Entire Section

  • Auditor Module (AUD) [VER04/04-20]

    • Part 1 Part 1 Introduction

      • AUD 1 AUD 1 Application and Definitions

        • AUD 1.1 AUD 1.1 Application and definitions

          • AUD 1.1.1 AUD 1.1.1

            This module (AUD) applies to every:

            (a) applicant for registration as a Registered Auditor;
            (b) Auditor;
            (c) individual applying for registration as an Audit Principal; and
            (d) Audit Principal.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

            • AUD 1.1.1 Guidance

              A Registered Auditor will need to comply with all chapters in AUD. An Auditor which is not a Registered Auditor will need to comply with chapters 5 and 6 in AUD as those chapters apply to an Auditor whether or not it is registered with the DFSA.

              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 1.1.2

            In these Rules, a Relevant Person means a:

            (a) Domestic Firm;
            (b) Public Listed Company; or
            (c) Domestic Fund.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

    • Part 2 Part 2 Registered Auditors and Audit Principals

      • AUD 2 AUD 2 Registration

        • AUD 2.1 AUD 2.1 Application

          • AUD 2.1.1

            This chapter applies to every:

            (a) applicant for registration as a Registered Auditor;
            (b) Registered Auditor;
            (c) individual applying for registration as an Audit Principal; and
            (d) Audit Principal.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 2.2 AUD 2.2 Registration of Registered Auditors

          • Application for registration

            • AUD 2.2.1 AUD 2.2.1

              An applicant for registration as a Registered Auditor must complete and submit the appropriate form in AFN to the DFSA, supported by such additional material as may be required by the DFSA.

              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

              • AUD 2.2.1 Guidance

                1. A Person who may apply to be a Registered Auditor includes a natural person.
                2. Applicants for registration as a Registered Auditor are required to pay fees as prescribed in FER.
                Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Criteria for registration

            • AUD 2.2.2

              In assessing an application for registration, the DFSA may:

              (a) make any enquiries which it considers appropriate, including enquiries independent of the applicant;
              (b) require the applicant to provide additional information;
              (c) require the applicant to provide information on how it intends to ensure compliance with a particular requirement in a Rule or the Regulatory Law;
              (d) require any information provided by the applicant to be verified in any way that the DFSA specifies; and
              (e) take into account any information which it considers relevant.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

            • AUD 2.2.3 AUD 2.2.3

              (1) An applicant for registration as a Registered Auditor must be able to demonstrate to the DFSA's satisfaction that it:
              (a) is fit and proper;
              (b) has professional indemnity insurance as required under section 4.3;
              (c) has adequate systems, procedures and controls to ensure due compliance with:
              (i) the International Standards on Auditing;
              (ii) the International Standards on Quality Control; and
              (iii) the Code of Ethics for Professional Accountants;
              (d) has clear and comprehensive policies and procedures relating to compliance with all applicable legal requirements, including those in the Regulatory Law, AUD, AML and other relevant modules of the Rulebook, when providing audit services to a Domestic Firm, Public Listed Company or Domestic Fund;
              (e) has adequate means to implement those policies and procedures and monitor that they are operating effectively and as intended;
              (f) is controlled by a majority of individuals who hold Recognised Professional Qualifications;
              (g) has identified at least one or more appropriate individuals, who will be appointed by it to undertake the responsibilities of an Audit Principal; and
              (h) has complied with any other requirement specified by the DFSA.
              (2) For the purposes of (1)(f) "majority" means:
              (a) where under the Registered Auditor's constitution matters are decided on by the exercise of voting rights, a majority of the rights to vote on all, or substantially all, matters; or
              (b) in any other case a majority of the Persons having rights under the constitution of the Registered Auditor to enable them to direct its overall policy or alter its constitution.
              (3) For the purposes of assessing whether an applicant for registration meets the fit and proper requirement under (1)(a), the DFSA may consider:
              (a) the application and submissions;
              (b) its background and history;
              (c) its ownership and Group structure;
              (d) its resources, including human and technological;
              (e) whether the applicant's affairs are likely to be conducted and managed in a sound and prudent manner; and
              (f) any other matter considered relevant by the DFSA.
              (4) The DFSA will in assessing the matters in (1) and (3) consider the cumulative effect of factors which, if taken individually, may be regarded as insufficient to give reasonable cause to doubt the fitness and propriety of an applicant.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

              • AUD 2.2.3 Guidance

                Under Article 98 of the Regulatory Law, the DFSA may grant or refuse to grant registration and impose restrictions and conditions upon the registration.

                Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 2.3 AUD 2.3 Continuing obligations of Registered Auditors

          • AUD 2.3.1

            To remain registered, a Registered Auditor must comply on a continuing basis with:

            (a) the International Standards on Auditing, International Standards on Quality Control and the Code of Ethics for Professional Accountants;
            (b) the registration criteria in Rule 2.2.3(1); and
            (c) the Rules in chapter 6 regarding the conduct of audits and the preparation of audit reports.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 2.3.2

            A Registered Auditor must at all times have at least one individual appointed by it to undertake the responsibilities of an Audit Principal.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 2.3.3 AUD 2.3.3

            The DFSA may require a Registered Auditor which has not recently conducted any audit work under its registration to provide other examples of audit work it has carried out in order to demonstrate to the DFSA that it is still able to meet its continuing obligations.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

            • AUD 2.3.3 Guidance

              The DFSA may issue guidelines in the form of Practice Notes to assist Registered Auditors in applying the standards set out in Rule 2.3.1(a). These Practice Notes will highlight new emerging or otherwise relevant circumstances to assist a Registered Auditor in applying the relevant standard. Practice Notes will be published on the DFSA website.

              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 2.4 AUD 2.4 Registration of Audit Principals

          • AUD 2.4 Guidance

            The general responsibilities of an Audit Principal are defined in Article 97(c) of the Regulatory Law.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Application for registration

            • AUD 2.4.1

              When applying for registration as an Audit Principal, both the relevant individual and the Registered Auditor must complete and submit the appropriate form in AFN, supported by such additional materials as may be required by the DFSA.

              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Criteria for registration

            • AUD 2.4.2

              An individual applying for registration as an Audit Principal must be able to demonstrate to the DFSA's satisfaction that he:

              (a) holds a Recognised Professional Qualification;
              (b) is a member in good standing of a Recognised Professional Body;
              (c) has at least 5 years of relevant post qualification audit experience in the past 7 years, including at least one year of experience in a managerial role supervising and finalising audits; and
              (d) is fit and proper to conduct audit work.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 2.5 AUD 2.5 Continuing obligations of Audit Principals

          • AUD 2.5.1

            To remain registered, an Audit Principal must comply on a continuing basis with:

            (a) the registration criteria in Rule 2.4.2; and
            (b) the Principles in section 2.6.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 2.6 AUD 2.6 Principles for Audit Principals

          • AUD 2.6.1 AUD 2.6.1

            The five Principles set out in this section apply to every Audit Principal.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

            • AUD 2.6.1 Guidance

              1. These Principles are derived from the fundamental principles published in the Code of Ethics for Professional Accountants.
              2. If an Audit Principal breaches a Principle, the DFSA may consider suspending or withdrawing the registration of the Audit Principal on that basis.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Principle 1 — Integrity

            • AUD 2.6.2

              An Audit Principal must be straightforward and honest in all professional and business relationships.

              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Principle 2 — Objectivity

            • AUD 2.6.3

              An Audit Principal must not allow bias, conflict of interest or the undue influence of others to override professional or business judgements.

              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Principle 3 — Professional competence and due care

            • AUD 2.6.4

              An Audit Principal must maintain professional knowledge and skill at the level required to ensure that a client or employer receives competent professional services based on current developments in practice, legislation and techniques and must act diligently and in accordance with applicable technical and professional standards.

              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Principle 4 — Confidentiality

            • AUD 2.6.5

              An Audit Principal must respect the confidentiality of information acquired as a result of professional and business relationships and, therefore, not disclose any such information to third parties without proper and specific authority, unless there is a legal or professional right or duty to disclose, nor use the information for the personal advantage of the Audit Principal or third parties.

              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Principle 5 — Relations with the DFSA

            • AUD 2.6.6

              An Audit Principal must deal with the DFSA in an open and co-operative manner and must promptly disclose to the DFSA any information of which the DFSA would reasonably expect to be notified.

              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 2.7 AUD 2.7 Transitional and Saving Provisions

          • AUD 2.7.2

            A Person who immediately before the commencement was registered as an Auditor by the DFSA under the previous Law is deemed on the commencement to be registered as a Registered Auditor under the current Law.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 2.7.3

            A Person who immediately before the commencement was appointed as an Audit Principal by a Registered Auditor under the previous Law is deemed on the commencement to be registered as an Audit Principal under the current Law.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 2.7.4

            An Audit Principal referred to in Rule 2.7.3 must submit the appropriate form in AFN (notification of intention to continue to undertake the responsibilities of an Audit Principal for a Registered Auditor) within 60 days of the commencement.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 2.7.5

            A Registered Auditor and an Audit Principal referred to in this section must continue to maintain any records which were required to be maintained under the previous Law for the period of time required under the previous Law.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

      • AUD 3 AUD 3 Suspension and Withdrawal of Registration

        • AUD 3.1 AUD 3.1 Application

          • AUD 3.1.1

            This chapter applies to every:

            (a) Registered Auditor; and
            (b) Audit Principal.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 3.2 AUD 3.2 Suspension and withdrawal of registration of a Registered Auditor

          • AUD 3.2 Guidance

            1. Under Article 98A(1) of the Regulatory Law the DFSA may suspend or withdraw the registration of a Registered Auditor or Audit Principal on its own initiative or at the request of the Registered Auditor or Audit Principal.
            2. Article 98A(2) of the Regulatory Law sets out the circumstances in which the DFSA may suspend or withdraw the registration of a Registered Auditor or Audit Principal.
            3. Under Article 98A(5) of the Regulatory Law, the DFSA may temporarily suspend the registration of a Registered Auditor or Audit Principal pending completion of an investigation against the Auditor or Audit Principal. The DFSA may only exercise this power where, arising from the investigation, it reasonably believes that the Person has engaged in serious misconduct that may form grounds for withdrawal of the Person's registration. This might be, for example, where there is evidence of fraud, theft or other dishonest conduct or a risk to Client Assets. As the investigation is ongoing, the DFSA would ordinarily expect not to publicise a temporary suspension under this power. But the DFSA retains discretion to publicise such a suspension in an individual case if it is appropriate to do so given the particular circumstances.
            4. Under Article 98A(7) of the Regulatory Law, a Registered Auditor or Audit Principal may refer a decision of the DFSA to suspend or withdraw its registration to the FMT. The DFSA decision to suspend or withdraw registration remains in force until the review is concluded and the FMT makes a further order, unless the FMT has made an interim order to stay the decision.
            5. Under Article 98A(3) of the Regulatory Law the DFSA may make Rules containing requirements a Registered Auditor or Audit Principal must meet before the DFSA will grant a request by the Registered Auditor or Audit Principal to withdraw registration.
            6. An application by a Registered Auditor or Audit Principal to withdraw their registration does not in itself result in a withdrawal of the registration. Until the DFSA withdraws the registration, the Registered Auditor or Audit Principal remains subject to, and must comply with, the Regulatory Law, Rules and any other relevant legislation administered by the DFSA.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Suspension or withdrawal of registration on the DFSA's initiative

            • AUD 3.2.1

              A Registered Auditor that has had its registration suspended by the DFSA, must not:

              (a) accept any new audit client who is a Relevant Person;
              (b) agree to being re-appointed by an existing audit client who is a Relevant Person; or
              (c) issue an audit report relating to a Relevant Person without the prior written consent of the DFSA.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

            • AUD 3.2.2

              If the DFSA suspends the registration of a Registered Auditor, it may impose such:

              (a) conditions on the Registered Auditor as it sees fit during the period of the suspension; and
              (b) requirements on the procedure for lifting the suspension as it considers appropriate.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Requirements for withdrawal of registration at the request of the Registered Auditor

            • AUD 3.2.3

              (1) A request for withdrawal of registration by a Registered Auditor must be made by completing and submitting the appropriate form in AFN.
              (2) Before granting a request for withdrawal the DFSA must first be satisfied that:
              (a) the Registered Auditor has made appropriate arrangements with respect to its existing audit clients who are Relevant Persons; and
              (b) any other matter which the DFSA would reasonably expect to be resolved has been resolved.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

            • AUD 3.2.4

              Once a Registered Auditor has filed a request to withdraw its registration, it must not accept any appointment or re-appointment as a Registered Auditor or issue any audit reports in relation to a Relevant Person without obtaining the prior written consent of the DFSA.

              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 3.3 AUD 3.3 Suspension or withdrawal of an Audit Principal

          • Suspension or withdrawal of registration on the DFSA's initiative

            • AUD 3.3.1

              An Audit Principal that has had his registration suspended by the DFSA must not in respect of a Relevant Person:

              (a) manage the conduct of any audit work undertaken by a Registered Auditor; or
              (b) sign any audit report, or other report required by the DFSA, on behalf of the Registered Auditor.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

            • AUD 3.3.2

              If the DFSA suspends the registration of an Audit Principal, it may impose such:

              (a) conditions on the Audit Principal and Registered Auditor as it sees fit during the period of the suspension; and
              (b) requirements on the procedure for lifting the suspension as it considers appropriate.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Requirements for withdrawal of registration at the request of the Audit Principal or their Registered Auditor

            • AUD 3.3.3

              (1) A request for withdrawal of an Audit Principal's registration by the relevant Registered Auditor or Audit Principal must be made by completing and submitting the appropriate form in AFN.
              (2) Before granting a request for withdrawal the DFSA must first be satisfied that:
              (a) the Registered Auditor is able to continue to comply with Rule 2.3.2;
              (b) the Registered Auditor has made appropriate arrangements with respect to its existing audit clients who are Relevant Persons; and
              (c) any other matter which the DFSA would reasonably expect to be resolved has been resolved.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

      • AUD 4 AUD 4 General Obligations

        • AUD 4.1 AUD 4.1 Application

          • AUD 4.1.1

            This chapter applies to every Registered Auditor.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 4.2 AUD 4.2 Employees' suitability and continuing professional development

          • AUD 4.2.1

            (1) A Registered Auditor must ensure that all Employees, including its Audit Principals, engaged in audit work for Relevant Persons:
            (a) remain fit and proper to carry out their role; and
            (b) undertake continuing professional development in accordance with the requirements of:
            (i) the Recognised Professional Body of which the Employee is a member;
            (ii) any applicable internal standards of the Registered Auditor; and
            (iii) any direction given by the DFSA.
            (2) A Registered Auditor must maintain records of continuing professional development undertaken by Employees, including its Audit Principals.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 4.3 AUD 4.3 Professional indemnity insurance

          • AUD 4.3.1

            (1) A Registered Auditor must at all times hold adequate and appropriate professional indemnity insurance which covers all types of civil liability arising in connection with the conduct of the Registered Auditor's business by Employees, including its Audit Principals.
            (2) A Registered Auditor must arrange to hold appropriate run off cover that covers a period of 2 years after its registration as a Registered Auditor is withdrawn.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 4.3.2

            A Registered Auditor must, annually, provide to the DFSA information relating to the Registered Auditor's professional indemnity insurance policy, including the terms and duration of, and any claims made under, the policy.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 4.3.3

            A Registered Auditor must maintain proper records and all relevant information relating to:

            (a) its professional indemnity insurance, including the terms of cover and its duration;
            (b) how it established the adequacy and appropriateness of the cover for the purposes of Rule 4.3.1(1); and
            (c) insurance claims made under its professional indemnity insurance policy.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 4.3.4

            A Registered Auditor must, upon a request by the DFSA, provide to the DFSA promptly the information referred to in Rule 4.3.3.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 4.4 AUD 4.4 Working Papers

          • AUD 4.4.1

            A Registered Auditor must, subject to Rule 4.4.2, maintain sufficient Working Papers to:

            (a) facilitate the proper performance of its functions and duties under these Rules; and
            (b) be able to demonstrate to the DFSA that it properly performed its functions and duties under these Rules.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 4.4.2 AUD 4.4.2

            If a Registered Auditor:

            (a) provides Audit Services to a Relevant Person which is part of a Group; and
            (b) in providing those Audit Services, relies on Working Papers relating to the Group or to another member of the Group, including Working Papers prepared by another auditor,

            it is not required to maintain a copy of the Working Papers referred to in (b) but must ensure that a copy of those Working Papers is readily accessible to it.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

            • AUD 4.4.2 Guidance

              A Registered Auditor should be aware that the requirement in Rule 4.4.2 extends to a Group or member of a Group, whether inside or outside the DIFC.

              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 4.4.3

            A Registered Auditor must, upon request by the DFSA, provide to the DFSA promptly copies of Working Papers referred to in Rule 4.4.1 and Rule 4.4.2.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 4.5 AUD 4.5 Records

          • AUD 4.5.1

            (1) A Registered Auditor must maintain the records referred to in this chapter for a period of at least 6 years. In the case of the Working Papers referred to in Rule 4.4.1 or 4.4.2, those records must be kept or be accessible (as the case may be) for a period of 6 years from the date of completion of each audit carried out.
            (2) The records, however stored, must be capable of production in English on paper and within a reasonable period not exceeding 3 business days if requested by the DFSA.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 4.6 AUD 4.6 Notification of changes and events

          • AUD 4.6 Guidance

            1. This section sets out Rules on specific events, changes or circumstances that require notification to the DFSA and outlines the process and requirements for notifications.
            2. A Registered Auditor should be aware that it will breach Article 66 of the Regulatory Law if it provides information to the DFSA which is false, misleading or deceptive, or conceals information where the concealment of such information is likely to mislead or deceive the DFSA.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Changes in core information

            • AUD 4.6.1

              A Registered Auditor must provide the DFSA with reasonable advance notice of any change in:

              (a) the Registered Auditor's name;
              (b) any business or trading name under which the Registered Auditor carries on its business;
              (c) the legal nature of the Registered Auditor;
              (d) the address of the Registered Auditor's principal place of business in the DIFC, where applicable;
              (e) (in the case of a Branch) its registered office or head office address;
              (f) the details of any other branches or offices of the Registered Auditor;
              (g) the details of any affiliated offices, associations or networks; and
              (h) its Audit Principals.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Events having a regulatory impact

            • AUD 4.6.2

              A Registered Auditor must notify the DFSA immediately if it becomes aware, or has reasonable grounds to believe, that any of the following matters may have occurred or may be about to occur:

              (a) the Registered Auditor fails to satisfy the fit and proper requirements in Rule 2.2.3 or its continuing obligations in section 2.3;
              (b) any of its Audit Principals no longer meets the registration criteria in Rule 2.4.2;
              (c) any of its Audit Principals fails to comply with his obligations under DFSA administered legislation;
              (d) any claim is made against the Registered Auditor relating to the provision of Audit Services, including but not limited to, a claim lodged against the Registered Auditor's professional indemnity insurance policy;
              (e) the Registered Auditor or any of its Employees, including its Audit Principals, breaches a Rule;
              (f) the Registered Auditor or any of its Employees, including its Audit Principals, breaches any requirement imposed by any applicable law relating to the provision of Audit Services; or
              (g) there is a significant failure in the Registered Auditor's systems or controls.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Action by other regulators

            • AUD 4.6.3 AUD 4.6.3

              A Registered Auditor must notify the DFSA immediately of:

              (a) the grant or refusal of any application for, or revocation of, authorisation of the Registered Auditor to carry on audit services in any jurisdiction outside the DIFC;
              (b) the Registered Auditor becoming aware that a government or other regulatory body (including a self-regulatory body) exercising powers and performing functions related to the regulation of auditors has started an investigation into the conduct of the Registered Auditor or of any of its Audit Principals;
              (c) the appointment of inspectors, however named, by a governmental or other regulatory body (including a self-regulatory body) exercising powers and performing functions related to the regulation of auditors, to investigate the affairs of the Registered Auditor or any of its Audit Principals; or
              (d) the imposition of disciplinary measures or sanctions on the Registered Auditor or any of its Audit Principals in relation to its conduct of audit work by a government or other regulatory body exercising powers and performing functions related to the regulation of auditors.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

              • AUD 4.6.3 Guidance

                The notification requirement in Rule 4.6.3(b) extends to investigations relating to any Employee provided the conduct investigated relates to or impacts on the affairs of the Registered Auditor.

                Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 4.7 AUD 4.7 Communication with the DFSA

          • AUD 4.7.1 AUD 4.7.1

            A Registered Auditor must ensure that any communication with the DFSA is conducted in the English language.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]
            [Amended] DFSA RM181/2016 (Made 19 June 2016). [VER2/08-16]

            • AUD 4.7.1 Guidance

              GEN section 6.10 sets out Rules about how information is to be provided to the DFSA.

              Derived from DFSA RM181/2016 (Made 19 June 2016). [VER2/08-16]

        • AUD 4.8 AUD 4.8 Annual information return

          • AUD 4.8.1

            A Registered Auditor must complete the Annual Information Return form in AFN for each calendar year and submit the form to the DFSA by 31 January of the following year.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 4.9 AUD 4.9 Anti-Money Laundering

          • AUD 4.9 Guidance

            A Registered Auditor should be aware of, and comply at all times with, its AML obligations which are contained in the AML module of the DFSA Rulebook.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 4.10 AUD 4.10 Disclosure of regulatory status

          • AUD 4.10.1

            A Registered Auditor must not:

            (a) misrepresent its regulatory status with respect to the DFSA expressly or by implication; or
            (b) use or reproduce the DFSA logo without express written permission from the DFSA and in accordance with any conditions for use imposed by the DFSA.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

    • Part 3 Part 3 Appointment and Resignation of Auditor and Conduct of Audits

      • AUD 5 AUD 5 Appointment and Resignation of Auditor

        • AUD 5.1 AUD 5.1 Application

          • AUD 5.1.1

            This chapter applies to every Auditor.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 5.2 AUD 5.2 Consent to appointment as an Auditor

          • Prescribed non-audit services

            • AUD 5.2.1 AUD 5.2.1

              The following services are prescribed non-audit services for the purposes of Article 99A(2)(c) of the Regulatory Law:

              (a) the Compliance Officer function;
              (b) the internal audit function; and
              (c) the preparation of accounting records or financial statements.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

              • AUD 5.2.1 Guidance

                An Auditor is prohibited from acting as an Auditor for an Authorised Person, Public Listed Company or Domestic Fund if it is providing any of the services set out in Rule 5.2.1 to the Authorised Person, Public Listed Company or the Fund Manager, Trustee or member of a Governing Body of the Domestic Fund. This is because the provision of such non-audit services creates a risk of a fundamental conflict of interest that would potentially prevent the Auditor from carrying out Audit Services properly. However, Auditors should be aware that there may also be other types of non-audit services which can create a conflict of interest and that may need to be considered on a case by case basis under Article 99A(2)(a) and (b) of the Regulatory Law to determine whether such other non-audit services create a conflict of interest or lack of independence that affect its ability to provide Audit Services to the Authorised Person, Public Listed Company or Domestic Fund.

                Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • Rotation of an Audit Principal of a Public Listed Company

            • AUD 5.2.2

              (1) A Registered Auditor must not consent to an appointment or continue to act as the Auditor of a Public Listed Company if the Audit Principal who has responsibility for the conduct of the audit of the Public Listed Company has acted as Audit Principal in relation to that Company for a period exceeding the maximum period permitted under the Code of Ethics for Professional Accountants and has not been rotated as required under that Code.
              (2) The period referred to in (1) is prescribed for the purposes of Article 99A(2)(d) of the Regulatory Law.
              Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 5.3 AUD 5.3 Resignation of Auditor

          • AUD 5.3.1

            (1) An Auditor must notify the DFSA in writing if it resigns due to the failure by an Authorised Person, Public Listed Company or Domestic Fund to address significant concerns which have previously been raised by the Auditor with the senior management of that Person.
            (2) The notification under (1) must include sufficient details of the Person concerned, the concerns raised and the failure by that Person to address the concerns.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

      • AUD 6 AUD 6 Conduct of Audits and Preparation of Audit Reports

        • AUD 6.1 AUD 6.1 Application

          • AUD 6.1.1

            This chapter applies to every Auditor.

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD 6.2 AUD 6.2 Conduct of audits and contents of audit reports

          • AUD 6.2.1

            An Auditor must conduct an audit, and prepare the contents of any relevant audit report, referred to in Rules in accordance with the standards in the following table:

            Type of Report Relevant Standards Report Contents
            Financial Statements Auditor's Report International Standards on Auditing ISA 700
            Regulatory Return Auditor's Report for a Domestic Firm International Standards on Assurance Engagement (ISAE) or International Standards on Related Services (ISRS) A1.1.1
            Regulatory Return Auditor's Report for a Branch A1.1.2
            Client Money Auditor's Report A2.1.1
            Insurance Monies Auditor's Report A3.1.1
            Safe Custody Auditor's Report A4.1.1
            Fund Auditor's Report In accordance with Chapter 9 of the Collective Investment Rules module of the DFSA Rulebook A5.1.1
            Public Listed Company Auditor's Report In accordance with Chapter 5 of the MKT module of the DFSA Rulebook A6.1.1

            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

          • AUD 6.2.2

            (1) An Auditor must ensure that every audit report produced by it includes the name of:
            (a) the Audit Principal, if it is a Registered Auditor; or
            (b) the relevant individual responsible for managing the audit work relating to the relevant audit report, if it is not a Registered Auditor.
            (2) An individual referred to in (1)(a) or (b) is not by reason of being named in an audit report in accordance with (1), subject to any civil liability to which he would not otherwise be subject.
            Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

    • AUD App 1 AUD App 1 Regulatory Returns Auditors Report

      • AUD A1.1.1

        In producing a Regulatory Returns Auditor's Report for a Domestic Firm, an Auditor must state whether:

        (a) it has received all the necessary information and explanations for the purposes of preparing the report to the DFSA;
        (b) the Authorised Person's regulatory returns, specified in PIB, PIN or AMI, to the DFSA have been properly reconciled with the appropriate audited financial statements;
        (c) the Authorised Person's regulatory returns, specified in PIB, PIN or AMI, submitted to the DFSA on a quarterly basis have been properly reconciled with the appropriate annual returns;
        (d) the Authorised Person's financial resources as at its financial year end have been properly calculated in accordance with the applicable Rules in PIB, PIN or AMI (as the case may be) and are sufficient to meet the relevant requirements;
        (e) (in the case of an Authorised Firm other than an Insurer) the Capital Resources have been calculated in accordance with the applicable Rules in PIB;
        (f) (in the case of an Authorised Firm other than an Insurer) the Capital Resources maintained exceed the Capital Requirement in accordance with the applicable Rules in PIB;
        (g) (in the case of an Authorised Firm) the regulatory returns specified in PIB or PIN have been properly prepared by the Authorised Firm in accordance with the applicable rules in PIB or PIN;
        (h) (in the case of an Authorised Firm) the Authorised Firm has kept proper Accounting Records in accordance with the applicable Rules in PIB or PIN;
        (i) (in the case of an Authorised Firm which is subject to Expenditure Based Capital Minimum) the Expenditure Based Capital Minimum has been calculated in accordance with the applicable Rules in PIB; and
        (j) (in the case of an Authorised Firm in Category 3B, 3C or 4, and which is subject to Expenditure Based Capital Minimum) the Capital Requirement maintained exceeds its Expenditure Based Capital Minimum and has been maintained in the form of liquid assets in accordance with the applicable Rules in PIB.
        Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

      • AUD A1.1.2

        In producing a Regulatory Returns Auditor's Report for a Branch, an Auditor must state whether;

        (a) the Authorised Person's regulatory returns have been properly reconciled with the Branch's financial statements; and
        (b) in the case of an Authorised Firm;
        (i) the regulatory returns specified in PIN or PIB have been properly prepared by the Authorised Firm in accordance with the applicable rules in PIB or PIN; and
        (ii) the Authorised Firm has kept proper Accounting Records in accordance with the applicable Rules in PIB or PIN.
        Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

    • AUD App 2 AUD App 2 Client Money Auditor's Report

      • AUD A2.1.1 AUD A2.1.1

        In producing a Client Money Auditor's Report, an Auditor must state as at the date on which the Authorised Firm's audited statement of financial position was prepared:

        (a) the amount of Client Money an Authorised Firm was holding and controlling in accordance with COB chapter 6 and with the Client Money Provisions; and
        (b) whether:
        (i) the Authorised Firm has maintained throughout the year systems and controls to enable it to comply with the relevant provisions of COB chapter 6 and, if applicable, COB App5;
        (ii) the Authorised Firm's controls are such as to ensure that Client Money is identifiable and secure at all times;
        (iii) any of the requirements in COB chapter 6 and the Client Money Provisions have not been met;
        (iv) if applicable, Client Money belonging to Segregated Clients has been segregated in accordance with the Client Money Provisions;
        (v) if applicable, the Authorised Firm was holding and controlling the appropriate amount of Client Money in accordance with COB chapter 6 and with the Client Money Provisions as at the date on which the Authorised Firm's audited statement of financial position was prepared;
        (vi) the Auditor has received all necessary information and explanations for the purposes of preparing the report to the DFSA; and
        (vii) if applicable, there have been any material discrepancies in the reconciliation of Client Money.
        Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD A2.1.1 Guidance

          Where an Authorised Firm does not hold or control any Client Money as at the date on which the Authorised Firm's audited statement of financial position was prepared, the DFSA expects that a nil balance be stated to comply with Rule A2.1.1 (a) in this Appendix.

          Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

    • AUD App 3 AUD App 3 Insurance Monies Auditor's Report

      • AUD A3.1.1 AUD A3.1.1

        In producing an Insurance Monies Auditor's Report, an Auditor must state as at the date on which the Authorised Firm's audited statement of financial position was prepared:

        (a) the amount of Insurance Monies an Authorised Firm was holding and controlling in accordance with COB section 7.12; and
        (b) whether:
        (i) the Authorised Firm has maintained throughout the year systems and controls to enable it to comply with the relevant provisions of COB section 7.12;
        (ii) the Authorised Firm's controls are such as to ensure that Insurance Monies are identifiable and secure at all times;
        (iii) any of the requirements in COB section 7.12 have not been met;
        (iv) if applicable, the Authorised Firm was holding and controlling an appropriate amount of Insurance Monies in accordance with COB section 7.12 as at the date on which the Authorised Firm's audited statement of financial position was prepared;
        (v) the Auditor has received all necessary information and explanations for the purposes of preparing the report to the DFSA; and
        (vi) if applicable, there have been any material discrepancies in the reconciliation of Insurance Monies.
        Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

        • AUD A3.1.1 Guidance

          Where an Authorised Firm does not hold or control any Insurance Monies as at the date on which the Authorised Firm's audited statement of financial position was prepared, the DFSA expects that a nil balance be stated to comply with Rule A3.1.1 (a) in this Appendix.

          Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

    • AUD App 4 AUD App 4 Safe Custody Auditor's Report

      • AUD A4.1.1 AUD A4.1.1

        In producing a Safe Custody Auditor's Report, an Auditor must state as at the date on which the Authorised Firm's audited statement of financial position was prepared:

        (a) the extent to which the Authorised Firm was holding and controlling Client Investments or Providing Custody; and
        (b) whether:
        (i) the Authorised Firm has, throughout the year, maintained systems and controls to enable it to comply with the Safe Custody Provisions in COB App6;
        (ii) the Safe Custody Investments are registered, recorded or held in accordance with the Safe Custody Provisions;
        (iii) there have been any material discrepancies in the reconciliation of Safe Custody Investments;
        (iv) the Auditor has received all necessary information and explanations for the purposes of preparing this report to the DFSA; and
        (v) any of the requirements of the Safe Custody Provisions have not been met.
        Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]
        [Amended] RM189/2016 (Made 7th December 2016). [VER03/02-17]

        • AUD A4.1.1 Guidance

          1. Where an Authorised Firm does not hold or control any Client Investments, Arrange Custody or Provide Custody as at the date on which the Authorised Firm's audited statement of financial position was prepared, the DFSA expects that such fact be stated to comply with Rule A4.1.1 (a) in this Appendix.
          2. In producing a Safe Custody Auditor's Report an Auditor will need to consider which parts of COB App 6 are relevant to the Authorised Firm and only include an opinion to the extent relevant to the Authorised Firm's activity.
          Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]
          [Amended] RM189/2016 (Made 7th December 2016). [VER03/02-17]

    • AUD App 5 AUD App 5 Fund Auditor's Report

      • AUD A5.1.1

        In producing a Fund Auditor's Report, an Auditor must state:

        (a) whether the financial statements have been properly prepared in accordance with the financial reporting standards adopted by the Fund in accordance with the Collective Investment Rules in the Rulebook and the Constitution;
        (b) whether the financial statements give a true and fair view of the financial position of the Fund, including the net income and the net gains or losses of the Fund Property, or, as the case may be, the Fund Property attributable to the Sub-Fund for the annual accounting period in question and the financial position of the Fund or Sub-Fund as at the end of the annual accounting period;
        (c) whether proper accounting records for the Fund, or as the case may be, Sub-Fund have not been kept, or that the financial statements are not in agreement with the accounting records and returns, or that the financial statements do not comply with the applicable financial reporting standards;
        (d) whether it has been given all the information and explanations which, to the best of its knowledge and belief, are necessary for the purposes of its audit;
        (e) whether the information given in the report of the directors or in the report of the Fund Manager for that period is consistent with the financial statements; and
        (f) any other matter or opinion required by the Regulatory Law or the Rules.
        Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

    • AUD App 6 AUD App 6 Public Listed Company Auditor's Report

      • AUD A6.1.1

        In producing a Public Listed Company Auditor's Report, an Auditor must state whether the financial statements have been properly prepared in accordance with the Rules in MKT.

        Derived from DFSA RM130/2014 (Made 21st August 2014). [VER1/06-14]

    • AUD App 7 AUD APP7 MONEY SERVICES AUDITOR'S REPORT

      • AUD A7.1.1 AUD A7.1.1

        In producing a Money Services Auditor’s Report, an Auditor must state as at the date on which the Authorised Firm’s audited statement of financial position was prepared:

        (a) the nature of the Money Services, Account Information Services or Payment Initiation Services carried on by the firm during the previous 12 months;
        (b) the amount of Client Money the firm was holding or controlling in connection with Money Services activities;
        (c) accounting information relevant to each Money Services activity carried on by the firm, including:
        (i) the amount of Stored Value on issue as at the relevant date;
        (ii) the amount of Stored Value redeemed during the previous 12 months;
        (iii) the amount of new Stored Value issued in the previous 12 months; and
        (iv) information about Payment Transaction volumes processed during the previous 12 months;
        (d) an opinion on whether the firm is contravening, or has contravened in the previous 12 months, any requirements or conditions imposed on the Authorised Firm in relation to the carrying on of Money Services, Account Information Services or Payment Initiation Services and details of any contravention and its materiality;
        (e) an expert opinion from a qualified payment and security specialist on the adequacy of the security measures adopted by the firm in relation to:
        (i) when to apply (or not to apply) strong customer authentication within the meaning of PIB section 6.13, based on the assessment of risk factors;
        (ii) protecting the confidentiality and the integrity of the User's personal security credentials; and
        (iii) establishing common and secure standards for communicating with Payment Service Providers and Users of Payment Services;
        (f) whether the firm complies with relevant Rules imposing standards, including information technology systems and controls and security and authentication for the carrying on of Money Services, Account Information Services or Payment Initiation Services; and
        (g) whether the firm has implemented the relevant technical standards set out in PIB chapter 6.
        Derived from DFSA RMI272/2020 (Made 26th February 2020). [VER04/04-20]

        • AUD A7.1.1 Guidance

          Where an Authorised Firm does not hold or control any Client Money in connection with Money Services activities as at the date on which the Authorised Firm’s audited statement of financial position is prepared, a nil balance should be specified under AUD Rule A7.1.1 (b).

          Derived from DFSA RMI272/2020 (Made 26th February 2020). [VER04/04-20]