Читать книгу Wiley Practitioner's Guide to GAAS 2017 - Flood Joanne M. - Страница 23

AU-C Original Pronouncement

AU-C 250 Definition of Term

Source: AU-C 250.11

Noncompliance. Acts of omission or commission by the entity, either intentional or unintentional, which are contrary to the prevailing laws or regulations. Such acts include transactions entered into by, or in the name of, the entity or on its behalf by those charged with governance, management, or employees. Noncompliance does not include personal misconduct (unrelated to the business activities of the entity) by those charged with governance, management, or employees of the entity.

Objectives of AU Section 250

AU-C Section 250.10 states that:

…the objectives of the auditor are to

a. obtain sufficient appropriate audit evidence regarding material amounts and disclosures in the financial statements that are determined by the provisions of those laws and regulations generally recognized to have a direct effect on their determination (see paragraph .06a),

b. perform specified audit procedures that may identify instances of noncompliance with other laws and regulations that may have a material effect on the financial statements (see paragraph .06b), and

c. respond appropriately to noncompliance or suspected noncompliance with laws and regulations identified during the audit.

Requirements

Auditor's Responsibilities

Noncompliance with laws and regulations is so diverse that articulating the auditor's responsibility for their detection and reporting has proven to be very complex. Some laws and regulations, such as the Internal Revenue Code regulations concerning income tax expense, clearly fall within the auditor's expertise, and the audit of financial statements normally includes testing compliance with such laws and regulations. Other laws and regulations, such as those on occupational safety and health or food and drug administration, are clearly outside the auditor's expertise and are not susceptible to testing by customary auditing procedures.

Categories of Laws and Regulations

AU-C 250 makes a distinction in the auditor's responsibility between two categories of laws and regulations:

1. Those that have a direct effect on the determination of financial statement amounts – for example, pension and tax laws and regulations. (AU-C 250.6a)

2. Those that do not have a direct effect but compliance may be fundamental to operating and continuing the business, and which may carry material penalties for noncompliance – for example, operating licenses and environmental regulation. (AU-C 250.06b)

AU-C Section 250 requires the performance of procedures to identify material misstatements resulting from noncompliance with laws and regulations. The auditor is not expected to detect noncompliance with all laws and regulations. (AU-C 250.04) Because of the inherent limitations of an audit, some material misstatements in the financial statements may not be detected even when the audit is properly planned and performed in accordance with GAAS. (AU-C 250.05)

Audit Procedures

The auditor is explicitly required to:

● Obtain an understanding of the legal and regulatory framework.

● Obtain an understanding of how the entity is complying with that framework.

(AU-C 250.12)

To obtain an understanding of the entity's legal and regulatory framework, the auditor may, among other procedures,

● Use the auditor's existing understanding of the entity's industry and regulatory and other external factors and update the understanding of those regulations that directly determine the reported amounts and disclosures in the financial statements.

● Inquire of management concerning the client's compliance with laws and regulations, policies on prevention of noncompliance, and the use of directives and periodic representations obtained from management at appropriate levels of authority concerning compliance with laws and regulations.

● Consider the entity's history of noncompliance.

(AU-C 250.A8)

For laws and regulations category 1 above, the auditor must obtain sufficient evidence regarding material amounts in the financial statements that are determined by those laws and regulations. (AU-C 250.13)

For category 2, the auditor's responsibility is to perform specified audit procedures that may identify noncompliance having a material effect on the financial statements. (AU-C 250.07) These are:

● Inquire of management and, if appropriate, those charged with governance about whether the entity is complying with laws and regulations.

● Inspect correspondence with the relevant licensing or regulatory authorities.

(AU-C 250.14)

During the audit, the auditor should remain alert to instances of noncompliance that may be revealed by other audit procedures. (AU-C 250.15) Examples of customary audit procedures that might bring possible noncompliance to the auditor's attention include:

1. Reading minutes

2. Making inquiries of management and legal counsel concerning litigation, claims, and assessments

3. Performing substantive tests of sensitive transactions

(AU-C 250.A17)

However, aside from the requirements above and absent specific information concerning possible noncompliance, the auditor does not need to perform any further procedures in this area. AU-C 580, Written Representations, requires the auditor to obtain a written representation from management concerning the absence of noncompliance with laws or regulations. (AU-C 250.16)

Response to Identified or Suspected Noncompliance with Laws and Regulations

When the auditor becomes aware of information about a possible noncompliance, the auditor should obtain an understanding of:

1. The nature of the possible noncompliance,

2. The circumstances in which the act occurred, and

3. Sufficient other information to allow the auditor to consider the effect on the financial statements.

(AU-C 250.17)

According to AU-C 250.A19, the auditor should be aware that specific information such as the following may raise a question concerning possible noncompliance:

1. Noncompliance with laws or regulations cited in reports of examinations by regulatory agencies that have been made available to the auditor

2. Unusual payments in cash

3. Large payments for unspecified services to consultants, affiliates, or employees

4. Failure to file tax returns or pay government duties or similar fees that are common to the entity's industry or the nature of its business

In addition to procedures previously mentioned, the auditor may apply other procedures, if necessary, to further understand the nature of noncompliance that has come to the auditor's attention. The additional procedures might include:

a. Examining supporting documents, such as invoices

b. Confirming significant information with other parties to the transaction

c. Determining if the transaction was properly authorized

d. Considering whether other similar transactions may have occurred

e. Applying procedures to identify other similar transactions

(AU-C 250.A20)

The auditor should inquire of management at a level above those involved, if possible. If the effect may be material and management or those charged with management do not provide satisfactory information that there has been no noncompliance, the auditor should:

● Consider the need to seek legal advice (AU-C 250.18)

● Evaluate the effect on the opinion (AU-C 250.19)

● Evaluate the implication on other area of the audit – for example, the assessment of audit risk (AU-C 250.20)

If management or those charged with governance do not provide sufficient evidence to support the entity's compliance, the auditor may consider consulting with the client's legal counsel (with the client's permission) or other specialists about applying relevant laws and regulations to the circumstances and the possible effects on the financial statements. (AU-C 250.A23)

Evaluation of Detected or Suspected Noncompliance with Laws and Regulations

The auditor should consider the quantitative and qualitative aspects of the noncompliance. Loss contingencies resulting from noncompliance that may be required to be disclosed should be evaluated similar to other loss contingencies. (AU-C 250.A21)

The auditor should consider the implications of noncompliance for the rest of the audit, particularly whether the auditor can rely on client representations. (AU-C 250.A24) Factors to consider include the relationship of the perpetration and concealment, if any, of the noncompliance to specific control procedures and the level of management or employees involved.

Even when the noncompliance is not material to the financial statements, the auditor may decide to withdraw from the engagement when the client does not take the remedial action the auditor considers necessary in the circumstances. (AU-C 250.A25)

Reporting Identified or Suspected Noncompliance

Internal Communications

The auditor should communicate with those charged with governance to make sure they are adequately informed about noncompliance that came to the auditor's attention. (AU-C 250.21) (If senior management is involved in the noncompliance, the auditor should communicate directly with those charged with governance.) If the noncompliance is believed to be intentional and material, the auditor should communicate with those charged with governance as soon as practicable.

Since clearly inconsequential matters need not be communicated to those charged with governance, the auditor may agree in advance with the audit committee on the nature of matters to be communicated.

Any communication regarding noncompliance or suspected noncompliance should describe:

1. The noncompliance

2. The circumstances of its occurrence

3. The financial statement effect

(AU-C 250.A26)

Effect on the Audit Report

If the auditor concludes that the noncompliance that has a material effect on the financial statements has not been properly accounted for or disclosed, the auditor should issue a qualified or an adverse opinion in accordance with AU-C 705, Modifications to the Opinion in the Independent Auditor's Report. (AU-C 250.24)

If the client prevents the auditor from obtaining sufficient competent evidential matter to evaluate whether noncompliance that could be material to the financial statements has occurred or is likely to have occurred, the auditor should express a qualified opinion or disclaim an opinion in accordance with AU-C 705. (AU-C 250.25)

If the client refuses to accept the auditor's report as modified because of noncompliance, the auditor should withdraw from the engagement and communicate, in writing, the reasons for withdrawal to the audit committee or to those charged with governance. (AU-C 250.A27)

External Communications

Normally, disclosing noncompliance with laws or regulations outside the client's organization would be precluded by the auditor's ethical or legal obligation of confidentiality. However, the auditor should determine whether there is a responsibility to report the matter to outside parties. (AU-C 250.27) The auditor should recognize that in the following circumstances, a duty to notify parties outside the client may exist:

1. To the SEC when the client reports an auditor change on Form 8-K (or to comply with other legal and regulatory requirements, such as Section 10A of the Securities Exchange Act of 1934)

2. To a successor auditor under Section 210

3. To a court order

4. To a funding agency or other specified agency in audits of entities that receive financial assistance from a government agency

(AU-C 250.A28)

Documentation

The auditor should document identified or suspected noncompliance and the related discussions with management, those charged with governance, and other internal or external parties. (AU-C 250.28)