SA 250: Consideration of Laws and Regulations in an Audit of Financial Statements

SA 250 Consideration of Laws and Regulations in
an Audit of Financial Statements requires auditors to ensure compliance
with the applicable framework of laws and regulations by the audited.
However, as is time and again proclaimed, auditors are watchdogs and not
bloodhounds. The responsibilities advocated by this Standard are a
direct function of ‘ifs and buts’. The auditor is not responsible for
preventing non-compliance and cannot be expected to deter non-compliance
with all laws and regulations that apply to an enterprise.

Specific
attention must be paid to the fact that compliance or non-compliance
with all laws and regulations applicable to an enterprise does not find
an immediate reflection in the financial statements. For example, while
the contribution made by an employer to Employees’ Provident Fund is
reflected in the financial statements, but say for instance,
non-compliance with the requirements of filing of returns for effluent
disposal with the Pollution Control board by a chemical manufacturing
company need not necessarily find a mention in the financial statements.

SA 250 draws a thin line between those laws and regulations
which have and which do not have a direct effect on the determination of
material amounts and disclosures in the financial statements.
Accordingly, depending on which category these laws fall under, the
auditor’s responsibilities stand differentiated. For the former, the
auditor’s responsibility is to obtain sufficient appropriate evidence
about compliance with the provisions of those laws and regulations. For
the latter category, the auditor’s responsibility is limited to
undertaking specified audit procedures to help identify non-compliance
with those laws and regulations that have a material effect on the
financial statements. However, when the line between the black and white
is grey, the auditor is supposed to exercise his professional judgment
while determining the umbrella the law falls under.

Just like
every other SA, SA 250 cannot be applied in complete isolation. As
required by SA 200, professional skepticism needs to be maintained in
the backdrop of applicable laws and regulations applicable on the
entity. While adhering to SA 250, the auditor has to also bear in mind
SA 315, which requires the auditor to obtain a general understanding of
legal and regulatory framework applicable to the industry where the
entity operates. At times, when the outcome of non-compliance is severe,
questions get raised on the validity of the growing concern assumption,
in which case, the auditor would need to consider the requirements of
SA 570. The auditor can seek written representations from the management
in terms of SA 580 about management’s knowledge of identified or
suspected non-compliance with applicable laws. However, receipt of
written representations must not affect the nature and extent of other
evidence to be obtained by the auditor in this regard.

Further,
audit procedures applied to form an opinion on the financial statements
may bring instances of noncompliance or suspected non-compliance with
laws and regulations to the auditor’s attention. Such audit procedures
may include reading of minutes, inquiring of the entity’s management and
in-house legal counsel or external legal counsel concerning litigation,
claims and assessments; and performing substantive tests of details of
classes of transactions, account balances or disclosures – for e.g.,
scrutiny of payments made to government authorities towards
fines/penalties, scrutiny of legal and professional expenses to
understand whether unusual payments have been made for
legal/retainership fees as also to seek evidence of legal cases pending
against the company etc.

The next obvious question which arises
is – What is the auditor supposed to do in case of identified or
suspected non-compliance? Firstly, the auditor must have a discussion
with the management or where appropriate, with those charged with
governance, and if sufficient information is not obtained, the auditor
may evaluate the need of obtaining legal advice. If satisfactory
information is still not obtained, the auditor shall consider its effect
on the audit opinion.

A non-compliance with applicable law or
regulation does not merely impact the financial statements.
Noncompliance can also impact the level of reliance that the auditor
places on the integrity of the management or employees. It can also
cause the auditor to reassess the possibility of material misstatements
in other areas, as also the faith the auditor places in the management’s
Written Representations.

However, if the auditor suspects that
the management is involved in non-compliance, the auditor can escalate
the issue to those charged with governance and also consider the impact
of such non-compliance on the audit opinion. If the auditor concludes
that the non-compliance has a material effect on the financial
statements, and has not been adequately reflected in the financial
statements, the auditor may express a qualified or adverse opinion on
the financial statements. This standard also provides for the scenario
that if the auditor has identified or suspects noncompliance with laws
and regulations, the auditor shall determine whether he has a
responsibility to report the same to parties outside the entity, for
instance – regulatory and enforcement authorities.

Let us now examine certain case studies.

Case Study I
ABC
Limited (‘ABC’) is engaged in the manufacturing of pharmaceutical
products, having operations in many countries across the globe. During
the year, a manufacturing unit of ABC, which accounted for over 60% of
the company’s production, received notices from the Food and Drug
Administration Authority of the United States of America and regulators
in other countries, stating that pursuant to the inspection of the
manufacturing processes at the said unit, violations of Good Medical
Practices (GMP) were observed. Several prohibitions were imposed on the
functioning of the said unit, including a prohibition to sell the
products manufactured by the unit to US regulated markets. ABC decided
to voluntarily shut down its operations in this unit on a temporary
basis to examine ‘what went wrong’. ABC however is in dialogue with
regulatory authorities to assuage the restrictions. What would be the
auditor’s responsibility in such a scenario?

Analysis

The auditor must discuss with the management the severity of the case, and the company’s current standing in this regard. The auditor has also to bear in mind that the plant accounted for over 60% of the company’s production and also the fact that other markets may also raise questions on the acceptability of products manufactured in this plant. The auditor would also need to consider whether there is a need for reduction in the carrying value of inventories, whether any provisions are required for fines/penalties, accounting for possible sales returns and if such provisions are required to be made, then the basis used by the management for arriving at such estimates. Further, in such cases, there are inherent uncertainties regarding the future actions of the regulators, the impact of which may not be ascertainable and therefore, the actual amounts incurred may eventually differ from the estimates made. If the auditor concludes that this is a significant matter, he should also consider highlighting the same as a Matter of Emphasis (MOE) in the audit report.

    Case Study II

PQR Limited (‘PQR’) is a company engaged in production of steel. During the year, the company and some of its competitors received notices from Competition Commission of India (CCI) for alleged cartelization by certain steel manufacturing companies. CCI imposed a penalty of Rs. 100 Crores on PQR against which PQR has filed an appeal before Competition Appellate Tribunal. The Company has not made any provision in this regard. What would be the auditor’s responsibility in this case?

    Analysis

The auditor must assess the facts and circumstances, and must have a detailed discussion with the management on the Company’s standing in the case. The auditor, if he deems necessary, must also take an independent legal opinion to deduce whether the company has a fit case or whether there is a need for making provision on a best estimate basis of the likely penalty that may be levied. The auditor should also have a joint discussion with the company’s legal counsel in this regard. Depending on the significance of the matter, the auditors may consider including a ‘Matter of Emphasis’ in the audit opinion.

    Case Study III

LMN Limited is a public listed company engaged in the manufacture of automobiles. During the year ended 31 March 20X0, LMN has incurred loss of Rs.120 crore. LMN has paid to its Managing director Mr.DEF (‘DEF’) (who is also the promoter shareholder holding 51% of the paid up capital of LMN) managerial remuneration exceeding the limits set out by the Companies Act, 2013.

As LMN has incurred losses for the year, LMN was required to obtain approval from the shareholders as well as the Central Government for payment of remuneration to DEF as the same exceeded the limits set out in the Companies Act, 2013. LMN management contends that seeking approval of the shareholders was only a compliance formality as the Managing Director himself holds more than 51% of the paid up capital of LMN. What are the duties of the auditor in this regard?

    Analysis

Since LMN Limited had no profits for the year, it was required to comply with the requirements of Schedule V to the Companies Act, 2013 which sets out the limits for maximum managerial remuneration payable to managerial personnel for public listed entities in the event of a loss or inadequate profits. The auditor would need to explain the management the legal position and advise the client to seek approvals of the shareholders and the Central Government or alternatively recover the remuneration paid in excess of the prescribed limits from DEF. In the event DEF chooses not to return the excess payment, the auditor would need to qualify the audit opinion for non-compliance with the requirements of the Companies Act, 2013.

    Case Study IV

STU Limited (‘STU’) is engaged in the business of providing mobile telecommunication services. As per TRAI (Telecom Regulatory Authority of India) regulations, a prescribed percentage of Adjusted Gross Revenue (AGR) earned by a telecom operator is payable to the department of telecommunications as license fees. STU has been paying license fees on revenue earned from providing telecom services to its customers. According to TRAI, license fees are also payable on non-telecom revenues like profit on sale of fixed assets, rent, dividend and treasury income. TRAI has accordingly raised a demand of Rs.500 crore as license fees payable on non-telecom revenue earned by STU from inception till date. The definition of AGR is currently being challenged by all telecom operators including STU. The telecom operators have contested this interpretation of TRAI and have filed a petition before the appellate tribunal seeking injunction against TRAI demands. What would be the auditor’s responsibilities in such a case?

    Analysis

The issue of payment of license fees on non-telecom revenue seems to be a pan-industry issue as against being specific to STU. The company has contested the demand raised by TRAI. However, the auditor would need to discuss with the Company’s legal counsel the basis of demands raised by TRAI and their tenability. The auditor may consider requesting STU to obtain a formal legal opinion in this regard. It would also help if the auditor were to understand as how this issue has been dealt with by STU’s competitors. Based on this evaluation, the auditor would need to assess whether a provision is warranted or a disclosure as contingent liability would be sufficient compliance.

    Case Study V

HIJ Pharma Limited (HIJ) is a pharmaceutical company engaged in the manufacture of life saving drugs. HIJ is required to adhere to pricing norms as prescribed under Drug Price Control Order (DPCO). During the year ended 31 March 20X1, it was observed that some of the drugs were sold at prices much higher than those prescribed under the DPCO. Under DPCO, companies are liable to deposit the overcharged amount to the Credit of Drug Prices Equalization Account, which was not actioned by HIJ. HIJ received demand for payment of Rs.400 crores to the credit of the Drug Prices Equalisation Account under Drugs (Price Control) Order for few of its products, which was contested by HIJ. Based on its best estimate, HIJ made a provision of Rs.100 crore in its books of accounts towards the potential liability related to principal and interest amount demanded under the aforesaid order and believed that the possibility of any liability that may arise on account of penalty on this demand is remote. What are the Auditor’s duties in this regard?

    Analysis

The management believes that the company would not be liable for any penalties. The auditor must ensure that adequate provisions are made in books to the extent of overcharged amount and interest thereon. Considering the provisions of AS 29 – Provisions, Contingent Liabilities and Contingent Assets – the auditor must also evaluate whether any need arises for disclosure as Contingent Liability of the amount of penalties leviable by DPCO.

    Concluding remarks

The auditor’s responsibilities for reporting compliance with applicable laws and regulations have increased manifold with the increasingly changing regulatory landscape in India. Though the auditor’s professional duty to maintain confidentiality of client information precludes reporting of an identified or suspected non-compliance with laws and regulations to any third party, given the legal framework in India, the confidentiality consideration is overridden by statute, the law or courts of law. For instance, under the present legal and regulatory framework for financial institutions in India, the auditor has a statutory duty to report the occurrence, or suspected occurrence of non-compliance with laws and regulations to the supervisory authorities. The auditor therefore needs to perform his duty with due care and exercise adequate professional skepticism while providing assurance on compliance with applicable laws and regulations.