What is the auditors responsibility when noncompliance with laws or regulations are identified?

• Introduction:
  • This Standard on Auditing (SA) is effective from 1st April, 2009 and mainly deals with the auditor’s responsibility to consider laws and regulations in an Audit of Financial Statements.
  • It is not applicable to other assurance engagements in which the auditor is specifically engaged to test and report separately on non-compliance with specific laws and regulations.
  • According to this SA, non-compliance means an act of omission or commission by the entity, either intentional or unintentional, which are contrary to the prevailing laws or regulations. 

• Objective of the auditor is to:

1. Perform specific audit procedures to identify the instances of non-compliance which have a direct impact on the financial statements;
2. To obtain sufficient appropriate audit evidence regarding the laws and regulations which have a direct impact on the Financial Statements;
3. To respond appropriately to non-compliance or suspected non-compliance with laws and regulations identified during the audit. 

• Impact on the Financial Statements:
  • The provisions of laws and regulations may either have a direct or an indirect effect on the reported amounts and disclosures on the financial statements.
  • Non-Compliance may result in fines, penalties, litigations or other consequences for the entity that may have a material effect on the financial statements.              

• Responsibility for compliance with Relevant Laws and Regulations:
  • It is the responsibility of the management, with the oversight of Those Charged with Governance (TCWG) to ensure that the entity’s operations are conducted in accordance with the applicable laws and regulations.
• Auditor’s Responsibility:                                

• Identify material misstatement in the Financial Statement due to non-compliance (However auditor is not responsible for preventing non-compliance and cannot be expected to detect non-compliance relating to all laws and regulations);
• To obtain reasonable assurance that the financial statements as a whole are free from material misstatements, whether caused due to fraud or error;
• This SA distinguishes the auditor’s responsibilities in relation to compliance with two different categories of laws and regulations as follows:

• Auditor’s Consideration for Compliance with Relevant Laws and Regulations:
  • The auditor shall obtain a general understanding of the following:
    1. The legal and regulatory framework applicable to the entity or sector in which the entity operates;
    2. Entity’s compliance with the relevant framework.
  • The auditor shall obtain sufficient appropriate audit evidence regarding compliance with other laws and regulations generally recognized to have a direct impact on the determination of material amounts and disclosures in the financial statements;
  • Auditor shall perform the following audit procedures to identify the instances of non-compliance:
    1. Inquiry with the management; and
    2. Inspecting, correspondence, if any, with the relevant licensing or regulatory authorities.
  • To maintain professional skepticism throughout the audit;
  • Obtain a written representation as per SA 580, from the management stating that all the instances of non-compliance or suspected non-compliance with laws and regulations have been disclosed to the auditor.

• Audit Procedures to be performed when Non-Compliance is Identified or Suspected:                              

• If the auditor is aware of the information concerning an instance of non-compliance or suspects a non-compliance, the auditor needs to obtain:
  1. An understanding of the nature of the act and the circumstances under which it has occurred;
  2. Further information to evaluate the possible effect on the Financial Statements.
• If the auditor suspects that their may be a non-compliance, the auditor shall discuss the matter with the management, TCWG and also obtain external confirmation.
• In case to obtain sufficient appropriate audit evidence relating to non-compliance cannot be obtained, the auditor shall evaluate the lack of sufficient appropriate audit evidence on the auditor’s opinion.

• Reporting of Identified or Suspected Non-Compliance:
  • Reporting to Those Charged with Governance             

1. Unless all those TCWG are involved in the management of the entity and are not aware of the matters involving identified or suspected non-compliance already communicated by the auditor, the auditor shall communicate with TCWG relating to non-compliance that comes to auditor’s attention during the course of audit, other than the matters that are clearly inconsequential.
2. If, in the auditor’s judgment, the non-compliance is believed to be intentional and material, the auditor shall communicate the matter to those charged with governance as soon as practicable.

• If the auditor suspects that management or those charged with governance are involved in non-compliance, the auditor shall communicate the matter to the next higher-level authority of the entity, if it exists, such as an audit committee or supervisory board.

1. Where no higher-level authority exists, or if the auditor believes that the communication may not be acted upon or is unsure as to the person to whom to report, the auditor shall consider the need to obtain legal advice.

• In Audit Report:           

1. If the auditor concludes that the non-compliance has a material effect on the financial statements and has not been adequately reflected in the financial statements, the auditor shall, in accordance with SA 705 (Modifications to the Opinion in the Independent Auditor’s Report), express a qualified or adverse opinion on the financial statements.
2. If the auditor is unable to obtain sufficient and appropriate audit evidence to evaluate whether non-compliance may have material effect on the financial statements, or is likely to have or occurred, the auditor shall express a qualified opinion or disclaim an opinion on the financial statements on the basis of a limitation on the scope of the audit in accordance with SA 705.

• If the auditor is unable to determine whether non-compliance has occurred because of limitations imposed by the circumstances rather than by management or those charged with governance, the auditor shall evaluate the effect on the auditor’s opinion in accordance with SA 705.

• Regulatory and Enforcement Authorities:
  1. If the auditor has identified or suspects non-compliance with laws and regulations, the auditor shall determine whether the auditor has a responsibility to report the identified or suspected non-compliance to parties outside the entity.
• Documentation:                         

The auditor shall document the identified or suspected non-compliance with the laws and regulations and the results of discussion with the management and those charged with the governance and other parties outside the entity.