ISA 250 Consideration of Laws and Regulations in an Audit

ISA 250 sets out the auditor's responsibilities regarding laws and regulations. This guide covers the two categories of laws, required procedures, and how auditors respond when non-compliance is identified.

Learnsignal Education Team
Updated

ISA 250 Consideration of Laws and Regulations in an Audit of Financial Statements is the international auditing standard that sets out the auditor's responsibilities regarding a company's compliance with the laws and regulations that apply to it. Non-compliance can have a major effect on the financial statements, so this is an important area. This practical guide explains what ISA 250 covers, the two categories of laws and regulations, the auditor's responsibilities, how to respond to suspected non-compliance, and why it matters — in plain language. It's a core auditing topic, relevant to ACCA study. (Always refer to the standard for authoritative requirements.)

What is ISA 250?

ISA 250 addresses the auditor's responsibility to consider laws and regulations when auditing financial statements. Non-compliance with laws and regulations (often abbreviated to "NOCLAR") by an entity may result in fines, litigation or other consequences that could materially affect the financial statements. The standard sets out how far the auditor's responsibility extends — which depends on how closely the law or regulation relates to the financial statements.

The two categories of laws and regulations

ISA 250 draws a key distinction between two categories, because the auditor's responsibility differs for each:

  • Laws and regulations with a direct effect on the financial statements. These are laws generally recognised to have a direct effect on the determination of material amounts and disclosures — for example, tax and pension laws. For these, the auditor's responsibility is to obtain sufficient appropriate audit evidence regarding compliance.
  • Other laws and regulations. These don't directly affect the figures but compliance may be fundamental to the operating aspects of the business, its ability to continue, or to avoid material penalties (for example, the terms of an operating licence, or environmental and health-and-safety regulations). For these, the auditor's responsibility is more limited: to undertake specified procedures to help identify non-compliance that may have a material effect.

The auditor's responsibilities

Within this framework, the auditor's key responsibilities include obtaining a general understanding of the legal and regulatory framework applicable to the entity and how it complies; performing the relevant procedures for each category above; and remaining alert throughout the audit to indications that non-compliance may have occurred. As always, the auditor maintains professional scepticism. It's important to note that detecting non-compliance is not the main objective of an audit, and the auditor is not responsible for preventing it — that responsibility lies with management and those charged with governance.

Responding to identified or suspected non-compliance

If the auditor becomes aware of information suggesting non-compliance, ISA 250 requires them to understand the nature of the act and the circumstances, and evaluate the possible effect on the financial statements. The auditor would discuss the matter with management and, where appropriate, those charged with governance, consider the implications for the audit (including the reliability of management representations and the rest of the audit evidence), and consider whether there is a responsibility to report the non-compliance to parties outside the entity, depending on the law and the auditor's ethical requirements.

Why ISA 250 matters

ISA 250 matters because legal and regulatory non-compliance can have serious financial consequences — fines, penalties, litigation, or even threats to the entity's survival — all of which can affect the financial statements. By setting out a proportionate framework, the standard ensures auditors pay appropriate attention to compliance without being made responsible for matters beyond their expertise. For auditors, understanding the two categories and the corresponding responsibilities is a key, frequently-examined area, and one that connects closely to professional ethics and the public-interest role of the wider audit profession.

The auditor's responsibilities under ISA 250

ISA 250 addresses the auditor's responsibilities relating to laws and regulations in an audit of financial statements. It distinguishes between laws that have a direct effect on the financial statements and those that do not but where non-compliance may still be material. The auditor is not responsible for preventing non-compliance, but must obtain sufficient understanding, remain alert to indications of breaches, and respond appropriately when non-compliance is identified or suspected. Refer to the current standard for the detailed requirements and recent revisions.

Frequently asked questions

What is ISA 250?

The international auditing standard on the consideration of laws and regulations in an audit — setting out the auditor's responsibilities regarding the entity's compliance with laws and regulations.

What are the two categories of laws and regulations?

Those with a direct effect on the financial statements (such as tax law), where the auditor obtains evidence of compliance; and other laws fundamental to the business's operations, where the auditor performs more limited specified procedures.

Is the auditor responsible for preventing non-compliance?

No. Preventing and detecting non-compliance is the responsibility of management and those charged with governance. The auditor considers compliance only as it may materially affect the financial statements.

What does the auditor do if non-compliance is suspected?

Understand the act and its circumstances, evaluate the effect on the financial statements, discuss with management and governance, consider the audit implications, and consider any responsibility to report the matter to parties outside the entity.

Build your auditing skills with Learnsignal

Standards like ISA 250 are central to auditing. Learnsignal's tutor-led ACCA courses develop the audit knowledge the ISAs require — with clear teaching and exam-focused practice. (Always refer to the latest text of the standard for authoritative requirements.)

This page was last updated:

Learnsignal Education Team

Expert Tutor at Learnsignal

Qualified professional with years of experience in teaching and helping students achieve their accounting qualifications.

View all posts by Learnsignal Education Team

Subscribe to Our Newsletter

Join over 30,000+ Learnsignal students and get regular insights delivered to your inbox.

Ready to Start Your Financial Reporting & Standards Journey?

Join thousands of successful students who have achieved their qualifications with Learnsignal.

Ready to get started?

Join 100,000+ students across 130 countries. Choose a plan that fits your goals — cancel anytime.

View Pricing