The Norwegian Financial Supervisory Authority has published the results of a thematic review of 15 audit firms on how they identify and handle risks of economic crime and fraud. The review found a gap between firms’ established policies, procedures and control measures and how those requirements are applied in individual audit engagements. The work covered both firm-level arrangements and engagement-level execution. While the authority said the requirements in International Standard on Auditing 240 and International Standard on Auditing 315 are well known in the sector, the findings show firms need to strengthen how policies and procedures are translated into audit practice. Key weaknesses included inadequate handling of specific fraud risks, particularly the risk of management override of controls, limited and poorly documented use of unpredictability in audit procedures, overly general or insufficient testing and assessment of controls, and weak documentation of audit teams’ fraud risk assessments, including a lack of clear linkage between the understanding of the business and the fraud risks identified.
Norwegian Finanstilsynet 2026-05-07
Norwegian Financial Supervisory Authority finds gap between audit firms’ fraud risk policies and audit engagement practice at 15 firms
The Norwegian Financial Supervisory Authority has published findings from a review of 15 audit firms on how they identify and handle risks of economic crime and fraud, highlighting a gap between formal policies and their application in individual engagements. While International Standard on Auditing 240 and 315 are well known, firms were found to inadequately address specific fraud risks such as management override of controls, make limited and poorly documented use of unpredictability in audit procedures, and provide weak documentation linking business understanding, fraud risk assessments and control testing.