3

LAWS &
REGULATIONS
Regulatory
Environment
BY SABI AKTHER 1
 What to focus on?
• Responsibilities of management

• Responsibilities of the auditor

• Audit procedures to identify instances of non-compliance

• Investigations of possible non-compliance

• Audit procedures when non-compliance is identified

• Communicating and reporting non-compliance

• Engagement withdrawal
2
 Introduction

Non-compliance – Acts of omission or commission, either intentional or

unintentional, committed by the entity, which are contrary to the prevailing
laws or regulations

Non-compliance with laws and regulations may lead to material misstatement

if liabilities for non-compliance are not recorded, contingent liabilities are not
disclosed, or if they lead to going concern issues which would require disclosure
or affect the basis of preparation of the financial statements.

3
 Responsibilities of
Management

It is the responsibility of management, with the oversight of those charged with

governance, to ensure that the entity's operations are conducted in accordance
with relevant laws and regulations, including those that determine the reported
amounts and disclosures in the financial statements.

4
 Responsibilities of
•
Management
Monitoring legal requirements and ensuring that operating procedures are
designed to meet these requirements.

• Instituting and operating appropriate systems of internal control.

• Developing, publicising and following a code of conduct.

• Ensuring employees are properly trained and understand the code of

conduct.

• Monitoring compliance with the code of conduct and acting appropriately to

discipline employees who fail to comply with it.

• Engaging legal advisors to assist in monitoring legal requirements.

• Maintaining a register of significant laws and regulations with which the 5

entity has to comply.
 Responsibilities of
Management

In larger entities, these policies and procedures may be supplemented by

assigning appropriate responsibilities to:

• An internal audit function

• An audit committee

• A compliance function.

6
 Responsibilities of the Auditor
The auditor is responsible for obtaining reasonable assurance that the financial
statements taken as a whole, are free from material misstatement, whether due to
fraud or error.

Therefore, in conducting an audit of financial statements the auditor must perform

audit procedures to help identify non-compliance with laws and regulations that
may have a material impact on the financial statements

The auditor must obtain sufficient, appropriate evidence regarding compliance with:

• Laws and regulations generally recognised to have a direct effect on the

determination of material amounts and disclosures in the financial statements
(e.g. company law, tax law, applicable financial reporting framework)

• Other laws and regulations that may have a material impact on the financial
7
statements (e.g. environmental legislation)
 Audit procedures to identify
•
non-compliance
Obtaining a general understanding of the legal and regulatory framework
applicable to the entity and the industry, and of how the entity is complying with
that framework.

• Enquiring of management and those charged with governance as to

whether the entity is in compliance with such laws and regulations.

• Inspecting correspondence with relevant licensing or regulatory authorities.

• Remaining alert to the possibility that other audit procedures applied may
bring instances of non-compliance to the auditor's attention.

• Obtaining written representation from the directors that they have disclosed
to the auditors all those events of which they are aware which involve possible
non-compliance, together with the actual or contingent consequences which 8
may arise from such non-compliance.
 Audit procedures to identify
non-compliance
How to obtain a general understanding

• Use the auditor's existing understanding of the industry.

• Update the auditor's understanding of those laws and regulations that

directly determine reported amounts and disclosures in the financial
statements.

• Enquire of management as to other laws and regulations that may be

expected to have a fundamental effect on the operations of the entity.

• Enquire of management concerning the entity’s policies and procedures

regarding compliance with laws and regulations.

• Enquire of management regarding the policies or procedures adopted for 9

identifying, evaluating and accounting for litigation claims.
 Investigations of possible non-
compliance

When the auditor becomes aware of information concerning a possible instance

of non-compliance with laws or regulations, they should:

• Understand the nature of the act and circumstances in which it has

occurred.

• Obtain further information to evaluate the possible effect on the financial

statements

10
 Audit procedures when non-
compliance is identified

• Enquire of management of the penalties to be imposed.

• Inspect correspondence with the regulatory authority to identify the

consequences.

• Inspect board minutes for management's discussion on actions to be taken

regarding the non-compliance.

• Enquire of the company's legal department as to the possible impact of the

non-compliance

11
 Communicating & reporting
•
non-compliance
The auditor should communicate non-compliance with management and
those charged with governance, unless prohibited by law.

• If the auditor believes the non-compliance is intentional and material, the

matter should be communicated with those charged with governance.

• If the auditor suspect’s management or those charged with governance are

involved in the non-compliance, the matter should be communicated to the
audit committee or supervisory board.

• If the non-compliance has a material effect on the financial statements, a

qualified or adverse opinion should be issued.

• The auditor should also consider whether they have any legal, regulatory or
12
ethical responsibility to report non-compliance to third parties (e.g. to a
regulatory authority).
 Engagement Withdrawl
The auditor may consider the need to withdraw from the engagement (i.e.
resign as auditor) if:

• management or those charged with governance do not take remedial action

that the auditor considers appropriate, or

• the non-compliance raises doubts about the integrity of management or

those charged with governance.

Withdrawing from the engagement cannot be a substitute for complying with

other responsibilities in relation to reporting non-compliance. Therefore, if there
is a responsibility to report the entity, the auditor must do so, they cannot
resign to avoid having to make the report.

Ethical requirements may require a predecessor auditor to provide information 13

on compliance with laws and regulations to an incoming auditor.
 Summary
Laws & Regulations

• Auditor responsible for detecting material misstatement due

to non-compliance

• Procedures to identify non-compliance

• Procedures to investigate effect of non-compliance

• Reporting of non-compliance to management, TCWG, & 3rd

parties if required

14
Thank You for Watching!!

15