Scope and objectives
The Auditing standard applies to auditors who are responsible for performing an audit of financial statements, but it does not apply to other assurance engagements.
It laws and regulations can have varying effects on an entity’s financial statements. Some laws or regulations may have a direct effect on the financial statements by determining the reported amounts and disclosures in an entity’s financial statements. Other laws or regulations may not have a direct effect on the financial statements but still need to be complied with by management or set provisions under which the entity is allowed to conduct its business. Non-compliance with laws and regulations may result in fines, litigation, or other consequences for the entity, which may have a material effect on the financial statements.
SA 250 also emphasizes the responsibility of management, with the oversight of those charged with governance, to ensure that the entity’s operations are conducted in accordance with the provisions of laws and regulations. Management is responsible for ensuring compliance with the provisions of laws and regulations that determine the reported amounts and disclosures in an entity’s financial statements.
They provide some examples of policies and procedures that an entity may implement to assist in the prevention and detection of non-compliance with laws and regulations, such as monitoring legal requirements, instituting and operating appropriate systems of internal control, developing and publicizing a code of conduct, and ensuring that employees are properly trained and understand the code of conduct.
SA 250 explains that non-compliance by the entity with laws and regulations may result in a material misstatement of the financial statements. Detection of non-compliance, regardless of materiality, may affect other aspects of the audit, including the auditor’s consideration of the integrity of management or employees.
The auditor is not responsible for preventing non-compliance and cannot be expected to detect non-compliance with all laws and regulations. However, the auditor is responsible for obtaining reasonable assurance that the financial statements, taken as a whole, are free from material misstatement, whether caused by fraud or error. The auditor takes into account the applicable legal and regulatory framework in conducting an audit of financial statements. The potential effects of inherent limitations on the auditor’s ability to detect material misstatements are greater for laws and regulations relating to the operating aspects of an entity.
Overall, it highlights the importance of considering laws and regulations in financial statement audits and the respective responsibilities of management and auditors in ensuring compliance with relevant laws and regulations.
The Auditor’s Consideration of Compliance with Laws and Regulations
The auditor must obtain a general understanding of the legal and regulatory framework applicable to the entity and inquire about the entity’s compliance with that framework. This includes updating their knowledge of relevant laws and regulations, inquiring about the entity’s policies and procedures regarding compliance, and evaluating the entity’s accounting for litigation claims.
The auditor must also obtain sufficient appropriate audit evidence regarding compliance with laws and regulations that have a direct effect on the financial statements. This includes laws and regulations related to financial reporting, industry-specific financial reporting issues, and accounting for government contracts or taxes.
To identify instances of non-compliance with laws and regulations that may have a material effect on the financial statements, the auditor should inquire of management and inspect relevant correspondence with regulatory authorities. In cases where non-compliance may cause the entity to cease operations or call into question its continuance as a going concern, the auditor should give particular attention to such laws and regulations.
SA 250 also notes that audit procedures applied to form an opinion on the financial statements may bring instances of non-compliance or suspected non-compliance to the auditor’s attention. Therefore, the auditor should remain alert to the possibility of such instances throughout the audit engagement.
Finally, the auditor should request written representations from management and those charged with governance to confirm that all known instances of non-compliance or suspected non-compliance with laws and regulations have been disclosed to the auditor. However, these representations do not provide sufficient audit evidence on their own and must be supplemented by other audit procedures. If there are no identified or suspected instances of non-compliance, the auditor is not required to perform additional audit procedures related to compliance with laws and regulations.
Audit Procedures When Non-Compliance is Identified or Suspected
When an auditor becomes aware of information concerning non-compliance, they should obtain an understanding of the nature of the act and the circumstances in which it has occurred, as well as further information to evaluate the possible effect on the financial statements.
They provide a list of matters that may indicate non-compliance, such as investigations by regulatory organizations or government departments, unusual payments or transactions, and unauthorized transactions. If the auditor suspects non-compliance, they should discuss the matter with management and, where appropriate, those charged with governance.
If management or those charged with governance do not provide sufficient information to support that the entity is in compliance with laws and regulations and the auditor believes that the effect of the suspected non-compliance may be material to the financial statements, the auditor should consider obtaining legal advice. The auditor may also consult with in-house or external legal counsel to determine whether a contravention of a law or regulation is involved, the possible legal consequences, and what further action, if any, should be taken.
If sufficient information about suspected non-compliance cannot be obtained, the auditor should evaluate the effect of the lack of sufficient appropriate audit evidence on their opinion. The auditor should also evaluate the implications of non-compliance on other aspects of the audit, including risk assessment and the reliability of written representations, and take appropriate action. In exceptional cases, the auditor may consider withdrawing from the engagement if management or those charged with governance do not take the remedial action that the auditor considers appropriate.
Reporting Non-Compliance to Those Charged with Governance
The auditor’s responsibilities when it comes to reporting identified or suspected non-compliance with laws and regulations. According to the text, the auditor must communicate with those charged with governance, such as an audit committee or supervisory board, matters involving non-compliance with laws and regulations that come to the auditor’s attention during the course of the audit, unless all of those charged with governance are involved in the management of the entity and are already aware of the non-compliance.
If the non-compliance is believed to be intentional and material, the auditor must report the matter to those charged with governance as soon as possible. If the auditor suspects that management or those charged with governance are involved in non-compliance, the auditor must report the matter to the next higher level of authority at the entity, such as an audit committee or supervisory board, if it exists. If no higher authority exists, or if the auditor is unsure as to the person to whom to report, the auditor may need to obtain legal advice.
Reporting Non-Compliance in the Auditor’s Report on the Financial Statements
If the auditor determines that the non-compliance has a material effect on the financial statements and has not been adequately reflected in the financial statements, the auditor is required to express a qualified or adverse opinion on the financial statements. A qualified opinion indicates that there is a material misstatement in the financial statements, but it is not so pervasive as to require an adverse opinion. An adverse opinion indicates that the financial statements are materially misstated and should not be relied upon.
If the auditor is prevented by management or those charged with governance from obtaining sufficient appropriate audit evidence to evaluate whether non-compliance that may be material to the financial statements has occurred or is likely to occur, the auditor is required to express a qualified opinion or disclaim an opinion on the financial statements based on a limitation of the scope of the audit. A disclaimer of opinion indicates that the auditor is unable to express an opinion on the financial statements due to the limitations of the audit.
Finally, if the auditor is unable to determine whether non-compliance has occurred due to limitations imposed by circumstances rather than by management or those charged with governance, the auditor is required to evaluate the effect on the auditor’s opinion in accordance with SA 705.
Reporting Non-Compliance to Regulatory and Enforcement Authorities
According to the SA 250, the auditor should determine whether they have a responsibility to report identified or suspected non-compliance with laws and regulations to parties outside the entity. The auditor should evaluate their legal responsibilities under different laws and regulations to determine whether the duty of confidentiality may be overridden by statute, the law, or courts of law. In some cases, the auditor may have a statutory duty to report non-compliance with laws and regulations to supervisory authorities.
For example, in India, the auditor of financial institutions has a statutory duty to report the occurrence or suspected occurrence of non-compliance with laws and regulations to the Reserve Bank of India. Additionally, certain laws or regulations may require the auditor to report misstatements to authorities if management and those charged with governance fail to take corrective action.
The auditor should consider obtaining legal advice to determine the appropriate course of action. In some cases, the auditor may be obliged to report instances of non-compliance to governing authorities or report them in the auditor’s report for certain entities, such as national governments, regional governments, local governments, and related governmental entities.
However, the auditor’s professional duty to maintain the confidentiality of client information may preclude reporting identified or suspected non-compliance with laws and regulations to a party outside the entity.
Documentation
SA 250 requires the auditor to document their work and the evidence gathered during the audit process. In the case of non-compliance with laws and regulations, the auditor must document the identified or suspected non-compliance, as well as the discussions held with management, those charged with governance, or other relevant parties.
Examples of documentation could include copies of records or documents related to the non-compliance, as well as minutes of discussions held with relevant parties. This documentation serves as evidence of the auditor’s work and findings, and is important for demonstrating the auditor’s due care and diligence in the event of legal or regulatory proceedings.
Consideration of Laws and Regulations in an Audit of Financial Statements
The changes involve deletions and clarifications related to the application of the standard to public sector entities and the obligation to report non-compliance.
The first deletion involves a reference in ISA 250(A6) to the application of the requirements to public sector entities. Since the auditing and assurance standards apply equally to all entities, the specific reference has been deleted. However, the standard retains the spirit that certain entities may have additional audit responsibilities related to the consideration of laws and regulations.
The second deletion involves a reference in ISA 250(A20) to the obligation to report instances of non-compliance for public sector entities. Again, since the standards apply equally to all entities, the specific reference has been deleted. However, the standard retains the idea that there may be instances of reporting non-compliance to governing authorities or in the auditor’s report for certain entities.
Overall, these changes reflect a more general application of the standard to all entities, rather than a specific focus on public sector entities, while still acknowledging that certain entities may have additional audit responsibilities related to laws and regulations
Quiz: Consideration of Laws and Regulations in an Audit of Financial Statements
1. What is the purpose of considering laws and regulations in an audit of financial statements?
a) To ensure compliance with all laws and regulations
b) To identify instances of non-compliance that may have a material effect on the financial statements
c) To prevent non-compliance with laws and regulations
d) To report non-compliance to regulatory authorities
Answer: b)
2. Who is responsible for ensuring compliance with the provisions of laws and regulations that determine the reported amounts and disclosures in an entity’s financial statements?
a) Auditors
b) Shareholders
c) Management
d) Regulatory authorities
Answer: c)
3. What are some examples of policies and procedures that can assist in the prevention and detection of non-compliance with laws and regulations?
a) Monitoring legal requirements and developing a code of conduct
b) Implementing appropriate systems of internal control and training employees
c) Publicizing a code of conduct and instituting appropriate systems of internal control
d) Monitoring legal requirements and training employees
Answer: c)
4. How should the auditor obtain a general understanding of the legal and regulatory framework applicable to the entity?
a) By relying on management’s representations
b) By conducting interviews with employees
c) By updating their knowledge of relevant laws and regulations
d) By reviewing the entity’s financial statements
Answer: c)
5. When should the auditor communicate matters involving non-compliance with laws and regulations to those charged with governance?
a) Only if the non-compliance is believed to be intentional and material
b) Only if the non-compliance is suspected to involve management or those charged with governance
c) If the non-compliance has a material effect on the financial statements
d) If the non-compliance is identified or suspected during the audit engagement
Answer: d)
6. What actions should the auditor take if management or those charged with governance do not provide sufficient information to support that the entity is in compliance with laws and regulations?
a) Obtain legal advice and consult with in-house or external legal counsel
b) Report the matter to regulatory authorities immediately
c) Evaluate the effect on their opinion and consider withdrawing from the engagement
d) Request additional documentation from management or those charged with governance
Answer: a)
7. What opinion should the auditor express if the non-compliance with laws and regulations has a material effect on the financial statements?
a) Qualified opinion
b) Adverse opinion
c) Disclaimer of opinion
d) Unmodified opinion
Answer: b)
8. What should the auditor do if they are unable to determine whether non-compliance has occurred due to limitations imposed by circumstances?
a) Express an adverse opinion on the financial statements
b) Disclaim an opinion on the financial statements
c) Evaluate the effect on their opinion in accordance with SA 705
d) Request additional audit procedures related to compliance with laws and regulations
Answer: c)
9. When should the auditor report identified or suspected non-compliance with laws and regulations to parties outside the entity?
a) If the non-compliance is believed to be intentional and material
b) If the auditor is legally obligated to report non-compliance
c) If management or those charged with governance fail to take corrective action
d) If the auditor suspects that management or those charged with governance are involved in non-compliance
Answer: b)
10. Why is documentation important in relation to non-compliance with laws and regulations?
a) To demonstrate the auditor’s due care and diligence in legal or regulatory proceedings
b) To report instances of non-compliance to governing authorities
c) To provide sufficient audit evidence on its own
d) To facilitate communication with those charged with governance
Answer: a)
Additional question:
11. What are the potential consequences for an entity that fails to comply with laws and regulations?
a) Monetary fines
b) Litigation
c) Other adverse consequences
d) All of the above
Answer: d)
12. How should the auditor evaluate the effect of non-compliance with laws and regulations on the financial statements?
sa) By considering the materiality of the non-compliance
b) By assessing the potential impact on the entity’s ability to continue as a going concern
c) By considering the impact on specific financial statement elements or disclosures
d) All of the above
Answer: d)
13. What actions should the auditor take if instances of non-compliance are identified during the audit engagement?
a) Discuss the matter with management and those charged with governance
b) Obtain legal advice if necessary
c) Determine the possible effect on the financial statements
d) All of the above
Answer: a)
14. What is the purpose of requesting written representations from management and those charged with governance regarding non-compliance?
a) To obtain confirmation that all known instances of non-compliance have been disclosed
b) To rely solely on the representations as audit evidence
c) To shift the responsibility of non-compliance detection to management
d) None of the above
Answer: a)
15.What type of opinion should the auditor express if non-compliance with laws and regulations is pervasive and materially affects the financial statements?
a) Qualified opinion
b) Adverse opinion
c) Disclaimer of opinion
d) Unmodified opinion
Answer: b)
16. When should the auditor report non-compliance with laws and regulations to regulatory and enforcement authorities?
a) When the non-compliance is material to the financial statements
b) When the auditor is legally required to do so
c) When the auditor suspects intentional non-compliance
d) When management refuses to take corrective action
Answer: b)
17. How should the auditor evaluate the implications of non-compliance with laws and regulations on other aspects of the audit?
a) By reassessing the risk assessment and the reliability of written representations
b) By conducting additional audit procedures related to compliance
c) By discussing the matter with legal counsel
d) None of the above
Answer: a)
18. What are some examples of audit evidence that can be obtained regarding compliance with laws and regulations?
a) Relevant correspondence with regulatory authorities
b) Inspections of legal records and documents
c) Inquiries of management and those charged with governance
d) All of the above
Answer: d)
19. How should the auditor document instances of identified or suspected non-compliance?
a) By keeping copies of records and documents related to the non-compliance
b) By documenting discussions held with relevant parties
c) By including a separate section in the audit report
d) All of the above
Answer: d)
20. What is the auditor’s responsibility regarding the consideration of laws and regulations in an audit?
a) To ensure full compliance with all laws and regulations
b) To prevent non-compliance with laws and regulations
c) To obtain reasonable assurance that the financial statements are free from material misstatement caused by non-compliance
d) To report all instances of non-compliance to regulatory authorities
Answer:c)
Statement on Auditing Standards – SA 210
Statement on Auditing Standards – SA 220
Statement on Auditing Standards – SA 230
Statement on Auditing Standards – SA 240
Statement on Auditing Standards – SA 250
Statement on Auditing Standards – SA 260
Statement on Auditing Standards – SA 265
Statement on Auditing Standards – SA 299
Statement on Auditing Standards – SA 300
Statement on Auditing Standards – SA 315
Statement on Auditing Standards – SA 320
Statement on Auditing Standards – SA 330
Statement on Auditing Standards – SA 402
Statement on Auditing Standards – SA 450
Statement On Auditing Standards – SA 500
Statement on Auditing Standards – SA 501
Statement on Auditing Standards – SA 505
Statement on Auditing Standards – SA 510
Statement on Auditing Standards – SA 520
Statement on Auditing Standards – SA 530
Statement on Auditing Standards – SA 540
Statement on Auditing Standards – SA 560
Statement on Auditing Standards – SA 570
Statement on Auditing Standards – SA 580
Statement on Auditing Standards – SA 600
Statement on Auditing Standards – SA 610
Statement on Auditing Standards – SA 620
Statement on Auditing Standards – SA 700
Statement on Auditing Standards – SA 701
Statement on Auditing Standards – SA 705
Statement on Auditing Standards – SA 706
Statement on Auditing Standards – SA 710
Statement on Auditing Standards – SA 720
Statement on Auditing Standards – SA 800
Statement on Auditing Standards – SA 805
Statement on Auditing Standards – SA 810
Statement on Auditing Standards – SAE 3400
Statement on Auditing Standards – SAE 3402
Statement on Auditing Standards – SRE 2400
Statement on Auditing Standards – SRE 2410
Statement on Auditing Standards – SRS 4400
Statement on Auditing Standards – SRS 4410
