This article first appeared in Auditores, the magazine of the Instituto de Censores Jurados de Cuentas de España (ICJCE), the professional body in Spain and a member of IFAC.
Why is the IESBA considering a review of the structure of its Code of Ethics for Professional Accountants (the Code)?
Well, we have heard from a number of stakeholders, particularly small- and medium-sized practices (SMPs) and professional accountants working in small- and medium-sized entities (SMEs), about the challenges they face in understanding and applying the requirements in the Code. Let’s be clear—the Code contains robust standards on ethics for the accounting profession. But after years of evolution, the Code has become a complex set of standards, with sections that contain long paragraphs and sentences that many find difficult to understand and translate. At the same time, we have heard from our regulatory stakeholders about the need to increase the visibility of the requirements and prohibitions in the Code, and to clarify who is responsible for meeting them, in order to facilitate enforcement. So we are responding to the concerns by taking a fresh look at the structure of the Code to see if there are ways to enhance its readability, understandability, and accessibility, and assist in its enforcement. So, in essence, it is an effort at modernizing the Code.
However, I must make clear that our initiative to review the structure of the Code is not intended to introduce changes to the basic principles and rules in the Code. While we are considering the feasibility of making the requirements and content of the Code more accessible, by different means, we are NOT planning any changes to the Code itself in the short term. The changes in the structure of the Code will be for the long term, after we have launched a full consultation and achieved buy-in from our stakeholders.
In difficult times such as these, is the auditor providing enough assurance on the veracity of financial information supplied by companies? Is the audit profession helping to restore confidence?
The role of the audit profession has really never changed, in times of economic boom or bust—the profession has always been, and will continue to be, a watchdog protecting the public interest. That is why, in most jurisdictions, auditors are granted a statutory mandate to carry out audits. The essential responsibility of auditors is to express an independent opinion on the truth and fairness of a company’s financial statements. It is the independence with which auditors fulfill their role that gives credibility and adds value to their audit opinions. But in the difficult times we live in, there are continual challenges (or threats, to use our jargon) to auditors’ independence. The Code demands that auditors implement appropriate safeguards to protect their independence against such challenges. So, yes, the audit profession absolutely has a critical role to play in restoring confidence in the financial markets—and the public has a right to expect that it fulfills this role in full compliance with ethical requirements, including independence.
But let’s not forget that the environment in which auditors operate is dynamic, so new threats to their independence can always arise. That is why we must be on our guard and make sure that the Code is capable of evolving to address new challenges.
What are the main conflicts of interest that may be encountered by auditors during the planning stage?
First, let’s be clear that a conflict of interest creates a threat to the auditor’s objectivity and may create threats to other fundamental ethical principles. Conflicts of interest may arise in various circumstances, and I would not say that there are some types of conflicts that are necessarily more common than others. But in an audit context, some of the conflicts one might encounter include, for example, auditing royalties payable by the audit client to a licensor owned by the engagement partner’s immediate family, or using confidential information obtained when planning the audit of the client for purposes of a due diligence service for another client that is considering acquiring the audit client.
One of the main recent changes to the Code was better identification of the circumstances in which a professional accountant may encounter potential conflicts of interest. Are these circumstances newly identified or were they in need of better definition?
I would say it is closer to the latter. The Ethics Board concluded that it would be difficult to develop a definition that would be sufficiently broad to encompass the diverse activities of professional accountants but that would be sufficiently precise to avoid capturing situations that are not conflicts of interest. Accordingly, it determined that it would be more appropriate to provide a more comprehensive description of circumstances that might create a conflict of interest, together with supporting examples to facilitate implementation.
Issues related to auditors’ insider information are detailed in the Code. What are the improvements on this matter?
Quite apart from the strict laws that exist in most jurisdictions regarding insider trading, the Code has always taken a strong position regarding the inappropriate use of insider information. In particular, paragraph 140.1(b) of the Code prohibits auditors from using confidential information acquired as a result of professional and business relationships to their personal advantage or the advantage of third parties. Equally, paragraph 340.3 of the Code prohibits professional accountants in business from using confidential information for personal gain. So the Code’s position on this matter is unequivocal, and that must be right. Insider trading, however, defined in national laws and regulations, is unethical and harmful to society, and must be rigorously sanctioned when it occurs.
Audit regulation is currently being discussed at different international strata, with particular focus on the question of independence. Don’t you think that compliance with the Code is enough to curtail the potential risks?
Well, the Ethics Board certainly believes the Code provides a robust set of independence rules for global application. We completed two significant projects four to five years ago that led to further strengthening of the independence requirements in the Code. So, many countries around the world, ranging from Australia, Brazil, and China to Japan and South Africa, have benchmarked or aligned their independence requirements with those in the Code. Even with respect to the EU, a February 2013 study from the Fédération des Experts Comptables Européens (FEE) revealed that the independence provisions in the Code are more robust with respect to audits of public interest entities (PIEs) than those in the current EU frameworks on auditor independence. So I believe the Code will stand up to scrutiny.
But of course, we have to respect the sovereignty of nations to review their independence frameworks as they consider necessary, particularly in the aftermath of the global financial crisis, to satisfy themselves that these continue to safeguard auditor independence. So I welcome the debates on independence in the various forums, and that can only be in the public interest. This is not to suggest that the Ethics Board is content with the status quo as far as the Code is concerned. Far from it, we have commenced projects to review the provisions in the Code, addressing long association of senior personnel with an audit client, and the provision of non-assurance services to audit clients. But let me be clear that we are not prejudging from these projects that changes will be needed in these areas. However, we want to make sure that our requirements continue to support auditor independence in a robust and appropriate way.
Do you consider it necessary for IESBA to open a debate on issues related to the independence of the auditor and on the provision of services other than audit, precisely now that these issues are being reviewed by other regulatory entities on an international basis?
It is important to remember that the Ethics Board does not set standards in a vacuum. We recognize that the external environment may evolve very rapidly and we must be prepared to take action as needed. So, we carefully monitor emerging issues or developments internationally that may be of relevance to our work, and discuss the implications of the most significant ones for our strategy and work program. We may decide after careful analysis of environmental developments and discussions with our stakeholders that adjustments to our strategy are necessary, as we did last year when we added four new work streams to our current strategy. But this doesn’t mean we commence a project to respond to every emerging issue or development—our resources are finite after all and must be carefully managed. However, as I noted above, we have already started projects in the areas of long association and non-assurance services to determine whether changes to the Code are needed to further strengthen auditor independence.
Do you deem it necessary for audit companies to strengthen their Chinese walls (professional confidentiality both for employees as well as a physical separation of the technologies or the working teams) among their different divisions? Please, could you detail any necessary procedures?
The Code’s provisions addressing the fundamental principle of confidentiality are clear. Paragraph 140.4 requires a professional accountant to maintain confidentiality of information within the firm. Paragraph 140.5 requires a professional accountant to take reasonable steps to ensure that staff under the professional accountant’s control and persons from whom advice and assistance is obtained respect the professional accountant’s duty of confidentiality. It is the responsibility of the audit firms to take whatever actions are necessary to comply with these requirements, including segregating teams on different engagements as needed, and protecting the confidentiality of documentation containing client information.
Do you think that setting a cap on the percentage of revenues that may derive from one single client as a general rule, both for public interest entities (PIEs) and small- and medium-sized entities (SMEs), resolves the independence problem? Or would it rather be desirable in the case of SMEs, so as to avoid this problem, to apply the safeguards of the IESBA Code, such as increasing quality controls?
The tool has to fit the purpose. The level of public interest in the audit of a PIE will of course be different from the audit of an SME. So a one-size-fits-all approach may not necessarily be the right answer in every case. That is why I believe the threats and safeguards approach in the Code with respect to evaluating the impact of fees from a given client on independence is the right one. In particular, paragraph 290.220 of the Code states that when the total fees from an audit client represent a large proportion of the total fees of the firm expressing the audit opinion, the dependence on that client and concern about losing the client creates a self-interest or intimidation threat. The Code explains that the significance of the threat will depend on various factors such as the operating structure of the firm and the significance of the client qualitatively and/or quantitatively to the firm. The Code in this case requires the firm to evaluate the significance of the threat and apply appropriate safeguards to eliminate the threat or reduce it to an acceptable level. Among a number of possible safeguards could be to use external quality control reviews.
Of course, for PIEs, the Code already imposes a 15% cap on total fees from an audit client and its related entities relative to the total fees received by the firm as a whole. That is a position that the board believes is appropriate with respect to PIE audits.
How is the audit affected by the new definition of “engagement team” and to what extent has this been agreed with the ISAs?
The amendments to the definition of “engagement team” clarify the relationship between an external auditor’s use of internal auditors to provide direct assistance on the external audit in accordance with the International Auditing and Assurance Standards Board (IAASB)’s International Standard on Auditing (ISA) 610 (Revised 2013), Using the Work of Internal Auditors, and the meaning of an engagement team under the Code. The change to the definition should not affect audits because the sole purpose of the change is to eliminate a perceived inconsistency between the Code and the ISAs. In developing the change to the definition, I was pleased that the Ethics Board and the IAASB worked closely together to ensure that the amended definition would be fully consistent with the ISAs.
But of course, jurisdictions have different views on the appropriateness of using internal auditors to provide direct assistance on the external audit; the Code is not advocating one position or the other.
What sort of procedures will IESBA have to implement and maintain for the ISAs to be in agreement with the Code of Ethics?
Well, we certainly maintain close contact with the IAASB, and that is by necessity given that the Code and the ISAs are so closely linked. We have regular interactions with the IAASB at various levels—at the staff level, at the task force level (as we did on our project on the definition of “engagement team” and the IAASB’s project to revise ISA 610), and at the leadership level through quarterly meetings or teleconferences. We recognize the critical importance of these interactions as we are increasingly finding that issues being addressed on each board’s agenda have implications for the standards of the other board. I would also add that both boards have the benefit of the advice from their consultative advisory groups (CAGs), which have significant overlap in their memberships. As a result, the CAGs are often able to share ethics and audit perspectives on issues of mutual relevance to the two boards. So we do have processes internally to make sure that the Code and the ISAs stay aligned with each other as they evolve.
What are the main objectives for strengthening the Code in respect to the auditor’s actions upon encountering a breach of a requirement of the Code?
The Ethics Board released changes to the Code addressing a breach of a requirement of the Code in March 2013. The main objective of the project was to respond to a concern that the current provisions addressing an inadvertent breach of the Code, including independence requirements, could be misread as implying that all inadvertent breaches can be corrected by applying necessary safeguards. What we have now established in the Code is a robust framework, in particular for auditors to deal with breaches to the independence requirements of the Code. The provisions include strict requirements for communicating all breaches to those charged with governance and documentation.
What is the deadline to complete the revision of the Code of Ethics and to publish the final version?
The 2013 edition of the Handbook of the Code of Ethics for Professional Accountants will be available in May. This edition will contain the revised pronouncements addressing conflicts of interest, a breach of a requirement of the Code, and the definition of “engagement team,” which will take effect next year.
Do you consider that in today’s difficult financial environment, the auditor is satisfactorily fulfilling its public interest role and complying with ethics principles, such as honesty, independence, objectivity, and professional best practice?
Even though I am not an auditor or accountant and have never worked as one, I strongly believe that the vast majority of the audit profession live up to those principles. It helps that most auditors are required, often by law or regulation as a condition of their license, to go through rigorous training and develop core competencies, including a full understanding of the fundamental ethical principles that are the bedrock of the profession and are embodied in the Code. It is a fact of life, however, that in a very small minority of cases, members of any profession succumb to pressure to act unethically. This is when I strongly feel the disciplinary and enforcement regime in the particular jurisdiction should take action to deal with these isolated cases and prevent the profession as a whole from being cast into disrepute.
If you had to choose one single, fundamental ethics principle to rule over the professional activity of all auditors, what would it be?
That would be a fruitless task because no one fundamental principle overrides all the others. The five fundamental principles (integrity, objectivity, professional competence and due care, confidentiality, and professional behavior) that are established in the Code constitute one body of core principles that cannot be taken apart. Auditors must comply with each and all of them in every audit engagement they perform.
© Instituto de Censores Jurados de Cuentas de España (ICJCE). Spain. 2013.
This material belongs to ICJCE, therefore attributed to it all rights and related operating on it in any way, method or medium.
