Balancing Compliance and Audit: Insights from SA 250

In today’s highly regulated business environment, compliance with laws and regulations has become a critical aspect of corporate governance. For auditors, this responsibility extends beyond financial reporting—it requires vigilance in detecting non-compliance that could significantly affect financial statements. The Standard on Auditing (SA) 250, “Consideration of Laws and Regulations in an Audit of Financial Statements”, provides a framework that guides auditors in understanding and addressing the impact of legal and regulatory requirements on their work.

Is auditing just about numbers, or also about navigating legal responsibilities?

Auditors must balance professional skepticism with management’s assertions, navigating laws and regulations that impact financial statements

Understanding SA 250

SA 250 emphasizes that while the primary responsibility for compliance rests with management and those charged with governance, auditors must recognize how laws and regulations can affect financial statements. The standard outlines procedures to help auditors identify, evaluate, and respond to instances of non-compliance.

Key aspects of SA 250 include:

• The auditor’s duty to obtain sufficient appropriate audit evidence regarding compliance.
• Recognizing that non-compliance may result in material misstatements.
• Determining when legal and regulatory issues require reporting to external authorities.

Types of Laws and Regulations Affecting Audit

SA 250 classifies laws and regulations into two categories:

• Direct Impact on Financial Statements: These are laws and regulations that directly influence amounts and disclosures, such as tax laws, labor laws, and corporate laws. For example, non-compliance with tax regulations may lead to penalties or additional liabilities that affect financial results.
• Indirect Impact on Financial Statements: These laws may not directly affect figures but can have significant consequences if violated—for instance, environmental laws, industry-specific regulations, or anti-money laundering legislation.

Auditor’s Responsibilities Under SA 250

Auditors are not expected to detect all non-compliance, but they must apply professional skepticism and design procedures that reasonably address risks. SA 250 outlines specific responsibilities:

• Understanding the Regulatory Framework: Auditors need to gain an understanding of applicable laws and regulations relevant to the entity and industry.
• Inquiry and Observation: Engaging with management and legal advisors to identify potential risks of non-compliance.
• Testing and Evaluation: Assessing how non-compliance may result in material misstatements.
• Communication: Reporting identified or suspected non-compliance to management, those charged with governance, and, where required, to regulatory bodies.
• Documentation: Recording procedures performed, findings, and conclusions to provide evidence of compliance with auditing standards.

Challenges in Practice

Applying SA 250 can be challenging in practice because:

• Complex Legal Environments: Organizations may operate across multiple jurisdictions with diverse regulations.
• Limited Auditor Expertise: Auditors are not legal experts and may need to rely on legal professionals for interpretation.
• Management Override: Non-compliance may be deliberately concealed, making detection difficult.
• Balancing Role: Auditors must balance their responsibility to detect misstatements with the recognition that ultimate responsibility for compliance lies with management.

Best Practices for Auditors

To effectively implement SA 250, auditors can adopt several best practices:

• Maintain Industry Knowledge: Stay updated with sector-specific regulations.
• Enhance Collaboration: Work closely with legal experts when necessary.
• Adopt Risk-Based Approach: Focus audit procedures on areas with higher risk of non-compliance.
• Strengthen Governance Communication: Ensure timely reporting of non-compliance to those charged with governance.
• Embed Professional Skepticism: Continuously challenge management’s assertions.

Conclusion

SA 250 highlights that auditing is not limited to financial numbers—it also requires an understanding of the broader legal and regulatory landscape. By balancing compliance requirements with audit responsibilities, auditors play a crucial role in enhancing corporate accountability and safeguarding stakeholders’ interests. In essence, SA 250 reminds auditors that financial integrity cannot be separated from legal compliance.