ISA 240 The Auditor’s

Responsibilities
Relating to Fraud in
an Audit of Financial
Statements
Agenda
• Responsibilities of the auditor
• Fraud 5 steps
1. Identify fraud risk factors
2. Identify fraud risks
3. Design and perform procedures to respond to fraud risks
Overall response to financial statement level risks
Test controls to respond to assessed significant risk due to fraud, as applicable.
Design and perform substantive procedures to respond to the significant risk due
to fraud
4. Design and perform procedures that are responsive to the risk of management
override of controls
5. Reach an overall conclusion
• Case study: Luckin Coffee
2
Responsibilities of the auditor

3
Poll 1
Which of the following is NOT the responsibility of an auditor?
a. Conduct an audit to obtain reasonable assurance that the financial statements taken
as a whole are free from material misstatement, whether caused by fraud or error.
b. Maintain professional skepticism throughout the audit, considering the potential
management override of controls.
c. Responding to identified or suspected non-compliance with laws and regulations
d. Obtaining sufficient appropriate audit evidence regarding the assessed risks of
material misstatement due to fraud, through designing and implementing appropriate
responses
e. Establish effective anti-fraud controls to prevent and detect fraud of the entity audited

4
 Who has
PRIMARY responsibility
for fraud
prevention and detection ?

5
Responsibilities of the Auditor
• Obtain reasonable assurance that the financial statements taken as a whole are free from
material misstatement, whether caused by fraud or error.
• Maintain professional skepticism throughout the audit, considering the potential for
management override of controls and recognizing the fact that audit procedures that are effective
for detecting error may not be effective for detecting fraud.
• Additional responsibilities under law, regulation or relevant ethical requirements regarding an
entity’s non-compliance with laws and regulations, including fraud:
• Responding to identified or suspected non-compliance with laws and regulations, including
requirements in relation to specific communications with management and those charged
with governance, assessing the appropriateness of their response to non-compliance and
determining whether further action is needed;
• Communicating identified or suspected non-compliance with laws and regulations to other
auditors; and
• Documentation requirements regarding identified or suspected non-compliance with laws
and regulations
6
 1. Identify and assess RMM due to fraud
2. Obtain sufficient appropriate audit evidence,
through designing and implementing appropriate
Auditor’s responses
Responsibilities 3. Respond appropriately

with respect to
Fraud

7
Characteristics of Fraud
■ Difference Between Fraud and Error
(Para 2 ISA 240)

Intentional Fraud

Misstatement

Unintentional Error

8
Characteristics of Fraud

The primary responsibility for

the prevention and detection of
fraud rests with both those
charged with governance of the
entity and management – the
Directors

9
Characteristics of Fraud
■ Distinguishing Fraud from Error
■ THE DIFFERENCE BETWEEN FRAUD AND ERROR

■ The key distinguishing factor between fraud and error is:-

■ whether the underlying action that results in a misstatement of the financial

statements is intentional or unintentional.

■ “Fraud” is a broad legal concept - BUT the auditor is concerned with fraud that causes
a material misstatement in the financial statements.

1
0
Characteristics of Fraud
■ Responsibility for the Detection and Prevention of Fraud
■ ISA 240 (R) - RESPONSIBILITIES FOR FRAUD DETECTION & PREVENTION

■ ISA 240 clarifies as to who has the main responsibility for the prevention and detection of
fraud:-

■ “The primary responsibility for the prevention and detection of fraud rests with both
those charged with governance of the entity and management.”

■ ISA 240 (R) states –

■ “An auditor conducting an audit in accordance with ISAs is responsible for obtaining
reasonable assurance that the financial statements as a whole are free from material
misstatement, whether caused by fraud or error.’

1
1
Characteristics of Fraud
■ Responsibility for the Detection and Prevention of Fraud

■ Therefore - both the entity itself and the auditors have responsibilities for fraud and error.

■ From the implications of ISA - management and those charged with governance, have
the primary responsibility for fraud and error;

■ while the auditor has a secondary responsibility.

■ Important to ensure that the extent of these secondary responsibilities of the auditor are
clearly understood!

1
2
Types of Fraud

We are concern with fraud that causes a

material misstatement in the financial
statements.

Fraudulent financial Misappropriation of

reporting assets

13
Assessing the Risk of Material Misstatement
Due to Fraud
Intentional misstatements:
• Fraudulent financial reporting
• Misappropriation of assets

14
Assessing the Risk of Material Misstatement
Due to Fraud

15
Assessing the Risk of Material Misstatement
due to FraudMisappropriation of assets includes acts such as:
• Embezzlement
• Theft of physical assets or IP
• Inappropriate payment for goods and services not
received
• Inappropriate use of an entity’s assets for personal
use

16
Poll 2
Is fraud risk a significant risk?
a. Yes
b. No

17
Fraud 5 steps

18
Fraud in 5 steps
1. Identify fraud risk factors
2. Identify fraud risks
3. Design and perform procedures to respond to fraud risks
• Overall response to financial statement level risks
• Test controls to respond to assessed significant risk due to fraud, as applicable.
• Design and perform substantive procedures to respond to the significant risk due to fraud
4. Design and perform procedures that are responsive to the risk of
management override of controls
5. Reach an overall conclusion

19
Fraud always involves…
We are concern with fraud that causes a
material misstatement in the financial Incentives and
statements. Pressures

Fraudulent financial Misappropriation

reporting of assets

Attitudes or
Often involves: Rationalisations
Exhibited by
Opportunities that Management
can be exploited

FRAUD TRIANGLE
20
Step 1:
Identify Fraud Risk Factors

21
Step 1: Identify Fraud Risk Factors

Fraud risk factors are events and conditions that

indicate:
a. Incentive or pressure to commit fraud
ISA 240
b. Provide an opportunity to commit fraud, or Appendix 1
c. Indicate attitudes or rationalizations to justify a fraudulent action

22
Step 1: Identify Fraud Risk Factors (cont’d)
HOW?
Perform risk assessment procedures:
a. Make inquiries with:
▪ Management
▪ Those charged with governance “TCWG”
▪ Appropriate individuals within the internal audit function (if any) and others within
the entity who in our judgment may have information that is likely to assist in
identifying Risk of Material Misstatement due to fraud/error or additional
knowledge of actual, suspected or alleged fraud
b. Perform analytical procedures
c. Observe and inspect

23
 The Principal Elements ……
3 Key Components

Heat
Fuel

If one of the
3 Components are components are taken
needed to sustain a away, the likelihood of
Oxygen
fire. fraud is reduced

24 Webinar - 3-4 March 2021 J Selvarajah

The Fraud Triangle

Pressure (Motivation)
Fraud Mitigation
If one of the
components are taken
away, the likelihood of
fraud is reduced

Rationalisation

Opportunity
Prof. Donald R Cressy – Criminoloist
Case study:
• Luckin Coffee, is a China company that was founded in 2017, touted as China’s answer to Starbucks.
• Incurred significant net losses since inception in 2017. This is primarily attributed to the startup and fast expansion of
the entity’s business.
• Require significant amount of capital and resources to continue to expand the store network, continuous investment in
creating brand awareness and marketing.
Strong focus on technology
Overview of the business model ▪ Customers need to download the Luckin Coffee
App to order and pay for drinks online.
Cheaper compared to Starbucks
▪ 20% to 50% lower than comparable Starbucks Simple storefront
fare in China ▪ Unlike Starbucks, the physical locations were
only for making coffees and fulfilling online
Heavy marketing
orders picked up by customers/delivery person.
▪ 50% of its revenue spent on marketing
▪ Give deep discounts Limited number of suppliers
▪ Buy one free one ▪ Coffee bean from one supplier,
▪ Dairy & syrup from 3 -4 suppliers
▪ Cooperates with the second largest courier in ▪ Pre made food from a few selected national,
China, SF Express, delivering orders to regional and local sources
customers within 2KM around each store 26
Case study:
Key Managements
The following are the extracts of the executive officers and directors from the prospectus issued:

Directors and Position and title ▪ Founded CAR Inc in 2007 and listed on HKEX.
executive officers Mr. Lu is also the chairman of the board and
Charles Zhengyao Lu Chairman the chief executive officer for UCAR Inc.
(NEEQ: 838006), a substantial shareholder of
Jenny Zhiya Qian Director and CEO CAR Inc.
Jian Liu Director and COO ▪ The share price surged to a high of HKD20
before he and other pre-IPO shareholders
Dr. Jinyi Guo Director and Senior Vice President started to dump their holdings.
▪ The company’s performance started to
▪ Jenny Qian, Jian Liu and Dr Guo were also the key deteriorate after the share dumping.
management personnel of UCAR.
▪ Co-founder and Chief Marketing Officer, Fei Yang had been previously sentenced to 18 months’
imprisonment for crime of illegal business operations not included in the Board of Directors and
management in the Prospectus
27
Timeline:
4500 stores
Raised
USD200M Listed on
Nasdaq Raised USD865M to
First shop open in in July
fuel its expansion
Beijing and 2018
plan
Shanghai
May Sept
Oct 2017 Jan 2018 Oct 2018 Jan 2019 2019 2019 Jan 2020 Apr 2020

Half the revenue

3,680 stores open
reported in the last 3
quarters of 2019 of
Net loss of USD75M USD300M was
in Q3 of 2019 fictitious
Founded by Announce
Jenny Qian 1,300 stores
plan to open
(CEO) Within 12 months, the founder/CEO and Chairman cashed
2,500 stores
out the shares by pledging their shares in Luckin to Goldman
https://www.techinasia.com/instant-rise-fall-luckin-coffee Sachs and other bankers to obtain USD518M loans
28
Exercise A: Identify fraud risk factors
5
Using the fraud risk conditions, identify the Incentives and
potential fraud risk factors based on the case Pressures

study facts of Luckin Coffee.

▪ Answer Poll A1 – A3
Attitudes or
Rationalisations
Exhibited by
Opportunities that Management
can be exploited

FRAUD TRIANGLE
29
 Attitudes/rationalisations
Opportunities

Fraud risk factors Incentives / Pressures

Nature of the industry,

Financial stability or entity’s significance / Ineffective communication,
profitability threatened by influence in its local and implementation, support or
economic, industry, or regional economy, or entity’s enforcement of the entity’s values
entity operating conditions operations provides
opportunities Known history of violation of
laws and regulations
Excessive pressure for Monitoring of management
management to meet the is not effective Excessive interest by
requirements or expectations management in maintaining or
of third parties increasing entity’s stock price
Complex or unstable
organizational structure Commitment to aggressive or
Information available indicates
that the personal financial unrealistic forecasts
situation of management or Internal control components
TCWG is threatened by the are deficient Fail to remedy known
entity’s financial performance significant deficiencies in a
Cultural norms in the timely manner
Excessive pressure on business and regulatory
management or operating environment provide Issues with integrity of
personnel to meet financial opportunities for individuals who have
targets established by TCWG, management to override significant influence over
including sales or profitability controls financial reporting
incentive growth 30
Poll A1
Which of the following are potential fraud risk Incentives and
factors relating to incentives and pressures? Pressures

Select all that apply.

a. Accelerating revenue growth rate
b. Revenue growth ties to the share prices
Attitudes or
c. Earnings was sensitive to share prices Rationalisations
Exhibited by
d. Aggressive marketing strategy Opportunities that
can be exploited
Management

FRAUD TRIANGLE
31
Poll A2
Which of the following are potential fraud risk Incentives and
factors relating to opportunities that can be Pressures
exploited? Select all that apply.
a. The entity is in start up stage, hence earnings is
not the focus but growth
b. Management override of controls Attitudes or
c. Aggressive marketing strategy Rationalisations
Exhibited by
Management
d. Poor corporate governance for a start up
entities that are converted from a private
entity to a public listed entity. Opportunities that
can be exploited
FRAUD TRIANGLE
32
Poll A3
Which of the following are potential fraud risk Incentives and
factors relating to attitude or rationalisations Pressures

exhibited by management? Select all that apply.

a. History of the Chairman, Charles Lu of setting
up listed entity and dumping shares
b. Management that has past history of being Attitudes or
sentence of illegal operations related crimes Rationalisations
Exhibited by
Management
c. Earnings was sensitive to share prices Opportunities that
can be exploited

d. Aggressive marketing strategy

FRAUD TRIANGLE
33
Fraud risk factors
Sales and purchases
from companies
Aggressive that are connected
culture! to the CEO/Board
members

Shady board
members and
management team
Pressure to maintain
performance as Luckin’s
management cashed out
49% of their shareholdings
through stock pledges
34
Step 2:
Identify Fraud Risks

35
Step 2: Identify fraud risks
▪ Based on the fraud risk factors identified and the related fraud
conditions (i.e. incentive/pressure, opportunity and
attitude/rationalization to commit fraud) mapped in Step 1, we
determined whether a fraud risk exists.
▪ If fraud risk exists, we will document the significant risk of fraud
identified
▪ The fraud risks could be:
o financial statement level fraud risks (pervasive)
o assertion level fraud risks

36
Examples of circumstances that indicate the
possibility of fraud
Discrepancies in the accounting records
Transactions that are not recorded in a complete or timely manner or are improperly recorded as to amount,
accounting period, classification or entity policy

Evidence of employees’ access to systems and records inconsistent with that necessary to perform their
authorized duties

Last-minute adjustments that significantly affect financial results

Unsupported or unauthorized balances or transactions

Tips or complaints to the auditor about alleged fraud

37
37
 Examples of circumstances that indicate the
possibility of fraud Large number of credit entries
and other adjustments made to
accounts receivable records
Conflicting or missing evidences Missing inventory or
physical assets of
Missing or altered Unusual balance sheet significant magnitude Missing or non-existent
documents changes, unusual trends or cancelled checks in
key ratios or relationships circumstances where
Inconsistent, vague, or cancelled checks are ordinarily
Significant unexplained implausible responses
Unusual discrepancies returned to the entity with
items on reconciliations from management or
between the entity’s the bank statement
records and employees arising from
Unavailability of other confirmation replies inquiries or analytical
Unexplained differences
than photocopied or procedures
between the accounts
electronically receivable sub-ledger and
Fewer responses to
transmitted Unavailable or missing the control account, or
confirmations than
documents when electronic evidence, between the customer
anticipated or a greater
original documents are inconsistent with the statements and the accounts
number of responses
expected entity's record receivable sub-ledger
retention practices or
policies 38
Examples of circumstances that indicate the
possibility of fraud
Problematic or unusual relationships between the auditor and management
Denial of access to Management Denial of access to key IT Unwillingness to
records, facilities, intimidation of operations staff and facilitate auditor access
employees, customers engagement facilities, including to key electronic files
or vendors to sought team members security, operations and for testing
audit evidence system development
personnel

Undue time pressure Unusual delays by Unwillingness to add or revise Unwillingness to

imposed by entity in disclosures in the financial address identified
management to resolve providing statements to make them deficiencies in
complex or contentious requested more complete and internal control on a
issue information understandable timely basis

39
Examples of circumstances that indicate the
possibility of fraud
Other
Unwillingness by management to permit the auditor to meet privately with those charged with governance

Accounting policies that appear to be at variance with industry norms

Frequent changes in accounting estimates that do not appear to result from changed circumstances

Tolerable of violations of the entity’s code of conduct

40
Examples of how presumed fraud risk
related to revenue recognition can be rebutted
Entity ABC Entity XYZ
The entity is not listed The entity is listed.

Considerations of identified fraud risk factors: Considerations of identified fraud risk factors:
- The entity is financially stable - Significant decline in customer demand
- Low vulnerability of product obsolescence - There was a new CEO in the current year
- Low degree of competition - Low morale among senior management
- No changes in upper management - Entity is not achieving target
- Complex revenue transactions
- Management’s performance is measured year
over year basis
Conclusion: To rebut Conclusion: Cannot rebut

Based on the ground that there are limited Based on the fraud risk factors identified, there are
opportunities, incentives/pressures and high incentives, rationalisations and opportunities
rationalisations to fraudulently recognize revenue. to fraudulently adjust revenue recognition.
41
Step 3:
Design and Perform
procedures to respond to
fraud risks

42
 Step 3: Design and perform procedures to
respond to fraud risks – 0verall

▪ Ask questions
▪ Maintain an objective state of mind
▪ Do not be satisfied with less-than-
What does this mean? persuasive audit evidence
▪ Having appropriate personnel on the engagement ▪ Consider reasonableness of response to
inquiries with management/TCWG
▪ Consider the appropriateness of the accounting policies
▪ Evaluate evidence critically
▪ Incorporate unpredictability into our audit procedures
▪ Avoid confirmation bias by overlooking
▪ Applying professional skepticism contradicting audit evidence
43
Step 3: Design and perform procedures to
respond to fraud risks – Assertion level

What does this mean?

▪ When a fraud risk is identified, we
need to address that risk.
▪ We are required to evaluate the
relevant anti- fraud controls (but not
necessarily test the operating
effectiveness of anti-fraud controls if
found to be not effective or reducing
extent of substantive audit
procedures.

44
 Step 3: Design and perform procedures to
respond to fraud risks – Assertion level (cont’d)

What does this mean?

▪ All identified fraud risks are “significant”.
▪ Our assessment of control risk is based on the results of any testing of anti-fraud controls that address fraud risk.
✓ if controls NOT effective or NOT tested, higher extent of substantive audit procedures required to be performed.
✓ If controls tested are effective, may reduce the extent of substantive audit procedures as compared to when test
of controls is not effective.
45
Exercise B : Understand how the fraud
may be perpetrated 20
Based on the fraud risk factors identified in Exercise A that
supports the determination of fraud risk at Luckin:
▪ Listen to the podcast from the following link to understand
how the fictitious sales are being fabricated.
https://www.listennotes.com/podcasts/the-journal/fraud-
rocks-chinas-hottest-ZCLaGIuQNvt/
▪ Answer the poll question Poll B1.

46
Poll B1
Which of the following are TRUE about the fraudulent revenue scheme behind
Luckin? (Choose whichever applicable)
a. Employees using individual cellphone numbers to buy coffee vouchers
b. Employees using their application to buy coffee
c. Corporate sales program – large corporates such as airline companies, credit
card lenders (large bulk orders) so that free coffee offered to customers of
these corporate clients
d. Mysterious companies tied to Charles Lu buy big bulk of vouchers, and buy and
order during non-business hours
e. Suspicious payments to fictitious suppliers
f. Fake purchase orders made by a young employee from the procurement
department
g. Fraudulent journal entries passed to inflate revenue
47
Debrief: How the revenue was fabricated?

• Before the IPO, employees were asked to use their mobile phones to buy the
coffee vouchers.
• In the earlier times, the coffee vouchers were bought by big cooperates that are
meant to buy coffee for their customers such as airline companies and credit card
lenders.
• Subsequently, many companies around China buy big bulk of vouchers, and buy
and order during non-business hours. These were connected to Charles Lu.
• Sales value = USD100K per customer/day
• Fictitious supplier orders made by a junior purchaser (who is also a fictious
employee) processing all the supplier orders to match with the increasing sales
demand.
• The companies of which coffee vouchers were being sold to and suppliers to
Luckin are all connected to Charles Lu.
48
Exercise C : Response to fraud risk
5
Based on the facts gathered, brainstorm on what you could do
differently as auditors:
a. What are the risk assessment procedures you would have
performed to identify fraud risk factors?
b. What are the audit procedures performed to respond to significant
risk of fraud relating to revenue recognition considering the below
▪ Risk of fraudulent revenue recognition through fake vouchers
▪ Fictitious supplier orders
▪ Fictitious employee

49
Debrief: Exercise C
Risk assessment

Perform ▪ Perform detailed analytical review to understand the rationale behind the increase in
analytical sales that are 5 times higher than previous years
review ✓ Compare to its competitors eg. Starbucks, Costa Coffee
✓ Average sales per stores
✓ Average sales by customers, which are the top 10 corporate customers
✓ Corroborate the number of cups of coffee sold with market demand to assess
reasonableness
e.g. One of the findings is a customer may buy USD100K coffee per day , this is
equivalent to one corporate client buys 50K cups of coffee per day?

▪ Review the background of the key management personnel considering the roles and
Ethics and responsibilities that they had played in other listed entities.
integrity ✓ Same group of key management personnel who were involved in share dumping
of UCAR Inc
✓ Management involved in fraudulent act that is hidden from the list of key
management personnel. 50
Debrief: Exercise C Be alert to identify
related party
transactions
Risk assessment

Perform ▪ Perform detailed analytical review to understand the rationale behind the increase in
analytical sales that are 5 times higher than previous years
review ✓ Compare to its competitors eg. Starbucks, Costa Coffee
✓ Average sales per stores
✓ Average sales by customers, which are the top 10 corporate customers
✓ Corroborate the number of cups of coffee sold with market demand to assess
reasonableness
e.g. One of the findings is a customer may buy USD100K coffee per day , this is
equivalent to one corporate client buys 50K cups of coffee per day?

▪ Review the background of the key management personnel considering the roles and
Ethics and responsibilities that they had played in other listed entities.
integrity ✓ Same group of key management personnel who were involved in share dumping
of UCAR Inc
✓ Management involved in fraudulent act that is hidden from the list of key
management personnel. 51
Unknown related party transactions

Customers

Suppliers
Charles Lu

Fictitious
employee who
place fictitious Customers
purchase orders

52
Debrief: Exercise C (cont’d)
Response

▪ Understand how the accounting entries are being passed to record the sales of coffee
Accounting vouchers and redemption of coffee vouchers which will turn into revenue.
policy ▪ How collections are received from corporate/individual customers (flow of cash from
customers to the entity) since most transactions are done via online payment gateway.

Information ▪ Understand how the sales are initiated and processed within the application used by
technology consumers (including redemption of vouchers).

Relationship ▪ REMINDER ! Test of details is required to address risk of fraud. Nevertheless, the test
between sales, of details can be supplemented by performing substantive analytical procedures as
inventory , such:
purchases and ✓ Logistic costs per outlet vs coffee sold via delivery
delivery fees ✓ Coffee cups and coffee beans purchased vs sales made
✓ Payment gateway charges vs sales made (since all sales are cashless transactions)
53
Debrief: Exercise C (cont’d)
Response

▪ Direct confirmation with payment gateway and logistics company on the cost charged
Other test of
for the year. Cost confirmed will be used to perform relationship predictive analysis
details
for revenue.
▪ Interview outlet employees in respect of average number of cups sold per day.

▪ Make use of data analytics to analyse date and time stamps of transactions by
Data analytics
customer and/or outlets.

▪ Be skeptical over confirmations received (especially when client is extremely helpful) or

Confirmations no hurdles in receiving 100% confirmed balances without discrepancies.

Be wary of
extremely
helpful client
54
Key Learning Points
• Perform detailed risk assessment procedures.
• All procedures we perform during an audit are
important, and while not all are complex, they can
provide critical audit evidence.
• Challenge when the explanation or audit evidence
received does not make sense or contradict with our
knowledge from the market.
• Maintain a questioning mindset, if something looks
unusual, it probably is, and we should question and
investigate these items.
55
Step 4:
Design and perform procedures that
are responsive to the risk of
management override of controls

56
Risk of management override of controls
Management Management
override of controls
▪ Unique position to
perpetrate fraud ▪ Present in all
▪ Ability to manipulate entities, however
accounting records and vary from entity to
prepare fraudulent entity
financial statements by ▪ Risk of material
overriding controls that misstatement due
otherwise appear to be to fraud, thus a
operating effectively significant risk

57
Step 4: Response to the risk of
management override of controls

ISA 240 Para 33

ISA 240 Para 32

What does this mean?

▪ The risk of management override of controls is always present and certain procedures have to be
performed. These are the required procedures as prescribed in ISA 240 Para 32.
▪ We are required to identify whether there are any fraud risks related to management override of controls in
addition to those related to JE, accounting estimates and significant unusual transactions.
▪ When we identify risks of management override of controls in addition to the three specific areas above, we
perform entity specific audit procedures.
58
Step 4: Response to the risk of
management override of controls (cont’d)
The basic requirements of the minimum audit procedures per ISA 240 para 32 to
address the risk of management override of controls are:

For significant transactions that are

Test the Review accounting outside normal course of business
appropriateness of estimates for biases and for the entity, or that otherwise
journal entries evaluate whether the appear to be unusual given the
recorded in the GL circumstances producing auditor’s understanding of the
and other the bias, if any, represent a entity and its environment, evaluate
adjustments made in risk of material the business rationale of the
the preparation of misstatement due to fraud transactions that may indicate
financial statements
fraud.

59
Step 4: Response to the risk of
management override of controls (cont’d)
a) Test appropriateness of journal entries and other adjustments
i. Make inquiries of individuals involved in the financial reporting process about
inappropriate or unusual activity relating to the processing of journal entries and other
adjustments;
ii. Select journal entries and other adjustments made at the end of a reporting period; and
iii. Consider the need to test journal entries and other adjustments throughout the period
b) Review accounting estimates for biases and evaluate whether circumstances
producing the bias, if any, represent a risk of material misstatement due to
fraud
i. Evaluate whether judgments and decisions made by management are reasonable and
indicate a possible bias
ii. Perform retrospective review
c) Evaluate business rationale for significant transactions outside the normal
course of business

60
Step 5:
Reach an overall conclusion

61
Step 5: Reach an overall conclusion
What does this mean?
▪ Assessment of fraud risks is an iterative process
that continues throughout the audit.
▪ If during the course of the audit we obtain audit
evidence that contradicts the audit evidence on
which we originally based our risk assessment,
✓ we revise our risk assessment and modify
our planned audit procedures; OR
✓ we perform additional procedures
to reduce audit risk to an acceptably level.
▪ At the conclusion of the audit, we consider all
fraud risks and the results of the audit
procedures performed together in assessing
whether we have obtained sufficient audit
evidence to reach a conclusion on the risk of
material misstatement due to fraud.

62
Summary
Fraud risk assessment

63
Recap: Fraud 5 steps
Step 1 Step 2 Step 3
• “Why” there could Fraud risks • “What” we need to
be a fraud risk do to respond
• e.g. high degree of • e.g. cut-off
competition or • “How” could
procedures, including
market saturation, management perpetrate
those specifically
accompanied by fraud
addressing FOB
declining margins • e.g. overstating revenues destination sales
by recording sales made
in a subsequent
Fraud risk factors accounting period during Audit response
the current period

64
Fraud risk identification and assessment in
a diagram
Identification of fraud risk Identification of Respond to
factors FRAUD RISK FRAUD RISK Consider risk of
management
override of
Incentive and
pressure
controls
Fraud Risk Design audit
Factor 1 Fraud procedures to
triangle Tracker: Fraud risk Journal
address fraud
risk Entries
Incentive and
pressure review
Fraud Risk
Factor 2 Fraud Auditing
triangle Estimates
Attitude/
rationalisation
Significant
Fraud Risk Unusual
Rationalise why this FRF do not
Factor 3 Fraud Transactions
triangle
contribute to fraud risk
Opportunity

Reach an overall conclusion 65

Any questions?

66
Note:
The presentation slide, consists of
those from external and internal
workshop attended by Chengco PLT,
it is only for internal use

67