Audit Regulations 2020

Download as pdf or txt
Download as pdf or txt
You are on page 1of 29

Financial Reporting Council of

Nigeria

AUDIT REGULATIONS, 2020

1
FINANCIAL REPORTING COUNCIL ACT, 2011

AUDIT REGULATIONS, 2020

ARRANGEMENT OF THE REGULATIONS

PART I – OBJECTIVES AND APPLICATION


1. Objectives
2. Scope of Application

PART II – REGISTRATION REQUIREMENTS


3. Registration
4. Requirements for Registration
5. Deregistration

PART III – AUDIT EXECUTION


6. Auditing Standards
7. Prohibited Non-Audit Services
8. Responsibilities of Auditors
9. Mandatory Audit Firm Rotation for Auditors of PIEs
10. Organisation of Audit Work
11. Audit Reporting
12. Statutory Audits of Consolidated Financial Statements
13. Document Retention

PART IV – ENFORCEMENT AND COMPLIANCE


14. Monitoring of Auditors
15. Enforcement of Regulations
16. Procedure for Regulatory Sanction and Appeal
17. Administrative Sanctions
18. Publication of Sanctions and Measures
19. Enforcement of Sanctions
20. Recovery of Financial Penalties

PART V – QUALITY ASSURANCE


21. Quality Assurance
22. Internal Organisation of Auditors
23. Quality Assurance Systems for Auditors.
24. Delegation Arrangements for Supervisory Tasks

PART VI – AUDIT COMMITTEE AND INTERNAL AUDIT FUNCTION


25. Audit Committee
26. Qualification of Audit Committee Members
27. Appointment and Composition of Audit Committee
28. Duties and Responsibilities of Audit Committee

2
29. Sanctions for Audit Committee Members
30. Internal Audit Function

PART VII – MISCELLANEOUS PROVISIONS


31. Power to Make Guidelines
32. Transitional Provisions and Support Structure
33. Transitional Arrangements for Mandatory Audit Firm Rotation for PIEs
34. Interpretation
35. Citation

SCHEDULES
First Schedule: Review and Outcome on Regulation 14(2)

i. Practice Level Review


ii. Outcome of Review/Investigation for Partner Review

3
FINANCIAL REPORTING COUNCIL OF NIGERIA ACT, 2011

AUDIT REGULATIONS, 2020

Commencement [ ]
In exercise of the powers conferred on me by Sections 26(a-h) and 73 of the Financial Reporting
Council of Nigeria Act No. 6 , 2011 (The “Act”), and all other powers enabling me in that behalf
and with the advice of the Council, I, Otunba Richard Adeniyi Adebayo, CON the Honourable
Minister for Industry, Trade and Investment make the following Regulations:

PART I – OBJECTIVES AND APPLICATION


1. Objectives
The objectives of these Regulations are to-
a. provide a regulatory framework for auditors in Nigeria and to give effect to the provisions
of the Act;
b. ensure that all activities of Auditors, Audit Committee Members and other Assurance
Service Providers are regulated with a view to sustaining best ethical practices capable of
promoting quality audit services;
c. regulate and ensure that all Auditors, Audit Committees and Other Assurance Service
Providers carry out their duties in a manner to earn the trust of users of financial statements
and promote the image of the profession and the country;
d. guide Relevant Professional Bodies (RPBs) in undertaking their responsibilities under
these Regulations; and
e. prescribe penalties for non-compliance with these Regulations.

2. Scope of Application
(1). These Regulations shall-
(a). apply to all Auditors, Audit Committee Members and Other Assurance Service
Providers; and
(b). be read in conjunction with all applicable Laws, Regulations, Codes, Rules, Standards,
Guideline for Inspection and Monitoring Procedure for Auditors, Audit Committee
Members and Other Assurance Providers, Instrument of Delegation with RPBs and
requirements in relation to Audit in Nigeria.

(2). These Regulations shall not apply to the offices of the Auditors-General except appointed
external auditors of public sector entities.

4
PART ll – REGISTRATION REQUIREMENTS
3. Registration
(1). From the commencement of these Regulations, every Auditor, Audit firm, Audit
Committee Members and Other Assurance Services Provider, shall register with the
Council.
(2). The Council shall maintain a public register with the following information-
(a) name, address and FRC registration number of individual Auditors including email
and web address where applicable;
(b) name, address and FRC registration number of Audit firm including web address
where applicable;
(c) name, address and FRC registration number of Audit Committee Members
including web address where applicable; and
(d) name, address and FRC registration number of Other Assurance Service Providers
including web address where applicable.

4. Requirements for Registration


(1). For the purpose of these Regulations, any individual, group, firm or institution that wishes
to carry out any audit and other assurance services in Nigeria shall comply with the
requirements and guidelines as approved by the Council.

(2). An individual applicant shall provide the following-


(a) name;
(b) address;
(c) a valid membership certificate issued by a RPB; and
(d) any other relevant information that may be required from time to time by the
Council.

(3). An Audit firm shall provide the following-


(a) name and address of the Audit firms;
(b) certificate of registration with Corporate Affairs Commission (CAC);
(c) a valid practice license issued by a RPB;
(d) address of its branch offices, if any;
(e) name and evidence of registration of each partner under sub-regulation (2) of this
Regulation; and
(f) any other relevant information that may be required from time to time by the
Council.

(4). An Audit Committee member shall provide the following-


(a) name and address of the Audit Committee member;
(b) evidence of nomination as an Audit Committee member;
(c) extract of the minutes of the Board meeting where such decision was made;
(d) evidence of financial literacy;
(e) evidence of registration as a professional under Section 41(1) of the FRC
Act where applicable; and

5
(f) any other relevant information that may be required from time to time by the
Council.

(5). Other Assurance Services Providers shall provide the following-


(a) name and address of the firm;
(b) certificate of registration with CAC;
(c) address of its branch offices if any;
(d) evidence of registration as a professional under Section 41(1) of the FRC Act; and
(e) any other relevant information that may be required from time to time by the
Council.

5. Deregistration
(1). The Council shall deregister an Auditor, Audit firm, Audit Committee Member and
Other Assurance Services Provider, where the:
(a) individual or firm fails to comply with these Regulations;
(b) Council accepts an application from the individual/firm to cancel the registration;
(c) licence is withdrawn by a RPB;
(d) it is considered by the Council that the continued registration of the individual/firm
may adversely affect the public interest;
(e) individual/firm fails to act on notices, rules, guidelines and regulations issued by the
Council; or
(f). where the sole owner or firm ceases to exist.

(2). In this Regulation the sole owner or firm ceases to exist -


(a) when the firm goes into liquidation/wind-up;
(b) when the firm ceases to carry on its business;
(c) in the event of death of sole owner or incapacity to carry on business; or
(d) on the happening of cessation event or event likely to impact the conduct
of the firm’s business such as but not limited to bankruptcy, fraud, and government
prohibition.

PART III – AUDIT EXECUTION


6. Auditing Standards
(1). The Council shall require Auditors and Other Professionals to carry out statutory Audits
and Other Assurance Services in compliance with international auditing standards
adopted by the Council in accordance with section 8(1)(q) of FRC Act.

(2). For the purposes of sub-regulation (1) of this Regulation, “International Auditing
Standards” means International Standards on Auditing (ISAs), Professional Code of
Ethics (including the fundamental principles) as amended; and other related Standards

6
issued from time to time by the International Federation of Accountants (IFAC).

(3). Notwithstanding the provision of sub-regulation (1) of this Regulation, the Council may
issue Audit procedures or requirements in addition to the international auditing standards
adopted by the Council, only-
(a) where those audit procedures or requirements are necessary in order to give effect to
national legal requirements relating to the scope of statutory audits; or
(b) to the extent necessary to add to the credibility and quality of financial statements.
(4). The Council shall communicate Audit procedures or requirements to the Auditor at least
three months before their entry into force or, in the case of requirements already existing
at the time of adoption of an international auditing standard, at least within three months
of the adoption of the relevant international auditing standard.
(5). Where an Audit firm carries out statutory Audit and Assurance Services, the report shall
be signed by the Engagement Partner that carried out the audit on behalf of the audit
firm.
(6). Where the Auditor's life is under imminent and significant threat, the individual or the
firm concerned shall notify the Council without delay for appropriate course of action by
the Council as set out in these Regulations.

7. Prohibited Non-Audit Services


(1). An external Auditor shall provide to the client such other services as approved by the
Board of Directors on the recommendation of Audit Committee subject to the provisions
of International Ethical Standards Board for Accountants (IESBA)’s Code of Ethics for
Professional Accountants including International Independence Standards as
Amended /reviewed-
(a) any other kind of services as may be proscribed by relevant regulators;

(b) a limit on permissible Non-Audit Services of not more than 80% of the annual audit
fees paid for the statutory audits of the audited entity and, where applicable, of its
parent undertaking and controlled undertakings; and
(c) the consolidated financial statements of that group of undertakings with the proviso
that the -
(i) limit applies on the preceding year audit fee,
(ii) limit applies to statutory auditor of Public Interest Entities (PIEs) only,
(iii) fees generated by the services provided by members of network firms is not
relevant for the purposes of the calculation of the limit, and
(iv) services commissioned by governments and their agencies are exempted from the
calculation of the limit.
(2). An Auditor or Audit firm that has been performing any non-audit services on or before
the commencement of these Regulations shall comply with the provisions of these
Regulations before the end of the first financial year after the date of commencement of
these Regulations.

7
8. Responsibilities of Auditors
(1). The responsibilities of the Auditors/firms include though not limited to the following-
(a) provision of audit services to the satisfaction of the Board Audit Committee,
Statutory Audit Committee or both;
(b) demonstration of a good understanding of the client’s business, industry and also the
impact of the economic environment on the entity;
(c) carrying out a comprehensive and sound risk assessment;

(d) providing an independent opinion on the true and fair view of the financial statements
of the company to give assurance to the stakeholders;

(e) the Engagement Partner and Audit team shall be satisfied with the quality of other
Engagement Teams that perform other portions of the Audit in various domestic
and foreign locations; also

(f) the Engagement Partner and Engagement Team are independent of the client, as
such, shall approach their work with due care and high level of objectivity.

(2) Where the Council or any other Regulator is satisfied that an external Auditor of an entity
has abused his office, acted in a fraudulent manner or colluded in any fraud in the entity,
it may –
(a) by regulatory order, direct the company to approach its shareholders to consider
and resolve whether on the basis of any facts revealed, the entity at the general
meeting shall change its Auditors; and
(b) the proceeding for the change of Auditor shall be without prejudice to any sanctions
that the regulator might impose on such erring Auditor.
(3) Where the External Auditor observes or receives information on irregularities during an
Audit, he must report same to the Council within 30days.

9. Mandatory Audit Firm Rotation for Auditors of PIEs

(1). To safeguard the integrity of the external audit process and guarantee the independence of
the External Auditors, entities shall rotate both the Audit Firms and Engagement Partners.

(2). Audit firms shall be retained for no longer than ten years continuously.

(3). Audit firms shall disengage after continuous service to a company for ten (10) years while
a joint Audit arrangement shall be for a maximum period of 15 years.

(4). A seven (7) year cooling‑off period shall elapse before an Audit firm or any member in its
network can be re‑appointed as the statutory Auditor.

(5). Where an Auditor’s tenure has already exceeded ten years at the date of commencement of
these Regulations, such Auditor shall cease to hold office as an Auditor of the company at
the end of the financial year that these Regulations comes into force.

8
(6). Audit firms shall rotate the Engagement Partners assigned to undertake the External Audit
of the company after a maximum of five years.

10. Organisation of Audit Work


(1). The Firm shall ensure that when statutory Audit is carried out by an Audit firm, the Audit
firm shall-
(a) designate at least one key Audit Partner;
(b) provide the key Audit Partner(s) with sufficient resources and personnel that have the
necessary competence and capabilities to carry out the duties appropriately;
(c) ensure that audit quality, independence and competence shall be the main criteria
when the Audit firm selects the key Audit Partner(s) to be designated; and
(d) ensure that the key Audit Partner(s) is actively involved in carrying out the
statutory Audit.
(2) The Auditor shall-
(a) keep records of any breaches of the provisions of these Regulations;
(b) keep records of consequence of any breach, including the measures taken to
address such breach and to modify their internal quality control system;
(c) prepare an annual report containing an overview of any measure taken and shall
communicate that report internally; and
(d) when an Auditor asks external experts for advice, the Auditor shall document the
requests made and the advice received.
(3) The Auditor shall maintain a client record and such record shall include the following
data for each audit client-
(a) the name, the registered address and the place of business;
(b) in the case of an Audit firm, the names of the key Audit Partners; and
(c) the fees charged for the statutory audit and other services in any financial year.
(4) The Auditor shall-
(a) create an Audit file for each statutory Audit;
(b) keep records that are considered appropriate to support their Audit report in
accordance with ISA;
(c) close Audit file not later than 60 days after the date of signing of the Audit report;
and
(d) keep records of any complaint made in writing about the performance of the
statutory Audits carried out.
11. Audit Reporting
(1). The Auditors shall present the results of statutory Audit in an Audit report in accordance

9
with the requirements of International Standards on Auditing adopted by the Council.
(2). The Audit Report shall -
(a) be in writing;
(b) identify the entity whose financial statements are the subject of statutory Audit;
(c) specify the financial statements, date, period covered and identify the financial
reporting framework that has been applied in their preparation;
(d) include a description of the scope of statutory Audit which shall, as a minimum,
identify the auditing standards in accordance with which the statutory Audit was
conducted; and
(e) include an Audit opinion, which shall be unmodified opinion when the Auditor
concludes that the financial statements are prepared, in all material respects, in
accordance with the applicable financial reporting framework. It shall:

(i) state whether the annual financial statements give a true and fair view in
accordance with the relevant financial reporting framework,

(ii) refer to any other matters to which the Auditors draw attention by emphasis
without modifying the Audit opinion,
(iii) include an opinion and report, both of which shall be based on the work
undertaken in the course of the Audit,
(iv) provide a statement on any material uncertainty relating to events or conditions
that may cast significant doubt about the entity's ability to continue as a going
concern, and
(v) where applicable, include in a separate paragraph in the Auditor’s report,
those matters determined to be key Audit matters that are communicated or
were required to be communicated to those charged with governance.
(f). If the Auditor:
(i) concludes that, based on the audit evidence obtained, the financial statements
as a whole are not free from material misstatement; or
(ii) is unable to obtain sufficient appropriate audit evidence to conclude that the
financial statements as a whole are not free from material misstatement,
the Auditor shall modify the opinion in the auditor’s report in accordance with
ISA 705 (Revised)
(3). Where the statutory Audit was carried out by more than one Audit firm, the Auditors
shall -
(a) agree on the results of the statutory Audit, submit a joint report and opinion; and
(b) where there is a disagreement, each Auditor shall submit his opinion in a separate
paragraph of the Audit report and state reasons for the disagreement.
(4). (a) The Audit report shall be signed and dated by the Engagement Partner with the

10
FRC Registration number affixed;
(b) where an Audit firm carries out the statutory Audit, the Audit report shall bear the
signature of at least one of the Engagement Partners that carried out the statutory
Audit on behalf of the Audit firm;
(c) where there is a joint audit, the audit report shall be signed by all the Engagement
Partners;
(d) the Council may require that such signatures need not be disclosed to the public
where such disclosure could lead to an imminent and significant threat to the
personal security of any person; and
(5). Notwithstanding the provisions of sub-regulation (4) (a) – (d) of this Regulation, the
names of the persons involved shall be known to the Council.
(6). The report of the Auditor on the financial statements shall comply with the
requirements set out in sub-regulation (1) – (5) of this Regulation.
(7). No Auditor shall affix FRC Registration number to any audited report if, as at
the date of signing the report, the Auditor is indebted in any form to the Council,
failure of which shall attract appropriate sanctions.

12. Statutory Audits of Consolidated Financial Statements


(1). The Council shall ensure that in the case of a statutory Audit of consolidated financial
statements of a group of undertakings, the -
(a) group Auditor bears the full responsibility for the Audit report; and
(b) documentation retained by the group Auditor shall be such as to enable the Council
to review the Auditor’s work.
(2). Where the group Auditor is subject to a quality assurance review or an investigation
concerning the statutory Audit of the consolidated financial statements of a group of
undertakings, the group Auditor shall, when requested, make available to the Council
relevant documentation retained concerning the Audit work performed by the Auditors
for the purpose of the group Audit, including any working papers relevant to the group
Audit.
(3). The Council may request additional documentation on the Audit work performed by
any Auditor for the purpose of the group Audit.

13. Document Retention

(1). Audit Firm/Auditor shall retain records relevant to the audit or review. Such records
include-
(a) working papers and other documents that form basis of the audit; or
(b) review of an entity's financial statements, memoranda, correspondence,
communications; and
(c) other documents, and records, including electronic records.

11
(2) Notwithstanding the provisions of sub-regulation (1) of this Regulation, two criteria must
be met, which are-
(a) records created, sent or received in connection with the audit or review shall contain
conclusions, opinions, analyses, or financial data related to the audit or review; and
(b) Auditor shall ensure that all working papers and relevant materials that support the
Auditor's conclusions in any audit report are retained for a minimum period of six years.

PART IV – ENFORCEMENT AND COMPLIANCE


14. Monitoring of Auditors
(1). The Council shall adopt the Code of Ethics for Professional Accountants including
International Independence Standards as issued by the International Ethics Standard
Board for Accountants (IESBA).
(2). The Council shall monitor all matters relating to Auditing standards, quality of services
rendered by Auditors, Audit firms, and Other Assurance Services Provider in the forms
specified in the schedule to these Regulations.
(3). The Council may, for any purpose related to inspecting, monitoring or investigating
statutory Audit work give notice to any Auditor requesting for information on the
financial statements or the consolidated financial statements of any public interest entity.
(4). The persons to whom notice may be given under this sub-regulation (3) of this Regulation
are-
(a) any person involved in the activities of a statutory audit directly or outsourced,
(b) any public interest entity (PIEs), and
(c) any subsidiary or parent of a public interest entity or any other subsidiary of a
company of which a public interest entity is a subsidiary,
(5). A notice under sub-regulation (3) of this Regulation shall be in writing and specify the
purposes for which the information is required.
(6). A notice under sub-regulation (3) of this Regulation may-
(a) specify the time and manner within which the person to whom it is given shall
comply with it,
(b) require the creation of documents, or documents of description, specified in the
notice, and
(c) require the provision of those documents to the Council.
(7). A person commits an offence where the person-
(a) intentionally obstructs the Council or an officer of the Council in exercising or
seeking to exercise a power under and in accordance with these Regulations;
(b) intentionally fails to comply with a requirement imposed by the Council or an
officer of the Council under this Regulation;
(c) without reasonable excuse, fails to give the Council or an officer of the Council
any other assistance or information which the Council or officer may reasonably

12
require for a purpose for which the Council or officer may exercise a power under
this Regulation;
(d) where in giving information of a kind mentioned in sub- regulation (c) of this
Regulation, the person-
(i) makes a statement which the person knows is false or misleading in a
material respect, or
(ii) recklessly makes a statement which is false or misleading in a material
respect.
(8). A person who is guilty of an offence under sub-regulation (7)(a)- (d) of this Regulation
is liable to a penalty and/or prosecution.

15. Enforcement of these Regulations


(1) There shall be constituted an Audit Quality Review Team (AQR) and Enforcement
Committee to monitor the implementation of these Regulations.
(2). Membership of the AQR Team shall include representatives of the Council’s Directorate
of Auditing Practices Standards (DAPS) and any other person that the Council deems fit
to include in the Team.
(3). The roles of AQR Team are to-
(a) monitor through inspection and other means, the quality of audit work of the
statutory Auditors and Audit firms that audit PIEs and certain other entities within
the scope retained by the FRC;
(b) monitor all other statutory audits delegated by the FRC to RPB under a series of
Instruments of Delegation;
(c) conduct thematic reviews of firms’ policies and procedures in respect of a specific
area or aspect of the audit or firm-wide procedures to make comparisons between
firms with a view to identifying both good practice and areas of common weakness;
(d) ensure that FRC is satisfied that each RPB has the necessary arrangements in place
to meet the requirements of the Instrument of Delegation and should continue to be
recognised as a RPB for the purpose of statutory Audit;
(e) receive all statutory change of auditors’ notifications from companies and statutory
Auditors in respect of public interest companies; and
(f) send reports of their reviews and findings on the conduct of an Auditor to the
Enforcement Committee.
(4). Membership of the Enforcement Committee shall include representatives from DAPS
and Directorate of Inspection and Monitoring (DIM) and any other person the Council
deems fit to include in the Committee.

(5). The roles of the Enforcement Committee include but shall not be limited to the
following; -
(a) conduct investigations of Auditors, where there appears to be misconduct or

13
a breach of the relevant professional standards;
(b) review monitoring reports of the AQR Team;
(c) consider reports of non-compliance and make appropriate sanctions against the
Auditor;
(d) invite the Auditor to discuss the observed infraction(s);
(e) report non-compliance with sanctions awarded by the Enforcement Committee
including but not limited to any non-payment of penalty to the Technical and
Oversight Committee (TOC)
(f) provide representation at TOC hearing against an Auditor;
(g) notify in writing and require any person to furnish, in such form as may be
directed, any information on such matters as may be specified in the notice and
such person shall comply; and
(h) ensure that investigations and prosecutions are conducted efficiently and fairly.
(6). Technical and Oversight Committee (TOC) shall be as constituted by the Board of the
FRC. The role of TOC shall include, to-
(a) receive regular reports from the Inspection and Monitoring Directorate/Enforcement
Committee on breaches observed;
(b) review sanctions to be meted out to any professional Accountant;
(c) review such reports and make appropriate recommendations to the Board; and
(d) receive and deliberate on all appeals against sanctions and make recommendations
to the Board;

16. Procedure for Regulatory Sanction and Appeal


(1). The monitoring of compliance with these Regulations shall be conducted by the
Enforcement Committee through the Audit Quality Review Team.
(2) Where there is a disagreement with the Council’s conclusion on Partners review or
Practice level review, an appeal shall be made to the Technical and Oversight Committee
(TOC) of the Council for remediation as stipulated in sections 15(2) and 28 of the FRC
Act.

17. Administrative sanctions

(1) The following action shall be taken against any Professional Accountant, Firm or other
Assurance Services Provider who is in violation and/or fails to comply with any of the
requirements imposed by these Regulations and having been adjudged by the
Enforcement Committee to be guilty of professional misconduct:-
(a) suspend and have the name of the Auditor /firm deleted from the Council’s
register for a period not exceeding 12 months;
(b) direct that the Auditor/firm complies with whatever sanction imposed by the

14
Council before the expiration of the period of suspension;
(c) the decision of the Council may be published in any two national daily newspapers
and electronic media, and
(d) the Council may, at the expiration of any Suspension Order and where it is certified
that the individual/firm has satisfactorily complied with requirements of these
Regulations, re-enter the name of the individual/firm into the Council’s Register
and lift the Suspension Order and may publish same.

(2) where an Auditor/Firm violates any of the requirements of these Regulations, the Council
may-
(a) give a notice requiring the Auditor to refrain from such conduct that gives rise
to the violation;
(b) publish a statement which may take the form of a warning; or
(c) prohibit such Auditor from carrying out statutory Audits or signing Audit
reports in accordance with Operational Guideline for Inspection and Monitoring
of Auditors, Other Assurance Services Providers and Audit Committee
Committee Members 2020.

(3). Where an Audit report by the Auditor does not satisfy the Audit reporting
requirement or any requirement of these Regulations, the Council shall apply one or
a combination of the following sanctions-

(a) make an order prohibiting the Auditor for a specified period of not more than
three years from acting as a director of or being otherwise concerned in the
management of a public interest entity;
(b) impose on the Auditor a financial penalty of such amount as it considers
appropriate and as stipulated in the Operational Guidelines for Inspection and
Monitoring of Auditors, Audit Committee Members and Other Assurance
Service Providers;
(c) make an order requiring the Auditor to take such action as it considers necessary
to mitigate the effect or prevent the recurrence of the contravention; or
(d) make a recommendation to the RPB that the erring Auditor be subjected to
disciplinary actions in accordance with the RPB’s disciplinary procedures.

(4). In these Regulations, the council shall determine the type and level of sanctions
to be imposed taking into account all relevant circumstances, including-
(a) the gravity and duration of the violation;
(b) Auditor’s degree of responsibility;
(c) the extent to which the Auditor has co-operated with the Council; and
(d) any previous violation of a relevant requirement by the Auditor.

(5) The Council may make an order in this Regulation referred to as “the cost
order” requiring the Auditor to pay the costs reasonably incurred by the Council in
determining whether the Auditor has violated the requirement, including-

15
(a) its administrative costs;
(b) its costs of obtaining legal advice; and
(c) any costs incurred in considering any appeal by the Auditor.

(6) Where a RPB has paid any part of the costs incurred by the Council, a Cost Order
may include those costs and Council must reimburse those costs to the RPB.

(7) Where the Council imposes a financial penalty or make a Cost Order against an
Auditor, it shall specify a date by which the penalty is or the costs are required to be
paid, provided that the date shall be at least 14 days after the date the financial penalty
was imposed or the cost order was made.

18. Publication of sanctions and measures


(1). The Council may publish on its official website and any other medium it considers
appropriate, any administrative sanction imposed for breach of the provisions of these
Regulations.
(2). Where the Council permits publication of sanctions which are subject to appeal, it shall,
as soon as reasonably practicable, also publish on the Council’s official website
information concerning the status and outcome of any appeal.
(3). The sanction published under sub-regulation (1) of this Regulation shall include-
(a) information concerning the nature of the violation; and
(b) the identity of the Auditor or firm sanctioned under this Regulation.

(4). Circumstances in which the identity of the auditor may not be published are where
publication-
(a) may cause disproportionate damage to any institution or individual involved.
(b) may jeopardise public interest;
(c) may jeopardise an ongoing criminal investigation.

(5). Council shall ensure that any publication in accordance with sub-regulation (1) of this
Regulation, is of proportionate duration and remains on their official website for a
minimum period of five years after all rights of appeal have been exhausted.

(6). The publication of sanctions and measures of any public statement shall respect
fundamental rights as laid down in the Constitution.

19. Enforcement of sanctions


This Regulation applies where the-
(a) Council has imposed a sanction under this Regulation;
(b) person on whom the sanction or costs order was imposed has -
(i) not, by the specified date, appealed against the decision, or
(ii) appealed against the decision, but the appeal was unsuccessful or was withdrawn;

16
and
(c) the procedure for enforcement of this Regulation is as contained in the Guidelines
for Inspection and Monitoring Procedure for Auditors, Audit Committee Members
and Other Assurance Providers,2020.

20. Recovery of financial penalties


Where whole or any part of a financial penalty is not paid within 14 days, the unpaid
balance from time to time shall be treated in line with section 33 (2) of the FRC Act.

PART V – QUALITY ASSURANCE


21. Quality assurance review of Auditors shall be in line with International Standards on Quality
Control/International Standards on Quality Management (ISQC1/ISQM) as may be revised
from time to time.
22. Internal Organisation of Auditors
The Council shall ensure that Auditor or Audit firm complies with the following organisational
requirements-
(1) Policies and Procedures
An Audit firm shall establish appropriate policies and procedures to ensure that -
(a) its owners or partners, as well as the members of the administrative, management and
supervisory bodies of the firm, or of an affiliate firm, do not intervene in the carrying-
out of a statutory audit in any way which may jeopardise the independence and
objectivity of the Auditor who carries out the statutory audit on behalf of the Audit firm;
(b) their employees and any other natural persons whose services are placed at the auditor’s
disposal or under their control, and who are directly involved in the statutory audit
activities, have appropriate knowledge and experience for the duties assigned;
(c) outsourcing of important audit functions is not undertaken in such a way as to impair the
quality of the auditor’s internal quality control and ability of the Council to supervise
Auditor’s or Audit firm’s compliance with the obligations laid down in these
Regulations;
(d) statutory audits, coaching, supervising and reviewing employees’ activities and
organising the structure of the audit file are carried out.

(2). Internal Quality Control


(a) internal quality control mechanisms shall be designed to secure compliance with
decisions and procedures at all levels of the Audit firm or of the working structure of
the Auditor;
(b) the Auditor shall establish an internal quality control system to ensure the quality of
statutory Audit, which also cover the policies and procedures described in sub-
regulation (1) of this Regulation;
(c) in the case of an Audit firm, responsibility for the internal quality control system shall

17
lie with a person who is qualified as an Auditor;
(d) Auditor shall monitor and evaluate the adequacy and effectiveness of their systems,
internal quality control mechanisms and arrangements established in accordance with
this Regulation and take appropriate measures to address any deficiencies;
(e) Auditor shall use appropriate systems, resources and procedures to ensure continuity
and regularity in the carrying out of their statutory audit activities;
(f) Auditor shall in particular carry out an annual evaluation of the internal quality control
system, referred to in sub-regulation (2) (b) of this Regulation;
(g) Auditor shall keep records of findings of the evaluation and any proposed measure to
modify the internal quality control system, and the policies and procedures shall be
documented and communicated to the employees of the auditor;
(h) any outsourcing of audit functions as referred to in sub-regulation (1) (c) of this
Regulation shall not reduce the responsibility of the auditor towards the audited entity;
(i) the Auditor shall take into consideration the scale and complexity of their activities
when complying with the requirements set out in Regulation 21 of these Regulations;
and
(j) the Auditor shall be able to demonstrate to the Council that the policies and procedures
designed to achieve such compliance are appropriate, given the scale and complexity
of activities of the Auditor.
(3). Organisation and Administration
(a) The Auditor or an Audit firm shall have sound administrative and accounting
procedures, internal quality control mechanisms, effective procedures for risk
assessment, and effective control and safeguard arrangements for information
processing systems.
(b) The Auditor shall establish appropriate and effective organisational and administrative
arrangements to prevent, identify, eliminate or manage and disclose any threats to
their independence and the integrity of his statutory Audit activities;
(4). Remuneration
Auditor shall have in place adequate remuneration policies, including profit-sharing
policies, providing sufficient performance incentives to secure audit quality, and the
Auditor shall not be evaluated or compensated based on that auditor’s success in selling
non-audit services to his or her audit client.

23. Quality Assurance Systems for Auditors


(1). Every Auditor and Audit firm shall implement a quality management system in
compliance with ISQM as issued by IAASB and as may be revised from time to time.
(2). The Council’s quality review programme shall meet the following criteria-
(a) be organised in such a manner that it is independent of the reviewed statutory
Auditors and Audit firms;
(b) the cost of review shall be borne by the Audit firm;

18
(c) the reviewers of quality assurance system shall possess requisite professional
qualification and experience in statutory Audit and financial reporting, also with
specific training on quality assurance reviews;
(d) the selection of reviewers for specific quality assurance review assignments shall be
objectively implemented in accordance with the procedure designed to ensure that
there are no conflicts of interest between the reviewers and statutory Auditor or
Audit firm;
(e) the scope of the quality assurance review, supported by adequate testing of selected
audit files, shall include an assessment of compliance with applicable auditing
standards and independence requirements, the quantity and quality of resources
spent, the audit fees charged and the internal quality control system of the Audit
firm;
(f) the quality assurance review shall be the focus of a report, which shall contain the
main conclusions of the quality assurance review;
(g) annual quality reviews (inspections) shall be conducted for every Audit firm that
audits more than 20 Public Interest Entities (PIEs); all others shall be conducted every
three years and each engagement partner shall be reviewed at least every 6 years
(h) notwithstanding the provision of sub-regulation (2)(g) of this Regulation, the
Council may at any time call for a special investigation or review of any firm or
engagement partner, either due to audit failure or any notified breach of these
Regulations;
(i) publication of the overall results of all quality assurance reviews conducted every
year shall be done annually;
(j) implementation of recommendations of quality reviews shall be followed up by the
Council and reported in the annual report of quality assurance reviews; and
(k) where the Council discovers that the recommendations referred to in sub- regulation
(2) (j) of this Regulation are not complied with, such statutory Auditor or Audit firm
shall, where applicable, be subjected to the disciplinary actions or penalties as may
be determined by the Council.

24. Delegation arrangements for supervisory tasks


(1). The Council shall directly conduct-
(a) the review of Auditors of PIEs as defined in section 77 of the FRC Act and
delegate the review of Auditors of non-PIEs and other entities as may be delegated
from time to time, to RPBs; and
(b) quality control system reviews on all firms and may work with RPB. The Council
may review the result of the programme on annual basis.

(2). The Council shall issue Instruments of Delegation to guide arrangement with
RPBs and review the results of this programme on an annual basis.

19
PART VI – AUDIT COMMITTEE AND INTERNAL AUDIT FUNCTION
25. Audit Committee
Without prejudice to the extant provisions of the Nigeria Code of Corporate Governance
2018, activities of the Statutory Audit and Board Audit Committees shall be directly
regulated by the Council through this Regulation.

26. Qualification of Audit Committee Member


(1). Every public-interest entity shall have an Audit Committee, and shall be either a stand-
alone committee or a committee of the administrative body or supervisory body of the
audited entity.
(2). All members of the Audit Committee shall be financially literate, and at least one
member shall be a member of a professional accounting body in Nigeria established by
an Act of the National Assembly.
(3). Pursuant to Section 8(1) (f) of the FRC Act that empowers the Council to maintain
a register of professional accountants and other professionals engaged in the financial
reporting process, all Audit Committee members shall register with the Council.
27. Appointment and Composition of the Committees
The appointment and composition of both Statutory Audit and Board Audit Committee
members shall be in line with the provisions of Companies and Allied Matters Act,
2020(as amended) and Nigeria Code of Corporate Governance, 2018 as may be revised.

28. Duties and Responsibilities of Audit Committee


(1). Duties and responsibilities of Statutory Audit Committee shall be consistent with
section 404(7) of Companies and Allied Matters Act, 2020 (as amended).
(2). The Statutory and Board Audit Committees, either independently, jointly or where
they co-exist, shall have the primary responsibility for making a recommendation to
the board on the appointment, reappointment and removal of external Auditors.
(3). Without prejudice to the provision of the Companies and Allied Matters Act,2020 (as
amended) entities may have Board Audit Committee in addition to a Statutory Audit
Committee.
(4). Where an entity has a Board Audit Committee, it shall have the following additional
oversight functions-
(a) monitoring the process of the statutory audit or consolidated financial
statements, mainly covering the planning, findings and conclusions;
(b) reviewing and monitoring the independence of the Statutory Auditor, including
the annual report from the Auditor, discussing key issues and mitigate with the
Auditor;
(c) being responsible for the procedure for the selection of the statutory Auditor or
Audit firms;
(d) overseeing the Statutory Auditor’s compliance with additional reporting
requirements in the Audit Report and then report to the Audit Committee;
(e) pre-approving permissible non-audit services following an assessment of the

20
threats to independence and safeguards that the Statutory Auditor will apply to
mitigate or eliminate those threats;
(f) overseeing the Statutory Auditor’s management and calculation of the 80% cap
on permissible services provided to the audited entity, its parent and controlled
undertakings;
(g) development of an appropriate policy regarding the provision of specified
prohibited services (where permitted by the Council or as allowed by IESBA’s
Code of Ethics for Professional Accountants including International
Independence Standards as revised/amended); and
(h) oversight of the Statutory Auditor’s assessment regarding provision of the
prohibited services to ensure that-
(i) they have no effect separately or in aggregate on the audited financial
statements, or
(ii) the estimation of the effect on the audited financial statements is
comprehensively documented and explained in the additional report to the
Audit Committee.

29. Sanctions for Audit Committee Members


(1). Audit Committee members that acts in violation of these Regulations or fails to comply
with any of the duties imposed by these Regulations and having been determined by
the Enforcement Committee/TOC to be guilty of misconduct, shall be subjected to the
following-
(a) suspend and have the name of the Audit Committee member deleted from the
Council’s register for a period not exceeding 12 months;
(b) direct the Audit Committee to comply with whatever sanction imposed by the
Council before the expiration of the period of suspension;
(c) the decision of the Council may be published in any two-national daily
newspapers and electronic media.
(d) the Council may at the expiration of any suspension order imposed and where it
is certified that the Audit Committee has satisfactorily complied with
requirements of these Regulations, re-enter the name of the Audit Committee
member into the Register of professionals, lift the Suspension Order and may
publish same.
(e) in the event of gross or persistent negligence of duties, a recommendation shall
be made to the primary regulator of the entity where the Audit Committee
member serves that the person be suspended from being a member of one or more
of the following company bodies in public-interest entities for up to three years,
the -
(i) Board of Directors,
(ii) Executive Board, and
(iii) Audit Committee.
(f) where the entity the Audit Committee member serves does not have a
primary regulator, it shall be the responsibility of the Council to enforce sub-
regulation (1) (e) of this Regulation.

21
(2). The Council may also institute legal action against any of the Audit Committee
Members who fails to comply with the provisions of these Regulations.

30. Internal Audit Function

(1). All companies shall have an effective risk–based Internal Audit function.
(2). Where the Board decides not to establish such a function, sufficient reasons must be
disclosed in the company’s annual report with an explanation as to how assurance of
effective internal processes and systems such as risk management and internal
controls will be obtained.
(3). The purpose, authority and responsibility of the Internal Audit activity shall be
clearly and formally defined in an Internal Audit Charter approved by the Board,
and shall also be consistent with the definition of Internal Auditing by the Institute
of Internal Auditors.
(4). The Internal Audit function shall be headed by a professional with relevant
qualification who has registered with the Council /Regulator, and the unit shall be
adequately resourced to enable it effectively discharge its responsibilities.

(5). The Head of Internal Audit function shall-

(a) report directly to both the Board Audit Committee and the Statutory Audit
Committee where both co-exist while having a line of communication with the
MD/CEO; and

(b) have unrestricted access to the Chairmen of both the Board Audit Committee and
Statutory Audit Committee where both co-exist.

(6). The Head of Internal Audit function shall report at least once every quarter, at Audit

Committee meetings, on the -

(a) adequacy and effectiveness of management processes;

(b) governance, risk and control environment; and

(c) deficiencies observed, management response and mitigation plans.

(7). The Internal Audit function shall assist the directors and management to maintain
effective controls through periodic evaluation to determine the effectiveness and
efficiency of the company’s internal control systems and make recommendations
for enhancement or improvement.

(8). The evaluation of controls by the Internal Audit function shall encompass the
following -

(a) information systems environment;


(b) reliability and integrity of financial and operational information;

22
(c) effectiveness and efficiency of operations;
(d) safeguarding of assets; and
(e) compliance with laws and regulations.

(9). The Internal Audit function shall establish a risk-based Internal Audit process that
provides a consistent basis for the provision of Internal Audit Services and
highlights the key steps and activities to be performed from the planning stage
through to the reporting phase of the Audit.

(10). The Internal Audit function shall develop an annual risk-based Internal Audit plan
in line with the risk-based Internal Audit process and shall be approved by the
Audit Committee.

(11). The annual risk-based Internal Audit plan shall-

(a) address the broad range of risks facing the company linking this to risk
management framework;
(b) identify audit priority areas and areas of greatest threat to the company;
(c) indicate how assurance will be provided on the company’s risk management
process; and
(d) indicate the resources and skills available or required to achieve the plan.

(12). The Internal Audit plan shall be based on the result of the assessment of the risks
faced by the company in line with the risk management framework and shall be
approved by the Board.

(13). The plan shall identify Audit priority areas and determine the frequency of Internal
Audits as well as the required resources and skills.

(14). The risk assessment process shall be of a continuous nature so as to identify


emerging, as well as residual or existing risks and shall be conducted at least
annually, but more often in companies with complex operations.

(15). Internal Audit shall provide independent assurance on the robustness and
effectiveness of the company’s risk management process.

(16). The Internal Audit function shall liaise with other internal and external providers
of Assurance Services in order to ensure proper coverage and to minimise
duplication of effort.

(17). There shall be an external assessment of the effectiveness of the Internal Audit
function at least once every three years by a qualified independent reviewer, as
defined by the Institute of Internal Auditors, or by an external review team.

(18). The Head of the Internal Audit function shall be a member of senior management

23
and shall only be removed by the Board on the recommendation of the Statutory
Audit Committee and Board Audit Committee, in the case of companies with
two Audit Committees.

PART VII - MISCELLANEOUS PROVISIONS

31. Power to make guidelines


The Council may issue guidelines for the purpose of implementing these Regulations.

32. Transitional provisions and support structure


These Audit Regulations, 2020 shall come into force on 1 January 2021 and shall have one-
year transition period.

33. Transitional Arrangements for Mandatory audit firm rotation for PIEs
(a) If an Auditor, at the time this Regulation becomes effective (or comes into force), has
been engaged for exactly ten (10) years maximum period stipulated, the Auditor may
continue for a period not more than two years and where Auditor has been engaged
for between 11 and 15 years, the Auditor may continue for a period not more than one
year.
(b) For all other situations, the engagement may continue until the end of the first
maximum duration i.e ten (10) years.
(c) For joint audit arrangement, the maximum period is fifteen (15) years.

34. Interpretation
In these Regulations unless the context otherwise admits –
“The Act” refers to Financial Reporting Council of Nigeria Act No. 6, 2011.
"Applicable laws and standards" mean the -
a. Auditing Standards – (issued by IFAC);
b. Ethical Standards for Auditors issued and / or adopted by the FRC;
c. Quality Control Standards for Auditors issued and / or adopted by the FRC;
d. Applicable Parts of CAMA,2020 (as amended);
e. Applicable Parts of the Constitution of the Federal Republic of Nigeria;
f. Any other legislation, standards, regulations, rules, or other documents from time to time in
force and relevant to the performance and quality of auditing.
“Audit” has the same meaning as defined by the International Federation of Accountants (IFAC)
Code of Ethics for Professional Accountants.
“Audit firm” means a firm which provides audit services.
“Auditor” means a professionally qualified accountant or firm of accountants appointed to
conduct an examination of the records of an enterprise and to form an opinion as to whether the
accounts have been prepared in accordance with generally accepted accounting principles.
“Auditors of Public Interest Entities (PIEs)” means Auditors/Audit firms that audit public
interest entities as defined by the FRC Act No. 6, 2011.
“CAC” means Corporate Affairs Commission.
24
“Council” refers to the Financial Reporting Council of Nigeria, a body created by Act, No. 6,
2011.
“Constitution” means Constitution of the Federal Republic of Nigeria.
“DAPS” means Directorate of Auditing Practices Standards
“DIM” means Directorate of Inspection and Monitoring
“Deregistration” means removal of the name of an Auditor, Other Assurance Services Provider,
and Audit Committee Member from the register.
“Enforcement Committee” means the Committee which comprises representatives of the
Directorate of Inspection and Monitoring and Directorate of Auditing Practices Standards
(DAPS) and any other person as appointed by the Council.
“Financial Literacy” means the possession of the set of skills and knowledge in financial matters
acquired through training that allows an individual to make informed and effective decisions on
financial and ancillary matters.
“FRC” means Financial Reporting Council.
“Government” means all the three tiers of government and its agencies.
‘Group Auditor’ means the statutory Auditor(s) or Audit firm(s) carrying out the statutory audit
of consolidated accounts.
“IFAC” mean International Federation of Accountants.
“International Auditing Standards” means International Standards on Auditing (ISA) as issued
by IFAC.
“ISQM” means International Standards on Quality Management.
“Minister” means the Minister charged with responsibility for matters relating to Industry, Trade
and Investment.
“Network Firm” means an entity under common control, ownership or management with the
firm or any entity that a reasonable and informed third party having knowledge of all relevant
information would reasonably conclude as being part of the firm nationally or internationally.
“Other Assurance Service Providers” means independent professionals (other than external
auditors) who provide independent and professional opinions or reports that reduce information
risk and improve the quality or context of information for decision-makers. Other Assurance
services providers are classified into Internal and external assurance services providers. Internal
assurance service providers include Audit Committees, Internal Auditors and Internal
Control Professionals. External Assurance Services include all professionals engaged by
management in the financial reporting process. Such professionals include actuaries, property
valuers, valuation specialists, tax consultants, information technology specialists, legal counsel,
corporate governance specialist, and so on.
“Practice” in relation to an Auditor, means the practice of the Auditor or the Audit firm.
“Professional Accountant” means a person who is a member of a professional Accountancy
Organisation established by an Act of National Assembly and registered with the Council.
"PIEs” means Public Interest Entities as defined by the FRC Act 2011
“RPBs” means Relevant Professional Bodies “a body recognized under the FRC Act 2011 for
the purposes of the registration and supervision of Auditors and other assurance service providers
of Non-Public Interest Entities”.
"Regulations" means the Audit Regulations of the FRC.

25
"Regulatory Penalty" means a penalty of an amount determined by the Enforcement Committee
or the Technical Oversight Committee (TOC);
“Statutory Audit” means an audit of financial statements insofar as mandated by law.
“Statutory Auditor” means an external Auditor whose appointment is mandated by law.
“Suspension” means temporary/partial withdrawal of FRC registration or prohibiting a registered
professional from signing audit report for a specific period.
“Technical Oversight Committee (TOC)” means “a Committee of the Board established by
Section 15(1)(a) of FRC Act No 6, 2011.
“Withdrawal” Means the act of taking back or away something that has been granted or
possessed.

34. Citation
These Regulations shall be cited as the Audit Regulations, 2020.

FIRST SCHEDULE: REVIEW AND OUTCOME


Regulation 14(2)
i. Practice level review –review of system of quality management (ISQM) of firm once in 3
years
Rating Meaning
1 Outstanding
2 2 Good
3 3 Requires improvement
4 4 Inadequate

ii. Outcome of review/investigation for Partner level review. Engagement quality


assurance review for every PIE once in 6 years.

Rating Meaning Basis


• O - Opinion issued is wrong
1 N Non-compliant Partner/File• H - High/significant deficiency raised during file
• re review
• N - No high/significant deficiency
2 • F
Need Improvement Partner/File - Few medium or low deficiencies raised during
File review
• N - No significant or medium deficiency
3 C Compliant Audit Partner/File
• Lo - Low deficiency raised during file review

iii Notwithstanding i and ii above, the council shall make selection based on risk consideration.

26
iv Rating of deficiencies/findings noted during the review process.

Rating B Basis
• M - Major non-compliance to ISA/IFRS that would require
extensive additional audit procedure and evidence obtain
H High/significant deficiency to support the opinion
• R - Remediation would require the firm to go back to client to
ob obtain evidence
• N - Non-compliance to ISA/IFRS that would require additional
bu but not extensive audit procedure and evidence obtain to
M Medium deficiency su support the opinion
• Re - Remediation would require the firm to go back to client to
o obtain evidence
• N - Non-compliance to ISA/IFRS that would require minimal
• do documentation or audit evidence to support the opinion
Lo Low deficiency
• Re -Remediation would NOT require the firm to go back to
• cl client to obtain evidence.

MADE at Abuja this 25th day of January, 2021

Minister of Industry, Trade and Investment

EXPLANATORY NOTE
(This note does not form part of these Regulations but is intended to explain its purport)

These Regulations seeks to provide a comprehensive legal framework to regulate for effective
implementation of Auditing Standards Practices in Nigeria.

27
28

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy