PracticeAuditBrave new world: how auditor responsibilities are changing

Brave new world: how auditor responsibilities are changing

Fayez Choudhury, CEO of IFAC, looks at the updated Code of Ethics for Professional Accountants, NOCLAR, and how auditor responsibilities are changing

Brave new world: how auditor responsibilities are changing

Consider this situation: during an external audit, the audit manager discovers a serious environmental regulation breach, supported by unequivocal evidence. The auditors take the issue to the client, who admits the infraction and subsequently makes a significant provision and related disclosures in the financial statements to avoid material misstatement, but does not remediate the severe environmental consequences. The issue is also raised with the Audit Committee, which agrees to the financial statement actions.

While the environment impact remains inadequately addressed, the company’s financial statements are now free from material misstatement, and an unmodified opinion is issued in the independent auditor’s report. Neither the auditor nor management is required to take the issue further.

Behavior and actions like this have placed businesses under increased public scrutiny and criticism in recent years. High-profile corporate scandals have led to considerable shareholder and wider stakeholder losses. Consequently, public trust in business has fallen sharply – and auditors have not been exempt.

Despite being bound by the ethical duty of confidentiality, auditors have been criticised in the past for failure to report significant client breaches of laws and regulations.

Confidentiality vs the right thing to do

We are now entering a new era. On July 15, 2017, an updated Code of Ethics for Professional Accountants for the global accountancy profession (the Code) went into effect. In jurisdictions that have adopted the Code, professional accountants—both within companies and in public practice—are subject to a new global standard on addressing and reporting suspected non-compliance with laws and regulations—or NOCLAR. The standard is also in effect for the group of the largest 28 accounting firm networks in the world with respect to transnational audits.

NOCLAR has been more than six years in the making. The International Ethics Standards Board for Accountants (IESBA), which issues the Code, consulted extensively with a wide range of global stakeholders. The resulting standard addresses the challenge faced by auditors and other professional accountants: balancing their duty of confidentiality with their duty to act in the public interest when they become aware of suspected non-compliance.

Previously, auditors could simply resign upon uncovering client non-compliance issues, thus maintaining confidentially but not protecting the public interest. This changes with NOCLAR—confidentiality under the Code now cannot override the public interest in all circumstances.

NOCLAR provides a “new normal” for auditor whistleblowing and the basis upon which all future non-compliance issues will be assessed. It also provides a new client interaction framework for auditors, and a guide for when they report suspected or actual non-compliance to relevant authorities.

In the Public’s Best Interest

NOCLAR addresses acts of omission or commission, intentional or unintentional, committed by a client or an employer, or their employees or contractors, contrary to prevailing laws or regulations.

Examples of non-compliance that can be of public interest under NOCLAR include bribery, money laundering, proceeds of crime, fraud, corruption and public health and safety. Also included are issues increasingly important to stakeholders such as environmental protection, taxation and data protection.

Given the stream of high-profile non-compliance in recent years, auditors must use their professional judgement and apply the NOCLAR framework to decide how best to respond to uncovered problems.

Uncovering an issue: how do you know when to respond?

First, a response is required – turning a “blind eye” is not an option. Auditors need to heed laws already in place, as NOCLAR does not override those laws. Existing laws could include client confidentiality laws, reporting obligations or laws guarding against “tipping off.” At the outset, NOCLAR requires auditors to establish what their obligations are under such laws and comply with them.

While auditors are not legal experts, NOCLAR guides them to raise the issue with the client in order to fully understand the non-compliance, and to consult with relevant professional organizations or seek legal advice at the appropriate junctures as they navigate the contours of the issue.

Responding vs reporting

Depending on the nature of the non-compliance, auditors’ response could stop at management tackling the problem. However, if there are substantial public and/or stakeholder harm considerations, non-compliance could also be reported to a public authority. One NOCLAR’s key aspects is its clear reporting structure, giving auditors a “how and when” issue escalation framework.

NOCLAR calibrates the auditor’s professional judgement between maintaining client confidentiality and reporting suspected non-compliance to the right public authority, always applying an objective lens in deciding whether to take further action.

Telling the world?

Not at all. Reporting an instance of non-compliance is focused on notifying the appropriate authority. NOCLAR provides a path for auditors to navigate various—often complex—considerations.

If the client has not appropriately addressed an issue, auditors must make delicate judgments:

  1. Is there credible evidence to support their findings?
  2. Would the non-compliance likely cause substantial harm? Auditors must think beyond shareholders and assess the impact on broader stakeholders such as employees, creditors and the public.
  3. Are there legal prohibitions on reporting? If so, it does not mean going back to the drawing board. Auditors are guided to decide whether to take other action, including resigning from the client relationship if not prohibited by law.
  4. If reporting is the right thing to do, to which appropriate authority? Is there legal protection? And are there any threats to the auditors’ physical safety or that of others?

Job done?

Reporting to authorities is not the end for suspected non-compliance. For auditors, litigation has long been an ongoing risk.  Should their logic unravel on investigation, they could be held liable and if they decide not to report, they could be held accountable if public harm was caused. However, to mitigate those risks, NOCLAR stresses that auditors must act in good faith and document their judgments and actions.

NOCLAR helps protect auditors and professional accountants from wider criticism and ultimately enhances public trust in the profession. As NOCLAR becomes inextricably woven into the profession’s fabric, clarity on how to respond to non-compliance will increase—and further enhance how businesses and auditors act to protect the public interest.

Fayez Choudhury is the chief executive officer of the International Federation of Accountants (IFAC)

Related Articles

KPMG replaces PwC as Croda auditor

Accounting Firms KPMG replaces PwC as Croda auditor

5d Emma Smith, Managing Editor
KPMG rocked by South African corruption scandal

Audit KPMG rocked by South African corruption scandal

4w Alia Shoaib, Reporter
BDO replaces Deloitte as Mitie auditor

Audit BDO replaces Deloitte as Mitie auditor

1m Emma Smith, Managing Editor
Latest Big Four auditor changes

Audit Latest Big Four auditor changes

2m Alia Shoaib, Reporter
PwC fined a record £5.1m by the FRC over RSM Tenon audit

Audit PwC fined a record £5.1m by the FRC over RSM Tenon audit

2m Alia Shoaib, Reporter
PwC to audit BBC pay policies following gender pay gap outrage

Accounting Firms PwC to audit BBC pay policies following gender pay gap outrage

2m Alia Shoaib, Reporter
PwC to take over from Deloitte as Diploma auditor

Accounting Firms PwC to take over from Deloitte as Diploma auditor

2m Alia Shoaib, Reporter
Deloitte rises in auditor rankings with most FTSE 250 clients

Accounting Firms Deloitte rises in auditor rankings with most FTSE 250 clients

2m Alia Shoaib, Reporter