Side-by-side comparison
| Dimension | Fraud | Error |
|---|---|---|
| Intent | Deliberate. The person knew the information was wrong or knew they were circumventing a control. | Unintentional. Caused by mistakes in gathering or processing data, incorrect estimates, or misapplication of accounting policies. |
| Auditor's standard | ISA 240 governs the auditor's responsibilities. Separate fraud risk assessment required at planning. | ISA 450 governs evaluation of misstatements. No separate risk assessment required. |
| Who the auditor tells | ISA 240.40 requires communication to those charged with governance. ISA 240.43 may require reporting to a regulatory authority. | ISA 450.12 requires communication of accumulated misstatements to management. Governance communication only if management refuses to correct. |
| Documentation burden | ISA 240.47 requires documenting the fraud risk assessment, the procedures performed, and any communications made. | ISA 450.15 requires documenting accumulated misstatements and the conclusion on whether uncorrected misstatements are material. |
| Materiality threshold | No threshold. ISA 240.40 requires reporting suspected fraud to governance regardless of amount. | ISA 450.A3 applies. Misstatements below the clearly trivial threshold need not be accumulated. |
Key Points
- The distinction rests entirely on whether the misstatement was intentional.
- ISA 240 requires specific fraud risk procedures that do not apply to errors.
- An error becomes a fraud indicator when management resists correction without a credible explanation.
- Auditors report suspected fraud to governance even when the amount is immaterial.
When the distinction matters on an engagement
The classification affects everything from procedures to reporting. If the engagement team treats a suspected fraud as an error, it skips the ISA 240.40 governance communication, fails to reassess fraud risk under ISA 240.36, misses the ISA 240.43 regulatory reporting assessment, and leaves no evidence that the team considered intent.
ISA 240.35 requires the auditor to reconsider the risk assessment when a misstatement is detected, specifically to evaluate whether the misstatement indicates fraud. Skipping that step is the gap that surfaces in quality reviews. On the other side, misclassifying errors as fraud creates unnecessary governance escalation and delays engagement completion. The classification must follow the evidence, not a default assumption in either direction.
Worked example: Maier Elektronik GmbH
Client: German electronics distributor, FY2024, revenue €67M, HGB reporter.
During testing of revenue cut-off, the team identifies two misstatements.
Misstatement A: invoice dated 28 December for goods shipped 4 January
The shipping records confirm a three-business-day pattern of late invoicing across the December period. Twelve similar invoices exist, totalling €310K in overstated December revenue. The client's logistics team confirms a system configuration that generates invoices at order entry rather than shipment. No manual override. No pattern of deliberate timing.
Documentation note: "Misstatement classified as error. Cause: automated invoicing triggered at order entry per system configuration. No evidence of manual intervention or intent to manipulate cut-off. Refer ISA 450 evaluation at completion."
Misstatement B: credit note of €185K reversed on 30 December with no customer communication
The credit note relates to a product return accepted in November. The original credit note reduced December revenue by €185K. A journal entry on 30 December reversed it. The journal was entered by the CFO with the description "reclassification." No customer communication supports the reversal, and the goods remain in the client's warehouse as of the count date.
Documentation note: "Misstatement classified as suspected fraud indicator. Reversal initiated by CFO, no supporting documentation, goods confirmed as returned. Triggers ISA 240.35 reassessment of fraud risk. ISA 240.40 communication to those charged with governance required regardless of amount. Discuss with engagement partner before further inquiry."
If the team had classified Misstatement B as an error, the file would lack the governance communication and the fraud risk reassessment. An inspection reviewer would flag all of those as missing.
What reviewers get wrong
Engagement teams frequently document misstatements as errors without evaluating whether the characteristics indicated fraud. The absence of a fraud indicator assessment at the misstatement level — not just at planning — is a common inspection finding.
Teams often default to classifying misstatements as errors when management provides any explanation, without testing whether the explanation is consistent with the surrounding evidence. ISA 240.A9 lists conditions that increase fraud risk, including management displaying a defensive attitude when asked about the misstatement. Accepting an untested explanation and moving on does not satisfy ISA 240.35.
Key standard references
- ISA 240.11: Defines fraud as an intentional act resulting in a misstatement.
- ISA 240.35: Requires reassessment of fraud risk when a misstatement is detected.
- ISA 240.40: Requires communication of suspected fraud to those charged with governance regardless of amount.
- ISA 450.A3: Sets the clearly trivial threshold below which errors need not be accumulated.
Related terms
Related reading
Frequently asked questions
How does an auditor determine whether a misstatement is fraud or error?
The auditor evaluates intent. ISA 240.11 defines fraud as an intentional act. The classification follows from the surrounding evidence: who initiated the entry, whether supporting documentation exists, whether management can provide a credible explanation, and whether any control was circumvented. If indicators of intent are present, the misstatement is treated as a suspected fraud indicator.
Does materiality affect whether fraud must be reported?
No. ISA 240.40 requires the auditor to communicate suspected fraud to those charged with governance regardless of amount. This contrasts with errors, where ISA 450.A3 allows misstatements below the clearly trivial threshold to go unaccumulated.