Professional Responsibilities & Liabilities

Regulatory Environment, Money Laundering

Chapter 4: Professional Responsibility & Liabilities

 Laws and regulations

 Fraud & Error

 Professional Liability &

Negligence
Compliance with Laws & Regulations
 ISA 250 (Revised) Consideration of laws and regulations in an audit of
financial statements
 Non compliance - Acts of omission or commission, either intentional or
unintentional, committed by the entity, which are contrary to the
prevailing laws or regulations. Non-compliance does not include personal
misconduct unrelated to the business activities of the entity. [ISA 250, 12]

Responsibilities of Management
It is the responsibility of management, with the oversight of those charged
with
governance, to ensure that the entity's operations are conducted in
accordance with relevant laws and regulations, including those that determine
the reported amounts and disclosures in the financial statements. [ISA 250, 3]
Compliance with Laws & Regulations
Auditor’s Responsibilities
The auditor is responsible for obtaining reasonable assurance that
the financial statements taken as a whole, are free from material
misstatement, whether due to fraud or error.

Therefore, in conducting an audit of financial statements the auditor

must perform audit procedures to help identify non-compliance
with laws and regulations that may have a material impact on the
financial statements.
Management Policies & Procedures to compliance

• Monitoring legal requirements and ensuring that operating procedures are designed
to meet these requirements.
• Instituting and operating appropriate systems of internal control.
• Developing, publicizing and following a code of conduct.
• Ensuring employees are properly trained and understand the code of conduct.
• Monitoring compliance with the code of conduct and acting appropriately to
discipline employees who fail to comply with it.
• Engaging legal advisors to assist in monitoring legal requirements.
• Maintaining a register of significant laws and regulations with which the entity has
to comply.
Assigning appropriate responsibilities to:
• An internal audit function
• An audit committee
• A compliance function.
Audit Procedures to identify non compliance

The auditor must obtain sufficient, appropriate evidence regarding compliance

with:

• Laws and regulations generally recognized to have a direct effect on the

determination of material amounts and disclosures in the financial statements
(e.g. company law, tax law, applicable financial reporting framework). [ISA 250,
6a]
• Other laws and regulations that may have a material impact on the financial
statements (e.g. environmental legislation). [6b]

Auditors cannot be expected to be experts in all the many different laws and
regulations where non-compliance might have such an effect. There is also an
unavoidable risk that some material misstatements may not be detected due to the
inherent limitations in auditing.
 Audit Procedures to identify non-compliance
 Obtaining a general understanding of the legal and regulatory framework applicable to the
entity and the industry, and of how the entity is complying with that framework. [ISA 250, 13]

 Enquiring of management and those charged with governance as to whether the entity is in
compliance with such laws and regulations. [15a]

 Inspecting correspondence with relevant licensing or regulatory authorities. [15b]

 Remaining alert to the possibility that other audit procedures applied may bring instances of
non-compliance to the auditor's attention. [16]

 Obtaining written representation from the directors that they have disclosed to the auditors
all those events of which they are aware which involve possible non-compliance, together with
the actual or contingent consequences which may arise from such non-compliance. [17]
Audit Procedures to identify non-compliance
Investigations of possible non compliance

 Understand nature of the act & circumstances

 Obtain further information to evaluate impact on FS

Audit Procedures when Non compliance Identified

 Enquire management of penalties imposed

 Inspect correspondence with regulatory authority to identify consequences
 Inspect board minutes for Management discussion on actions to be taken regarding non compliance
 Enquire the legal dept/advisor as to the possible impact of non compliance
Communicating & reporting non compliance

 The auditor should communicate non-compliance with management and those charged with
governance, unless prohibited by law.
 If the auditor believes the non-compliance is intentional and material, the matter should be
communicated with those charged with governance.
 If the auditor suspects management or those charged with governance are involved in the
non-compliance, the matter should be communicated to the audit committee or supervisory
board. [25]
 If the non-compliance has a material effect on the financial statements, a qualified or adverse
opinion should be issued. [26]
 The auditor should also consider whether they have any legal, regulatory or ethical
responsibility to report non-compliance to third parties (e.g. to a regulatory authority). [29]
Engagement Withdrawal
The auditor may consider the need to withdraw from the engagement (i.e. resign as auditor) if:
• management or those charged with governance do not take remedial action that the auditor
considers appropriate, or
• the non-compliance raises doubts about the integrity of management or those charged with
governance.

- Withdrawal will not relieve auditor from responsibility to report the entity to third parties.
- Ethical requirements require predecessor auditor to report regarding compliance with laws to
incoming auditor.
 Fraud & Error: ISA 240
Fraud: Fraud is an intentional act involving the use of deception to obtain an unjust or illegal
advantage. It may be perpetrated by one or more individuals among management, employees
or third parties.
 Fraud concerning auditor includes;
 Misappropriation of assets
 Fraudulent Financial reporting
Misappropriation of assets means theft e.g. the creation of dummy suppliers or ghost employees to divert
company funds into a personal bank account.
Fraudulent financial reporting in particular may be viewed as more prevalent nowadays for the following
reasons:
• Increased pressure on companies to publish improved results
• Greater emphasis on performance related remuneration
• When trading conditions are difficult additional finance may be required. Directors may make the
financial statements look more attractive in order to secure the finance.
• If existing borrowings are in place with covenants attached, directors may manipulate the financial
statements to ensure the covenants are met.
Fraud & Error: ISA 240
Error: An error can be defined as an unintentional misstatement in FS including the
omission of amounts or disclosures

 A mistake in gathering and processing data from which FS are prepared.

 • An incorrect accounting estimate arising from oversight or a misinterpretation of facts.
 • A mistake in the application of accounting principles relating to measurement,
recognition, classification, presentation or disclosure.
 Errors are normally corrected by clients when they are identified.
 If a material error has been identified but has not been corrected, it will require the
audit opinion to be modified.
Management Responsibilities
 The primary responsibility for the prevention and detection of fraud rests with both
those charged with governance of an entity and with management.
Management should:
• Place a strong emphasis on fraud prevention and error reduction.
• Reduce opportunities for fraud to take place.
• Ensure the likelihood of detection and punishment for fraud is sufficient to act as a
deterrent.
• Ensure controls are in place to provide reasonable assurance that errors will be
identified.
• Foster, communicate and demonstrate a culture of honesty & ethical behaviour.
• Consider potential for override of controls or manipulation of financial reporting.
• Implement and operate adequate accounting and internal control systems.
Auditor’s Responsibilities
 Obtain reasonable assurance that the financial statements are free from material misstatement,
whether caused by fraud or error. [ISA 240, 5]
 Apply professional scepticism and remain alert to the possibility that fraud could take place. [8]
 Consider the potential for management override of controls and recognize that audit procedures that
are effective for detecting error may not be effective for detecting fraud.
This can be done by applying following procedures:
 Discuss the susceptibility of the client's financial statements to material misstatement due to fraud
with the engagement team. [16]
 • Enquire of management regarding their assessment of fraud risk, the procedures they conduct and
whether they are aware of any actual or suspected instances of fraud. [19]
 • Enquire of the internal audit function to establish if they are aware of any actual or suspected
instances of fraud. [20]
 • Enquire of those charged with governance with regard to how they exercise oversight of
management processes for identifying and responding to the risks of fraud and the controls
established by management to mitigate these risks. [22]
 • Consideration of relationships identified during analytical procedures.
Responses to an assessed risk of fraud

 Assign responsibility to personnel with appropriate knowledge and skill.

 Evaluate whether the accounting policies of the entity indicate fraudulent financial reporting.
 Use unpredictable procedures to obtain evidence.

Audit Procedures
 Review journal entries made to identify manipulation of figures recorded or
unauthorised journal adjustments:
– Enquire of those involved in financial reporting about unusual activity relating to
adjustments.
– Select journal entries and adjustments made at the end of the reporting period.
– Consider the need to test journal entries throughout the period.
Responses to an assessed risk of fraud

Audit Procedures
 Review management estimates for evidence of bias:
– Evaluate the reasonableness of judgments and whether they indicate management bias.
– Perform a retrospective review of management judgments

 Review transactions outside the normal course of business, or transactions which appear unusual
and assess whether they are indicative of fraudulent financial reporting.

 Obtain written representation from management and those charged with governance that they:
– acknowledge their responsibility for internal controls to prevent and detect fraud.
– have disclosed to the auditor the results of management’s fraud risk assessment.
– have disclosed to the auditor any known or suspected frauds.
– have disclosed to the auditor any allegations of fraud affecting the entity’s financial statements.
Reporting of fraud & Error

 If the auditor identifies a fraud they must communicate the matter on a timely basis to the
appropriate level of management (i.e. those with the primary responsibility for prevention and
detection of fraud). [ISA 240, 41]
 If the suspected fraud involves management the auditor must communicate the matter to those
charged with governance. [42]
 If the auditor has doubts about the integrity of those charged with governance they should seek
legal advice regarding an appropriate course of action. [A65]
 In addition to these responsibilities the auditor must also consider whether they have a
responsibility to report the occurrence of a suspicion to a party outside the entity. Whilst the
auditor does have an ethical duty to maintain confidentiality, it is likely that any legal responsibility
will take precedence. In these circumstances it is advisable to seek legal advice. [44]
 If the fraud has a material impact on the financial statements the audit opinion will be modified.
When the opinion is modified, the auditor will explain why it has been modified and this will make
the shareholders aware of the fraud.
 Withdrawal From Engagement: In exceptional circumstances the auditors may consider to
withdraw from engagement after obtaining legal opinion.
 Legal Liability to Client & third parties
 Liability to the client: arises out of contract law. The company has a contract with the auditor, the
engagement letter, and hence can sue the auditor for breach of contract if the auditor delivers a
negligently prepared report. Auditor to exercise due care & skill. This duty fulfilled when auditor
complies with Professional standards
 Liability to the third parties: A third party (i.e. a person who has no contractual relationship with the
auditor) may be able to sue the auditor for damages, i.e. a financial award.
 In the tort of negligence, the plaintiff (i.e. the third party) must prove that:
(1) The defendant (i.e. the auditor) owes a duty of care, and
(2) The defendant has breached the appropriate standard of care as discussed above, and
(3) The plaintiff has suffered loss as a direct result of the defendant’s breach.
The critical matter in most negligence scenarios is whether a duty of care is owed in the first place.
 When is a duty of care owed?
A duty of care exists when there is a special relationship between the parties, i.e. where the auditors knew,
or ought to have known, that the audited financial statements would be made available to, and would be
relied upon by, a particular person (or class of person).
 The injured party must therefore prove:
• The auditor knew, or should have known, that the injured party was likely to rely on the financial
statements.
• The injured party has sufficient ‘proximity’, i.e. belongs to a class likely to rely on the financial
statements.
• The injured party did in fact so rely.
• The injured party would have acted differently if the financial statements had shown a different
picture.

Has the injured party suffered a loss?

This is normally a matter of fact. For example, if X relies on the audited financial statements of Company A
and pays $5 million to buy the company, but it soon becomes clear that the company is worth only $1
million, then a loss of $4 million has been incurred.
 Has the auditor exercised due professional care?
The auditor will have exercised due professional care if they have:
• Complied with the most up-to-date professional standards and ethical requirements.
• Complied with the terms and conditions of appointment as set out in the letter of
engagement and as implied by law.
• Employed competent staff who are adequately trained and supervised in carrying out
instructions.
Auditors’ liability can be categorized under the following headings:
• Civil or criminal liability arising under legislation
• Liability arising from negligence.

Criminal Liability
 Criminal liability can arise in the following circumstances:
• Acting as auditor when ineligible.
• Fraud, such as: theft, bribery and other forms of corruption, falsifying accounting records, and
knowingly or recklessly including misleading matters in an auditor's report.
• Insider dealing.
• Knowingly or recklessly making false statements in connection with the issue of securities.

 Penalties for criminal liability include fines and/or imprisonment.

Civil Liability

Auditors may be liable in the following circumstances:

 To third parties suffering loss as a result of relying on a negligently prepared auditor’s report.
 Under insolvency legislation to creditors – auditors must be careful not to be implicated in causing
losses to creditors alongside directors.
 under tax legislation – particularly where the auditor is aware of tax frauds perpetrated by the
client.
 Under financial services legislation to investors.
 Under stock exchange legislation and/or rules.

 The only possible penalty for a civil offence is payment of damages.

In addition to the various civil and criminal liabilities the professional bodies that regulate
accountants and auditors have various sanctions, such as warnings, fines, reprimands,
severe reprimands and exclusion from membership for misconduct by members.

Conviction of a criminal offence involving financial misconduct is normally sufficient to

warrant exclusion from membership of a professional body.
Restricting Auditor’s Liability
 Audit firms may take the following steps to minimise their exposure to negligence claims:
• Restrict the use of the auditor's report and assurance reports to their specific, intended
purpose.
• Engagement letter clause to limit liability to third parties.
• Screening potential audit clients to accept only clients where the risk can be managed.
• Take specialist legal advice where appropriate.
• Respective responsibilities and duties of directors and auditors communicated in the
engagement letter and auditor's report to minimize misunderstandings.
• Insurance – professional indemnity insurance (PII).
• Carry out high quality audit work.
• Take on LLP status.
• Set a liability cap with clients.