Detecting illegal acts Flashcards
Fundamental Auditor Responsibility
The essence of the auditor’s responsibility is to obtain reasonable assurance that the financial statements are free from material misstatement, whether caused by fraud or error, considering the applicable legal and regulatory framework.
Inherent limitations
The auditor cannot be expected to detect all noncompliance with all laws and regulations, since that is a legal determination and because many laws focus on an entity’s operations instead of on the financial statements.
Laws and regulations having a direct effect on the amounts and/or disclosures in the financial statements
The auditor should obtain sufficient appropriate audit evidence regarding material amounts and disclosures.
Other laws and regulations not having a direct effect on the financial statements
The auditor should perform specified audit procedures that may identify noncompliance that may have a material effect on the financial statements. The specified audit procedures include inquiry of management and those charged with governance about compliance issues, inspection of any correspondence with regulatory authorities, reading minutes, and so forth.
Auditor’s Consideration of Compliance with Laws and Regulations
In obtaining an understanding of the entity and its environment, the auditor should obtain an understanding of
1) The entity’s applicable legal and regulatory framework; and
2) How the entity is complying with that framework.
Audit Procedures when Noncompliance is Identified or Suspected
1) If information suggests possible noncompliance
The auditor should obtain an understanding of the circumstances of the act involved and gather further information to evaluate the financial statement effect.
Audit Procedures when Noncompliance is Identified or Suspected
2) If the auditor suspects noncompliance
The auditor should discuss the matter with management (at least one level above those suspected to be involved) and with those charged with governance, as appropriate.
Audit Procedures when Noncompliance is Identified or Suspected
3) If unable to obtain sufficient information as to compliance
the auditor should evaluate the effect of the lack of sufficient appropriate audit evidence on the auditor’s report (and consider the need for obtaining legal advice).
Reporting of Identified or Suspected Noncompliance
1) Reporting noncompliance to those charged with governance
The auditor should communicate with those charged with governance any noncompliance with laws and regulations (unless it is clearly inconsequential). When management or those charged with governance is involved, the auditor should communicate to the next higher level of authority. If no higher level of authority within the entity exists, the auditor should consider obtaining legal advice.
Reporting of Identified or Suspected Noncompliance
2) Reporting noncompliance in the auditor’s report
If a material effect on the financial statements has not been appropriately reported, the auditor should modify the opinion (expressing either a qualified or adverse opinion). If the auditor has been prevented from obtaining sufficient appropriate audit evidence to evaluate the financial statement impact of the matter, the auditor should modify the opinion (expressing either a qualified opinion or disclaimer of opinion) for a scope limitation.
Reporting of Identified or Suspected Noncompliance
3) Reporting noncompliance to regulatory/enforcement authorities
The auditor should determine whether there is a responsibility to report the matter to parties outside the entity, which may take priority over confidentiality responsibilities. The auditor should consider obtaining legal advice about this issue.
Reporting of Identified or Suspected Noncompliance
4) Withdrawal
If the entity refuses to accept a modified opinion and if withdrawal is possible under applicable law or regulation, the auditor may withdraw from the engagement and inform those charged with governance of the reasons in writing. Likewise, if the entity does not take the appropriate corrective action regarding noncompliance issues, the auditor may withdraw if such action is permitted by applicable law or regulation.
Documentation
The auditor should document the identified or suspected noncompliance and the results of the discussion with management, those charged with governance, and others, as applicable. Such documentation might include:
1) Copies of records or documents
2) Minutes of the discussion with management, those charged with governance, and others
Regarding a nonissuer’s compliance with laws and regulations, an auditor performing an audit of the entity’s financial statements is responsible for
In obtaining an understanding of the entity and its environment, the auditor should obtain an understanding of the entity’s applicable legal and regulatory framework as well as how the entity complies with that framework