@ NONCOMPLIANCE WITH LAWS AND REGULATIONS Noncompliance refers to acts of omission or commission by the entity being audited, ‘cither intentional or unintentional, which are contrary to the prevailing laws or tegulations. Such acts include transactions entered into by, or in the name of, the'entity or on its behalf by its management or employees. Common examples include: : > Tax evasion; > Violation of environmental protection laws; and ® Inside trading of securities. Noncompliance with laws and regulations may result in fines, litigations or other consequences for the entity that may have a material effect on the financial statements. EZ Responsibility of Management It is the responsibility of management, with the oversight of those charged with governance, to ensure that the entity’s operations are conducted in accordance with laws and regulations. The responsibility for the prevention and detection of noncompliance rests with the entity's management. es aa Auditor's Responsibility An audit cannot be expected to detect noncompliance with all laws and regulations. Nevertheless, the auditor should recognize that ‘noncompliance by the entity with laws and regulations may materially affect the financial statements. Planning Phasei it ld obtain 1. In order to plan the audit, the auditor shoul a general itodentanding of the legal and regulatory framework applicable to the entity and the industry and how the entity is complying with that framework. To obtain the general understanding of laws and regulations, the auditor would ordinarily: > Use the existing knowledge of the enttity’s industry and business; > Inquire of management concerning the entity's policies and procedures tegarding compliance with laws and regulations; > Inquire of management as to the laws or regulations that may be expected to have a fundamental effect on the operations of the entity; > Discuss with management the policies or procedures adopted for identifying, evaluating and accounting for litigation claims and assessments; and v Discuss the legal and regulatory framework with auditors of subsidiaries in other countries (for example, if the subsidiary is Fequired to adhere to the secutities regulations of the Parent company). ‘2. After obtaining a general understanding, the auditor should design procedures to help identify instances of Noncompliance with laws and tegulations such as: > Reading minutes of meetings; > Inquiring of Management as to compliance with such laws and Inspecting Cotresponden Of regulatory authorities, whether the entity is in tegulation; or ce with the relevant licensing3, The auditor should also design audit procedures to obtain sufficient appropriate audit evidence about compliance with those laws and regulations generally recognized by the auditor to have an effect on the determination of material amounts and disclosures in financial statements. Testing Phase 4. When the auditor becomes aware of information concerning a possible instance of noncompliance, the auditor should obtain an understanding of the nature of the act and the circumstances in which it has occurred, and sufficient other information to evaluate the possible effect on the , financial statements. When evaluating the possible effect on the financial statements, the auditor considers: > The potential financial consequences, such as fines, penalties, damages, threat of expropriation of assets, enforced discontinuation of operations and litigation; » Whether the potential financial consequences require disclosure; and » Whether the potential financial consequences ate so serious as to call into question the fair presentation given by the financial statements. 5. When the auditor believes there may be noncompliance, the auditor should document the findings, discuss them with management, and consider the implication on other aspects of the audit.Completion Phase 6. The auditor should obtain written representations that management has disclosed to the auditor all known actual of possible noncompliance with laws and regulations that could materially affect the financial statements. Reporting Phase 7, When the auditor believes that there is noncompliance with laws and regulations that materially affects the financial statements, the auditor should request the management to revise the financial statements. Otherwise, the auditor will have to express either qualified or adverse opinion. 8. Ifa scope limitation has precluded the auditor from obtaining sufficient appropriate evidence to evaluate the effect of noncompliance with laws and regulations, the auditor should express a qualified opinion or a disclaimer of opinion. An audit is subject to the unavoidable risk that some material misstatements in the financial statements will not be detected, even though the audit is properly planned and performed in accordance with PSAs. This risk is higher with regard to material misstatements resulting from noncompliance with laws and regulations because: > Noncompliance may involve conduct designed to conceal it, such as collusion, forgery, deliberate failure to record transactions, senior management override of controls or intentional misrepresentations being made to the auditor.> There are many laws and regulations relating principally to the operating aspects of the entity that typically do not have a material effect on the financial statements and are not captured by the accounting and internal control systems. Auditors are primarily concerned with noncompliance that may cause the financial statements to contain material misstatements. Accordingly, the auditor should design the audit to provide reasonable assurance that noncompliance that has a material and direct effect on the financial statements are detected. Auditors do not normally design idl pacadiets to detect noncompliance that will not directly affect the fair presentation of the financial statements unless the results of other procedures that were applied cause the auditor to suspect that a material indirect effect noncompliance may have occurred. ‘ Ordinarily, the further removed non-compliance is from the financial statements, the less likely the auditor is to become aware of it or to recognize the non-compliance. The fraud risk factors identified below are examples of such factors typically. faced by auditors in a broad range of situations. The fraud risk factors listed below are only examples; not all of these factors ate likely to be present in all audits, nor is the list necessarily complete. The auditor exercises professional judgment when considering fraud risk factors individually or in combination and whether there are specific controls that mitigate the risk. Fraud Risk Factors Relating to Misstatements Resulting from Fraudulent Financial ReportingFraud tisk factors that relate to misstatements resulting from fraudulent financial reporting may be grouped in the following three categories: 1. Management's Characteristics and Influence over the Contro} Environment. 2. Industry Conditions: 3, Operating Characteristics and Financial Stability. categories, examples of fraud risk factors relating For each of th f ncn oll from fraudulent financial reporting are set out to misstatements arising below. Fraud Risk Factors Relating to Management's Characteristics and Influence over the Control Environment These fraud risk factors pertain to management’s abilities, pressures, style, and attitude relating to internal control and the financial reporting process. - There is motivation for management to engage in fraudulent financial reporting. Specific indicators might include the following: ¥ A significant portion of management’s compensation is represented by bonuses, stock options or other incentives, the value of which is contingent upon the entity achieving unduly aggressive targets for operating results, financial position or cash flow. v There is excessive interest by management in maintaining ot increasing the entity’s stock price or earnings trend through the use of unusually aggressive accounting practices. v Management Commits to analysts, creditors and other third patties to achieving what appear to be unduly aggressive or clearly unrealistic forecasts. v . 5 Aas Management has an interest in pursuing inappropriate means to minimize reported earnings for tax-motivated reasons,~ There is a failure by management to display and communicate - appropriate attitude regarding internal control and the financial reporting process. Specific indicators might include the following: ¥ Management does not effectively communicate and support the entity’s values or ethics, or management communicates inappropriate values or ethics, ¥ Management is dominated by a single person or a small group without compensating contiols such as effective oversight by those charged with governance. ¥ Management does not monitor significant @hrrols adequately. ¥ Management fails to correct known material weaknesses in internal control on a timely basis. ¥ Management sets unduly aggressive financial targets and expectations for operating personnel. ¥ Management displays a significant disregard for regulatory authorities. ¥ Management continues to employ ineffective accounting, information technology or internal auditing staff. - Non-financial management participates excessively in, or is Pteoccupied with, the selection of accounting Ptinciples or the determination of significant estimates. ~ There is a high turnover of management, counsel or board members. There is a strained relationship between management and the current or predecessor auditor. Specific indicators might include the following: v Frequent disputes with the current ora accounting, auditing or reporting matters, Unreasonable demands on the auditor, including unreasonable time Constraints regarding the completion of the audit or the issuance of the auditor’s report. Ptedecessor auditor on vY Formal ot informal restrictions on the auditor that inappropriately limit the auditor’s access to people or information, or limit the auditor's ability to communicate effectively with those charged with governance, / v Domineering management behavior in dealing with the auditor, especially involving attempts to influence the scope of the auditor’s work, - There is a history of securities law violations, or claims against the entity ot its management alleging fraud or violations of securities laws, - The corporate gagernance structure is weak or ineffective, which may be evidenced by, for example: Y Allack of members who are independent of management. Y Little attention being paid to financial reporting matters and to the accounting and internal control systems by those ‘charged with governance. Frand Risk Factors Relating to Industry Conditions These fraud risk factors involve the economic and regulatory environment in which the entity operates. ~ New accounting, statutory or regulatory requirements that could impair the financial stability or profitability of the entity. - A high degree of competition or market saturation, accompanied by dectining margins. ~ A declining industry with increasing business failures and significant declines in customer demand. : - Rapid changes in the industry, such as high vulnerability to rapidly changing technology or rapid product obsolescence.Fraud Risk Factors Relating to ( perating Characteristics and Financial $1 ‘ability ‘These fraud risk factors pertain to the nature and complexity of the entity and its tsansactions, the entity’s financial condition, and its profitability. - Inability to generate cash flows from operations while reporting earnings and earnings growth. - Significant pressure to obtain additional capital necessary to stay competitive, considering the financial position of the entity (including aneed for funds to finance major research and development or capital expenditures). - Assets, liabilities, revenues or expenses based on significant estimates that involve unusually subjective judgments or uncertainties, or that are subject to potential significant change in the near term in a manner that may have a financially disruptive effect on the entity (for example, the ultimate collectability of receivables, the timing of revenue recognition, the realizability of financial instruments based on highly- subjective valuation of collateral or difficult-to-assess tepayment sources, or a significant deferral of costs). - Significant related party transactions which ate not in the ordinary course of business. - Significant related party transactions which até not audited or are audited by another firm. 7 Significant, unusual or highly complex transactions (especially those close to year-end) that pose difficult questions concerning substance - over form.Significant bank accounts or subsidiary of branch. operations in tay. haven jurisdictions for which there appears to be no clear business justification. - ,An overly complex organizational structure involving numerous o; unusual legal entities, managerial lines of authority or contractual atrangements without apparent business purpose. - Difficulty in determining the organization or person (or persons) controlling the entity. - Unusually rapid growth or profitability, especially compared with that of other companies in the same industry. - Especially high vulnerability to changes in interest rates. = Unusually high dependence on debt, a marginal ability to mect'debt tepayment requirements, of debt covenants that are difficult to maintain. — Unrealistically aggressive sales or profitability incentive programs. _ A threat of imminent bankruptcy, foreclosure or hostile takeover. _ Adverse consequences.on significant pending transactions (such as a business combination or contract award) if poor financial results arc reported. - A poor or deteriorating financial position when management has personally guaranteed significant debts of the entity. Fraud Risk Factors Relating to Misstatements Resulting from Misappropriation of AssetsFraud tisk factors that relate to misstatements resulting from misappropriation of assets may be grouped in the following two categories: 1. Susceptibility of Assets to Misappropriation. 2. Controls. For each of these two categories, examples of fraud risk factots relating to misstatements resulting from misappropriation of assets ate set out below. The extent of the auditor’s consideration of the fraud risk factors in category 2 is influenced by the degree to which fraud risk factors in category 1 ate present. Fran Risk Factors Relating to Susceptibility of Assets to Misappropriation ‘These fraud risk factors pertain to the nature of an entity’s assets and the degree to which they are subject to theft. - Large amounts of cash on hand or processed. Inventory characteristics, such as small size combined with high value and high demand. Easily convertible assets, such as bearer bonds, diamonds or computer chips. - Fixed asset characteristics, such as small size combined with marketability and lack of ownership identification. Frand Risk Factors Relating to Contrals These fraud risk factors involve the lack of controls designed to prevent or detect misappropriation of assets. ~ Lack of appropriate management oversight (for example, inadequate Supervision or inadequate monitoring of remote locations).Lack of procedures to screen job applicants for. positions where employees have access to assets susceptible to misappropriation: Inadequate record keeping for assets susceptible to misappropriation, Lack of an appropriate segregation of duties or independent checks, Lack of an appropriate system of authorization ‘and approval of transactions (for example, in purchasing). Poor physical safeguards over cash, investments, inventory or fixed assets. Lack of timely and appropriate documentation for transactions (for example, credits for merchandise retutns). Lack of mandatory vacations for employees performing key control functions.