should be aware that specific information such as the following may raise a question concerning possible noncompliance:
1. Noncompliance with laws or regulations cited in reports of examinations by regulatory agencies that have been made available to the auditor
2. Unusual payments in cash
3. Large payments for unspecified services to consultants, affiliates, or employees
4. Failure to file tax returns or pay government duties or similar fees that are common to the entity's industry or the nature of its business
In addition to procedures previously mentioned, the auditor may apply other procedures, if necessary, to further understand the nature of noncompliance that has come to the auditor's attention. The additional procedures might include:
a. Examining supporting documents, such as invoices
b. Confirming significant information with other parties to the transaction
c. Determining if the transaction was properly authorized
d. Considering whether other similar transactions may have occurred
e. Applying procedures to identify other similar transactions
(AU-C 250.A20)
The auditor should inquire of management at a level above those involved, if possible. If the effect may be material and management or those charged with management do not provide satisfactory information that there has been no noncompliance, the auditor should:
● Consider the need to seek legal advice (AU-C 250.18)
● Evaluate the effect on the opinion (AU-C 250.19)
● Evaluate the implication on other area of the audit – for example, the assessment of audit risk (AU-C 250.20)
If management or those charged with governance do not provide sufficient evidence to support the entity's compliance, the auditor may consider consulting with the client's legal counsel (with the client's permission) or other specialists about applying relevant laws and regulations to the circumstances and the possible effects on the financial statements. (AU-C 250.A23)
Evaluation of Detected or Suspected Noncompliance with Laws and Regulations
The auditor should consider the quantitative and qualitative aspects of the noncompliance. Loss contingencies resulting from noncompliance that may be required to be disclosed should be evaluated similar to other loss contingencies. (AU-C 250.A21)
The auditor should consider the implications of noncompliance for the rest of the audit, particularly whether the auditor can rely on client representations. (AU-C 250.A24) Factors to consider include the relationship of the perpetration and concealment, if any, of the noncompliance to specific control procedures and the level of management or employees involved.
Even when the noncompliance is not material to the financial statements, the auditor may decide to withdraw from the engagement when the client does not take the remedial action the auditor considers necessary in the circumstances. (AU-C 250.A25)
Reporting Identified or Suspected Noncompliance
Internal Communications
The auditor should communicate with those charged with governance to make sure they are adequately informed about noncompliance that came to the auditor's attention. (AU-C 250.21) (If senior management is involved in the noncompliance, the auditor should communicate directly with those charged with governance.) If the noncompliance is believed to be intentional and material, the auditor should communicate with those charged with governance as soon as practicable.
Since clearly inconsequential matters need not be communicated to those charged with governance, the auditor may agree in advance with the audit committee on the nature of matters to be communicated.
Any communication regarding noncompliance or suspected noncompliance should describe:
1. The noncompliance
2. The circumstances of its occurrence
3. The financial statement effect
(AU-C 250.A26)
Effect on the Audit Report
If the auditor concludes that the noncompliance that has a material effect on the financial statements has not been properly accounted for or disclosed, the auditor should issue a qualified or an adverse opinion in accordance with AU-C 705, Modifications to the Opinion in the Independent Auditor's Report. (AU-C 250.24)
If the client prevents the auditor from obtaining sufficient competent evidential matter to evaluate whether noncompliance that could be material to the financial statements has occurred or is likely to have occurred, the auditor should express a qualified opinion or disclaim an opinion in accordance with AU-C 705. (AU-C 250.25)
If the client refuses to accept the auditor's report as modified because of noncompliance, the auditor should withdraw from the engagement and communicate, in writing, the reasons for withdrawal to the audit committee or to those charged with governance. (AU-C 250.A27)
External Communications
Normally, disclosing noncompliance with laws or regulations outside the client's organization would be precluded by the auditor's ethical or legal obligation of confidentiality. However, the auditor should determine whether there is a responsibility to report the matter to outside parties. (AU-C 250.27) The auditor should recognize that in the following circumstances, a duty to notify parties outside the client may exist:
1. To the SEC when the client reports an auditor change on Form 8-K (or to comply with other legal and regulatory requirements, such as Section 10A of the Securities Exchange Act of 1934)
2. To a successor auditor under Section 210
3. To a court order
4. To a funding agency or other specified agency in audits of entities that receive financial assistance from a government agency
(AU-C 250.A28)
Documentation
The auditor should document identified or suspected noncompliance and the related discussions with management, those charged with governance, and other internal or external parties. (AU-C 250.28)
AU-C 260 THE AUDITOR'S COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE
AU-C Original Pronouncements
AU-C Definitions of Terms
Source: AU-C 260.06
Management. The person(s) with executive responsibility for the conduct of the entity's operations. For some entities, management includes some or all of those charged with governance; for example, executive members of a governance board or an owner-manager.
Those charged with governance. The person(s) or organization(s) (for example, a corporate trustee) with responsibility for overseeing the strategic direction of the entity and the obligations related to
