Auditor breach notifications and contravention reporting
Auditors are required to report through ASIC’s Regulatory Portal:
- contraventions and suspected contraventions of sections 311, 601HG and 990K of the Corporations Act 2001 (Corporations Act) identified when conducting an audit, and
- conflict of interest situations and circumstances involving a relevant relationship.
Obligation to report contraventions and suspected contraventions when conducting an audit
An auditor of a company, registered scheme, disclosing entity, registrable superannuation entity (RSE), corporate collective investment vehicle (CCIV) or compliance plan has an obligation under sections 311 and 601HG of the Corporations Act to notify ASIC in writing if they encounter certain circumstances during an audit. These circumstances include:
- contraventions or suspected contraventions of the Corporations Act
- attempts to unduly influence, coerce, manipulate or mislead a person involved in the conduct of an audit, and
- interference with the proper conduct of an audit.
The auditor must notify ASIC as soon as practicable or, in any case, within 28 days of becoming aware of the circumstances.
An auditor of an Australian financial services (AFS) licensee has an obligation under section 990K of the Corporations Act to notify ASIC in writing if they become aware of certain matters, such as:
- matters that are or may adversely affect the ability of the licensee to meet its obligations as a licensee
- contraventions of certain provisions of the Corporations Act or the AFS licence conditions, and
- an attempt to unduly influence, coerce, manipulate or mislead the auditor in the conduct of the audit.
The auditor must report to ASIC within 7 days of becoming aware of the matter.
Notifying ASIC
Notices of contraventions or suspected contraventions of the Corporations Act must be lodged through ASIC’s Regulatory Portal.
For guidance on conducting an audit of a company, registered scheme, disclosing entity, RSE, CCIV or AFS licensee in compliance with the obligations under sections 311, 601HG and 990K, please refer to Regulatory Guide 34 Auditor’s obligations: Reporting to ASIC (RG 34). RG 34 also includes examples of suspected contraventions, how an auditor may deal with them, lodgement of notices and privilege when notifying ASIC.
Notice of auditor conflict of interest situation or circumstances involving a relevant relationship
Under section 324CD of the Corporations Act, a conflict of interest situation exists in relation to an audit client at a particular time if, because of circumstances that exist at that time:
- the auditor, or a professional member of the audit team, cannot exercise objective and impartial judgement in the conduct of the audit, or
- a reasonable person, with full knowledge of all relevant facts and circumstances, would conclude that the auditor, or a professional member of the audit team, cannot exercise objective and impartial judgement in the conduct of the audit.
In determining whether a conflict of interest situation exists, the auditor must consider circumstances arising from any relationship that exists, has existed or is likely to exist between the audit client and:
- the individual auditor
- the audit firm (any current or former member of the firm), or
- the audit company (any current or former director of the company or any person currently or formerly involved in the management of the company) (see section 324CD(2) of the Corporations Act).
Under sections 324CE–324CG of the Corporations Act, a circumstance involving a relevant relationship exists if the auditor (or one of the people or entities in sections 324CE(5), 324CF(5) or 324CG(9)) has a relationship with the audit client described in section 324CH.
Obligation to notify ASIC
The auditor independence requirements (in Division 3 of Part 2M.4 of the Corporations Act) require individual auditors, audit companies, members of an audit firm or directors of an audit company to identify, resolve and disclose conflicts of interest situations and circumstances involving a relevant relationship.
If an auditor becomes aware of a conflict of interest situation (as defined in section 324CD of the Corporations Act) or a circumstance involving a relevant relationship (as defined in section 324CH) with the audit client, the auditor must notify ASIC if the situation or circumstance is ongoing after 7 days.
Offences under the Corporations Act
In accordance with the general auditor independence requirements in sections 324CA and 324CB of the Corporations Act, an individual auditor, audit company, member of an audit firm or director of an audit company commits an offence if the person:
- engages in audit activity for an entity and fails to take all reasonable steps as soon as possible to cease the conflict of interest situation after becoming aware of its existence
- fails to inform ASIC within 7 days after becoming aware of the conflict of interest situation and the situation is ongoing, or
- engages in audit activity for an entity and would have been aware that the conflict of interest situation exists had a quality control system been in place.
See section 324CD of the Corporations Act for more details on the relevant relationships.
In accordance with the specific auditor independence requirements in sections 324CE, 324CF and 324CG of the Corporations Act, an individual auditor, audit company, member of an audit firm or director of an audit company commits an offence if the person:
- does not, as soon as possible after the individual auditor becomes aware of the circumstances involving a relevant relationship, take all reasonable steps to ensure that the person does not continue to engage in audit activity in those circumstances, or
- fails to inform ASIC within 7 days after becoming aware of those circumstances and those circumstances are ongoing.
See section 324CH of the Corporations Act for more details on the relevant relationships.
Notifying ASIC
If an auditor becomes aware of a conflict of interest situation or circumstances involving a relevant relationship as noted above or defined in the relevant sections in Division 3 of Part 2M.4 of the Corporations Act, the auditor must notify ASIC through the Regulatory Portal if the circumstances are ongoing after 7 days.
Other information
Your ongoing obligations as a registered company auditor
Changes to how registered company auditors report breaches page