As part of obtaining an understanding of the entity and its environment in accordance with ASA 315,^[4] the auditor shall obtain a general understanding of:

1. The legal and regulatory framework applicable to the entity and the industry or sector in which the entity operates; and
2. How the entity is complying with that framework.  (Ref: Para. A11)

The auditor shall obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations generally recognised to have a direct effect on the determination of material amounts and disclosures in the financial report.  (Ref: Para. A12)

​​​​​​The auditor shall perform the following audit procedures to help identify instances of non‑compliance with other laws and regulations that may have a material effect on the financial report: (Ref: Para. A13–A14)

1. Enquiring of management and, where appropriate, those charged with governance, as to whether the entity is in compliance with such laws and regulations; and
2. Inspecting correspondence, if any, with the relevant licensing or regulatory authorities.

During the audit, the auditor shall remain alert to the possibility that other audit procedures applied may bring instances of non‑compliance or suspected non‑compliance with laws and regulations to the auditor’s attention.  (Ref: Para. A15)

The auditor shall request management and, where appropriate, those charged with governance, to provide written representations that all known instances of non‑compliance or suspected non‑compliance with laws and regulations whose effects should be considered when preparing the financial report have been disclosed to the auditor.  (Ref: Para. A16)

In the absence of identified or suspected non‑compliance, the auditor is not required to perform audit procedures regarding the entity’s compliance with laws and regulations, other than those set out in paragraphs 13–17.

If the auditor becomes aware of information concerning an instance of non‑compliance or suspected non‑compliance with laws and regulations, the auditor shall obtain: (Ref: Para. A17–A18)

1. An understanding of the nature of the act and the circumstances in which it has occurred; and
2. Further information to evaluate the possible effect on the financial report.  (Ref: Para. A19)

If the auditor suspects there may be non‑compliance, the auditor shall discuss the matter, unless prohibited by law or regulation, with the appropriate level of management and, where appropriate, those charged with governance.  If management or, as appropriate, those charged with governance, do not provide sufficient information that supports that the entity is in compliance with laws and regulations and, in the auditor’s judgement, the effect of the suspected non‑compliance may be material to the financial report, the auditor shall consider the need to obtain legal advice.  (Ref: Para. A20–A22)

If sufficient information about suspected non‑compliance cannot be obtained, the auditor shall evaluate the effect of the lack of sufficient appropriate audit evidence on the auditor’s opinion.

The auditor shall evaluate the implications of identified or suspected non‑compliance in relation to other aspects of the audit, including the auditor’s risk assessment and the reliability of written representations, and take appropriate action.  (Ref: Para. A23–A25)

Communicating Identified or Suspected Non‑Compliance with Those Charged with Governance

Unless all of those charged with governance are involved in management of the entity, and therefore are aware of matters involving identified or suspected non‑compliance already communicated by the auditor,^[5] the auditor shall communicate, unless prohibited by law or regulation, with those charged with governance, matters involving non‑compliance with laws and regulations that come to the auditor’s attention during the course of the audit, other than when the matters are clearly inconsequential.

If, in the auditor’s judgement, the non‑compliance referred to in paragraph 23 is believed to be intentional and material, the auditor shall communicate the matter with those charged with governance as soon as practicable.

If the auditor suspects that management or those charged with governance are involved in non‑compliance, the auditor shall communicate the matter to the next higher level of authority at the entity, if it exists, such as an audit committee or supervisory board.  Where no higher authority exists, or if the auditor believes that the communication may not be acted upon or is unsure as to the person to whom to report, the auditor shall consider the need to obtain legal advice. 

Potential Implications of Identified or Suspected Non‑Compliance for the Auditor’s Report (Ref: Para.  A26–A27)

If the auditor concludes that the identified or suspected non‑compliance has a material effect on the financial report, and has not been adequately reflected in the financial report, the auditor shall, in accordance with ASA 705, express a qualified opinion or an adverse opinion on the financial report.^[6]

If the auditor is precluded by management or those charged with governance from obtaining sufficient appropriate audit evidence to evaluate whether non‑compliance that may be material to the financial report has, or is likely to have, occurred, the auditor shall express a qualified opinion or disclaim an opinion on the financial report on the basis of a limitation on the scope of the audit in accordance with ASA 705.^[7]

If the auditor is unable to determine whether non‑compliance has occurred because of limitations imposed by the circumstances rather than by management or those charged with governance, the auditor shall evaluate the effect on the auditor’s opinion in accordance with ASA 705.

Reporting Identified or Suspected Non‑Compliance to an Appropriate Authority outside the Entity

If the auditor has identified or suspects non‑compliance with laws and regulations, the auditor shall determine whether law, regulation or relevant ethical requirements: (Ref: Para. A28–A34)

1. Require the auditor to report to an appropriate authority outside the entity.
2. Establish responsibilities under which reporting to an appropriate authority outside the entity may be appropriate in the circumstances. 

The auditor shall include in the audit documentation^[8] identified or suspected non‑compliance with laws and regulations and: (Ref: Para. A35–A36)

1. The audit procedures performed, the significant professional judgements made and the conclusions reached thereon; and
2. The discussions of significant matters related to the non‑compliance with management, those charged with governance and others, including how management and, where applicable, those charged with governance have responded to the matter.