How a forensic audit works
A forensic audit starts where a statutory audit stops. When the statutory auditor identifies suspected fraud under ISA 240.38, the auditor communicates to management and governance, considers implications for the opinion, and evaluates legal reporting obligations. The forensic auditor then traces specific transactions, identifies who authorised them, quantifies the loss, and reconstructs the timeline.
The work is more granular than a statutory audit: individual bank transactions, email records, access logs, interviews. Documentation must withstand cross-examination.
Governed by: ISRS 4400 (Revised) when performed as an agreed-upon procedures engagement; no single governing ISA when performed as a non-assurance engagement
Key Takeaways
- A forensic audit investigates suspected fraud or financial irregularity; a statutory audit provides an opinion on the financial statements as a whole.
- Forensic work produces evidence that may be used in court, which imposes different documentation and chain-of-custody requirements.
- Most non-Big 4 firms encounter forensic audit when a statutory audit uncovers suspected fraud and the client commissions a separate investigation.
- The scope is defined by the engagement letter, not by an auditing standard.
Worked example: Rieder Elektronik AG
Austrian electronics retailer, FY2024, revenue €35M. Statutory audit identified excessive smartphone inventory write-downs (4x expected shrinkage). Supervisory board commissions forensic investigation.
The forensic team reconciles perpetual inventory records, identifies 412 units (€287K) written down without disposal documentation, and correlates 89% of write-downs to a specific warehouse supervisor's shifts.
What reviewers get wrong
- Teams extend statutory audit procedures into investigative territory without a separate engagement letter. This creates scope confusion and liability exposure.
- Teams performing forensic work under ISRS 4400 include conclusions or opinions in the report. ISRS 4400 restricts the report to factual findings only.
Forensic audit vs statutory audit
| Dimension | Forensic audit | Statutory audit |
|---|---|---|
| Purpose | Detect, quantify, trace specific fraud | Express opinion on financial statements |
| Scope | Defined by engagement terms | Defined by ISA framework and law |
| Direction | Traces transactions backward | Tests assertions on line items |
| Output | Factual findings report (restricted) | Audit opinion (public/filed) |
| Evidence standard | Must withstand legal scrutiny | Must satisfy ISA requirements |
Related terms
Related reading
Frequently asked questions
Is a forensic audit the same as a statutory audit?
No. A statutory audit expresses an opinion on financial statements. A forensic audit investigates specific suspected fraud, quantifies losses, and produces evidence for legal or regulatory use.
What standard governs a forensic audit?
There is no single governing standard. When structured as agreed-upon procedures, ISRS 4400 (Revised) applies. Many forensic engagements operate outside the assurance framework entirely.