It’s long been said that CPAs should not assume the rule of legal counsel. That is true regardless of the level or type of service being provided. One place in particular is the professional requirements for CPAs in the AU-C 250: “Consideration of Laws and Regulations in an Audit of Financial Statements.” And yes, before going further, there are requirements within professional standards in which the auditor must consider, including the specific governmental engagements to test and report on compliance with laws or regulations. For the brief time here, I want to offer my thoughts on the requirements when performing an audit of financial statements. This applies to any audit of any financial statements.
We need to start with the premise directly from AU-C 250: “It is the responsibility of management and those charged with governance offering oversight, to ensure that the entity’s operations are conducted in accordance with the provisions of laws and regulations, including compliance with the provisions of laws and regulations that determine the reported amounts and disclosures in an entity’s financial statements.”
The auditor “is responsible for obtaining reasonable assurance that the financial statements as a whole are free from material misstatement, whether caused by fraud or error. In the audit, the auditor takes into account the applicable legal and regulatory framework.” The auditor is not responsible for preventing noncompliance and cannot be expected to detect noncompliance with all laws and regulations. That too, is from AU-C 250.
As an experienced auditor, that does seem to have its share of contradictions, but no more than the auditor’s overall objectives when conducting an audit. The use of materiality, performance measurement and professional judgment are just as applicable here as they are in other AU sections. The requirements do provide two categories to distinguish compliance with laws and regulations:
- The provisions of laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures, such as tax and pension laws and regulations.
- The provisions of other laws and regulations that have a direct effect on the amounts and disclosures but compliance may be fundamental to the operating aspects of the business, fundamental to an entity’s ability to continue its business, or necessary for the entity to avoid material penalties such terms as an operating license, regulatory solvency or environmental regulations.
In carrying out responsibilities, an auditor has to obtain an understanding of the environment which includes the legal and regulatory framework of the entity, including how the entity is complying with that framework. To do so, an auditor can use specialists, including tax professionals within their audit firm, and management representations and specialists. They can also request and inspect correspondence with licensing or regulatory authorities. Ultimately, auditors must remain alert throughout the audit procedures which may bring instances of noncompliance or suspected noncompliance with laws and regulations.
In the absence of identified or suspected noncompliance, the auditor is not required to perform audit procedures other than those discussed previously.
The challenge of the auditor as outlined above is indeed great. To determine those laws and regulations that have an effect on the material amounts and disclosures is surely difficult. For example, the specific considerations of environmental laws and regulations, the Affordable Care Act, OSHA and ERISA requirements, wage and hour rules…the list goes on and on. We need to stop somewhere and making the professional judgment of where is difficult to determine.
With that said, I cannot think of any other considerations that must be taken into account for an auditor to consider in regards to “obtain[ing] reasonable assurance that the financial statements as a whole are free from material misstatement, whether caused by fraud or error.”
Art Winstead is the Director of Accounting and Auditing Services for CPAmerica International. He has over 30 years of experience with DMJ & Co. PLLC. He manages technical resources, engagement support, audit practice matters, reviews A&A publications for CPAmerica and is a part of the Expert Services team.