Pennsylvania CPA Journal
The Auditing Standards Board is proposing a standard related to responsibilities regarding fraud in the audits of financial statements. Early planning will help auditors begin adjusting their processes, training, and documentation.
The Auditing Standards Board (ASB) proposed a Statement on Auditing Standards (SAS), The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, that would supersede SAS 122 and take effect on or after Dec. 15, 2028, with early implementation permitted.
The proposal is intended to clarify and expand the auditor’s responsibilities related to fraud, including specific considerations for governments and nonprofits. It was developed with input from the ASB Fraud Task Force and is based on the International Auditing and Assurance Standards Board (IAASB) fraud standard, which is effective for periods beginning on or after Dec. 15, 2026.
The draft SAS requires auditors to adopt a more proactive, fraud-focused approach. Auditors must supplement current procedures and documentation with specific fraud considerations related to fraudulent financial reporting and misappropriation of assets throughout the audit and complete a stand-back procedure considering all the evidence obtained. This means maintaining professional skepticism during the entire audit, including near the end of the audit when time pressures may be at their highest.
The draft standard introduces several new or clarified requirements from planning through reporting. Under current standards, the engagement team is required to brainstorm how and where fraud might occur as part of their planning. The proposal extends this requirement by emphasizing that fraud brainstorming is not a one-time event; it should be revisited throughout the audit whenever new information is obtained.
Current standards also presume a fraud risk related to revenue recognition. The proposed standard requires auditors to specifically determine which types of revenue, revenue transactions, or relevant assertions may give rise to a risk of material misstatement due to fraud. This more granular assessment is intended to sharpen the focus on areas where revenue-related fraud is most likely to occur.
The draft standard also expands risk-assessment procedures to require a retrospective review of accounting estimates to determine whether there is evidence of fraud risk, including indications of management bias or third-party fraud, such as vendor kickback arrangements and procurement schemes.
When auditors obtain an understanding of the control environment, the proposed SAS requires expanded documentation with a specific fraud focus. This includes documenting how those charged with governance exercise oversight of the processes for identifying and responding to fraud risk and the controls established. A related change addresses the risk of management override of controls, which must be treated as a risk of material misstatement at both the financial statement and assertion levels. This risk should be evaluated with the understanding that many external fraud schemes only succeed with insider participation or when management ignores red flags.
The proposal expands expectations regarding inquiries concerning fraud. Application material suggests that senior engagement team members should lead key fraud related inquiries in person, and responses should be corroborated with other audit evidence where possible. It further encourages auditors to compare results to those of peer entities to identify unusual or unexpected relationships.
When fraud risks are identified in the assessment process, they are presumed to be significant and therefore require specific responses in accordance with SAS 145. Appendix B of the proposal includes numerous examples that may be used, including the use of automated tools and techniques that analyze entire populations to detect anomalies.
Beyond risk assessment and responses, the draft standard also clarifies expectations related to journal entry testing. Auditors are expected to make specific inquiries of individuals involved in the financial reporting process about their knowledge of inappropriate or unusual activity. The draft emphasizes selecting journal entries recorded at the end of the reporting period and those posted directly to the financial statements because these may be more susceptible to manipulation.
If an auditor identifies fraud or suspected fraud, the auditor should communicate these matters to the appropriate level of management. If the auditor identifies fraud or suspected fraud involving management, the auditor should communicate this to those charged with governance along with any other matters related to fraud that are relevant to the responsibilities of those in governance.
Finally, the draft SAS is supported by extensive application material which is considered relevant to properly applying Generally Accepted Auditing Standards (GAAS) and therefore must be considered when planning and performing an audit. If an auditor chooses not to apply interpretative guidance, the auditor should document how the requirements of GAAS were otherwise satisfied.
These changes represent a more robust and transparent approach to addressing fraud risk in the audit of financial statements. The effective date may seem far off, but early planning will help auditors begin adjusting their processes, training, and documentation so they are prepared when the new standard becomes effective.
James J. Newhard, CPA, is a sole practitioner in Paoli and a CPE presenter, serves on several PICPA committees including the Pennsylvania CPA Journal Editorial Board, and is on AICPA’s Joint Trial Board and the Tax Practice Responsibilities committees. He can be reached at jim@jjncpa.com.