7512 Audit procedures relating to compliance with laws and regulations

Apr-2018

CAS Guidance

To obtain a general understanding of the legal and regulatory framework, and how the entity complies with that framework, the auditor may, for example (CAS 250.A11):

• Use the auditor’s existing understanding of the entity’s industry, regulatory and other external factors;

• Update the understanding of those laws and regulations that directly determine the reported amounts and disclosures in the financial statements;

• Inquire of management as to other laws or regulations that may be expected to have a fundamental effect on the operations of the entity;

• Inquire of management concerning the entity’s policies and procedures regarding compliance with laws and regulations; and

• Inquire of management regarding the policies or procedures adopted for identifying, evaluating and accounting for litigation claims.

CAS Guidance

This CAS distinguishes the auditor’s responsibilities in relation to compliance with two different categories of laws and regulations as follows (CAS 250.6(a)):

(a) The provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements such as tax and pension laws and regulations.

The second category is discussed in the following block ‘Laws and regulations with an indirect effect on the financial statements’ below.

In this CAS, differing requirements are specified for each of the above categories of laws and regulations. For the category referred to in paragraph 6 (a), the auditor’s responsibility is to obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations (CAS 250.7).

The nature and circumstances of the entity may impact whether relevant laws and regulations are within the categories of laws and regulations described in paragraphs 6(a) or 6(b). Examples of laws and regulations that may be included in the categories described in paragraph 6 include those that deal with (CAS 250.A6):

• Fraud, corruption and bribery.
• Money laundering, terrorist financing and proceeds of crime.
• Securities markets and trading.
• Banking and other financial products and services.
• Data protection.
• Tax and pension liabilities and payments.
• Environmental protection.
• Public health and safety.

Certain laws and regulations are well-established, known to the entity and within the entity’s industry or sector, and relevant to the entity’s financial statements (as described in paragraph 6 (a)). They could include those that relate to, for example:

• The form and content of financial statements;
• Industry-specific financial reporting issues;
• Accounting for transactions under government contracts; or
• The accrual or recognition of expenses for income tax or pension costs

Some provisions in those laws and regulations may be directly relevant to specific assertions in the financial statements (e.g., the completeness of income tax provisions), while others may be directly relevant to the financial statements as a whole (e.g., the required statements constituting a complete set of financial statements). The aim of the requirement in paragraph 14 is for the auditor to obtain sufficient appropriate audit evidence regarding the determination of amounts and disclosures in the financial statements in compliance with the relevant provisions of those laws and regulations.

Non-compliance with other provisions of such laws and regulations and other laws and regulations may result in fines, litigation or other consequences for the entity, the costs of which may need to be provided for in the financial statements, but are not considered to have a direct effect on the financial statements as described in paragraph 6(a) (CAS 250.A12).

CAS Guidance

This CAS distinguishes the auditor’s responsibilities in relation to compliance with two different categories of laws and regulations as follows (CAS 250.6(b)):

The first category is discussed in the following block ‘Laws and regulations with a direct effect on the financial statements’ above.

(b) Other laws and regulations that do not have a direct effect on the determination of the amounts and disclosures in the financial statements, but compliance with which may be fundamental to the operating aspects of the business, to an entity’s ability to continue its business, or to avoid material penalties (e.g., compliance with the terms of an operating license, compliance with regulatory solvency requirements, or compliance with environmental regulations); non-compliance with such laws and regulations may therefore have a material effect on the financial statements.

In this CAS, differing requirements are specified for each of the above categories of laws and regulations. For the category referred to in paragraph 6(b), the auditor’s responsibility is limited to undertaking specified audit procedures to help identify non-compliance with those laws and regulations that may have a material effect on the financial statements (CAS 250.7).

The nature and circumstances of the entity may impact whether relevant laws and regulations are within the categories of laws and regulations described in paragraphs 6(a) or 6(b). Examples of laws and regulations that may be included in the categories described in paragraph 6 include those that deal with (CAS 250.A6):

• Fraud, corruption and bribery.
• Money laundering, terrorist financing and proceeds of crime.
• Securities markets and trading.
• Banking and other financial products and services.
• Data protection.
• Tax and pension liabilities and payments.
• Environmental protection.
• Public health and safety.

Certain other laws and regulations may need particular attention by the auditor because they have a fundamental effect on the operations of the entity (as described in paragraph 6(b)). Non-compliance with laws and regulations that have a fundamental effect on the operations of the entity may cause the entity to cease operations, or call into question the entity’s continuance as a going concern. For example, non-compliance with the requirements of the entity’s license or other entitlement to perform its operations could have such an impact (e.g., for a bank, non-compliance with capital or investment requirements). There are also many laws and regulations relating principally to the operating aspects of the entity that typically do not affect the financial statements and are not captured by the entity’s information systems relevant to financial reporting (CAS 250.A13).

As the financial reporting consequences of other laws and regulations can vary depending on the entity’s operations, the audit procedures required by paragraph 15 are directed to bringing to the auditor’s attention instances of non-compliance with laws and regulations that may have a material effect on the financial statements (CAS 250.A14).

CAS Guidance

Audit procedures applied to form an opinion on the financial statements may bring instances of non-compliance or suspected non-compliance with laws and regulations to the auditor’s attention. For example, such audit procedures may include (CAS 250. A15):

• Reading minutes;

• Inquiring of the entity’s management and in-house legal counsel or external legal counsel concerning litigation, claims and assessments; and

• Performing substantive tests of details of classes of transactions, account balances or disclosures.

Because the effect on financial statements of laws and regulations can vary considerably, written representations provide necessary audit evidence about management’s knowledge of identified or suspected non-compliance with laws and regulations, whose effects may have a material effect on the financial statements. However, written representations do not provide sufficient appropriate audit evidence on their own and, accordingly, do not affect the nature and extent of other audit evidence that is to be obtained by the auditor (CAS 250.A16).