By Order 406/2026 published in Official Gazette no. 404 of May 13, 2026, new rules are introduced regarding how financial auditors must address fraud risk within audit engagements.
What does it stipulate?
The Order adopts into national legislation the international auditing standard ISA 240 (revised), which establishes extended responsibilities for financial auditors regarding the identification and assessment of risks of material misstatement of financial statements due to fraud. The new standard imposes a more rigorous approach and increased professional skepticism on the part of the auditor throughout the entire audit engagement.
Specifically, auditors will be required to apply more detailed procedures to understand the entity and its environment, including the internal control system, with the specific aim of identifying fraud risks. This includes evaluating how company management prevents, deters, and detects fraud, as well as analyzing incentives or pressures that could lead to fraudulent financial reporting.
The standard places particular emphasis on the risk of management overriding internal controls. Auditors will need to design and perform specific procedures to test the appropriateness of accounting records and other adjustments made in the process of preparing financial statements. They will also need to review accounting estimates to identify potential biases and evaluate the business rationale for significant transactions that appear unusual.
Where suspicions of fraud are identified, the standard clarifies the auditor’s communication obligations. The auditor must report findings to the appropriate level of management, those charged with governance (e.g., the Board of Directors or Audit Committee), and, in certain circumstances, to regulatory and law enforcement authorities.
To whom does it apply?
Although the Order directly targets financial auditors and audit firms authorized in Romania, the impact is felt by all companies subject to a statutory audit of financial statements. This includes public interest entities (listed companies, credit institutions, insurance companies), as well as any other company that exceeds the legal size criteria for mandatory auditing.
What should you do?
- Review and strengthen anti-fraud policies and internal controls to demonstrate a robust control environment to the auditor.
- Prepare the management team and finance department for an increased level of professional skepticism and for more detailed information requests from the auditor, especially in high-risk areas.
- Ensure transparent and complete documentation of complex transactions, critical accounting estimates, and the business rationale behind strategic decisions.
- Proactively discuss with the financial auditor how the new requirements will be implemented in the audit for periods beginning on or after December 15, 2026.
Source: Official Gazette, Part I, no. 404 of May 13, 2026.
Note: This material is strictly for informational purposes and does not constitute legal, tax, or business advice. As the interpretation and application of legal provisions may vary significantly depending on the specific circumstances of each entity, we recommend seeking specialized legal assistance before adopting any operational decisions based on these changes.