There are similarities and differences between the responsibilities of internal and external auditors. Both internal and external auditors have responsibilities relating to the prevention, detection and reporting of fraud, for example, but their responsibilities are not the same.
Required:
Explain the difference between the responsibilities of internal auditors and external auditors for the prevention, detection and reporting of fraud and error. (6 marks)
View Solution
Prevention, detection and reporting of fraud and error
External Auditors
Prevention and detection
The external auditors are bound by the requirements of ISA 240. This requires that auditors recognize that fraud and error may materially affect the financial statements and design procedures to ensure that the risk is minimized. The auditors have no specific requirement to prevent or detect fraud. However, they must maintain professional scepticism throughout the audit, recognizing that circumstances may exist that cause the financial statements to be materially misstated.
By conducting the audit in accordance with ISAs the auditor obtains reasonable assurance that the financial statements are free from material misstatement caused by fraud or error. However, due to the nature of fraud the risk of not detecting fraud is higher than the risk of not detecting error.
Reporting
ISA 240 also sets out the requirements in relation to reporting fraud. If auditors suspect or detect a fraud, they must report it on a timely basis to the appropriate level of management.
If management are implicated the matter must be communicated to those charged with governance, unless the fraud necessitates immediate reporting to a third party.
The matter should only be referred to in the audit report if the opinion is modified on those grounds. It may also be that the matter is one which needs reporting to a relevant authority in the public interest. If the auditors feel that this is so, they should seek legal advice before taking any action, and request that the entity reports itself. If the directors refuse to make any disclosure in these circumstances, the auditors should make the disclosure themselves.
Internal auditors
Prevention and detection
It is likely that the internal auditors will have a role both in the prevention and detection of fraud. Indirectly, they play a role in their involvement with the internal controls of a business, which are set up to limit risks to the company, one of which is fraud. Directly, they may be engaged by the directors to carry out test when a fraud is suspected, or routinely to discourage such activity.
However, if a serious fraud was suspected, a company might bring in external experts, such as forensic accountants or the police.
Reporting
If internal auditors discovered issues which made them suspect fraud, they would report it immediately to their superiors, who would report to those charged with governance. In the event that an internal auditor suspected top level fraud, he might make disclosure to the relevant authority in the public interest.