How a forensic audit works
Last year a mid-tier firm in Vienna signed off on clean financial statements for a retail client. Four months later the supervisory board found €290K in fictitious inventory write-downs. A statutory audit was never designed to catch that kind of scheme, and the partner knew it. What followed was a forensic audit: a separate engagement with a fundamentally different objective.
A forensic audit investigates suspected fraud after the statutory audit has identified indicators under ISA 240.38 . Where the statutory auditor communicates to management and governance and evaluates legal reporting obligations, the forensic auditor traces specific transactions, identifies who authorised them, quantifies the loss, and reconstructs the timeline.
The work is more granular than a statutory audit: individual bank transactions, email records, access logs, witness interviews. Documentation must withstand cross-examination. Nobody enjoys rebuilding a transaction trail from incomplete records, but skipping steps is how findings get thrown out in court.
When structured as agreed-upon procedures, ISRS 4400 (Revised) applies. Many forensic engagements operate outside the assurance framework entirely, with scope defined by the engagement letter rather than by an auditing standard.
Key Takeaways
- A forensic audit investigates suspected fraud or financial irregularity; a statutory audit provides an opinion on the FS as a whole.
- Forensic work produces evidence that may be used in court, which imposes different documentation and chain-of-custody requirements.
- Most mid-tier firms encounter forensic audit when a statutory audit uncovers suspected fraud and the client commissions a separate investigation.
- The scope is defined by the engagement letter, not by an auditing standard.
Worked example: Rieder Elektronik AG
Austrian electronics retailer, FY2024, revenue €35M. Statutory audit identified excessive smartphone inventory write-downs (4x expected shrinkage). Supervisory board commissions forensic investigation.
After reconciling perpetual inventory records, the forensic team identifies 412 units (€287K) written down without disposal documentation and correlates 89% of write-downs to a specific warehouse supervisor's shifts.
What reviewers get wrong
- Teams extend statutory audit procedures into investigative territory without a separate engagement letter. This creates scope confusion and liability exposure. We've seen this on about half the engagements where fraud surfaces mid-audit.
- Teams performing forensic work under ISRS 4400 include conclusions or opinions in the report. ISRS 4400 restricts the report to factual findings only.
- Forensic work requires more than ticking and bashing through a checklist. Each transaction must be traced to source documents and corroborated with independent evidence before the finding can stand up in proceedings.
Forensic audit vs statutory audit
| Dimension | Forensic audit | Statutory audit |
|---|---|---|
| Purpose | Detect and quantify specific fraud, trace the mechanism | Express opinion on FS |
| Scope | Defined by engagement terms | Defined by ISA framework and law |
| Direction | Traces transactions backward | Tests assertions on line items |
| Output | Factual findings report (restricted) | Audit opinion (public/filed) |
| Evidence standard | Must withstand legal scrutiny | Must satisfy ISA requirements |
Related terms
Related reading
Frequently asked questions
Is a forensic audit the same as a statutory audit?
No. A statutory audit expresses an opinion on financial statements. A forensic audit investigates specific suspected fraud and produces evidence for legal or regulatory use, including quantification of losses.
What standard governs a forensic audit?
There is no single governing standard. When structured as agreed-upon procedures, ISRS 4400 (Revised) applies. Many forensic engagements operate outside the assurance framework entirely.