Auditing - Lecture 3 Part I. Fundamentals of audit: Ethics Content nProfessional ethics nCode of ethics nLegal liability and defense (to be cont.) nRecommended reading n Oct 5, 2015 2 Ethics –need for ethics nEthics represent a set of moral principles, rules of conduct, or values. Ethics apply when an individual has to make a decision from various alternatives regarding moral principles. All individuals and societies possess a sense of ethics in that they have some sort of agreement as to what right and wrong are. Ethical behavior is necessary for a society to function in an orderly manner. It can be argued that ethics is the glue that holds a society together. nThe need for ethics in society is sufficiently important that many commonly held ethical values are incorporated into laws. However, many of the ethical values cannot be incorporated into laws because they cannot be defined well enough to be enforced. nMost people define unethical behavior as conduct that differs from what they believe is appropriate given the circumstances. It is important to understand what causes people to act in a manner that we decide is unethical. There are two primary reasons why people act unethically: n n n n n n n Oct 5, 2015 3 Ethics – need for ethics q“Everybody does it” - the argument that it is acceptable behavior to falsify tax returns, cheat on exams, or sell defective products is commonly based on the rationalization that everyone else is doing it and therefore it is acceptable. q“If it’s legal, it’s ethical” - using the argument that all legal behavior is ethical relies heavily on the perfection of laws. Under this philosophy, one would have no obligation to return a lost object unless the other person could prove that it was his or hers. q“Likelihood of discovery and consequences” - this philosophy relies on evaluating the likelihood that someone else will discover the behavior. Typically, the person also assesses the severity of the penalty (consequences) if there is a discovery. An example is deciding whether to correct an unintentional overbilling to a customer when the customer has already paid the full amount. If the seller believes that the customer will detect the error and respond by not buying in the future, the seller will inform the customer now; otherwise, the seller will wait to see if the customer complains. n n n Oct 5, 2015 4 Ethics – ethical principles nEthical principles guiding the behavior and work of members of professional societies: qresponsibilities - in carrying out their responsibilities as professionals, members should exercise sensitive professional and moral judgments in all their activities. qpublic interest – members should accept the obligation to act in a way that will serve the public interest, honor the public trust, and demonstrate commitment to professionalism. qintegrity - to maintain and broaden public confidence, members should perform all professional responsibilities with the highest sense of integrity. qobjectivity and independence - a member should maintain objectivity and be free of conflicts of interest in discharging professional responsibilities. qdue care - a member should observe the profession’s technical and ethical standards, strive continually to improve competence and quality of services. n n n n Oct 5, 2015 5 Ethics in accounting nOur society has attached a special meaning to the term professional. Professionals are expected to conduct themselves at a higher level than most other members of society. A CPA, as a professional, recognizes a responsibility to the public, to the client, to fellow practitioners. nThe reason for an expectation of a high level of professional conduct by any profession is the need for public confidence in the quality of service by the profession, regardless of the individual providing it. For the CPA, it is essential that the client and external financial statement users have confidence in the quality of audits and other services. nIt is not practical for most customers to evaluate the quality of the performance of professional services because of their complexity. A financial statement user cannot be expected to evaluate audit performance. Most users have neither the competence nor the time for such an evaluation. Public confidence in the quality of professional services is enhanced when the profession encourages high standards of performance and conduct on the part of all practitioners. n n n Oct 5, 2015 6 AICPA code of conduct (USA) n n n Oct 5, 2015 7 nThe AICPA Code of Professional Conduct provides both general standards of ideal conduct and specific enforceable rules of conduct. There are four parts to the code: qprinciples - ideal standards of ethical conduct stated in philosophical terms. They are not enforceable. qrules of conduct - minimum standards of ethical conduct stated as specific rules. They are enforceable. qinterpretations of the rules of conduct – prepared by the AICPA Division of Professional Ethics. They are not enforceable, but a practitioner must justify departure. qethical rulings - published explanations and answers to questions about the rules of conduct submitted to the AICPA by practitioners and others interested in ethical requirements. They are not enforceable, but a practitioner must justify departure. q n AICPA code of conduct (USA) n n n Oct 5, 2015 8 q n AICPA code of conduct (USA) n n n Oct 5, 2015 9 nBasic rules of conduct defined by AICPA Code of Professional Conduct: qIndependence - because of its importance, is the first rule of conduct. The value of auditing depends heavily on the public’s perception of the independence of auditors. The reason that many diverse users are willing to rely on CPA’s reports is their expectation of an unbiased viewpoint. The AICPA Code of Professional Conduct defines independence as consisting of two components: independence of mind and independence in appearance. ØIndependence of mind - reflects the auditor’s state of mind that permits the audit to be performed with an unbiased attitude. It reflects a long-standing requirement that members be independent in fact. ØIndependence in appearance - the result of others’ interpretations of this independence. If auditors are independent in fact but users believe them to be advocates for the client, most of the value of the audit function is lost. q n AICPA code of conduct (USA) n n n Oct 5, 2015 10 SEC adopted rules strengthening auditor independence e.g. Sarbanes-Oxley Act (SOX). The SEC rules further restrict the provision of nonaudit services to audit clients, and they also include restrictions on employment of former audit firm employees by the client and provide for audit partner rotation to enhance independence. SEC prohibits CPA firms to perform the following services for public companies, who are their audit clients: bookkeeping and other accounting services; financial information systems design and implementation; appraisal or valuation services; actuarial services; internal audit outsourcing; management or human resource functions; broker or dealer or investment adviser or investment banker services; legal and expert services unrelated to the audit; any other service that the PCAOB determines by regulation is impermissible. CPA firms are not prohibited from performing these services for private companies and for public companies that are not audit clients. q q q n AICPA code of conduct (USA) n n n Oct 5, 2015 11 qIndependence of conduct: financial Interests – interpretations of rule on independence prohibit CPA members from owning any stock or other direct investment in audit clients because it is potentially damaging to actual audit independence (independence of mind), and it certainly is likely to affect users’ perceptions of the auditors’ independence (independence in appearance). Indirect investments, such as ownership of stock in a client’s company by an auditor’s grandparent, are also prohibited, but only if the amount is material to the auditor. The ownership of stock rule is more complex than it appears at first glance. ØCovered members include the following: individuals on the attest engagement team; an individual in a position to influence the attest engagement, such as individuals who supervise or evaluate the engagement partner; a partner or manager who provides nonattest services to the client; a partner in the office of the partner responsible for the attest engagement; the firm and its employee benefit plans; an entity that can be controlled by any of the covered q q n AICPA code of conduct (USA) n n n Oct 5, 2015 12 members listed above or by two or more of the covered individuals or entities operating together. ØDirect vs. indirect financial interest - The ownership of stock or other equity shares and debt securities by members or their immediate family is called a direct financial interest. An indirect financial interest exists when there is a close, but not a direct, ownership relationship between the auditor and the client. An example of an indirect ownership interest is the covered member’s ownership of a mutual fund that has an investment in a client. qOther rules of conduct – see general ethical principles (responsibilities, public interest, integrity, objectivity and independence, due care) q n IFAC code of ethics (World) n n n Oct 5, 2015 13 nIFAC Code of Ethics contains three parts (A – Framework which applies to all professional accountants; B - Framework which applies to accountants in public practice; C - Framework which applies to employed accountants), declares basic principles governing conduct and work of auditors, and defines basic threats and safeguards for CPA professions and firms. nA – Framework which applies to all professional accountants defines the following principles: qIntegrity and objectivity qProfessional competence and due care qConfidentiality qProfessional behavior qTax practice qCross-border activities qPublicity qTechnical Standards n q n • Tax Practice - An accountant performing tax services may put forward the best position in favor of a client or employer, provided the service is done with professional competence, does not in any way impair integrity and objectivity, and is consistent with the law. An accountant should not represent to a client or an employer that the tax return prepared and the tax advice given is above challenge. He should make sure that the client or employer is aware of the limitations involved in interpretation of tax law and tax reporting. The accountant’s client or employer should be advised that they, not the accountant, have the responsibility for the content of the tax return. • Cross-Border Activities - An accountant may perform services in a country other than his home country. If differences exist between ethical requirements of the two countries the following provisions should be applied: When the ethical requirements of the country in which the services are being performed are less strict than the IFAC Code of Ethics, then the ethical guidance of IFAC should be applied. When the ethical requirements of the country in which the services are being performed are stricter than the IFAC ethical guidance then the ethical requirements of the country where the services are being performed should be applied. When the ethical requirements of the home country are mandatory for services performed outside that country and are stricter than set out in (1) and (2) above, then the ethical requirements of the home country should be applied. • Publicity - Publicity is the communication to the public of facts about a professional accountant which are not designated for the deliberate promotion of that professional accountant. When accountants market themselves and their work, they should: Not use means which brings the profession into disrepute; Not make exaggerated claims for the services they are able to offer, the qualifications they possess, or the experience they have gained; and Not denigrate the work of other accountants. • Technical Standards - Professional services should always be carried out in accordance with the relevant technical and professional standards. These services should follow the technical standards such as International Standards on Auditing; International Financial Reporting Standards, rules of the accountant’s professional body, and relevant legislation. IFAC code of ethics (World) n n n Oct 5, 2015 14 nB – Framework which applies to accountants in public practice defines a professional accountant in public practice as each partner or person occupying a position similar to that of a partner, and each employee in a practice providing professional services to a client irrespective of their functional classification (e.g. audit, tax or consulting), and professional accountants in a practice having managerial responsibility. Ethical guidance for accountants in public practice is offered in the areas of: independence; responsibilities to clients such as fees, commissions, and clients’ monies; and responsibilities to colleagues such as relations to other professionals, advertising and activities incompatible with practice. While referring to independence the Framework defines the following threats and safeguards to it: qThreats - self-interest threats, self-review threat, advocacy threat, familiarity threat, intimidation threat qSafeguards – safeguards created by the profession, legislation or regulation, safeguards within the assurance client, safeguards within the audit firm. n q n q n Threats: • Self-Interest Threats - “Self-Interest Threat” occurs when an auditor could benefit from a financial interest in, r other self-interest conflict with, an assurance client. Examples are as follows. (a) A direct financial interest or material indirect financial interest in an assurance client. Direct financial interest in a client might include ownership of client equities or financial instruments; financial interest in a joint venture with a client or employee(s) of a client; and financial interest in a non-client as an investor or investee. Indirect material financial interest results from being an administrator of any trust or estate with a financial interest in the client company. (b) Ability to influence client. The IFAC Code of Ethics prohibits individuals with the ability to influence the audit engagement to have ownership interest in the client company. For example a secretary of KPMG could own common shares in a client company if the secretary does not participate in the audit process. However, if the secretary becomes a partner of the engagement while obtaining ownership, all the information regarding his ownership status would have to be disclosed. Otherwise his action could be perceived as a threat to independence in fact and in appearance with respect to that client. • Self-Review Threat - “Self-Review Threat” occurs when (1) results of a previous engagement needs to be reevaluated in reaching conclusions on the present assurance engagement or (2) when a member of the assurance team previously was an employee of the client (especially a director or officer) in a position to exert significant influence over the subject matter of the assurance engagement. For example, assisting an audit client in matters such as preparing accounting records or financial statements may create a self-review threat when the firm subsequently audits the financial statements. • Advocacy Threat - “Advocacy Threat” occurs when a member of the assurance team promotes, or seems to promote, an assurance client’s position or opinion. That is, the auditor subordinates his judgment to that of the client. Examples of circumstances that may create this threat include: selling, underwriting or otherwise dealing in financial securities or shares of an assurance client; acting as the client’s advocate in a legal proceeding. • Familiarity Threat - “Familiarity Threat” occurs when an auditor becomes too sympathetic to the client’s interests because he has a close relationship with an assurance client, its directors, officers or employees. Examples of circumstances that may create this threat include: a member of the assurance team having an immediate family member or close family member who is a director or officer of the assurance client; a member of the assurance team having a close family member who is an employee of the assurance client and in a position to significantly influence the subject matter of the assurance engagement; • Intimidation Threat - “Intimidation Threat” occurs when a member of the assurance team may be deterred from acting objectively and exercising professional skepticism by threats, actual or perceived, from the directors, officers or employees of an assurance client. Two examples of intimidation threats are when an auditor is told he will be replaced based on a disagreement over application of an accounting principle and pressure to reduce the scope of the audit in order to reduce fees. Safeguards: • Safeguards Created by the Profession, Legislation or Regulation - Examples - Safeguards created by the profession, legislation or regulation, may include: educational, training and experience requirements to become a certified member of the profession; continuing education requirements; professional accounting, auditing and ethics standards and monitoring and disciplinary processes; peer review of quality control; and professional rules or legislation governing the independence requirements of the firm. • Safeguards Within The Assurance Client: Examples - Safeguards within the assurance client include: ratification by an audit committee of the assurance client’s management appointment of the audit firm; the assurance client has competent employees; the assurance client is committed to fair financial reporting; the client has internal procedures that ensure objective choices in commissioning nonassurance engagements; and the client has a corporate governance structure, such as an audit committee, that provides appropriate oversight of an assurance firm’s services. • Safeguards Within The Audit Firm - Examples - Safeguards within the audit firm’s own systems and procedures may include firm-wide safeguards such as the following: leadership stressing the importance of independence; designation of a member of senior management to oversee the adequate functioning of the safeguarding system; policies and procedures to assure quality control of assurance engagements; written independence policies; internal policies to monitor compliance with independence ethics; policies and procedures that will identify relationships between the firm or members of the assurance team and assurance clients;_15 policies and procedures to manage the reliance on revenue received from a single assurance client. IFAC code of ethics (World) n n n Oct 5, 2015 15 nC - Framework which applies to employed accountants defines the following principles: qConflict of loyalties qSupport for professional colleagues qProfessional competence qPresentation of information n q n q n • Conflict of Loyalties - Accountants who are employed by non-audit firms owe loyalty to their employer as well as to their profession, but there may be times when the two are in conflict. An employee’s normal priority should be to support his or her organization. However, an employee cannot legitimately be required to break the law, breach the ethics, rules, and standards of the accounting profession, lie to their employer’s auditors, or be associated with a statement that materially misrepresents the facts. Differences in view about the correct judgment on accounting or ethical matters should normally be raised and resolved within the employee’s organization, initially with the employee’s immediate superior and possibly with higher levels of management or non-executive directors. If employed accountants cannot resolve any material issue involving a conflict between their employers and their professional requirements they may have no other recourse but to resign. Employees should state their reasons for resigning to their employer but their duty of confidentiality normally precludes them from communicating the issue to others (unless legally or professionally required to do so). • Support For Professional Colleagues - An accountant, particularly one in a management position, should develop and hold his own judgment in accounting matters, but should deal with differences of opinion between him and his colleagues in a professional way. • Professional Competence - An accountant employed in industry, commerce, the public sector or education may be asked to undertake important tasks for which he has not had sufficient specific training or experience. When undertaking these tasks, an accountant should not mislead his employer as to his degree of expertise. Where it is appropriate, expert advice and assistance should be requested from the employer. • Presentation Of Information - A professional accountant is expected to present financial information fully, honestly and professionally and so that it will be understood in its context. Financial and nonfinancial information should be kept describing clearly the true nature of business transactions, assets or liabilities and whether transactions are recorded in a timely and proper manner. Business failure vs audit failure n n n Oct 5, 2015 16 nIt is necessary to distinguish between business failure and audit failure: qA business failure occurs when a business is unable to repay its lenders or meet the expectations of its investors because of economic or business conditions, such as a recession, poor management decisions, or unexpected competition in the industry. qAudit failure occurs when the auditor issues an incorrect audit opinion because it failed to comply with the requirements of auditing standards. nAudit risk - represents the possibility that the auditor concludes after conducting an adequate audit that the financial statements were fairly stated when, in fact, they were materially misstated. Audit risk is unavoidable, because auditors gather evidence only on a test basis and because well-concealed frauds are extremely difficult to detect. An auditor may fully comply with auditing standards and still fail to uncover a material misstatement due to fraud. n n Prudent person concept n n n Oct 5, 2015 17 nThere is agreement within the profession and the courts that the auditor is not a guarantor or insurer of financial statements. The auditor is expected only to conduct the audit with due care, and is not expected to be perfect. This standard of due care is often called the prudent person concept. It is expressed in Cooley on Torts* as follows: Every man who offers his service to another and is employed assumes the duty to exercise in the employment such skill as he possesses with reasonable care and diligence. In all these employments where peculiar skill is prerequisite, if one offers his service, he is understood as holding himself out to the public as possessing the degree of skill commonly possessed by others in the same employment, and, if his pretensions are unfounded, he commits a species of fraud upon every man who employs him in reliance on his public profession. But no man, whether skilled or unskilled, undertakes that the task he assumes shall be performed successfully, and without fault or error. He undertakes for good faith and integrity, but not for infallibility, and he is liable to his employer for negligence, bad faith, or dishonesty, but not for losses consequent upon pure errors of judgment. n. n n *Thomas McIntyre Cooley (1888). A Treatise on the Law of Torts: Or the Wrongs which Arise Independent of Contract. Callaghan, 2d ed., 899 p. Legal liability to client n n n Oct 5, 2015 18 nThe most common source of lawsuits against CPAs is from clients. The suits vary widely, including such claims as: qfailure to complete a nonaudit engagement on the agreed-upon date qinappropriate withdrawal from an audit qfailure to discover a theft of assets qbreach of the confidentiality requirements of CPAs. nTypically, the amount of these lawsuits is relatively small, and they do not receive the publicity often given to suits involving third parties. A typical lawsuit brought by a client involves a claim that the auditor did not discover an employee theft as a result of negligence in the conduct of the audit. The lawsuit can be for breach of contract, a tort action for negligence, or both. Tort actions are more common because the amounts recoverable under them are normally larger than under breach of contract. Tort actions can be based on ordinary negligence, gross negligence, or fraud. n n n Legal liability to client n n n Oct 5, 2015 19 nDefense from legal liability to client includes: qLack of Duty – the CPA firm claims that there was no implied or expressed contract. The CPA’s use of an engagement letter provides a basis to demonstrate a lack of duty to perform. Many litigation experts believe that a well-written engagement letter significantly reduces the likelihood of adverse legal actions. qNonnegligent Performance – the CPA firm claims that the audit was performed in accordance with auditing standards. Even if there were undiscovered misstatements, the auditor is not responsible if the audit was conducted properly. The prudent person concept establishes in law that the CPA firm is not expected to be infallible. Similarly, auditing standards make it clear that an audit is subject to limitations and cannot be relied on for complete assurance that all misstatements will be found. n Legal liability to client n n n Oct 5, 2015 20 qContributory Negligence - the auditor claims the client’s own actions either resulted in the loss that is the basis for damages or interfered with the conduct of the audit in such a way that prevented the auditor from discovering the cause of the loss. qAbsence of Causal Connection - to succeed in an action against the auditor, the client must be able to show that there is a close causal connection between the auditor’s failure to follow auditing standards and the damages suffered by the client. nThird parties include actual and potential stockholders, vendors, bankers and other creditors, employees, and customers. A CPA firm may be liable to third parties if a loss was incurred by the claimant due to reliance on misleading financial statements. A typical suit occurs when a bank is unable to collect a major loan from an insolvent customer and the bank then claims that misleading audited financial statements were relied on in making the loan and that the CPA firm should be held responsible because it failed to perform the audit with due care. q Legal liability to 3d parties n n n Oct 5, 2015 21 nThe leading auditing case in third-party liability was Ultramares Corporation v. Touche (1931), which established the Ultramares doctrine. In this case, the court held that although the accountants were negligent, they were not liable to the creditors because the creditors were not a primary beneficiary. In this context, a primary beneficiary is one about whom the auditor was informed before conducting the audit (a known third party). This case established a precedent that ordinary negligence is insufficient for liability to third parties because of the lack of privity of contract between the third party and the auditor, unless the third party is a primary beneficiary. nIn recent years, courts have broadened the Ultramares doctrine to allow recovery by third parties in more circumstances by introducing the concept of foreseen users, who are members of a limited class of users that the auditor knows will rely on the financial statements. nAlthough the concept of foreseen users may appear straightforward, courts have generated several different interpretations. At present, the three leading approaches taken by the courts that have emerged are described as follows: n Legal liability to 3d parties n n n Oct 5, 2015 22 qPrivity - case of Credit Alliance vs. Arthur Andersen & Co. (1986) when the New York State Court of Appeals upheld the basic concept of privity established by Ultramares and stated that to be liable (1) an auditor must know and intend that the work product would be used by the third party for a specific purpose, and (2) the knowledge and intent must be evidenced by the auditor’s conduct. qRestatement of Torts - foreseen users must be members of a reasonably limited and identifiable group of users that have relied on the CPA’s work, such as creditors, even though those persons were not specifically known to the CPA at the time the work was done. A leading case of this rule is Rusch Factors v. Levin. qForeseeable User - the broadest interpretation of the rights of third-party beneficiaries is to use the concept of foreseeable users. Under this concept, any users that the auditor should have reasonably been able to foresee as likely users of the client’s financial statements have the same rights as those with privity of contract. n Legal liability to 3d parties n n n Oct 5, 2015 23 nDefense from legal liability to 3d parties includes: qLack of Duty - contends lack of privity of contract. The extent to which privity of contract is an appropriate defense and the nature of the defense depends heavily on the approach to foreseen users in the country and the judicial jurisdiction of the case. qNonnegligent Performance – it is often used when an auditor was unsuccessful in using the lack of duty defense to have a case dismissed. If the auditor conducted the audit in accordance with auditing standards, that eliminates the need for the other defenses. Unfortunately, nonnegligent performance can be difficult to demonstrate to a court. qAbsence of Causal Connection – it often means nonreliance on the financial statements by the user. Absence of causal connection can be difficult to establish because users may claim reliance on the statements even when investment or loan decisions were made without considering the company’s financial condition. q n Civil liability under federal security law (USA) n n n Oct 5, 2015 24 nThe Securities Act of 1933 deals only with the reporting requirements for companies issuing new securities, including the information in registration statements and prospectuses. The only parties who can recover from auditors under the 1933 act are the original purchasers of securities. The amount of the potential recovery equals the original purchase price less the value of the securities at the time of the suit. (If the securities have been sold, users can recover the amount of the loss incurred.) nThe liability of auditors under the Securities Exchange Act of 1934 often centers on the audited financial statements issued to the public in annual reports submitted to the SEC as a part of annual Form 10-K reports. Every company with securities traded on national and over-the-counter exchanges is required to submit audited statements annually. Obviously, a much larger number of statements fall under the 1934 act than under the 1933 act. n n q n Recommended reading nArens et al. (2015) – chosen chapters will be uploaded to IS qCh. 4 (whole), 5 (whole except 5.1) nHayes et al. (2014) – chosen chapters will be uploaded to IS qCh. 2 (2.5), 3 (whole) nAICPA Code of Conduct + IFAC Code of Ethics n n Oct 5, 2015 25