was properly authorized
Considering whether other similar transactions may have occurred
Applying procedures to identify other similar transactions
(AU-C 250.A20)
The auditor should inquire of management at a level above those involved, if possible. If the effect may be material and management or those charged with management do not provide satisfactory information that there has been no noncompliance, the auditor should:
Consider the need to seek legal advice (AU-C 250.18)
Evaluate the effect on the opinion (AU-C 250.19)
Evaluate the implication on other areas of the audit—for example, the assessment of audit risk (AU-C 250.20)
However, aside from the requirements above and absent specific information concerning possible noncompliance, the auditor does not need to perform any further procedures in this area. AU-C 580, Written Representations, requires the auditor to obtain a written representation from management concerning the absence of noncompliance with laws or regulations. (AU-C 250.16)
Response to Identified or Suspected Noncompliance with Laws and Regulations
When the auditor becomes aware of information about a possible noncompliance, the auditor should obtain an understanding of:
The nature of the possible noncompliance,
The circumstances in which the act occurred, and
Sufficient other information to allow the auditor to consider the effect on the financial statements.
Investigations by regulatory agencies
Payment of fines or penalties
Excessive in relation to those ordinarily paid sales commissions or agent’s fees
Purchases significantly above or below market prices
Unusual transactions with companies in tax havens
Unauthorized transactions
Improperly reported transactions
Negative comments in the media, including social media
Existence of an information system that does not provide adequate trails or sufficient evidence
Payments made to a country different from the one from which the goods or services originated
Noncompliance with laws or regulations cited in reports of examinations by regulatory agencies that have been made available to the auditor
Unusual payments in cash
Large payments for unspecified services to consultants, related parties, affiliates, or employees or government employees or officials
Failure to file tax returns or pay government duties or similar fees that are common to the entity’s industry or the nature of its business
(AU-C 250.A19)
If management or those charged with governance do not provide sufficient evidence to support the entity’s compliance, the auditor may consider consulting with the client’s legal counsel (with the client’s permission) or other specialists about applying relevant laws and regulations to the circumstances and the possible effects on the financial statements. (AU-C 250.A23)
Evaluation of Detected or Suspected Noncompliance with Laws and Regulations
The auditor should consider the quantitative and qualitative aspects of the noncompliance. Loss contingencies resulting from noncompliance that may be required to be disclosed should be evaluated similar to other loss contingencies. (AU-C 250.A21)
The auditor should consider the implications of noncompliance for the rest of the audit, particularly whether the auditor can rely on client representations. Factors to consider include the relationship of the perpetration and concealment, if any, of the noncompliance to specific control procedures and the level of management or employees involved. (AU-C 250.A24)
Even when the noncompliance is not material to the financial statements, the auditor may decide to withdraw from the engagement when the client does not take the remedial action the auditor considers necessary in the circumstances. (AU-C 250.A25)
Reporting Identified or Suspected Noncompliance
Internal Communications
The auditor should communicate with those charged with governance to make sure they are adequately informed about noncompliance that came to the auditor’s attention. (AU-C 250.21) (If senior management is involved in the noncompliance, the auditor should communicate directly with those charged with governance.) If the noncompliance is believed to be intentional and material, the auditor should communicate with those charged with governance as soon as practicable. (AU-C 250.22)
Since clearly inconsequential matters need not be communicated to those charged with governance, the auditor may agree in advance with the audit committee on the nature of matters to be communicated.
Any communication regarding noncompliance or suspected noncompliance should describe:
The noncompliance
The circumstances of its occurrence
The financial statement effect
(AU-C 250.A26)
Effect on the Audit Report
If the auditor concludes that the noncompliance that has a material effect on the financial statements has not been properly accounted for or disclosed, the auditor should issue a qualified or an adverse opinion in accordance with AU-C 705, Modifications to the Opinion in the Independent Auditor’s Report. (AU-C 250.24)
If the client prevents the auditor from obtaining sufficient competent evidential matter to evaluate whether noncompliance that could be material to the financial statements has occurred or is likely to have occurred, the auditor should express a qualified opinion or disclaim an opinion in accordance with AU-C 705. (AU-C 250.25)
If the client refuses to accept the auditor’s report as modified because of noncompliance, the auditor should withdraw from the engagement and communicate, in writing, the reasons for withdrawal to the audit committee or to those charged with governance. (AU-C 250.A27)
External Communications
Normally, disclosing noncompliance with laws or regulations outside the client’s organization would be precluded by the auditor’s ethical or legal obligation of confidentiality. However, the auditor should determine whether there is a responsibility to report the matter to outside parties. (AU-C 250.27) The auditor should recognize that in the following circumstances, a duty to notify parties outside the client may exist:
To the SEC when the client reports an auditor change on Form 8-K (or to comply with other legal and regulatory requirements, such as Section 10A of the Securities Exchange Act of 1934)
To a successor auditor under Section 210
To a court order
To a funding agency or other specified agency in audits of entities that receive financial assistance from a government agency
(AU-C 250.A28)
Documentation
The