Estate Agents

Estate Agents

Estate agent trust accounts pose various challenges to auditors, which may easily result in an audit file failing inspections. The Financial Intelligence Centre Amendment Act, 2017 (FIC Amendment Act) introduced important changes to be aware of, while auditors sometimes still have to contend with existing Estate Agency Affairs Board (EAAB) requirements and online audit report submissions. This article aims to guide auditors and highlight significant areas.

Amendments to FIC requirements

The FIC Amendment Act became effective in October 2017, with estate agents (accountable institutions) being granted extension up to 1 April 2019 to be fully compliant. Key amendments were made in the following areas:

  • Risk-based approach (RBA): A new RBA must now be followed when implementing mandatory client due diligence (CDD) measures, where the likelihood and impact of money laundering and terrorist financing (ML/TF) are rated, and appropriate mitigating measures taken. This brings a change from the previous rules-based approach of the required CDD measures.
  • Risk management compliance programme (RMCP): The policy, processes, procedures, systems and controls based on the RBA must be documented in the RMCP. The RMCP considers the size, complexity and nature of the enterprise and must be regularly reviewed.
  • Seven pillars of compliance: The FIC Amendment Act is based on the following seven pillars of compliance:
    • Client identification and verification
    • Record-keeping
    • Reporting
    • RMCP
    • Person responsible for compliance
    • Training of employees

Registration with FIC.

Non-compliance identified

Where an instance of non-compliance is identified when performing an audit of an estate agent, the same rules apply as in any other engagement performed by the auditor:

What about online administration services?

Auditors should guard against placing inordinate reliance on the agreed upon procedures (AUP) report issued by auditors of entities providing online administration services. The AUP performed only confirm that the trust balances and interest included in the report agree with the information contained in the online administration services system, and do not address controls and audit procedures performed. Auditors should compare the report obtained to all assertions for balances and classes of transactions, considerations relating to controls and relevant ISA requirements, in order to determine alternative procedures which may have to be performed.

An entity providing online administration services should be treated as a service organisation, in terms of ISA 402. Therefore, the estate agency’s controls over the service organisation should be evaluated and a separate Type 1 or Type 2 report obtained from their auditors, where reliance on controls of the service organisation is intended, as opposed to controls at the estate agency over transactions administered by the estate agency. Ultimately, the audit approach and procedures would be determined by the size and risks of the entity.

Other common issues on audit files


  • Engagement letter not dated and not including non-compliance with laws and regulations (NOCLAR)
  • No consideration of accounting framework
  • No/inadequate/incorrect safeguards for identified independence threats.


  • Discussions with management not corroborated
  • Materiality inadequately justified/no performance materiality
  • Analytical reviews not performed in enough detail
  • Control design and implementation testing inadequate
  • Fraud risk not properly considered
  • Risk assessment not appropriately justified, especially rebuttal of presumed significant fraud risks.


  • No/inadequate details recorded for compliance testing, e.g. EAAB Act, FIC Act, Companies Act
  • Verbal confirmations/discussions not corroborated
  • Work not documented in re-performable manner, e.g. not enough detail in tick marks to explain what was done
  • Trust balances included in AFS, while trust and business accounts should be kept separate
  • Differences from trust reconciliations not explained/verified
  • Sampling and selection method not specified, sample size not justified, sampling not linked to risk, remaining population not considered
  • Related parties testing inadequate/not documented/not tested for completeness.

Concluding and reporting:

  • Non-compliance not considered, in terms of NOCLAR and reportable irregularity requirements/not included in EAAB auditors’ portal audit report submission
  • Extrapolation of errors and possible effect on audit report not considered
  • Subsequent events working paper date vs. audit report date
  • Going concern consideration inadequate: consideration of management’s assessment/period covered
  • Management representation letter date not close enough/after audit report date.


EAAB audits don’t have to be daunting. Once you have come to grips with the latest compliance requirements and how they fit into the picture, you are well on your way to achieving a successful audit. If you still have concerns about your EAAB audits, or have burning questions, you are welcome to contact LEAF for expert technical advice and practical guidance.


  1. EAAB: The Financial Intelligence Centre Amendment Act Video Clip produced by the EAAB, April 2019
  2. FIC: Financial Intelligence Centre Amendment Act, 2017

We want to know: Was this article useful or not?

If you did not find this article useful, or if you want articles on different topics, please reply to this email and let us know. We welcome your feedback!

How LEAF can give practical assistance

LEAF can assist through audit quality, technical, training and other services to provide you with practical guidance.

Contact us to find out how.

LEAF | Driving the standard of excellence

Upcoming Events