CA
Tax Tutor
A

SA 250 — Consideration of Laws and Regulations

Think of SA 250 as the standard that answers one uncomfortable question every auditor faces: What happens when I discover my client is breaking the law? That's exactly what SA 250 — Consideration of Laws and Regulations — is designed to handle.

First, understand the two-bucket framework for laws. Bucket 1: Direct laws — these directly shape what goes into the financial statements. Think the Companies Act 2013, Income Tax Act, GST Act. These have a pervasive effect, so the auditor has a direct responsibility to check compliance. Bucket 2: Indirect laws — these don't directly affect financial statements but non-compliance could still hurt the company financially through fines, penalties, or loss of licence. Think labour laws, environmental regulations, SEBI norms for listed companies. Here, the auditor's responsibility is limited — they only need to stay alert and investigate if something looks suspicious.

Now, what does the auditor actually do? The standard sets out three layers. Layer 1 — Obtain a general understanding of the legal and regulatory framework applicable to the entity and industry. Layer 2 — Perform specific procedures for direct laws (e.g., verify PF/ESI compliance, check dividend declaration as per Companies Act). Layer 3 — Remain alert throughout the audit for any indication of non-compliance (unusual transactions, unexplained payments, legal notices hidden in board minutes). Importantly, SA 250 clarifies that the auditor is not responsible for preventing non-compliance — that duty belongs to management and Those Charged with Governance (TCWG).

When the auditor does spot non-compliance (or suspects it), here's the drill: First, discuss with management and obtain explanations. Second, evaluate the effect on the financial statements — do penalties need to be provided for? Is going concern affected? Third, if management is involved in the non-compliance, escalate to TCWG. Fourth, consider whether to modify the audit report (qualified or adverse opinion if material and not disclosed). Finally — and this is the exam favourite — consider whether there is a duty to report to regulatory authorities. In India, this could mean reporting to the NCLT, SEBI, or RBI depending on the entity type. Note: SA 250 recognises that professional duty of confidentiality may conflict here, and the auditor may need legal advice. This is asked frequently as a 4-mark or 8-mark question in the form of scenario-based problems.

📊 Worked example

Example 1 — Identifying the bucket and auditor's duty

Setup: You are auditing Rajesh & Co. Pvt. Ltd. During the audit, you find two things: (a) The company has not deposited TDS of ₹3,20,000 for Q3, attracting interest and penalty under the Income Tax Act. (b) The company's factory has been dumping waste in violation of environmental regulations — a show-cause notice of ₹15,00,000 has been received but not recorded anywhere in the books.

Working:

  • Item (a): Income Tax Act → Direct law (Bucket 1) → Auditor has a direct responsibility. TDS default creates a liability (interest + penalty) that must be provided in financial statements. If not provided and material, the auditor should qualify the report.
  • Item (b): Environmental law → Indirect law (Bucket 2) → Auditor's duty is to remain alert. The show-cause notice of ₹15,00,000 is a contingent liability. Since it exists and management has not disclosed it, this is a non-compliance with AS 29 (Provisions, Contingent Liabilities). If material, this requires disclosure or a qualified opinion.

Final Answer: Item (a) requires a provision; Item (b) requires disclosure as contingent liability. Both require discussion with management and possible report modification.

---

Example 2 — Reporting non-compliance: scenario

Setup: During audit of Ms. Iyer's NBFC, you discover that the company has been accepting public deposits without RBI registration — a clear violation of RBI Act. The amount involved is ₹42,00,000. Management refuses to disclose this in financial statements.

Working:

  • Step 1: This is non-compliance with a direct law (RBI Act governs NBFC operations directly).
  • Step 2: Management refuses to make disclosure → escalate to TCWG (Board of Directors).
  • Step 3: ₹42,00,000 is material. Non-disclosure will cause the financial statements to be misleading.
  • Step 4: Auditor should issue a qualified or adverse opinion depending on pervasiveness.
  • Step 5: Given the RBI Act violation, the auditor should consider reporting to RBI directly, taking legal advice if needed on confidentiality vs public interest.

Final Answer: Adverse/Qualified opinion + possible reporting to RBI. Auditor cannot simply ignore management's refusal.

⚠️ Common exam mistakes

  • Students think the auditor must detect ALL non-compliance — Wrong. SA 250 clearly says the auditor is not responsible for detecting every instance of non-compliance. The responsibility to comply lies with management. The auditor only needs to perform procedures and stay alert.
  • Confusing Bucket 1 and Bucket 2 laws — Don't say 'the auditor has no responsibility for indirect laws.' The correct answer is the auditor has limited responsibility — they must remain alert even for indirect laws. The extent of procedures differs, not the existence of responsibility.
  • Forgetting the escalation ladder — In exam scenarios, students jump straight to 'qualify the report.' The correct sequence is: management → TCWG → modify report → consider reporting to regulator. Skipping steps loses marks.
  • Missing the contingent liability angle — When non-compliance leads to a fine or penalty notice, always check if it needs to be shown as a provision (probable and estimable) or a contingent liability (possible). SA 250 questions frequently overlap with AS 29.
  • Treating reporting to regulators as automatic — Don't write 'auditor must report to regulator' without qualification. SA 250 says the auditor considers reporting; in most cases, professional confidentiality applies unless there's a statutory obligation or public interest override. Mentioning 'taking legal advice' earns bonus marks in 8-mark answers.
📖 Reference: SA 250 — Institute of Chartered Accountants of India
Test yourself
Practice questions on this section, AI-graded with citations.
⚡ Practice now →