7511 Responsibilities in relation to laws and regulations

Sep-2022

CAS Guidance

The effect on financial statements of laws and regulations varies considerably. Those laws and regulations to which an entity is subject constitute the legal and regulatory framework. The provisions of some laws or regulations have a direct effect on the financial statements in that they determine the reported amounts and disclosures in an entity’s financial statements. Other laws or regulations are to be complied with by management or set the provisions under which the entity is allowed to conduct its business but do not have a direct effect on an entity’s financial statements. Some entities operate in heavily regulated industries (such as banks and chemical companies). Others are subject only to the many laws and regulations that relate generally to the operating aspects of the business (such as those related to occupational safety and health, and equal employment opportunity). Non‑compliance with laws and regulations may result in fines, litigation or other consequences for the entity that may have a material effect on the financial statements. (CAS 250.2).

CAS Guidance

For the purposes of CAS 250, the following term has the meaning attributed below:

Non-compliance—Acts of omission or commission intentional or unintentional, committed by the entity, or by those charged with governance, by management or by other individuals working for or under the direction of the entity, which are contrary to the prevailing laws or regulations. Non‑compliance does not include personal misconduct unrelated to the business activities of the entity (CAS 250.12).

Acts of non‑compliance with laws and regulations include transactions entered into by, or in the name of, the entity, or on its behalf, by those charged with governance, by management or by other individuals working for or under the direction of the entity (CAS 250.A9).

Non-compliance also includes personal misconduct related to the business activities of the entity, for example, in circumstances where an individual in a key management position, in a personal capacity, has accepted a bribe from a supplier of the entity and in return secures the appointment of the supplier to provide services or contracts to the entity (CAS 250.A10).

CAS Guidance

It is the responsibility of management, with the oversight of those charged with governance, to ensure that the entity’s operations are conducted in accordance with the provisions of laws and regulations, including compliance with the provisions of laws and regulations that determine the reported amounts and disclosures in an entity’s financial statements. (CAS 250.3).

It is the responsibility of management, with the oversight of those charged with governance, to ensure that the entity’s operations are conducted in accordance with laws and regulations. Laws and regulations may affect an entity’s financial statements in different ways: for example, most directly, they may affect specific disclosures required of the entity in the financial statements or they may prescribe the applicable financial reporting framework. They may also establish certain legal rights and obligations of the entity, some of which will be recognized in the entity’s financial statements. In addition, laws and regulations may impose penalties in cases of non‑compliance. (CAS 250. A1).

The following are examples of the types of policies and procedures an entity may implement to assist in the prevention and detection of non‑compliance with laws and regulations (CAS 250.A2):

• Monitoring legal requirements and ensuring that operating procedures are designed to meet these requirements;
• Instituting and operating appropriate systems of internal control;
• Developing, publicizing and following a code of conduct;
• Ensuring employees are properly trained and understand the code of conduct;
• Monitoring compliance with the code of conduct and acting appropriately to discipline employees who fail to comply with it;
• Engaging legal advisors to assist in monitoring legal requirements;
• Maintaining a register of significant laws and regulations with which the entity has to comply within its particular industry and a record of complaints.

In larger entities, these policies and procedures may be supplemented by assigning appropriate responsibilities to the following:

• An internal audit function.
• An audit committee.
• A compliance function.

CAS Guidance

The requirements in CAS 250 are designed to assist the auditor in identifying material misstatement of the financial statements due to non‑compliance with laws and regulations. However, the auditor is not responsible for preventing non‑compliance and cannot be expected to detect non‑compliance with all laws and regulations. (CAS 250.4).

The auditor is responsible for obtaining reasonable assurance that the financial statements, taken as a whole, are free from material misstatement, whether due to fraud or error. In conducting an audit of financial statements, the auditor takes into account the applicable legal and regulatory framework. Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements in the financial statements may not be detected, even though the audit is properly planned and performed in accordance with the CASs. In the context of laws and regulations, the potential effects of inherent limitations on the auditor’s ability to detect material misstatements are greater for such reasons as the following (CAS 250.5):

• There are many laws and regulations, relating principally to the operating aspects of an entity, that typically do not affect the financial statements and are not captured by the entity’s information systems relevant to financial reporting.
• Non-compliance may involve conduct designed to conceal it, such as collusion, forgery, deliberate failure to record transactions, management override of controls or intentional misrepresentations being made to the auditor.
• Whether an act constitutes non‑compliance is ultimately a matter to be determined by a court or other appropriate adjudicative body.

Ordinarily, the further removed non‑compliance is from the events and transactions reflected in the financial statements, the less likely the auditor is to become aware of it or to recognize the non‑compliance.

The auditor may have additional responsibilities under law, regulation or relevant ethical requirements regarding an entity’s non‑compliance with laws and regulations, which may differ from or go beyond this CAS, such as (CAS 250.9):

(a) Responding to identified or suspected non‑compliance with laws and regulations, including requirements in relation to specific communications with management and those charged with governance, assessing the appropriateness of their response to non‑compliance and determining whether further action is needed;

(b) Communicating identified or suspected non‑compliance with laws and regulations to other auditors (e.g., in an audit of group financial statements); and

(c) Documentation requirements regarding identified or suspected non‑compliance with laws and regulations.

Complying with any additional responsibilities may provide further information that is relevant to the auditor’s work in accordance with this and other CASs (e.g., regarding the integrity of management or, where appropriate, those charged with governance).

Law, regulation or relevant ethical requirements may require the auditor to perform additional procedures and take further actions. For example, the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants (IESBA Code) requires the auditor to take steps to respond to identified or suspected non‑compliance with laws and regulations and determine whether further action is needed. Such steps may include the communication of identified or suspected non‑compliance with laws and regulations to other auditors within a group, including a group engagement partner, component auditors or other auditors performing work at components of a group for purposes other than the audit of the group financial statements (CAS 250.A8).

CAS Guidance

The auditor is required by CAS 250 to remain alert to the possibility that other audit procedures applied for the purpose of forming an opinion on financial statements may bring instances of non‑compliance to the auditor’s attention. Maintaining professional skepticism throughout the audit, as required by CAS 200, is important in this context, given the extent of laws and regulations that affect the entity. (CAS 250.8).

Non-compliance by the entity with laws and regulations may result in a material misstatement of the financial statements. Detection of non‑compliance, regardless of materiality, may affect other aspects of the audit including, for example, the auditor’s consideration of the integrity of management, those charged with governance or employees (CAS 250.A3).

Whether an act constitutes non‑compliance with laws and regulations is a matter to be determined by a court or other appropriate adjudicative body, which is ordinarily beyond the auditor’s professional competence to determine. Nevertheless, the auditor’s training, experience and understanding of the entity and its industry or sector may provide a basis to recognize that some acts, coming to the auditor’s attention, may constitute non‑compliance with laws and regulations (CAS 250.A4).

In accordance with specific statutory requirements, the auditor may be specifically required to report, as part of the audit of the financial statements, on whether the entity complies with certain provisions of laws or regulations. In these circumstances, CAS 700 or CAS 800 deal with how these audit responsibilities are addressed in the auditor’s report. Furthermore, where there are specific statutory reporting requirements, it may be necessary for the audit plan to include appropriate tests for compliance with these provisions of the laws and regulations. (CAS 250.A5).