Use LinkedIn or an email
Use LinkedIn or an email
Enter email to reset password
SAIBA members that have obtained the designation Business Accountant in Practice (BAP) may perform and issue a factual findings report on POPIA compliance requirements.
Factual findings engagements are also known as Agreed-Upon-Procedures (AUP).
In performing an AUP engagement a BAP(SA) is required to apply the International Standard on Related Services 4400 (ISRS 4400). ISRS 4400 establishes requirements and provides guidance for performing an AUP engagement. Under ISRS 4400, an AUP engagement involves a practitioner performing procedures that have been agreed to by the practitioner, the entity and any appropriate third parties, and reporting on the factual findings based on the procedures performed.
In conducting an AUP engagement in accordance with ISRS 4400, the practitioner does not express an opinion. Users of the AUP report assess for themselves the factual findings based on the procedures performed and draw their own conclusions.
In contrast, in an assurance engagement the practitioner conveys an opinion or conclusion on the outcome of the measurement or evaluation of the underlying subject matter against criteria.
The Protection of Personal Information Act, No 4 of 2013 (POPIA) promotes the protection of personal information by public and private bodies.
POPIA has been signed into law by the President on 19 November 2013 and published in the Government Gazette Notice 37067.
The President has signed a proclamation declaring some parts of the Protection of Personal Information Act No 4 of 2013 effective from 11 April 2014.
The National Assembly approved the appointment of members to the Information Regulator on 7 September 2016. The Regulator will be responsible for education, monitor and enforce compliance, handle complaints, perform research and facilitate cross-border cooperation.
Sections 2 to 38, 55 to 109, 111 and section 114(1), (2) and (3) of the Protection of Personal Information Act, 4 of 2013 (“POPIA”) commenced on 1 July 2020.
These sections form the core provisions of POPIA and pertain to, amongst others, the processing of personal information, the processing of special personal information, the Information Officer, direct marketing by means of unsolicited communications, flow of information outside of South Africa and enforcement of POPIA.
All forms of processing of personal information must, in terms of section 114(1) of POPIA, conform with POPIA by 1 July 2021. All business and public entities have to ensure compliance by this date.
The SAIB Guide to Engagements on the Protection of Personal Information Act, 4 of 2013 (“POPIA”) for Business Accountants in Practice was commissioned by SAIBA to provide guidance to members on performing services to clients in relation to clients’ readiness for POPIA.
A BAP(SA)s may approach any entity offering them the ISRS4400 engagement and a report that demonstrates the clients readiness for POPIA.
SAIBA is a legislative controlling body for accountants, accounting officers and independent reviewers. As a controlling body we are required to monitor and sanction compliance to standards of member conduct. We perform this function by ensuring compliance by our members to the IAASB’s engagement standards. We offer CPD and training courses to help guide members with their everyday challenge in the workplace. We lobby government and SME associations to allocate work to business accountants.
The firm should study the SAIBA Guide and the ISRS 4400 and ensure that all POPIA engagements are performed in terms of this standard. The firm should study any relevant laws, regulations, founding documents or contract terms to determine the qualifications of the persons required to perform the engagement, prior to performing the engagement.
Members are required to register with www.saiba.academy and read www.accountingweekly.com to stay updated and do a specialist license to unlock additional advisory work.
SAIBA has provided a number of guides, videos and PowerPoint slides that will assist accountants with understanding their responsibilities in terms the various types of engagements: