The proposed amendments to the JSE listing requirements impact the entire financial supply chain, from management to those charged with governance, including audit committees and external auditors who perform reasonable assurance engagements on the issuers’ financial statements.
Following the issue of its consultation paper in September 2018, the Johannesburg Stock Exchange (JSE) announced proposed amendments to its listings requirements (LR) on 12 April 2019. According to the JSE, amendments to the LR were made in response to a spate of recent events surrounding listed issuers. The proposed amendments − which may indeed look different when finally published, cover a range of issues − including:
- Introducing a list of approved exchanges for the purpose of secondary listings on the JSE, and
- Requiring that short-form announcements dealing with annual financial statements must now also include specific disclosure of key audit matters pursuant to International Auditing Standard (ISA) 701 through the inclusion of the full auditor’s report via a web link to the website of the issuer
These and other proposed measures are constructive and helpful. Our focus for this article is the proposed amendments to JSE LR 3.84(k)(i)−(iv), which reaffirm that the primary responsibility for internal controls over the financial reporting process and the accuracy of financial reporting rests with the board and management of the issuer. Proposed JSE LR 3.84(k)(i)−(iv) reads as follows:
‘The CEO and the FD responsibility statement must be made by them after due, careful and proper consideration of same as follows:
The directors, whose names are stated below hereby confirm that −
- the annual financial statements set out on pages […] to […], fairly present in all material respects the financial position, financial performance, and cash flows of the issuer in terms of IFRS;
- no facts have been omitted or untrue statements made that would make the annual financial statements false or misleading;
- internal financial controls have been put in place to ensure that material information relating to the issuer and its consolidated subsidiaries have been provided to effectively prepare the financial statements of the issuer; and
- the internal financial controls have been evaluated and that they are satisfied with the effectiveness of the internal controls or where they are not satisfied they have disclosed to the issuer’s audit committee and auditors all significant deficiencies in the design or operation of the internal financial controls and any fraud that involves directors, and have taken the necessary remedial action.
Signed by the CEO and the financial director.’
This abovementioned proposed amendment is designed for management of the issuer to take full responsibility for the preparation of the annual financial statements.
A comparison can be made between this proposal and the US Sarbanes-Oxley Act of 2002, which also contains requirements for signing off on the compliance with recognised control frameworks. In contrast, the proposed amendments to the LR do not stipulate a preferred control framework that the management of the issuer should use in signing off on the internal financial controls. The report of the Committee of Sponsoring Organisations of the Treadway Commission (known as the COSO report) is an example of a recognised control framework.
In terms of the implications of this responsibility statement for the auditors of the annual financial statements, much research has to still go into it. Our standard-setting experts will need to reflect on it and the text of the final issued JSE LR may provide some clarity. An initial thought is that the introduction of this responsibility statement into the annual report, if it goes ahead, may result in it being considered other information, as defined in ISA 720 (Revised) by the auditor, similar to how an auditor considers the Directors’ Report, the Audit Committee’s Report and the Company Secretary’s Certificate.
ISA 720 (Revised) defines other information as ‘financial or non-financial information (other than financial statements and the auditor’s report thereon) included in an entity’s annual report’.
ISA 720 (Revised) further defines an annual report as:
‘… a document, or combination of documents, prepared typically on an annual basis by management or those charged with governance in accordance with law, regulation or custom, the purpose of which is to provide owners (or similar stakeholders) with information on the entity’s operations and the entity’s financial results and financial position as set out in the financial statements. An annual report contains or accompanies the financial statements and the auditor’s report thereon and usually includes information about the entity’s developments, its outlook and risks and uncertainties, a statement by the entity’s governing body and reports covering governance matters.’
If it is ultimately concluded that the CEO and FD responsibility statement, as laid out above, does constitute other information as defined, then the auditor will have to read the responsibility statement (other information) and consider whether there is a material inconsistency between the other information and the financial statements, and between the other information and the auditor’s knowledge obtained in the audit.
The scenario may become complicated and give rise to audit risks, with regard to the CEO and FD signoff on internal financial controls in the proposed responsibility statement. In the auditor’s considerations of internal controls, as part of the testing that the auditor performs in an audit, the auditor may identify ‘significant deficiencies’ in internal controls. However, the management of the issuer, as part of its signoff under the proposed JSE LR 3.84 (k) (i)−(iv), may identify (and report) that there were no deficiencies. Whether a difference in the conclusions on internal controls between those made by management and those made by the auditor qualifies as a material inconsistency in terms of ISA 720 (Revised), is undoubtedly a matter that will give rise to robust discussions.
Overall, the JSE’s proposed amendments to its LR are part of a chain of enhancements we are witnessing across regulation in South Africa, which aim to restore confidence in financial reporting and financial markets. As expanded on above, these amendments result in certain implications for the auditing profession that will need careful consideration.
 Accessible on https://www.jse.co.za/content/JSEAnnouncementItems/JSE%20Consultation%20Paper/Primary%20Listings%20Amendment%20Schedule.pdf.
 ISA 701, Communicating Key Audit Matters in the Independent Auditor’s Report.
 ISA 720 (Revised), The Auditor’s Responsibilities Relating to Other Information.
 South African Auditing Practice Statement (SAAPS) 3 (Revised May 2019), Illustrative Reports.
Significant deficiency in internal control is a deficiency or combination of deficiencies in internal control that, in the auditor’s professional judgment, is of sufficient importance to merit the attention of those charged with governance. (ISA 265.6).
 A deficiency in internal control exists when a control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct, misstatements in the financial statements on a timely basis; or a control necessary to prevent, or detect and correct, misstatements in the financial statements on a timely basis is missing. (ISA 265.6).
Ian Mtegha CA(SA) is a Professional Manager at IRBA Standards
This article was originally published in ASA.