Proposed refresh of auditor responsibilities related to fraud

By Laura Hay, CPA, CAE, President & CEO, The Ohio Society of CPAs

Fraud continues to be a complex consideration in financial statement audits. Research conducted by the Auditing Standards Board (ASB) from 2022 to 2024 highlighted ongoing questions about the auditor’s responsibilities for identifying and assessing fraud risk.

In response to this feedback and informed by developments in the International Auditing and Assurance Standards Board’s (IAASB) recent fraud project, the ASB released an exposure draft on July 1, 2025, proposing clarifications and updates to the Statements on Auditing Standards (SAS) related to fraud. The proposed changes aim to improve the clarity and usability of existing standards, helping auditors more effectively identify, assess and respond to fraud risks.

If adopted as proposed, the new SAS would supersede SAS No. 122, Statements on Auditing Standards: Clarification and Recodification, as amended, section 240, Consideration of Fraud in a Financial Statement Audit (AU-C section 240). It would also amend fraud-related sections in several other SASs.

The proposed SAS does not change the auditor’s responsibility to plan and perform an audit that provides reasonable assurance that the financial statements are free of material misstatement, whether due to fraud or error. Rather, it aims to clarify how auditors should meet that responsibility by specifying procedures to follow when fraud is identified or suspected. The proposal also clarifies that certain instances of fraud—while not quantitatively material—may be considered qualitatively material based on factors such as who committed the fraud (e.g., company management) and the underlying intent (e.g., manipulating key performance indicators). The proposed standard does not change the importance of management’s role in the prevention and detection of fraud.

Highlights from the exposure draft, Proposed Statement on Auditing Standards: The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, include:

• Requirements when fraud is suspected: Provides new requirements to clarify the auditor’s responsibilities when fraud is suspected or identified.

• Emphasis on professional skepticism: Outlines how pressures on the engagement team may impede the proper exercise of professional judgment or professional skepticism, and actions that may be taken to mitigate those impediments.

• Aggregation of fraud alerts: Encourages auditors to remain alert for fraud indicators and to evaluate them in context.

• Engagement resources: Adds a new requirement for the engagement partner to determine that the members of the engagement team have the appropriate competence and capabilities to assess and respond to risks.

• Retrospective review: Extends existing requirements to perform a retrospective review of management judgments and assumptions, not just those related to significant accounting estimates.

• Engagement team discussion: Enhances the requirements related to the engagement team discussion to include elements such as the entity’s culture, management’s commitment to integrity and ethical values and oversight by those charged with governance.

• Obtaining an understanding of the entity and its environment: Expands the requirements for understanding the entity and its environment to include practices such as accounting policies or performance measures that may create incentives or pressures to achieve financial performance targets.

• Understanding the components of the entity’s system of internal control: Enhances the requirements for obtaining and understanding of the components of internal control related to how management communicates its views on business practices, how allegations are addressed and how errors are corrected.

• Management override of controls: Requires the auditor to treat the risk of management override of controls as a risk of material misstatement due to fraud at the financial statement level and to determine whether this risk affects the assessment of risks at the assertion level.

• Risk of material misstatement due to fraud in revenue recognition: Provides new application materials to assist in determining which types of revenue give rise to risk of material misstatement due to fraud. Clarifies that the significance of fraud risk related to revenue recognition ordinarily makes it inappropriate for the auditor to rebut the presumption that there are risks of material misstatement due to fraud in revenue recognition.

• Responses to the assessed risks of material misstatement due to fraud: Drives more robust responses to assessed risks of material misstatement due to fraud by requiring the auditor to design and perform audit procedures in response to these assessed risks in a manner that is not biased toward corroborating management’s assertions.

• Expanded auditor response: Outlines how to adapt audit procedures when fraud is suspected—ranging from adjusting substantive tests to increasing communications with management, audit committees and legal counsel.

• Enhanced documentation: Requires more robust record-keeping, including auditors’ rationale for their risk assessments, chosen responses and followup actions.

Comments on the exposure draft are due by October 3, 2025.

The ASB fraud task force continues to monitor the developments of the PCAOB fraud proposal, known as the noncompliance with laws and regulations, or NOCLAR standard, that was opposed by many responding to the draft.

Effective Date & Feedback Timeline

The proposed effective date would be for audits of financial statements for periods ending on or after December 15, 2028. Early implementation would be permitted.

Laura Hay, CPA, CAE, president & CEO, The Ohio Society of CPAs, is the staff liaison to the Accounting, Auditing, Professional Ethics Committee and the Peer Review Ethics Committee. She can be reached at Lhay@ohiocpa.com or 614.321.2241