Non-compliance with Laws and Regulations (NOCLAR)

This document presents a suggested structure to addressing NOCLAR.

NOCLAR is a common theme in SAICA exams, due to its highly relevant and important function
in the Code of Professional Conduct (CPC) in guiding how a CA(SA) should respond to
observed illegal behaviour. It is therefore very important to become familiar with how to apply
the NOCLAR sections of the CPC.

Required reading/reference:

• Code of Professional Conduct, Part 2, Section 260 Responding to Non-compliance with

Laws and Regulations (Professional Accountant in Business)
• Code of Professional Conduct, Part 3, Section 360 Responding to Non-compliance with
Laws and Regulations (Professional Accountant in Public Practice)

Therefore, there are two possible scenarios that could be presented i.e. (1) a CA(SA) in business
(not public practice) is witness to NOCLAR; and (2) a CA(SA) in public practice (usually the
auditor) is witness to NOCLAR.

Here is a proposed structure for addressing these two scenarios of NOCLAR application:

Scenario 1: A CA(SA) in the organisation (or in business) is made

aware of a situation of NOCLAR.
Typical required:

Suggested solution structure:

Generic:
• This situation presents a need for a CA(SA) to respond TO NON-COMPLIANCE
WITH LAWS AND REGULATIONS, in terms of Section 260 and 360 of the SAICA
Code of Professional Conduct.
• A self-interest or intimidation threat to compliance with the principles of integrity and
professional behavior is created when a professional accountant becomes aware of non-
compliance with laws and regulations.
• The employing organization’s management, with the oversight of those charged with
governance (board of directors), is responsible for ensuring that the employing
organization’s business activities are conducted in accordance with laws and
regulations.
• If protocols and procedures exist within the professional accountant’s employing
organization to address non-compliance or suspected non- compliance, the accountant
shall consider them in determining how to respond.
 • A professional accountant who encounters or is made aware of matters that are clearly
inconsequential is not required to comply with this section. (its nature and its impact,
financial or otherwise, on the employing organization, its stakeholders and the general
public) – APPLY to scenario. Is it ‘inconsequential?)
• Mrs X is a CA(SA) and must further investigate the matter to gain a full
understanding of and circumstances surrounding the matter, including:
o The nature of the act and circumstances in which it has occurred;
o The application of relevant laws and regulations to the circumstances;
and
o The potential consequences to the entity, investors, creditors,
employees and wider public.
Apply:
• Is the person a CA(SA)?
• Describe the NOCLAR using facts/factors from the scenario.
o Who did it?
o Why is it illegal?
o Why is it unethical?
• Therefore, Section 260 applies
• Evaluate the significance of the NOCLAR.
o Is it significant?
o Who could get hurt and how?
• Obtain further evidence by doing X, X, Z (‘audit the matter’ so that you have all the
information you need to report it)

All facts of the case should be utilised for the above.

Reporting:
• Discuss the issue with X (immediate reporting line manager – CFO – if not involved in
NOCLAR)
• Discuss the issue with the Board.
• Urge the directors to take steps to have the NOCLAR rectified, remedied and mitigated.
• Assess the appropriateness of the response of the superiors and those charged with
governance (timeliness of response, remediation actions, disclosure to authorities).
• If the necessary steps are not taken, further action may be needed.
• Consider informing the company’s auditors of the matter.
• Also consider resigning if appropriate remedy not taken.
• Document the following: The nature of the NOCLAR; the process followed;
discussions held with management/board; their responses; further actions taken.
Scenario 2: The auditor is made aware of NOCLAR at the client.
Typical required:
• Concerning XXX in working paper X, discuss, with reasons, the appropriate audit
response. OR
• As the auditor, provide your considerations and further actions, appropriate to respond
to the XXX issue in working paper X.

Note: the below is a good structure for complying with the requirements of the CPC
(NOCLAR), the Auditing Profession Act and ISA 250 (Consideration of Laws and. Regulations
in an Audit of Financial Statements)

Suggested solution structure:

PART 1:
Consider the requirements of Non-compliance with laws and regulations (NOCLAR) in terms
of section 360 of the Code of Professional Conduct, as well as ISA 250.
• The auditor has an ethical obligation to comply with the fundamental principles and
apply the conceptual framework set out in Section 120 to identify, evaluate and address
threats.
• A self-interest or intimidation threat to compliance with the principles of integrity and
professional behaviour is created when a professional accountant becomes aware of
non-compliance or suspected non- compliance with laws and regulations.
• The principle of confidentiality does not preclude the obligation to report non-
compliance with law if legally bound to do so.

PART 2:
Issue described:
• Why is this illegal and unethical behaviour by management?
• Was it a bribe/theft/money laundering/kickback/tender irregularity/illegal in some
sense?
• Use appropriate legislation, if possible, to describe the issue.
• Link to director’s conduct per Section 76, Companies Act, 2008.
PART 3:
Risk considerations
• Describe how the issue presents a risk or misstatement in the financial statements.

PART 4:
Risk response
• What audit procedures need to be performed to better understand and document the
perceived NOCLAR?
• The auditor needs more evidence before taking further action – this requires audit work.

PART 5:
Reportable irregularity considerations:

Apply the RI definition from the AP Act -

Was this irregularity perpetrated by management?
Is the matter an unlawful act?
Has it caused material loss to the company or stakeholders?
Is this theft or fraud?
Does this represent a material breach of any fiduciary duty?

If this matter is considered a reportable irregularity, then the process of reporting the matter to
the IRBA in terms of section 45 of the Auditing Profession Act should be followed:
Written notice/report of the matter to the IRBA.
Within three days of sending the report to the IRBA, the Board must be notified of the matter
in writing (together with a copy of the report to the IRBA provided)
The auditor must, within no later than 30 days, ... etc.

PART 6:
If the matter is considered a reportable irregularity and fraud perpetrated by management, then,
in terms of ISA 240 and ISA 250:
• Increase the unpredictability of procedures.
• Place less reliance on management representations.
• Increase the assessed risk of management control override and manipulation of the
financial statements (profit and financial position in particular). May no be appropriate
to rely on controls at the client due to poor control environment.
• Consider performing additional audit testing as a result (especially over accounts with
an identified fraud risk).
• Consider specifically testing (scrutinising) manual journal entries.