Auditing Profession Act, 2005 (Act No. 26 of 2005)Board NoticesIndependent Regulatory Board for AuditorsNew Rules Regarding Improper Conduct and Code of Professional Conduct for Registered AuditorsCode of Professional Conduct for Registered AuditorsPart A : General Application of the CodeSection 140 : Confidentiality |
140.1 | The principle of confidentiality imposes an obligation on all registered auditors to refrain from: |
(a) | Disclosing outside the firm confidential information acquired as a result of professional and business relationships without proper and specific authority or unless there is a legal or professional right or duty to disclose; and |
(b) | Using confidential information acquired as a result of professional and business relationships to their personal advantage or the advantage of third parties. |
140.2 | A registered auditor shall maintain confidentiality, including in a social environment, being alert to the possibility of inadvertent disclosure, particularly to a close business associate or a close or immediate family member. |
140.3 | A registered auditor shall maintain confidentiality of information disclosed by a prospective client. |
140.4 | A registered auditor shall maintain confidentiality of information within the firm. |
140.5 | A registered auditor shall take reasonable steps to ensure that staff under the registered auditor’s control and persons from whom advice and assistance is obtained respect the registered auditor’s duty of confidentiality. |
140.6 | The need to comply with the principle of confidentiality continues even after the end of relationships between a registered auditor and a client. When a registered auditor acquires a new client, the registered auditor is entitled to use prior experience. The registered auditor shall not, however, use or disclose any confidential information either acquired or received as a result of a professional or business relationship. |
140.7 | The following are circumstances where registered auditors are or may be required to disclose confidential information or when such disclosure may be appropriate: |
(a) | Disclosure is permitted by law and is authorised by the client; |
(b) | Disclosure is required by law, for example: |
(i) | Production of documents or other provision of evidence in the course of legal proceedings; or |
(ii) | Disclosure to the appropriate public authorities of infringements of the law that come to light, including disclosures of reportable irregularities reported to the Regulatory Board as required by section 45 of the Act; and |
(c) | There is a professional duty or right to disclose, when not prohibited by law: |
(i) | To comply with the quality review of the Regulatory Board or a professional body; |
(ii) | To respond to an inquiry or investigation by the Regulatory Board or other regulatory body; |
(iii) | To protect the professional interests of a registered auditor in legal proceedings; |
(iv) | To comply with technical standards and the requirements of this Code. |
140.8 | In deciding whether to disclose confidential information, relevant factors to consider include: |
(a) | Whether the interests of all parties, including third parties whose interests may be affected, could be harmed if the client consents to the disclosure of information by the registered auditor; |
(b) | Whether all the relevant information is known and substantiated, to the extent it is practicable. When the situation involves unsubstantiated facts, incomplete information or unsubstantiated conclusions, professional judgment shall be used in determining the type of disclosure to be made, if any; |
(c) | The type of communication that is expected and to whom it is addressed; and |
(d) | Whether the parties to whom the communication is addressed are appropriate recipients. |