Читать книгу Wiley Practitioner's Guide to GAAS 2020 - Joanne M. Flood - Страница 115

When the auditor discovers or suspects fraud, the actions and communications required are somewhat complex, especially when an SEC client is involved. The actions/communications required by Title III of the Private Securities Litigation Reform Act of 1995, by the SEC Practice Section (SECPS) for its members, and by the SEC in Form 8-K add to the complexity.

The auditor should communicate on a timely basis any evidence that fraud may exist, even if such fraud is inconsequential, to the appropriate level of management. (AU-C 240.39)

The auditor should directly inform those charged with governance about:

 Fraud involving management

 Fraud involving employees who have significant roles in internal control

 Fraud that causes a material misstatement of the financial statements

(AU-C 240.40)

The auditor should reach an understanding with those charged with governance about the nature and extent of communications that need to be made to them about misappropriations committed by lower-level employees.

The auditor should consider whether the following are reportable conditions that should be communicated to senior management and those charged with governance:

 Identified risks of material misstatement due to fraud that have continuing control implications (whether or not transactions or adjustments that could result from fraud have been detected)

 A lack of, or deficiencies in, programs and controls to mitigate the risk of fraud

The auditor may also want to communicate other identified risks of fraud to those charged with governance, either in the overall communication of business and financial statement risks affecting the entity or in the communication about the quality of the entity’s accounting principles (see Section 260). (AU-C 240.41)

Ordinarily, the auditor is not required to disclose possible fraud to anyone other than the client’s senior management and those charged with governance, and in fact would be prevented by the duty of confidentiality from doing so. However, a duty to disclose to others outside the entity may exist when:

 Complying with certain legal and regulatory requirements

 Responding to a successor auditor’s inquiries

 Responding to a subpoena

 Complying with requirements of a funding agency or other specified agency for audits that receive governmental financial assistance

(AU-C 240.A72)

The auditor may wish to consult legal counsel before discussing these matters outside the client to evaluate the auditor’s ethical and legal obligations for client confidentiality. (AU-C 240.A73)

NOTE: The auditor should document these communications to management, the audit committee, and others.

When deciding on how to communicate, the best approach is to decide which of the following three situations governs, and to follow the guidance presented for the applicable situation.