Key changes to the International Standard on Auditing (UK) 240

The revised version of ISA (UK) 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements is effective for periods commencing on or after 15 December 2021, with early adoption permitted.

The standard has been revised with the aim of addressing concerns that auditors are not doing enough to detect material fraud and that this may, at least in part, be due to a lack of clarity as to their obligations with respect to fraud.

Key changes

The more significant changes to ISA (UK) 240 include:

• The objectives of the auditor have been revised to reflect the requirement to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement due to fraud. Whilst this is unlikely to make a practical difference for most audits, given it was already embedded within the overall objectives of the auditor per ISA (UK) 200, it may help give more prominence to fraud risks in the audit process.
  
  
• Consistent with recent changes to other auditing standards, there is a greater focus on professional scepticism. In particular, the auditor must design and perform further audit procedures in a manner that is not biased towards obtaining audit evidence that may be corroborative or towards excluding audit evidence that may be contradictory. The auditor must also investigate further if there is cause to believe that a record or document may not be authentic (examples of conditions that indicate a record or document may not be authentic have also been added to the application material).
  
  
• A new requirement to make inquiries of those within the entity, as appropriate, who deal with allegations (if any) of fraud raised by employees or other parties (this may be management, or in larger organisations, may be those who staff whistleblowing hotlines, for example).
  
  
• New requirements to determine whether the engagement team requires specialised skills or knowledge to perform risk assessment procedures, identify and assess risks of material misstatement due to fraud, to design and perform audit procedures to respond to those risks, to evaluate the audit evidence obtained or to investigate misstatements due to fraud or suspected fraud for the purpose of the audit. Specialised skills or knowledge are more likely to be required where there are complex transactions, data flows, contractual terms or relationships with other entities, or where matters require a high degree of judgement. It may be that forensic experts are needed, although the standard does not mandate their use.
  
  
• A new stand back requirement to evaluate whether sufficient appropriate audit evidence has been obtained regarding the assessed risks of material misstatement due to fraud and whether the financial statements are materially misstated as a result of fraud.
  
  
• A reminder that as required by ISA (UK) 700, the auditor’s report shall explain to what extent the audit was considered capable of detecting irregularities, including fraud, and that this explanation must be specific to the circumstances of the audited entity (i.e. not boilerplate).

The impact of these changes

For most auditors, the impact of these changes will not be particularly significant, representing minor changes / enhancements to audit work and methodologies with respect to fraud rather than wholesale reforms. Nevertheless, the revised ISA does highlight the standard setter’s renewed focus on fraud and is a good opportunity for firms to reflect on their current practice in this area.

How we can help

Mercia’s methodology will be updated in due course to reflect the revised requirements of the standard.

If you would like to learn more about the changes to the standard, please book onto one of our update courses.

Details of our 2021 training programme are available here.

Find out more

To see full revised version of the ISA (UK) 240 you can access it here.