(ii)  Determine whether there is a professional or legal requirement to report to the person or
                               persons who made the audit appointment or, in some cases, to regulatory authorities, the
                               auditor’s withdrawal from the engagement and the reasons for the withdrawal.

          QNO      Fraud Risk in Revenue Recognition                                         Old Course-(M22R)
          11.500   TITANIUM CNO - SA240.520
                   Arihant Limited was engaged in the business of owning and managing hotels and resorts, selling tourism
                   packages and performing airline bookings for corporate and individuals. It appointed Upadhyay & Co. as
                   its statutory auditor for the financial year 2021-22. While planning the audit, the audit team decided that
                   the risk of improper revenue recognition from hotel business should not be treated as a fraud risk. This
                   conclusion was based on the assessment of earlier years, wherein no fraud was identified in revenue
                   recorded from such business. While testing the internal financial controls over the process of revenue
                   recognition, it was identified that the controls are not properly designed to mitigate the risk of fraud and
                   risk of improper revenue recognition. As a result, the audit team decided to perform additional substantive
                   testing. However, the audit team still were to the conclusion that there is no risk of fraud in revenue
                   recognition.  During the  course  of  substantive testing,  it  was  identified that  the  management  did  not
                   account for revenue received from corporate hotel bookings amounting to ₹ 35 crore. These amounts were
                   partially received in the company’s bank accounts and partially received in the CFO’s personal account.
                   The amounts received in the bank account of the company were disclosed as advances received against
                   the future bookings. In the light of above scenario, kindly guide the statutory auditors with respect to their
                   responsibility relating to fraud in an audit of a financial statement.
          Answer  As per SA 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements”
                   and SA 315, “Identifying and Assessing the Risks of Material Misstatement Through Understanding the
                   Entity and Its Environment”, the auditor shall identify and assess the risks of material misstatement
                   due to fraud at the financial statement level, and at the assertion level for classes of transactions,
                   account balances and disclosures. When identifying and assessing the risks of material misstatement
                   due  to  fraud,  the  auditor  shall,  based  on  a  presumption  that  there  are  risks  of  fraud  in  revenue
                   recognition, evaluate which types of revenue, revenue transactions or assertions give rise to such risks.
                   In accordance with SA 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial
                   Statements” and 330,” The Auditor’s Responses to Assessed Risks” the auditor shall determine overall
                   responses  to  address  the  assessed  risks  of  material  misstatement  due  to  fraud  at  the  financial
                   statement level and assertion level.

                   The presumption that there are risks of fraud in revenue recognition may be rebutted. For example,
                   the  auditor  may  conclude  that  there  is  no  risk  of  material  misstatement  due  to  fraud  relating  to
                   revenue recognition in the case where there is a single type of simple revenue transaction, for example,
                   leasehold  revenue  from  a  single  unit  rental  property.  However,  when  there  is  a  complex  revenue
                   structure or when there is lack of controls on revenue recognition, then there is a high probability of
                   fraud risk in revenue recognition.

                   Obtaining an understanding of the entity and its environment, including the entity’s internal control
                   (referred  to  hereafter  as  an  “understanding  of  the  entity”),  is  a  continuous,  dynamic  process  of
                   gathering, updating and analysing information throughout the audit.

                   In  the  current  scenario,  the  company  was  earning  revenue  from  multiple  streams.  Also,  it  was
                   identified that the controls are not properly designed to mitigate the risk of fraud and risk of improper
                   revenue  recognition.  During  the  year  it  was  identified  that  the  management  did  not  account  for
                   revenue from corporate hotel bookings amounting to ` 35 crore. These amounts were partially received
                   in the company’s bank accounts and partially received in the CFO’s personal account. The amounts
                   received  in  the  bank  account  of  the  company  were  disclosed  as  advances  received  against  future
                   bookings.

                   Therefore,  the  auditor  while  performing  the  risk  assessment  procedures  should  consider  the
                   complexity and nature of the revenue for determining the fraud risks in revenue recognition. Also,
                   there were no adequate controls addressing the risk of improper revenue recognition or fraud risk, the
                   audit team rebutted the fraud risk. Moreover, the audit team should have recognised fraud risk by

        www.auditguru.in                                                      PARAM                               2.6 | P a g e