@ NONCOMPLIANCE WITH LAWS AND REGULATIONS
Noncompliance refers to acts of omission or commission by the entity
being audited, ‘cither intentional or unintentional, which are contrary to
the prevailing laws or tegulations. Such acts include transactions entered
into by, or in the name of, the'entity or on its behalf by its management
or employees. Common examples include: :
> Tax evasion;
> Violation of environmental protection laws; and
® Inside trading of securities.
Noncompliance with laws and regulations may result in fines, litigations
or other consequences for the entity that may have a material effect on
the financial statements.
EZ Responsibility of Management
It is the responsibility of management, with the oversight of those
charged with governance, to ensure that the entity’s operations are
conducted in accordance with laws and regulations. The
responsibility for the prevention and detection of noncompliance
rests with the entity's management.
es
aa
Auditor's Responsibility
An audit cannot be expected to detect noncompliance with all laws
and regulations. Nevertheless, the auditor should recognize that
‘noncompliance by the entity with laws and regulations may materially
affect the financial statements.
Planning Phasei it ld obtain
1. In order to plan the audit, the auditor shoul a
general itodentanding of the legal and regulatory
framework applicable to the entity and the industry and how
the entity is complying with that framework.
To obtain the general understanding of laws and regulations,
the auditor would ordinarily:
> Use the existing knowledge of the enttity’s industry and
business;
> Inquire of management concerning the entity's policies
and procedures tegarding compliance with laws and
regulations;
> Inquire of management as to the laws or regulations that
may be expected to have a fundamental effect on the
operations of the entity;
> Discuss with management the policies or procedures
adopted for identifying, evaluating and accounting for
litigation claims and assessments; and
v
Discuss the legal and regulatory framework with
auditors of subsidiaries in other countries (for example,
if the subsidiary is Fequired to adhere to the secutities
regulations of the Parent company).
‘2. After obtaining a general understanding, the auditor should
design procedures to help identify instances of
Noncompliance with laws and tegulations such as:
> Reading minutes of meetings;
> Inquiring of Management as to
compliance with such laws and
Inspecting Cotresponden
Of regulatory authorities,
whether the entity is in
tegulation; or
ce with the relevant licensing3, The auditor should also design audit procedures to obtain
sufficient appropriate audit evidence about compliance
with those laws and regulations generally recognized by the
auditor to have an effect on the determination of material
amounts and disclosures in financial statements.
Testing Phase
4. When the auditor becomes aware of information concerning
a possible instance of noncompliance, the auditor should
obtain an understanding of the nature of the act and the
circumstances in which it has occurred, and sufficient other
information to evaluate the possible effect on the
, financial statements. When evaluating the possible effect
on the financial statements, the auditor considers:
> The potential financial consequences, such as fines,
penalties, damages, threat of expropriation of assets,
enforced discontinuation of operations and litigation;
» Whether the potential financial consequences require
disclosure; and
» Whether the potential financial consequences ate so
serious as to call into question the fair presentation given
by the financial statements.
5. When the auditor believes there may be noncompliance, the
auditor should document the findings, discuss them with
management, and consider the implication on other
aspects of the audit.Completion Phase
6. The auditor should obtain written representations that
management has disclosed to the auditor all known actual of
possible noncompliance with laws and regulations that could
materially affect the financial statements.
Reporting Phase
7, When the auditor believes that there is noncompliance with
laws and regulations that materially affects the financial
statements, the auditor should request the management to
revise the financial statements. Otherwise, the auditor will
have to express either qualified or adverse opinion.
8. Ifa scope limitation has precluded the auditor from obtaining
sufficient appropriate evidence to evaluate the effect of
noncompliance with laws and regulations, the auditor should
express a qualified opinion or a disclaimer of opinion.
An audit is subject to the unavoidable risk that some material
misstatements in the financial statements will not be detected, even
though the audit is properly planned and performed in accordance
with PSAs. This risk is higher with regard to material misstatements
resulting from noncompliance with laws and regulations because:
> Noncompliance may involve conduct designed to conceal it,
such as collusion, forgery, deliberate failure to record
transactions, senior management override of controls or
intentional misrepresentations being made to the auditor.> There are many laws and regulations relating principally to
the operating aspects of the entity that typically do not have
a material effect on the financial statements and are not
captured by the accounting and internal control systems.
Auditors are primarily concerned with noncompliance that may
cause the financial statements to contain material
misstatements. Accordingly, the auditor should design the audit
to provide reasonable assurance that noncompliance that has a
material and direct effect on the financial statements are detected.
Auditors do not normally design idl pacadiets to detect
noncompliance that will not directly affect the fair presentation
of the financial statements unless the results of other procedures
that were applied cause the auditor to suspect that a material indirect
effect noncompliance may have occurred. ‘
Ordinarily, the further removed non-compliance is from the financial
statements, the less likely the auditor is to become aware of it or to
recognize the non-compliance.
The fraud risk factors identified below are examples of such factors
typically. faced by auditors in a broad range of situations. The fraud risk
factors listed below are only examples; not all of these factors ate likely to
be present in all audits, nor is the list necessarily complete. The auditor
exercises professional judgment when considering fraud risk factors
individually or in combination and whether there are specific controls that
mitigate the risk.
Fraud Risk Factors Relating to Misstatements Resulting from
Fraudulent Financial ReportingFraud tisk factors that relate to misstatements resulting from fraudulent
financial reporting may be grouped in the following three categories:
1. Management's Characteristics and Influence over the Contro}
Environment.
2. Industry Conditions:
3, Operating Characteristics and Financial Stability.
categories, examples of fraud risk factors relating
For each of th f
ncn oll from fraudulent financial reporting are set out
to misstatements arising
below.
Fraud Risk Factors Relating to Management's Characteristics and Influence over the
Control Environment
These fraud risk factors pertain to management’s abilities, pressures, style,
and attitude relating to internal control and the financial reporting process.
- There is motivation for management to engage in fraudulent financial
reporting. Specific indicators might include the following:
¥ A significant portion of management’s compensation is represented
by bonuses, stock options or other incentives, the value of which is
contingent upon the entity achieving unduly aggressive targets for
operating results, financial position or cash flow.
v There is excessive interest by management in maintaining ot
increasing the entity’s stock price or earnings trend through the use
of unusually aggressive accounting practices.
v Management Commits to analysts, creditors and other third patties to
achieving what appear to be unduly aggressive or clearly unrealistic
forecasts.
v . 5 Aas
Management has an interest in pursuing inappropriate means to
minimize reported earnings for tax-motivated reasons,~ There is a failure by management to display and communicate -
appropriate attitude regarding internal control and the financial
reporting process. Specific indicators might include the following:
¥ Management does not effectively communicate and support the
entity’s values or ethics, or management communicates inappropriate
values or ethics,
¥ Management is dominated by a single person or a small group
without compensating contiols such as effective oversight by those
charged with governance.
¥ Management does not monitor significant @hrrols adequately.
¥ Management fails to correct known material weaknesses in internal
control on a timely basis.
¥ Management sets unduly aggressive financial targets and expectations
for operating personnel.
¥ Management displays a significant disregard for regulatory
authorities.
¥ Management continues to employ ineffective accounting,
information technology or internal auditing staff.
- Non-financial management participates excessively in, or is
Pteoccupied with, the selection of accounting Ptinciples or the
determination of significant estimates.
~ There is a high turnover of management, counsel or board members.
There is a strained relationship between management and the current
or predecessor auditor. Specific indicators might include the
following:
v Frequent disputes with the current ora
accounting, auditing or reporting matters,
Unreasonable demands on the auditor, including unreasonable time
Constraints regarding the completion of the audit or the issuance of
the auditor’s report.
Ptedecessor auditor on
vY Formal ot informal restrictions on the auditor that inappropriately
limit the auditor’s access to people or information, or limit the
auditor's ability to communicate effectively with those charged with
governance, /
v Domineering management behavior in dealing with the auditor,
especially involving attempts to influence the scope of the auditor’s
work,
- There is a history of securities law violations, or claims against the
entity ot its management alleging fraud or violations of securities laws,
- The corporate gagernance structure is weak or ineffective, which may
be evidenced by, for example:
Y Allack of members who are independent of management.
Y Little attention being paid to financial reporting matters and to the
accounting and internal control systems by those ‘charged with
governance.
Frand Risk Factors Relating to Industry Conditions
These fraud risk factors involve the economic and regulatory environment
in which the entity operates.
~ New accounting, statutory or regulatory requirements that could
impair the financial stability or profitability of the entity.
- A high degree of competition or market saturation, accompanied by
dectining margins.
~ A declining industry with increasing business failures and significant
declines in customer demand. :
- Rapid changes in the industry, such as high vulnerability to rapidly
changing technology or rapid product obsolescence.Fraud Risk Factors Relating to ( perating Characteristics and Financial $1 ‘ability
‘These fraud risk factors pertain to the nature and complexity of the entity
and its tsansactions, the entity’s financial condition, and its profitability.
- Inability to generate cash flows from operations while reporting
earnings and earnings growth.
- Significant pressure to obtain additional capital necessary to stay
competitive, considering the financial position of the entity (including
aneed for funds to finance major research and development or capital
expenditures).
- Assets, liabilities, revenues or expenses based on significant estimates
that involve unusually subjective judgments or uncertainties, or that
are subject to potential significant change in the near term in a manner
that may have a financially disruptive effect on the entity (for example,
the ultimate collectability of receivables, the timing of revenue
recognition, the realizability of financial instruments based on highly-
subjective valuation of collateral or difficult-to-assess tepayment
sources, or a significant deferral of costs).
- Significant related party transactions which ate not in the ordinary
course of business.
- Significant related party transactions which até not audited or are
audited by another firm.
7 Significant, unusual or highly complex transactions (especially those
close to year-end) that pose difficult questions concerning substance
- over form.Significant bank accounts or subsidiary of branch. operations in tay.
haven jurisdictions for which there appears to be no clear business
justification.
- ,An overly complex organizational structure involving numerous o;
unusual legal entities, managerial lines of authority or contractual
atrangements without apparent business purpose.
- Difficulty in determining the organization or person (or persons)
controlling the entity.
- Unusually rapid growth or profitability, especially compared with that
of other companies in the same industry.
- Especially high vulnerability to changes in interest rates.
= Unusually high dependence on debt, a marginal ability to mect'debt
tepayment requirements, of debt covenants that are difficult to
maintain.
— Unrealistically aggressive sales or profitability incentive programs.
_ A threat of imminent bankruptcy, foreclosure or hostile takeover.
_ Adverse consequences.on significant pending transactions (such as a
business combination or contract award) if poor financial results arc
reported.
- A poor or deteriorating financial position when management has
personally guaranteed significant debts of the entity.
Fraud Risk Factors Relating to Misstatements Resulting from
Misappropriation of AssetsFraud tisk factors that relate to misstatements resulting from
misappropriation of assets may be grouped in the following two
categories:
1. Susceptibility of Assets to Misappropriation.
2. Controls.
For each of these two categories, examples of fraud risk factots relating to
misstatements resulting from misappropriation of assets ate set out below.
The extent of the auditor’s consideration of the fraud risk factors in category
2 is influenced by the degree to which fraud risk factors in category 1 ate
present.
Fran Risk Factors Relating to Susceptibility of Assets to Misappropriation
‘These fraud risk factors pertain to the nature of an entity’s assets and the
degree to which they are subject to theft.
- Large amounts of cash on hand or processed.
Inventory characteristics, such as small size combined with high value
and high demand.
Easily convertible assets, such as bearer bonds, diamonds or computer
chips.
- Fixed asset characteristics, such as small size combined with
marketability and lack of ownership identification.
Frand Risk Factors Relating to Contrals
These fraud risk factors involve the lack of controls designed to prevent
or detect misappropriation of assets.
~ Lack of appropriate management oversight (for example, inadequate
Supervision or inadequate monitoring of remote locations).Lack of procedures to screen job applicants for. positions where
employees have access to assets susceptible to misappropriation:
Inadequate record keeping for assets susceptible to misappropriation,
Lack of an appropriate segregation of duties or independent checks,
Lack of an appropriate system of authorization ‘and approval of
transactions (for example, in purchasing).
Poor physical safeguards over cash, investments, inventory or fixed
assets.
Lack of timely and appropriate documentation for transactions (for
example, credits for merchandise retutns).
Lack of mandatory vacations for employees performing key control
functions.