Consideration of Laws and Regulations in an Audit of Financial Statements
CAS 250
Consideration of Laws and Regulations in an Audit of Financial Statements
General
- Management is responsible for complying with laws and regulations
- The auditor is not responsible for preventing non-compliance with or to detect non-compliance with laws
The Auditor's Consideration of Compliance with Laws and Regulations
- As part of obtaining an understanding of the entity and its environment obtain a general understanding of the laws and regulations applicable to the entity and how the entity is complying with those laws and regulations
- Use your own knowledge of business and inquire management to figure this out
- Obtain sufficient appropriate audit evidence regarding compliance with laws and regulations that have a direct material effect on the financial statements
- Examples: compliance with income tax act, non-compliance with laws leading to fines, litigation
- Perform the following two audit procedures to help identify instances of non-compliance with laws that have a material impact on the F/S
- Inquiring of management and those charged with governance, as to whether the entity is in compliance with such laws and regulations; and
- Inspecting correspondence with regulatory authorities
- During the audit, remain alert to the possibility that other audit procedures may bring instances of non-compliance; therefore, be alert when:
- Reading minutes;
- Inquiring management and the client’s lawyers regarding litigation, claims and assessments
- Performing substantive tests of details
- Request management and those charged with governance to provide written representations that all known instances of non-compliance or suspected non-compliance with laws and regulations that affect the F/S have been disclosed to the auditor
- written representations do not provide sufficient appropriate audit evidence on their own (you can only use it to corroborate evidence obtained via other procedures)
Audit Procedures When Non-Compliance Is Identified or Suspected
- If the auditor aware of non-compliance or suspected non-compliance, the auditor should:
- Get an understanding of the nature of the act and the circumstances in which it occurred; and
- Get further information to evaluate the effect on the F/S (i.e. financial consequences of non-compliance (fines), required disclosures)
- Some indications of possible non-compliance include
- Unauthorized transactions or improperly recorded transactions
- Unusual transactions with companies registered in tax havens
- Investigations by regulatory organizations and government departments or payment of fines or penalties
- If the auditor suspects non-compliance, he/she must discuss with management and those charged with governance. If mgm’t doesn’t provide information that demonstrations that they are in fact in compliance, and if the non-compliance will have a material impact on the F/S, the auditor needs to get legal advice on whether a law has been broken, the legal consequences, the possibility of fraud, and how the auditor should proceed
- If sufficient information about suspected non-compliance cannot be obtained, the auditor may have a scope limitation (and may need to provide a disclaimer of opinion or qualified opinion)
Reporting Non-Compliance to Those Charged with Governance
- Communicate with those charged with governance concerning matters involving non-compliance with laws and regulations that come to the auditor’s attention (if non-compliance is intentional and material do this ASAP)
- If auditor suspects intentional non-compliance by management or those charged with governance, always report one level above (i.e. the audit committee)
Reporting Non-Compliance in the Auditor's Report on the Financial Statements
- If the non-compliance has a material effect on the F/S , and has not been adequately accounted for in the F/S express a qualified opinion or an adverse opinion
- If the auditor is precluded by management from obtaining sufficient appropriate audit evidence to evaluate whether non-compliance that may be material to the F/S has occurred, there is a scope limitation; therefore, express a qualified opinion or disclaim an opinion on the financial statements
Reporting Non-Compliance to Regulatory and Enforcement Authorities
- Determine whether the auditor has a responsibility to report the identified or suspected non-compliance to parties outside the entity
- Auditor’s professional duty to maintain the confidentiality of client information may prevent reporting identified or suspected non-compliance
- Note that the duty of confidentiality may be overridden by statute, the law or courts of law
- It is best to get legal advice to determine the appropriate course of action
Documentation
- The auditor’s documentation of findings regarding identified or suspected non-compliance with laws and regulations may include, for example:
- Copies of records or documents
- Minutes of discussions held with management, those charged with governance or parties outside the entity.