Warning

The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

  • No human verification has been conducted of the converted content.
  • While we strive for accuracy errors or omissions may exist.
  • This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
  • For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

SGN 02/2017: Explaining to what extent the audit was considered capable of detecting irregularities,

Explaining to what extent the audit was considered capable of detecting irregularities, including fraud

Paragraph 45R-1(c) of ISA (UK) 700 (Revised June 2016) requires the auditor's report of a public interest entity to explain to what extent the audit was considered capable of detecting irregularities, including fraud, a requirement that stems from Article 10 of the Audit Regulation. This requires the auditor to include an explanation setting out the capability of the audit, as performed, to detect irregularity, and the auditor's response.

“Irregularity” is not defined in either the Audit Regulation or Directive, but is deemed to correspond to the definition in ISA (UK) 250 (Revised June 2016) of non-compliance: “Acts of omission or commission by the entity, either intentional or unintentional, which are contrary to the prevailing laws or regulations.” The term is therefore broadly based.

In considering what information the auditor should include in the auditor's report, the auditor should explain the extent to which the following aspects of the auditor's approach affected the auditor's capability to detect irregularity, noting that this is not an exhaustive list:

  • Which laws and regulations the auditor identified as being of significance in the context of the entity.
  • How the auditor obtained an understanding of the legal and regulatory framework applicable to the entity and how the entity is complying with that framework.
  • The extent to which the auditor's work was designed to identify non-compliance with such laws and regulations.
  • In the case of a group, how the auditor addressed these matters at both at the group and component levels.

The auditor needs to ensure that such an explanation reports matters of significance clearly and concisely, without the use of boiler plate text. In determining those matters that are of significance1, both quantitative and qualitative factors are relevant to such consideration.

In explaining the extent to which the audit was considered capable of detecting irregularities, including fraud, the auditor should consider how their approach to the audit has affected the likelihood of detection. This will be affected by the inherent difficulty in detecting them, the effectiveness of the entity's controls, and the nature, timing and extent of the audit procedures performed. Irregularities that result from fraud might be inherently more difficult to detect than irregularities that result from error. The auditor's responsibilities for the engagement will mean that detection of those types of irregularity which give rise to a risk of material misstatement are those on which the auditor is able to provide the most comprehensive explanation.

For example:

  • Where the auditor has identified legislation of particular relevance to the entity, what procedures did the auditor design to obtain sufficient appropriate audit evidence regarding compliance with that legislation?
  • Did the audit team identify particular areas that were susceptible to misstatement as part of their fraud discussion?

The auditor may find it helpful, in developing their explanation, to review the following documentation:

  • The auditor's assessment of the susceptibility of the entity's financial statements to material misstatement,2 including how fraud might occur.3
  • The engagement partner's assessment of whether the engagement team collectively had the appropriate competence and capabilities to identify or recognise non-compliance with laws and regulations, and details of those matters about non-compliance with laws and regulations and fraud that were communicated to the engagement team.4
  • The auditor's understanding of the entity's current activities, the scope of its authorisation and the effectiveness of its control environment where the entity is a regulated entity.5
  • Communications with component auditors to request identification of any instances of non-compliance with laws and regulations that could give rise to a material misstatement of the group financial statements.6

The auditor may also have determined that certain matters relating to non-compliance with laws and regulations are key audit matters. This does not exempt the auditor from also including the required explanation, in their report, as to what extent the audit was considered capable of detecting irregularities, including fraud.

  1. Significance is defined in the FRC's Glossary of Terms. 

  2. See Paragraph 10 of ISA (UK) 315 (Revised June 2016). 

  3. See Paragraph 15 of ISA (UK) 240 (Revised June 2016). 

  4. See: Paragraph 14 of ISA (UK) 220 (Revised June 2016); Para. 11 of ISA (UK) 250 Section B (Revised June 2016). 

  5. See: Paragraph 10 of ISA (UK) 250 Section B (Revised June 2016). 

  6. See: Paragraph 41(d) of ISA (UK) 600 (Revised June 2016). 

File

Name SGN 02/2017: Explaining to what extent the audit was considered capable of detecting irregularities,
Publication date 27 September 2023
Type Guidance
Format PDF, 112.2 KB
Download original
Back to top