What do I need to do when considering the risk of fraud in my audit engagement?
SA 240 requires you to identify and assess the risks of material misstatement due to fraud at the financial report level and at the assertion level for classes of transactions, account balances and disclosures. It is mandatory to hold an engagement team discussion in relation fraud risk and it must place particular emphasis on how and where the entity’s financial statements may be susceptible to material misstatement due to fraud, including how fraud might occur. There is a rebuttable presumption that risk of fraud in revenue recognition is a significant risk on every audit engagement . The auditor must evaluate which types of revenue, revenue transactions or assertions give rise to fraud risks. There needs to be a very good reason to rebut this presumption, if this occurs then the reasons for that conclusion need to be documented. The risk of fraud from management override of controls is a significant risk on every audit engagement. Although the level of risk of management override of controls will vary from entity to entity, the risk is nevertheless present in all entities. Therefore this risk cannot be rebutted under any circumstances. The audit team should make an assessment of the level of this risk and this should be taken into account in planning the relevant audit procedures, and documented. The thought processes, discussions and conclusions drawn about the risks of material misstatement due to fraud and your response to the risk assessment should be documented.