The Audit Expectation Gap is the difference between the actual and expected performance of an auditor.
According to the the American Institute of Certified Public Accountants (AICPA) in 1992, the expectation gap could be defined as “the difference between what the public and financial statement users believe auditors are responsible for and what auditors themselves believe their responsibilities are.
In short it is all about what auditor expects and what others expects from the auditor. For last few years this gap has been debated number of times at different forums and stakeholders have agreed on reducing this gap as most of the time it has been bone of contention between client, auditor and other users of financial statements.
On careful analysis of this gap one of the reason that was critical in widening the gap is lack of understanding of different connected factors. And this is not only a lacking on part of users of financial statements but also the auditor sometimes. If efforts are invested in these areas then expectations can be bridged to great extent. For example; users must understand why auditor can only provide reasonable assurance and not the absolute assurance and what are inherent limitations of the audit and although auditor and management is required to produce financial statements in a way that are easy to understand but users are also expected to have certain degree of relevant knowledge on how to use and interpret financial statements. Financial statements are not for everyone to read and act upon.
Major scandals that have affected the accounting profession in recent times have usually been as a result of fraud. Therefore, in order to maintain confidence in the profession it is important for auditors and directors to understand their role in the prevention and detection of fraud.
ISA 240 the Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements recognizes that misstatement in the financial statements can arise from either fraud or error. The distinguishing factor is whether the underlying action that resulted in the misstatement was intentional or unintentional.
Auditors must be aware of the impact of both fraud and error on the accuracy of the financial statements.
Fraud can be further split into two types:
- fraudulent financial reporting – deliberately misstating the accounts to make the company look better/worse than it actually is
- misappropriation of assets – the theft of the company’s assets such as cash or inventory.
The external auditor’s responsibilities
The external auditor is responsible for obtaining reasonable assurance that the financial statements, taken as a whole, are free from material misstatement, whether caused by fraud or error. Therefore, the external auditor has some responsibility for considering the risk of material misstatement due to fraud.
In order to achieve this auditors must maintain an attitude of professional scepticism. This means that the auditor must recognise the possibility that a material misstatement due to fraud could occur, regardless of the auditor’s prior experience of the client’s integrity and honesty.
ISA 315 Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment goes further than this general concept and requires that engagement teams discuss the susceptibility of their clients to fraud. The engagement team should also obtain information for use in identifying the risk of fraud when performing risk assessment procedures.
To be able to make such an assessment auditors must identify, through enquiry, how management assesses and responds to the risk of fraud. The auditor must also enquire of management, internal auditors and those charged with governance if they are aware of any actual or suspected fraudulent activity.
Despite these requirements, owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements may not be detected, even when the audit is planned and performed in accordance with ISAs. The risks in respect of fraud are higher than those for error because fraud may involve sophisticated and carefully organised schemes designed to conceal it.
Reporting fraud
If the auditor identifies a fraud they should communicate the matter on a timely basis to the appropriate level of management (i.e. those with the primary responsibility for prevention and detection of fraud). If the suspected fraud involves management the auditor shall communicate such matters to those charged with governance. If the auditor has doubts about the integrity of those charged with governance they should seek legal advice regarding an appropriate course of action.
In addition to these responsibilities the auditor must also consider whether they have a responsibility to report the occurrence of a suspicion to a party outside the entity. Whilst the auditor does have an ethical duty to maintain confidentiality, it is likely that any legal responsibility will take precedent. In these circumstances it is advisable to seek legal advice.
Directors’ responsibilities
The directors have a primary responsibility for the prevention and detection of fraud. By implementing an effective system of internal control they should reduce the possibility of undetected fraud occurring to a minimum.
The directors should be aware of the potential for fraud and this should feature as an element of their risk assessment and corporate governance procedures. The audit committee should review these procedures to ensure that they are in place and working effectively. This will normally be done in conjunction with the internal auditors.
Internal auditors may be given an assignment:
- to assess the likelihood of fraud, or if a fraud has been discovered,
- to assess its consequences and
- to make recommendations for prevention in the future
One of the biggest reasons that has highlighted this gap is auditor’s responsibility to detect fraud. When it comes to fraud, users require auditor to act as investigator and auditor is expected to unearth even the most sophisticated fraud events.
However, users do not agree on explanation that auditor is not responsible to detect fraud it is management as they feel auditor’s role is much more than just a confirmation of management’s assertions. This area is still developing and audit as a profession is facing great challenges in this regard.