Primary responsibility to prevent and detect fraud is upon management or those who are charged with an authority of management oversight (also known as those charged with governance). To achieve this objective it is their responsibility to have an effective internal control system in place which not detect fraudulent activities but also prevent them from happening.
Auditor’s responsibility is to provide reasonable assurance and for that he reduces audit risk to appropriate level which in turn means that although he cannot reduce risk of material misstatement but he needs to keep detection risk low enough so that reasonable assurance can be provided. And for this he needs to detect material misstatements caused by fraud or error. So he gets involved in all this indirectly.
Although ISA 240 recognizes the fact that auditor may fail to detect material misstatements caused by fraud as they are so well concealed and embedded in the financial information but still ISA 240 does not exclude auditor from detecting fraud.
To learn more about whether auditor is really responsible to detect fraud and to what extent and confusions surrounding the responsibility please read Auditor – “A watchdog not a bloodhound” Why yes? Why not?
There are so many reasons why auditor may fail to detect fraud and possibly material misstatements due to fraud. Some of the reasons are discussed below:
- Improper planning including not revising audit plan that includes erroneous initial assessment of risk of material misstatement
- Failure to exercise due care or maintaining professional skepticism
- lack of skill and experience
- Inappropriate supervision of junior team members
- Improper allocation of work among team members
- Inability to gather sufficient appropriate audit evidence
- Inappropriate designs audit program sample selection target assertions
- Wrong interpretation of results
- Over reliance on management information/representations/internal control system/not corroborating evidence already obtained
- Incomplete documentation
- Lack of quality assurance department in audit firms
Above were some points that we can describe as deficiency on part of auditor following are some other reasons other than for which auditor is considered responsible
- Management not supportive or cooperating
- Limitations imposed on audit work in engagement letter
- Physical restrictions
- Misapplication of accounting policies, rules and standards
- Confusion in dividing responsibilities between management and auditor
- Incomplete or erroneous financial records
- Collusion / involvement of high officials in the entity who were able to circumvent controls
- Sampling basis used to apply audit procedures thus increasing sampling risk
In addition to above listed reasons, students are invited to read about inherent limitations of audit as well because such limitations also affect auditor’s ability to detect fraud.