Fraud Risk in Audits
Common Shortcomings and How to Address Them Under SA 240
Fraud Risk in Audits
Common Shortcomings and How to Address Them Under SA 240
In today’s complex financial reporting environment, detecting fraud remains a persistent challenge, even for experienced auditors. The recent Rs. 2,600 crore derivatives misstatement at IndusInd Bank, where internal trades were not marked to market and profits were artificially inflated, serves as a stark reminder of how fraud risks can go undetected when audit procedures fail to address management override and misstatements effectively. Such incidents underline the importance of SA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, which outlines the auditor’s duty to identify, assess, and respond to fraud risks with diligence and professional scepticism. Drawing on recent inspection findings and implementation guidance from the Auditing and Assurance Standards Board (AASB), this article highlights common pitfalls in fraud risk audits. It provides actionable insights to strengthen audit quality and compliance.
1. Inadequate Documentation and Incomplete Management Representation
1.1 Observation
One of the most frequently noted deficiencies in audit files is the lack of documentation that evidences fraud risk procedures, particularly regarding management representations. Several audit firms failed to obtain or include explicit representations from management that they had disclosed their assessment of fraud risk and any actual, suspected, or alleged frauds known to them. Despite issuing standard unqualified audit opinions, these critical disclosures were neither confirmed nor recorded.
1.2 Relevant Provisions of SA 240
As per paragraph 39 of SA 240, auditors are required to obtain specific written representations from management and, where appropriate, those charged with governance. These representations must confirm their responsibility for designing, implementing, and maintaining internal controls to prevent and detect fraud. They must also confirm that they have disclosed both the results of management’s own fraud risk assessments and any knowledge of fraud or suspected fraud involving management, employees with key control responsibilities, or other individuals whose actions may materially impact the financial statements.
1.3 AASB Guidance and Recommendations
The AASB emphasises that these representations are not optional or perfunctory. They serve as vital corroborative evidence in audits. When omitted or vaguely drafted, the reliability of the audit opinion is significantly compromised. Auditors must therefore revise their standard representation letter formats to ensure full compliance with SA 240. Additionally, management responses must be properly documented, and the absence of disclosures should be supported with specific reasoning and signed confirmations.
2. Failure to Identify and Assess Risks of Material Misstatement Due to Fraud
2.1 Observation
Another serious concern highlighted was that auditors did not properly identify or assess the risks of material misstatement due to fraud, especially at the assertion level. There were instances where auditors either skipped this assessment entirely or mentioned fraud risk only generically without applying it to specific accounts, disclosures, or transactions.
2.2 Relevant Provisions of SA 240
Paragraph 25 of SA 240 mandates that the auditor shall identify and assess the risks of material misstatement due to fraud both at the financial statement level and at the assertion level. These assessments must consider various fraud risk factors and be informed by the auditor’s understanding of the entity, its internal control environment, and any red flags that emerge during planning. Furthermore, paragraph 27 requires these identified risks to be treated as significant, which necessitates an understanding of the entity’s related controls.
2.3 AASB Guidance and Recommendations
AASB guidance underscores that this process must be documented and tailored to the specific entity. For example, if the auditor concludes that revenue recognition does not pose a fraud risk, this conclusion must be well-supported and documented, as paragraph 26 presumes that such a risk exists. Auditors are expected to proactively examine high-risk areas such as complex estimates, management judgments, and significant adjustments.
To address this, firms should enhance their audit planning documentation to include specific fraud risks, their impact at the assertion level, and the rationale behind the risk classification. A clear linkage between assessed fraud risks and responsive audit procedures must be evident in the audit file.
3. Absence
of Engagement Team Discussions on Fraud
Risk
3.1 Observation
In several cases, the audit files did not reflect any meaningful engagement team discussions relating to the susceptibility of the financial statements to fraud. This omission weakens the foundation of fraud-focused audit planning and execution.
3.2 Relevant Provisions of SA 240
As per paragraph 15 of SA 240, there must be documented discussions among the engagement team regarding how and where fraud could occur in the financial statements. This includes considering the ways fraud might be perpetrated and concealed and encouraging a mindset of professional skepticism. Such discussions help challenge assumptions and bring multiple perspectives into the risk assessment process, particularly when team members may have different levels of experience with the entity or industry.
3.3 AASB Guidance and Recommendations
The AASB highlights that engagement teams must go beyond a routine discussion. They should consider aspects such as management’s influence over financial reporting, internal control limitations, industry pressures, and the fraud triangle—comprising
incentive or pressure, opportunity, and rationalisation. Team members should reflect on past audit findings, whistleblower reports, and changes in the control environment.
It is recommended that firms schedule dedicated brainstorming sessions during audit planning, capture key points of discussion, and ensure documentation includes the names of participants, significant risks identified, and the resulting audit strategy adjustments.
4. No Testing for Management Override of Controls
4.1 Observation
One of the most critical and universally applicable fraud risks, management override of controls, was overlooked in several audits. In some instances, there was no documentation of journal entry testing or review of significant accounting estimates, even though the audit report was clean.
A recent example is the ₹2,600 crore derivatives misstatement by IndusInd Bank in 2025. The accounting discrepancies arose from internal trades not being marked to market, inflating profits over multiple quarters. This misreporting points to potential management override of controls—a significant fraud risk under SA 240. The auditors’ failure to detect such overrides despite the scale of transactions highlights the critical need for robust journal entry testing and analytical scrutiny of management decisions.
4.2 Relevant Provisions of SA 240
According to paragraphs 31 through 33 of SA 240, management override is inherently a significant fraud risk in every audit engagement. The auditor is required to design and perform procedures specifically targeted at identifying and testing this risk. This includes testing the appropriateness of journal entries and other adjustments, reviewing accounting estimates for management bias, and evaluating the rationale behind significant or unusual transactions that fall outside the normal course of business.
4.3 AASB Guidance and Recommendations
The AASB stresses that failure to perform journal entry testing is a serious deficiency. Journal entries must be tested throughout the period, not just at year-end, and the auditor should use tools such as data analytics to identify anomalous entries. Similarly, when evaluating accounting estimates, auditors must not only verify their accuracy but also examine management’s underlying assumptions to assess potential bias or manipulation.
To comply with SA 240, firms must institute a standard procedure for journal entry selection and testing. Documentation should clearly show the basis for selection (e.g., unusual timing, related party involvement), the inquiries made of finance personnel, and the conclusions drawn from the audit evidence.
5. Inadequate Procedures Over Revenue Recognition
5.1 Observation
The AASB also noted that in some audits, revenue was tested using only basic vouching, without analytical procedures, external reconciliations, or consideration of the risk of premature revenue recognition. Furthermore, key information such as product-wise sales, reconciliation with tax returns, or cut-off testing was missing.
5.2 Relevant Provisions of SA 240
This is particularly problematic given that paragraph 26 of SA 240 presumes revenue recognition to be a fraud risk. Appendix 2 of SA 240 provides examples of specific audit procedures that can address this risk. These include performing analytical procedures on disaggregated revenue data, confirming key contract terms with customers, examining unusual terms or sales close to period-end, and reconciling sales with VAT/GST returns.
5.3 AASB Guidance and Recommendations
The AASB recommends that auditors move beyond traditional vouching and adopt a more analytical and evidence-driven approach. Audit files must include sales trend analyses, confirmation of dispatch and delivery terms, and details of any rebates or discounts that could affect revenue recognition timing.
Auditors should also incorporate unpredictability into their revenue audit procedures. For instance, selecting random days for detailed testing, performing unannounced checks, or reviewing credit notes issued post-year-end can help detect manipulation or backdating of sales.
6. Audit Plan Lacked Fraud Focus
6.1 Observation
In several reviews, it was observed that the overall audit strategy lacked a specific focus on fraud risk. There was a reliance on prior experience with the client rather than a fresh assessment based on current-year developments, and documentation of fraud responses was either absent or vague.
6.2 Relevant Provisions of SA 240
Paragraphs 28 and 29 of SA 240 emphasise that auditors must design overall responses to address the assessed risks of fraud. These responses may include assigning experienced personnel, involving forensic or IT experts, modifying the nature and timing of audit procedures, and introducing elements of unpredictability.
6.3 AASB Guidance and Recommendations
The AASB advises that fraud considerations should be built into the audit strategy from the outset. For example, if a company has recently undergone a change in management, is under financial pressure, or is dealing with complex revenue arrangements, these should all trigger heightened fraud risk considerations in the strategy document.
Firms must ensure that their audit plans are tailored to each engagement. Standardised planning templates should be revised annually to accommodate entity-specific risks and evolving fraud indicators.
7. Conclusion
Fraud risk is a critical component of audit planning and execution. The AASB’s observations serve as a timely reminder that compliance with SA 240 requires diligence, documentation, and a proactive, skeptical mindset. Auditors must move beyond standard procedures and engage deeply with the complexities of fraud, starting from the planning stage through to audit reporting.
SA 240 provides a clear structure. However, it is the auditor’s execution, professional skepticism, and attention to detail that determine whether fraud risks are appropriately addressed. By aligning audit practices with the requirements of SA 240 and the practical insights offered by the AASB, auditors can significantly enhance the reliability of financial reporting and strengthen stakeholder trust.
Source – Guidance on Non-Compliances Observed by Quality Review Board During Quality Reviews (Volume 3)
About Us
Founded 1972
Evolution From a small family business to a leading technology-oriented Publishing/Product company
Expansion
Launch of Taxmann Advisory for personalized consulting solutions
Our Vision
Aim
Achieve perfection, skill, and accuracy in all endeavour
Growth
Evolution into a company with strong independent divisions: Research & Editorial, Production, Sales & Marketing, and Technology
Future
Continuously providing practical solutions through Taxmann Advisory
Our Strength
Core
Editorial and Research Division
Team
Over 200 motivated legal professionals (Lawyers, Chartered Accountants, Company Secretaries)
Expertise
Monitoring and processing developments in judicial, administrative, and legislative fields with unparalleled skill and accuracy
Impact
Helping businesses navigate complex tax and regulatory requirements with ease
Taxmann Today
Legacy Innovation Commitment
Over 60 years of domain knowledge and trust
Technology-driven solutions for modern challenges
Ensuring perfection, skill, and accuracy in every solution provided
Our Core Domain Areas
Income Tax
Corporate Tax Advisory
Trusts & NGO Consultancy
TDS Advisory
Global Mobility Services
Personal Taxation
Training
Due Diligence
Foreign Exchange Management Laws
Due Dilligence
Advisory Services
Assistance in compounding of offences
Transactions Services
Investment outside India
Your Partners for Frictionless Advice
Goods
Transaction Advisory
Business Restructuring
Classification
Due Diligence
Training
Advisory
Trade Facilitation Measures
Corporate
Corporate Structuring
VAT Advisory
Residential Status
A Glimpse of the People Behind Taxmann
Naveen Wadhwa
Research and Advisory [Corporate and Personal Tax]
Chartered Accountant (All India 24th Rank)
14+ years of experience in Income tax and International Tax
Expertise across real estate, technology, publication, education, hospitality, and manufacturing sectors
Contributor to renowned media outlets on tax issues
Vinod K. Singhania Expert on Panel | Research and Advisory (Direct Tax)
Over 35 years of experience in tax laws
PhD in Corporate Economics and Legislation
Author and resource person in 800+ seminars
V.S. Datey Expert on Panel | Research and Advisory [Indirect Tax]
Holds 30+ years of experience
Engaged in consulting and training professionals on Indirect Taxation
A regular speaker at various industry forums, associations and industry workshops
Author of various books on Indirect Taxation used by professionals and Department officials
Manoj Fogla Expert on Panel | Research and Advisory [Charitable Trusts and NGOs]
Over three decades of practising experience on tax, legal and regulatory aspects of NPOs and Charitable Institutions
Law practitioner, a fellow member of the Institute of Chartered Accountants of India and also holds a Master's degree in Philosophy
PhD from Utkal University, Doctoral Research on Social Accountability Standards for NPOs
Author of several best-selling books for professionals, including the recent one titled 'Trust and NGO's Ready Reckoner' by Taxmann
Drafted publications for The Institute of Chartered Accountants of India, New Delhi, such as FAQs on GST for NPOs & FAQs on FCRA for NPOs.
Has been a faculty and resource person at various national and international forums
the UAE
Chartered Accountant (All India 36th Rank)
Has previously worked with the KPMG
S.S. Gupta Expert on Panel | Research and Advisory [Indirect Tax]
Chartered Accountant and Cost & Works Accountant
34+ Years of Experience in Indirect Taxation
Bestowed with numerous prestigious scholarships and prizes
Author of the book GST – How to Meet Your Obligations', which is widely referred to by Trade and Industry
Sudha G. Bhushan Expert on Panel | Research and Advisory [FEMA]
20+ Years of experience
Advisor to many Banks and MNCs
Experience in FDI and FEMA Advisory
Authored more than seven best-selling books
Provides training on FEMA to professionals
Experience in many sectors, including banking, fertilisers, and chemical
Has previously worked with Deloitte
Contact Us
Taxmann Delhi
59/32, New Rohtak Road
New Delhi – 110005 | India
Phone | 011 45562222
Email | sales@taxmann.com
Taxmann Mumbai
35, Bodke Building, Ground Floor, M.G. Road, Mulund (West), Opp. Mulund Railway Station Mumbai – 400080 | Maharashtra | India
Phone | +91 93222 47686
Email | sales.mumbai@taxmann.com
Taxmann Pune
Office No. 14, First Floor, Prestige Point, 283 Shukrwar Peth, Bajirao Road, Opp. Chinchechi Talim, Pune – 411002 | Maharashtra | India
Phone | +91 98224 11811
Email | sales.pune@taxmann.com
Taxmann Ahmedabad
7, Abhinav Arcade, Ground Floor, Pritam Nagar Paldi
Ahmedabad – 380007 | Gujarat | India
Phone: +91 99099 84900
Email: sales.ahmedabad@taxmann.com
Taxmann Hyderabad
4-1-369 Indralok Commercial Complex Shop No. 15/1 – Ground Floor, Reddy Hostel Lane Abids Hyderabad – 500001 | Telangana | India
Phone | +91 93910 41461
Email | sales.hyderabad@taxmann.com
Taxmann Chennai No. 26, 2, Rajan St, Rama Kamath Puram, T. Nagar
Chennai – 600017 | Tamil Nadu | India
Phone | +91 89390 09948
Email | sales.chennai@taxmann.com
Taxmann Bengaluru
12/1, Nirmal Nivas, Ground Floor, 4th Cross, Gandhi Nagar
Bengaluru – 560009 | Karnataka | India
Phone | +91 99869 50066
Email | sales.bengaluru@taxmann.com
Taxmann Kolkata Nigam Centre, 155-Lenin Sarani, Wellington, 2nd Floor, Room No. 213
Kolkata – 700013 | West Bengal | India
Phone | +91 98300 71313
Email | sales.kolkata@taxmann.com
Taxmann Lucknow
House No. LIG – 4/40, Sector – H, Jankipuram Lucknow – 226021 | Uttar Pradesh | India
Phone | +91 97924 23987
Email | sales.lucknow@taxmann.com
Taxmann Bhubaneswar
Plot No. 591, Nayapalli, Near Damayanti Apartments
Bhubaneswar – 751012 | Odisha | India
Phone | +91 99370 71353
Email | sales.bhubaneswar@taxmann.com
Taxmann Guwahati
House No. 2, Samnaay Path, Sawauchi Dakshin Gaon Road
Guwahati – 781040 | Assam | India
Phone | +91 70866 24504
Email | sales.guwahati@taxmann.com