The following auditing standard is not the current version and does not reflect any amendments effective on or after December 31, 2016. The current version of the auditing standards can be found here.
AU Section 317
Illegal Acts by Clients
- (.02 - .06) Definition of Illegal Acts
- (.07 - .11) The Auditor's Consideration of the Possibility of Illegal Acts
- (.12 - .21) The Auditor's Response to Detected Illegal Acts
- (.22 - . 23) Other Considerations in an Audit in Accordance With Generally Accepted Auditing Standards
- (.24) Responsibilities in Other Circumstances
- (.25) Effective Date
(Supersedes section 328)
Source: SAS No. 54.
See section 9317 for interpretations of this section.
This section prescribes the nature and extent of the consideration an independent auditor should give to the possibility of illegal acts by a client in an audit of financial statements in accordance with generally accepted auditing standards. The section also provides guidance on the auditor's responsibilities when a possible illegal act is detected.
Definition of Illegal Acts
The term illegal acts, for purposes of this section, refers to violations of laws or governmental regulations. Illegal acts by clients are acts attributable to the entity whose financial statements are under audit or acts by management or employees acting on behalf of the entity. Illegal acts by clients do not include personal misconduct by the entity's personnel unrelated to their business activities.
Dependence on Legal Judgment
Whether an act is, in fact, illegal is a determination that is normally beyond the auditor's professional competence. An auditor, in reporting on financial statements, presents himself as one who is proficient in accounting and auditing. The auditor's training, experience, and understanding of the client and its industry may provide a basis for recognition that some client acts coming to his attention may be illegal. However, the determination as to whether a particular act is illegal would generally be based on the advice of an informed expert qualified to practice law or may have to await final determination by a court of law.
Relation to Financial Statements
Illegal acts vary considerably in their relation to the financial statements. Generally, the further removed an illegal act is from the events and transactions ordinarily reflected in financial statements, the less likely the auditor is to become aware of the act or to recognize its possible illegality.
The auditor considers laws and regulations that are generally recognized by auditors to have a direct and material effect on the determination of financial statement amounts. For example, tax laws affect accruals and the amount recognized as expense in the accounting period; applicable laws and regulations may affect the amount of revenue accrued under government contracts. However, the auditor considers such laws or regulations from the perspective of their known relation to audit objectives derived from financial statements assertions rather than from the perspective of legality per se. The auditor's responsibility to detect and report misstatements resulting from illegal acts having a direct and material effect on the determination of financial statement amounts is the same as that for misstatements caused by error or fraud as described in section 110, Responsibilities and Functions of the Independent Auditor.
Entities may be affected by many other laws or regulations, including those related to securities trading, occupational safety and health, food and drug administration, environmental protection, equal employment, and price-fixing or other antitrust violations. Generally, these laws and regulations relate more to an entity's operating aspects than to its financial and accounting aspects, and their financial statement effect is indirect. An auditor ordinarily does not have sufficient basis for recognizing possible violations of such laws and regulations. Their indirect effect is normally the result of the need to disclose a contingent liability because of the allegation or determination of illegality. For example, securities may be purchased or sold based on inside information. While the direct effects of the purchase or sale may be recorded appropriately, their indirect effect, the possible contingent liability for violating securities laws, may not be appropriately disclosed. Even when violations of such laws and regulations can have consequences material to the financial statements, the auditor may not become aware of the existence of the illegal act unless he is informed by the client, or there is evidence of a governmental agency investigation or enforcement proceeding in the records, documents, or other information normally inspected in an audit of financial statements.
The Auditor's Consideration of the Possibility of Illegal Acts
As explained in paragraph .05, certain illegal acts have a direct and material effect on the determination of financial statement amounts. Other illegal acts, such as those described in paragraph .06, may, in particular circumstances, be regarded as having material but indirect effects on financial statements. The auditor's responsibility with respect to detecting, considering the financial statement effects of, and reporting these other illegal acts is described in this section. These other illegal acts are hereinafter referred to simply as illegal acts. The auditor should be aware of the possibility that such illegal acts may have occurred. If specific information comes to the auditor's attention that provides evidence concerning the existence of possible illegal acts that could have a material indirect effect on the financial statements, the auditor should apply audit procedures specifically directed to ascertaining whether an illegal act has occurred. However, because of the characteristics of illegal acts explained above, an audit made in accordance with generally accepted auditing standards provides no assurance that illegal acts will be detected or that any contingent liabilities that may result will be disclosed.
Audit Procedures in the Absence of Evidence Concerning Possible Illegal Acts
Normally, an audit in accordance with generally accepted auditing standards does not include audit procedures specifically designed to detect illegal acts. However, procedures applied for the purpose of forming an opinion on the financial statements may bring possible illegal acts to the auditor's attention. For example, such procedures include reading minutes; inquiring of the client's management and legal counsel concerning litigation, claims, and assessments; performing substantive tests of details of transactions or balances. The auditor should make inquiries of management and the audit committeefn 1 concerning the client's compliance with laws and regulations and knowledge of violations or possible violations of laws or regulations. Where applicable, the auditor should also inquire of management concerning—
- The client's policies relative to the prevention of illegal acts.
- The use of directives issued by the client and periodic representations obtained by the client from management at appropriate levels of authority concerning compliance with laws and regulations.
The auditor also obtains written representations from management concerning the absence of violations or possible violations of laws or regulations whose effects should be considered for disclosure in the financial statements or as a basis for recording a loss contingency. (See section 333, Management Representations.) The auditor need perform no further procedures in this area absent specific information concerning possible illegal acts.
Specific Information Concerning Possible Illegal Acts
In applying audit procedures and evaluating the results of those procedures, the auditor may encounter specific information that may raise a question concerning possible illegal acts, such as the following:
- Unauthorized transactions, improperly recorded transactions, or transactions not recorded in a complete or timely manner in order to maintain accountability for assets
- Investigation by a governmental agency, an enforcement proceeding, or payment of unusual fines or penalties
- Violations of laws or regulations cited in reports of examinations by regulatory agencies that have been made available to the auditor
- Large payments for unspecified services to consultants, affiliates, or employees
- Sales commissions or agents' fees that appear excessive in relation to those normally paid by the client or to the services actually received
- Unusually large payments in cash, purchases of bank cashiers' checks in large amounts payable to bearer, transfers to numbered bank accounts, or similar transactions
- Unexplained payments made to government officials or employees
- Failure to file tax returns or pay government duties or similar fees that are common to the entity's industry or the nature of its business
Audit Procedures in Response to Possible Illegal Acts
When the auditor becomes aware of information concerning a possible illegal act, the auditor should obtain an understanding of the nature of the act, the circumstances in which it occurred, and sufficient other information to evaluate the effect on the financial statements. In doing so, the auditor should inquire of management at a level above those involved, if possible. If management does not provide satisfactory information that there has been no illegal act, the auditor should—
- Consult with the client's legal counsel or other specialists about the application of relevant laws and regulations to the circumstances and the possible effects on the financial statements. Arrangements for such consultation with client's legal counsel should be made by the client.
- Apply additional procedures, if necessary, to obtain further understanding of the nature of the acts.
The additional audit procedures considered necessary, if any, might include procedures such as the following:
- Examine supporting documents, such as invoices, canceled checks, and agreements and compare with accounting records.
- Confirm significant information concerning the matter with the other party to the transaction or with intermediaries, such as banks or lawyers.
- Determine whether the transaction has been properly authorized.
- Consider whether other similar transactions or events may have occurred, and apply procedures to identify them.
The Auditor's Response to Detected Illegal Acts
When the auditor concludes, based on information obtained and, if necessary, consultation with legal counsel, that an illegal act has or is likely to have occurred, the auditor should consider the effect on the financial statements as well as the implications for other aspects of the audit.
The Auditor's Consideration of Financial Statement Effect
In evaluating the materiality of an illegal act that comes to his attention, the auditor should consider both the quantitative and qualitative materiality of the act. For example, an illegal payment of an otherwise immaterial amount could be material if there is a reasonable possibility that it could lead to a material contingent liability or a material loss of revenue.
The auditor should consider the effect of an illegal act on the amounts presented in financial statements including contingent monetary effects, such as fines, penalties and damages. Loss contingencies resulting from illegal acts that may be required to be disclosed should be evaluated in the same manner as other loss contingencies. Examples of loss contingencies that may arise from an illegal act are: threat of expropriation of assets, enforced discontinuance of operations in another country, and litigation.
The auditor should evaluate the adequacy of disclosure in the financial statements of the potential effects of an illegal act on the entity's operations. If material revenue or earnings are derived from transactions involving illegal acts, or if illegal acts create significant unusual risks associated with material revenue or earnings, such as loss of a significant business relationship, that information should be considered for disclosure.
Implications for Audit
The auditor should consider the implications of an illegal act in relation to other aspects of the audit, particularly the reliability of representations of management. The implications of particular illegal acts will depend on the relationship of the perpetration and concealment, if any, of the illegal act to specific control procedures and the level of management or employees involved.
Communication With the Audit Committee
The auditor should assure himself that the audit committee is adequately informed as soon as practicable and prior to the issuance of the auditor's report with respect to illegal acts that come to the auditor’s attention.[fn1] The auditor need not communicate matters that are clearly inconsequential and may reach agreement in advance with the audit committee on the nature of such matters to be communicated. The communication should describe the act, the circumstances of its occurrence, and the effect on the financial statements. Senior management may wish to have its remedial actions communicated to the audit committee simultaneously. Possible remedial actions include disciplinary action against involved personnel, seeking restitution, adoption of preventive or corrective company policies, and modifications of specific control activities. If senior management is involved in an illegal act, the auditor should communicate directly with the audit committee. The communication may be oral or written. If the communication is oral, the auditor should document it.
Effect on the Auditor's Report
If the auditor concludes that an illegal act has a material effect on the financial statements, and the act has not been properly accounted for or disclosed, the auditor should express a qualified opinion or an adverse opinion on the financial statements taken as a whole, depending on the materiality of the effect on the financial statements.
If the auditor is precluded by the client from obtaining sufficient appropriate evidential matter to evaluate whether an illegal act that could be material to the financial statements has, or is likely to have, occurred, the auditor generally should disclaim an opinion on the financial statements.
If the client refuses to accept the auditor's report as modified for the circumstances described in paragraphs .18 and .19, the auditor should withdraw from the engagement and indicate the reasons for withdrawal in writing to the audit committee or board of directors.
The auditor may be unable to determine whether an act is illegal because of limitations imposed by the circumstances rather than by the client or because of uncertainty associated with interpretation of applicable laws or regulations or surrounding facts. In these circumstances, the auditor should consider the effect on his report.fn 2
Other Considerations in an Audit in Accordance With Generally Accepted Auditing Standards
In addition to the need to withdraw from the engagement, as described in paragraph .20, the auditor may conclude that withdrawal is necessary when the client does not take the remedial action that the auditor considers necessary in the circumstances even when the illegal act is not material to the financial statements. Factors that should affect the auditor's conclusion include the implications of the failure to take remedial action, which may affect the auditor's ability to rely on management representations, and the effects of continuing association with the client. In reaching a conclusion on such matters, the auditor may wish to consult with his own legal counsel.
Disclosure of an illegal act to parties other than the client's senior management and its audit committee or board of directors is not ordinarily part of the auditor's responsibility, and such disclosure would be precluded by the auditor's ethical or legal obligation of confidentiality, unless the matter affects his opinion on the financial statements. The auditor should recognize, however, that in the following circumstances a duty to notify parties outside the client may exist: fn 3
- When the entity reports an auditor change under the appropriate securities law on Form 8-Kfn 4
- To a successor auditor when the successor makes inquiries in accordance with section 315, Communications Between Predecessor and Successor Auditorsfn 5
- In response to a subpoena
- To a funding agency or other specified agency in accordance with requirements for the audits of entities that receive financial assistance from a government agency
Because potential conflicts with the auditor's ethical and legal obligations for confidentiality may be complex, the auditor may wish to consult with legal counsel before discussing illegal acts with parties outside the client.
Responsibilities in Other Circumstances
An auditor may accept an engagement that entails a greater responsibility for detecting illegal acts than that specified in this section. For example, a governmental unit may engage an independent auditor to perform an audit in accordance with the Single Audit Act of 1984. In such an engagement, the independent auditor is responsible for testing and reporting on the governmental unit's compliance with certain laws and regulations applicable to Federal financial assistance programs. Also, an independent auditor may undertake a variety of other special engagements. For example, a corporation's board of directors or its audit committee may engage an auditor to apply agreed-upon procedures and report on compliance with the corporation's code of conduct under the attestation standards.
This section is effective for audits of financial statements for periods beginning on or after January 1, 1989. Early application of the provisions of this section is permissible.
Footnotes (AU Section 317 — Illegal Acts by Clients):
[The following footnote is effective for audits of fiscal years beginning on or after December 15, 2012. See PCAOB Release No. 2012-004.]
fn 1 For this standard, audit committee is defined as a committee (or equivalent body) established by and among the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of the entity and audits of the financial statements of the entity; if no such committee exists with respect to the entity, the entire board of directors of the entity. For audits of nonissuers, if no such committee or board of directors (or equivalent body) exists with respect to the entity, the person(s) who oversee the accounting and financial reporting processes of the entity and audits of the financial statements of the entity.
[fn 1] [Footnote 1 of paragraph .17 is deleted, effective for audits of fiscal years beginning on or after December 15, 2012. See PCAOB Release No. 2012-004. For audits of fiscal years beginning before December 15, 2012, click here.]
fn 2 See section 508, Reports on Audited Financial Statements.
fn 3 Auditors may be required, under certain circumstances, pursuant to the Private Securities Litigation Reform Act of 1995 (codified in section 10A(b)1 of the Securities Exchange Act of 1934) to make a report to the Securities and Exchange Commission relating to an illegal act that has a material effect on the financial statements. [Footnote added, July 1997, to reflect conforming changes necessary due to the issuance of the Private Securities Litigation Reform Act of 1995.]
fn 4 Disclosure to the Securities and Exchange Commission may be necessary if, among other matters, the auditor withdraws because the board of directors has not taken appropriate remedial action. Such failure may be a reportable disagreement on Form 8-K. [Footnote renumbered, July 1997, to reflect conforming changes necessary due to the issuance of the Private Securities Litigation Reform Act of 1995.]
fn 5 In accordance with section 315, communications between predecessor and successor auditors require the specific permission of the client. [Footnote renumbered, July 1997, to reflect conforming changes necessary due to the issuance of the Private Securities Litigation Reform Act of 1995.]