Embed Size (px)
Citation preview
NBAA SEMINAR ON AUDITING AND ACCOUNTING
Wednesday 18th to Friday 20th January, 2017, AICC Arusha
Responding to Non Compliance with Laws &
Regulations (NOCLAR)
Prepared and presented by CPA Joseph Sheffu, Partner Ernst & YoungCPA-PP, MBA (Oxford), MSc (Birmingham)Presented in strictly personal capacity
Background
Background
See No Evil
Background
See No Evil Hear No Evil
Background
See No Evil Hear No Evil Speak No Evil
Background
CPAs should NO longer turn a blind eye to the matter, that NOCLAR consequences are addressed
or that NOCLAR be deterred, and that further action be taken as appropriate in the public
interest.
Agenda• What is NOCLAR is it a pronouncement? a
guidance? or a standard?• Why was it enacted?• Is it mandatory or voluntary?• It is applicable to who? Auditors only?• What are the specific circumstances? Which laws
& regulations?• Committed by Who?• What should I do?• How am I protected?• When is it effective?
What is NOCLAR?NOCLAR - Non compliance with laws & regulationsBreaches comprise act of: • Omission or commission,• Intentional or unintentional, committed by a
client or employer, or by those charged with governance (TCWG), by management or by other individuals working for or under the direction of a client or employer which is contrary to the prevailing laws or regulations.
• Real or potential/suspected
Scenarios?Real or potential?
What should CPA-PP, CPA do?• AO orders procurement without following PPA? Or in
the absence of budget/vote?• FM/CA/SA aware substantial VAT was not charged to a
customer?• Auditor observes client has breached tax or other laws
with severe consequence?• FM/CA/SA aware CEO imposed on adjustments to
overstate/understate profit?• Junior accountant observes CA/FM breaches laws• No action is taken on reported NOCLAR
Background
• Public outcry/Public interest
• What is reasonable to ask of CPA-PPs and CPAs, given their responsibility to act in the public interest when they encounter or are made aware of NOCLAR or suspectedNOCLAR, when providing a professional service to their clients or carrying out their duties for their employer
Objectives
• It is a IESBA’s Standard. It sets out a framework to guide CPA-PP and other CPAs in what actions to take in the public interest when they become aware of a real or potential illegal act, known as non-compliance with laws and regulations, or NOCLAR, committed by a client or employer.
• Effective July 15, 2017. Early adoption is permitted
International Ethics Standards Board for Accountants
Why was it enacted?
• Revitalise the relevance of our profession i.e. serving public interest
• Protection of CPA-PP & CPA - fear of breaching client/employer confidentiality
• Whistleblowing protection• Raising CPA-PP & CPA status above bar• Assign some personal responsibility
Why was it enacted?• Provides a clear pathway for CPA-PP & CPAs to
disclose potential non-compliance situations to appropriate public authorities in certain situations without being constrained by the ethical duty of confidentiality
• Emphasis on the role of senior-level CPAs in business in promoting a culture of compliance with laws & regulations and prevention of non-compliance within their entities.
• Junior level too
Who does it apply to?
• Applies to ALL categories of professional accountants:
• CPA-PP in audit & CPAs in all industries e.g. those in private businesses, Government, other institutions e.g. education, and the NGO/NFP sector also, Graduate Accountants
• Recognizes different levels of PAs
Coverage of breaches of:Laws & regulations that deals with:
Interesting Note:
Both Actual or Potential/
Suspected (Umbeya pia
umo !!!?)
Intended outcome
• CPAs react timely to identified/suspected
• Rectifying, remediating, or mitigating the adverse consequences
• Deterring the commission
• Stimulating increased reporting - where required by law, or where determined appropriate under the Code in the public interest
But which Laws & Regulations?
• Those which are nexus to our professional training &expertise
• That which have a direct effect on the determination of material amounts & disclosures in the financial statements
• Other with which may be fundamental to the entity’s business & operations, or to avoid material penalties
Example: BFIA
• External auditor shall immediately report to the Bank if, during the course of the audit, he becomes aware of:
• any serious breach of or non-compliance with the provisions of the Act, the Bank of Tanzania Act, Foreign Exchange Act, Anti Money Laundering Act, or Regulations, guidelines, circulars or directives issued by the Bank or any other relevant legislation;
• Fraud or other dishonesty committed by a bank or any of its officers or employees
Example: BFIA
• Where an external auditor of a bank or financial institution or any of its partner has established any other relationship with that bank or financial institution, he shall immediately notify BOT
Reporting to whom (regime) ?
What is not in scope?
• Matters that are clearly inconsequential
• Personal misconduct unrelated to the business activities of the client or employer
• Non-compliance other than by the client or employer, or TCWG, management or other individuals working for or under the direction of the client or employer
What are the specific responsibilities?
• Differential approach to responding:Auditors vs. other PAs in public practiceSenior-level PAIBs vs. other PAIBs
• This approach recognizes the different remits of the different categories of PAs, the different spheres of influence, the different levels of authority, responsibility & decision making, &the different levels of public expectations.
Definitions PA, PAIB?
• “Senior PAIB” - director, officer, or senior employee able to exert significant influence over, and make decisions regarding, the acquisition, deployment, & control of the organization’s human, financial, technological, physical, and intangible resources.
What is required of Auditors?
(1) Raise the identified or suspected NOCLAR with management/TCWGClarify/substantiate/dispel Enable management/TCWG to investigate
To advise management/TCWG to: o Address the consequenceso Deter the NOCLAR o Disclose the matter to an appropriate authority
where required by law or regulation or where necessary in the public interest
What is required of Auditors?
(2) Fulfill their legal & professional responsibilities:
• Understand & comply with applicable laws ®ulations, including requirements regarding reporting to an appropriate authority & prohibitions against “tipping off”
• Comply with applicable auditing standards Communicate the matter appropriately in the context of a group
What is required of Auditors?
(3) Determine if further action is needed• Assess appropriateness of the response of
management/TCWG. In light of that response, determine objectively if further action needed in the public interest. Consider:Credible evidence of substantial harm to the
entity or stakeholders Any law prohibiting disclosure of confidential
information to an outside party
What is required of Auditors?
(3) Determine if further action is neededCourses of further action may include:
• Disclosing the matter to an appropriate authority even if not required by law
• Withdrawing from the engagement & client relationship. If withdrawing, inform proposed successor of the NOCLAR
What is required of Auditors
• Keep sufficient documents to evidence it thought process and decision
• Document, among other matters, courses of action considered, judgments made, and decisions taken
What is required of Senior-Level PAIBs
(1) Overarching expectations
• Set the right tone at the top
• Establish appropriate policies & proceduresto prevent NOCLAR, including whistleblowing procedures as a necessary part of good internal governance
What is required of Senior-Level PAIBs
(2) Fulfill professional responsibilities• Raise NOCLAR with a superior/TCWG• Understand & comply with laws & regulations,
incl. regulatory reporting obligation• Rectify, remediate, detect or mitigate
consequences• Prevention• Also determine disclosure responsibility e.g. to
auditors
What is required of Senior-Level PAIBs
(3) Determine if further action is needed• Assess appropriateness of the response of• superiors, if any, and TCWG• objectively determine if further action needed in
the public interest• Consider: credibility of evidence; reporting to the
parent; legal obligation; disclose to authorities even if not required by law; resignation.
What is required of Senior-Level PAIBs
Imminent breach In exceptional circumstances, may immediately disclose the matter to an appropriate authority if imminent breach of a law or regulation that would cause substantial harm to stakeholders
Documentation is encouraged; cover your back!
Required of other PAs PP & Other PAIBs
• Same principles apply to all PA – Act & not turn a blind eye
• Discuss with management/TCWG demand action• If audit client, inform local & group audit
partners• PA-PP consider informing 3rd party external
auditor (No client pre-approval is needed)• Consider further action in the public interest?• Disclose anyway?, resign?
Required of other PAs PP & Other PAIBs
Imminent breach• In exceptional circumstances, may
immediately disclose the matter to an appropriate authority if imminent breach of a law or regulation that would cause substantial harm to stakeholders
Required of other non-senior PAIBs
• Escalate to your supervisor or next higher level of authority; or
• Use established internal whistle-blowing mechanism
• TZ case, still responsible to local laws that assign personal responsibility
• Documentation encouraged, cover your back
Conclusion
The standard alone cannot address issues of non-compliance. Needs for strong corporate governance systems; robust, trusted, and effective legal & regulatory regimes; and ongoing efforts by all actors i.e. accounting firms, professional bodies, academic institutions & others to assist CPAs in becoming more aware of and in better understanding their legal, regulatory, & ethical responsibilities regarding responding to NOCLAR.
• Thank you
