This International Standard on Auditing (ISA) deals with the auditor’s responsibility to consider laws and regulations in an audit of financial statements. This ISA does not apply to other assurance engagements in which the auditor is specifically engaged to test and report separately on compliance with specific laws or regulations.
The effect on financial statements of laws and regulations varies considerably. Those laws and regulations to which an entity is subject constitute the legal and regulatory framework. The provisions of some laws or regulations have a direct effect on the financial statements in that they determine the reported amounts and disclosures in an entity’s financial statements. Other laws or regulations are to be complied with by management or set the provisions under which the entity is allowed to conduct its business but do not have a direct effect on an entity’s financial statements.
Objectives
The objectives of the auditor are:
- To obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements;
- To perform specified audit procedures to help identify instances of non-compliance with other laws and regulations that may have a material effect on the financial statements; and
- To respond appropriately to non-compliance or suspected no-compliance with laws and regulations identified during the audit.
The Auditor’s Consideration of Compliance with Laws and Regulations
- As part of obtaining an understanding of the entity and its environment in accordance with ISA 315 (Revised), the auditor shall obtain a general understanding of:
(a) The legal and regulatory framework applicable to the entity and the industry or sector in which the entity operates; and
(b) How the entity is complying with that framework.
- The auditor shall obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements.
- The auditor shall perform the following audit procedures to help identify instances of non-compliance with other laws and regulations that may have a material effect on the financial statements:
(a) Inquiring of management and, where appropriate, those charged with governance, as to whether the entity is in compliance with such laws and regulations; and
(b) Inspecting correspondence, if any, with the relevant licensing or regulatory authorities.
- The auditor shall request management and, where appropriate, those charged with governance, to provide written representations that all known instances of non-compliance or suspected non-compliance with laws and regulations whose effects should be considered when preparing financial statements have been disclosed to the auditor
Audit Procedures When Non-Compliance Is Identified or Suspected
If the auditor suspects there may be non-compliance, the auditor shall discuss the matter with management and, where appropriate, those charged with governance. If management or, as appropriate, those charged with governance do not provide sufficient information that supports that the entity is in compliance with laws and regulations and, in the auditor’s judgment, the effect of the suspected non-compliance may be material to the financial statements, the auditor shall consider the need to obtain legal advice
Reporting of Identified or Suspected Non-Compliance
Unless all of those charged with governance are involved in management of the entity, and therefore are aware of matters involving identified or suspected non-compliance already communicated by the auditor, the auditor shall communicate with those charged with governance matters involving non-compliance with laws and regulations that come to the auditor’s attention during the course of the audit, other than when the matters are clearly inconsequential.
If the auditor suspects that management or those charged with governance are involved in non-compliance, the auditor shall communicate the matter to the next higher level of authority at the entity, if it exists, such as an audit committee or supervisory board. Where no higher authority exists, or if the auditor believes that the communication may not be acted upon or is unsure as to the person to whom to report, the auditor shall consider the effect on the audit opinion and the need to obtain legal advice.
Reporting Non-Compliance in the Auditor’s Report on the Financial Statements
If the auditor concludes that the non-compliance has a material effect on the financial statements, and has not been adequately reflected in the financial statements, the auditor shall, in accordance with ISA 705, express a qualified opinion or an adverse opinion on the financial statements.
If the auditor is precluded by management or those charged with governance from obtaining sufficient appropriate audit evidence to evaluate whether non-compliance that may be material to the financial statements has, or is likely to have, occurred, the auditor shall express a qualified opinion or disclaim an opinion on the financial statements on the basis of a limitation on the scope of the audit in accordance with ISA 705.
Documentation
The auditor shall include in the audit documentation identified or suspected non-compliance with laws and regulations and the results of discussion with management and, where applicable, those charged with governance and other parties outside the entity.