MODULE 3:

CPA’S PROFESSIONAL RESPONSIBILITIES

I. Pre-test / Activity
1. What is the primary determinate of the difference between fraud and errors in financial
statement reporting?
A. Intent to deceive C. Level of management involved
B. Type of transaction affected D. Materiality of the misstatement

2. Which of the following acts are considered fraud?

I. Changing of records and documents
II. Misinterpretation of facts
III. Misappropriation of assets
IV. Recording of transactions without documentation
V. Clerical mistakes
A. I and II C. I, III and IV
B. III only D. I, II, III, IV and V

II. Learning Outcomes

At the end of the topic the students should be able to:
 Define the Auditor’s Responsibility and Liabilities in conducting an Audit
 Understand the Effects of Fraud in the Financial statements
 Understand the Effects of Errors in the Financial Statement
 Understand the Effects of Non-Compliance in the Financial Statement
 Know the different indicators of Fraud within the organization “Risk Factors”
 Know the best way to minimize Legal Liability towards the Client and Stakeholders

III. Content
AUDITOR’S LEGAL LIABILITIES
An auditor obtains a thorough understanding of the client to properly identify and assess risks that
may cause material misstatements in the financial statements. This is grounded on the auditor's
objective to obtain reasonable assurance that the financial information presented is fairly presented.
To attain this objective, the procedures of the auditor must be expanded to cover the roots of these
misstatements which are either due to fraud or error.
Furthermore, audit clients are subject to laws and regulations which may have a direct effect on the
financial statements. The impact of these matters will greatly vary from one entity to another, as such,
the auditor must consider this as part of audit planning to enable him to tailor the appropriate
responses.

CONSIDERATION FOR FRAUD WITHIN THE CLIENT’S ORGANIZATION

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
Fraud is a broad legal concept and may relate to various aspects of the business. As such, the auditor
is not expected to identify and evaluate all instances of fraudulent activities. For purposes of an audit,
the primary concern is on frauds that cause a material misstatement in the financial statements.

Types of Fraud
1. Fraudulent financial reporting involves intentional misstatements including omissions of
amounts or disclosures in financial statements to deceive financial statement users. This may
be caused by the efforts of management to manage earnings to deceive financial statement
users by influencing their perceptions of the entity's performance and profitability. Also
known as management fraud since it usually involves members of the management and those
charged with governance (TCWG).

Fraudulent financial reporting may be accomplished by the following:

 Manipulation, falsification (including forgery), or alteration of accounting records or
supporting documentation from which the financial statements are prepared.
 Misrepresentation in, or intentional omission from, the financial statements of events,
transactions, or other significant information.
 Intentional misapplication of accounting principles relating to amounts, classification,
manner of presentation, or disclosure.

Fraudulent financial reporting often involves management override of controls (MOOC) that
otherwise may appear to be operating effectively. Fraudulent financial reporting can be
committed by management overriding controls using such techniques as:
 Recording fictitious journal entries, particularly close to the end of an accounting period,
to manipulate operating results or achieve other objectives,
 Inappropriately adjusting assumptions and changing judgments used to estimate account
balances;
 Omitting, advancing, or delaying recognition in the financial statements of events and
transactions that have occurred during the reporting period;
 Concealing, or not disclosing, facts that could affect the amounts recorded in the financial
statements;
 Engaging in complex transactions that are structured to misrepresent the financial
position or financial performance of the entity; and
 Altering records and terms related to significant and unusual transactions.

2. Misappropriation of assets involves the theft of an entity's assets. This is also called
employee fraud since it is often perpetrated by employees in relatively small and immaterial
amounts.

Misappropriation is often accompanied by false or misleading records or documents to

conceal the fact that the assets are missing or have been pledged without proper authorization.
Misappropriation can be accomplished in a variety of ways including:
 Embezzling receipts (for example, misappropriating collections on accounts receivable
or diverting receipts in respect of written-off accounts to personal bank accounts);

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
  Stealing physical assets or intellectual property (for example, stealing inventory for
personal use or sale, stealing scrap for resale, colluding with a competitor by disclosing
technological data in return for payment);
 Causing an entity to pay for goods and services not received (for example, payments to
fictitious vendors, kickbacks paid by vendors to the entity's purchasing agents in return
for inflating prices, payments to fictitious employees); and
 Using an entity's assets for personal use (for example, using the entity's assets as collateral
for a personal loan or a loan to a related party).

Summary of Causes of Material Misstatements

Fraud Error
Intention Intentional (To deceive Intentional Unintentional
financial statement (To conceal assets that
users) are missing/ pledged
without proper
authorization)
Types Fraudulent financial Misappropriation of Various types (e.g.
reporting assets rounding, transposition,
errors of commission,
omissions, judgment)
Committed Management override Theft of entity's assets Mistake; misinterpretation
through of controls
Impact on audit procedures
Nature More extensive Less extensive
Timing Closer to period-end Interim period
Extent Higher sample sizes and procedures Lower sample sizes and
procedures
NOTES:
 Employee fraud can also involve management who are usually more able to disguise or conceal
misappropriations in ways that are difficult to detect.
 Employees could also take part in committing fraudulent financial reporting.
 Fraudulent activities that could affect the entity's financial statements may be committed by management
and or employees with or without the participation of an outsider or other parties.
Characteristics of Fraud
Fraud involves (1) incentive or pressure to commit fraud, (2) a perceived opportunity to do so, and
(3) some rationalization of the act. This concept is more popularly known as the fraud triangle.

Incentive/Pressure

The Fraud
Triangle

Opportunity Rationalization

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
Examples (lifted from PSA 240):
 Incentive or pressure to commit fraudulent financial reporting may exist when management
is under pressure, from sources outside or inside the entity, to achieve an expected (and
perhaps unrealistic) earnings target or financial outcome- particularly since the consequences
to management for failing to meet financial goals can be significant. Similarly, individuals
may have an incentive to misappropriate assets, for example, because the individuals are
living beyond their means.

 A perceived opportunity to commit fraud may exist when an individual believes internal
control can be overridden, for example, because the individual is in a position of trust or has
knowledge of specific weaknesses in internal control.

 Individuals may be able to rationalize committing a fraudulent act. Some individuals possess
an attitude, character, or set of ethical values that allow them knowingly and intentionally to
commit a dishonest act. However, even otherwise honest individuals can commit fraud in an
environment that imposes sufficient pressure on them.

Prevention and Detection of Fraud

Management/ Those The primary responsibility for the prevention and detection of fraud rests
Charged with with both those charged with governance (TCWG) of the entity and
Governance management. In connection with this, they shall place a strong emphasis
on the following:
1. Fraud prevention - to reduce opportunities for fraud
2. Fraud deterrence to persuade individuals not to commit fraud
because of the likelihood of detection and punishment
Auditor  To identify and assess the risks of material misstatement of the
financial statements due to fraud
 To obtain sufficient appropriate audit evidence about the assessed
risks of material misstatement due to fraud, through designing and
implementing appropriate responses, and
 To respond appropriately to identified or suspected fraud

Inherent Limitations of an Audit in the Context of Fraud

Owing to the inherent limitations of an audit, there is an unavoidable risk that some material
misstatements of the financial statements will not be detected, even though the audit is properly
planned and performed in accordance with PSAs.
 Fraud vs. error. The risk of not detecting a material misstatement resulting from fraud is
higher than the risk of not detecting a material misstatement resulting from error because fraud
may involve sophisticated and carefully organized schemes designed to conceal it, such as
forgery, deliberate failure to record transactions, or intentional misrepresentations being made
to the auditor.
 Management fraud vs. employee fraud. The risk of the auditor not detecting a material
misstatement resulting from management fraud is greater than employee fraud because

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
 management is frequently in a position to directly or indirectly manipulate accounting records
and present fraudulent financial information.

General Audit Procedures Relating to Fraud

Audit Procedures relating to Fraud

Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting
The following are examples of risk factors relating to misstatements arising from fraudulent financial
reporting.
Incentives/Pressures
1. Financial stability or profitability is threatened by economic, industry, or entity operating
conditions, such as (or as indicated by):
 High degree of competition or market saturation, accompanied by declining margins.
 High vulnerability to rapid changes, such as changes in technology, product obsolescence,
or interest rates.
 Significant declines in customer demand and increasing business failures in either the
industry or overall economy.
 Operating losses making the threat of bankruptcy, foreclosure, or hostile takeover
imminent.
 Recurring negative cash flows from operations or an inability to generate cash flows from
operations while reporting earnings and earnings growth.
 Rapid growth or unusual profitability especially compared to that of other companies in
the same industry.
 New accounting, statutory, or regulatory requirements.

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
 2. Excessive pressure exists for management to meet the requirements or expectations of third
parties due to the following:
 Profitability or trend level expectations of investment analysts, institutional investors,
significant creditors, or other external parties (particularly expectations that are unduly
aggressive or unrealistic), including expectations created by management in, for example,
overly optimistic press releases or annual report messages.
 Need to obtain additional debt or equity financing to stay competitive—including
financing of major research and development or capital expenditures.
 Marginal ability to meet exchange listing requirements or debt repayment or other debt
covenant requirements.
 Perceived or real adverse effects of reporting poor financial results on significant pending
transactions, such as business combinations or contract awards.

3. Information available indicates that the personal financial situation of management or those
charged with governance is threatened by the entity’s financial performance arising from the
following:
 Significant financial interests in the entity.
 Significant portions of their compensation (for example, bonuses, stock options, and earn-
out arrangements) being contingent upon achieving aggressive targets for stock price,
operating results, financial position, or cash flow.
 Personal guarantees of debts of the entity.

4. There is excessive pressure on management or operating personnel to meet financial targets

established by those charged with governance, including sales or profitability incentive goals.

Opportunities
1. The nature of the industry or the entity’s operations provides opportunities to engage in
fraudulent financial reporting that can arise from the following:
 Significant related-party transactions not in the ordinary course of business or with related
entities not audited or audited by another firm.
 A strong financial presence or ability to dominate a certain industry sector that allows the
entity to dictate terms or conditions to suppliers or customers that may result in
inappropriate or non-arm’s-length transactions.
 Assets, liabilities, revenues, or expenses based on significant estimates that involve
subjective judgments or uncertainties that are difficult to corroborate.
 Significant, unusual, or highly complex transactions, especially those close to period end
that pose difficult “substance over form” questions.
 Significant operations located or conducted across international borders in jurisdictions
where differing business environments and cultures exist.
 Use of business intermediaries for which there appears to be no clear business
justification.
 Significant bank accounts or subsidiary or branch operations in tax-haven jurisdictions
for which there appears to be no clear business justification.

2. The monitoring of management is not effective as a result of the following:

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
  Domination of management by a single person or small group (in a non-owner managed
business) without compensating controls.
 Oversight by those charged with governance over the financial reporting process and
internal control is not effective.

3. There is a complex or unstable organizational structure, as evidenced by the following:

 Difficulty in determining the organization or individuals that have controlling interest in
the entity.
 Overly complex organizational structure involving unusual legal entities or managerial
lines of authority.
 High turnover of senior management, legal counsel, or those charged with governance.

4. Internal control components are deficient as a result of the following:

 Inadequate monitoring of controls, including automated controls and controls over
interim financial reporting (where external reporting is required).
 High turnover rates or employment of accounting, internal audit, or information
technology staff that are not effective.
 Accounting and information systems that are not effective, including situations involving
material weaknesses in internal control.

Attitudes/Rationalizations
 Communication, implementation, support, or enforcement of the entity’s values or ethical
standards by management, or the communication of inappropriate values or ethical
standards, that are not effective.
 Nonfinancial management’s excessive participation in or preoccupation with the
selection of accounting policies or the determination of significant estimates.
 Known history of violations of securities laws or other laws and regulations, or claims
against the entity, its senior management, or those charged with governance alleging fraud
or violations of laws and regulations.
 Excessive interest by management in maintaining or increasing the entity’s stock price or
earnings trend.
 The practice by management of committing to analysts, creditors, and other third parties
to achieve aggressive or unrealistic forecasts.
 Management failing to correct known material weaknesses in internal control on a timely
basis.
 An interest by management in employing inappropriate means to minimize reported
earnings for tax-motivated reasons.
 Low morale among senior management.
 The owner-manager makes no distinction between personal and business transactions.
 Dispute between shareholders in a closely held entity.
 Recurring attempts by management to justify marginal or inappropriate accounting on the
basis of materiality.
 The relationship between management and the current or predecessor auditor is strained,
as exhibited by the following:

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
 o Frequent disputes with the current or predecessor auditor on accounting, auditing, or
reporting matters.
o Unreasonable demands on the auditor, such as unrealistic time constraints regarding
the completion of the audit or the issuance of the auditor’s report.
o Restrictions on the auditor that inappropriately limit access to people or information
or the ability to communicate effectively with those charged with governance.
o Domineering management behavior in dealing with the auditor, especially involving
attempts to influence the scope of the auditor’s work or the selection or continuance
of personnel assigned to or consulted on the audit engagement.

Risk Factors Arising From Misstatements Arising From Misappropriation of Assets

The following are examples of risk factors related to misstatements arising from misappropriation of
assets.
Incentives/Pressures
1. Personal financial obligations may create pressure on management or employees with access
to cash or other assets susceptible to theft to misappropriate those assets.
2. Adverse relationships between the entity and employees with access to cash or other assets
susceptible to theft may motivate those employees to misappropriate those assets. For
example, adverse relationships may be created by the following:
 Known or anticipated future employee layoffs.
 Recent or anticipated changes to employee compensation or benefit plans.
 Promotions, compensation, or other rewards inconsistent with expectations.

Opportunities
1. Certain characteristics or circumstances may increase the susceptibility of assets to
misappropriation. For example, opportunities to misappropriate assets increase when there are
the following:
 Large amounts of cash on hand or processed.
 Inventory items that are small in size, of high value, or in high demand.
 Easily convertible assets, such as bearer bonds, diamonds, or computer chips.
 Fixed assets which are small in size, marketable, or lacking observable identification of
ownership.
2. Inadequate internal control over assets may increase the susceptibility of misappropriation of
those assets. For example, misappropriation of assets may occur because there is the
following:
 Inadequate segregation of duties or independent checks.
 Inadequate oversight of senior management expenditures, such as travel and other
reimbursements. • Inadequate management oversight of employees responsible for assets,
for example, inadequate supervision or monitoring of remote locations.
 Inadequate job applicant screening of employees with access to assets.
 Inadequate record keeping with respect to assets.
 Inadequate system of authorization and approval of transactions (for example, in
purchasing).
 Inadequate physical safeguards over cash, investments, inventory, or fixed assets.
 Lack of complete and timely reconciliations of assets.

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
  Lack of timely and appropriate documentation of transactions, for example, credits for
merchandise returns.
 Lack of mandatory vacations for employees performing key control functions.
 Inadequate management understanding of information technology, which enables
information technology employees to perpetrate a misappropriation.
 Inadequate access controls over automated records, including controls over and review
of computer systems event logs.

Attitudes/Rationalizations
 Disregard for the need for monitoring or reducing risks related to misappropriations of
assets.
 Disregard for internal control over misappropriation of assets by overriding existing
controls or by failing to correct known internal control deficiencies.
 Behavior indicating displeasure or dissatisfaction with the entity or its treatment of the
employee.
 Changes in behavior or lifestyle that may indicate assets have been misappropriated.
 Tolerance of petty theft.

1. Obtain an understanding of the entity and its environment (& evaluate FRF)
a. Makes inquiries of management, TCWG, and others within the entity as appropriate and
obtains an understanding of how TCWG exercises oversight of management's processes for
identifying and responding to the risks of fraud and the internal control that management has
established to mitigate these risks.
b. Consider whether one or more fraud risk factors are present.
c. Considers any unusual or unexpected relationships that have been identified in performing
analytical procedures.
Common techniques include using regression analysis to create trends and identifying key
drivers, such as gross margin percentage and various asset turnover ratios to calculate
expectations in account balances.
2. Discussion among the Engagement Team
 Fraud Brainstorming
 Fraud Discussion
Note: When identifying and assessing the risks of material misstatement due to fraud, the auditor
shall presume that there are risks of fraud in revenue recognition. As such, the auditor needs to
evaluate which types of revenue, revenue transactions, or assertions give rise to such risks.
Further Audit Procedures and Related Activities
1. Responses to the risks of material misstatement due to fraud
The auditor should determine overall responses to address the assessed risks of material
misstatement due to fraud at the financial statement level and should design and perform further
audit procedures whose nature, timing, and extent are responsive to the assessed risks at the
assertion level.

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
 In determining overall responses to address the risks of material misstatement due to fraud at the
financial statement level the auditor should:
 Consider the assignment and supervision of personnel;
 Consider the accounting policies used by the entity; and
 Incorporate an element of unpredictability in the selection of the nature, timing, and extent of
audit procedures.

Audit procedures responsive to management override of controls (MOOC)

Management is in a unique position to perpetrate fraud because of management's ability to directly
or indirectly manipulate records and prepare fraudulent financial statements by overriding controls
that otherwise appear to be operating effectively.
To respond to the risk of management override of controls, the auditor should design and perform
audit procedures (JESt) to:
1. Test the appropriateness of Journal entries recorded in the general ledger and other adjustments
made in the preparation of financial statements;
2. Review accounting Estimates for biases that could result in material misstatement due to fraud;
and
3. Obtain an understanding of the business rationale of Significant transactions that the auditor
becomes aware of that are outside of the normal course of business for the entity, or that otherwise
appear to be unusual given the auditor's understanding of the entity and its environment.

Audit procedures responsive to risks of material misstatement due to fraud at the assertion level
The auditor's responses to address the assessed risks of material misstatement due to fraud at the
assertion level may include changing the nature, timing, and extent of audit procedures in the
following ways:
 The nature of audit procedures to be performed may need to be changed to obtain audit evidence
that is more reliable and relevant or to obtain additional corroborative information.
 The timing of substantive procedures may need to be modified. The auditor may conclude that
performing substantive testing at or near the period end better addresses an assessed risk of
material misstatement due to fraud.
The extent of the procedures applied reflects the assessment of the risks of material misstatement due
to fraud. For example, increasing sample sizes or performing analytical procedures at a more
detailed level may be appropriate.

2. Obtain management representations

The auditor should obtain written representations from management that:
a. It acknowledges its responsibility for the design and implementation of internal control to
prevent and detect fraud;
b. It has disclosed to the auditor the results of its assessment of the risk that the financial
statements may be materially misstated as a result of fraud;
c. It has disclosed to the auditor its knowledge of fraud or suspected fraud affecting the entity
involving:
 Management;

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
  Employees who have significant roles in internal control; or
 Others where the fraud could have a material effect on the financial statements; and
d. It has disclosed to the auditor its knowledge of any allegations of fraud, or suspected fraud,
affecting the entity's financial statements communicated by employees, former employees,
analysts, regulators; or others.

REPORTING OF FRAUD
To Management
The determination of which level of management is the appropriate one is a matter of professional
judgment and is affected by such factors as the likelihood of collusion and the nature and magnitude
of the suspected fraud. Ordinarily, the appropriate level of management is at least one level above the
persons who appear to be involved with the suspected fraud.
If the auditor has identified a fraud or has obtained information that indicates that a fraud may
exist, the auditor should communicate these matters as soon as practicable to the appropriate level of
management. This is so even if the matter might be considered inconsequential (for example, a minor
defalcation by an employee at a low level in the entity's organization).

To Those Charged with Governance (TCWG)

The auditor should communicate the following matters to TCWG as soon as practicable either in
writing or orally.
1. When the auditor has identified fraud involving management, employees who have significant
roles in internal control, or others where the fraud results in a material misstatement in the
financial statements
2. Significant deficiency in the design or implementation of internal control to prevent and detect
fraud which may have come to the auditor's attention

Moreover, if the integrity or honesty of management or TCWG is doubted, the auditor considers
seeking legal advice to assist in the determination of the appropriate course of action.

To Regulatory and Enforcement Authorities

The auditor's professional duty to maintain the confidentiality of client information may preclude
reporting fraud to a party outside the client entity. The auditor considers obtaining legal advice to
determine the appropriate course of action in such circumstances.

However, in certain circumstances, the duty of confidentiality may be overridden by regulatory

requirements, statutes, the law, or courts of law.

Reporting of Fraud
To Regulatory and Enforcement Authorities
Examples (lifted from PSA 240)
 Under a BSP requirement, the auditor of a financial institution has a statutory duty to report the
occurrence of fraud to the BSP.

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
  Under an SEC requirement, the auditor has a duty to report material audit findings, such as those
involving fraud or error, in those cases where management and TCWG fail to report those findings
to the SEC within the prescribed period.

Documentation
The items related to fraud listed below are required to be documented. The extent to which these
matters are documented is for the auditor to determine using professional judgment.
1. The documentation of the auditor's understanding of the entity and its environment and the
auditor's assessment of the risks of material misstatement should include:
a. The significant decisions reached during the discussion among the engagement team
regarding the susceptibility of the entity's financial statements to material misstatement
due to fraud; and
b. The identified and assessed risks of material misstatement due to fraud at the financial
statement level and the assertion level.
2. The documentation of the auditor's responses to the assessed risks of material misstatement
should include:
a. The overall responses to the assessed risks of material misstatements due to fraud at the
financial statement level and the nature, timing, and extent of audit procedures, and the
linkage of those procedures with the assessed risks of material misstatement due to fraud
at the assertion level; and
b. The results of the audit procedures, including those designed address the risk of
management override of controls.
3. The auditor should document communications about fraud made to management, TCWG,
regulators, and others.
4. When the auditor has concluded that the presumption that there is a risk of material
misstatement due to fraud related to revenue recognition is not applicable in the circumstances
of the engagement, the auditor should document the reasons for that conclusion.

CONSIDERATION OF LAWS AND REGULATIONS

Auditors are required to obtain an understanding of the entity and its environment to properly plan
the audit. As part of this understanding, the auditor shall obtain a general understanding of the
following:
1. The legal and regulatory framework applicable to the entity and the industry or sector in which
the entity operates, and
2. How the entity is complying with that framework.

This is an essential aspect because non-compliance with laws and regulations (NOCLAR) may
result in fines, litigation, or other consequences for the entity that may have a material effect on the
financial statements.
Effect of Laws and Regulations on the Financial Statements
The effect on financial statements of laws and regulations varies considerably. From the auditor's
perspective, laws and regulations may be categorized into two: (1) Has a direct effect on Financial
Statements (FS), and (2) No direct effect on FS.

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
 Effect of Laws and Regulations
Has a direct effect on FS No direct effect on FS
Impact on the Affects the entity's FS such as its form Affects the entity's operations
entity and content, industry-specific financial and may cause it to cease
reporting issues, accounting for operations, or call into
government transactions, or accrual/ question its continuance as a
recognition of expenses for income tax going concern
or pension costs
Examples Taxation; Pension laws and regulations Terms of an operating
license; Regulatory solvency
requirements; environmental
regulations
Auditor's Obtain sufficient appropriate audit Limited to undertaking
responsibility evidence regarding compliance specified audit procedures to
(i.e., positive confirmation), and help identify non-compliance
(i.e., negative confirmation),
Respond appropriately in case of non- and
compliance
Respond appropriately in
case of non-compliance

Non-Compliance with Laws and Regulations

Non-compliance pertains to acts of omission or commission, intentional or unintentional, committed
by the entity, or by those charged with governance, by management, or by other individuals working
for or under the direction of the entity, which is contrary to the prevailing laws or regulations.

Such acts include transactions entered into by, or in the name of, the entity, or on its behalf, by those
charged with governance, management, or employees.

Non-compliance does not include personal misconduct (unrelated to the business activities of the
entity) by those charged with governance, management, or employees of the entity.

Responsibility for the Compliance with Laws and Regulations

Management/ It is the responsibility of management, with the oversight of TCWG, to
Those Charged ensure that the entity's operations are conducted in accordance with laws
with and regulations, including compliance with the provisions of laws and
Governance regulations that determine the reported amounts and disclosures in an
entity's financial statements.
Consequently, the responsibility for the prevention and detection of non-
compliance rests with management and those charged with governance.
Auditor The auditor is not, and cannot be held responsible for preventing non-
compliance. The fact that an annual audit is carried out may, however, act
as a deterrent.

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
Prevention and Detection of Non-compliance
The following policies and procedures, among others, may assist those charged with governance and
management in discharging their responsibilities for the prevention and detection of noncompliance:
 Monitoring legal requirements and ensuring that operating procedures are designed to meet
these requirements.
 Instituting and operating appropriate systems of internal control.
 Developing, publicizing, and following a Code of Conduct.
 Ensuring employees are properly trained and understand the Code of Conduct.
 Monitoring compliance with the Code of Conduct and acting appropriately to discipline
employees who fail to comply with it. Engaging legal advisors to assist in monitoring legal
requirements. Maintaining a register of significant laws with which the entity has to comply
within its particular industry and a record of complaints.

In larger entities, these policies and procedures may be supplemented by assigning appropriate
responsibilities to:
 An internal audit function.
 An audit committee.
 A compliance function.

Inherent limitations of an audit in the context of non-compliance

An audit is subject to the unavoidable risk that some material misstatements of the financial
statements will not be detected, even though the audit is properly planned and performed in
accordance with PSAs. This risk is higher with regard to material misstatements resulting from
noncompliance with laws and regulations due to factors such as:
 There are many laws and regulations, relating principally to the operating aspects of the entity
that typically do not have a material effect on the financial statements and are not captured by
the entity's information systems relevant to the audit.
 Non-compliance may involve conduct designed to conceal it, such as collusion, forgery,
deliberate failure to record transactions, senior management override of controls, or
intentional misrepresentations being made to the auditor.
 Much of the evidence obtained by the auditor is persuasive rather than conclusive in nature.
 Whether an act constitutes non-compliance is ultimately a matter for legal determination by
a court of law.

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
General Audit Procedures Relating to Laws and Regulations

Audit Procedures relating to Laws and Regulations

PSA 250 (Revised) provides guidance regarding the procedures required to be performed by the
auditor in relation to laws and regulations that affect the audit client.
The procedures discussed are in line with the responsibilities of professional accountants regarding
non-compliance that are found in the Code of Ethics.

Risk Assessment Procedures and Related Activities

1. Obtain an understanding of the entity and its environment
When planning and performing audit procedures and evaluating and reporting the results
thereof, the auditor should recognize that noncompliance by the entity with laws and
regulations may materially affect the financial statements. However, an audit cannot be
expected to detect noncompliance with all laws and regulations.

To plan the audit, the auditor should obtain a general understanding of the legal and regulatory
framework applicable to the entity and the industry and how the entity is complying with that
framework.

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
 To obtain a general understanding of laws and regulations, the auditor would ordinarily:
 Use the existing knowledge of the entity's industry and business.
 Inquire of management concerning the entity's policies and procedures regarding
compliance with laws and regulations.
 Inquire of management as to the laws or regulations that may be expected to have a
fundamental effect on the operations of the entity.
 Discuss with management the policies or procedures adopted for identifying, evaluating,
and accounting for litigation claims and assessments.
 Discuss the legal and regulatory framework with auditors of subsidiaries in other
countries (for example, if the subsidiary is required to adhere to the securities regulations
of the parent company).

After obtaining the general understanding, the auditor should perform procedures to help
identify instances of noncompliance with those laws and regulations where non-compliance
should be considered when preparing financial statements, specifically:
 Inquiring of management as to whether the entity complies with such laws and
regulations.
 Inspecting correspondence with the relevant licensing or regulatory authorities.

Further Audit Procedures and Related Activities

1. Obtain sufficient appropriate evidence
The auditor should obtain sufficient appropriate audit evidence regarding compliance with
those laws and regulations generally recognized by the auditor to have a direct effect on the
determination of material amounts and disclosures in financial statements.
During the audit, the auditor should be alert to the fact that procedures applied for the purpose
of forming an opinion on the financial statements may bring instances of possible non-
compliance with laws and regulations to the auditor's attention.

2. Request for management representations

The auditor shall request management, and where appropriate, those charged with
governance, to provide written representations that all known actual or possible non-
compliance with laws and regulations whose effects should be considered when preparing
financial statements have been disclosed to the auditor.

3. Identified or Suspected NOCLAR

When the auditor becomes aware of information concerning a possible instance of
noncompliance, the auditor shall perform the following procedures
a. The auditor shall obtain:
 An understanding of the nature of the act and the circumstances in which it has
occurred
 Sufficient other information to evaluate the possible effect on the financial
statements.

b. If the auditor suspects there may be non-compliance, the auditor shall discuss the matter
with management and, where appropriate, those charged with governance. The purpose
of this is to obtain sufficient information that supports that the entity complies with laws

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
 and regulations when, in the auditor's judgment, the effect of the suspected
noncompliance may be material to the financial statements.
 If management or, as appropriate, those charged with governance do not provide
sufficient information the auditor shall consider the need to obtain legal advice.
 If sufficient information about suspected non-compliance cannot be obtained, the
auditor shall evaluate the effect of the lack of sufficient appropriate audit evidence
on the auditor's opinion.

c. The auditor shall evaluate the implications of non-compliance in relation to other aspects
of the audit, including the auditor's risk assessment and the reliability of written
representations, and take appropriate action.

d. The auditor may discuss the findings with those charged with governance where they
may be able to provide additional audit evidence. For example, the auditor may confirm
that those charged with governance have the same understanding of the facts and
circumstances relevant to transactions or events that have led to the possibility of non-
compliance with laws and regulations.

Reporting of NOCLAR
To Those Charged with Governance
Unless all of those charged with governance are involved in the management of the entity, the
auditor shall communicate with those charged with governance matters involving non-compliance
with laws and regulations that come to the auditor's attention during the course of the audit, other
than when the matters are clearly inconsequential.

If, in the auditor's judgment, the non-compliance referred is believed to be intentional and material,
the auditor shall communicate the matter to those charged with governance as soon as practicable.

If the auditor suspects that management or those charged with governance are involved in non-
compliance, the auditor shall communicate the matter to the next higher level of authority at the
entity, if it exists, such as an audit committee or supervisory board. Where no higher authority
exists, or if the auditor believes that the communication may not be acted upon or is unsure as to
the person to whom to report, the auditor shall consider the need to obtain legal advice.

Moreover, in certain cases, communication with management or those charged with governance
may be restricted or prohibited by law or regulation.

Example (lifted from PSA 250 Revised): Tipping-off provisions that might prejudice an
investigation by an appropriate authority into an actual, or suspected, non-compliance.

In the Auditor's Report on the Financial Statements

The following are the possible effects of non-compliance in the auditor's report:
Circumstance Opinion
NOCLAR has not been adequately reflected in the financial statements Qualified or
Adverse

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
 The auditor is precluded by management or those charged with Qualified or
governance from obtaining sufficient appropriate audit evidence to Disclaimer
evaluate identified/suspected NOCLAR
The auditor is unable to determine whether non-compliance has Evaluate resulting
occurred because of limitations imposed by the circumstances modification based
on circumstances

The entity does not take the remedial action that the auditor considers Consider withdrawal
necessary in the circumstances from the
engagement

To Regulatory and Enforcement Authorities

If the auditor has identified or suspects non-compliance with laws and regulations, the auditor shall
determine whether the auditor has a responsibility to report the identified or suspected non-
compliance to parties outside the entity.

Although the auditor's professional duty to maintain the confidentiality of client information may
ordinarily preclude such reporting, the auditor's legal responsibilities may override the duty of
confidentiality in some circumstances.

Communication to an appropriate authority outside the entity may be required or appropriate in the
circumstances because of the following conditions:
1. Law, regulation, or relevant ethical requirements require the auditor to report
Examples (lifted from PSA 250 Revised)
 In some jurisdictions, statutory requirements exist for the auditor of a financial
institution to report the occurrence, or suspected occurrence, of non-compliance with
laws and regulations to a supervisory authority.
 Misstatements may arise from non-compliance with laws or regulations and, in some
jurisdictions, the auditor may be required to report misstatements to an appropriate
authority in cases where management or those charged with governance fail to take
corrective action.

2. The auditor has determined reporting is an appropriate action to respond to identified or

suspected non-compliance in accordance with relevant ethical requirements, or
Example (lifted from PSA 250 Revised): The Code of Ethics for Professional Accountants
requires the auditor to take steps to respond to identified or suspected non-compliance with
laws and regulations and determine whether further action is needed, which may include
reporting to an appropriate authority outside the entity. If this is the case, such reporting
would not be considered a breach of the duty of confidentiality.

3. Law, regulation, or relevant ethical requirements provide the auditor with the right to do so.
Example (lifted from PSA 250 Revised): When auditing the financial statements of
financial institutions, the auditor may have the right under law or regulation to discuss
matters such as identified or suspected non-compliance with laws and regulations with a
supervisory authority.

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
 To Other Auditor
The auditor shall consider the necessity of communicating identified or suspected non-compliance
with laws and regulations to other auditors (e.g., in an audit of group financial statements).

To Proposed Auditor
On receipt of an inquiry from the proposed auditor, the existing auditor should advise whether there
are any professional reasons why the proposed auditor should not accept the appointment or
engagement. The extent to which an existing auditor can discuss the affairs of a client with a
proposed auditor will depend on whether the client's permission to do so has been obtained and/or
the legal or ethical requirements that apply relating to such disclosure.

Documentation
The auditor shall include in the audit documentation identified or suspected non-compliance with
laws and regulations and:
 The audit procedures performed, the significant professional judgments made and the conclusions
reached thereon, and
 The discussions of significant matters related to the non-compliance with management, those
charged with governance, and others, including how management and, where applicable, those
charged with governance have responded to the matter.

The auditor's documentation of findings regarding identified or suspected non-compliance with laws
and regulations may include, for example:
 Copies of records or documents.
 Minutes of discussions held with management, those charged with governance, or parties outside
the entity.

Note: Law, regulation, or relevant ethical requirements may also set out additional
documentation requirements regarding identified or suspected non-compliance with laws and
regulations (NOCLAR).

Indication That Noncompliance May Have Occurred

Examples of the type of information that may come to the auditor’s attention that may indicate that
noncompliance with laws and regulations has occurred are listed below (lifted from PSA 250):
 Investigations by regulatory organizations and government departments or payment of fines or
penalties.
 Payments for unspecified services or loans to consultants, related parties, employees or
government employees.
 Sales commissions or agent’s fees that appear excessive in relation to those ordinarily paid by
the entity or in its industry or to the services actually received.
 Purchasing at prices significantly above or below market price.
 Unusual payments in cash, purchases in the form of cashiers’ checks payable to bearer or
transfers to numbered bank accounts.
 Unusual transactions with companies registered in tax havens.

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph
  Payments for goods or services made other than to the country from which the goods or services
originated.
 Payments without proper exchange control documentation.
 Existence of an information system which fails, whether by design or by accident, to provide
an adequate audit trail or sufficient evidence.
 Unauthorized transactions or improperly recorded transactions.
 Adverse media comment

IV. Activity
Discussion Questions
1. What are the differences between fraud and error?
2. What are the two types of fraud relevant to the audit of financial statements?
3. How do attitude, character, and ethical values relate to the commission of a dishonest act?
4. Why is there an unavoidable risk that material misstatements resulting from fraud may not be
detected by the auditor?
5. What are the responsibilities of the auditor relating to non-compliance with relevant laws and
regulations?

V. References
Auditing & Assurance Principles, 2022, Escala, Bercasio, and Carandang
Auditing Theory, 2021, Salosagcol, Tiu, and Hermosilla
PSA 240 & 250

SM Baliwag Complex, Dona Remedios Trinidad Highway, Brgy. Pagala, Baliwag, Bulacan
(+63) 927-533-0342 – (+63) 923-949-5265 admissions-nubaliwag@nu.edu.ph