Annual Audit Manual
COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
7512 Audit procedures relating to compliance with laws and regulations
Apr-2018
In This Section
Understanding of legal and regulatory framework
Laws and regulations with a direct effect on the financial statements
Laws and regulations with an indirect effect on the financial statements
Overview
This topic explains:
- The need for us to gain an understanding of the legal and regulatory framework;
- Our requirements in relation to laws and regulations with a direct effect on the financial statements;
- Our requirements in relation to laws and regulations with an indirect effect on the financial statements;
- What audit procedures may bring instances of non-compliance with laws and regulations to our attention.
CAS Requirement
The Auditor’s Consideration of Compliance with Laws and Regulations
As part of obtaining an understanding of the entity and its environment in accordance with CAS 315, the auditor shall obtain a general understanding of (CAS 250.13):
(a) The legal and regulatory framework applicable to the entity and the industry or sector in which the entity operates; and
(b) How the entity is complying with that framework.
CAS Guidance
To obtain a general understanding of the legal and regulatory framework, and how the entity complies with that framework, the auditor may, for example (CAS 250.A11):
-
Use the auditor’s existing understanding of the entity’s industry, regulatory and other external factors;
-
Update the understanding of those laws and regulations that directly determine the reported amounts and disclosures in the financial statements;
-
Inquire of management as to other laws or regulations that may be expected to have a fundamental effect on the operations of the entity;
-
Inquire of management concerning the entity’s policies and procedures regarding compliance with laws and regulations; and
-
Inquire of management regarding the policies or procedures adopted for identifying, evaluating and accounting for litigation claims.
CAS Requirement
The auditor shall obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements (CAS 250.14).
CAS Guidance
This CAS distinguishes the auditor’s responsibilities in relation to compliance with two different categories of laws and regulations as follows (CAS 250.6(a)):
(a) The provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements such as tax and pension laws and regulations.
The second category is discussed in the following block ‘Laws and regulations with an indirect effect on the financial statements’ below.
In this CAS, differing requirements are specified for each of the above categories of laws and regulations. For the category referred to in paragraph 6 (a), the auditor’s responsibility is to obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations (CAS 250.7).
The nature and circumstances of the entity may impact whether relevant laws and regulations are within the categories of laws and regulations described in paragraphs 6(a) or 6(b). Examples of laws and regulations that may be included in the categories described in paragraph 6 include those that deal with (CAS 250.A6):
- Fraud, corruption and bribery.
- Money laundering, terrorist financing and proceeds of crime.
- Securities markets and trading.
- Banking and other financial products and services.
- Data protection.
- Tax and pension liabilities and payments.
- Environmental protection.
- Public health and safety.
Certain laws and regulations are well-established, known to the entity and within the entity’s industry or sector, and relevant to the entity’s financial statements (as described in paragraph 6 (a)). They could include those that relate to, for example:
- The form and content of financial statements;
- Industry-specific financial reporting issues;
- Accounting for transactions under government contracts; or
- The accrual or recognition of expenses for income tax or pension costs
Some provisions in those laws and regulations may be directly relevant to specific assertions in the financial statements (e.g., the completeness of income tax provisions), while others may be directly relevant to the financial statements as a whole (e.g., the required statements constituting a complete set of financial statements). The aim of the requirement in paragraph 14 is for the auditor to obtain sufficient appropriate audit evidence regarding the determination of amounts and disclosures in the financial statements in compliance with the relevant provisions of those laws and regulations.
Non-compliance with other provisions of such laws and regulations and other laws and regulations may result in fines, litigation or other consequences for the entity, the costs of which may need to be provided for in the financial statements, but are not considered to have a direct effect on the financial statements as described in paragraph 6(a) (CAS 250.A12).
CAS Requirement
The auditor shall perform the following audit procedures to help identify instances of non-compliance with other laws and regulations that may have a material effect on the financial statements (CAS 250.15):
(a) Inquiring of management and, where appropriate, those charged with governance, as to whether the entity is in compliance with such laws and regulations; and
(b) Inspecting correspondence, if any, with the relevant licensing or regulatory authorities.
CAS Guidance
This CAS distinguishes the auditor’s responsibilities in relation to compliance with two different categories of laws and regulations as follows (CAS 250.6(b)):
The first category is discussed in the following block ‘Laws and regulations with a direct effect on the financial statements’ above.
(b) Other laws and regulations that do not have a direct effect on the determination of the amounts and disclosures in the financial statements, but compliance with which may be fundamental to the operating aspects of the business, to an entity’s ability to continue its business, or to avoid material penalties (e.g., compliance with the terms of an operating license, compliance with regulatory solvency requirements, or compliance with environmental regulations); non-compliance with such laws and regulations may therefore have a material effect on the financial statements.
In this CAS, differing requirements are specified for each of the above categories of laws and regulations. For the category referred to in paragraph 6(b), the auditor’s responsibility is limited to undertaking specified audit procedures to help identify non-compliance with those laws and regulations that may have a material effect on the financial statements (CAS 250.7).
The nature and circumstances of the entity may impact whether relevant laws and regulations are within the categories of laws and regulations described in paragraphs 6(a) or 6(b). Examples of laws and regulations that may be included in the categories described in paragraph 6 include those that deal with (CAS 250.A6):
- Fraud, corruption and bribery.
- Money laundering, terrorist financing and proceeds of crime.
- Securities markets and trading.
- Banking and other financial products and services.
- Data protection.
- Tax and pension liabilities and payments.
- Environmental protection.
- Public health and safety.
Certain other laws and regulations may need particular attention by the auditor because they have a fundamental effect on the operations of the entity (as described in paragraph 6(b)). Non-compliance with laws and regulations that have a fundamental effect on the operations of the entity may cause the entity to cease operations, or call into question the entity’s continuance as a going concern. For example, non-compliance with the requirements of the entity’s license or other entitlement to perform its operations could have such an impact (e.g., for a bank, non-compliance with capital or investment requirements). There are also many laws and regulations relating principally to the operating aspects of the entity that typically do not affect the financial statements and are not captured by the entity’s information systems relevant to financial reporting (CAS 250.A13).
As the financial reporting consequences of other laws and regulations can vary depending on the entity’s operations, the audit procedures required by paragraph 15 are directed to bringing to the auditor’s attention instances of non-compliance with laws and regulations that may have a material effect on the financial statements (CAS 250.A14).
CAS Requirement
During the audit, the auditor shall remain alert to the possibility that other audit procedures applied may bring instances of non- compliance or suspected non-compliance with laws and regulations to the auditor’s attention (CAS 250.16).
The auditor shall request management and, where appropriate, those charged with governance to provide written representations that all known instances of non-compliance or suspected non-compliance with laws and regulations whose effects should be considered when preparing financial statements have been disclosed to the auditor (CAS 250.17).
In the absence of identified or suspected non-compliance, the auditor is not required to perform audit procedures regarding the entity’s compliance with laws and regulations, other than those set out in paragraphs 13-17 (CAS 250.18).
CAS Guidance
Audit procedures applied to form an opinion on the financial statements may bring instances of non-compliance or suspected non-compliance with laws and regulations to the auditor’s attention. For example, such audit procedures may include (CAS 250. A15):
-
Reading minutes;
-
Inquiring of the entity’s management and in-house legal counsel or external legal counsel concerning litigation, claims and assessments; and
-
Performing substantive tests of details of classes of transactions, account balances or disclosures.
Because the effect on financial statements of laws and regulations can vary considerably, written representations provide necessary audit evidence about management’s knowledge of identified or suspected non-compliance with laws and regulations, whose effects may have a material effect on the financial statements. However, written representations do not provide sufficient appropriate audit evidence on their own and, accordingly, do not affect the nature and extent of other audit evidence that is to be obtained by the auditor (CAS 250.A16).