Governance and the role of Directors and Audit Committees

Corporate governance is essential to reduce risk within entities and to increase growth and long-term value for the business.

The role of Directors

The duty of a director to act in good faith requires that a director’s primary responsibility is to the organization; this responsibility must ordinarily take precedence over the personal interests of the director or the interests of a third party. It is important that when a director walks into the boardroom, that director is exercising their powers for the benefit of the organization. This means avoiding actual, potential and perceived conflicts of interest.

Where there may be a conflict, directors are obliged to disclose their conflict of interest or duty and take appropriate action to avoid any adverse consequences. Directors should tread cautiously when considering an actual, potential or perceived conflict of interest. An actual or potential conflict does not necessarily disqualify a person from serving on a board, but full disclosure is a legal and ethical imperative.

Focus of the Audit Committee

The following items are important to keep in mind as audit committees consider and carry out their 2019 agendas:

  • Take a fresh look at their agenda and workload.
  • Sharpen the company’s focus on culture, ethics, and compliance.
  • Understand how the finance team will reinvent itself and add greater value in this technology and data-driven environment.
  • Monitor management’s progress on implementing new accounting standards.
  • Reinforce audit quality by setting clear expectations for the auditor.
  • Give non-financial measures, other key operating metrics, and cybersecurity disclosures a prominent place on the audit committee agenda.
  • Focus internal audit on the company’s key risks beyond financial reporting and compliance, e.g. tone at the top, culture, cybersecurity, legal/regulatory compliance, global
    supply chain etc.
  • Board composition – confirm that the talent in the room is aligned with the company’s strategy and future needs.
  • Quality and content of the audit committee reports.
  • Focus on cyber risk and security.

Audit committees can expect their company’s financial reporting, compliance, risk and internal control environment to be put to the test in the year ahead. Among the top challenges and pressures are: long-term economic uncertainty (with concerns about global mounting trade tensions, resurging debt and market valuations), technology advances and business model disruption, cyber risk, regulatory scrutiny and investor demands for transparency; and political swings and policy changes locally and globally.

Governance tips for SMEs

Compliance with the full range of corporate governance regulations applicable to larger companies is not always appropriate for SMEs. Depending on the company’s stage of development, here are a few governance tips for SMEs to consider:

  • Ensure the roles and responsibilities of the Board are clearly defined.
  • Put in place delegated authorities (e.g. authority to commit the company to expenditure, authority to sign contracts) – to whom and within what limits.
  • Ensure regular and properly run board meetings are held where the company strategy is discussed, budgets and finances are monitored, and progress on operations is reported.
  • Evaluate whether the composition of the board is appropriate for the next stage of the company’s development.
  • Implement a risk management process Where necessary, implement internal controls. This is especially important on the financial side (e.g. to monitor cash flow) but is also applicable to other areas of the business such as security of assets and company data.
  • Develop a disaster recovery and business continuity plan.

Implications of the effective dates of the IRBA Code on the auditor’s and assurance reports

As the effective date for Parts 1 and 3 of the IRBA Code differs from that of Parts 4A and 4B, it will have an impact on how the IRBA Code is described in the auditor’s and assurance reports.

Revised IRBA Code

The IRBA communicated the release of the IRBA Code of Professional Conduct for Registered Auditors (revised November 2018) (IRBA Code) which have different effective dates affecting the auditor’s and assurance reports.

The IRBA Code will have the following effective dates:

  • Parts 1 and 3 will be effective as of 15 June 2019
  • Part 4A relating to independence for audit and review engagements will be effective for audits and reviews of financial statements for periods beginning on or after 15 June 2019
  • Part 4B relating to independence for assurance engagements will be effective for periods beginning on or after 15 June 2019 (when covering periods), otherwise effective as of 15 June 2019.

As the effective dates for above is different, careful attention needs to be given to the implementation of the different parts of the IRBA Code and the impact thereof on the ‘BASIS FOR OPINION’ included in the auditor and assurance reports.

There will thus be 3 different types of audit reports that will need to be considered to address the above effectives dates:

  1. Current period – Auditor or assurance reports issued before 15 June 2019 (Extant IRBA Code – As normally reported)
  2. Transitional period – Auditor or assurance reports issued on or after 15 June 2019 in respect of financial periods beginning before or on 14 June 2019
  3. Period going forward – Auditor or assurance reports issued after 15 June 2019 in respect of financial periods beginning on or after 15 June 2019

See illustration below regarding above:

Examples

See below extracts for “Basis for Opinion” that will apply (except for Disclaimer opinion):

(Example based on audit of consolidated set of financial statements of a listed entity)

Current period

We conducted our audit in accordance with International Standards on Auditing (ISAs). Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Consolidated and Separate Financial Statements section of our report. We are independent of the group in accordance with the Independent Regulatory Board for Auditors Code of Professional Conduct for Registered Auditors (IRBA Code) and other independence requirements applicable to performing audits of financial statements in South Africa. We have fulfilled our other ethical responsibilities in accordance with the IRBA Code and in accordance with other ethical requirements applicable to performing audits in South Africa. The IRBA Code is consistent with the International Ethics Standards Board for Accountants Code of Ethics for Professional Accountants (Parts A and B). We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Transitional period

We conducted our audit in accordance with International Standards on Auditing (ISAs). Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the company in accordance with the sections 290 and 291 of the Independent Regulatory Board for Auditors’ Code of Professional Conduct for Registered Auditors (Revised January 2018) (IRBA Code (Revised January 2018)), parts 1 and 3 of the Independent Regulatory Board for Auditors’ Code of Professional Conduct for Registered Auditors (Revised November 2018) (IRBA Code (Revised November 2018)) and other independence requirements applicable to performing audits of financial statements in South Africa. We have fulfilled our other ethical responsibilities in accordance with the IRBA Code (Revised January 2018), the IRBA Code (Revised November 2018) and in accordance with other ethical requirements applicable to performing audits in South Africa. Sections 290 and 291 of the IRBA Code (Revised January 2018) are consistent with sections 290 and 291 of the International Ethics Standards Board for Accountants Code of Ethics for Professional Accountants. Parts 1 and 3 of the IRBA Code (Revised November 2018) are consistent with parts 1 and 3 of the International Ethics Standards Board for Accountants’ International Code of Ethics for Professional Accountants (including International Independence Standards). We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Period Going Forward

We conducted our audit in accordance with International Standards on Auditing (ISAs). Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the company in accordance with the Independent Regulatory Board for Auditors’ Code of Professional Conduct for Registered Auditors (IRBA Code) and other independence requirements applicable to performing audits of financial statements in South Africa. We have fulfilled our other ethical responsibilities in accordance with the IRBA Code and in accordance with other ethical requirements applicable to performing audits in South Africa. The IRBA Code is consistent with the International Ethics Standards Board for Accountants’ International Code of Ethics for Professional Accountants (including International Independence Standards) (Parts 1, 3, 4A and 4B). We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Note: To ensure that the appropriate report is issued, all audit reports issued between June and September 2019 must be submitted to the Technical Department at technical@nexia-sabt.co.za for review before signing the audit report

Disclosure of Directors’ Remuneration in Group Companies

The Companies Act requires full disclosure of the remuneration of directors and prescribed officers (whether executive, non-executive or alternate directors) in the financial statements of companies that require an audit in terms of the Act. This requirement may become quite cumbersome where a Group of Companies consists of multiple companies.

Note: The Act requires that each company that is required to have its annual financial statements audited, must provide the directors disclosure as required by Section 30 of the Companies Act.

In terms of section 30(5), the disclosure must show the amount of any remuneration or benefits paid to or receivable by persons in respect of:

  • services rendered as directors or prescribed officers of the company; or
  • services rendered while being directors or prescribed officers of the company-
    – as directors or prescribed officers of any other company within the same group of companies; or
    – otherwise in connection with the carrying on of the affairs of the company or any other company within the same group of companies.
  1. The act defines a “group of companies” as a holding company and all of its subsidiaries.
  2. If a person serves as director and/or prescribed officer of more than one company in a group of companies, that person’s total remuneration would be disclosed in the annual financial statements of all the companies in the group that are required to disclose remuneration, i.e. all companies where that person is a director/prescribed officer or employee carrying out affairs of company (see below).
  3. If a person is a director of a company in a group of companies and the same person is also an employee of another company in the group, the company where the person is a director will have to disclose in its AFS the person’s remuneration received as director of the company AND the salary earned as an employee of the other company within the same group of companies (i.e. for the carrying on of the affairs of the company)
  4. The Act requires the company to disclose all amounts payable to or received by its directors/prescribed officers in respect of services rendered as directors/prescribed officers of the “company”. Therefore, any amounts paid to directors/prescribed officers in respect of services rendered to a trust or a foreign company within the group would not be disclosed, since trusts and foreign companies are not “companies” as defined by the Act.

Accounting for non-cash consideration in terms of IFRS 15

Consideration for the sale of goods can be received in cash as well in a form other than cash. IFRS 15 provides specific guidance when it comes to determining the transaction price for contracts in  which a customer promises consideration in a form other than cash.

Note: The requirements for accounting for non-cash consideration are prescribed by IFRS 15. The determination of the fair value of the non-cash consideration to be accounted for must be done in accordance with IFRS 13.

If a customer provides goods and/or services to assist an entity in fulfilling its contract, the entity should assess whether it obtains control of such goods or services. In the event that the entity does obtain control of such goods and services, the goods and services will be considered to be non-cash consideration and should be accounted for as such.

This document will provide a brief snapshot regarding the treatment which IFRS 15 prescribes when accounting for non-cash consideration.

  1. What is non-cash consideration?
    Non-cash consideration can typically be defined as consideration which is received or receivable by the customer which is in a form other than cash.Examples of non-cash consideration typically include:
    ➢ Shares
    ➢ Material, equipment and labor
    ➢ Contribution of assets from the customer for the purposes of the contract being met where the entity gains control of these assets.
  2. How should non-cash consideration be measured?
    IFRS 15 prescribes that an entity shall measure the non-cash consideration (or promise of non-cash consideration) at fair value as defined in IFRS 13. Therefore, the fair value of such the non-cash consideration (or promise of non-cash consideration) should be as at the measurement date of the transaction, which would typically be the transaction date. It is therefore extremely important to ensure that your client has accounted for the fair value of any non-cash consideration receivable at the correct date.Note that if an entity cannot reasonably estimate the fair value of the non-cash consideration, the entity shall measure the consideration indirectly by reference to the stand-alone selling
    price of the goods or services promised to the customer (or class of customer) in exchange for the consideration.
  3. How should subsequent changes in fair value of the non-cash consideration receivable be accounted for?
    If the fair value of the non-cash consideration promised by a customer varies for reasons other than only the form of the consideration (for example, the fair value could vary because of
    the entity performance), an entity shall apply the requirements in paragraphs 56 – 58 of IFRS 15.

Remember to take note of the following important points when accounting for non-cash consideration:

  • The general rule to follow is that if the consideration in the contract is received or is to be received in a form other than cash, the entity will measure such non-cash consideration at
    fair value, as defined in IFRS 13.
  • The requirements of IFRS 13 with regards to the measurement therefore need to be applied when accounting for non-cash consideration.
  • It is also crucial to note that, in accordance with IFRS 13, fair value is market-based measure of an exit price that is receivable and NOT an entity-specific value.
  • Therefore, an entity’s intention with regards to any non-cash consideration received (for example, an asset) is not relevant for the purposes of determining its fair value.

Tips on how to successfully manage the transition to the new Lease Accounting Standard

Note: The requirements for lessors remain basically unchanged since IFRS 16 substantially carries forward the requirements of IAS 17 based on the distinction between operating leases and finance leases.

To become – and remain – compliant, companies need to address five key challenges in the life cycle of a lease as far as lessees are concerned:

  1. Engage with your auditors and advisors
    a. IFRS 16 requires a significant amount of judgement and estimations.
    b. Engaging with your auditors and IFRS advisors ensures you begin with the end in mind, and will make good choices that will withstand the test of time, and help you sleep better at night.
  2. Determine if the contract contains a lease?
    a. Is there an identified asset?
    b. Does the person renting the asset obtain substantially all of the economic benefits?
    c. Does the person renting the asset have the right to direct the asset’s use?
    d. Does the person renting the asset have the right to operate the asset?
  3. Determining the lease term
    a. Non-cancellable period of the lease PLUS
    b. Period covered by an option to extend (if option is likely to be exercised) PLUS
    c. Period covered by an option to terminate (if option not exercised) contract (non-lease component).
  4. How to determine the appropriate discount rate.
    a. If there is an interest rate implicit in the lease then you should use this to discount the minimum lease payments.
    b. However, if this cannot be readily determined, you should use your company’s incremental borrowing rate (which is the rate of interest that you would have to pay to borrow a similar amount of money to fund a similar asset for a similar length of time with similar securities.)
  5. Presentation and disclosure requirements.
    a. As IFRS 16 requires much of the information that was previously disclosed in the notes to financial statements to appear on the balance sheet, investors may expect that lease liabilities on the balance sheet under IFRS 16 will reflect the discounted amount of lease commitments disclosed in the notes section under the previous Standard.
    b. Making sure that the disclosures are as complete as possible in the period between now and the application of the new Standard, will help avoid unnecessary complications.

Remember to make use of the practical expedients during the transition:

  • Application of a single discount rate to a portfolio of leases with reasonably similar characteristics.
  • Use of the exemption to apply lease accounting to leases for which the lease term ends within 12 months of the date of initial application.
  • Use of the exemption to apply lease accounting to leases of low-value items.
  • Exclusion of the initial direct costs from the measurement of the right-of-use asset at the date of initial application.
  • Using the “grandfather” approach on the previous assessment of contracts – this means the definition of a lease in terms of IFRS 16 is only applied for contracts entered into after the date of initial application.

The ‘date of initial application’ is the beginning of the annual reporting period in which a company first applies the standard. If a company prepares financial statements for annual periods ending on 31 December, presents one year of comparative financial information and adopts IFRS 16 in 2019, then its date of initial application is 1 January 2019.

New standards and interpretations effective 1 January 2019 – Are you ready?

 

There has been a number of new standards and amendments issued by the IASB that will become effective from 1 January 2019.

Standard or Interpretation and Details

NEW STANDARD: IFRS 16: Leases

IFRS 16 ‘Leases’ was issued by the IASB on 13 January 2016 and is effective for periods beginning on or after 1 January 2019, with earlier adoption permitted if IFRS 15 ‘Revenue from Contracts with Customers’ has also been applied.

IFRS 16 will primarily affect the accounting by lessees and will result in the recognition of almost all leases on the balance sheet. The standard removes the current distinction between operating and financing leases and requires recognition of an asset (the right to use the leased item) and a financial liability to pay rentals for almost all lease contracts. The accounting by lessors, however, will not significantly change.

The changes under IFRS 16 are significant and will have a pervasive impact, particularly for lessees with operating leases.

AMENDMENT: IFRS 9: Financial Instruments (Prepayment features)

On 12 October 2017, the IASB published Prepayment Features with Negative Compensation (Amendments to IFRS 9) to address the concerns about how IFRS 9 Financial Instruments classifies particular prepayable financial assets. In addition, the IASB clarified an aspect of the accounting for financial liabilities following a modification.

These amendments are: 

  1. Changes regarding symmetric prepayment options: Prepayment Features with Negative Compensation amends the existing requirements in IFRS 9 regarding termination rights in order to allow measurement at amortised cost (or, depending on the business model, at fair value through other comprehensive income) even in the case of negative compensation payments. Under the amendments, the sign of the prepayment amount is not relevant, i. e. depending on the interest rate prevailing at the time of termination, a payment may also be made in favour of the contracting party effecting the early repayment. The calculation of this compensation payment must be the same for both the case of an early repayment penalty and the case of a early repayment gain.
  2. Clarification regarding the modification of financial liabilities: It clarifies that an entity recognises any adjustment to the amortised cost of the financial liability arising from a modification or exchange in profit or loss at the date of the modification or exchange. A retrospective change of the accounting treatment may therefore become necessary if in the past the effective interest rate was adjusted and not the amortised cost amount.

 The amendments are to be applied retrospectively for financial years beginning on or after 1 January 2019.

AMENDMENT: IAS 28: Investments in Associates and Joint Ventures (Long term Interests)

The amendments in Long-term Interests in Associates and Joint Ventures (Amendments to IAS 28) are:

  • Paragraph 14A has been added to clarify that an entity applies IFRS 9 including its impairment requirements, to long-term interests in an associate or joint venture that form part of the net investment in the associate or joint venture but to which the equity method is not applied.
  • Paragraph 41 has been deleted because the Board felt that it merely reiterated requirements in IFRS 9 and had created confusion about the accounting for long-term interests.

The amendments are to be applied retrospectively for financial years beginning on or after 1 January 2019.

AMENDMENT: IAS 19: Employee benefits (Plan Amendment, Curtailment or Settlement)

On 7 February 2018, the IASB published Plan Amendment, Curtailment or Settlement (Amendments to IAS 19) to harmonise accounting practices and to provide more relevant information for decision-making. An entity applies the amendments to plan amendments, curtailments or settlements occurring on or after the beginning of the first annual reporting period that begins on or after 1 January 2019.

The amendments in Plan Amendment, Curtailment or Settlement (Amendments to IAS 19) are:

  • If a plan amendment, curtailment or settlement occurs, it is now mandatory that the current service cost and the net interest for the period after the remeasurement are determined using the assumptions used for the remeasurement.
  • In addition, amendments have been included to clarify the effect of a plan amendment, curtailment or settlement on the requirements regarding the asset ceiling.

NEW INTERPRETATION: IFRIC 23: Uncertainty over Income Tax Treatments

The interpretation is to be applied to the determination of taxable profit (tax loss), tax bases, unused tax losses, unused tax credits and tax rates, when there is uncertainty over income tax treatments under IAS 12.

IFRIC 23 is effective for annual reporting periods beginning on or after 1 January 2019. Earlier application is permitted.

Annual Improvements to IFRS Standards 2015-2017 Cycle

The IASB has issued ‘Annual Improvements to IFRS Standards 2015–2017 Cycle’. The pronouncement contains amendments to four International Financial Reporting Standards (IFRSs) as result of the IASB’s annual improvements project. These amendments are effective for annual periods beginning on or after 1 January 2019.

The amendments made during the 2015–2017 cycle are as follows:

Amended Standard The amendments clarify that:

IFRS 3 Business Combinations

A company remeasures its previously held interest in a joint operation when it obtains control of the business.

IFRS 11 Joint Arrangements

A company does not remeasure its previously held interest in a joint operation when it obtains joint control of the business.

IAS 12 Income Taxes

A company accounts for all income tax consequences of dividend payments in the same way.

IAS 23 Borrowing Costs

A company treats as part of general borrowings any borrowing originally made to develop an asset when the asset is ready for its intended use or sale.

Companies Amendment Bill 2018 – Proposed changes

On Friday, 21 September 2018 the Department of Trade and Industry published the draft Companies Amendment Bill 2018 for comment and comments closed on 20 November 2018. The following is a summary of the more significant changes proposed by the Bill.

Proposed Amendment and Details

Memorandum of Incorporation (section 16)
The Bill proposes that amendments will take effect 10 business days after receipt of the notice of amendment, if the Companies Commission, after the expiry of the 10 business days, has not endorsed the notice of amendment sooner or has failed to reject the amendment with reasons. The notice of rejection also needs to be supplemented with reasons.

Disclosure of Remuneration and Benefits (section 30)
The requirement to disclose the remuneration and benefits received by a director would apply to prescribed officers, and it would be a requirement that each individual is named

A ‘prescribed officer’ is typically an executive who is in a position to influence the management of the company or one of its significant divisions.

Remuneration Report (section 30A)
In line with King IV, public companies would be required to prepare a remuneration report with details of the remuneration and benefits awarded to individual directors, for approval by the Board and presentation at the AGM.

Annual Returns (section 33) (i) A company would have to submit a copy of its Annual Financial Statements (“AFS”) where it is required to have its AFS audited; and (ii) A company would be required to file a copy of its securities register with the CIPC each year along with its Annual Return.

Share capital structure – Court Order (section 38A)
Currently the Companies Act does not allow for a company to fix its share capital structure where it contains errors.

The proposed new amendments is to include the power of the court, upon application by an interested person or by the company, to order that shares that were created, allotted or issued invalidly or in an unauthorised manner, to be validly created, allotted or issued if it is “just and equitable” to do so.

Financial Assistance (section 45)
Presently, any financial assistance granted by a company to its subsidiary must be authorised by the board and the shareholders by way of a special resolution.

The Bill proposes to limit the net of financial assistance transactions that fall within section 45 by excluding “the giving by a company of financial assistance to, or for the benefit of, its own subsidiary.”

The restrictions on financial assistance would therefore not apply to the giving by a company of financial assistance to or for the benefit of its subsidiary.

Share Buy Backs (section 48) A Board decision for a company to acquire its own shares would require approval by a shareholder special resolution:
(i) where the shares are to be acquired by a director, prescribed officer or person related to either a director or a prescribed officer;
(ii) but not where the acquisition is by way of:
– a pro rata offer to all shareholders; or – a transaction in the ordinary course on a recognised stock exchange.

Social and Ethics Committee (sections 61 & 62)
In addition to the requirements in the current Regulations, all public and state-owned companies would be required to appoint a Social and Ethics Committee at each annual general meeting, which must meet specified composition criteria. The Social and Ethics Committee would be required to prepare a formal report which must be externally assured, for presentation to the shareholders at a shareholders meeting.

It also allows companies to apply to the Companies Tribunal for an exemption from these requirements if the company has another mechanism within its structures to perform the functions of the committee or if it is not necessary in the public interest to require the company to have a committee, having regard to the nature and extent of the activities of the company.

Auditor Requirements (section 90)
(i) A company which is required to have its Annual Financial Statements audited, would have to appoint an auditor annually, at a shareholders meeting (not necessarily the AGM); and
(ii) The disqualification period for auditors would be reduced from five years to two years.

Limitation of the takeover provisions to private companies (section 118)
The current section 118(1)(c)(i) of the Companies Act mainly regards private companies as regulated companies if more than 10% of its issued securities had been transferred, other than between related or inter-related persons, within a 24-month period prior to the date of the affected transaction.

The amendment proposes to only regard private companies as regulated companies if the private company is required by the Companies Act or the regulations to have its annual financial statements audited every year.

Business rescue and the treatment of landlords (sections 135 & 145)
The Bill provides that any amounts due by a company under business rescue to a landlord for rent or services will be regarded as ‘post commencement financing’ and the landlord will have a voting interest in the business rescue proceedings to the extent of its claim. Post commencement finance, whether secured or unsecured, enjoys preference over unsecured creditors.

Disputes concerning company names (section 160)
In terms of the Companies Act, the Companies Tribunal may deal with disputes regarding company names.

It is proposed that where a company has been ordered to change its name, and it fails to do so, the Companies Commission may substitute its registration number as the name of the company in question.

Black economic empowerment (section 195)
The Bill seeks to give the Companies Tribunal the power to adjudicate cases referred to it by the B-BBEE Commission.

IFRS 9: Financial Instruments – Restatement of Comparative Periods

The International Accounting Standards Board (IASB) have introduced a new accounting standard IFRS 9: Financial Instruments to replace IAS 39: Financial Instruments Recognition and Measurement. The standard is effective for annual periods beginning on or after 1 January 2018. The following are the principles behind the restatement of financial statements after adopting IFRS 9.

IFRS 9 does not require restatement of comparative period financial statements except in limited circumstances related to hedge accounting; however, entities may choose to restate.

The following decision tree outlines the IFRS 9 requirements related to restatement and required disclosures on transition:

  • If an entity elects not to restate comparative periods, then it is important to remember that the quantification of adjustments is still necessary in order to determine the transition adjustment in opening retained earnings or other components of equity, as appropriate.
  • If comparative periods are not restated, the difference between the previous carrying amounts and the new carrying amounts at the Date of Initial Adoption is recorded in opening retained earnings or other components of equity, as appropriate, of the annual period that includes the Date of Initial Adoption (DIA).
  • If an entity restates comparative periods, then it will also need to apply, IAS 1, Presentation of Financial Statements. IAS 1 requires a third balance sheet to be presented when an accounting policy is applied retrospectively and there is a material effect as a result of the change. As an example, if an entity restated comparative periods and the DIA is November 1, 2017, the following balance sheets may be required:
    – October 31, 2018
    – October 31, 2017
    – November 1, 2016
  • The needs and expectations of shareholders and other financial statement users should be considered in arriving at the decision. Without restatement, users may find it difficult to analyze the entity’s financial statements results; however, given that not all of the standard’s principles
    are applied retrospectively and IAS 39 continues to be applied for financial assets derecognized prior to DIA, results will not be comparable even if restated.
  • An entity could consider providing pro forma comparative results to enhance comparability. If an entity decides to restate comparative periods, the use of hindsight is prohibited. Regardless of whether an entity chooses to restate prior periods, there are transitional financial statement disclosures that are required; however, these do differ depending on the approach taken.

External Auditor’s Responsibility to consider Cybersecurity

Scope of auditor’s responsibility

The auditor is required to:

  • Understand how the business uses IT and the impact of IT on the financial statements,
  • Understand the extent of the company’s automated controls as they relate to financial reporting (including IT general controls that are important to the effective operation of automated controls and the reliability of company-produced data and reports used in the audit), and
  • Use his or her understanding of the business’s IT systems and controls in assessing the risks of material misstatement of financial statements, including IT risks resulting from unauthorized access.

The immediate conclusion may be that cybersecurity risk is not an area that requires special audit attention, but auditors would consider, as part of the risk assessment process, an entity’s business risks in the audit of financial statements. Cyber incidents can result in financial consequences and therefore, have an effect on the financial statements.

Cybersecurity risk should therefore be considered in every financial statement audit. Auditors should consider and assess the impact of such risk to the financial statements and, where necessary, the extent of the audit response required to address the risk.

It is important to note that the auditor’s role is limited to the audit of the financial statements and does not encompass an evaluation of cybersecurity risks of the company’s entire IT platform but only focusses on systems and controls affecting information used in the compilation of these financial statements.

Risk consideration and assessment

Risk assessment is part of the financial statements audit process and is a key fundamental process which must be performed during the planning phase of every audit. The auditor is required to identify and assess the risks of material misstatement in the financial statements, through understanding the entity and its environment, including the entity’s internal control. With an in-depth understanding of the entity’s business and environment (this includes an entity’s IT
and cyber environment), it enables the auditor to identify the risks, and to design and implement appropriate audit responses to address those identified risks. The auditor should obtain an understanding of the IT general controls, evaluate their design and determine whether the controls that are relevant to the audit have been implemented.

The auditor should determine whether any of the risks identified (which could include cybersecurity risks) are, in the auditor’s judgement, significant risks that require special audit consideration. If information about a material breach is identified, the auditor would need to consider the impact on financial reporting, including disclosures, and any reporting obligation.

Re-Assessing Cybersecurity Risk Every Year

Changes in the risk environment and the ways in which businesses operate mean that business risks do not remain constant. In one year, cybersecurity risk may not have been identified as a key business risk that may result in risks of material misstatement, but this does not mean that the same will apply for the next year. Significant and rapid changes in information systems, incorporation of new technologies into production processes, or expansion of operations can bring about new cybersecurity risk.

Audit responses to risks identified

Where cybersecurity risks may result in risks of material misstatement at the financial statement level, the auditor should take appropriate steps to address these risks. This may include assigning more experienced staff or those with special skills such as IT specialists to the engagement, incorporating additional elements of unpredictability in the selection of further audit procedures to be performed and modifying the nature of audit procedures to obtain more persuasive and corroborative audit evidence.

The auditor would have to determine whether continued reliance can be placed on the IT dependencies/automated controls; consider the need to revise the initial risk assessment, and the impact to the nature, timing and extent of other planned audit procedures. The auditor would have to respond to the ineffective IT control environment by obtaining more extensive audit evidence from substantive procedures.

Audit responses to cyber attacks

Companies that fall victim to successful cyber-attacks may incur substantial costs and suffer significant damage. The auditor should:

  • Understand the nature and cause of the incident, carefully consider the costs and any adverse consequences arising from the cyber incident, and evaluate the impact it may have on the financial statements.
  • Assess the impact of the attack on the entity’s future revenue, potential litigation expenses, cybersecurity protection costs, etc and future cash flows, which may affect impairment assessments.
  • Examine whether the breach may indicate going concern issues for the entity.
  • Evaluate whether appropriate disclosures are included in the financial statements.
  • Consider any other requirements to notify the appropriate authorities in case management has not made appropriate disclosures or considered the auditor’s recommendations.

Use of eXtensible Business Reporting Language (XBRL) when submitting Annual Financial Statements online

What is XBRL?

XBRL (Extensible Business Reporting Language) is an Extensible Markup Language (XML)-based computer language for the electronic transmission of business and financial data. The goal of XBRL is to standardize the automation of business intelligence. XML is used to describe data.

The XML standard is a flexible way to create information formats and electronically share structured data via the public Internet, as well as via corporate networks.

What is required?

As from 1 July 2018, all qualifying entities will be required to submit their latest available approved / audited statements on the first date of submission applicable to them. The first date for XBRL submission for every entity is determined by the anniversary date of their date of incorporation.

The calculation of the first date of submission of a particular entity is different for close corporations and companies.

First date of submission of Annual Financial Statements via XBRL

As per current compliance process in the Act, entities submit their Annual Returns 30 business days after the annual anniversary of their Date of Incorporation, when submission of AFSs applies to them, except when an entity is a Close Corporation. CC’s have 60 business days to submit their

AFSs from the first day of the month of the anniversary of their date of incorporation.

Entities need to submit their latest final approved audited or independently reviewed AFS together with their Annual Returns, on the same day as their Annual Returns. The first date of submissions via XBRL, will be the first date of submission that falls on or after 1 July 2018, irrespective of the year of their latest final approved audited or independently reviewed AFS.

Which Entities will be using XBRL for submission of AFSs?

In terms of Section 33 of the Companies Act 71 of 2008, and regulations 28, 29 and 30 of the Companies Regulations of 2011, the following entities as they submit Annual Returns they need to also submit their AFS’s through XBRL as from 1 July 2018

▪ All public companies
▪ Private companies (qualifying and currently submitting using PDF)
▪ State owned companies
▪ Non-profit entities
▪ Close Corporations (qualifying and currently submitting using PDF)

How to determine whether the entity needs to comply with the XBRL determination of the CIPC?

If any of the following criteria applies to the entity, the entity needs to comply:

  • If the Memorandum of Incorporation (MOI) that prescribes filing of audited financial statements
  • If the entity is a private or personal liability company if, in the ordinary course of its primary activities, it holds assets in a fiduciary capacity for persons who are not related to the company, and the aggregate value of such assets held at any time during the financial year exceeds R5 million
  • If the entity is a private or personal liability company that compiles its AFSs internally (for example, by its financial director or one of the owners) and that has a Public Interest Score (PIS) of 100 or more
  • If the entity is a private or personal liability company that has its AFSs compiled by an independent party (such as an external accountant) and that has a PIS of 350 or more
  • Unless the entity has opted to have its AFS audited or voluntarily included audit as part of its MOI, a private or personal liability company that is not managed by its owners may be subject to independent review if:

– It compiles its AFSs internally and its PIS is less than 100
– It has its AFSs compiled independently and its PIS is between 100 and 349

Usage of XBRL for filing of AFSs is mandatory for entities who must submit audited AFS.The usage of XBRL is also available for entities who chooses to file Independently Reviewed AFSs, but it is not mandatory. They can still file a Financial Accountability Supplement (FAS) as prescribed in Regulation 30 (4) Where a company is required to be audited the financial statements must include the audit report which means that the audit must also be finalized within 6 months after year-end.

Will XBRL files be required to be audited?

Qualifying entities will still be required to maintain audit or independent review requirements as currently prescribed by the Companies Act, but only the XBRL format of AFSs will be uploaded via the CIPCs portal. Entities are however required by the Act to keep audit and independent review reports for a period of seven years, and the CIPC can at any point request access to these reports.