 Welcome to the session in which we will discuss compliance with laws and regulations. The first thing we need to know is who's responsible for making sure that we are following laws and regulations? Management. The people who are in charge of the company are responsible for making sure the company is in compliance. And that compliance includes determination of financial statements and disclosure. So anything that relates to laws, regulation, any financial statement numbers, figures, disclosures on the financial statements, it's still the management responsibility. Because remember, who's responsible for the financial statement? Management is responsible for the financial statements. What do we mean by non-compliance? So if we are making sure we are in compliance, what are some examples of non-compliance? What we mean by non-compliance are examples of corruption, like bribery. Because bribery is illegal in the United States, as well as U.S. companies operating overseas. So the company is responsible making sure that no bribery taking place. Environmental violations, violations of local laws, those are all examples of non-compliance. Management is responsible to making sure the company is in compliance with those rules and regulations, laws and regulations. Before we proceed any further, I have a public announcement about my company, farhatlectures.com. Farhat Accounting Lectures is a supplemental educational tool that's going to help you with your CPA exam preparation as well as your accounting courses. My CPA material is aligned with your CPA review course, such as Becker, Roger, Wiley, Gleam, Miles. My accounting courses are aligned with your accounting courses, broken down by chapter and topics. My resources consist of lectures, multiple choice questions, true-false questions, as well as exercises. Go ahead, start your free trial today, no obligation, no credit card required. What is the auditor responsibility? Well the auditor will have to gain an understanding of the entity and its surrounding at the beginning of the audit. And as a result, they have to be familiar with the entity's relevant legal and regulatory framework. They have to understand which industry this company is operating in, are they subject to any regulatory government regulations, any specific government regulation, for example environmental government regulation or health government regulation, and if there's any non-compliance issues, how would they know this? They will ask them, do you have any non-compliance issues that the FCC, so what is the auditor responsibility? The first thing the auditor does when they audit a company is gain an understanding of the entity and its surrounding. And in this understanding, they should be familiar with the relevant legal and regulatory framework. For example, if the company is subject to environmental rules and regulations and they're exposed to any violations, you need to be familiar with the relevant laws and regulations. Also if there's any violations, existing violation or any communication between them and the regulatory agency, they need to be familiar with this. But at the end of the day, the auditor is there to provide reasonable assurance that the financial statements are free from material misstatement whether caused by error or fraud. Now taken into account the relevant legal and regulatory framework, the auditor cannot be responsible for compliance, it's again, it's management responsibility and cannot be expected to detect all non-compliance. Why? Well, you simply cannot because this is a legal determination. We are auditors, we are auditing of the financial statements. Also many laws concern the entity's operation rather than the financial statements themselves. Also when people commit non-compliance, there might be a collusion, basically people are covering for each other. There could be forgery where they are using hiding stuff from the auditor, using the fictitious signatures, so on and so forth, failure to record that activity. You cannot audit something that don't even exist. So the best defense for the auditor in a sense to ask them for a rap letter or representation letter telling the customer to tell us that they are not aware of any non-compliance issues. That's one defense. Now bear in mind, non-compliance does not include unethical behavior by management or those who are charged in governance. So non-compliance deals with violations of rules and regulations. Now we have to differentiate between two types of violations. We have laws and regulation that have a direct impact on the financial statements. So here the auditor should obtain relevant evidence on the material misstatement and disclosure because they affect directly the financial statements. This is one type of violation. The other type of violation is they have no direct impact. The impact is not direct on the financial statement. Under those circumstances the auditor should perform specific audit procedures to identify any non-compliance, if it's suspected, that could have a material impact on the financial statement because we also want to look a little bit further. Is this going to impact the financial statement? And here what we do is we ask questions, inquire with management and those charged in governance, examine any correspondence, any letters between the company and any regulatory agency, read the minutes for the board, just do work, just to see if there's any impact on the financial statements. Now let's assume we suspect, now bear in mind, now here we're still at the suspecting level. Procedures for handling identified or suspected non-compliance. If there's a potential non-compliance, we're not there yet. What should we do? There's a potential? Right, run to the government and tell the government and regulatory agency. No, we don't do that. If we are suspecting there's a potential, we have to do more work. We have to understand the situation, gather additional information to assess the impact on the financial statement and consider the non-compliance on other aspects of the audit such as risk assessment and the credibility of the written representation. If there's a non-compliance, we have to ask ourselves, what's going on here? What are the impact? If the auditor has a reason to suspect non-compliance, now we are suspecting non-compliance, what's the potential now suspecting? We will discuss the issue with management. Now we don't discuss the issue with the management that's involved, we will discuss the issue with one level higher than them, believed to be those involved and those in charge of governance as necessary. Now if sufficient information and compliance cannot be obtained, the auditor should evaluate the impact of the lack of sufficient evidence on the auditor's report and here consider seeking legal advice, what should I do under those circumstances? Now once I identified non-compliance, now I know it's, I identify it, what should I do? Well, the auditor should inform those in charge of governance of any non-compliance, we should let them know. We identified a non-compliance issues unless it's immaterial, if it's immaterial it's not a big deal. If management or those in charge of governance are involved, the auditor should inform those to hire up, well if there's no hire up I would seek legal advice under those circumstances because that's top management, what should I do now? Because that's only top management, this is maybe the board of directors. Now what should I do if I identify non-compliance, one way to deal with it, if a non-compliance result an impact on the financial statement I will modify the report and I will, it's not appropriately disclosed, if that's the impact the auditor should revise the opinion expressed either to give either a qualified or an adverse based on the situation. If the auditor unable to obtain sufficient evidence to evaluate the financial impact they would revise the opinion expressed with either qualified or a disclaimer of opinion due to scope limitation, if I cannot obtain evidence, if I cannot obtain evidence I always have the option of this claim due to scope limitation. Now do I have to identify, do I have to notify, not identify the regulatory agency? Well I should determine if there's a responsibility to report to outside parties depending on what the situation is which may take precedence over confidentiality obligations. Sometimes you might have to by law, sometimes you don't have to depending on the situation. Here you also need to seek legal advice, should I tell the regulatory agency or enforcement authority about this violation? Well it depends, am I required or not and if I'm not sure I would seek legal advice. I can always have the option to withdraw from the engagement. If the entity refuses to accept the revised opinion, well and if the withdrawal is allowed, in other words there is no laws on regulation that doesn't allow me, the auditor may withdraw from the engagement and notify those in charge with governance. We want to make sure throughout this process everything is documented. We should document, the auditor should document the identified or suspected non-compliance and the result of the discussion with management. What's the issue, how did I speak to management? What's the communication and those charged with governance and others as applicable? And I will need to document copies of record or documents, minutes of the discussion with the management, those in charge with governance and others and any relevant data. I think it's gonna be help me down the road to cover myself legally and make sure I am doing my job. What should you do now? Go to Farhat Lectures, look at additional MCQs to help you understand this topic, whether you are an accounting student or a CPA candidate. Study hard, invest in yourself, invest in your career, good luck.