2. • RESPONDING TO NON-COMPLIANCE WITH LAWS AND REGULATIONS
(NOCLAR)
3. • NOCLAR is defined as acts of commission or omission, intentional or
unintentional, committed by a client or those charged with
governance…contrary to laws or regulations.
•
5. The expectation gap in audit
• The difference between what
the public expects from the
auditing profession and what the
auditing profession actually
provides.
• ACCA defines the expectation
gap in audit as ‘the difference
between what the general public
thinks auditors do and what the
general public would like
auditors to do’.
6. The expectation gap in audit
• The expectation gap in audit is a topic that
attracts attention. It broadly measures
public concern about audit.
• Historically, some in the profession might
have portrayed the gap as being due to the
public’s lack of understanding rather than
being a legitimate concern.
• Even though there might be a gap in
knowledge, that doesn’t cancel the calls for
auditors to do more or better.
• Everyone closely connected to the audit
profession, from regulators to the general
public, will need to work together in order
to close the expectation gap.
7. Some examples of the misunderstandings inherent
in the public’s expectations are as follows:
• The public believes that the audit
opinion in the audit report amounts to
a ‘certificate’ that the financial
statements are correct and can be
relied upon for all decision-making
purposes.
• The public also believes that the
auditor has a duty to prevent and
detect fraud and that this is one
reason for an audit.
• The public assumes that, in carrying
out his audit work, the auditor tests
100% of the transactions undertaken
during the accounting period.
8. The three gaps
• The performance gap focuses
on areas where auditors do not
do what auditing standards or
regulations require.
• This could be because of
insufficient focus on audit
quality or differences in
interpretation of auditing
standard between practitioners
and regulators.
9. Bridging the audit gap-Proper education
• User of financial statements must understand
that it is not the responsibility of auditor to
detect fraud as public thinks that audit is only
for the purpose to detect fraud.
• Audit work is based on sampling which
means that auditor does not verify all the
transaction so absolute assurance cannot be
given.
• General purpose financial statements are
prepared for general use of the users so
special nature of decision making should not
be made.
• Audit report should mention the nature of
work auditor carried out and that their
opinion is based on the information provided
to them and to the best of their knowledge
and belief.
10. Management’s responsibilities
• ISA 250 states that It is the responsibility
of management, with the oversight of
those charged with governance,:
• to ensure that the entity’s operations are
conducted in accordance with the provisions
of laws and regulations,
• including compliance with the provisions of
laws and regulations that determine reported
amounts and disclosures in an entity’s
financial statements.
• Management’s responsibilities will be
easier to meet if there is a good internal
control system, an internal audit
department and an audit committee.
11. Auditor’s responsibilities
• ISA 250 also states “the auditor is not responsible for
preventing non-compliance and cannot be expected to detect
non-compliance with all laws and regulations”.
• However, overall the auditor is responsible for identifying
material misstatements whether caused by fraud or error but
the ISA recognizes that the risk of the auditor failing to detect
material misstatements arising because of non-compliance can
be increased because:
• There are many laws and regulations that do not directly
affect the financial statements.
• Non-compliance might be accompanied by deliberate
concealment.
• Whether an act amounts to non-compliance is ultimately a
matter for the court or regulators
12. The auditor’s responsibilities for compliance
• ISA 250 distinguishes the auditor’s responsibilities for compliance between
two categories of laws and regulations:
• Those that have a direct effect on the financial statements (eg tax and
pension laws).
• Here, the auditor must obtain sufficient appropriate audit evidence regarding
compliance with these laws. This is, essentially a positive confirmation.
• Those that do not have a direct effect on the financial statements, but may
be fundamental to business operations, going concern or the avoidance of
material penalties.
• Here, the auditor’s responsibility is limited to undertaking procedures to help the
identification of non-compliance where this could have a material effect on the
financial statements. This is, essentially, a negative confirmation
13. Responding to Non-Compliance with Laws
and Regulations (NOCLAR)
If non-compliance is discovered:
• Understand
• Discuss/advise/deter/disclose(if required)
• Consider audit opinion
• Consider effects on other aspects of the audit
• Report non-compliance to those charged with governance
• Report to members: if not reflected in the FS-Qualify
• If in public interest to disclose to authorities, do so rather than simply
withdrawing
• Disclose in good faith, do not breach confidentiality
21. In South Africa- Steinhoff
• JOHANNESBURG (Reuters) - South African
retailer Steinhoff said an independent report
had found it had overstated profits over
several years in a $7.4 billion accounting
fraud involving a small group of top
executives and outsiders.
• Steinhoff first disclosed the hole in its
accounts in December 2017, shocking
investors who had backed its reinvention
from a small South African outfit to a
multinational retailer at the vanguard of the
European discount furniture retail industry.
22. Steinhoff cont’d
• In the country’s biggest corporate scandal, an investigation carried out by
PwC found the firm recorded fictitious or irregular transactions totaling 6.5
billion euros ($7.4 billion) over a period covering the 2009 and 2017
financial years, according to a summary of the findings posted on the
Steinhoff company website.
• Investigators found that a small group of former Steinhoff executives and
individuals from outside the company, led by an identified “senior
management executive,” implemented the deals, which substantially
inflated the group’s profit and asset values.
• South Africa’s financial regulator fined Steinhoff International Holdings
NV a record 53 million rand ($3.6 million) for failing to properly disclose
accounting problems and is probing at least 10 individuals in connection
with the late-2017 scandal.
23. Who might sue an auditor and why?
- A client may sue an auditor for failing
to discover a defalcation (common law
liability to client)
24. Who might sue an auditor and why?
- a client
- A third party may sue an auditor; e.g.,
a bank may sue an auditor for failing to
discover that a borrower’s financial
statements are partially misstated
(common law liability to third
parties)
25. Who might sue an auditor and why?
- a client
- a third party
- A combined group of shareholders may
sue an auditor for not discovering
materially misstated financial
statements (liability under
provincial securities acts)
26. Who might sue an auditor and why?
- a client
- a third party
- a combined group of shareholders
- The government of Ghana may
prosecute an auditor for
knowingly issuing an
incorrect audit report
(criminal liability)
27. SOURCES OF LEGAL LIABILITIES
Auditors’ and accountants’ liability can arise from three branches of the law:
• Statute: for example if the accountant has been appointed as a liquidator
of a company they can be regarded as officers of the company and could
be subject to criminal proceedings. This is rare.
• Contract law: the letter of engagement sets out what the auditors and the
client will do. For example the auditors undertake to give reasonable
assurance about the financial statements. If the auditors carry out their
work with due care and skill they will not be liable under contract law.
• Tort law: the tort of negligence allows any injured party, not necessarily a
party who has a contractual relationship with the auditor, to pursue the
auditor for damages if they have suffered loss caused by the auditor’s
negligence.
• This is the area where there is potentially most difficulty.
29. The tort of negligence
An injured party has to show three things
if the tort of negligence is to be proved:
• That a duty of care exists.
• The act of the accountant must be
sufficiently close to the damage
(proximity).
• This is presumed to exist between an
auditor and the audit client.
• However, with other relationships this is
more difficult to establish.
• That the duty of care was breached.
• That the breach caused financial loss.
30. The duty of care
For a duty of care to be owed by an
auditor to a third party, a 'three-fold
test' must be satisfied:
• The auditor knew or should have
known that that person would rely on
the auditor’s work (ie damage was
foreseeable).
• The third party has sufficient
proximity (effectively, ‘close enough’
to reasonably rely on the auditor’s
work).
• It must be ‘fair, just and reasonable’ to
impose a liability on the auditor.
32. Liability to Third Parties under
Common Law
In recent years, the courts have broadened
the Ultramares Doctrine to allow recovery by
third party foreseen users.
An even broader interpretation of the rights of
third-party beneficiaries is to use the concept
of foreseeable users.
?
33. Liability to Third Parties under
Common Law
In recent years, the courts have broadened
the Ultramares Doctrine to allow recovery by
third party foreseen users.
An even broader interpretation of the rights of
third-party beneficiaries is to use the concept
of foreseeable users.
users
that the auditor
should have reasonably
been able to foresee as
being likely users of
financial statements
34. Case 1: Caparo Industries v Dickman (1990)
• Caparo sued an auditor after buying shares in a company they
claimed was overvalued because of inaccurate financial statements.
They claimed that the auditor owed potential investors a duty of care.
• The claim was unsuccessful
• It was held by the House of Lords that the financial statements are
prepared for existing shareholders, as a class, and that the auditor has
no common law duty to individual investors (whether existing or
prospective).
35. Case 2:Royal Bank of Scotland v Bannerman (2002)
•
• Bannerman was the auditor and issued ‘clean’ auditor's reports for a client.
The client was a customer of the Royal Bank of Scotland and used the
financial statements to support a successful loan application. The financial
statements greatly overstated the company's assets and profitability as the
result of alleged fraud.
• The claim was successful:
• The court held that the auditor knew that the bank would rely on the
accounts for lending decisions and therefore owed the bank a duty of care.
• The court stated that if the auditor's report had contained a disclaimer
warning that only members of the company should rely on it then there
would be no duty of care to third parties.
36. • The courts have been reluctant to extend the concept of duty of
care to third parties such as suppliers, lenders and potential
investors.
• Auditors will have exercised sufficient professional care if:
• They keep up to date with current approaches to auditing. They apply
ISAs and ethical standards and safeguards.
• They comply with the terms of the engagement letter.
• They apply an adequate system of quality control: assignment of staff,
direction of staff, review of work.
• They undergo adequate supervision and education and training.
37. Recently-Disclaimer clause in audit report
• Since the Bannerman case it has become routine for audit firms in the
UK to include a disclaimer clause in their reports. For example:
• "This report is made solely to the company's members, as a body, in
accordance with [Companies Act 2006]. Our audit work has been
undertaken so that we might state to the company's members those
matters we are required to state to them in an auditors report and for
no other purpose. To the fullest extent permitted by law, we do not
accept or assume responsibility to anyone other than the company
and the company's members as a body, for our audit work, for this
report, or for the opinions we have formed."
38. Auditor’s Defenses Against Client Suits
lack of duty
absence of
negligence
contributory
negligence
absence
of causal connection
39. Auditor’s Defenses Against Client Suits
The auditor claims that there was no im-
plied or expressed contract.
A common way for an auditor to demon-
strate a lack of duty to perform is by use
of an engagement letter.
lack of duty
40. Auditor’s Defenses Against Client Suits
The auditor claims that the audit was
performed in accordance with GAAS.
Even if there were undiscovered errors
or irregularities, the auditor is not re-
sponsible if the audit was properly
conducted.
absence of
negligence
41. Auditor’s Defenses Against Client Suits
The auditor claims that if the client had
performed certain obligations, the loss
would not have occurred.
contributory
negligence
42. Auditor’s Defenses Against Client Suits
The auditor claims that there is a lack of
a close causal connection between the
auditor’s breach of the due care stan-
dard and the damages suffered by the
client.
absence
of causal connection
43. Criminal Liability
Auditors may be found guilty for criminal
action under Ghanaian laws.
It is illegal to defraud another person
through knowingly being involved with
false financial statements.
44. What can the auditing
profession do to reduce
auditors’ exposure to
lawsuits?
45. What can the auditing profession do to
reduce auditors’ exposure to lawsuits?
- encourage auditing research regarding litigation
and improvements in auditing practice
- establish standards and rules that meet the
changing needs of auditing
- establish requirements that
protect auditors
- establish practice inspection
requirements
- oppose unwarranted lawsuits
- educate financial statement users
about auditing and the auditor’s opinion
- sanction auditors for improper conduct
- lobby for changes in laws
COURT
47. What can individual public accountants do
to reduce their exposure to lawsuits?
- deal only with clients possessing integrity
- hire, train, and supervise qualified personnel
- follow the standards of the profession
- maintain independence
- understand the client’s business
- perform quality audits
- document the work properly
- obtain an engagement letter and
a representation letter
- maintain confidential relations
- carry adequate insurance
- seek legal counsel
COURT
48.
49. FRAUD, ERROR, THE EVALUATION OF MISSTATEMENTS
AND
REPORTING CONTROL WEAKNESSES
51. FRAUD, ERROR & MISTATEMENTS
• Misstatement is a difference between
what is reported and what should be
reported (eg in accordance with IFRS).
A misstatement can be caused by
either error or fraud. A misstatement
can be:
• An incorrect amount.
• Incorrect classification or presentation.
• Incorrect disclosure.
• Error is an unintentional
misstatement, including omission, of
an amount or disclosure in financial
statements.
• Errors are innocent misstatements
52. Fraud?
• Fraud is an intentional act,
involving deception, to obtain an
unjust or illegal advantage.
• Fraud can be:
• Fraudulent financial reporting. For
example, overstating profits to
attract investors and lenders.
• Misappropriation of assets. For
example, the theft of cash,
inventory or non-current assets.
53. Management and auditors responsibility
towards fraud
• It is management’s duty to ensure that
there is a good and effective system of
internal control as this will greatly
decrease the risk of fraud and increase
the likelihood of detecting fraud.
• Auditors are not expected to find every
fraud, but they are expected (with
reasonable assurance) to find material
misstatements, whether innocent or
fraudulent.
• They are expected to exercise
professional skepticism and to follow up
any suspicions that they might have, for
example if the results of analytical
procedures do not make sense
54. Types of fraud
• Misstatements can be categorized as:
• Factual (definitely incorrect, like a mistake when adding up the stock-take
sheets).
• Judgmental (where the auditor and client have different opinions, such as the
valuation of inventory or recoverability of debts).
• Projected. The auditors best estimate of the error of a population based on
the errors in the audit sample.
56. Fraud risk factors cont’d
RISK FACTOR FRAUDULENT FINANCIAL
REPORTING
MISAPPROPRIATION OF
ASSETS
Incentive/Pressure Profitability threatened
Pressure to perform
Personal financial pressure
Dislike on the part of
employee
Employer greed
Opportunity Many estimates
Dominant chief executives
Poor internal controls
Bulk Cash availability
High value profitable stock
Poor internal controls
Attitude/Rationalisat
ion
Poor ethical guidance
Aggressive targets
Poor morale
Other people’s behaviour
Dislike of employer
Overriding internal
controls
57. Risk of fraud existing
The following factors increase the risk of fraud:
• Lack of segregation of duties so that one person is in
charge of all parts of a transaction.
• Poor internal control in general.
• Poor IT system control.
• Complex transactions that pose difficult 'substance
over form' questions.
• Significant estimates that are difficult to corroborate.
• Easy-to-steal assets: cash, compact but high-value
inventory.
• Complex group structures so that related party
transactions are difficult to discover. Pressure to
meet financial targets.
58. Management bias and fraud
• ‘Management bias’ (a lack of neutrality) may
represent a risk of fraudulent reporting.
Factors that may produce bias include:
• Bonuses dependent on hitting a profit
target.
• Jobs dependent on a level of performance.
• The business is going to be floated on the
stock exchange so higher profits increase the
flotation price.
• The business is targeted for a takeover and
the purchase price be will be influenced by
performance.
60. Which deficiencies in internal controls must be
Reported?
• The likelihood that the deficiencies will lead to material
misstatement. The susceptibility to loss or fraud of the related asset
or liability.
• The subjectivity and complexity of determining estimated amounts.
The financial statement amounts exposed to the deficiencies.
• The volume of activity in the account balance or class of transactions
exposed to the deficiency.
• The auditor must communicate in writing significant deficiencies in
internal control to those charged with governance on a timely basis.
61.
62. What is quality control in audit
• Quality control (QC) is a procedure or set of
procedures intended to ensure that a
manufactured product or performed service
adheres to a defined set of quality criteria
or meets the requirements of the client or
customer
• It means that there must be a system of
quality control which substantially ensures
that all audits are executed properly and
which provides documentary evidence that
quality control procedures have been
applied effectively
63. Quality control at firm level (ISQC1)
• ISA 220 Quality Control for an Audit of Financial Statements states that
quality control systems, policies and procedures are the responsibility of
the audit firm.
• In particular, responsibility for the quality of each audit lies with the
partner in charge of the audit.
• Under International Standard for Quality Control 1 (ISQC 1), the firm has an
obligation to establish and maintain a system of quality control to provide
it with reasonable assurance that:
• The firm and its personnel comply with professional standards and applicable legal
and regulatory requirements; and
• Reports issued by the firm or engagement partners are appropriate in the
circumstances
• There must be a culture supporting quality
65. acronym-HARLEM
• Note that many of the requirements of a quality control system can
be remembered by the acronym :
• Human resources
• Acceptance and continuance
• Relevant ethical requirements
• Leadership
• Engagement performance
• Monitoring