The Protected Disclosures (Amendment) Act 2022 (the Act) requires certain entities to have in place procedures to establish internal reporting channels and procedures to enable workers make protected disclosures (defined as a ‘relevant wrongdoing’). From 17 December 2023 its scope will be expanded to employers with over 50 employees.

The Act already applies to certain entities from 1 January 2023 including entities employing over 250 employees and certain financial services (regardless of employee numbers) entities like AIFMs, MiFID firms, Irish UCITS management companies and other Irish financial service providers, as well as Irish domiciled corporate funds.

The 2022 Act expands the scope of the Protected Disclosures Act, 2014 to include areas such as:

  • public procurement;
  • financial services;
  • anti-money laundering (AML);
  • product safety and compliance;
  • transport safety;
  • environmental protection;
  • radiation and nuclear safety;
  • food and animal health and welfare;
  • public health;
  • consumer protection; and
  • the protection of privacy and personal data.

Its scope is being enhanced from 17 December 2023 when employers with over 50 employees will need to have such a policy in place. The basic steps for employers are:

  • the establishment, maintenance and operation of a secure and confidential internal reporting channel for workers who wish to make a protected disclosure, whether in writing, orally or both;
  • the designation of an impartial and competent person who may be internal/external; and
  • an obligation to provide workers with information on the internal/external protected disclosure reporting process.

The Act also creates a newly established Office of the Protected Disclosures Commissioner (www.opdc.ie) which will forward reports of work-related wrongdoing to the most appropriate body for initial assessment and follow-up.

Employees are given protection from dismissal from employment (among other protections) when they report a ‘relevant wrongdoing’ (defined which are defined to include:

  • Where an offence has been or is likely to be committed;
  • Non-compliance with a legal obligation – the 2014 Act excludes obligations arising under the worker’s contract of employment;
  • A miscarriage of justice;
  • Danger to the health and safety of any individual;
  • Damage to the environment;
  • An unlawful or otherwise improper use of funds or resources of a public body;
  • Oppression, gross neglect or gross mismanagement by a public body; and
  • Other breaches related to the financial interests of the EU the internal market, EU competition and state aid rules and internal market rules on corporate tax.

The legislation is complex and we cannot cover all its aspects in the space of a blog.  We urge our readers to seek independent professional and legal advice where necessary.

IT Controls Assessment

Auditors are reminded that there are relatively significant changes in the requirements of ISA 315 Identifying And Assessing The Risks Of Material Misstatement for accounting periods commencing 15 December 2021, which in practical terms means, accounting periods Ended 21 December 2022 and later.

Auditors dealing with the audits of entities with such accounting periods affected by these change will need, to adopt new audit programmes and, in additional to the normal audit tests, to also assess the entity’s IT controls (no ,matter what the size of that entity).

This is a significant new development for auditors of SMEs, in particular, and will be a game changer ion the type of audit documentation and evidence of assessment of such IT controls by the auditor on audit files.

For an easy to implement additional (two page) IT Controls Questionnaire  to help document the above process, please click on this link to download immediately for only €60 + VAT.

Please go to our website to see our:

  • letters of engagement and similar templates. Please visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
  • ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. The ISQM TOOLKIT 2022 is available to purchase here.