Do you really have to consider NOCLAR when you are already measuring non-compliance against Reportable irregularity (RI) requirements?
What is NOCLAR?
Non-compliance with laws and regulations (NOCLAR) “comprises acts of omission or commission, intentional or unintentional, which are contrary to the prevailing laws or regulations committed by the following parties:
(a) A client;
(b) Those charged with governance;
(c) Management of a client; or
(d) Other individuals working for or under the direction of a client.”
The IRBA Code of Professional Conduct for Registered Auditors provides a response framework for dealing with identified instances of non-compliance. This response framework can be summarised in six main steps, as illustrated below.
How does NOCLAR compare to Reportable irregularities?
The IRBA Frequently Asked Questions on Non-compliance with Laws and Regulations for Registered Auditors issued in October 2017 includes a detailed side by side comparison between NOCLAR and RI requirements. An abbreviated comparison is included below to illustrate the differences.
What does this mean?
A registered auditor is required to comply with both Section 45 of the Auditing Profession Act, 2005 (APA) and the NOCLAR provisions of the IRBA Code.
The IRBA Code provides the overall response framework for responding to non-compliance.
Section 45 of the APA imposes a reporting obligation to the IRBA if non-compliance meets the definition of an RI.
The auditor should comply with the IRBA Code and the APA concurrently, but must always adhere to the prescribed timelines for reporting RIs per Section 45 of the APA.
Complying with RI requirements per Section 45 of the APA may address some of the NOCLAR provisions in the IRBA Code, but the auditor still has a responsibility to assess if there are residual obligations under the NOCLAR provisions of the IRBA Code.
The auditor is required to document their considerations of both the RI and the NOCLAR provisions.
Additional matters to consider:
Non-compliance that doesn’t meet the RI defitinion would still require a response in terms of the NOCLAR provisions.
If an auditor has a duty in terms of law or regulation to report non-compliance to an appropriate authority, the auditor must comply with those requirements. Therefore, the auditor has a responsibility to consider an RI, a NOCLAR or suspected NOCLAR and any additional reporting requirements as stipulated in applicable laws and regulations.
SAICA provides some examples of legislation in South Africa that contain certain reporting requirements.
Auditors cannot avoid responsibilities in terms of the NOCLAR provisions by complying with reporting requirements of legislation. If it hasn’t been done yet, firms should update their audit methodologies and working paper templates as a matter of urgency to cater for NOCLAR considerations and related documentation requirements.
IRBA: Code of Professional Conduct for Registered Auditors (Revised November 2018): Definitions and Section 360 – Responding to non-compliance with laws and regulations, 2018.
IRBA: Frequently Asked Questions on Non-compliance with Laws and Regulations for Registered Auditors: Section 1 – Reportable Irregulatity (RI) and NOCLAR and Appendix A – Comparison between RI and NOCLAR, 2017
SAICA: NOCLAR supplementary material: Overview and Summary of the Response Framework in terms of the NOCLAR Provisions of the SAICA Code of Professional Conduct, 2017.
pSAICA: NOCLAR supplementary material: Examples of legislation in South Africa that contain certain reporting requirements, 2018.
If you need advice, guidance, assistance or training, our experienced specialists at LEAF are ready to help your firm to push above and beyond the norm.