee / Board for frauds below ₹1 crore.
8. CARO 2020 Compliance
- Clause 3(xi)(a) — Whether any fraud by the company or any fraud on the company has been noticed or reported during the year.
- Clause 3(xi)(b) — Whether any report under sub-section (12) of section 143 of the Companies Act, 2013 has been filed in Form ADT-4 with the Central Government.
- Document conclusion against each clause.
Approved by:
- Engagement Partner: ____________________________
- Engagement Manager: ____________________________
- Date: ____________________________