When performing an audit, practitioners need to comply with the requirements of ISA 250 (Revised). Auditors have to consider laws and regulations which have a material, direct or indirect impact on the financial statements of the entity and perform testing to determine whether the entity is compliant. When instances of non-compliance with laws and regulations are identified, further procedures need to be followed, and these instances communicated and reported as deemed necessary in the relevant circumstances. The standard specifically requires consideration of relevant ethical requirements when non-compliance is identified.
Independent review requirements
When performing an independent review, practitioners need to comply with the requirements of ISA 2400 (Revised). The scope of work of an independent review is much smaller than that of an audit and may not be as likely to identify compliance issues. If, however, there is an indication that non-compliance with laws and regulations has occurred in the entity, further procedures, similar to those relevant to an audit, are required. This includes communication and reporting as appropriate, together with consideration of relevant ethical requirements.
Relevant ethical requirements
The IRBA Code of Professional Conduct for Registered Auditors (Revised, November 2018) (IRBA Code) provides a response framework for dealing with NOCLAR. This response framework includes the following broad steps:
• Gaining an understanding of the matter
• Addressing the matter
• Determining whether further action is needed
• Imminent breach
During any of these steps, the practitioner may conclude that further response is not necessary under the circumstances. There may, however, be instances where the practitioner determines that reporting to an appropriate authority is indeed necessary in the public interest.
Reportable irregularities requirements
Section 45 of the Auditing Profession Act requires auditors to report to the Independent Regulatory Board for Auditors (IRBA) any instances of non-compliance with laws and regulations meeting the definition of a reportable irregularity as defined in this Act.
Regulation 29 of the Companies Regulations, 2011, similarly requires independent reviewers to report to the Companies and Intellectual Property Commission (CIPC) any instances of non-compliance with laws and regulations meeting the definition of a reportable irregularity as defined in this regulation.