Recommend: What auditing in the listed environment demands

The Independent Regulatory Board for Auditors (IRBA), as a founding member of the International Forum of Independent Audit Regulators (IFIAR), has adopted the IFIAR Core Principles for Independent Audit Regulators. Core principle nine requires audit regulators to ensure that a risk-based inspections programme is in place. That process recognises the increased public interest and risk associated with the audits of public interest entities.¹ The IRBA inspections process allocates a majority, approximately 80%, of its resources towards the monitoring of audit firms that accept public interest entities (PIEs) as assurance clients.

Paragraph R400.22 of the IRBA Code defines one category of PIEs as ‘a publicly traded entity’, which is ‘an entity that issues financial instruments that are transferrable and traded through a publicly accessible market mechanism, including through listing on a stock exchange’. Furthermore, it clarifies that ‘a listed entity as defined by relevant securities law or regulation is an example of a publicly traded entity’.

It is important to note that an entity that only lists instruments other than equity, such as debt, exchange­traded funds, redeemable preference shares and interest rate instruments, meets the definition of a listed entity and is therefore automatically classified as a PIE. Consequently, auditors of listed entities are more likely to be selected for an inspection, regardless of the size of the audit practice.

Effective as of December 2023, the Johannesburg Stock Exchange (JSE), which hosts ±70%² of listed instruments,³ removed − with market support − the requirement of the auditor accreditation model. As such, firms that wish to audit JSE-listed entities no longer require separate accreditation by the JSE.

Importantly, while the removal of the JSE auditor accreditation model and the growth in the number of audit firms being appointed across exchanges have created a more competitive audit landscape, this does not reduce the significant responsibility associated with auditing listed entities. Section 3.87 of the JSE Listings Requirements emphasises this responsibility by stipulating that any proposed auditor must be subject to a firm-wide independent quality management inspection performed by the IRBA in a current or previous inspections cycle. In addition, section 3.84(g)(iii) requires audit committees of JSE-listed entities to consider the latest inspections results when making auditor appointment decisions. An analysis of recent inspections reveals that audit firms may not fully appreciate the increased risks and challenges associated with auditing listed entities. Below are some of our observations from the inspections of audit firms and audit engagements of listed entities.

PRE-ENGAGEMENT ACTIVITIES

• Systems of quality management − International Standard on Quality Management (ISQM) 1 and ISA 220 (Revised) − emphasise thorough client acceptance and continuance procedures. Yet, instances were noted where these assessments are inadequate or absent, leading to engagements being accepted without a full consideration of the firm’s capacity, independence requirements and audit risks.
• Thus, the firm’s quality management systems are not sufficient to address audit quality risks associated with audit engagements relating to listed entities,
  as detailed below.

UNDERSTANDING OF RISKS

Some firms do not adequately understand the listed environment or the specific risks listed entities present, nor do they adapt their audit responses appropriately.

There are instances where firms failed to identify that their clients are, in fact, listed − that is, clients issuing instruments other than equity have not been identified and classified as publicly traded entities − and therefore have not been classified as PIEs. This also highlights the lack of industry knowledge and weak risk assessment procedures.

The Companies Act and Regulations require public entities listed on an exchange to prepare financial statements in accordance with the International Financial Reporting Standards (IFRS). In some cases, the audit client adopted an inappropriate financial reporting framework, resulting in:

• Audit work performed, including the required audit work on the financial statement presentation and disclosures, being insufficient and inappropriate.
• Required IFRS disclosures not being presented, for example fair value information (IFRS 13) and financial risk management disclosures (IFRS 7).
• Material misstatements of the financial statement figures, mostly the incorrect application of IFRS 9 in the classification of financial assets and liabilities, and non-cash movements included in the statement of cash flows.
• The auditor’s report concluding on the fair presentation of the financial statements on the inappropriate accounting framework.

AUDIT QUALITY AND RESOURCING

• Certain firms lack the expertise, resources or infrastructure to perform audits to the required standard, including engagement quality reviews, appropriate monitoring activities or specialists.
• The firm’s acceptance and continuance process did not consider whether it has the appropriate resources, skills, capacity and technical expertise.
• Engagement quality reviewers were appointed, but in some cases there was insufficient capacity to perform the role effectively.
• No evidence that the engagement quality reviewer had experience that is relevant to the type of entity
  or industry.
• Audit work was consistently poorly executed.
• Some firms did not have sufficient audit staff to execute audits, while in one instance the engagement partner performed the entire audit. The absence of an engagement team meant the auditor effectively audited and reviewed their own work, significantly increasing audit risk and contributing to the low quality of the audit performed.

INDEPENDENCE AND FEE DEPENDENCY

• In some firms, a listed client may represent a significant portion of revenue, raising self-interest threats that are not always adequately identified
  or mitigated.
• There are cases where firms provided non-assurance services or other prohibited services, such as the preparation of financial statements. This indicates that certain firms that audit listed entities do not meet the independence requirements for these engagements, which further compounds our concerns on auditor independence on listed engagements.
• The overall auditor’s responsibility to manage quality at the engagement file level, as well as obtain reasonable assurance that the quality has been achieved and the audits have been performed in accordance with the professional standards and the applicable legal and regulatory requirements was not always met. Also, in some cases audit firms overly relied on the preparers of financial statements that the directors of those listed entities approved as accurately reflecting the entities’ financial position, performance and cash flows according to the IFRS. Consequently, errors made in compiling the financial statements, including material misstatements, often go undetected by auditors, leading to the issuance of inappropriate audit opinions.

The table on the right highlights some of the considerations that audit firms and auditors should make when contemplating accepting audits of listed entities. We encourage auditors to critically consider each of these, prior to tendering for or accepting an appointment by any listed entity. The firm and the responsible engagement partner should be able to evidence such considerations to the IRBA, if selected for an inspection.

A MATTER OF RESPONSIBILITY

Accepting an engagement without adequate capacity or safeguards not only risks audit failure but may also amount to negligence and be a breach of the fundament al principles of the profession. The credibility of the auditing profession depends on firms exercising sound judgement when deciding whether to accept or continue with an audit engagement of a listed entity.

It is important to emphasise that the IRBA does not prohibit firms from auditing listed entities. Rather, the caution is that audits of listed entities are inherently higher risk, and firms must rigorously apply the requirements of the ISQMs, ISAs and the IRBA Code before accepting such clients.

As emphasised above, accepting and performing audits of such entities should be approached with an appropriate understanding of the environment, including all the associated risks. Auditors should have in place a robust process to evaluate the firm’s resources and ability to perform such audits to the required levels of audit quality, which requires heightened professional scepticism that is commensurate with the level of risk these entities carry.

By doing so, auditors not only protect the public interest, but also safeguard the trust that underpins financial markets. Upholding quality and independence when auditing listed entities is therefore not merely a regulatory requirement − it is a professional responsibility.

NOTES

1  Refer to R400.22 to R400.26 of the IRBA Code of Professional Conduct for Registered Auditors.

2  Calculated based on the number of instruments issued on each exchange.

3  Information available as of September 2025.

Author
Ntlambi Gulwa CA(SA), Director Inspections at the IRBA

 

Engagement resources	ISA 220 (Revised), paragraph 25, requires that the engagement partner determines that there are sufficient and appropriate resources to perform an engagement. Audit engagements of listed entities impose unique complexities and challenges that may not otherwise exist in other entities. In fulfilling the above requirements, some important considerations could include asking the following: As audits are to be conducted in terms of the IFRS and the relevant Listings Requirements, is the engagement partner up to date with the requirements of these frameworks such that they can express an opinion thereon? Typically, small private entities may be audited in terms of different frameworks, for example, IFRS for SMEs. Equally, the IRBA Code imposes more rigorous requirements relating to the audit of public interest entities (which include listed entities). Does the engagement partner have access to specialists and experts with the appropriate competence and capabilities required to properly challenge management of the listed entity and apply professional scepticism? Does the engagement partner have adequate resources to consult on difficult or contentious matters? Does the engagement partner have access to specialists and experts with the appropriate competence and capabilities required to properly challenge management of the listed entity and apply professional scepticism? Does the engagement partner have a full appreciation of the risks impacting the listed entity, and are they comfortable with their ability to respond to these risks, prior to accepting the engagement? ISA 220 (Revised), paragraph 22, confirms that the engagement partner has a responsibility to ensure that the firm’s policies and procedures for acceptance have been followed, and that the conclusions reached in this regard are appropriate. Is the engagement partner satisfied that an appropriate engagement quality review will be performed on the audit engagement of the listed entity?
Firm’s system of quality management	Is the firm comfortable that its system of quality management is operating in a manner that is appropriate to enable it to perform audits of listed entities? Is the firm able to assign an engagement quality reviewer in accordance with the requirements of ISQ M2? Does the firm have appropriate policies and procedures to enable an identification of all re levant risk factors, prior to the acceptance of the audit engagement of the listed entity? Has there been appropriate communication with the predecessor auditors? Is the firm able to support the engagement team with sufficient and appropriate resources to enable the engagement partner, in applying the appropriate level of professional scepticism and auditor judgement, to identify and challenge management on key areas of the audit, including significant accounting estimates and judgement?
Fee dependency and independence	The IRBA Code recognises that the level of fees quoted might have an impact on a registered auditor’s independence. Does the firm understand the commercial rationale of the proposed fee, and was there consideration given to whether any undue pressure had been applied by the audit client to reduce the audit fee? Fees for listed entities may constitute a significant proportion of the firm’s and/or engagement partners’ total portfolio. Has the firm assessed any potential fee dependency, in line with the requirements of the IRBA Code?
IRBA Code	Auditors are required to act with integrity, professional competence and due care, and to identify, evaluate and respond to threats to independence.

Note: This table of considerations is not exhaustive.