Financial Supervisory Authority of Norway identifies gap between audit firm policies and audit practice on economic crime and fraud risk with 91 percent firm level versus 77 percent engagement level compliance

The Financial Supervisory Authority of Norway has published a thematic review of 15 selected audit firms' work to identify and manage the risk of economic crime and fraud, finding a clear gap between formal policies and execution in individual audits. The review found that 91 percent of firm-level questions received positive responses, compared with 77 percent at engagement level, indicating that established policies and routines are not being followed well enough in practice. The assessment covered 73 audit engagements in sectors with elevated risk and focused on compliance with the fraud and risk assessment requirements in ISA 240 and ISA 315. Key weaknesses included inadequate treatment of management override of controls as a specific fraud risk, limited and poorly documented use of unpredictability in audit procedures, overly high-level testing and evaluation of controls, and weak documentation linking the auditor's understanding of the entity to identified fraud risks. Reporting and consultation activity was also low relative to volume, with the 15 firms reporting 24 written notifications to boards on detected fraud and 24 formal consultations on suspected or detected fraud across 13,707 audit engagements for the 2024 financial year, alongside 20 reports to Økokrim on suspected money laundering or terrorist financing submitted between 1 January 2024 and 30 June 2025. Audit firms need to strengthen how policies are operationalised, communicated and followed up through quality control.