Examples of illegal acts discovered by auditors

ILLEGAL ACTS: WHAT ARE THE AUDITOR'S RESPONSIBILITIES?

Society has always been concerned with violations of laws and regulations by all types of entities - businesses, nonprofit organizations and government units. Over the last two decades, highly publicized accounts of management improprieties have caused this concern to increase significantly. Congressional committees, government agencies and others have suggested auditors assume more responsibility for detecting and disclosing violations of laws or regulations, which are commonly referred to as illegal acts.

Developing standards that articulate the auditor's responsibility for illegal acts has been a challenge. Identifying violations of the many laws and regulations that affect most entities requires legal expertise. Even with such expertise, the complexity of some laws and regulations makes it difficult to identify a violation. And even after an illegal act has been identified, evaluating management's assessment of its potential effects on the entity's financial statements is also a challenge for the auditor.

This article analyzes and clarifies the auditing standards that describe the auditor's responsibility for detecting and reporting illegal acts. It also introduces some future issues that need to be studied and resolved. (See page 83 for a review of the historical developments that have brought the profession to where it is today.)

AUDITOR'S HISTORICAL RESPONSIBILITY

FOR DETECTING ILLEGAL ACTS

The auditor's responsibility for detecting illegal or questionable acts by clients is not new. It first made front-page news in the mid-1970s, following Watergate. The related investigations led to initial disclosure of illegal political contributions by large corporations. These disclosures opened the door to other revelations involving questionable payments by corporations to domestic and foreign government officials. As a result, the accounting profession formally addressed the issue of the auditor's responsibility to detect and report illegal acts by clients.

The issue was studied initially by the Commission on Auditor's Responsibilities (the Cohen commission). Based on its preliminary recommendations, the American Institute of CPAs auditing standards executive committee issued Statement on Auditing Standards no. 17, Illegal Acts by Clients, in 1977. This statement was the first professional standard to specifically address the auditor's responsibility to detect and disclose illegal acts.

Many of the concepts in current professional standards were first articulated by the Cohen commission. It concluded the auditor cannot reasonably be expected to assume the responsibility to detect and disclose an entity's violations of laws in general because (1) auditors do not possess the legal training to recognize complex circumstances and processes that give rise to litigation and suggest its outcome and (2) many illegal or questionable acts involve small amounts in relation to financial statements. If society needs assurance on principally legal matters, the Cohen commission concluded this assurance should be provided by those most capable of doing so - management and its legal counsel.

In discussing the auditor's responsibility, the Cohen commission acknowledged that certain illegal acts, such as tax evasion, are easily recognized by experienced auditors. It also introduced the concept of illegal acts that have a direct and material effect on amounts in the financial statements and said auditors normally consider the possibility of such acts when planning and conducting audits.

Consistent with the recommendations of the Cohen commission, SAS no. 17 begins: "An examination made in accordance with generally accepted auditing standards cannot be expected to provide assurance that illegal acts will be detected. In reporting on financial statements, an auditor holds himself out as one who is proficient in accounting and auditing. The determination of whether an act is illegal is usually beyond his professional competence." The statement further indicates that procedures performed primarily to express an opinion on the financial statements may bring possible illegal acts to the auditor's attention. But the further removed an illegal act is from the events and transactions reflected in the financial statements, the less likely the auditor is to become aware of it or its possible illegality.

SAS no. 17 also discusses violations of laws and regulations that have a direct effect on amounts in the financial statements. It says the auditor considers such laws and regulations when planning and conducting the audit and includes, as examples, laws and regulations affecting the amount of revenue accrued under government contracts and tax laws. However, SAS no. 17 does not set forth any affirmative detection responsibility.

SAS no. 17 also contains guidance for an auditor who believes an illegal act has occurred - so-called evaluation responsibility. The auditor is to obtain an understanding of the nature of the potential financial statement effect by inquiry of management and consultation with legal counsel; if necessary, he or she should perform additional procedures to investigate the act. If an act is determined to be illegal, the auditor is required to report the circumstances to management personnel at a high enough level of authority for appropriate action to be taken. In some circumstances, that might be the board's audit committee.

In the mid- to late 1980s, the auditor's responsibilities for illegal acts by clients resurfaced during the development of the "expectation gap" SASs. The AICPA auditing standards board's reexamination of the auditor's responsibility to detect errors and irregularities, as described in SAS no. 16, The Independent Auditor's Responsibility for the Detection of Errors or Irregularities, prompted a review of the auditor's responsibilities for illegal acts. This led to the issuance in 1988 of SAS no. 54, Illegal Acts by Clients, which superseded the guidance in SAS no. 17.

DETECTION RESPONSIBILITY

In defining the auditor's responsibility for detecting illegal acts, Statement on Accounting Standards no. 54, Illegal Acts by Clients, divides illegal acts into two categories. With the first, illegal acts that have a direct and material effect on line-item amounts in the financial statements, the auditor has the same responsibility as for errors and irregularities. That is, the auditor should design the audit to provide reasonable assurance that financial statement amounts are free from material misstatement resulting from these direct-effect illegal acts. This responsibility is described in SAS no. 53, The Auditor's Responsibility to Detect and Report Errors and Irregularities. In contrast to prior professional standards, SAS no. 54 establishes an affirmative detection responsibility for direct-effect illegal acts that are material. The sidebar on page 86 includes examples of laws and regulations that directly affect line-item financial statement amounts.

LAWS AND REGULATIONS THAT DIRECTLY

AFFECT FINANCIAL STATEMENTS

(in addition to those in SAS no. 63)

Arbitrage. The term "arbitrage," as it applies to government units, refers to the ability of a state or local government to obtain funds from the issuance of tax-exempt bonds and invest those funds in investments with higher yields, resulting in a profit. Arbitrage rebate regulations require that earnings from the investment of tax-exempt bond proceeds that exceed the yield on those bonds be remitted to the federal government every five years. These regulations have a direct effect on the financial statements of a state or local government unit because they have a direct effect on the amount of revenue recognized on the entity's investments and the amount of the liability owed to the federal government. Usurious interest. Assume that usurious interest in a particular state is set at 25%. Depending on the rate charged, state regulations provide remedies including a refund of excess interest, a refund of excess interest plus interest or cancellation of the related debt. Since the regulations directly affect the allowable amount of accrued interest for a financial institution, the law has a direct effect on the institution's financial statements. Unallowable costs. As a matter of regulation, the government does not pay for certain costs. These unallowable costs include bad debt expense, charitable contributions and entertainment expense. If an entity sells custom products to the federal government on a cost-plus-fee basis, the government will require a refund of any payments for unallowable costs. These regulations have a direct effect on the amount of revenues accrued under government contracts. Utility rates. A public utility is subject to the rate regulations of a public utility commission. The regulations set forth allowable rates for various classes of customers. The utility must refund any excess amounts billed to its customers. These regulations have a direct effect on the amount of revenues the utility may accrue. Investment criteria. Under provisions of the Financial Institutions Reform, Recovery and Enforcement Act of 1989, savings institutions are prohibited from retaining or acquiring corporate debt securities that are below investment grade. Such requirements affect a savings institution's ability to hold such securities and, therefore, the appropriate valuation and classification of the securities in the institution's financial statements.

SAS no. 54 did not change the concept of materiality as explained in SAS no. 47, Audit Risk and Materiality in Conducting an Audit. SAS no. 47 says "the auditor should design procedures to obtain reasonable assurance of detecting misstatements that he believes . . . could be material, when aggregated with misstatements in other balances or classes, to the financial statements taken as a whole." The auditor should use this concept in designing audit procedures for these direct-effect illegal acts.

For the second category of illegal acts, SAS no. 54 says an audit in accordance with generally accepted auditing standards normally does not include audit procedures specifically designed to detect illegal acts having an indirect effect on financial statements. The auditor is responsible for evaluating such acts only when information comes to his or her attention suggesting they may have occurred. However, SAS no. 54 says the auditor should make inquiries of management about the entity's compliance with laws and regulations.

When appropriate, the auditor should also inquire of management about (1) the entity's policies relative to the prevention of indirect-effect illegal acts and (2) the use of directives and periodic representations obtained from management about compliance with laws and regulations. If the auditor becomes aware of information that raises suspicions, he or she is obligated to apply additional procedures to determine whether an illegal act has, in fact, occurred. SAS no. 54 reaffirms the presumption that an audit in accordance with GAAS provides no assurance that indirect-effect illegal acts will be disclosed.

To fulfill these responsibilities, the auditor must be aware of those laws and regulations likely to have a direct effect on the entity's financial statements. SAS no. 22, Planning and Supervision, requires the auditor to consider matters affecting the industry in which the entity operates, including government regulations. Knowledge of these regulations may be obtained from American Institute of CPAs auditing and accounting guides, industry publications, financial statements of other entities in the same industry and the entity's personnel or others knowledgeable about the industry. The AICPA Industry Audit Risk Alerts provide timely discussions of regulatory and legislative developments that affect major industries. These have been issued for most industries for which there is an AICPA industry auditing and accounting guide.

DIFFERENTIATING ILLEGAL ACTS

SAS no. 54 provides examples of both direct- and indirect-effect illegal acts. Apart from these examples, the statement leaves the task of differentiating between them largely to the auditor's judgment. As AICPA committees have attempted to develop guidance about illegal acts for industry audit and accounting guides, it has become apparent that distinguishing direct-effect from indirect-effect illegal acts is difficult.

The examples in SAS no. 54 of direct-effect illegal acts are the same as those included in SAS no. 17, Illegal Acts by Clients - violations of laws and regulations that affect the amount of revenue accrued under government contracts and violations of tax law that affect the amount of expense that is recognized for the period. Additional examples for entities receiving federal financial assistance are provided in SAS no. 63, Compliance Auditing Applicable to Governmental Entities and Other Recipients of Governmental Financial Assistance. SAS no. 63 identifies the types of legal requirements that may have a direct effect on the entity's financial statements. Such laws and regulations generally deal with the following:

* The types of services that may or may not be purchased with financial assistance.

* The characteristics of individuals or groups to whom entities may give financial assistance.

* The amounts entities must contribute from their own resources toward projects for which financial assistance is provided.

Indirect-effect illegal acts are characterized as being related more to the entity's operating aspects than to its financial and accounting aspects. Examples include violations of laws and regulations related to securities trading, occupational safety and health, food and drug administration, environmental protection, equal employment and antitrust. The financial statement effect of these acts is normally the contingent liability that may need to be disclosed. For example, securities may be purchased based on insider information. If the purchase is appropriately recorded, there is no direct effect on line-item amounts in the financial statements. But there is an indirect effect if the potential contingent liability in the form of fines or penalties is not disclosed. This "contingent tail" does not make the violation a direct-effect illegal act, even if it meets the criteria for accrual according to Financial Accounting Standards Board Statement no. 5, Accounting for Contingencies.

All direct-effect laws and regulations have one common characteristic - requirements that affect the valuation or classification of a line-item financial statement amount. As illustrated by the exhibit on page 88, the direct-effect law or regulation impinges on a financial statement assertion (for example, valuation and presentation) embodied in a line-item financial statement amount. The auditor must determine if the amount is valued and presented in accordance with generally accepted accounting principles, which can be determined only by considering compliance with the legal or regulatory requirements governing valuation and classification of the amount. Such requirements are akin to those in a royalty contract that specify how royalty liabilities should be valued and classified.

According to SAS no. 54, the auditor's concern for compliance with these laws and regulations is not necessarily derived from their legality but from their effect on financial statement amounts. The auditor's detection responsibility extends only to the specific requirements that affect the financial statement amounts. For example, certain provisions of the tax code directly affect the manner in which an entity's tax liability is measured and presented in the financial statements. Other code provisions relate to the timely and accurate filing of tax information. The effect of filing violations is indirect - the contingent liability for tax penalties. Although the auditor often performs procedures that may detect the untimely or inaccurate filing of tax returns, these procedures are not sufficient to provide reasonable assurance of detection of violations of the relevant provisions. The auditors' responsibility for this contingency is the same as for other illegal acts that indirectly affect the financial statements.

AUDITING THE CONTINGENT TAIL

Audit procedures performed to develop an opinion about the financial statements may bring to the auditor's attention possible violations of laws and regulations. Examples include reading the minutes of stockholders' and directors' meetings and correspondence from the Internal Revenue Service or other government agencies and inspecting documents that support transactions. In auditing litigation, claims and assessments, the auditor performs the following procedures, which also might disclose illegal acts:

* Discusses with management the policies and procedures adopted for identifying, evaluating and accounting for litigation, claims and assessments.

* Obtains from management a description and evaluation of litigation, claims and assessments, and assurance that all such matters have been disclosed in accordance with FASB Statement no. 5.

* Examines client documents concerning litigation, claims and assessments, including correspondence and invoices from lawyers.

* Obtains assurance from management it has disclosed all unasserted claims that legal counsel has advised management are probable of assertion and must be disclosed in accordance with FASB Statement no. 5.

* Obtains a response from the entity's lawyer to a letter of audit inquiry about litigation, claims and assessments.

These procedures provide limited evidence of compliance with laws and regulations. They rely heavily on management's being aware of a violation and providing information to its lawyer and auditor. Other evidence might not be available until a government agency investigates the violation.

EVALUATION RESPONSIBILITY

If the auditor's procedures indicate illegal acts may have occurred, SAS no. 54 says the auditor should obtain sufficient information about the act to evaluate its effect on financial statements. This responsibility is the same for all types of illegal acts - those having a direct effect on financial statement amounts and those having an indirect effect. Obtaining this information begins with inquiries of management. If management does not provide satisfactory information, the auditor should consult the client's legal counsel and apply any additional procedures necessary to obtain an understanding of the acts. When the auditor concludes, based on the information, that illegal acts have, or are likely to have, occurred, he should consider their effects on the financial statements as well as the implications for other aspects of the audit.

Illegal acts typically involve unasserted or asserted claims. In determining the appropriate financial statement presentation of such claims, management refers to FASB Statement no. 5, which requires that, assisted by legal counsel, it assess the probability of a claim being asserted and the claim resulting in an unfavorable outcome. If the claim has already been asserted, the evaluation only involves consideration of the possible outcome. Based on these assessments, the financial statements may present the contingency by including an accrual of the estimated loss or providing disclosure of the matter in notes to the financial statements.

The auditor's ability to evaluate the contingent effect of an illegal act on the financial statements is limited. The auditor generally does not have the legal training or experience to second-guess management and legal counsel. Instead, the auditor acts as a broad control over the information by evaluating management's disclosure of the matter in relation to counsel's representations and the criteria contained in FASB Statement no. 5.

OTHER COMPLIANCE AUDITING

REQUIREMENTS

In performing audits of government units, not-for-profit organizations and certain other regulated entities, the auditor may perform additional procedures to test compliance with laws and regulations. These procedures go beyond those required to comply with GAAS and are imposed by law, regulation or contractual agreement. An example is the Single Audit Act of 1984 and Circular A-128, Audits of State and Local Governments, issued by the Office of Management and Budget (OMB), which require certain government units and nongovernment entities that receive federal financial assistance to engage an auditor to test and report on compliance with certain laws and regulations. Circular A-133, Audits of Institutions of Higher Education and Other Nonprofit Institutions, includes similar requirements for not-for-profit organizations receiving federal financial assistance.

These additional compliance auditing responsibilities involve providing examination-level assurance about compliance with certain legal and regulatory requirements and applying what could be considered equivalent to agreed-upon procedures to other requirements. Congress and the General Accounting Office have decided which provisions of laws and regulations need to be tested, and the nature and extent of the related assurance required. Guidance as to the procedures to be performed is set forth in OMB Compliance Supplements.

Using this approach, the laws and regulations required to be tested for compliance may not even have an indirect effect on the financial statements of the entity. For example, the Employee Retirement Income Security Act of 1974 (ERISA) has provisions that have no effect on financial statements. ERISA includes bonding requirements that govern the administration of an employee benefit plan. Violations of such provisions have no direct or contingent effect on the financial condition of the plan. Penalties, if any, are levied against the trustee or administrator and not the plan itself.

This extended procedures approach appears to represent an appropriate means of developing expanded auditing requirements for compliance with laws and regulations. Government agencies or legislative bodies can specify the desired level of assurance. The requirements of legislative or administrative due process allow the cost-benefit relationship of the extended procedures to be examined critically.

REPORTING RESPONSIBILITIES

What impact do illegal acts have on the auditor's reporting responsibilities? The answer is complex and may involve a number of reporting vehicles. The option usually thought of first is the audit report. Generally, there is no need for the auditor to modify the audit report for illegal acts, provided the effects of those acts are appropriately reflected in the financial statements. If the auditor concludes that illegal acts have a material direct or indirect effect on the financial statements, and that effect is not appropriately reflected, the auditor should express a qualified or adverse opinion because of the lack of conformity with GAAP. Or, if management refuses to accept the auditor's modified report, the auditor should withdraw from the engagement and notify the audit committee or the board of directors of the reasons for withdrawal. Further, for Securities and Exchange Commission registrants, the auditor is required by the SEC practice section of the AICPA division for CPA firms to provide direct notice to the SEC of his decision to withdraw from the engagement within five business days.

One of the objectives of the expectation gap SASs was to improve communication by the auditor with boards of directors and audit committees to help them fulfill their financial reporting oversight responsibilities. Accordingly, SAS no. 54 includes a requirement for the auditor to make sure that the entity's audit committee is adequately informed of all but inconsequential illegal acts.

Management may make this communication unless the act in question involves senior management. In that case, the matter should be communicated directly by the auditor. Direct communication by the auditor to government agencies or other outside parties is ordinarily not required under U.S. auditing standards, with a number of prominent exceptions:

* In response to a request from a funding agency or from another specified agency that is based on audit and reporting requirements for audits of entities that receive financial assistance from a government agency.

* When the auditor responds to a form 8-K filed by the entity to report a change in auditor, in accordance with SEC regulation S-K, item 304(a).

* When responding to a successor auditor who makes inquiries in accordance with SAS no. 7, Communications Between Predecessor and Successor Auditors.

* In response to a subpoena.

The first two exceptions establish forms of direct reporting of illegal acts to government agencies. The first also allows government agencies to receive information directly about an entity's compliance with laws and regulations. Entities can be required by law or regulation to engage an auditor to issue compliance reports for filing with the agency. The reports may be based solely on procedures performed in the audit of the entity's financial statements or on a combination of these and additional procedures that may be required by law or regulation.

The reporting requirements of an audit in accordance with Governmental Auditing Standards are an example of this form of direct reporting. In these engagements, the auditor is required to issue an additional report on compliance with laws and regulations based solely on the procedures required by GAAS. The report must disclose all instances of noncompliance estimated to be material to the entity's financial statements. The auditor also is required to report all indications of illegal acts that could result in criminal prosecution. While these acts may be included in the required additional report, the auditor also may discharge his responsibility by reporting such matters to top officials of the entity arranging for the audit (including audit committees of board of directors or others of equivalent authority), unless these officials are themselves implicated in the matter or don't report the matter to appropriate outside parties.

The second exception results in a form of direct reporting when the auditor resigns, fails to stand for reelection or is dismissed because of management's response to an illegal act. If management does not accurately describe on form 8-K the relationship of the illegal act to the change in auditor, the auditor is required to describe the matter in his response, which is filed with the SEC. This results in information being made available to the investing public.

FUTURE ISSUES

Given the interest of Congress and regulators in compliance with laws and regulations, the auditor's responsibilities for illegal acts undoubtedly will be addressed again. Several issues appear relevant to any future consideration of these responsibilities.

Should the auditor's detection responsibility be expanded under GAAS? Current professional standards contain a relatively clear delineation of illegal acts for which the auditor has detection responsibility. The auditor has a responsibility to design the audit to provide reasonable assurance of detecting violations of laws and regulations having a direct and material effect on line-item financial statement amounts. Expanding the auditor's responsibility under GAAS would likely result in a level of responsibility that is more difficult to interpret and, therefore, harder for practicing auditors to achieve.

Any approach to expanding the auditor's responsibility under GAAS must involve increasing the auditor's responsibility for the contingent tail. However, this is inhibited by three factors - the lack of available evidence to determine violations of certain laws and regulations, the auditor's limited legal expertise and the difficulty of determining the extent of additional audit procedures that should be applied when the procedures are not directed at detecting misstatements of line-item financial statement amounts.

Clearly, the auditor could design procedures to obtain reasonable assurance of detecting violations of certain laws and regulations that do not have a direct and material effect on the line-item amounts in an entity's financial statements. For example, the auditor of a pension plan's financial statements could design procedures for testing compliance with ERISA's bonding requirements. However, many illegal acts leave little or no evidence they have occurred. For example, a purchase of securities based on insider information would likely produce little, if any, evidence of a violation of insider trading laws. Designing cost-effective procedures to identify violations of such laws and regulations would not be feasible.

Even when sufficient evidence of noncompliance with laws and regulations exists, the auditor does not have the legal expertise to determine the nature and extent of the additional procedures to be performed. Since the auditor is providing an opinion on the financial statements, the determination of the nature and extent of any extended responsibility (audit procedures) under GAAS should be tied to an assessment of the potential effect on the financial statements. To make this assessment, the auditor would have to assess the probability of a violation of a particular law or regulation occurring and the likely amount of any resulting fine, penalty or other contingent liability. These assessments require legal expertise beyond that possessed by most auditors. A clear-cut definition of an extended responsibility under GAAS could be achieved only by developing professional standards that set forth specifically those laws and regulations the auditor would be required to test for compliance and the nature and extent of the related procedures.

Expanding the auditor's responsibility under GAAS has another limitation. The degree of assurance about the disclosure of the effects of a violation of a law or regulation would vary depending on the nature of the law or regulation. More assurance would be provided for laws and regulations for which the auditor could design effective compliance procedures. It's questionable if these varying levels of assurance could be communicated effectively to audit report users. One also might question the cost-benefit of providing additional assurance of compliance with only certain laws and regulations, which may not be the ones of principal concern to legislators, regulators and the public.

Should the auditor's detection responsibility be expanded outside of GAAS? Expanding the responsibility of the auditor outside of GAAS is the approach legislators and some government agencies are currently taking or considering. Laws and regulations are being developed that establish requirements for reports by auditors on the application of extended compliance procedures. This approach to expanding the auditor's responsibility would appear to be more effective and efficient than expanding the auditor's responsibility under GAAS. Regulators can specify the level of auditing desired, regardless of the effects of the laws or regulations on the entity's financial statements. Also, all expansions of audit requirements would go through normal legislative or administrative due process.

Should the auditor's responsibility for direct reporting to regulators be expanded? The auditor already has a responsibility to report illegal acts directly to government agencies in certain circumstances. Still, some legislators and agencies are requesting that auditors assume more direct reporting responsibility. As a part of the Financial Institutions Reform, Recovery and Enforcement Act of 1989, the secretary of the treasury was instructed to study the feasibility of adopting laws or regulations similar to the United Kingdom Banking Act of 1987. That act provides a statutory defense to alleged breaches of an auditor's duty of confidentiality due to communications to the Bank of England, providing the communications are made in good faith. The accounting profession in the United Kingdom has been charged with the responsibility for developing specific guidance about the matters and circumstances that would result in direct reporting.

What is commonly thought of as direct reporting is really a form of "back-up" reporting. If an entity's management does not appropriately communicate a particular matter, the auditor is charged with the responsibility of doing so. Auditors of public companies in the United States already have a form of direct reporting under SEC regulation S-K, item 304(a). This regulation requires the auditor to issue a letter agreeing or disagreeing with management's explanation for the auditors' withdrawal. SAS no. 54 requires the auditor to

* Withdraw from the engagement if the client refuses to accept the auditor's report as modified because of an illegal act or possible illegal act.

* Consider withdrawal from the engagement if the client does not take the remedial action the auditor considers necessary under the circumstances, even when the illegal act is not material to the financial statements. Factors that should affect the auditor's decision include the implications of the failure to take remedial action, which may affect the auditor's ability to rely on management representations.

If U.S. legislators and regulators want auditors to assume responsibility for direct communication (back-up reporting), the effect on auditor-client relationships needs to be considered carefully. Such requirements might inhibit open communication between management and auditor, especially if they involve communication of matters that are inconsequential.

Should the existing responsibilities in SAS no. 54 be clarified? SAS no. 54 indicates the auditor should look to SA no. 53 in determining his responsibility for detecting illegal acts having a direct and material effect on line-item amounts in a financial statement. SAS no. 54 implies this direct effect may involve any of the five financial statement assertions (existence and occurrence; completeness; rights and obligations; valuation or allocation; and presentation and disclosure). However, direct-effect illegal acts may involve and presentation (classification) in the body of the financial statements.

MEETING FUTURE EXPECTATIONS

The auditing profession is ready and able to assume more responsibility for client compliance with laws and regulations. However, this additional responsibility must be established in an appropriate manner. This article has identified some of the problems involved in expanding the auditor's responsibilities are more appropriately assumed via agreed-upon procedures engagements as a supplement to financial statement audits. That way, the profession can meet the expectations of government agencies and legislative bodies in the most cost-effective manner.

EXECUTIVE SUMMARY

* AUDITORS ARE UNDER INCREASED pressure to assume responsibility for detecting and disclosing violations of law encountered during an audit. The auditor's responsibility for doing so is outlined in SAS no. 54, Illegal Acts by Clients. * THE AUDITOR MUST must be aware of those laws and regulations likely to have a direct and material effect on an entity's financial statements. In most cases, however, auditors do not have the legal expertise to identify violations of these laws and regulations. * DIRECT-EFFECT ILLEGAL ACTS are those violations of laws and regulations that directly effect line-item amounts on an entity's financial statements. * INDIRECT-EFFECT ILLEGAL ACTS relate to an entity's operations more than its finances. The financial statement effect is normally the contingent liability, that is, fines and penalties, that must be disclosed. * IF AN ILLEGAL ACT is discovered, the auditor should obtain sufficient information to evaluate its impact on the financial statements. The auditor also must evaluate management's assessment of the act's financial statement impact. * THE AUDITOR SHOULD ASCERTAIN that an entity's audit committee or board of directors is informed of all but inconsequential illegal acts. * THE AUDITOR SHOULD WITHDRAW from an audit engagement if the client refuses to accept his or her report as modified because of an illegal act. * EXPANDING THE AUDITOR'S responsibility for client compliance with laws and regulations would be accomplished best outside the scope of generally auditing standards.

PHOTO : Impact of direct-effect illegal acts on financial statement assertions

DONALD L. NEEBES, CPA, is the national director of auditing standards for Ernst & Young, Cleveland, Ohio. He is chairman of the American Institute of CPAs auditing standards board. DAN M. GUY, CPA, PhD, is vice-president-auditing of the AICPA. O. RAY WHITTINGTON, CPA, PhD, is director of audit research in the AICPA auditing standards division.

Mr. Guy and Mr. Whittington are employees of the American Institute of CPAs, and their views, as expressed in this article, do not necessarily reflect the views of the AICPA. Official positions are determined through certain specific committee procedures, due process and deliberation.

Should the existing responsibilities in SAS no. 54 be clarified? SAS no. 54 indicates the auditor should look to SAS no. 53 in determining his responsibility for detecting illegal acts having a direct and material effect on line-item amounts in a financial statement. SAS no. 54 implies this direct effect may involve any of the five financial statement assertions (existence and occurrence; completeness; rights and obligations; valuation or allocation; and presentation and disclosure). However, direct-effect illegal acts may involve only two assertions - valuation and presentation (classification) in the body of the financial statements.

MEETING FUTURE EXPECTATIONS

The auditing profession is ready and able to assume more responsibility for client compliance with laws and regulations. However, this additional responsibility must be established in an appropriate manner. This article has identified some of the problems involved in expanding the auditor's responsibility under GAAS. These responsibilities are more appropriately assumed via agreed-upon procedures engagements as a supplement to financial statement audits. That way, the profession can meet the expectations of government agencies and legislative bodies in the most cost-effective manner.

PHOTO : Impact of direct-effect illegal acts on financial statement assertions

DONALD L. NEEBES, CPA, is the national director of auditing standards for Ernst & Young, Cleveland, Ohio. He is chairman of the American Institute of CPAs auditing standards board. DAN M. GUY, CPA, PhD, is vice-president - auditing of the AICPA. O. RAY WHITTINGTON, CPA, PhD, is director of audit research in the AICPA auditing standards division.

Mr. Guy and Mr. Whittington are employees of the American Institute of CPAs, and their views, as expressed in this article, do not necessarily reflect the views of the AICPA. Official positions are determined through certain specific committee procedures, due process and deliberation.

COPYRIGHT 1991 American Institute of CPA's
No portion of this article can be reproduced without the express written permission from the copyright holder.

Copyright 1991, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

What is the auditor's responsibility to detect illegal acts?

When an auditor knows that an illegal act has occurred he or she must?

When an auditor becomes aware of a possible illegal act the auditor should?

What are frauds in audit?