This Standard on Auditing (SA) deals with the auditor’s responsibility to consider laws and regulations when performing an audit of financial statements. This SA does not apply to other assurance engagements in which the auditor is specifically engaged to test and report separately on compliance with specific laws or regulations.
whether caused by fraud or error.1 In conducting an audit of financial statements, the auditor takes into account the applicable legal and regulatory framework. Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements in the financial statements may not be detected, even though the audit is properly planned and performed in accordance with the SAs.2 In the context of laws and regulations, the potential effects of inherent limitations on the auditor’s ability to detect material misstatements are greater for such reasons as the following:
Ordinarily, the further removed non-compliance is from the events and transactions reflected in the financial statements, the less likely the auditor is to become aware of it or to recognise the non-compliance.
1 SA 200, paragraph 5.
2 SA 200, paragraph A52.
categories of laws and regulations. For the category referred to in paragraph 6(a), the auditor’s responsibility is to obtain sufficient appropriate audit evidence about compliance with the provisions of those laws and regulations. For the category referred to in paragraph 6(b), the auditor’s responsibility is limited to undertaking specified audit procedures to help identify non-compliance with those laws and regulations that may have a material effect on the financial statements.
The auditor is required by this SA to remain alert to the possibility that other audit procedures applied for the purpose of forming an opinion on financial statements may bring instances of identified or suspected non-compliance to the auditor’s attention. Maintaining professional skepticism throughout the audit, as required by SA 200,3 is important in this context, given the extent of laws and regulations that affect the entity.
Non-compliance – Acts of omission or commission by the entity, either intentional or unintentional, which are contrary to the prevailing laws or3 SA 200, paragraph 15.
regulations. Such acts include transactions entered into by, or in the name of, the entity, or on its behalf, by those charged with governance, management or employees. Non-compliance does not include personal misconduct (unrelated to the business activities of the entity) by those charged with governance, management or employees of the entity.
The auditor shall evaluate the implications of non-compliance in relation to other aspects of the audit, including the auditor’s risk assessment and the reliability of written representations, and take appropriate action. (Ref: Para. A17- A18)
is believed to be intentional and material, the auditor shall communicate the matter to those charged with governance as soon as practicable.