- The requirements in this ISA are designed to assist the auditor in identifying material misstatement of the financial statements due to non-compliance with laws and regulations. However, the auditor is not responsible for preventing non-compliance and cannot be expected to detect noncompliance with all laws and regulations.
- The auditor is responsible for obtaining reasonable assurance that the financial statements, taken as a whole, are free from material misstatement, whether caused by fraud or error. In conducting an audit of financial statements, the auditor takes into account the applicable legal and regulatory framework. Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements in the financial statements may not be detected, even though the audit is properly planned and performed in accordance with the ISAs. In the context of laws and regulations, the potential effects of inherent limitations on the auditor’s ability to detect material misstatements are greater for such reasons as the following:
a. There are many laws and regulations, relating principally to the operating aspects of an entity that typically do not affect the financial statements and are not captured by the entity’s information systems relevant to financial reporting.
b. Non-compliance may involve conduct designed to conceal it, such as collusion, forgery, deliberate failure to record transactions, management override of controls or intentional misrepresentations being made to the auditor.
c. Whether an act constitutes non-compliance is ultimately a matter for legal determination by a court of law.
Ordinarily, the further removed non-compliance is from the events and transactions reflected in the financial statements, the less likely the auditor is to become aware of it or to recognize the non-compliance.
- This ISA distinguishes the auditor’s responsibilities in relation to compliance with two different categories of laws and regulations as follows:
a. The provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements such as tax and pension laws and regulations (see paragraph 13); and
b. Other laws and regulations that do not have a direct effect on the determination of the amounts and disclosures in the financial statements, but compliance with which may be fundamental to the operating aspects of the business, to an entity’s ability to continue its business, or to avoid material penalties (for example, compliance with the terms of an operating license, compliance with regulatory solvency requirements, or compliance with environmental regulations); noncompliance with such laws and regulations may therefore have a material effect on the financial statements (see paragraph 14).
- In this ISA, differing requirements are specified for each of the above categories of laws and regulations. For the category referred to in paragraph 6(a), the auditor’s responsibility is to obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations. For the category referred to in paragraph 6(b), the auditor’s responsibility is limited to undertaking specified audit procedures to help identify non- compliance with those laws and regulations that may have a material effect on the financial statements.
- The auditor is required by this ISA to remain alert to the possibility that other audit procedures applied for the purpose of forming an opinion on financial statements may bring instances of identified or suspected noncompliance to the auditor’s attention. Maintaining professional skepticism throughout the audit, as required by ISA 200, is important in this context, given the extent of laws and regulations that affect the entity.