What is the auditors responsibility when noncompliance with laws or regulations is identified or suspected?

Project Status

This is a completed project

To provide guidance for professional accountants on how best to act in the public interest when they become aware of a suspected illegal act (or non-compliance with laws and regulations (NOCLAR)).

A revision of Section 140 and the development of two new sections in Parts B and C to provide additional guidance for professional accountants in public practice and in business on how to respond in situations where they encounter a suspected fraud or illegal act. The project will focus on the actions that the professional accountant takes when encountering such a situation. It will not address actions that professional accountants should take to identify such matters.

At its October 2009 meeting, the IESBA discussed a draft project proposal to develop additional guidance for professional accountants when encountering a suspected fraud or illegal act.

At its March 2010 meeting, the IESBA CAG discussed the draft project proposal. CAG representatives expressed support for the IESBA commencing such a project and provided input on the scope of the project.

At its September 2010 meeting, the IESBA CAG considered the project proposal and the key issues to be addressed.

At its November 2010 meeting, the IESBA approved the project proposal to develop ethical guidance for professional accountants when encountering a suspected fraud or illegal act.

At its February 2011 meeting, the IESBA reached the following tentative decisions:

• Definitions of “fraud” and “non-compliance” in ISA 240 and 250, respectively, are appropriate for guiding the scope of the project.
• Breaching confidentiality is a significant act and should not occur based on a highly subjective judgment of what is unethical/improper; thus, the project scope should not include unethical/improper acts.
• A professional accountant’s public interest responsibility goes beyond that of a member of the general public.
• Not all illegal acts should fall within the scope of the guidance, but focusing only on those that have a direct/indirect effect on financial reporting might be too limiting.
• The process for responding will vary depending on whether the accountant is in public practice or in business.
• Disclosure outside of the client or employing organization should be required if it is in the public interest to do so and not contrary to local law. Factors to consider could include the significance to financial reporting, extent to which external parties are affected, and likelihood of recurrence.
• Consideration may need to be given to whether protections are afforded the accountant and there is an appropriate authority to whom to disclose information.

At its March 2011 meeting, the IESBA CAG discussed a number of the Task Force’s proposals and provided input on the direction of the project.

At its June 2011 meeting, the IESBA considered the Task Force’s proposals and provided input on a draft of the proposed changes to the Code.

At its September 2011 meeting, the IESBA CAG further discussed issues in the project, including whether a professional accountant should have a responsibility to report externally a suspected illegal act if doing so would be in the public interest.

At its October 2011 meeting, the IESBA considered an exposure drafting addressing ethical guidance for professional accountants in public practice and business when encountering a suspected illegal act. The IESBA discussed the following matters:

• A sequential approach for the accountant to follow in dealing with a suspected illegal act by first discussing the matter with management of the client or employing organization, escalating through higher levels of management if the response is not appropriate and then to those charged with governance if the response is still not appropriate;
• Whether there should be a right or a responsibility to disclose a suspected illegal act to an appropriate authority if the response of the client or employing organization is not appropriate; and
• If such disclosure is required or permitted, the types of illegal acts that should be so disclosed.

At its February 2012 meeting, the IESBA discussed the position to be taken in an Exposure Draft. The IESBA agreed that:

• An auditor and a professional accountant in practice providing non-assurance services to an audit client should be required to disclose, where the client has not done so, to an appropriate authority suspected illegal acts that affect financial reporting or fall within the expertise of the professional accountant, and that are of such consequence that reporting would be in the public interest.
• Accountants performing non-assurance services to non-assurance clients and accountants in business should disclose the matter to the external auditor. If the response to the matter is not appropriate the professional accountant has a right to disclose the matter to an appropriate authority. The accountant would be expected to exercise that right.
• Exceptional circumstances may exist where a reasonable and informed third party would conclude that the public interest is not served by such disclosure because the probable consequences, such as the risk to personal safety of the professional accountant or other individuals, would outweigh the benefits of disclosure.

At its March 2012 meeting, the IESBA CAG discussed the proposed position regarding the steps a professional accountant should take to respond to a suspected illegal act.

At its April 2012 teleconference, the IESBA:

• Discussed a Task Force recommendation that in exceptional circumstances a professional accountant not be required to disclose a suspected illegal act to an appropriate authority if a reasonable and informed third party would conclude that the probable threats to the physical safety of the professional accountant or other individuals are sufficiently severe to justify not making the disclosure. The IESBA tentatively concluded that the exception should not be limited to physical safety. The IESBA requested the Task Force to revise the provision such that it was appropriately limited to exceptional circumstances with physical safety as an example.
• The IESBA also considered the application of the proposals in a group audit situation. The proposals would require a professional accountant providing professional services to an audit client to disclose a suspected illegal act to an appropriate authority in certain circumstances and a professional accountant providing professional services to a non-audit client to disclose the act to the external auditor in certain circumstances. The IESBA noted that the definition of audit client includes related entities in specific circumstances. In light of this definition, the IESBA asked the Task Force to consider to whom disclosure would be required if the professional accountant were providing professional services to an entity that was not an audit client but was a related entity of an audit client.

At its June 2012 meeting, the IESBA approved an exposure draft (ED).  The ED proposed that:

• A professional accountant in public practice providing professional services to an audit client be required to disclose, where the client has not done so, to an appropriate authority suspected illegal acts that affect financial reporting or fall within the expertise of the professional accountant, and that are of such consequence that reporting would be in the public interest.
• An accountant performing a professional service for a client that is not an audit client and an accountant in business be required to disclose suspected illegal acts to the entity’s external auditor, if any, where the accountant is unable to escalate the matter or the client/employing organization respectively has failed to take appropriate action and the matter is of such consequence that the professional accountant determines that disclosure would be in the public interest. If the response to the matter is not appropriate the professional accountant will have a right to disclose certain suspected illegal acts to an appropriate authority. An accountant performing a non-assurance service for a client that is not an audit client would have a right to disclose a suspected illegal act that related to the subject matter of the of the professional service being provided. A professional accountant in business would have a right to disclose a suspected illegal act that affects the financial reporting of the employing organization. The accountant would be expected to exercise the right to disclose.
• In exceptional circumstances a reasonable and informed third party might conclude that the consequences to the professional accountant or others of disclosure are so severe as to justify not complying with the requirement to disclose, for example, where there would be threats to the physical safety of the professional accountant or other individuals. Consequences that are of a commercial nature, such as the loss of a client or income, would not constitute exceptional circumstances.
• Terminating the professional relationship or resigning from the employing organization is not a substitute for disclosure to an appropriate authority.

The ED was issued in August 2012 and the comment period closed on December 15, 2012.

At its March 2013 meeting, the IESBA considered significant comments received on the ED. The IESBA discussed three pivotal issues, namely disclosure to an appropriate authority, disclosure to the external auditor, and the right with an expectation to disclose to an appropriate authority. The IESBA also discussed a number of other issues, including; the “public interest” reporting test and the escalation threshold; the requirement to confirm or dispel the suspicion; types of suspected illegal acts to be disclosed; and the interaction of the proposed standard with the International Standards on Auditing (ISAs).

At its April 2013 meeting, the IESBA CAG considered a number of key issues arising from the significant comments received on the ED.

At its June 2013 meeting the IESBA considered a proposed alternative to the approach set out in the Exposure Draft, Responding to a Suspected Illegal Act, regarding a professional accountant’s responsibilities when encountering a suspected illegal act. Among other matters, the IESBA discussed the concept of a permission in the Code to override confidentiality in the circumstances set out in the proposed Section 225, Responding to a Suspected Illegal Act, applicable to professional accountants in public practice, and Section 360, Responding to a Suspected Illegal Act, applicable to professional accountants in business. It also discussed the various elements of the proposed alternative approach as well as the thresholds for actions, the types of suspected illegal acts to disclose, and documentation.

At its September 2013 meeting, the IESBA considered a revised draft of a straw man of an alternative to the approach set out in the Exposure Draft, Responding to a Suspected Illegal Act, regarding a professional accountant’s responsibilities when encountering a suspected illegal act. Among other matters, the IESBA discussed and agreed to align the term “suspected illegal act” with the term “non-compliance with laws or regulations” used in the International Standards on Auditing (ISAs); it explored the possibility of establishing a presumption, which can be rebutted, that disclosure will be made under certain conditions by professional accountants for clients that are public interest entity audit clients; and it discussed documentation, changes to other sections of the Code, and communication between successor and predecessor accounting firms.

At its December 2013 meeting, the IESBA considered a post-exposure draft of proposed changes to the Code regarding a professional accountant’s responsibilities relating to responding to non-compliance with laws and regulations. Among other matters, the IESBA discussed the approach to disclosure of non-compliance with laws and regulations to an appropriate authority; the application of a materiality filter when responding to such a matter; communication between a proposed accountant and an existing accountant when there is a change in professional appointment; and documentation. The IESBA agreed on a draft of the proposed changes to the Code as a basis for further consultation with key stakeholders through three roundtables to be held in Asia-Pacific, Europe and North America in Q2-Q3 2014.

At its April 2014 meeting the IESBA received a brief update on recent discussions of the project with certain stakeholders, including its Consultative Advisory Group. It also received an update on preparations for its upcoming series of global roundtables on the project in Hong Kong on May 20, Brussels on June 13, and Washington DC on July 20, 2014.

At its July 2014 meeting the IESBA received an update on the discussion of the project with its national standard setter liaison group on May 28 and the feedback received from stakeholders at its two global roundtables on the project in Hong Kong on May 20 and Brussels on June 13. The IESBA also was briefed on preparations for its third and final global roundtable in Washington DC on July 10.

At its October 2014 meeting, the IESBA considered the feedback received from its three global roundtables on its NOCLAR project held in Hong Kong, Brussels and Washington DC in May, June and July 2014, respectively. It also considered Task Force proposals regarding a revised framework for how auditors, professional accountants in public practice providing non-assurance services (NAS), senior-level PAIBs and other PAIBs could respond to suspected NOCLAR.

At its January 2015 meeting, the IESBA considered a revised draft of the proposed Sections 225 and 360 addressing responding to non-compliance or suspected NOCLAR. Topics discussed included: the scope of these Sections; the third party test regarding the need for, and nature and extent, of further action to achieve the objectives under each Section; the factors to consider in determining whether or not to disclose NOCLAR or suspected NOCLAR to an appropriate authority; a draft rationale for the proposed response framework which outlines the strengths of the framework and the main reasons for not imposing mandatory disclosure of NOCLAR or suspected NOCLAR to an appropriate authority in the Code; and illustrative examples of the application of the proposed Sections.

At its April 2015 meeting, the IESBA unanimously approved for exposure revised proposals regarding professional accountants’ response to identified or suspected non-compliance with laws and regulations (NOCLAR). The revised proposals set out a new framework to guide auditors, other professional accountants in public practice, and professional accountants in business (PAIBs) in deciding how best to act in the public interest when they come across an act or suspected act of NOCLAR.

At its September 2015 meeting, the IESBA received a preliminary update on significant comments from respondents to the Exposure Draft, Responding to Non-Compliance with Laws and Regulations.

At its November/December 2015 meeting, the IESBA considered significant comments received on its May 2015 Exposure Draft Responding to Non-Compliance with Laws and Regulations and related Task Force proposals. The IESBA broadly supported the direction of the Task Force’s proposed revisions to the text of the Exposure Draft in the light of the feedback from respondents. Topics on which the IESBA provided input for purposes of refining the NOCLAR provisions included: communication of NOCLAR matters between component and group auditors; where withdrawal by the auditor from the client relationship is related to a NOCLAR matter, whether the auditor’s communication of the facts and circumstances concerning the instance of NOCLAR or suspected NOCLAR to the proposed auditor should be subject to the client’s consent; and where professional accountants have reason to believe an imminent breach of a law or regulation would cause actual or substantial harm to the entity’s stakeholders or the general public, whether the professional accountants would be permitted under the Code to disclose the matter to an appropriate authority without following the response framework set out in the proposed provisions.

At its March 2016 meeting, the IESBA agreed in principle, subject to the deliberations of the International Auditing and Assurance Standards Board (IAASB) on related consequential and conforming amendments to IAASB standards, the final provisions in Sections 225 and 360 of the IESBA Code of Ethics for Professional Accountants (the Code) addressing the responsibilities of professional accountants in public practice and in business, respectively, to respond to NOCLAR or suspected NOCLAR. The IESBA also agreed in principle consequential and conforming changes to other sections of the Code.

Topics discussed included: disclosing NOCLAR to an appropriate authority without following the specified response process; scope of matters covered by the two sections; communication with respect to group audits; documentation by professional accountants other than auditors; communication between predecessor and proposed successor auditors; and the proposed effective date of the final pronouncement.

At its April 2016 teleconference, the IESBA approved the final pronouncement, including consequential and conforming amendments to a number of sections of the Code.

The pronouncement is effective July 15, 2017. Early adoption is permitted.

When the auditor becomes aware of or suspects noncompliance with laws and regulations?

When the auditor becomes aware of information concerning a possible non

What happens if non

What should an auditor do when he becomes aware of information concerning an instance of non