2 Threats and safeguards Section overview Examples of threats to independence and potential safeguards are given here, categorised by the main type of threat they represent. You should note that some matters can present several types of threat. Hard and fast rules are shown in bold. This section is based on the ICAEW Code of Ethics and the FRC Ethical Standard. It examines a number of specific threats to independence on assurance engagements. They are outlined here, categorised by type of risk and appropriate safeguards. You should, however, note that certain issues fall into several types of threat, not simply one. Where this is the case, issues have been listed under the dominant threat but other threats are noted. Where relevant, rules relating to each threat are set out. We shall also look at how these risks might apply to particular situations, such as when considering whether to accept a new client. 2.1 Self-interest threat The Code of Ethics highlights a great number of areas in which a self-interest threat might arise. Employment with assurance client Close business relationships Financial interests' Partner on client board Family and personal relationships SELF-INTEREST THREAT . Gifts and hospitality Lowballing High percentage of fees Percentage or contingent fees Loans and guarantees Overdue fees Figure 15.1: Self-interest threat Financial interests Definitions . Financial interest: An interest in equity or other security, debenture, loan or other debt instrument of an entity, including rights and obligations to acquire such an interest and derivatives directly related to such interest. Direct financial interest: A financial interest: • Owned directly by and under the control of an individual or entity (including those managed on a discretionary basis by others); or • Beneficially owned through a collective investment vehicle, estate, trust or other intermediary over which the individual or entity has control, or the ability to influence investment decisions. Assurance Indirect financial interest: A financial interest beneficially owned through a collective investment vehicle, estate, trust or other intermediary over which the individual or entity has no control or ability to influence investment decisions. Immediate family: A spouse (or equivalent) or a dependent. Assurance team: (a) All members of the engagement team for the assurance engagement. (b) All others within a firm who can directly influence the outcome of the assurance engagement. A financial interest in a client constitutes a substantial self-interest threat. The parties listed below are not allowed to own a direct financial interest or an indirect material financial interest in a client: • The assurance firm • Any partner in the assurance firm • Any person in a position to influence the conduct and outcome of the engagement (eg, a member of the assurance team) • An immediate family member of such a person The following safeguards will therefore be relevant: • Disposing of the interest • Removing the individual from the team if required • Keeping the client's audit committee informed of the situation • Using an engagement quality control reviewer to review work carried out if necessary Assurance firms should have quality control procedures requiring staff to disclose relevant financial interests for themselves and immediate family members. They should also foster a culture of voluntary disclosure on an ongoing basis so that any potential problems are identified on a timely basis. 2.1.2 Close business relationships A close business relationship will involve a common commercial interest, which in addition to a self-interest threat, could cause advocacy or intimidation threats and a perceived loss of independence. Examples of when an assurance firm and an assurance client have an inappropriately close business relationship include: • Operating a joint venture between the firm and the client, or between the firm and a director or other senior manager of the client • Arrangements to combine one or more services or products of the firm with one or more services or products of the assurance client and to market the package with reference to both parties • Distribution or marketing arrangements under which the firm acts as distributor or marketer of the assurance client's products or services or vice versa • Other commercial transactions, such as the audit firm leasing its office space from the assurance client Again, it will be necessary for the partners to judge the materiality of the interest and therefore its significance. However, unless the financial interest is clearly immaterial and the relationship to the firm and its client clearly insignificant, an assurance provider should not participate in such a venture with an assurance client. Appropriate safeguards are therefore to end the assurance provision or to terminate the (other) business relationship. If an individual member of an assurance team had such an interest, he should be removed from the assurance team. Generally speaking, purchasing goods and services from an assurance client in the ordinary course of business on an arm's length basis does not constitute a threat to independence. However, if there is a substantial number of such transactions, there may be a threat to independence and safeguards may be necessary. Integrity, objectivity and independence 257 The FRC Ethical Standard (section 2) states that for audit clients and firms, there should be no business relationships except for the purchase of goods and services in the ordinary course of business and on an arm's length basis, and which are not material or clearly inconsequential to either party. 2.1.3 Employment with assurance client Dual employment (the same person being employed by both an assurance firm and a client) is not permitted. It is also possible that staff might transfer between an assurance firm and a client, or that negotiations or interviews to facilitate such movement might take place. Both situations are a threat to independence: • An assurance team member might be motivated by a desire to impress a future possible employer (objectivity is therefore affected) • A former partner turned Finance Director has too much knowledge of the firm's systems and procedures These sorts of situations can also present self-review, intimidation and familiarity threats. The extent of the threat to independence depends on various factors, such as the role the individual has taken up at the client, the extent of his influence on the assurance service previously, and the length of time that has passed between the individual's connection with the assurance service and the new role at the client. Various safeguards may be considered: • Modifying the assurance strategy • Ensuring the assurance engagement is assigned to someone of sufficient experience as compared with the individual who has left • Involving an additional professional accountant not involved with the engagement to review the work done • Carrying out a quality control review of the engagement There is a significant threat to objectivity if a partner of an audit firm accepts a key management position at a client of the firm. The FRC Ethical Standard (section 2) states that when a partner leaves the firm and is appointed as a director or to a key management position with an audit client, having acted as audit engagement or independent/key partner in relation to that audit at any time in the previous two years, the firm should resign as auditors. The auditors should not reaccept appointment until two years have elapsed since that partner's involvement in the audit or the former partner leaves the audit client, if earlier. When any other former member of an engagement team joins an audit client as director/key management within two years of being involved with the audit, the firm should consider whether the composition of the audit team is appropriate. An individual who has moved from the firm to a client should not be entitled to any benefits or payments from the firm unless these are made in accordance with pre-determined arrangements. The individual should not continue to participate (or appear to) in the firm's business or professional activities. If money is owed to the individual, it should not be so much as to compromise the independence of the assurance engagement. A firm should have quality control procedures setting out that an individual involved in serious employment negotiations with an audit client should notify the firm and that this person would then be removed from the engagement. In addition, the FRC Ethical Standard (section 2) states that a review of the employee's work on the current and, where appropriate, most recent audit should take place. 2.1.4 Partner on client board A partner or employee of an assurance firm should not serve on the board of an assurance client. This can also cause a self-review and/or a management threat. It may be acceptable for a partner or an employee of an assurance firm to perform the role of company secretary for an assurance client, if the role is essentially administrative. 258 Assurance Family and personal relationships Definition Close family: A parent, child or sibling who is not an immediate family member. Family or close personal relationships between assurance firm and client staff could seriously threaten independence. Each situation has to be evaluated individually. Factors to consider are: • The individual's responsibilities on the assurance engagement • The closeness of the relationship • The role of the other party at the assurance client When an immediate family member of a member of the assurance team is a director, an officer or an employee of the assurance client in a position to exert significant influence over the subject matter information of the assurance engagement, the individual should be removed from the assurance team. The firm should also consider whether there is any threat to independence if an employee who is not a member of the assurance team has a close family or personal relationship with a director, an officer or an employee of an assurance client. A firm may wish to establish quality control policies and procedures under which staff should disclose if a close family member employed by the client is promoted within the client. If a firm inadvertently violates the rules concerning family and personal relationships they should consider applying additional safeguards, such as undertaking a quality control review of the assurance engagement and discussing the matter with the audit committee of the client, if there is one. Gifts and hospitality Unless the value of gifts or hospitality are such that a reasonable and informed third party, weighing all the specific facts and circumstances, would consider them trivial and inconsequential, a firm or a member of an assurance team should not accept them. Worked example: Receiving a benefit Katie, a trainee at West and Co, chartered accountants, is attending the inventory count at Designs Limited, a company that manufactures fashion lines for a number of famous high street stores. During the course of the count, the stores manager tells Katie that after the inventory count, staff are entitled to purchase goods at cost to the value of £30 each. He invites her to take part in this company perk. In this case, Katie has not been offered a gift, she has been invited to spend £30. However, the benefit that this would confer on her could be substantial. Given the customary mark ups in the fashion industry, cost price could be as low as 25% of ultimate selling price, so in effect, Katie would be receiving a benefit of £90. While this is likely to be immaterial and insignificant to the financial statements of Designs Limited, it could be significant to a trainee in an audit firm. Katie should certainly not accept any such offer without confirming with her engagement partner that it is appropriate to do so. She may be able to determine herself that the best course of action is not to accept the benefit. In this case, a benefit of £90 is not clearly insignificant, and therefore Katie should decline the offer. In addition, you should note that this practice could represent an audit risk, as it means that there will be inventory movements after the inventory count but before the end of the year, and unless there are strong controls over recording these sales, both inventory and sales could be misstated. Such a benefit to employees is unlikely to cause a material misstatement, but Katie should probably observe the controls over the sales and make a note of the practice for the audit file. The FRC Ethical Standard (section 4) extends this prohibition to immediate family members or persons able to influence the audit and states that hospitality should not be accepted from an audit client unless it is reasonable in terms of its frequency, nature and cost. Integrity, objectivity and independence 2.1.7 Loans and guarantees The advice on loans and guarantees falls into two categories: • The client is a bank or other similar institution • Other situations If a loan or a guarantee of a loan is made by an audit client which is a bank (or other similar institution), then this is not acceptable if the loan is not made under normal lending procedures (ie in the normal course of business). If the loan is made under normal lending procedures, then this is acceptable provided that appropriate safeguards are applied. An example of a safeguard would be having the work reviewed by a professional accountant from a network firm that is neither involved with the audit nor received the loan. If a loan is made by a bank client to a member of the audit team under normal lending procedures, then this is acceptable and no safeguards are necessary. An example of this would be if a member of the team had a home mortgage, bank overdraft, car loan or credit card with a bank client. If a loan is made or guaranteed by a client that is not a bank or other similar institution to either the firm or to a member of the audit team, then the self-interest threat created would be so significant that no safeguards could reduce the threat to an acceptable level, unless the loan or guarantee is immaterial to both (a) the firm or the member of the audit team and the immediate family member, and (b) the client. Finally, if the firm, a member of the audit team or an immediate family member, makes or guarantees a loan to a client, then the self-interest threat created would be so significant that no safeguards could reduce the threat to an acceptable level, unless the loan or guarantee is immaterial to both (a) the firm or the member of the audit team or the immediate family member, and (b) the client. 2.1.8 Overdue fees In a situation where there are overdue fees, the assurance provider runs the risk of, in effect, making a loan to a client, whereupon the guidance above becomes relevant. The ICAEW Code states that, generally, the payment of overdue fees should be required before the assurance report for the following year can be issued. Firms should guard against fees building up and being significant by discussing the issues with those charged with governance (more specifically, the audit committee), and, if necessary, the possibility of resigning if overdue fees are not paid. 2.1.9 Percentage or contingent fees Definition Contingent fee: A fee calculated on a predetermined basis relating to the outcome of a transaction or the result of the services performed by the firm. A fee that is established by a court or other public authority is'not a contingent fee. A firm shall not enter into any fee arrangement for an assurance engagement under which the amount of the fee is contingent on the result of the assurance work or on items that are the subject matter of the assurance engagement. Assurance High percentage of fees Definition Public interest entity: • A listed entity; and • An entity (a) defined by regulation or legislation as a public interest entity or (b) for which the audit is required by regulation or legislation to be conducted in compliance with the same independence requirements that apply to the audit of listed entities. Such regulation may be promulgated by any relevant regulator, including an audit regulator. A firm should be alert to the situation arising where the total fees generated by an assurance client represent a large proportion of a firm's total fees. Factors such as the structure of the firm and the length of time it has been trading will be relevant in determining whether there is a threat to independence. It is also necessary to beware of situations where the fees generated by an assurance client present a large proportion of the revenue of an individual partner. Safeguards in these situations might include: • Discussing the issues with the audit committee • Taking steps to reduce the dependency on the client • Obtaining external/internal quality control reviews • Consulting a third party such as ICAEW The Code states that where an audit client is a public interest entity and, for two consecutive years, the total fees from the client and its related entities represent more than 15% of the total fees received by the firm expressing the opinion on the financial statements of the client, the firm shall: • Disclose this fact to those charged with governance of the audit client • Carry out an engagement quality control review of the second year engagement, either before the audit opinion is issued (a 'pre-issuance review') or after it is issued (a 'post-issuance review') If total fees significantly exceed 15%, then only a pre-issuance review may be sufficient. The FRC Ethical Standard contains stricter requirements here. Section 4 of the Ethical Standard states that if total fees (audit and non-audit services) are expected to regularly exceed 10% of the annual fee income of the audit firm (5% in the case of a listed company) the audit engagement partners should disclose that fact to the ethics partner and those charged with governance of the audit client and consider whether appropriate safeguards should be applied to reduce the threat to independence. In the case of non-listed companies, an independent quality control review of the engagement should be undertaken before the report is signed. In the case of a listed client, the safeguards might be stricter, such as seeking to reduce non-audit work provided. If total fees (audit and non-audit services) are expected to regularly exceed 15% (10% for a listed entity) of gross practice income, the firm should not act as the auditors of that entity, and should resign or refuse reappointment, as appropriate. It will be difficult for new firms establishing themselves to keep within these limits and firms in this situation should make use of the safeguards outlined above. 2.1.11 Lowballing When a firm quotes a significantly lower fee level for an assurance service than would have been charged by the predecessor firm, there is a significant self-interest threat. If the firm's tender is successful, the firm must apply safeguards such as: • Maintaining records such that the firm is able to demonstrate that appropriate staff and time are spent on the engagement • Complying with all applicable assurance standards, guidelines and quality control procedures Integrity, objectivity and independence The FRC Ethical Standard (section 4) observes that 'the audit engagement partner shall be satisfied and able to demonstrate that the audit engagement has assigned to it sufficient partners and staff with appropriate time and skill to perform the audit in accordance with all applicable Auditing and Ethical Standards, irrespective of the audit fee to be charged'. The FRC Ethical Standard also states that the audit engagement partner should ensure audit fees are not influenced or determined by the provision of non-audit service to the audited entity. As a result of the EU Audit Regulation (June 2016), a limit is also placed on the total fees received from non-audit services in comparison with the audit. The FRC Ethical Standard states that the total non-audit fees must be no more than 70% of the average audit fee from the last three years. 2.2 Self-review threat Service with assurance client Other services Preparing accounting records and financial statements Valuation services Corporate finance Tax services Internal audit services Figure 15.2: Self-review threat The key area in which there is likely to be a self-review threat is where an assurance firm provides services other than assurance services to an assurance client (providing multiple services). There is a great deal of guidance in the rules about various other services accountancy firms might provide to their clients, and these are dealt with below. 2.2.1 Service with an assurance client Individuals who have been a director or officer of the client, or an employee in a position to exert direct and significant influence over the subject matter information of the assurance engagement in the period under review or the previous two years, should not be assigned to the assurance team. The FRC Ethical Standard (section 2) states that the person should not be assigned to a position in which he or she is able to influence the conduct and outcome of the audit for two years following the date of leaving the audit client. Here the key threat is self-review where a member of the engagement team has to report on work they prepared originally, or elements of the financial statement they had responsibility for at the client, but there is also a risk of self-interest and familiarity threats. The FRC Ethical Standard also covers the situation where audit staff are temporarily 'loaned' to a client which is forbidden unless it is not in a management position and the client acknowledges its responsibility for directing and supervising that work. The role should not include making management decisions or exercising discretionary authority to commit the client to a particular position or accounting treatment. The agreement should only be for a short period of time and should not result in the individual performing non-audit services that are disallowed under the FRC Ethical Standard (section 5). When an audit staff member returns to the firm after such a secondment, he should not be given a role in the audit involving any function or activity that he performed/supervised while at the client. Assurance If an individual had been closely involved with the client prior to the time limits set out above, the assurance firm should consider the threat to independence arising and apply appropriate safeguards, such as: • Obtaining a quality control review of the individual's work on the assignment • Discussing the issue with the audit committee Preparing accounting records and financial statements There is clearly a significant risk of a self-review threat if a firm prepares accounting records and financial statements and then audits or reviews them. On the other hand auditors routinely assist management with the preparation of financial statements and give advice about accounting treatments and journal entries. Therefore, assurance firms must analyse the risks arising and put safeguards in place to ensure that the risk is at an acceptable level. Safeguards include: • Using staff members other than assurance team members to carry out work • Implementing policies and procedures to prohibit the individual providing such services from making any managerial decisions on behalf of the assurance client • Requiring the source data for the accounting entries to be originated by the assurance client • Requiring the underlying assumptions to be originated and approved by the assurance client The rules are more stringent when the client is listed. The FRC Ethical Standard (section 5) states that firms should not prepare accounts or financial statements for listed clients, unless an emergency arises. The EU Audit Regulation (June 2016) reiterated this guidance by prohibiting auditors from bookkeeping, preparing accounting records or preparing financial statements for public interest entities. Valuation services Definition Valuation comprises the making of assumptions with regard to future developments, the application of appropriate methodologies and techniques, and the combination of both to compute a certain value, or range of values, for an asset, a liability or for a business as a whole. If an audit firm performs a valuation that will be included in financial statements audited by the firm, a self-review threat arises and also a management threat might arise. The FRC Ethical Standard (section 5) states that audit firms shall not carry out valuations which either: • Have a material effect on a listed company's financial statements, either separately or in aggregate with other valuations provided • Involve a significant degree of subjective judgement and have a material effect on the financial statements either separately or in aggregate with other valuations provided to any other audited entity If the valuation is for an immaterial matter, the audit firm should apply safeguards to ensure that the risk is reduced to an acceptable level. Matters to consider when applying safeguards are the extent of the audit client's knowledge of the relevant matters in making the valuation and the degree of judgement involved, how much use is made of established methodologies and the degree of uncertainty in the valuation. Safeguards might include: • Second partner review • Confirming that the client understands the valuation and the assumptions used • Ensuring the client acknowledges responsibility for the valuation • Using separate personnel for the valuation and the audit Integrity, objectivity and independence The EU Audit Regulation (June 2016) stated that valuation services, including those performed in relation to actuarial or litigation support services, are prohibited for public interest entities. This guidance is reflected in the FRC Ethical Standard. 2.2.4 Taxation services The Code divides taxation services into four categories: • Tax return preparation • Tax calculations for the purpose of preparing the accounting entries • Tax planning and other tax advisory services • Assistance in the resolution of tax disputes Tax return preparation does not generally threaten independence, as long as management takes responsibility for the returns. Tax calculations for the purpose of preparing the accounting entities may not be prepared for public interest entities, except in emergency situations. For non-public interest entities, it is acceptable to do so provided that safeguards are applied. Tax planning may be acceptable in certain circumstances, eg where the advice is clearly supported by a tax authority or other precedent. However, if the effectiveness of the tax advice depends on a particular accounting treatment or presentation in the financial statements, the audit team has reasonable doubt about the accounting treatment, and the consequences of the tax advice would be material, then the service should not be provided. Assistance in the resolution of tax disputes may be provided, depending on whether the firm itself provided the service which is the subject of the dispute, and whether the effect is material on the financial statements. Safeguards include using professionals who are not members of the audit team to perform the service, and obtaining advice on the service from an external tax professional. The audit firm: • Provides advice to the audit client in one or more specific matters at the request of the client • Undertakes a substantial proportion of the tax planning or compliance work for the audit client • Promotes tax structures or products to the audit client, the effectiveness of which is likely to be influenced by the manner in which they are accounted for in the financial statements The FRC Ethical Standard (section 5) observes that providing taxation services can cause self-review, self-interest, management and advocacy threats. Safeguards to mitigate these threats include: • Tax services being provided by partners and staff with no involvement in the audit of financial statements • Tax services being reviewed by an independent tax partner or senior tax employee • Obtaining external independent advice on tax work • Tax computations prepared by audit staff members being reviewed by a partner/staff member of appropriate experience who is not a member of the audit team • An audit partner not involved in the audit engagement reviews whether the tax work has been properly and effectively addressed in the context of an audit of the financial statements In addition, there are a number of rules set out in the FRC Ethical Standard (section 5). The audit firm shall not: • Promote tax structures or products or undertake an engagement to provide tax advice to an audit client where the audit engagement partner has, or ought to have, reasonable doubt as to whether the relevant accounting treatment involved is based on established interpretations or is appropriate, having regard to the requirement for the financial statements to give a true and fair view in accordance with the relevant financial reporting framework 264 Assurance • Undertake an engagement to provide tax services to an audited entity wholly or partly on a contingent fee basis where the outcome of those tax services is dependent on the application of tax law which is uncertain or not yet established • Undertake an engagement to provide tax services to an audited entity where the engagement would involve the audit firm undertaking a management role • Undertake an engagement to prepare current or deferred tax calculations to an audited entity that is a listed entity or significant affiliate for the purpose of preparing accounting entries that are material to the relevant financial statements, with the exception of emergency situations • Undertake an engagement to provide tax services to an audited entity where this would involve acting as an advocate, before an appeals tribunal or court in the resolution of an issue that is material to the financial statements or where the outcome of the tax issue is dependent on a future or contemporary audit judgement Finally, as a result of the EU Audit Regulation (June 2016) the following taxation services are prohibited in relation to auditors of public interest entities: • Preparation of tax forms • Payroll tax • Customs duties • Identification of public subsidies and tax incentives (unless support from the statutory auditor or the audit firm in respect of such services is required by law) • Support regarding tax inspections by tax authorities (unless support from the statutory auditor or the audit firm in respect of such inspections is required by law) • Calculation of direct and indirect tax and deferred tax • Provision of tax advice The FRC Ethical Standard (which implements this Regulation) does however state that if these services have no direct effect (or only an inconsequential effect) on the financial statements, then the services are not necessarily prohibited. 2.5 Internal audit services Providing internal audit services to an audit client creates a self-review threat if the internal audit work is relied upon in the external audit. The key issue is whether the audit firm's personnel assume a management responsibility. If they do, then the threat created would be so significant that no safeguards could reduce the threat to an acceptable level. Examples of internal audit services that involve assuming management responsibilities include: • Setting internal audit policies • Directing and taking responsibility for the actions of the entity's internal audit employees • Deciding which recommendations resulting from internal audit activities shall be implemented • Reporting the results of the internal audit activities to those charged with governance • Performing procedures that form part of the internal control • Taking responsibility for designing, implementing and maintaining internal control Safeguards include ensuring that: • The client designates an appropriate and competent resource to be responsible at all times for internal audit activities • The client's management reviews, assesses and approves the scope, risk and frequency of the internal audit services • The client's management determines which recommendations to implement and manages the implementation process Integrity, objectivity and independence The FRC Ethical Standard (section 5) states that the key threats in providing internal audit services are self-review and management. It states that an audit firm shall not undertake to provide internal audit services to an audited entity where it is reasonably foreseeable that: • For the purposes of the audit of the financial statements, the auditors would place significant reliance on internal audit work performed by the audit firm (we will look at this situation more deeply in your Audit and Assurance paper); or • For the purposes of the internal audit services, the audit firm would undertake the role of management. The EU Audit Regulation (June 2016) also prohibited internal control or risk management services for auditors of public interest entities, where these are related to the accounting records or financial statements. Worked example: Internal audit Lee was recently seconded to the internal audit department of his accountancy firm. While on secondment, he carried out a month's internal audit service as part of a four man team at Whitecross pic, an audit client of the firm. He carried out routine controls testing while on this service. He helped to draft the final report to the board of directors at Whitecross, recommending several improvements to the system. On return to the audit department six months later, Lee has been allocated to the audit team for Whitecross, for the year including the month when he carried out the internal audit service. Lee should raise this with the training partner or the engagement partner for Whitecross, as it is likely to be a threat to independence if he takes part in this audit. He worked in the internal audit team and made reports to the directors in that capacity. This could form both self-interest (not wanting to discover any work he did was incorrect or inappropriate) and self-review (using work carried out by him to rely on for the audit opinion) threats. Corporate finance services Certain aspects of corporate finance services will create self-review threats that cannot be reduced to an acceptable level by safeguards. Therefore, assurance firms are not allowed to promote, deal in or underwrite an assurance client's shares. They are also not allowed to commit an assurance client to the terms of a transaction or consummate a transaction on the client's behalf. Other corporate finance services, such as assisting a client in defining corporate strategies, assisting in identifying possible sources of capital and providing structuring advice may be acceptable, provided that safeguards, such as using different teams of staff, and ensuring no management decisions are taken on behalf of the client are in place. Note that corporate finance services can also constitute an advocacy threat if the audit firm is representing the interests of the client. The EU Audit Regulation (June 2016) prohibited - for auditors of public interest entities - services linked to the financing, capital structure and allocation of the audit client. This is unless these services have no consequential (material) effect on the financial statements. Information technology services The key threats in providing IT services, such as designing and implementing a new IT system, are self-review and management. The Code of Ethics states that in the case of public interest entities, the audit firm shall not design or implement IT services that: • Form a significant part of the internal control over financial reporting; or • Generate information that is significant to the financial statements on which the firm will express an opinion. For non-public interest entities, these services may be provided if safeguards are put in place ensuring that: • The client acknowledges its responsibility for establishing and monitoring a system of internal controls • The client assigns the responsibility to make all management decisions with respect to the design and implementation of the hardware or software system to a competent employee, preferably within senior management • The client makes all management decisions with respect to the design and implementation process • The client evaluates the adequacy and results of the design and implementation of the system The client is responsible for operating the system (hardware or software) and for the data it uses or generates Further safeguards would include using only personnel who are not on the audit team to provide the IT services, and having the audit or non-assurance work reviewed by a professional accountant. .8 Litigation support services An example of a litigation support service is acting as an expert witness. Such services can cause self-review threats if they involve estimating damages or other amounts that affect the financial statements. In addition, management and/or advocacy threats may arise. Hence the FRC Ethical Standard (section 5) forbids acceptance of litigation support services for listed audited entities that are listed or significant affiliates when the situation above exists. Litigation support services for non-listed entities that do not involve such subjective estimations are not prohibited, provided that appropriate safeguards have been implemented. .3 Advocacy threat Legal services Contingent fees ADVOCACY THREAT finance Figure 15.3: Advocacy threat An advocacy threat arises in certain situations where the assurance firm is in a position of taking the client's part in a dispute or somehow acting as their advocate. The most obvious instances of this would be when a firm offered legal services to a client and, say, defended them in a legal case. The FRC Ethical Standard (section 5) forbids the provision of legal services to an audited entity where it would involve acting as the solicitor formally nominated to represent the audited entity in resolution of a dispute or litigation which is material to the financial statements. An advocacy threat might also arise if the firm carried out corporate finance work for the client; for example, if the audit firm were involved in advice on debt restructuring and negotiated with the bank on the client's behalf. As with the other threats above, the firm has to appraise the risk and apply safeguards as necessary. Relevant safeguards might be using different departments in the firm to carry out the work and making disclosures to the audit committee. Remember, the ultimate option is always to withdraw from an engagement if the risk to independence is too high. Integrity, objectivity and independence 2 .4 Familiarity threat A familiarity threat is where independence is jeopardised by the audit firm and its staff becoming over familiar with the client and its staff. There is a substantial risk of loss of professional scepticism in such circumstances. We have already discussed some examples of when this risk arises, because very often a familiarity threat arises in conjunction with a self-interest threat. Where there are family and personal relationships between client/firm Recruitment FAMILIARITY THREAT Employment with assurance client Long association with assurance clients Recent service with assurance client Figure 15.4: Familiarity threat .1 Long association of senior personnel with assurance clients It can be a significant threat to independence if senior members of staff at an audit firm have a long association with a client. All firms should therefore monitor the relationship between staff and established clients and use safeguards to independence such as rotating senior staff off the assurance team and involving engagement quality control reviews. Where appropriate safeguards cannot be applied, the firm should resign. The requirements of the FRC's Ethical Standard are stricter in this area that those of the Code of Ethics. Worked example: Long association Peter has been the audit engagement partner for Santa Ltd for a number of years. During that time, he has formed a friendly relationship with the finance director, to the point that on occasion, usually at client hospitality days organised by the firm, but sometimes not, he might play a round of golf with the FD or attend a dinner function with him and his wife. There is a risk of a familiarity threat here, particularly if the relationship is growing closer and more personal as time evolves. Peter should monitor this situation and request a review of the audit file by an engagement quality control reviewer to ensure that the risk is not too significant for the audit firm. Alternatively, the audit firm might decide that it would be better to 'rest' Peter from this engagement for a period of time to ensure that independence was not affected, if the firm were confident that this would not affect the professional relationship between the firm and Santa Ltd. The Code of Ethics sets out general provisions for all audit engagements. These state that when an audit engagement partner has held that role for a continuous period of ten years in relation to a non-public interest client, careful consideration must be given as to whether a reasonable and informed third party would consider the firm's objectivity and independence to be impaired. If that individual is still not rotated, alternative safeguards should be put in place, the reason for lack of rotation should be documented, and the facts should be communicated with those charged with governance. For public interest entities, the Code of Ethics has more stringent rules. The FRC Ethical Standard (section 3) states these as follows. • No one shall act as the audit engagement partner for more than five years. Assurance • Anyone who has acted as the audit engagement partner for a period of five years, shall not subsequently participate in the audit engagement until a further period of five years has elapsed. However, there may be circumstances in which it is necessary to be flexible about rotation of the audit engagement partner or audit quality control reviewer in relation to the audit of a public interest entity. If the audit committee of the audited entity decides that flexibility is necessary to safeguard the quality of the audit (and the audit firm agrees), then the audit engagement partner may continue in the role for two more years. This might happen for example where: • Substantial change has recently been made or will soon be made to the nature or structure of the audited entity's business • There are unexpected changes in the senior management of the audited entity In such situations, alternative safeguards should be applied such as an expanded review of the work by an engagement quality control reviewer. The FRC Ethical Standard (section 3) then goes on to specify the following rules for engagement quality control reviewers: • No one should act as the engagement quality control reviewer for a continuous period longer than seven years. • Where the engagement quality control reviewer becomes the audit engagement partner the combined service in these two positions should not exceed seven years. • People who have held these positions for seven years (continuously or in aggregate) should not return to them for at least five years. Staff in senior positions and other partners who have been responsible for significant affiliates should be reviewed by the audit engagement partner where they have been involved in the audit of a public interest entity for a continuous period exceeding seven years. Safeguards should be applied such as the removal of members of staff from, or the rotation of roles within, the engagement team. When an audited entity becomes a listed company, the length of time the audit engagement partner has been involved should be taken into consideration. The engagement partner should only continue in the position for another two years where four or more years have already been served by that individual. 2.4.2 Recruitment Recruiting senior management for an assurance client, particularly those able to affect the subject matter of an assurance engagement creates management, familiarity, self-interest and intimidation threats. Assurance providers must not make management decisions for the client. Their involvement could be limited to drawing up a shortlist of candidates, providing that the client has drawn up the criteria by which they are to be selected, and makes the final decision in respect of who to hire. The FRC Ethical Standard (section 5) states that an audit firm should not undertake an engagement to provide recruitment services in relation to a key management position of the audited entity (or significant affiliate of such) for a listed entity. Integrity, objectivity and independence 2.5 Intimidation threat An intimidation threat arises when members of the assurance team have reason to be intimidated by client staff. Close business relationships Litigation INTIMIDATION THREAT Family and personal relationships Assurance staff members move to employment with client Figure 15.5: Intimidation threat These are also examples of self-interest threats discussed in section 2.1, largely because intimidation may only arise significantly when the assurance firm has something to lose. 2.5.1 Actual and threatened litigation The most obvious example of an intimidation threat is when the client threatens to sue, or indeed sues, the assurance firm for work that has been done previously. The firm is then faced with the risk of losing the client, bad publicity and the possibility that they will be found to have been negligent, which will lead to further problems. This could lead to the firm being under pressure to produce an unqualified audit report when they have been qualified in the past, for example. Generally, assurance firms should seek to avoid such situations arising. If they do arise, factors to consider are: • The materiality of the litigation • The nature of the assurance engagement • Whether the litigation relates to a prior assurance engagement The following safeguards could be considered: • Disclosing to the audit committee the nature and extent of the litigation • Removing specific affected individuals from the engagement team • Involving an additional professional accountant on the team to review work However, if the litigation is at all serious, it may be necessary to resign from the engagement, as the threat to independence is so great. The FRC Ethical Standard (section 4) requires a firm to not continue with/accept an engagement where the threat of litigation is anything other than insignificant, however it is not required to resign immediately in circumstances where a reasonable and informed third party would not regard it in the interests of the shareholders for it to do so. The EU Audit Regulation (June 2016) states that legal services are prohibited in the case of audits of public interest entities. 2.6 Management threat The management threat is identified in the FRC Ethical Standard rather than in ICAEW Code. A management threat arises when the audit firm undertakes work involving making judgements and taking decisions that are the responsibility of management. There is a significant cross-over with self-review threat here, and, as we have already seen, assurance providers are forbidden to take decisions on behalf of management, therefore this risk should be removed by avoiding situations or not accepting engagements where the client is asking the assurance firm to take management decisions. 270 Assurance An important factor in whether a management threat exists is whether there is 'informed management' at the client. Definition Informed management is where the auditors believe that the member of management designated by the audit client to receive the results of a non-audit service provided by the auditor has the capability to make independent management judgements and decisions on the basis of the information provided. If there is informed management, it is possible that safeguards can be effective to avoid a management threat or reduce it. If there is not, it is unlikely management threat can be avoided. For example, consultancy services are generally acceptable where there is informed management and the auditors do not take management decisions. Interactive question 1: Type of threat In each of the following cases, indicate the principal threat that the assurance firm is facing. (a) Peter Perkins recently resigned as finance director of Assiduous Limited. PeteT joined the assurance firm that provides the audit to Assiduous after his notice period of six months. (b) Artifice Limited has suggested to the engagement partner that a qualified audit report would be unacceptable in the current year because the company is considering a flotation. (c) Anonymous Limited has requested that the audit team should not be changed from the previous year as they got on well with client staff. See Answer at the end of this chapter. Accepting new clients We outlined the issues relating to accepting new clients in Chapter 2. We stated that auditors must consider any ethical issues that might be a bar to acceptance. Any of the ethical issues outlined above could constitute a barrier to acceptance. In addition, the assurance firm must consider whether there appear to be any factors at the client that could be a threat to the firm's integrity or professional behaviour. These are likely to arise from: • Illegal activities of the client • Apparent dishonesty of the client • Questionable accounting practices of the client It may not be possible to reduce these risks, in which case, the assurance service should be declined. However, some safeguards, such as obtaining a commitment from those charged with governance to improving corporate governance, might be sufficient to make acceptance possible. Interactive question 2: Engagement acceptance Notable Co is a small assurance firm that has been asked to take on the statutory audit of the following two companies. For each of the companies, indicate on what basis the audits could be accepted, if at Notorious Limited is a small company that has had a number of HMRC investigations in recent years. The company has had to pay a number of back taxes where incorrect figures had been declared. Recently a director was banned from being a director for five years for wrongful trading. This person has left Notorious and a new managing director has been appointed, who has intimated to the firm that improved corporate governance is at the top of his agenda. all. Do not accept Accept with safeguards Accept with no safeguards Integrity, objectivity and independence Pristine pic is a listed company that has good references from all parties whom the firm made enquiries of. It has requested that Notable Co both prepare and audit the financial statements. It does not feel that these services are divisible. Do not accept Accept with safeguards Accept with no safeguards See Answer at the end of this chapter. 3 Resolving ethical conflicts Section overview • The ICAEW Code sets out a framework for professional accountants to follow when faced with an ethical conflict. It is generally better to resolve conflicts 'in-house' than to refer to external bodies, although that option is always available and ICAEW has an ethical helpline. The ICAEW Code sets out a framework that professional accountants can follow when seeking to resolve ethical problems. It states that the professional accountant should consider: The relevant facts The relevant parties The ethical issues involved The fundamental principles related to the matter in question Established internal procedures Alternative courses of action The accountant should then consider which is the course of action that most aligns with the fundamental principles. If the accountant cannot determine the best course of action himself, he should refer it to the relevant department within his firm for more advice. It is generally better for firms to come to conclusions 'in-house', but if needs be, further advice can be sought from ICAEW. This is a useful structure for you to use when considering ethical problems in the assessment. Think about the facts, parties, issues and fundamental principles involved and try and see the best course of action. Remember that as a trainee, referral to a more senior member of staff may be your most appropriate course of action. Interactive'question 3: Audit trainee issues You are a trainee in the audit department of Harris Brothers & Co. You have recently started your training, have not attended any courses and have attended one audit, where you carried out some simple audit tests under the audit senior's supervision. An audit manager has asked you to attend the inventory count of Brox Bros, which has a large amount of inventory, which is subject to an annual inventory count. There are very few other controls over the inventory at Brox Bros. Inventory is highly material to Brox Bros' financial statements. No other audit staff will be attending the inventory count. Assurance Which of the following is the most appropriate course of action for you to take: Perform the work Refer to training partner Contact ICAEW See Answer at the end of this chapter. Conflicts of interest for the accountant Section overview • An accountant in industry may face more pressure to behave unethically at times. • The accountant should evaluate the threats that such pressures bring. • Safeguards might include: Obtaining advice Using a formal dispute resolution process at work - Seeking legal advice In this section we will consider the problem that an accountant employed by someone other than a practice of other accountants might face if the needs of his professional duty and his employer conflict. This is less likely to be a problem for accountants in practice, as their employers or partners will be bound by the same professional duties as them, but in industry, employers might not understand the importance and nature of an accountant's professional duty. The Code of Ethics gives advice to accountants in such conflicting situations. It is important to remember that accountants in a non-practice environment are subject to the same fundamental principles as accountants in practice. However, an accountant in business (as opposed to practice) may find that he is faced with implicit or explicit pressure to: • Act contrary to law or regulation • Act contrary to technical or professional standards • Facilitate unethical or illegal earnings management strategies • Lie to or mislead auditors or regulators • Issue or be associated with published reports (for example, financial statements, tax statements) that materially misrepresent the facts The accountant in question should evaluate the threats that such situations bring (for example, the accountant may face severe intimidation and self-interest threats if he could lose his job by not complying). Available courses of action should be applied as follows: • First, resolve internally (if possible) using a formal dispute resolution process or audit committee (if the employing organisation has one) • Second, obtain advice from the ICAEW • Third seek legal advice • As a last resort, resign Interactive question 4: Conflict of interest Imo is a qualified accountant. She has recently moved out of practice and taken up the position of financial controller of a small, unlisted company, Lavender Lane Limited. The company has a short-term cash flow problem. Integrity, objectivity and independence Which of the following is the most appropriate course of action for you to take: Refer to training partner Contact ICAEW Perform the work See Answer at the end of this chapter. Conflicts of interest for the accountant Section overview An accountant in industry may face more pressure to behave unethically at times. The accountant should evaluate the threats that such pressures bring. Safeguards might include: Obtaining advice Using a formal dispute resolution process at work Seeking legal advice In this section we will consider the problem that an accountant employed by someone other than a practice of other accountants might face if the needs of his professional duty and his employer conflict. This is less likely to be a problem for accountants in practice, as their employers or partners will be bound by the same professional duties as them, but in industry, employers might not understand the importance and nature of an accountant's professional duty. The Code of Ethics gives advice to accountants in such conflicting situations. It is important to remember that accountants in a non-practice environment are subject to the same fundamental principles as accountants in practice. However, an accountant in business (as opposed to practice) may find that he is faced with implicit or explicit pressure to: • Act contrary to law or regulation • Act contrary to technical or professional standards • Facilitate unethical or illegal earnings management strategies • Lie to or mislead auditors or regulators • Issue or be associated with published reports (for example, financial statements, tax statements) that materially misrepresent the facts The accountant in question should evaluate the threats that such situations bring (for example, the accountant may face severe intimidation and self-interest threats if he could lose his job by not complying). Available courses of action should be applied as follows: • First, resolve internally (if possible) using a formal dispute resolution process or audit committee (if the employing organisation has one) • Second, obtain advice from the ICAEW • Third seek legal advice • As a last resort, resign Interactive question 4: Conflict of interest Imo is a qualified accountant. She has recently moved out of practice and taken up the position of financial controller of a small, unlisted company, Lavender Lane Limited. The company has a short-term cash flow problem. Integrity, objectivity and independence 1 Importance of confidentiality Section overview • Confidentiality is a fundamental ethical principle. • Client information must be kept confidential unless there is a genuine exception to this requirement. • Confidentiality is important as it is a key factor in the trust between client and accountant. Confidentiality is a fundamental principle of both the IFAC and ICAEW Codes of Ethics, as set out in Chapter 14. Accountants are required to keep client information confidential. This is an important aspect of the trust between client and accountant, as, to do their job, accountants require access to information about their business that clients would not want made public externally to the business, and, in some cases, such as where it relates to pay or future intentions of the directors, internally to the business either. In practice this means that an accountant should not discuss client matters with anyone outside the firm of accountants, and, in cases where there is a conflict of interest with another audit client, with anyone outside of the team assigned to that client. It is appropriate to discuss client matters, where necessary, with other members of staff from the firm; for example, an audit team member may have to liaise with a member of the tax department over client affairs, but in general it is better to keep discussions about client affairs to when they are professionally necessary, not merely as gossip. This is because the greatest risk of breach of confidentiality is likely to be accidental disclosure rather than deliberate disclosure. It is unlikely that an accountant or a firm would make a deliberate disclosure of client information (under the exceptions to the duty of confidentiality noted below) without having taken legal advice and making very sure that it is appropriate to do so. A greater risk of breach of confidentiality is by accidental disclosure (talking about client affairs in the wrong place or leaving client information exposed accidentally). 2 Safeguards to confidentiality Section overview There is probably a greater risk of accidental disclosure of information than of inappropriate deliberate disclosure. Accountants should follow a number of security procedures to prevent accidental disclosure. Accountants should always confer with senior staff members when they have a concern that a disclosure is required. There is probably a greater risk of accidental disclosure of information that is confidential within the business than external to the business. Such risk arises where client staff members are exposed to confidential information by overhearing audit staff conversations or by seeing documents that would normally be kept away from them. However, there is also a risk of information passing outside the business if assurance providers work on a different client's file at another client's premises, or by losing or leaving files unprotected (for example, in a car, which might be stolen) or through lack of electronic controls (for example, by computer hacking). Confidentiality The following security procedures are probably wise to prevent accidental disclosure of information: • Do not discuss client matters with any party outside of the accountancy firm (for example, friends and family, even in a general way) • Do not discuss client matters with colleagues in a public place • Do not leave audit files unattended (at a client's premises or anywhere) • Do not leave audit files in cars or in unsecured private residences • Do not remove working papers from the office unless strictly necessary • Do not work on electronic working papers on systems that do not have the requisite protection In addition, to prevent unauthorised deliberate disclosures of information: • Raise concerns with more senior staff in the firm (or the MLRO, see section 3.1) • Seek legal advice before making any disclosures of potentially confidential information Worked example: Accidental disclosure of information Kat is a trainee in the audit department of Fox Brothers & Co. She is working on the audit of Candleworks Limited. Kat is driving to work with two of the audit files in locked cases in the boot of her car. She stops at a petrol station to buy petrol and goes into the petrol station to pay for the petrol. During that time, her car is stolen. When it is found, the cases are missing. Later that day, Kat arrives at Candleworks Limited and begins work on a different part of the audit file. She leaves the office unattended and unlocked and goes to the toilet. During that time, the purchase ledger clerk goes into the audit office and reviews the payroll. She later raises a complaint with the pay department that the sales ledger clerk earns more than she does. Kat has breached two simple security measures in this scenario, which has resulted in confidentiality being breached twice. Disclosure of confidential information Section overview Accountants may be compelled by law or consider it desirable in the public interest to disclose details of clients' affairs to third parties. Information acquired in the course of professional work should only be disclosed where: Consent has been obtained from the client, employer or other proper source, or There is a public duty to disclose, or There is a legal or professional right or duty to disclose. The Code of Ethics identifies three circumstances where the professional accountant is or may be required to disclose confidential information: • Where disclosure is permitted by law and is authorised by the client or the employer, for example where the auditor has uncovered a fraud and the client is in agreement that the matter should be referred to the police. • Where disclosure is required by the law. Examples include: Reporting clients involved in terrorist activities to the police Reporting directly to regulators such as the Financial Services Authority on regulatory breaches in respect of financial service and investment businesses or the Charity Commission in respect of charities The reporting of suspected money laundering (for example tax evasion) to the National Crime Agency In making such a report, an auditor is not deemed to have broken the confidence of the client. It is normally addressed by setting out the auditor's right to disclose in the engagement letter. • Where there is a professional duty or right to disclose, when not prohibited by law. An accountant may defend himself in a negligence claim, for example. The Code of Ethics states that a professional accountant may disclose confidential information to third parties if the disclosure can be justified in 'the public interest' and is not contrary to laws and regulations. Difficult judgements are required by auditors as to whether the 'public interest' overrides the duty of confidentiality. Usually, the assurance providers should take legal advice on the matter. A professional accountant acquiring or receiving confidential information in the course of his or her professional work should neither use, nor appear to use, that information for his or her personal advantage or for the advantage of a third party. Examples of particular circumstances are: • On a change in employment, professional accountants are entitled to use experience gained in their previous position, but not confidential information acquired there. • A professional accountant should not deal in the shares of a company in which the member has had a professional association at such a time or in such a manner as might make it seem that information obtained in a professional capacity was being turned to personal advantage ('insider dealing'). • Where a professional accountant has confidential information from Client 1 that affects an assurance report on Client 2 he cannot provide an opinion on Client 2 that he already knows, from whatever source, to be untrue. If he is to continue as auditor to Client 2 the conflict must be resolved. In order to do so, normal audit procedures/enquiries should be followed to enable that same information to be obtained from another source. Under no circumstances, however, should there be any disclosure of confidential information outside the firm. Money laundering Accountants are subject to laws concerning money laundering, which make it a criminal offence not to disclose a suspicion of money laundering (the process by which criminals attempt to conceal the proceeds of crime). In addition, it is an offence to let a suspected money launderer know that an investigation may be taking place against him. Therefore, accountants must report suspicions of money laundering to the appropriate authority, and this disclosure will not constitute a breach of confidentiality. In addition, they should not advise the client that they have done so. Firms must have a Money Laundering Reporting Officer (MLRO), who will be responsible for making such disclosures. Therefore, trainees and staff carrying out assurance work must make a report to that MLRO when a suspicion of money laundering arises. Each firm must have an MLRO, so an audit team member will never be required to make a report to the authorities personally. It will always be appropriate for him to make the report of the suspicion to the MLRO, and having made a report to the MLRO is a defence against the criminal offence of failing to report a suspicion of money laundering. Examples of money laundering in this context could include (but are not limited to): • Keeping customer overpayments (theft?) • Offences under the Companies Act that are criminal (such as making a loan to a director - so that the director is in possession of the proceeds of the company's crime) • Offences that involve a saved cost (such as failure to meet environmental regulations about disposal and dumping waste instead) Confidentiality The reporting of suspected money laundering (for example tax evasion) to the National Crime Agency In making such a report, an auditor is not deemed to have broken the confidence of the client. It is normally addressed by setting out the auditor's right to disclose in the engagement letter. • Where there is a professional duty or right to disclose, when not prohibited by law. An accountant may defend himself in a negligence claim, for example. The Code of Ethics states that a professional accountant may disclose confidential information to third parties if the disclosure can be justified in 'the public interest' and is not contrary to laws and regulations. Difficult judgements are required by auditors as to whether the 'public interest' overrides the duty of confidentiality. Usually, the assurance providers should take legal advice on the matter. A professional accountant acquiring or receiving confidential information in the course of his or her professional work should neither use, nor appear to use, that information for his or her personal advantage or for the advantage of a third party. Examples of particular circumstances are: • On a change in employment, professional accountants are entitled to use experience gained in their previous position, but not confidential information acquired there. • A professional accountant should not deal in the shares of a company in which the member has had a professional association at such a time or in such a manner as might make it seem that information obtained in a professional capacity was being turned to personal advantage ('insider dealing'). • Where a professional accountant has confidential information from Client 1 that affects an assurance report on Client 2 he cannot provide an opinion on Client 2 that he already knows, from whatever source, to be untrue. If he is to continue as auditor to Client 2 the conflict must be resolved. In order to do so, normal audit procedures/enquiries should be followed to enable that same information to be obtained from another source. Under no circumstances, however, should there be any disclosure of confidential information outside the firm. Money laundering Accountants are subject to laws concerning money laundering, which make it a criminal offence not to disclose a suspicion of money laundering (the process by which criminals attempt to conceal the proceeds of crime). In addition, it is an offence to let a suspected money launderer know that an investigation may be taking place against him. Therefore, accountants must report suspicions of money laundering to the appropriate authority, and this disclosure will not constitute a breach of confidentiality. In addition, they should not advise the client that they have done so. Firms must have a Money Laundering Reporting Officer (MLRO), who will be responsible for making such disclosures. Therefore, trainees and staff carrying out assurance work must make a report to that MLRO when a suspicion of money laundering arises. Each firm must have an MLRO, so an audit team member will never be required to make a report to the authorities personally. It will always be appropriate for him to make the report of the suspicion to the MLRO, and having made a report to the MLRO is a defence against the criminal offence of failing to report a suspicion of money laundering. Examples of money laundering in this context could include (but are not limited to): • Keeping customer overpayments (theft?) • Offences under the Companies Act that are criminal (such as making a loan to a director - so that the director is in possession of the proceeds of the company's crime) • Offences that involve a saved cost (such as failure to meet environmental regulations about disposal and dumping waste instead) Confidentiality The following issues therefore may give rise to suspicions of money laundering: • Credits on the receivables ledger • Unusual related party transactions • Lack of expected costs in income statement • The existence of a complicated group structure with no obvious business reason for the complexity • High number of cash transactions without genuine business reason Worked example: Money laundering Jim is carrying out some assurance work in connection with sales at Trying Ltd. He discovers that the owner of the business, who is also the MD, regularly collects cash from customers in respect of sales. In such cases, neither the sale nor the receipt is included in the accounting records of Trying Ltd. This allows him to bypass accounting for VAT or corporation tax on these sales, so it constitutes money laundering. Jim must therefore report this issue to the MLRO of his firm. .2 Conflicts of interest Situations are frequently perceived by clients as 'conflicts of interest' where in reality they involve no more than concerns over keeping information confidential. Hence the issues of confidentiality covered in sections 1 and 2 and conflicts of interest are related. The Code states that firms should have in place procedures to enable them to identify whether any conflicts of interest exist and to take all reasonable steps to determine whether any conflicts are likely to arise in relation to new assignments involving both new and existing clients. If there is no conflict of interest, firms may accept the assignment. If there is a conflict of interest, the significance of any threat to compliance with the fundamental principles should be evaluated. If any threats are other than clearly insignificant, the safeguards must be applied to eliminate the threat or to reduce it to an acceptable level. There is nothing improper in a firm having two clients whose interests are in conflict provided that the activities of the firm are managed so as to avoid the work of the firm on behalf of one client adversely affecting that on behalf of another. Where a firm believes that a conflict can be managed, sufficient disclosure should be made to the clients or potential clients concerned, together with details of any proposed safeguards to preserve confidentiality and manage conflict. If consent is refused by the client then the firm must not continue to act for one of the parties. Where a conflict cannot be managed even with safeguards, then the firm should not act. A self-interest threat to the objectivity of a professional accountant or his firm will arise where there is or is likely to be a conflict of interest between them and the client or where confidential information received from the client could be used by them for the firm's or for a third party's benefit. The test to apply is whether a reasonable and informed observer would perceive that the objectivity of the member of his firm is likely to be impaired. The member or his firm should be able to satisfy themselves and the client that any conflict can be managed with available safeguards. Safeguards might include: • Disclosure of the circumstances of the conflict • Obtaining the informed consent of the client to act • The use of confidentiality agreements signed by employees • Establishing information barriers ('Chinese walls', see below) • Regular review of the application of safeguards by a senior individual not involved with the relevant client engagement • Ceasing to act Assurance Information barriers, traditionally known as Chinese walls, include: • Ensuring that there is no overlap between different teams • Physical separation of teams • Careful procedures for where information has to be disseminated beyond a barrier and for maintaining proper records where this occurs Some commentators argue that the term Chinese walls' is culturally insensitive and disrespectful of the ability of the Great Wall of China to keep China's enemies at bay. However the term is in common use and likely to remain so for some time in the future. Interactive question: Confidentiality During the course of an assurance engagement, Aleem, a member of the assurance team from Goose Brothers & Co discovers that Dave Milton, the owner of D Manufacturing Limited, has told certain customers to write cheque payments out in favour of DM, rather than the full company name. Mr Milton has then been amending the cheques to read D Milton, and paying them into his personal account rather than the company's, reducing the company's overall tax liability. Which one of the following is the most appropriate action for Aleem to take in respect of this matter? A Discuss the matter with the client and advise him of the legal position B Report the matter to HM Revenue and Customs C Obtain the client's permission to report the matter to the MLRO within the firm D Report the matter to the MLRO within the firm See Answer at the end of this chapter. Confidentiality