Page 175 - Internal Auditing Standards
P. 175

Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts




        Non-compliance by the entity with laws and regulations could result in a material misstatement of the
        fi nancial statements.

        The responsibility for the prevention and detection of non-compliance with laws and regulations rests with
        management and those charged with governance. Management actions to address these risks could include:

        •     Maintaining a register of significant laws, and a record of any complaints received;
        •     Monitoring legal requirements and designing procedures/internal controls to ensure compliance with
              these requirements;
        •     Engaging legal advisors to assist in monitoring legal requirements; and

        •     Developing, publicizing, implementing, and following a code of conduct.

        When the auditor detects instances of non-compliance, the impact on the financial statements and other
        aspects of the audit (such as the integrity of management/employees) will need to be considered.

        Risk Assessment


            Paragraph #           Relevant Extracts from ISAs

            250.12                As part of obtaining an understanding of the entity and its environment in accordance with
                                  ISA 315, the auditor shall obtain a general understanding of:
                                  (a)  The legal and regulatory framework applicable to the entity and the industry or sector in
                                     which the entity operates; and
                                  (b)  How the entity is complying with that framework. (Ref: Para. A7)
            250.14                The auditor shall perform the following audit procedures to help identify instances of non-
                                  compliance with other laws and regulations that may have a material effect on the fi nancial

                                  statements: (Ref: Para. A9-A10)
                                  (a)  Inquiring of management and, where appropriate, those charged with governance, as to
                                     whether the entity is in compliance with such laws and regulations; and
                                  (b)  Inspecting correspondence, if any, with the relevant licensing or regulatory authorities.




        Risk assessment procedures involve obtaining a general understanding of the legal and regulatory framework
        and how the entity complies with that framework. This general understanding could include the matters set
        out below.

        Exhibit 15.2-2

          Address              Description

          Identifying Laws     What laws and regulations address:
          and Regulations
          Relevant to          •     The form and content of fi nancial statements?

          the Financial        •     Industry-specifi c financial reporting issues?
          Statements           •     Accounting for transactions under government contracts?
                               •     The accrual or recognition of expenses for income tax or pension costs?











                                                                                                                   173
   170   171   172   173   174   175   176   177   178   179   180