Do you work in...
PUBLIC PRACTICE
BUSINESS
The new noncompliance with laws and regulations (NOCLAR) interpretations outline your responsibilities while working with a client or within your employing organization. We’ll walk you through all the steps to take when faced with an instance of NOCLAR.
Do you provide financial statement audit or review services?
Yes
No
Are you a senior professional accountant in business?
Able to exert significant influence over (and make decisions regarding) the acquisition, deployment, and control of the employing organization’s human, financial, technological, physical, and intangible resources.
A director, officer, or senior employee able to exert significant influence over, and make decisions regarding, the acquisition, deployment, and control of the employing organization’s human, financial, technological, physical, and intangible resources.
Is this an initial audit engagement?
NO
Responding to Noncompliance With Laws and Regulations
Step 1
Request that the prospective client’s management authorizes the predecessor auditor to respond fully to your firm’s inquiries.
S
T
E
P
1
Before accepting the engagement, you should take the following steps:
The predecessor auditor has a responsibility to respond in a timely manner and clearly state if the response is limited due to unusual circumstances.
• •
Consider the implications of the refusal in deciding whether to accept the engagement.
Step 2
Does management authorize the predecessor auditor to respond?
2
Inquire about the reasons management does not authorize the predecessor auditor to respond.
Ask the predecessor auditor about identified or suspected fraud and matters involving NOCLAR.
3
Evaluate the predecessor auditor’s response.
Step 3
Consider the implications if there is no response or a limited response in determining whether to accept the engagement.
Have you received credible information about an incident of noncompliance or suspected noncompliance?
Whether an act constitutes noncompliance is ultimately a matter to be determined by a court or other appropriate adjudicative body.
Step 4
Obtain an understanding of the matter, including:
The nature of the act
The circumstances in which it occurred or is likely to occur
You are expected to apply your knowledge, professional judgment, and expertise.
4
You are not expected to have a level of knowledge of laws and regulations greater than that required to undertake the engagement.
Rectifying, remediating, or mitigating the consequences of the NOCLAR.
•
The engagement partner should take steps to have the NOCLAR communicated to those performing work at components where the matter may be relevant, unless prohibited by law or regulation.
Step 5
Address the matter.
Advise management and those charged with governance to take appropriate and timely action.
There are additional communication requirements with respect to group audit engagements.
5
Communicate the noncompliance to the group audit engagement partner in accordance with AU-C section 600.
Deterring the commission of the NOCLAR if it has not yet occurred.
Disclosing the matter to an appropriate authority where required by law or regulation or when otherwise considered necessary.
This may include:
Relevant factors to consider may include whether:
This may include obtaining legal or other advice.
Step 6
Determine if it is necessary to withdraw from the engagement.
Evaluate the appropriateness of management’s response and, if applicable, the response of those charged with governance.
Consider consulting internally or externally to better understand your options and the implications of taking any particular course of action.
6
The response is timely.
The NOCLAR has been adequately investigated.
Action has been, or is being, taken to rectify, remediate, or mitigate the consequences of any noncompliance.
Appropriate steps have been, or are being, taken to reduce the risk of recurrence (e.g., additional controls or training).
The NOCLAR has been disclosed to an appropriate authority when appropriate and whether the disclosure appears adequate.
Action has been, or is being, taken to deter the commission of any noncompliance if it has not yet occurred.
Step 7
Document:
The inquiries to the predecessor auditor and the results of those inquiries
The matter
The results of discussion with management and, where applicable, those charged with governance and other parties
How management and those charged with governance have responded to the matter
The judgments you made and the courses of action you took
7
Previous
Next
No action is necessary.
Seek to obtain an understanding of the matter, including:
The circumstances in which it has occurred or is likely to occur
You are expected to apply your knowledge, professional judgment and expertise.
The appropriate level of management with whom to discuss the matter is a question of professional judgment.
You may have additional communication requirements and restrictions, depending on who provides audit or review services to the client. See paragraphs .36–.39 in the interpretation.
Discuss the matter with the appropriate level of management and, if you have access to them and when appropriate, those charged with governance.
Consider communicating the matter to the client's financial statement audit or review services provider.
This discussion may clarify your understanding of the facts and circumstances relevant to the matter and its potential consequences.
Evaluate the appropriateness and timeliness of management’s response and, where applicable, the response of those charged with governance.
You are encouraged to document:
How management and those charged with governance responded to the matter
The nature of the act and the circumstances in which it has occurred or is likely to occur
How relevant laws and regulations apply to the circumstances
The potential consequences to the employing organization, investors, creditors, employees, or the wider public
You are not expected to have a level of knowledge of laws and regulations beyond that required for your role within the employing organization.
If your immediate superior appears to be involved, you should discuss the matter with the next-higher level of authority within your employing organization.
Discuss the matter with your immediate superior, if any, to determine how the matter should be addressed.
Take the appropriate steps to:
Obtain concurrence with those charged with governance about appropriate actions to take to respond to the matter
Comply with applicable laws and regulations
Have the consequences of the noncompliance rectified, remediated, or mitigated
Reduce the risk of reoccurrence
Seek to deter the commission of the noncompliance if it has not yet occurred
Refer to the “Obligation of a Member to His or Her Employer's External Accountant” interpretation (2.130.030) for additional guidance.
Determine if it is necessary to disclose the matter to your employer's external auditor.
Refer to the “Obligation of a Member to His or Her Employer's External Accountant” interpretation (ET sec. 2.130.030) for additional guidance.
Obtain concurrence with those charged with governance (TCWG) about appropriate actions to take to respond to the matter
Determine if it is necessary to disclose the matter to your employer's external auditor
Take further action.
Determine whether further action is necessary in the public interest.
Evaluate the appropriateness of the response of your superiors, if any, and the response of those charged with governance.
Further action may include:
Informing the management of the parent entity of the matter if the employing organization is a member of a group.
Resigning from the employing organization.
Reporting the matter to an appropriate authority unless prohibited by laws or regulations.
They have taken or authorized appropriate action to seek to rectify, remediate or mitigate the consequences of the noncompliance, or to avert the noncompliance if it has not yet occurred.
The matter has been disclosed to an appropriate authority, where applicable, and if so, whether the disclosure appears adequate.
Document
The results of discussions with your superiors, where applicable, and those charged with governance and other parties
How your superiors and those charged with governance have responded to the matter
How you fulfilled any responsibility to take further action in the public interest
The results of discussions with your superiors, where applicable, and those charged with governance and other parties.
Have you become aware of information concerning an instance of noncompliance or suspected noncompliance?
The circumstances in which it has occurred or may occur
If your superior appears to be involved in the matter, you should inform the next higher level of authority within your employing organization.
Inform your immediate superior to enable them to take appropriate action.
Title Lorem ipsum
Disclose the matter to your employing organization's external auditor.
Determine if the disclosure is necessary pursuant to your obligation to provide all information necessary to enable the auditor to perform the audit.
Consider reporting the NOCLAR to an appropriate authority, unless prohibited by laws or regulations.
Whether there is an appropriate authority that can receive the information, investigate the matter, and take action
Whether there is robust and credible protection afforded by legislation or regulation (e.g. whistleblowing legislation)
Whether there are actual or potential threats to the physical safety of you or other individuals
Factors to consider include:
The results of discussions with your superior, management, and, where applicable, those charged with governance and other parties
How your superior has responded to the matter
Additional resources
AICPA Statement on Auditing Standards No. 147
“Responding to Noncompliance With Laws and Regulations”
interpretation for members in public practice
interpretation for members in business
June 23, 2022, Journal of Accountancy article “PEEC and ASB issue new requirements for CPAs regarding NOCLAR”
