Auditor’s responsibilities in relation to an audit client’s compliance with laws and regulations Flashcards
- Management responsibility for Laws and Regulations
Winberry Co appears to be in breach of laws and regulations concerning customer data protection.
Under ISAs, management is responsible for ensuring the entity operates in compliance with applicable laws and regulations.
- Auditor required to understand the legal framework
Management’s non-compliance can lead to fines and penalties that may impact the financial statements on which the auditor expresses an opinion.
the auditor should ensure they have a full understanding of the data protection regulations in order to evaluate the implications of non-compliance by winbery co.
- Further Action with example
Procedures must be performed to obtain evidence about the instances of non-compliance in relation to the data protection breach. (no mark here)
for example, discussion with mgt to understand how the data breach occurred.
another example, discussion with winberry co’s legal advisers to understand the legal and operational consequences of the breach including likely fines and exposure to litigation and assess the materiality of such exposure
- report to authorities
Auditors must assess whether to report non-compliance externally. If mgt fails to disclose it, audit firm should consider disclosure based on legal requirements or public interest
firm should encourage the directors to report on the issue to the regulator or affected users.
directors fail to act, the auditor may need to disclose but should seek legal advice before doing so.
- confidentiality will not be breached
in exceptional cases, where an imminent legal breach is identified, the auditor may be obliged to report the matter to the appropriate authority. this decision rests on the auditor’s judgment and, if made in good faith, does not violate the confidentiality principle.
