Non-compliance with laws and regulations
Ethical requirements in responding to non-compliance with laws and regulations (NOCLAR) have been in place for several years. Despite this, many practitioners still seem to be uncertain about when and how to apply these requirements — and how they interact with professional standards and local legislative requirements
Auditing requirements
When performing an audit, practitioners need to comply with the requirements of ISA 250 (Revised). Auditors have to consider laws and regulations which have a material, direct or indirect impact on the financial statements of the entity and perform testing to determine whether the entity is compliant. When instances of non-compliance with laws and regulations are identified, further procedures need to be followed, and these instances communicated and reported as deemed necessary in the relevant circumstances. The standard specifically requires consideration of relevant ethical requirements when non-compliance is identified.
Independent review requirements
When performing an independent review, practitioners need to comply with the requirements of ISA 2400 (Revised). The scope of work of an independent review is much smaller than that of an audit and may not be as likely to identify compliance issues. If, however, there is an indication that non-compliance with laws and regulations has occurred in the entity, further procedures, similar to those relevant to an audit, are required. This includes communication and reporting as appropriate, together with consideration of relevant ethical requirements.
Relevant ethical requirements
The IRBA Code of Professional Conduct for Registered Auditors (Revised, November 2018) (IRBA Code) provides a response framework for dealing with NOCLAR. This response framework includes the following broad steps:
• Gaining an understanding of the matter
• Addressing the matter
• Determining whether further action is needed
• Imminent breach
• Documentation.
During any of these steps, the practitioner may conclude that further response is not necessary under the circumstances. There may, however, be instances where the practitioner determines that reporting to an appropriate authority is indeed necessary in the public interest.
Reportable irregularities requirements
Section 45 of the Auditing Profession Act requires auditors to report to the Independent Regulatory Board for Auditors (IRBA) any instances of non-compliance with laws and regulations meeting the definition of a reportable irregularity as defined in this Act.
Regulation 29 of the Companies Regulations, 2011, similarly requires independent reviewers to report to the Companies and Intellectual Property Commission (CIPC) any instances of non-compliance with laws and regulations meeting the definition of a reportable irregularity as defined in this regulation.
Bringing it all together
It is clear from these multiple sources that there are various requirements applicable to practitioners in dealing with instances of non-compliance with laws and regulations identified during audits and independent reviews. It is easy to become confused when having to deal with multiple sets of requirements on the same topic.
To make sense of it all, we need to start at the professional standards. As both ISA 250 (Revised) and ISRE 2400 (Revised) refer to relevant ethical requirements, common ground is found in the IRBA Code, which is based on the international code of professional conduct as published by the International Ethics Standards Board for Accountants (IESBA). This means that the NOCLAR response framework in the IRBA Code forms the basis of the practitioner’s response to instances of non-compliance.
When, based on this response framework, the practitioner then determines that the matter also complies with the definition of a reportable irregularity, the requirements of the Auditing Profession Act, 2005 (Act No. 26 of 2005) or Companies Regulations, 2011 are followed, in addition to what is required in terms of the NOCLAR response framework. The documented consideration of non-compliance should, therefore, address both the steps followed according to the NOCLAR response framework, and the reportable irregularity requirements in terms of the relevant legislation.
In summary
If your working paper templates and checklists do not incorporate this combined response framework, it is time to bring them up-to-date to ensure full compliance with all relevant requirements. If you have any questions, or need assistance in this regard, you are welcome to contact LEAF for expert technical advice, thorough file reviews and practical guidance.
References
- IAASB: ISA 250 (Revised) Consideration of laws and regulations in an audit of financial statements, effective for audits of financial statements for periods beginning on or after 15 December 2017.
- IAASB: ISRE 2400 (Revised) Engagements to review historical financial statements, effective for reviews of financial statements for periods ending on or after 31 December 2013.
- IRBA: IRBA Code of Professional Conduct for Registered Auditors (Revised, November 2018), November 2018
Auditing Profession Act, 2005 (Act No. 26 of 2005) - Companies Regulations, 201
Need help?
If you need advice, guidance, assistance or training, our experienced specialists at LEAF are ready to help your firm to push above and beyond the norm.