Where Fraud Risk Shows Up in Statutory Audits: Revenue, Judgement, and the FTPF Lens
In parts one and two of our auditors in investigation series, we looked at how statutory audits bring the Economic Crime and Corporate Transparency Act (ECCTA) and Failure to Prevent Fraud (FTPF) risks to the surface, and how auditors assess and react when they suspect something may be wrong. This final edition focuses on areas where those risks most often materialise in real audits.
Fraud risk is not spread evenly across the financial statements. While many financial frauds in their most basic sense are designed to inflate assets, understate liabilities, or overstate earnings, it is typically the areas of revenue recognition issues and those involving significant management judgement that are most often at the core of major financial frauds. This is because these areas tend to sit at the cross-roads of incentives, management discretion, and audit limitations. International Standards for Audit (ISA) 240[1] recognises this dynamic and explicitly calls out two forms of fraud risk, which are presumed for the auditor (others being determined by the auditor’s assessment): revenue recognition and management override.
In this article we explore these two key areas of fraud risk in more detail, how auditors typically respond to these concerns, and how boards and audit committees can address these risks through their oversight.
Why Revenue Recognition Remains the Key Pressure Point
Revenue plays a critical role across financial reporting: It influences valuations, loan covenants, and executive incentives, and often involves considerable judgement. Complex contracts — for example, with multiple obligations, variable consideration, rebates, rights of return, principal–agent questions — create grey areas that can be manipulated to bring revenue forward or overstate performance. Complex products and sales transactions also create a higher risk of fraud as management bias could improperly influence the application of the principles-based accounting standard for revenue recognition.
For auditors, these complexities both raise inherent risk and make it harder to obtain sufficient, relevant, persuasive evidence. Common issues include not identifying all relevant performance obligations or incorrectly grouping performance obligations, incorrect allocation of sales consideration, undisclosed side letters that alter a contract’s true terms, consignment stock recorded as sales, or mismatches in distributor channels. Auditors may not label these as fraud outright, but they frequently identify them through recurring audit warning signs as these strategies are often used to increase or smooth earnings over periods in high pressure situations to meet market expectations.
Typical indicators include revenue recognition accounting policy misalignment with the product or service offerings on the company’s website, odd margin movements, large post‑period adjustments to revenue or accounts receivables, and inconsistent confirmations from customers or distributors. When these issues persist, they often lead to restatements or modified auditor reports. These could be taken as signals to regulators as early warnings for potential FTPF failings.
In response to the heightened risk, auditors expand the nature, timing, and extent of their testing. TheyI identify and review key contracts to gain a detailed understanding of the terms of the contracts, the product offering, and the resulting accounting treatment, confirming contract terms with the customers, obtaining higher quality evidence of when control is transferred to the customer (the trigger for revenue recognition), analysing returns patterns, performing data analytics for the overall movement between sales, accounts receivable, and cash, and sometimes pulling in forensic specialists. These steps could lengthen the audit process and, in more serious situations, halt it while an independent investigation takes place.
Management Override and Judgement: Where Optimism Can Slip Into Misconduct
Similar to revenue, fraud risk frequently emerges in judgement-heavy areas such as impairments, provisions, fair value measurements, contingent liabilities, and long-dated forecasts. Auditors can challenge assumptions, but they cannot replace management’s judgement. This “judgement gap” leaves room for overly optimistic or intentionally biased decisions that mislead users of the financial statements.
The biggest risk here is management override. Valuation of certain complex financial and non-financial assets and liabilities, manual journal entries, manipulated ageing analyses, fabricated documents or selective disclosures can bypass well-designed controls. Even rigorous audit procedures can struggle to detect override when it is deliberate and concealed.
Often, clues appear in public reporting rather than explicit fraud allegations: repeated Key Audit Matters (KAMs) highlighting non-standard adjustments, disclosures of material control weaknesses linked to override or segregation of duties or going concern issues following revenue restatements. On their own, these may seem technical. Taken together, they can point to deeper problems in governance and fraud prevention.
How Auditors Probe These Areas and Why Issues Escalate
Auditors dig into revenue and judgement areas by recalculating models, stress-testing assumptions, seeking external evidence, and checking consistency across budgets, impairments, and reported results. But, as noted in part two, even strong audit work has limits. Sampling, estimation uncertainty, and intentional concealment all contribute to residual risk.
When anomalies persist (i.e. conflicting explanations, contradictory evidence, restricted access to documents, reluctant third parties or late adjustments that lack a clear rationale), auditors typically expand their procedures and may request a formal investigation. They may also run a “shadow investigation” to assess whether management’s inquiry is sufficiently independent and thorough. All of this tends to disrupt audit timetables and increases the chance of modified audit opinions if evidence gaps remain.
When Revenue and Judgement Concerns Trigger Investigations
Investigations usually stem from patterns rather than one-off issues. Common triggers include:
- Unusual or unexpected patterns of revenue or margins
- Unexpected swings in valuations of assets or liabilities
- Inconsistent application of accounting policies or use of inconsistent methods and assumptions in estimates
- Multiple large manual journal entries near period-end
- Conflicting or incomplete third-party confirmations
- Last-minute, non-standard adjustments to returns, rebates, or provisions
- Lack of sufficient persuasive evidence or audit trail
- Restrictions on access to data, systems, or source documents
- Inconsistent management explanations for certain transactions or accounting treatments
Once an investigation concludes, the audit resumes with additional procedures. Outcomes can range from an unmodified opinion with an Emphasis of Matter (EOM), to qualified or disclaimer opinions where evidence remains insufficient, and in severe cases, adverse opinions for pervasive misstatements. These outcomes tend to draw attention from regulators, lenders, and sometimes litigants.
Building Resilience Before the Audit Forces the Issue
Boards and audit committees can significantly reduce the risk of audit escalation by reinforcing oversight in the areas auditors focus on most:
- Stronger Revenue Recognition Governance
Clear policies around contract terms and related accounting, contract risk assessments, tracking of side letters, and legal review of non-standard terms. Contract data should reconcile cleanly with ledgers to remove off-book surprises. - Structured Challenge of Key Judgements and Data Used in Accounting for Estimates
Cross-functional review forums, documented assumptions, verified data, version-controlled models, and audit-ready workpapers. - Defences Against Management Override
Appropriate segregation of duties, locked periods with exception monitoring, dual-authorisation controls for manual journals and forensic-style analytics for unusual postings. - Built-In Third‑Party Corroboration
Strong confirmation processes, automated links to proof of transfer of control for revenue transactions, and dedicated repositories for rebates and return rights. - Board-Level Early Warning Indicators
A pattern of restatements, repeat KAMs in judgement-heavy areas, ongoing scope limitations, or material weaknesses tied to override.
Conclusion
Revenue and management judgement remain the areas where fraud incentives, audit limitations, and regulatory expectations most often converge. They are also the places where ECCTA and FTPF exposure can escalate quickly once anomalies appear.
For boards and audit committees, the message is simple: Build scepticism in early. Tighter contract controls, more independent challenge of estimates, and robust anti-override measures help ensure that when auditors start looking closely, they find strength instead of red flags.
Ankura’s forensic accounting and investigations teams regularly help organisations assess and enhance their fraud risk frameworks through the same lens used by auditors and regulators. Addressing weaknesses early not only strengthens governance but positions companies to navigate audits, investigations, and regulatory scrutiny with far greater confidence.
© Copyright 2026. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
[1] ISA (UK) 240: The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements: https://www.frc.org.uk/library/standards-codes-policy/audit-assurance-and-ethics/auditing-standards/isa-uk-240/
