ISA 240

Jamshaid Akhtar ACA

3. Responsibility of
[Link] of 4. Responsibility of 5. Professional 6. Discussion among 7. Risk Assessment
[Link] of Fraud Management &
Misstatement Auditor Skepticism ET Procedures
TCWG

8. Identification and
Structure of ISA
Assessment of
240
ROMM due to Fraud

9. Response to 11. Inability to 12. Written 13. Communication to 14. Reporting to

10. Evaluation of
Assessed ROMM due Continue Representations Management & Appropriate Outside 15. Documentations
Audit Evidence
to Fraud Engagement relating to Fraud TCWG Authority 

Legends:
FFR:  Fraudulent Financial Reporting
MOC: Management Override of Control
JE:     Journal Entries 

Page
1/8
ISA 240 Objectives:
Jamshaid Akhtar ACA Auditor''s
-identify/assess ROMM due to fraud
responsibilities
-obtain S&A audit evidence
relating to fraud in FS
-responded appropriately to frauds/ suspected frauds

1. Misstatements in in FS
can arise due to; 2. Types of Fraud
-errors (unintentional) P-3
-frauds (intentional) P-2 

Committed due to following;

-Incentive or pressure
Fraudulent Financial Misappropriation of
-opportunity 
Rporting Assets
-rationalization
A-1

-by management Accomplished by: -mainly by employees & management

-intentional misstatement in -manipulation, falsification, which can conceal 
amount/disclosure in FS alteration of records -involve theft of entity's assets
-earning management to show -misinterpretation, omission in -it can be accomplished by;
better performance FS  +embezzling receipts
-reduce earning to minimize tax -misapplication of accounting  +stealing assets/intellectual property
A-2 policies A-3  +payment for goods not received
 +using entity's assets for personal use
A-5

Management override of
controls;
-recording fictitious journal
entries
-inappropriate measurements/
assumptions 3. Responsibility for 4. Responsibility of
-omitting/delaying recognition Prevention and Auditor
-omitting/obscuring disclosures Detection of Fraud
-concealing material facts
-complex transactions to
misrepresent FS
-altering records/terms for Management: -responsible for frauds lead to
transactions A-4 -place strong emphasis on fraud prevention
MM
-fraud deterrence
-management frauds are
-create culture of honesty & ethics difficult to detect
TCWG:
-use professional skepticism
-consider override of controls
P-6,7,8
-influence of management over financial
reporting process
Page
P-4
2/8
ISA 240
Jamshaid Akhtar ACA

5. Professional 6. Discussion among ET

Skepticism -about susceptibility of entity's FS
-questioning mind & disclosure to MM relating to
fraud P-16

Maintain professional skepticism auditor shall accept

If response to inquiries
notwithstanding past experience documents as genuine -Such discussions;
is inconsistent,
of honesty of management & unless proved  +provide experienced team member to
investigate further
TCWG P-13 otherwise P-14 share their insight
 +consider appropriate response
 +provide basis to ET for sharing such
response/ procedures A-11
-Discussion should include matters;
 +exchange of ideas
 +circumstances leading to earning
For further investigation of management
authenticity of document, do  +risk of management manipulating
following; disclosure
-confirmation from third party  +internal/external factors creating
-using expert A-10 incentives/ pressures
 +management overseeing employees
handling cash
 +unusual changes in life style etc. A-12

Page
3/8
ISA 240
Jamshaid Akhtar ACA

7. Risk Assessment
Procedures

Inquiries Unusual or Other Information

Those Charged with
Management or Unexpected -evaluate for indication
Governance
Others Relationship of fraud risk P-24

Info from:
-obtain understanding of -identified through -client acceptance
-assessment of risk of fraud Inquiries of internal audit oversight function P-21 analytical procedures -previous experience
-process to identify & about;
-inquires about actual or -evaluate whether -interim review A-23
respond to risk to fraud -procedures performed to
suspected frauds P-22 indicative of fraud P-23
-communication to TCWG detect fraud
about fraud -management response
-communication to P-20, A-19
employees business/ ethics
A-18

Evaluation of Fraud Risk Factors

Inquiries from Other within the entity;
-evaluate any fraud risk factor
-operating personnel
present after all previous
-employees with different levels
procedures P-25
-employees who record complex
transactions
-in-house legal council
-chief ethics officer
-person dealing with fraud A-17

Page
4/8
ISA 240
Jamshaid Akhtar ACA 8. Identification & 9. Response to
Assessment of Assessed ROMM due
ROMM due to fraud to Fraud

At; Presumption of: Treat risk of fraud as

-FS level -risk of fraud in revenue significant Overall Response
-Assertion Level -evaluate type of revenue & -obtain understanding of
P-26 revenue transactions give rise to related controls P-28
such risk P-27

-misstatement due to FFR results in overstatement Incorporate element of Assignment and supervision Evaluate whether selection/
At FS level by;
through; unpredictability in audit of personnel: application of accounting
-increase sensitivity in
 +premature recognition procedures P-30c -individuals with policies on subjective/ complex
 +fictitious revenue examining docs for material
specialized skills (forensic, transactions represent earning
transactions
-understatement though IT) management P-30b
 +shifting in later period A-29 -more corroboration of
management representations -more experienced P-30a, A-
-risk of fraud is greater in; 35
 +listed entities (bec. performance measured P-29, A-34
through revenue growth)
 +entities that generate significant profit from cash
sales A-30
-presumption may be rebutted if single/simple It can be achieved by;
stream of revenue A-31  -substantive procedures on immaterial
items
-adjusting timings of audit procedures
-using different sampling methods
-perform procedures at different
locations unannounced A-37

Page
5/8
ISA 240
Jamshaid Akhtar ACA
9. Response to
Assessed ROMM due
to Fraud

Audit Procedures at Assertion

Audit Procedures for
Level
Management
-by changing nature, timing and
Override of Controls
extent of further audit procedures

Irrespective of level Evaluate whether need to perform

-tool for FFR this risk, the auditor
-present in all entities other audit procedures in addition to
shall perform
refer before regarding risk of MOC
P-32 procedures
P-34

Changes can be made in following

ways;
-to obtain more reliable audit Review estimates for biases and see Business rationale of
Test journal entries by;
evidence whether it represents ROMM due to fraud, significant transaction outside
-make inquiries about unusual activities
 +physical inspection may become the auditor shall; normal course of business
relating to process of JEs
more important -review judgment for possible biasness even P-33c
-select JEs made at end of reporting period
 +use of CAATs if individually seems reasonable
-consider need to test JEs throughout the
 +corroborative evidence -perform retrospective review of
period
 +if earning pressure, risk of inflating management judgment 
P-33a
sales, confirmation will be used P-33b
-timing of procedures may be
modified
 +subtantive testing near period end Indicators that such transaction have been entered
-extent of procedures can be For selection of JEs for test, consider following matter; -FFR is made through intentional misstatement of for the execution of fraud;
-assessment of ROMM due to fraud estiamtes A-46
changed -complex transaction involving multiple entities
-controls over JEs -purpose of retrospective review is to evaluate
 +increasing sample within/outside group
 +performing more analytical A-38 -entity's financial reporting process (IT, JEs in electronic baseness, it do not intend to re-evaluate previous -management did not dicuss nature of transaction
-appendix 2 forms) estimates A-47 with TCWG and there is inadequate documentation
-characteristics of fraudulent JEs such as; -retrospective review as per ISA 540 is required -management places more emphasis on particular
 +made to unused/seldom accounts as RAP to;
type of accouning treatment
 +made by unrelated person  +evaluate effectiveness of estimation process
-transaction involving non-consolidated parties e.g.
 +recorded at the end of period with lttle or no explanation  +evidence about outcome SPEs no approved by TCWG
 +made during or before preparation of FS without a/c no.  +subsequent re-estimation if necessary for -transaction with
 +contain round/consistent ending numbers current period estimates  +previous unidentified parties
-nature and complexity of accounts which;  +evidence of estimation uncertainty require
 +parties which do not have financial strength to
 +contain complex/unusual transactions disclosure in FS
support transaction 
 +contain estimate or period end adjustments  +practically, matters required by ISA 240 & ISA A-49
 +have been prone to misstatements in past 540 relating to estimates are considered
 +not reconciled simultaneously A-48
 +contain inter-company balances
 +associated with ROMM due to fraud
+processed outside the normal course of business Page
A-44 6/8
ISA 240
Jamshaid Akhtar ACA 10. Evaluation of Audit Evidence
-whether assessed ROMM at assertion level remain appropriate
-evaluation is qualitative matter based on judgment
-assist to evaluate need to perform additional/different audit
procedures A-50
-appendix 3

Evaluate whether analytical If auditor identified MM due to If unable to conclude that

procedures performed at the fraud if misstatement identified due to fraud whether FS are materially
end of audit indicate ROMM -evaluate implication on other involving management, then irrespective of misstated due to fraud;
due to fraud P-35 areas e.g. management materiality; -consider implication on
representations  -re-evaluate ROMM due to fraud audit/opinion
P-36 -see impact on audit procedures P-38
-see possibility of collusion by employees,
management or third parties while considering
reliability of audit evidence already obtained.
P-37
Apply professional judgement on trends
indicating fraud such as;
-unusual relationship of year end revenue and
income
-large income reported in last weeks
-unusual transactions
-inconsistent income with trends in cash flow
Exceptional circumstance;
from operations A-51 -entity does not take action against
11. Auditor Unable to Continue
fraud
Engagement
-audit test indicate significant risk
-due to fraud, exceptional
of material & pervasive fraud
circumstances encountered
-significant concern about
the audit shall:
competency/integrity of
management & TCWG

-determine professional and legal If withdraw;

-consider whether it is
responsibilities -discuss reason with
appropriate to withdraw
-see requirement to report management and TCWG
-whether withdrawal is possible
appointing authority -determine whether to report
as per law
(shareholders) or regulator appointing authority or regulator
P-39b
P-39a -seek legal advice
P-39c, A-57

Page
7/8
ISA 240
Jamshaid Akhtar ACA

14. If auditor identified fraud, consider 15. Documentation;

12. Obtain written representation from 13. P-41 If auditor identified fraud, whether law or ethical requirements; -significant decision reached among
management and TCWG that; communicate to; -require to report to an outside entity discussion of ET
-they acknowledge their responsibility of -appropriate level of management on -establish responsibility where -assessed ROMM due to fraud
ICs relating to fraud timely basis unless prohibited by law reporting is appropriate under given -response to risk of fraud
-they have disclosed assessment of risk P-42 The auditor shall communicate to circumstances -result of audit procedures
due to fraud TCWG unless prohibited by law, if P-44 -fraud communicated to management
-they have disclosed knowledge of fraud identified fraud involving;
involving; -if presumption about risk of fraud in
-management
 +management revenue is not applicable, the reason
-employees who have role in ICs
 +employees who have role in ICs thereof
-others where fraud materially affect
 +others where fraud materially affect FS P-45 to 48
FS
-they have disclosed allegation of fraud by; P-43 Communicate other matters
 +employees related fraud to TCWG
 +former employees
 +analyst, regulator etc.
P-40 To determine reporting requirement to
outside entities;
-consult internally (within firm/network
firm)
-consult with regulator
-consult with professional body
-obtain legal advice
Other Matters: A-68
-concerns about management
assessment of ICs
-failure by management to
identify/respond deficiencies in ICs
-evaluation of control environment
-indication of FFR
-concerns about approval process of
transaction outside normal course of
business
A-66

Page
8/8