Exposure Draft On ISA 240 (Revised)

---

TAKEAWAYS

• There is an expectation gap between the public and stakeholders’ expectations of auditors and their actual responsibilities in relation to fraud. The proposed revisions to ISA 240 are intended to clarify and enhance the role of auditors in this regard.
• There are two main concerns about the proposed revisions: the new requirement to specifically identify and report key audit matters related to fraud in the auditor’s report, and the new requirement to include a statement indicating that there are no KAMs related to fraud in the auditor’s report if there are no such KAMs communicated.

---

As one of the key gatekeepers of financial integrity, the auditor plays a pivotal role in the accuracy and reliability of financial statements.

In an effort to clarify and enhance the role of auditors relating to fraud as a means of enhancing public trust in financial reporting, the International Auditing and Assurance Standards Board (IAASB) proposed revisions to the International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements in an exposure draft issued in February 2024.

What is the problem?

An expectation gap is the disparity between the public and stakeholders’ expectations of auditors and their actual responsibilities. This gap is evident in the context of the auditor’s responsibilities relating to fraud. The reality is that there are inherent limitations in an audit in detecting misstatements resulting from fraud due to the sophistication involved in planning and concealing fraud¹. Yet, certain stakeholders or quarters of the public might assume that uncovering fraud is part of an audit.

What is the auditor’s actual role relating to fraud?

Management and those charged with governance are primarily responsible for fraud prevention and detection. This includes the implementation of effective internal control in respect of fraud, as well as maintaining an organisational culture of honesty and ethical behaviour.

The auditor’s responsibilities relating to fraud when conducting an audit of financial statements are to:

• Plan and perform the audit to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement due to fraud. These responsibilities include identifying and assessing risks of material misstatement in the financial statements due to fraud, and designing and implementing responses to address those assessed risks.
• Communicate and report about matters related to fraud.

What are the proposed revisions intended to achieve?

The proposed revisions aim to:

• Clarify auditor’s responsibilities relating to fraud in an audit;
• Emphasise professional scepticism to ensure auditors remain alert to possible fraud and exercise professional scepticism throughout an audit;
• Strengthen identification and assessment of risks of material misstatement due to fraud;
• Clarify response to fraud or suspected fraud identified during the audit;
• Increase ongoing communication with management and those charged with governance about fraud;
• Increase transparency about auditor’s responsibilities and fraud-related procedures in the auditor’s report, including reporting of key audit matters (KAMs) relating to fraud;
• Enhance audit documentation requirements about fraud-related procedures.

Of note, strong concerns were heard on the new requirements over the reporting of KAMs relating to fraud.

The requirements to report on KAMs were first introduced in 2015² to enhance the communicative value of the auditor’s report by providing greater transparency about the audit that was performed. KAMs are those matters that, in the auditor’s professional judgement, were of most significance in the audit of the financial statements.

What are the main concerns?

1) New requirement to specifically identify and report KAMs related to fraud in the auditor’s report

The main concerns over this revision include:

• Creating a misconception that the auditor has placed greater emphasis on and directed a greater work effort towards risks of material misstatement arising from fraud as compared to other aspects of the audit. This may have the unintended consequence of widening the expectation gap in respect of the auditor’s responsibilities in relation to fraud.

• Risk of the auditor reporting additional information that management has not disclosed, given the requirement to include suspected fraud as KAMs. This may result in the auditor breaching the terms of client confidentiality and may even give rise to potentially serious adverse consequences, particularly if it is eventually concluded that there was no fraud.

2) New requirement to include a statement indicating that there are no KAMs related to fraud in the auditor’s report if there are no such KAMs communicated

The main concerns over this revision include:

• Such a statement may be misconstrued as an affirmative statement by the auditor that there is no fraud. This would further widen the expectation gap on the auditor’s responsibility in relation to fraud.

• Legal implications in the event that the auditor makes such a statement, but fraud is subsequently uncovered; this could lead to over-auditing as a result.

• To avoid including such a statement, auditors may include boilerplate KAM disclosures on revenue and management override of controls (being default fraud risk areas) in the auditor’s report, which is not desirable. These do not enhance communicative value and may instead detract users of financial statements from important information set out within other KAMs. 

Read ISCA’s responses to IAASB on the proposed revisions here. ISA 240 (Revised) is anticipated to be approved in March 2025, with an expected effective date of at least 18 months after the date of approval.

---

Zhumei Wang, CA (Singapore), is Associate Director, Professional Standards, ISCA.

---

¹ For more information on inherent limitations, refer to paragraphs 9–11 and A12 of IAASB’s Exposure Draft.

² See SSA 701, Communicating Key Audit Matters in the Independent Auditor’s Report.