Considering Laws and Regulations in Internal Audit

Standard on Internal Audit (SIA) 17: Consideration of Laws and Regulations in an Internal Audit

The seventeenth Standard on Internal Audit states the consideration of laws and regulations in an internal audit process. The contents of the SIA 17 are as follows-

  1. Scope and Objective
  2. Responsibility of Management
  3. Responsibility of Internal Auditor
  4. Types of Laws and Regulations
  5. Compliance with Laws and Regulations
  6. Internal Audit Procedures in case of identification of Non-Compliance
  7. Reporting of non-compliance

Standards on Internal Audit (SIA) 17

To understand SIA 17 and how the laws and regulations govern the whole internal audit service the contents have to be discussed in detail. The following section elaborates the same.

  1. Scope: While determining the scope of SIA 17, the auditor is required to see through the following aspects-
  • The laws and regulations are to be considered while performing the internal audit.
  • To test the compliances with certain specified laws and regulations.
  • To report compliances with the specified laws and regulations.
  • Non-compliance of the organization intentionally or unintentionally, with act of omission and commission, that are contrary to the laws and regulations prevailing already.
  • Personal misconduct by the governance body, employees and/ or management of the company is not included in the non-compliance.


Objective: The objectives and aims of the SIA 17 are as following-

  • Performing the audit process and procedures as specified.
  • To respond to the suspected or evident non-compliances in the company appropriately.
  • Obtaining Internal Audit Evidence that is sufficient and appropriate.
  1. Responsibility of Management: As per the Standards on Internal Audit or SIA 17 the management of the company is responsible and liable for the following-
  • For ensuring that the company is compliant with all the prescribed provisions and laws and regulations.
  • Achieving the compliances and adherence by assigning the appropriate responsibilities to the following-
  • Audit Committee
  • Compliance Committee
  1. Responsibility of Internal Auditor: It is the duty of the Internal Auditor that he must not make assumptions about the accountability of the management on the decisions taken for risk management. Certain inherent limitations that blocks the work of the internal auditors and their ability to detect any non-compliance in the company are-
  • When the laws and regulations are too many or larger in number
  • Any kind of legal determination by appellate body or court of law
  • Designed conducts in the non-compliance system to conceal them
  1. Types of Laws and Regulations: The following types of laws and regulations must be adhered to as per SIA 17-
  • Those laws and regulations that affect the Financial Statements of the company directly:


  • Those laws and regulations that do affect the Financial Statements of the company directly-
  • To identify any non-compliance, a specified audit procedure must be undertaken as per SIA 17.
  • This impacts the functioning of the company or entity significantly.
  1. Compliance with Laws and Regulations: In order to check and ensure that the company is compliant with all the prescribed laws and regulations and with SIA 17, the following is to be done-
  • Understanding the laws and regulations that directly affect the financial statements
  • Understanding the legal and regulatory framework and system of the company
  • Checking the representations that are written
  • In case of non-identification or suspicion of non-compliance in the company, the Internal Audit Procedures must be checked
  • Through other audit methods and procedures the non-compliance must be brought in attention of the internal auditor
  • Procedures for identification of the non-compliance instances
  1. Internal Audit Procedures in case of identification of Non-Compliance: As per SIA 17 an internal auditor must use a different audit procedure when non-compliance is identified in the company. This includes-
  • Matters having relevancy in the evaluation by the internal auditor
  • Any indications that relates to the non-adherence and non-compliance to provisions and regulations
  • Evaluation of the non-compliance implications
  1. Reporting of non-compliance: As per SIA 17, the internal auditor has to report the non-compliance cases:
  • Non- compliance must be reported in the Internal Auditor’s Report
  • Non-compliance must be reported to the governance body and to those that have been charged with the governing responsibility
  • Reporting the precluded from the obtained Internal Audit Evidence.


Author: Anil Agrawal
EZYBIZ India Consulting LLP, New Delhi. The firm is business and tax consultancy firm providing consultancy in Taxation, Regulatory, Transfer pricing, Valuation, Corporate funding and Business set up matters. He may be reached at 9899217778 or