Auditing Profession Act, 2005 (Act No. 26 of 2005)

Board Notices

Independent Regulatory Board for Auditors

New Rules Regarding Improper Conduct and Code of Professional Conduct for Registered Auditors

Code of Professional Conduct for Registered Auditors

Part A : General Application of the Code

Section 100 : Introduction and Fundamental Principles

Purchase cart Previous page Return to chapter overview Next page

 

100.1 A distinguishing mark of the auditing profession is its acceptance of the responsibility to act in the public interest. Therefore, a registered auditor’s responsibility is not exclusively to satisfy the needs of an individual client. In acting in the public interest, a registered auditor shall observe and comply with this Code. If a registered auditor is prohibited from complying with certain parts of this Code by law or regulation, the registered auditor shall comply with all other parts of this Code.

 

100.2 This Code contains two parts. Part A establishes the fundamental principles of professional ethics for registered auditors and provides a conceptual framework that registered auditors shall apply to:
(a) Identify threats to compliance with the fundamental principles;
(b) Evaluate the significance of the threats identified; and
(c) Apply safeguards, when necessary, to eliminate the threats or reduce them to an acceptable level. Safeguards are necessary when the registered auditor determines that the threats are not at a level at which a reasonable and informed third party would be likely to conclude, weighing all the specific facts and circumstances available to the registered auditor at that time, that compliance with the fundamental principles is not compromised.

 

A registered auditor shall use professional judgment in applying this conceptual framework.

 

100.3 Part B describes how the conceptual framework applies in certain situations. It provides examples of safeguards that may be appropriate to address threats to compliance with the fundamental principles. It also describes situations where safeguards are not available to address the threats, and consequently, the circumstance or relationship creating the threats shall be avoided. Part B applies to registered auditors in public practice.

 

100.4 The use of the word "shall" in this Code imposes a requirement on the registered auditor to comply with the specific provision in which “shall” has been used. Compliance is required unless an exception is permitted by this Code.

 

Fundamental Principles

 

100.5 A registered auditor shall comply with the following fundamental principles:
(a) Integrity - to be straightforward and honest in all professional and business relationships.
(b) Objectivity - to not allow bias, conflict of interest or undue influence of others to override professional or business judgments.
(c) Professional Competence and Due Care - to maintain professional knowledge and skill at the level required to ensure that a client receives competent professional services based on current developments in practice, legislation and techniques and act diligently and in accordance with applicable technical and professional standards.
(d) Confidentiality - to respect the confidentiality of information acquired as a result of professional and business relationships and, therefore, not disclose any such information to third parties without proper and specific authority, unless there is a legal or professional right or duty to disclose, nor use the information for the personal advantage of the registered auditor or third parties.
(e) Professional Behaviour - to comply with relevant laws and regulations and avoid any action that discredits the auditing profession.

 

Each of these fundamental principles is discussed in more detail in Sections 110-150.

 

Conceptual Framework Approach

 

100.6 The circumstances in which registered auditors operate may create specific threats to compliance with the fundamental principles. It is impossible to define every situation that creates threats to compliance with the fundamental principles and specify the appropriate action. In addition, the nature of engagements and work assignments may differ and, consequently, different threats may be created, requiring the application of different safeguards. Therefore, this Code establishes a conceptual framework that requires a registered auditor to identify, evaluate, and address threats to compliance with the fundamental principles. The conceptual framework approach assists registered auditors in complying with the ethical requirements of this Code and meeting their responsibility to act in the public interest. It accommodates many variations in circumstances that create threats to compliance with the fundamental principles and can deter a registered auditor from concluding that a situation is permitted if it is not specifically prohibited.

 

100.7 When a registered auditor identifies threats to compliance with the fundamental principles and, based on an evaluation of those threats, determines that they are not at an acceptable level, the registered auditor shall determine whether appropriate safeguards are available and can be applied to eliminate the threats or reduce them to an acceptable level. In making that determination, the registered auditor shall exercise professional judgment and take into account whether a reasonable and informed third party, weighing all the specific facts and circumstances available to the registered auditor at the time, would be likely to conclude that the threats would be eliminated or reduced to an acceptable level by the application of the safeguards, such that compliance with the fundamental principles is not compromised.

 

100.8 A registered auditor shall evaluate any threats to compliance with the fundamental principles when the registered auditor knows, or could reasonably be expected to know, of circumstances or relationships that may compromise compliance with the fundamental principles.

 

100.9 A registered auditor shall take qualitative as well as quantitative factors into account when evaluating the significance of a threat. When applying the conceptual framework, a registered auditor may encounter situations in which threats cannot be eliminated or reduced to an acceptable level, either because the threat is too significant or because appropriate safeguards are not available or cannot be applied. In such situations, the registered auditor shall decline or discontinue the specific professional service involved or, when necessary, resign from the engagement.

 

100.10 A registered auditor may inadvertently violate a provision of this Code. Depending on the nature and significance of the matter, such an inadvertent violation may be deemed not to compromise compliance with the fundamental principles provided, once the violation is discovered, the violation is corrected promptly and any necessary safeguards are applied.

 

100.11 When a registered auditor encounters unusual circumstances in which the application of a specific requirement of the Code would result in a disproportionate outcome or an outcome that may not be in the public interest, it is recommended that the registered auditor consult with the Regulatory Board or the individual registered auditor’s professional institute.

 

Threats and Safeguards

 

100.12 Threats may be created by a broad range of relationships and circumstances. When a relationship or circumstance creates a threat, such a threat could compromise, or could be perceived to compromise, a registered auditor’s compliance with the fundamental principles. A circumstance or relationship may create more than one threat, and a threat may affect compliance with more than one fundamental principle. Threats fall into one or more of the following categories:
(a) Self-interest threat - the threat that a financial or other interest will inappropriately influence the registered auditor’s judgment or behaviour;
(b) Self-review threat - the threat that a registered auditor will not appropriately evaluate the results of a previous judgment made or service performed by the registered auditor, or by another individual within the registered auditor’s firm, on which the registered auditor will rely when forming a judgment as part of providing a current service;
(c) Advocacy threat - the threat that a registered auditor will promote a client's position to the point that the registered auditor’s objectivity is compromised;
(d) Familiarity threat - the threat that due to a long or close relationship with a client, a registered auditor will be too sympathetic to their interests or too accepting of their work; and
(e) Intimidation threat - the threat that a registered auditor will be deterred from acting objectively because of actual or perceived pressures, including attempts to exercise undue influence over the registered auditor.

 

Part B of this Code explains how these categories of threats may be created for registered auditors.

 

100.13 Safeguards are actions or other measures that may eliminate threats or reduce them to an acceptable level. They fall into two broad categories:
(a) Safeguards created by the profession, legislation or regulation; and
(b) Safeguards in the work environment.

 

100.14 Safeguards created by the profession, legislation or regulation include:
Educational, training and experience requirements for entry into the profession.
Continuing professional development requirements.
Corporate governance legislation or regulations.
Professional standards.
Professional or regulatory monitoring and disciplinary procedures.
External review by a legally empowered third party of the reports, returns, communications or information produced by a registered auditor.

 

100.15 Part B of this Code discusses safeguards in the work environment for registered auditors.

 

100.16 Certain safeguards may increase the likelihood of identifying or deterring unethical behaviour. Such safeguards, which may be created by the auditing profession, legislation or regulation include:
Effective, well-publicised complaint systems operated by the profession or a regulator, which enable colleagues, employers and members of the public to draw attention to unprofessional or unethical behaviour.
An explicitly stated duty to report breaches of ethical requirements.

 

Ethical Conflict Resolution

 

100.17 A registered auditor may be required to resolve a conflict in complying with the fundamental principles.

 

100.18 When initiating either a formal or informal conflict resolution process, the following factors, either individually or together with other factors, may be relevant to the resolution process:
(a) Relevant facts;
(b) Ethical issues involved;
(c) Fundamental principles related to the matter in question;
(d) Established internal procedures; and
(e) Alternative courses of action.

 

Having considered the relevant factors, a registered auditor shall determine the appropriate course of action, weighing the consequences of each possible course of action. If the matter remains unresolved, the registered auditor may wish to consult with other appropriate persons within the firm for help in obtaining resolution.

 

100.19 Where a matter involves a conflict with, or within, an organisation, a registered auditor shall determine whether to consult with those charged with governance of the organisation, such as the board of directors or the audit committee.

 

100.20 It may be in the best interests of the registered auditor to document the substance of the issue, the details of any discussions held, and the decisions made concerning that issue.

 

100.21 If a significant conflict cannot be resolved, a registered auditor may consider obtaining professional advice from the Regulatory Board, from a relevant professional body or from legal advisors. The registered auditor generally can obtain guidance on ethical issues without breaching the fundamental principle of confidentiality if the matter is discussed with the relevant professional body on an anonymous basis or with a legal advisor under the protection of legal privilege. Instances in which the registered auditor may consider obtaining legal advice vary. For example, a registered auditor may have encountered a fraud, the reporting of which could breach the registered auditor’s responsibility to respect confidentiality. The registered auditor may consider obtaining legal advice in that instance to determine whether there is a requirement to report.

 

100.22 If, after exhausting all relevant possibilities, the ethical conflict remains unresolved, a registered auditor shall, where possible, refuse to remain associated with the matter creating the conflict. The registered auditor shall determine whether, in the circumstances, it is appropriate to withdraw from the engagement team or specific assignment, or to resign altogether from the engagement or the firm.