If financial statements have fraud misstatements, who will hold the responsibility and how?
In the case that material misstatements due to fraud are detected, the following parties will hold the responsibility as follow:
- Boards of Management and Directors of the entity are accountable to shareholders and investors for material misstatements due to fraud: prevention and detection of fraud is, firstly, the responsibility of the boards (normally clearly stated in the enterprise’s charter). It is important that the management, with the oversight of those charged with governance, place a strong emphasis on both fraud prevention (to reduce fraud opportunities) and fraud detection (to warn people not to commit fraud because of the likelihood of detection and punishment). This involves a commitment in creating a culture of honesty and ethical behaviors which can be reinforced by an active oversight by those charged with governance. Oversight by those charged with governance includes considering the potential for override of controls or other inappropriate influence over the financial reporting process, such as efforts by management to manage earnings in order to influence the perceptions of analysts as to the entity’s performance and profitability.
- Departments/ positions having functions related to the risk management process may be held accountable to the Boards of Management and Directors if they fail to perform the related responsibilities. Such departments / positions may include risk management committee, heads of operation units, internal audit, chief financial officer, chief accountant, and staff implementing internal control procedures.
- Audit firms and auditors in charge may be held accountable to users of the financial statements if not strictly comply with audit standards regarding fraud risks. (VSA 240 - The auditor’s responsibilities relating to fraud in an audit of financial statements).
Accordingly, users of financial statements can sue the audit firms and the auditors in charge to claim compensation for their damages if they believe that the auditing company and the auditor in charge have failed to fully perform their responsibilities, or commit acts of violating professional ethics. If the examination of audit records shows evidence of this, the audit firm and the auditors will be subject to compensation and sanctions as decided by the court.
Why independent auditors may not find out fraud misstatements?
- When performing audits in accordance with Vietnamese auditing standards, auditors are responsible for achieving reasonable assurance (not absolute assurance) that whether financial statements, as a whole, have significant misstatements due to fraud or error. Due to inherent limitations of audit, there is an inevitable risk that the auditor may not detect some errors that significantly affect the financial statements, even if the audit has been planned and implemented in accordance with Vietnamese audit standards (see the paragraph A51 Of Vietnam Auditing Standard No. 200)
- As mentioned in the paragraph A51 Vietnam Audit Standard No. 200, the impact of inherent limitations is especially serious for fraud misstatements. The risk of fraud misstatements is higher than the risk of error misstatements. It is because fraud can be carried out through sophisticated and closely organized tricks to conceal fraudulent behaviors, such as forging records, intentionally not recording transactions, or deliberately providing false explanations to auditors. Concealment can be even more difficult to detect when there is co-operation to commit fraudulent acts. The co-operation can lead the auditor to believe that the audit evidence is convincing when in fact it is false evidence. The ability of the auditor to detect fraud depends on factors such as the skill of the perpetrator, the frequency and extent of the manipulation, the degree of collusion, the value of the assets manipulated, the rank of the individuals who commit fraudulent acts. While auditors can identify opportunities to commit fraudulent behavior, there are some areas, such as accounting estimates, that it is hard to determine whether the misstatements are due to fraud or error.
- Furthermore, the risk that the auditor does not detect fraud misstatements caused by high-level management is greater than that risk that the auditor does not detect fraud misstatements caused by employee. Because, high - level management is normally in a position that could directly or indirectly manipulate accounting records, or present fraudulent financial information, or override control procedures.
What guidance do the audit standards provide regarding fraud risks?
According to VSA 240 (The auditor’s responsibilities relating to fraud in an audit of financial statements), auditors need to comply with the following guidance:
In accordance with VSA 200, the auditor shall maintain professional skepticism throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor’s past experience of the honesty and integrity of the entity’s management and those charged with governance.
Discussion among the Engagement Team
VSA 315 requires a discussion among the engagement team members and a determination by the engagement partner of which matters are to be communicated to those team members not involved in the discussion.6 This discussion shall place particular emphasis on how and where the entity’s financial statements may be susceptible to material misstatement due to fraud, including how fraud might occur. The discussion shall occur setting aside beliefs that the engagement team members may have that management and those charged with governance are honest and have integrity.
Risk Assessment Procedures and Related Activities
When performing risk assessment procedures and related activities to obtain an understanding of the entity and its environment, including the entity’s internal control, required by paragraphs 05-24 VSA 315, the auditor shall perform the procedures in paragraphs 17–24 to obtain information for use in identifying the risks of material misstatement due to fraud.
Identification and Assessment of the Risks of Material Misstatement Due to Fraud
In accordance with paragraph 25 VSA 315, the auditor shall identify and assess the risks of material misstatement due to fraud at the financial statement level, and at the assertion level for classes of transactions, account balances and disclosures.
Responses to the Assessed Risks of Material Misstatement Due to Fraud
In accordance with paragraph 5 VSA 330, the auditor shall determine overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level.
Evaluation of Audit Evidence
If the auditor identifies a misstatement, whether material or not, and the auditor has reason to believe that it is or may be the result of fraud and that management (in particular, senior management) is involved, the auditor shall reevaluate the assessment of the risks of material misstatement due to fraud and its resulting impact on the nature, timing and extent of audit procedures to respond to the assessed risks. The auditor shall also consider whether circumstances or conditions indicate possible collusion involving employees, management or third parties when reconsidering the reliability of evidence previously obtained.
Auditor Unable to Continue the Engagement
If, as a result of a misstatement resulting from fraud or suspected fraud, the auditor encounters exceptional circumstances that bring into question the auditor’s ability to continue performing the audit, the auditor shall follow the guideline of audit standards.
Communications to Management and with Those Charged with Governance
If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor shall communicate these matters on a timely basis to the appropriate level of management in order to inform those with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities.
Communications to Regulatory and Enforcement Authorities
If the auditor has identified or suspects a fraud, the auditor shall determine whether there is a responsibility to report the occurrence or suspicion to a party outside the entity. Although the auditor’s professional duty to maintain the confidentiality of client information may preclude such reporting, the auditor’s legal responsibilities may override the duty of confidentiality in some circumstances.
See more detail standards here