Professional Documents
Culture Documents
PL, Re
PL, Re
Responsibilities of Management
It is the responsibility of management, with the oversight of those charged
with
governance, to ensure that the entity's operations are conducted in
accordance with relevant laws and regulations, including those that determine
the reported amounts and disclosures in the financial statements. [ISA 250, 3]
Compliance with Laws & Regulations
Auditor’s Responsibilities
The auditor is responsible for obtaining reasonable assurance that
the financial statements taken as a whole, are free from material
misstatement, whether due to fraud or error.
• Monitoring legal requirements and ensuring that operating procedures are designed
to meet these requirements.
• Instituting and operating appropriate systems of internal control.
• Developing, publicizing and following a code of conduct.
• Ensuring employees are properly trained and understand the code of conduct.
• Monitoring compliance with the code of conduct and acting appropriately to
discipline employees who fail to comply with it.
• Engaging legal advisors to assist in monitoring legal requirements.
• Maintaining a register of significant laws and regulations with which the entity has
to comply.
Assigning appropriate responsibilities to:
• An internal audit function
• An audit committee
• A compliance function.
Audit Procedures to identify non compliance
Auditors cannot be expected to be experts in all the many different laws and
regulations where non-compliance might have such an effect. There is also an
unavoidable risk that some material misstatements may not be detected due to the
inherent limitations in auditing.
Audit Procedures to identify non-compliance
Obtaining a general understanding of the legal and regulatory framework applicable to the
entity and the industry, and of how the entity is complying with that framework. [ISA 250, 13]
Enquiring of management and those charged with governance as to whether the entity is in
compliance with such laws and regulations. [15a]
Remaining alert to the possibility that other audit procedures applied may bring instances of
non-compliance to the auditor's attention. [16]
Obtaining written representation from the directors that they have disclosed to the auditors
all those events of which they are aware which involve possible non-compliance, together with
the actual or contingent consequences which may arise from such non-compliance. [17]
Audit Procedures to identify non-compliance
Investigations of possible non compliance
The auditor should communicate non-compliance with management and those charged with
governance, unless prohibited by law.
If the auditor believes the non-compliance is intentional and material, the matter should be
communicated with those charged with governance.
If the auditor suspects management or those charged with governance are involved in the
non-compliance, the matter should be communicated to the audit committee or supervisory
board. [25]
If the non-compliance has a material effect on the financial statements, a qualified or adverse
opinion should be issued. [26]
The auditor should also consider whether they have any legal, regulatory or ethical
responsibility to report non-compliance to third parties (e.g. to a regulatory authority). [29]
Engagement Withdrawal
The auditor may consider the need to withdraw from the engagement (i.e. resign as auditor) if:
• management or those charged with governance do not take remedial action that the auditor
considers appropriate, or
• the non-compliance raises doubts about the integrity of management or those charged with
governance.
- Withdrawal will not relieve auditor from responsibility to report the entity to third parties.
- Ethical requirements require predecessor auditor to report regarding compliance with laws to
incoming auditor.
Fraud & Error: ISA 240
Fraud: Fraud is an intentional act involving the use of deception to obtain an unjust or illegal
advantage. It may be perpetrated by one or more individuals among management, employees
or third parties.
Fraud concerning auditor includes;
Misappropriation of assets
Fraudulent Financial reporting
Misappropriation of assets means theft e.g. the creation of dummy suppliers or ghost employees to divert
company funds into a personal bank account.
Fraudulent financial reporting in particular may be viewed as more prevalent nowadays for the following
reasons:
• Increased pressure on companies to publish improved results
• Greater emphasis on performance related remuneration
• When trading conditions are difficult additional finance may be required. Directors may make the
financial statements look more attractive in order to secure the finance.
• If existing borrowings are in place with covenants attached, directors may manipulate the financial
statements to ensure the covenants are met.
Fraud & Error: ISA 240
Error: An error can be defined as an unintentional misstatement in FS including the
omission of amounts or disclosures
Audit Procedures
Review journal entries made to identify manipulation of figures recorded or
unauthorised journal adjustments:
– Enquire of those involved in financial reporting about unusual activity relating to
adjustments.
– Select journal entries and adjustments made at the end of the reporting period.
– Consider the need to test journal entries throughout the period.
Responses to an assessed risk of fraud
Audit Procedures
Review management estimates for evidence of bias:
– Evaluate the reasonableness of judgments and whether they indicate management bias.
– Perform a retrospective review of management judgments
Review transactions outside the normal course of business, or transactions which appear unusual
and assess whether they are indicative of fraudulent financial reporting.
Obtain written representation from management and those charged with governance that they:
– acknowledge their responsibility for internal controls to prevent and detect fraud.
– have disclosed to the auditor the results of management’s fraud risk assessment.
– have disclosed to the auditor any known or suspected frauds.
– have disclosed to the auditor any allegations of fraud affecting the entity’s financial statements.
Reporting of fraud & Error
If the auditor identifies a fraud they must communicate the matter on a timely basis to the
appropriate level of management (i.e. those with the primary responsibility for prevention and
detection of fraud). [ISA 240, 41]
If the suspected fraud involves management the auditor must communicate the matter to those
charged with governance. [42]
If the auditor has doubts about the integrity of those charged with governance they should seek
legal advice regarding an appropriate course of action. [A65]
In addition to these responsibilities the auditor must also consider whether they have a
responsibility to report the occurrence of a suspicion to a party outside the entity. Whilst the
auditor does have an ethical duty to maintain confidentiality, it is likely that any legal responsibility
will take precedence. In these circumstances it is advisable to seek legal advice. [44]
If the fraud has a material impact on the financial statements the audit opinion will be modified.
When the opinion is modified, the auditor will explain why it has been modified and this will make
the shareholders aware of the fraud.
Withdrawal From Engagement: In exceptional circumstances the auditors may consider to
withdraw from engagement after obtaining legal opinion.
Legal Liability to Client & third parties
Liability to the client: arises out of contract law. The company has a contract with the auditor, the
engagement letter, and hence can sue the auditor for breach of contract if the auditor delivers a
negligently prepared report. Auditor to exercise due care & skill. This duty fulfilled when auditor
complies with Professional standards
Liability to the third parties: A third party (i.e. a person who has no contractual relationship with the
auditor) may be able to sue the auditor for damages, i.e. a financial award.
In the tort of negligence, the plaintiff (i.e. the third party) must prove that:
(1) The defendant (i.e. the auditor) owes a duty of care, and
(2) The defendant has breached the appropriate standard of care as discussed above, and
(3) The plaintiff has suffered loss as a direct result of the defendant’s breach.
The critical matter in most negligence scenarios is whether a duty of care is owed in the first place.
When is a duty of care owed?
A duty of care exists when there is a special relationship between the parties, i.e. where the auditors knew,
or ought to have known, that the audited financial statements would be made available to, and would be
relied upon by, a particular person (or class of person).
The injured party must therefore prove:
• The auditor knew, or should have known, that the injured party was likely to rely on the financial
statements.
• The injured party has sufficient ‘proximity’, i.e. belongs to a class likely to rely on the financial
statements.
• The injured party did in fact so rely.
• The injured party would have acted differently if the financial statements had shown a different
picture.
Criminal Liability
Criminal liability can arise in the following circumstances:
• Acting as auditor when ineligible.
• Fraud, such as: theft, bribery and other forms of corruption, falsifying accounting records, and
knowingly or recklessly including misleading matters in an auditor's report.
• Insider dealing.
• Knowingly or recklessly making false statements in connection with the issue of securities.