By: Francois Opperman

In her address at the National Prosecuting Authority’s Stakeholder Conference held in March 2002 the then Minister for Justice and Constitutional Development reminded the audience that one of the targets of the department was to reduce crime by between 7% – 10% per annum Recognising the need for all stakeholders to join forces in order to meet this objective, she emphasised their commitment to ‘find solutions that talk to each other in order to leverage efficiencies that otherwise would not be available but for co-ordination.’

Section 45 of the Auditing Profession Act, Act 26 of 2005 (APA), creates one mechanism whereby government could rely on audit regulation to contribute towards the reduction in white collar crime.

Section 45 deals with the auditor’s responsibility to report reportable irregularities to the Independent Regulatory Board for Auditors (IRBA).

What does section 45 require?

Section 45 of the Act defines a reportable irregularity as ‘any unlawful act or omission committed by any person responsible for the management of an entity, which,

  1. has caused or is likely to cause material financial loss to the entity or to any partner, member, shareholder, creditor or investor of the entity in respect of his or her or its dealings with that entity; or
  2. is fraudulent or amounts to theft; or
  3. represents a material breach of any fiduciary duty owed by such person to the entity or any partner member shareholder creditor or investor of the entity under any law applying to the entity or the conduct or management thereof.’

It should be appreciated that, while it is the auditor’s duty to report irregularities to the IRBA, management remains responsible for ensuring that the necessary systems and controls are in place to manage the risk that such irregularities could occur in the first instance.

The auditor’s responsibility

In terms of section 45 of the Act, the process that the auditor must follow when a potential reportable irregularity is discovered is, briefly, as follows:

  1. A registered auditor that is satisfied or has reason to believe that a reportable irregularity has taken place or is taking place must, without delay, send a written report to the Regulatory Board.
  2. The registered auditor must within three days after sending the report in (al notify members of the management board that he or she had sent such report.
  3. The registered auditor must, within 30 days after having sent the first report to the Regulatory Board, take reasonable measures to discuss the matters with the members of the management board, obtaining representations from them, and then send a second report to the Regulatory Board, which either confirms or dispels the auditor’s initial suspicion.

What management should know

Who is defined as ‘management’? The unlawful act or omission must be committed by a person responsible for the management of the entity. The Act does not define management but does provide a definition for ‘management board’ as follows:

‘Management Board, in relation to an entity which is a company, means the board of directors of the company and, in relation to any other entity means the body or individual responsible for the management of the business of the entity’

A person responsible for management of an entity would usually be responsible for:

  • setting the strategic objectives and operational policies of the entity,
  • allocating resources to meet such objectives and support such policies; and
  • selecting accounting policies, and reviewing and authorising financial statements

These activities would generally be carried out by persons that are responsible for the overall planning, organising, leading, co-ordinating or controlling the business affairs of the entity. The following additional guiding principles are relevant:

  • A branch manager may not be responsible for the management of the entity, only being responsible for part of the business of the entity.
  • An executive committee would be responsible for the management of the entity.
  • Third parties who are contracted to discharge the responsibility of the management of the entity, e.g., business managers, fund managers, pension fund administrators and investment managers, are parties that are responsible for the management of the entity
  • An unlawful act or omission of an employee of an entity with the knowledge of any person responsible for management is viewed as an unlawful act or omission by the person responsible for the management of the entity that has such knowledge.

When the duty to report arises

There is no requirement on the auditor to design procedures to discover reportable irregularities. However, the auditor must respond to any information that comes to his or her attention. That means that the auditor should consider all information, from any source, including third parties. The auditor, however, must consider the reliability of such information before conducting further investigations.

While the auditor would usually consider confidentiality requirements in terms of the Codes of Professional Conduct, this legal provision requires the auditor to consider knowledge that he or she gains, even when providing other services to the client, or even while providing services to another client. The report can only be lodged with the Regulator by the auditor of the entity.

Communication between the auditor and the client

Before the auditor reports to the IRBA, he/she may carry out any investigations considered necessary. These investigations are intended to provide the auditor with sufficient grounds to conclude whether a reportable irregularity has taken place. Although the investigations are not meant to provide management with an opportunity to rectify the situation and avoid reporting, the auditor may discuss the matter with management before sending a report to the IRBA. Such discussions can occur prior to the auditor sending the initial report to the IRBA. The Act requires the auditor to send the initial report without delay, and the ‘reasonable auditor’ test is applied in interpreting the meaning of this phrase. Once the initial report has been sent to the IRBA, the auditor has to apply reasonable measures to discuss the matter with members of management and allow them the opportunity to make representations to the auditor. Such reasonable measures could include written notice to the management, telephonic communication or using other electronic means to contact the client. The auditor, however, is not expected to assume the role of a tracing agent.

What happens to the reportable irregularity?

If the auditor, in the second report, reports that the reportable irregularity is continuing, the IRBA reports the matter to an appropriate regulator, which includes any national government department, regulator, agency, authority or oversight body. That body may, at its discretion, then decide whether to perform further investigations on the client involved.

What is the impact on the audit opinion?

In the event that a reportable irregularity has been reported to the IRBA, the Act does not allow the auditor to issue an audit opinion ‘without such qualifications as may be appropriate in the circumstances’. In layman’s terms, this means that under these circumstances the auditor cannot issue a ‘clean’ report, but has to include a modification to the audit report, which refers to the reportable irregularity. Such a modification would be required even when the reportable irregularity that existed is no longer taking place, and steps have been put in place for the recovery of any loss.

The types of reportable irregularities range from contraventions of the Companies Act, tax irregularities, estate agencies contraventions, non-compliance with JSE rules, labour laws and fraud etcetera.