Your audit is going perfectly, until you find out your client might be doing something fraudulent. There’s some audit standard guidance on what you should do next. According to International Standard on Auditing (ISA) 240, you let your client’s management know what you think is going on. Although you might’ve found the fraud, it’s ultimately up to them to prevent and detect fraud from happening again.
If something fishy is going on, adjust your audit plan. This might mean doing more testing, digging deeper into figures, or talking to additional staff members. For example, say you suspect inventory is getting stolen. Plan to expand your audit scope to include physically counting more inventory, viewing more invoices, questioning more staff, and performing more analytics. Your initial audit plan might’ve required you to reconcile 30% of inventory; now that you think fraud is occurring, double what you planned on covering. In addition, you might not have planned to research questionable business relationships or management oversight processes, or dig deep into accounting estimates. ISA 240 specifically calls these out as your responsibility, especially in determining if fraud might be happening.
In the worst case, it’s an auditing standard for you to consider if the situation is bad enough for you to withdraw from the audit. ISA 240 requires you to consider your legal and professional responsibilities, determine whether it’s more appropriate for you to not continue the audit, and then communicate with your client your decision to back out. In situations where you don’t suspect you’re getting the right information and don’t trust what’s being given to you, auditing standards state you owe it to your profession to not continue.
It’s not easy navigating an audit where you think something fraudulent is going on. Thankfully, there’s accounting standards to help you along. Following these internationally accepted rules will keep your audit on track, even if there’s some suspicious activity going on.