Consideration of Laws and Regulations in an Audit of ... - ISSAI
Consideration of Laws and Regulations in an Audit of ... - ISSAI Consideration of Laws and Regulations in an Audit of ... - ISSAI
ISSAI 1250ISA 250CONSIDERATION OF LAWS AND REGULATIONSIN AN AUDIT OF FINANCIAL STATEMENTS24. If the auditor suspects that management or those charged with governanceare involved in non-compliance, the auditor shall communicate the matterto the next higher level of authority at the entity, if it exists, such as an auditcommittee or supervisory board. Where no higher authority exists, or if theauditor believes that the communication may not be acted upon or is unsureas to the person to whom to report, the auditor shall consider the need toobtain legal advice.Reporting Non-Compliance in the Auditor’s Report on the Financial Statements25. If the auditor concludes that the non-compliance has a material effect on thefinancial statements, and has not been adequately reflected in the financialstatements, the auditor shall, in accordance with ISA 705, express aqualified opinion or an adverse opinion on the financial statements. 626. If the auditor is precluded by management or those charged withgovernance from obtaining sufficient appropriate audit evidence to evaluatewhether non-compliance that may be material to the financial statementshas, or is likely to have, occurred, the auditor shall express a qualifiedopinion or disclaim an opinion on the financial statements on the basis of alimitation on the scope of the audit in accordance with ISA 705.27. If the auditor is unable to determine whether non-compliance has occurredbecause of limitations imposed by the circumstances rather than bymanagement or those charged with governance, the auditor shall evaluatethe effect on the auditor’s opinion in accordance with ISA 705.Reporting Non-Compliance to Regulatory and Enforcement Authorities28. If the auditor has identified or suspects non-compliance with laws andregulations, the auditor shall determine whether the auditor has aresponsibility to report the identified or suspected non-compliance to partiesoutside the entity. (Ref: Para. A19-A20)Documentation29. The auditor shall include in the audit documentation identified or suspectednon-compliance with laws and regulations and the results of discussion withmanagement and, where applicable, those charged with governance andother parties outside the entity. 7 (Ref: Para. A21)***67ISA 705, “Modifications to the Opinion in the Independent Auditor’s Report,” paragraphs 7-8.ISA 230, “Audit Documentation,” paragraphs 8-11, and paragraph A6.9298 Consideration of Laws and Regulations in an Audit of Financial Statements
ISSAI 1250ISA 250CONSIDERATION OF LAWS AND REGULATIONSIN AN AUDIT OF FINANCIAL STATEMENTSApplication and Other Explanatory MaterialResponsibility for Compliance with Laws and Regulations (Ref: Para. 3-8)A1. It is the responsibility of management, with the oversight of those charged withgovernance, to ensure that the entity’s operations are conducted in accordancewith laws and regulations. Laws and regulations may affect an entity’s financialstatements in different ways: for example, most directly, they may affectspecific disclosures required of the entity in the financial statements or they mayprescribe the applicable financial reporting framework. They may also establishcertain legal rights and obligations of the entity, some of which will berecognized in the entity’s financial statements. In addition, laws and regulationsmay impose penalties in cases of non-compliance.A2. The following are examples of the types of policies and procedures anentity may implement to assist in the prevention and detection of noncompliancewith laws and regulations:• Monitoring legal requirements and ensuring that operatingprocedures are designed to meet these requirements.• Instituting and operating appropriate systems of internal control.• Developing, publicizing and following a code of conduct.• Ensuring employees are properly trained and understand the code ofconduct.• Monitoring compliance with the code of conduct and actingappropriately to discipline employees who fail to comply with it.• Engaging legal advisors to assist in monitoring legal requirements.• Maintaining a register of significant laws and regulations with whichthe entity has to comply within its particular industry and a record ofcomplaints.In larger entities, these policies and procedures may be supplemented byassigning appropriate responsibilities to the following:• An internal audit function.• An audit committee.• A compliance function.Responsibility of the AuditorA3. Non-compliance by the entity with laws and regulations may result in amaterial misstatement of the financial statements. Detection of noncompliance,regardless of materiality, may affect other aspects of the audit10Consideration of Laws and Regulations in an Audit of Financial Statements 299
- Page 2: ISSAI 1250INTOSAI Professional Stan
- Page 5 and 6: ISSAI 1250practice note 250Practice
- Page 7 and 8: ISSAI 1250practice note 250Reportin
- Page 9 and 10: InternationalAuditing andAssuranceS
- Page 11 and 12: ISSAI 1250ISA 250IntroductionINTERN
- Page 13 and 14: ISSAI 1250ISA 250IntroductionScope
- Page 15 and 16: ISSAI 1250ISA 250CONSIDERATION OF L
- Page 17: ISSAI 1250ISA 250CONSIDERATION OF L
- Page 21 and 22: ISSAI 1250ISA 250CONSIDERATION OF L
- Page 23 and 24: ISSAI 1250ISA 250CONSIDERATION OF L
- Page 25 and 26: ISSAI 1250ISA 250CONSIDERATION OF L
<strong>ISSAI</strong> 1250ISA 250CONSIDERATION OF LAWS AND REGULATIONSIN AN AUDIT OF FINANCIAL STATEMENTSApplication <strong><strong>an</strong>d</strong> Other Expl<strong>an</strong>atory MaterialResponsibility for Compli<strong>an</strong>ce with <strong>Laws</strong> <strong><strong>an</strong>d</strong> <strong>Regulations</strong> (Ref: Para. 3-8)A1. It is the responsibility <strong>of</strong> m<strong>an</strong>agement, with the oversight <strong>of</strong> those charged withgovern<strong>an</strong>ce, to ensure that the entity’s operations are conducted <strong>in</strong> accord<strong>an</strong>cewith laws <strong><strong>an</strong>d</strong> regulations. <strong>Laws</strong> <strong><strong>an</strong>d</strong> regulations may affect <strong>an</strong> entity’s f<strong>in</strong><strong>an</strong>cialstatements <strong>in</strong> different ways: for example, most directly, they may affectspecific disclosures required <strong>of</strong> the entity <strong>in</strong> the f<strong>in</strong><strong>an</strong>cial statements or they mayprescribe the applicable f<strong>in</strong><strong>an</strong>cial report<strong>in</strong>g framework. They may also establishcerta<strong>in</strong> legal rights <strong><strong>an</strong>d</strong> obligations <strong>of</strong> the entity, some <strong>of</strong> which will berecognized <strong>in</strong> the entity’s f<strong>in</strong><strong>an</strong>cial statements. In addition, laws <strong><strong>an</strong>d</strong> regulationsmay impose penalties <strong>in</strong> cases <strong>of</strong> non-compli<strong>an</strong>ce.A2. The follow<strong>in</strong>g are examples <strong>of</strong> the types <strong>of</strong> policies <strong><strong>an</strong>d</strong> procedures <strong>an</strong>entity may implement to assist <strong>in</strong> the prevention <strong><strong>an</strong>d</strong> detection <strong>of</strong> noncompli<strong>an</strong>cewith laws <strong><strong>an</strong>d</strong> regulations:• Monitor<strong>in</strong>g legal requirements <strong><strong>an</strong>d</strong> ensur<strong>in</strong>g that operat<strong>in</strong>gprocedures are designed to meet these requirements.• Institut<strong>in</strong>g <strong><strong>an</strong>d</strong> operat<strong>in</strong>g appropriate systems <strong>of</strong> <strong>in</strong>ternal control.• Develop<strong>in</strong>g, publiciz<strong>in</strong>g <strong><strong>an</strong>d</strong> follow<strong>in</strong>g a code <strong>of</strong> conduct.• Ensur<strong>in</strong>g employees are properly tra<strong>in</strong>ed <strong><strong>an</strong>d</strong> underst<strong><strong>an</strong>d</strong> the code <strong>of</strong>conduct.• Monitor<strong>in</strong>g compli<strong>an</strong>ce with the code <strong>of</strong> conduct <strong><strong>an</strong>d</strong> act<strong>in</strong>gappropriately to discipl<strong>in</strong>e employees who fail to comply with it.• Engag<strong>in</strong>g legal advisors to assist <strong>in</strong> monitor<strong>in</strong>g legal requirements.• Ma<strong>in</strong>ta<strong>in</strong><strong>in</strong>g a register <strong>of</strong> signific<strong>an</strong>t laws <strong><strong>an</strong>d</strong> regulations with whichthe entity has to comply with<strong>in</strong> its particular <strong>in</strong>dustry <strong><strong>an</strong>d</strong> a record <strong>of</strong>compla<strong>in</strong>ts.In larger entities, these policies <strong><strong>an</strong>d</strong> procedures may be supplemented byassign<strong>in</strong>g appropriate responsibilities to the follow<strong>in</strong>g:• An <strong>in</strong>ternal audit function.• An audit committee.• A compli<strong>an</strong>ce function.Responsibility <strong>of</strong> the <strong>Audit</strong>orA3. Non-compli<strong>an</strong>ce by the entity with laws <strong><strong>an</strong>d</strong> regulations may result <strong>in</strong> amaterial misstatement <strong>of</strong> the f<strong>in</strong><strong>an</strong>cial statements. Detection <strong>of</strong> noncompli<strong>an</strong>ce,regardless <strong>of</strong> materiality, may affect other aspects <strong>of</strong> the audit10<strong>Consideration</strong> <strong>of</strong> <strong>Laws</strong> <strong><strong>an</strong>d</strong> <strong>Regulations</strong> <strong>in</strong> <strong>an</strong> <strong>Audit</strong> <strong>of</strong> F<strong>in</strong><strong>an</strong>cial Statements 299
Change language