IMPACT OF LAWS AND REGULATIONS DURING AN AUDIT OF FINANCIAL STATEMENTS

The purpose of this article is to identify the professional responsibilities of the auditors in dealing with the legal and regulatory framework, various components of the legal and regulatory framework which need to be considered by the auditors and evaluating their impact during an audit of the financial statements, duly supplemented by certain practical scenarios.

Relevant auditing pronouncements:

• SA-250 on Consideration of Laws and Regulations in an Audit of Financial Statements

• SA-260 on Communication to those charged with Governance ?

• SA-265 on Communicating Deficiencies in Internal Control

• SA-315 on Identifying and Assessing the Risks of Material Misstatements Through Understanding the Entity.

Professional responsibilities of auditors: The various professional responsibilities of auditors under each of the above SAs to the extent they deal with the impact of and consideration of laws and regulations in an audit of the financial statements are briefly discussed below.

SA-250 on Consideration of Laws and Regulations in an Audit of Financial Statements:

SA-250 is the primary Auditing Standard which deals with the auditor’s responsibilities to consider laws and responsibilities which are relevant to an entity in an audit of its financial statements. It envisages the following two situations:

• Laws and regulations which have a direct effect on the financial statements and issuance of audit reports and other certificates in respect of the reporting entity.

• Laws and regulations which have an indirect effect on the financial statements of the reporting entity, but compliance with which may have a fundamental effect on the operating aspects of a business, non-compliance with which may result in material penalties being levied by the concerned regulatory authorities.

Accordingly, the laws and regulations which are most likely to materially affect the financial statements and with which an auditor is primarily concerned can be broadly categorised as under:

• Form and content of the financial statements, including amounts to be reflected and disclosures to be made. These include the following:

(1) Specific format of the financial statements and the related disclosure requirements under Schedule VI to the Companies Act, 1956 (‘the Act’) and other disclosure requirements under the Act, such as transfer to Capital Redemption Reserve on buy-back of shares u/s.77A of the Act, amounts contributed to any political party or for any political purpose u/s.293A of the Act, amounts contributed to the National Defence Fund u/s.293B of the Act.

(2) Reporting requirements under the Companies (Auditor’s Report) Order, 1988 (CARO).

(3) Specific format of the financial statements and related disclosure requirements under the Third Schedule to the Banking Regulation Act, 1949 for banking companies and disclosures in the financial statements in terms of various Circulars issued by the Reserve Bank of India (RBI) from time to time.

(4) Issue of Long Form Audit Report in the case of banks.

(5) Certificate for Capital Adequacy, net worth, etc. in case of certain entities like banks, stockbrokers, etc.

(6) Specific format of the financial statements and the related disclosure requirements issued by the Insurance Regulatory and Development Authority (IRDA) for insurance companies and disclosures in the financial statements in terms of the various Circulars issued by the IRDA from time to time.

(7) Specific format of the financial statements and the related disclosure requirements issued by the Securities and Exchange Board of India (SEBI) for mutual funds and disclosures in the financial statements in terms of the various Circulars issued by SEBI from time to time.

(8) Disclosures under Clause 32 of the Listing Agreement mandated by SEBI.

(9) Disclosures under the Micro Small and Medium Enterprises Act, 2006.

• Conducting the business of the entity including licensing, registration and health and safety requirements for entities like banks, NBFCs, mutual funds, pharmaceutical companies, hotels, etc., non-compliance of which could lead to Going Concern issues as well as financial consequences like penalties, fines, etc.

• Operating aspects of the business like provisioning for banks and NBFCs, valuation of investments for banks and mutual funds, contributions to employee retirement benefit funds, taxation issues, etc. which could have a direct impact on the financial statements.

Responsibilities of management and those charged with governance:

SA-250 also clearly articulates that the primary responsibility for ensuring that an entity complies with laws and regulations rests with the management and those charged with governance.

The responsibilities of the management and those charged with governance in this regard can cover the following broad aspects:

• Laying down appropriate operating procedures and systems, including internal controls in general for all business areas and operating cycles and specifically with regard to the various legal and regulatory aspects like capturing the data for provisioning requirements for banks and NBFCs, calculating various taxes and other statutory dues, valuation of investments, determination of subsidies for fertiliser companies, etc.

• Developing an appropriate code of conduct for employees and other stakeholders for dealing with various aspects like insider trading, conflict of interest, etc.

• Maintaining a log/register of the various laws and regulations applicable together with a compliance check-list for the same and laying down systems and procedures for monitoring and reporting compliance therewith with the ultimate objective of periodically preparing a Compliance Certificate for submission to the Board of Directors or other equivalent authority.

• Establishing a legal department depending upon the complexity, size and nature of business of the entity and hiring/availing the services of legal advisors and consultants.

•     Ensuring that various statutory committees as required in terms of various statutes and regulations have been duly constituted with the appropriate constitution and terms of reference e.g., audit committee, asset-liability management committee, investment committee, risk management committee, etc. In this case, care should be taken to ensure that the conflicting requirements under different statutes/regulations are appropriately married e.g., the requirements for constitution of an audit committee for a listed NBFC would have to comply with the requirements of section 292A of the Act, Clause 49 of the Listing Agreement and the RBI guidelines. In this case, since the requirements under Clause 49 of the Listing Agreement are more stringent, especially with regard to the composition of and the matters to be disclosed to/discussed at the Audit Committee, the same should be adhered to.

Responsibilities of auditors:

SA-250 recognises that it is not the primary responsibility of the auditor to detect non-compliance with laws and regulations since these are matters for the courts to decide. SA-250 requires the auditor to gather sufficient appropriate evidence to obtain reasonable assurance that the entity is complying with the laws and regulations applicable to it. For this purpose, he should perform the following audit procedures to help identify any acts of non-compliance with the relevant laws and regulations:

•     Making inquiries of the management and those charged with governance to identify whether the entity is complying with the laws and regulations.

•     Inspecting correspondence with the relevant licensing and regulatory authorities.

These procedures can be performed both at the planning and the execution stage.

The procedures which could be performed at the planning stage are outlined below:

•     Obtaining a general understanding of the applicable legal and regulatory framework, including identification of those laws and regulations which would have a fundamental effect on the operations or the entity or affect its going concern status. For this purpose, the auditor should use his knowledge of the business and industry in which the entity is operating.

•     Reading of the minutes of various meetings.

•     Making inquiries with the management and those charged with governance regarding policies and procedures for compliance with the applicable legal and regulatory framework keeping in mind the matters discussed earlier as well as identifying, evaluating, disclosing and accounting for litigations and claims in terms of the applicable financial re-porting framework.

•     Identifying whether any specific reporting is required under certain laws and regulations e.g., PF, ESIC, income-tax, etc. under CARO, compliance with various RBI/SEBI requirements, etc.

The procedures which could be performed at the execution stage are outlined below:

•     Following up on the inquiries made with the management and those charged with governance during the planning stage.

•     Inspecting correspondence with and inspection reports of the relevant regulatory authorities.

•    Reviewing the nature of payments made to various legal consultants to identify any hidden claims and possible non-compliances.

•     Performing appropriate control and substantive procedures to take care of any business/industry-specific requirements like provisioning, valuation, accrual of employee and retirement benefit expenses, duties, subsidies, incentives, etc.

Based on the above procedures, the following are certain types of non-compliances the auditor could encounter, the impact of which would need to be dealt with in terms of the relevant legal, regulatory and financial reporting framework:

•     Non-payment or delayed payment of statutory dues necessitating reporting under CARO.

•     Non-compliance with certain statutory and procedural requirements under various laws and regulations in respect of specific types of transactions e.g., non-compliance with the provisions of section 372A of the Act, in respect of loans and investments, granting of loans by banks to directors in violation of the provisions of the Banking Regulation Act, 1949, inadequate provisioning for advances under the RBI guidelines, incorrect computation of royalty payable to the government in respect of mining and oil exploration activities, etc.

•     Non-compliance with the relevant licensing/regulatory requirements or transactions which are ultra vires.

•     Payments/transactions undertaken in violation of exchange control guidelines.

The above and any other possible non-compliances would need to be carefully evaluated by the auditor to understand the nature and circumstances thereof and obtain sufficient other information to evaluate its impact on the financial statements as under:

•     Whether there would be any financial consequences in the form of fines, penalties, damages, etc.?

•    Whether the entity would be embroiled in litigation and the consequential disclosure towards contingent liabilities, if any?

•     Whether the entity would be forced to discontinue operations and whether there are any going concern issues?

•     Whether the financial consequences are serious enough to impact the true and fair view?

The auditor should discuss the above aspects with the management and those charged with governance and where he is not satisfied with the outcome, he may seek independent legal advice.

Other Standards:

The requirements of other SAs which deal with the audit considerations pertaining to the implications arising from the impact of laws and regulations are summarised below:

•     SA-260 which deals with the auditor’s responsibility to communicate audit-related matters to those charged with governance recognises the fact that in certain situations there are obligations imposed by statutory and legal requirements to communicate certain matters to those charged with governance. This would include certain matters which are mandatorily required to be communicated to/discussed by the Audit Committee in terms of section 292A of the Act and Clause 49 of the Listing Agreement with the Stock Exchanges, mandatory communication to the Chief Executive Officers of banks and NBFCs, as mandated by the RBI, of any serious irregularities and frauds which are noted during the course of the audit.

•     Similarly, SA-265 which deals with the auditor’s responsibility to communicate deficiencies in internal control recognises the fact that in certain situations there are obligations imposed by legal and regulatory requirements to communicate deficiencies in internal control to regulatory authorities. Examples thereof include the direct communication to the RBI of any non-compliance with the RBI guidelines in respect of NBFCs and reporting any serious irregularities and frauds in respect of banks directly to the RBI.

•     SA-315 which requires the auditor to obtain an understanding of the entity and its environment includes an understanding of the entity’s legal and regulatory framework and how the entity is complying with that framework.

Components/Elements of the legal and regulatory framework:

The various components/elements of the legal and regulatory framework which need to be considered by the auditor can be broadly classified as follows:

•    Principal acts and legislations which regulate the financial reporting and operating aspects of the entity.

•     Regulations, notifications and guidelines issued pursuant to the above.

•     Sector/industry specific policies notified by the government or other regulators.

•     Legal and judicial pronouncements issued by the Supreme Court, High Courts and other judicial authorities.

Each of these elements is briefly discussed hereunder:

Principal Acts and legislations:

It is imperative that the auditor identifies the principal Acts and legislations governing the entity which deal with the incorporation of the entity as well as lay down its financial reporting, taxation, tariff fixation and operating framework amongst others. The primary legislation which deals with the incorporation of most entities is the Companies Act, 1956 which lays down the financial reporting framework as well as other operating requirements for certain types of transactions like borrowings, investments, advances, managerial remuneration and donations, compliance with which is essential or else the transactions could be illegal or ultra vires thereby exposing the entity to penalties, fines or other forms of prosecution. There are other legislations which lay down the registration/licensing requirements for certain specific types of entities like banks, insurance companies, broking companies, etc. The continued compliance with the minimum capitalisation and other requirements for licensing and registration of such entities is of utmost importance and any failure to comply with the same could lead to penalties and fines as well as going-concern issues.

Apart from the above, there are various legislations which deal with various operating aspects of the business like cess and levies, taxation, labour and employment, environmental protection, health and safety, etc. which need to be continuously monitored and assessed since any failure to adhere to the same could either result in material misstatements (in the form of non-accrual or under accrual of cess, duties, taxes or employee/retirement benefits, environmental remediation and legal costs) or expose the entity to potential litigation and penalties/ fines which could be sizeable and also impact the going concern assumption.

With the ever increasing globalisation, many entities are setting up branches and subsidiaries/joint ventures abroad, thereby exposing them to international laws and regulations. A case in point is the UK Bribery Act, 2010 which applies to all entities which are registered in the UK or who have some connection with entities registered in the UK. Accordingly, if an entity in India is a holding company, subsidiary or associate of an entity which is registered in the UK, it would have to comply with the provisions laid down therein.

Regulations, Notifications, Guidelines and Circulars:

In many cases, the principal Acts governing the entity provide enabling powers to various statutory authorities to issue regulations, Notifications, Guidelines and Circulars which would lay down the financial reporting, taxation, tariff fixation, licensing, registration and operating framework amongst others for an entity. Examples of such statutory authorities include RBI, SEBI, IRDA, Central Electricity Regulatory Authority, Telecom Regulatory Authority. As is the case with the principal Acts and legislations, it is imperative that the auditor identifies these so as to determine their impact on the financial statements and reporting requirements.

Sector/Industry-specific policies:
The auditor should also keep in mind any sector/ industry-specific requirements since any deviations from the same could result in the entity not being able to undertake its activities and also expose it to litigation. Examples include the Tourism Policy, Exchange Control Policy, Telecom Policy, Oil exploration and Licensing Policy, Foreign Direct Investment policy.

Legal and judicial pronouncements:
Whilst the Legislature may frame various laws and the statutory authorities may issue various guidelines, notifications, etc., it is the judiciary which ultimately interprets certain contentious issues. Accordingly, it is imperative that the auditor is aware of the various judicial pronouncements which could have an impact on the financial condi-tions and operating results of an entity. These mainly include judicial pronouncements relating to tax matters and other statutory payments. However, in certain situations, the impact of certain judicial pronouncements can even lead to the discontinuance of the business or going concern issues like the recent order by the Supreme Court in the matter pertaining to the allocation of telecom licences.

•     Recently, the High Courts of Judicature at Madras and Madhya Pradesh had passed an order dealing with the issue of whether various employee allowances paid by employers would get covered within the definition of ‘Basic Wages’ under the Employees’ Provident Fund and Miscellaneous Provisions Act, 1952 (the Provident Fund Act). Pursuant to the same, the Employees Provident Fund Organisation has issued a clarification to various Officers/Commissioners asking them to take note of these judgments and utilise the same as per merits of the case as and when similar situation arises in the field offices. In both the above judgments, it has been held that allowances like conveyance/transportation/special allowance/education/food concession/medical/city compensatory, etc. are to be treated as part of ‘Basic Wages’ under the Provident Fund Act for the purpose of determination of the Provident Fund (PF) liabilities if the same are being uniformly, necessarily and ordinarily paid to all employees. This could result in additional liabilities, if any demands are raised by the authorities.

•     The recent judgment of the Supreme Court banning mining activities in the State of Karnataka could have an impact on the operations of the affected entities.

Practical scenarios:

Before concluding, let us briefly evaluate the impact which the following recent changes in regulations will have on the financial and reporting aspects of a significant number of entities so as to gain a better perspective.

Service tax and Cenvat credit:

With effect from 1st July, 2011 service tax is payable on accrual basis based on ‘Point of Taxation Rules’ (POTR) as compared to receipt basis for most of the taxable services. This would have an impact on CARO Reporting as the due date of payment of service tax would consequently change.

In respect of CENVAT credit, the fol-lowing are some of the important changes which are relevant to the audit of financial statements:

(1)    With effect from 1st July, 2011, banking companies and financial institutions including NBFCs will be required to pay 50% of the CENVAT credit availed on inputs and input services every month. Accordingly, the balance 50% should be immediately charged off under the respective expenses.

(2)    With effect from 1st July, 2011, providers of life insurance services and management of investment in ULIPs will be required to pay 20% of the CENVAT credit availed on inputs and input services every month.

(3)    With effect from 1st July, 2011, input credit in case of a pure service provider will be allowed in proportion of the taxable and exempt services rendered during the year. Input credit in case of an entity involved in trading as well as providing other services will be allowed in proportion of the gross profit on trading activity (which is exempt) and the taxable service rendered during the year. Accordingly, the balance should be immediately charged off under the respective expenses. It is imperative that the ratio of nature of trading activities and services provided by the client are identified at an early stage.

The Companies (Cost Accounting Records) Rules, 2011: The Ministry of Corporate Affairs has issued a Notification dated 3rd June, 2011 prescribing the Companies (Cost Accounting) Rules, 2011 (‘Rules’). Hitherto, the prevailing practice was for the Central Government to prescribe the Cost Accounting Rules applicable to specific products or industries and reference to such products or industry was being made by the auditors in their report under CARO. However, under the Rules now prescribed, the same would apply to the entity as a whole if it engaged in manufacturing, processing and mining activities and not to specific products, except those which are prescribed under the Rules like bulk drugs, sugar, fertilisers, etc. This would necessitate a change in the manner of our reporting under CARO as well as reviewing the prescribed records and their reconciliation with the financial records, which is specifically prescribed in the Rules.

Conclusion:

An auditor needs to continuously evaluate the impact of laws and regulations in respect of each entity. For this purpose, he needs to make inquiries with the management and those charged with governance, who are primary responsible to ensure such compliance, to identify that there is a proper framework to monitor any such non-compliances.

Reference material:

•     Indian Auditing Standards

•     Wiley’s Interpretation and Application of International Standards on Auditing by Steven Collings

•     Various Research Reports on Audit Process available for general public.