By Adiebah Moruck
It has now been almost a year since the new standard Responding to Non-Compliance with Laws and Regulations, released by the International Ethics Standards Board for Accountants (IESBA), has become effective. Although relatively new, the standard is already increasing awareness amongst professional accountants in business, as well as in practice, to consider their role in combating fraud and non-compliance with laws and regulations (NOCLAR).
The SAICA Code of Professional Conduct doesn’t place additional responsibilities on the professional accountant in business (PAIB) to identify NOCLAR but provides a response framework which sets out their responsibilities and the steps that should be taken when becoming aware of NOCLAR or suspected NOCLAR. It remains the responsibility of management and those charged with governance (TCWG) to ensure compliance with the relevant laws and regulations, but the inclusion of this section in the code allows the PA to play a significant role in the fight against fraud and corruption.
As the profession adapts to the new requirements of section 360 in the code, which specifically focuses on professional accountants in business, the most common question asked is: ‘Should I be reporting this NOCLAR to an appropriate authority?’
Here it is important to note that the code doesn’t automatically require you to report the NOCLAR or suspected NOCLAR when becoming aware of it, but instead requires you to follow the response framework set out in the code. The code differentiates between PAIB’s and senior PAIB’s and their and their responsibilities and the appropriate response framework that should be followed, depending on the category of PAIB you fall into.
The response framework requires both the PAIB and the senior PAIB to determine whether the NOCLAR falls within the scope of the code. If the matter falls within the scope of the code, you have to consider whether specific legislation imposes a reporting obligation or whether there are any laws or regulations that precludes reporting the matter.
The next step would be to obtain an understanding of the matter, taking into account the nature of the act and the circumstances in which it occurred, the application of the relevant laws and regulations to the circumstance, and the potential impact of the non-compliance.
The main objective of the code is to promote a culture where the right people are doing the right thing (in other words, management or TCWG). You are therefore required to discuss the matter with the appropriate level of management to determine how the matter should be addressed. Many organisations have established internal policies and procedures that should be followed when suspected or identified NOCLAR should be reported. If there are protocols in place, the PAIB should consider this when determining how to respond to the NOCLAR and whether this mechanism would satisfy the requirement to discuss with the appropriate level of management.
After discussions are held with the proper level of management, the PAIB should ensure that the organisation appropriately responds to the NOCLAR and that timely action is taken to rectify or remediate the effects of the suspected or identified NOCLAR.
Because senior PAIB’s are often directors, prescribed officers or senior employees who are able to exert significant influence over and make decisions regarding the employing organization, there is an enhanced responsibility on them to take appropriate action to respond to the NOCLAR. This is where the code differentiates between PAIB’s and senior PAIB’s.
As a senior PAIB, if you are not satisfied with the response by management or TCWG, you would need to determine whether the act could result in serious adverse consequences and whether further action is required in the public interest. One of the factors to consider is whether the NOCLAR results in substantial financial or non-financial harm to the entity, investors, creditors, employees or the general public. The code provides examples of a list of actions, but it is not intended to be a complete list.
Further action could include, among others:
- Disclosing the matter to management of the parent entity when the organisation is a member of a group
- Disclosing the matter to the external auditor if this is pursuant to your duty or legal obligation to provide all information necessary to enable the auditor to perform the audit
- Reporting the matter to an appropriate authority even when there is no legal or regulatory requirement to do so, and without being limited by the ethical duty of confidentiality, or
- Resigning from the employing organisation
- Reporting the matter to an appropriate authority would only occur at the end of the process if the senior PAIB is not satisfied that appropriate steps have been taken to rectify, remediate or mitigate the non-compliance.
The code is very clear that professional accountants in business must comply with the law and should not take any action or fail to act contrary to the law. As a PAIB you have to apply knowledge, expertise and professional judgement when dealing with instances of non-compliance and if considered necessary, we encourage you to consult internally, obtain legal advice or consult on a confidential basis with a regulator or professional body.
Adiebah Moruck is a Senior Manager Quality and Risk Management at Mazars.