It is vital that auditors in the United States understand the minimum set of ethical rules required by The International Federation of Accountants (IFAC) and the differences between these ethical standards set forth by the International Ethics Standards Board of Accounting (IESBA) component of the IFAC—standards that set the minimum standards that member organizations are permitted to formulate and enforce upon their own members—and the ethical standards enforced on public company auditors in the United States by the Public Company Accounting Oversight Board (PCAOB). Auditors must always comply with the ethical standards of their licensing body (e.g., a state board of accountancy in the United States) even if they are performing an audit in a jurisdiction (say Great Britain) that follows ISA. It is impossible to explore all the various combinations of ethical standards and sets of auditing standards (e.g., ISA) that can be encountered in practice. Accordingly, here we make a simplifying assumption that auditors in the United States, on public company audits, must follow PCAOB ethical standards while auditors in Great Britain must follow IFAC’s IESBA ethical standards. In this chapter we:
Hayes et al. (2005) define ethics as a set of moral principles, rules of conduct, or values. Ethics apply when an individual has to make a decision about various alternatives, with the alternatives having different moral consequences. The IFAC Code of Ethics for Professional Accountants states “The objectives of the accountancy profession are to work in the highest standards of professionalism, to attain the highest levels of performance and generally to meet the public interest” (p.16). The guidance is incorporated into the code (accessible at http://www.ifac.org). This code, which is specifically developed by the IESBA component of the IFAC, is intended to serve as a model on which to base national ethical guidance. It sets minimum standards for ethical codes of conduct that member organizations of the IFAC are permitted to use in setting standards for professional accountants who belong to those organizations. It seeks convergence between the IESBA’s standards and those of other national ethics-setting boards, with member organizations of the IFAC required to employ ethics standards at least as stringent as those contained in the IESBA’s code. Thus, an auditor who is licensed by a member organization of IFAC must comply with that member organization’s ethical standards. Given that standards of member organizations of IFAC must be at least as strict as those of IFAC’s IESBA itself, that auditor must comply with the stricter of the two sets of ethical standards. Similarly, an auditor who is both licensed by a state board of accountancy in the United States and is performing a PCAOB-related audit must follow the stricter of two sets of ethical rules, the state board’s ethics rules or the PCAOB’s ethics rules. As of June 1, 2014, 117 nations contained at least one accounting organization, which belonged to the IFAC. Some nations had more than one organization as a participating IFAC member. In the United States, both the American Institute of Certified Public Accountants (AICPA) and the Institute of Management Accountants were member organizations of the IFAC. Additional organizations, some in countries that had organizations that were members of the IFAC, were associated with the IFAC, and other countries contained organizations that were affiliated to the IFAC. As of June 1, 2014, the PCAOB was neither a member, associate, nor an affiliate of the IFAC.
IFAC member organizations are required to demonstrate that they are taking steps to remain in good standing, while associate member organizations are required to demonstrate that they are making progress towards membership (see www.ifac.org/about-ifac/membership/compliance-pro-gram). The IFAC states that its “...member organizations are required to apply ethical standards at least as stringent as the Code. Convergence to a single set of standards can enhance the quality and consistency of services provided by professional accountants throughout the world and can improve the efficiency of global capital markets. The Code requires professional accountants to comply with five fundamental principles: integrity; objectivity; professional competence and due care; confidentiality; and professional behavior.” Each member organization is required to provide and regularly update evidence of the steps it is taking to remain in compliance with the code in order to remain in good standing. Assuming compliance with this requirement and the effectiveness of the compliance monitoring program, it would appear that all member organizations in each of the 117 nations have ethics codes at least as stringent as those of the IFAC. How well these codes are actually enforced in a membership that girdles the globe is a different matter, one beyond the limits of this book. IFAC itself notes that, with respect to business ethics, “application of business ethics differs depending on the country, culture, and traditions, as well as the level of maturity in terms of regulation and enforcement of organizations’ legal responsibility and the expectations and duties of directors.” While this IFAC statement specifically addresses business ethics as opposed to professional accounting ethics, it has clear applicability to the accounting field as well (e.g., Kleinman, Lin, and Palmon 2014).
Understanding how well or poorly even ethics codes that have been converged between IFAC member organizations function is one thing; understanding how uniformly and effectively these consistent ethics codes have been or are being enforced on the individuals who belong to the IFAC member organizations is another. That latter task is beyond what can be accomplished here. Kleinman, Lin, and Palmon (2014), for example, note the many ways that accounting regulation’s effectiveness may differ between countries due to national culture, religion, and other factors despite the overall similarity of regulatory structure. We take the approach that the IFAC standards are followed by the member organizations and that the member organizations enforce these standards on individuals who are their members. The PCAOB, though, is neither a member nor an associate of the IFAC and, therefore, is not required to have its ethics code converge with that of the IFAC’s code, as set forth by the IESBA. Accordingly, the rest of the chapter proceeds with a comparison between the IFAC’s own code and the ethics rules used by the PCAOB. Given that the PCAOB, with its Auditing Standard 1, adopted on April 16, 2003, adopted as its own the then extant AICPA ethics standards, there may be few differences between the IFAC standards and the PCAOB standards.
Familiarity with both IFAC’s IESBA Code of Ethics for Professional Accountants (IESBA Code), in addition to the AICPA Code of Professional Conduct (AICPA Code), is very important for auditors. According to Allen (2010) writing in the Journal of Accountancy, the IESBA and AICPA codes are quite similar. However, some differences are significant. It is important to briefly review these differences. Some key differences are:
Among the sets of ethics rules that the AICPA Code mentions are the ethics rules set forth by the PCAOB. Accordingly, we focus here on the PCAOB ethics rules for auditors, rules which are binding on all auditors on PCAOB audits, whether or not they are members of the AICPA. The AICPA notes, in the preamble to the new set of ethics rules issued on June 1, 2014, that “By accepting membership, a member assumes an obligation of self-discipline above and beyond the requirements of laws and regulations” (AICPA 2014). Thus, AICPA members consulting this book should be aware that they are responsible for adhering to the strictest of PCAOB or AICPA rules. This book, though, is geared to researchers, managers, and students. Accordingly, we focus on comparing ISA ethics rules with PCAOB ethics rules and do not dwell on whether or not the auditor is a member of the AICPA. The PCAOB has not, as yet, changed its own set of ethics rules to fit with those just released (6/1/14) by the AICPA.
It provides, for example, an illustration of how providing nonassurance services to an audit client may threaten an accounting firm’s independence. The code provides many other examples.
There are fundamental principles of ethics in these codes that are applicable to all accountants. They are:
When disclosure is authorized by the employer or client, the accountants should consider the interests of all the parties, including third parties who might be affected. Hayes et al. cite two examples that we reproduce here. One example is disclosure of client information required by law when the accountant has to produce documents or give evidence in legal proceedings. Another example is disclosure of infringements of the law to appropriate public authorities. In the United States, accountants may be required to give evidence in court, and in the Netherlands and UK, auditors may be required to disclose fraud to government appointed authorities. Confidentiality of information is part of statutory or common law and, therefore, requirements of confidentiality will depend on the law of the home country of the accountant.
IFAC notes that an accountant may perform services in a country other than his or her home country. If differences exist between ethical requirements of the two countries, IFAC states that the following provisions should be applied when:
This is applicable to the AICPA Code as well. In this respect, the AICPA and the IFAC appear to have arrived at consistent judgments on this issue. This consistency reflects the AICPA’s objective of ensuring commonality with the international code.
The independence of the auditor from the firm that is being audited is one of the basic requirements to ensure public confidence in the reliability of the audit report. Independence adds credibility to the audit report on which investors, creditors, employees, government, and other stakeholders depend to make decisions about a company. Accordingly, we focus on ethics and auditor independence here. As Hayes et al. note that, across the world, national rules on auditors’ independence differ in several respects. Differences cited by Hayes include:
In the United States, the Sarbanes Oxley Act of 2002 provides limited independence requirements, requirements which are consistent with the preferences of the U.S. Securities Exchange Commission. The latter has the authority to approve or reject PCAOB independence-related requirements such as the PCAOB’s somewhat recently adopted rules 3502 and 3521 to 3525. The European Commission Council Directive 84/253/EEC (EU Eighth Company Law Directive 2006) gives discretionary power to member states to determine the conditions of independence for a statutory auditor. To provide each EU country with a common understanding of this independence requirement, the European Union Committee on Auditing developed a set of fundamental principles. These are set out in a Commission recommendation called Statutory Auditors’ Independence in the EU: A Set of Fundamental Principles. Most of the requirements are based on the rules set forth by IFAC which we now discus. We note that there are many commonalities There are many commonalities between ISA and PCAOB. However, we do not delve into this because addressing commonalities is not our focus. Rather, our focus is on focusing on divergences and implications thereon.
According to the IFAC Section 290.6, independence requires both (a) independence in mind and (b) independence in appearance.
According to Section 290.8, this refers to a state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgment, allowing an individual to act with integrity and exercise objectivity and professional skepticism.
The avoidance of facts and circumstances that are so significant that a reasonable and informed third party, having knowledge of all relevant information, including safeguards applied, would reasonably conclude a firm’s or an assurance team member’s integrity, objectivity, or professional skepticism had been compromised.
Section 290 of ISA describes the threats to an auditor’s independence. The following are considered to be threats that the auditor should be wary of.
Financial interest threats occur when an auditor could benefit from a monetary interest in an assurance client. Section 290.104 states that a financial interest in an assurance client may create a self-interest threat. When evaluating the type of financial interest, consideration should be given to the fact that financial interests range from those where the individual has no control over the investment vehicle or the financial interest held (e.g., a mutual fund, unit trust, or similar intermediary vehicle) to those where the individual has control over the financial interest (e.g., as a trustee) or is able to influence investment decisions. In evaluating the significance of any threat to independence, it is important to consider the degree of control or influence that can be exercised over the intermediary, the financial interest held, or its investment strategy. When control exists, the financial interest should be considered to be direct. Conversely, when the holder of the financial interest has no ability to exercise such control, the financial interest should be considered to be indirect.
Section 290.106 clearly states that, if a member of the audit team providing assurance services or their immediate family member has a direct financial interest or a material indirect financial interest in the client, the threat created would be so significant that the only safeguards available to eliminate the threat or reduce it to an acceptable level would be to dispose of the direct financial interest prior to the individual becoming a member of the assurance team. If a member of the audit team or their immediate family member has an indirect financial interest, then they should dispose of the indirect financial interest in total or dispose of a sufficient amount of it so that the remaining interest is no longer material prior to the individual becoming a member of the assurance team. The AICPA’s Code of Ethics (2014) defines materiality as ownership of 5 percent or more of the outstanding shares of stock in a company or, say, a mutual fund (see, e.g., Section 1.240.010, entitled Overview of Financial Interests in the AICPA’s revised ethics code). The PCAOB’s Interim Standard AU 220 does not include this quantitative definition, leaving the notion of materiality to the auditor’s prudent discretion.
Section 290.107 also notes that during the period prior to disposal of the financial interest or the removal of the individual from the assurance team, consideration should be given to whether additional safeguards are necessary to reduce the threat to an acceptable level. The safeguards suggested by Section 290.107 are:
Section 290.110 also notes that consideration should also be given to partners and their immediate family members who are not members of the assurance team. Whether the interests held by such individuals may create a self-interest threat will depend on such factors as:
In order to prevent violation, and subsequent lawsuits, Section 290.11 in paragraph (a) recommends that:
Section 290.127 notes that a loan, or guarantee of a loan, from an assurance client that is a bank or a similar institution to a member of the assurance team or their immediate family would not create a threat to independence provided the loan is made under normal lending procedures, terms, and requirements. Examples of such loans include home mortgages, bank overdrafts, or car loans and credit card balances.
This threat occurs when a member of the assurance team promotes, or seems to promote, an assurance client’s opinion. Section 290.150 provides examples of such instances. In essence, the auditor seems to agree with the client’s stance in a situation that creates doubts as to why the auditor should agree with the stance of the client. That is, the auditor agrees with the client in a situation in which there seems to be insufficient reason to support the client’s stance as opposed to the available reasons to oppose the client’s stance.
This occurs when an auditor becomes too sympathetic to the client’s interests because the auditor has a close relationship with an assurance client, its directors, officers, or employees. Examples of these threats are discussed in Section 290.135. This threat occurs when an immediate family member of a member of the assurance team is a director, an officer, or an employee of the assurance client and is in a position to exert direct and significant influence over the subject matter information of the assurance engagement. Threats can be removed by (reference provided in Section 290.138):
It must also be noted that, in some countries, the range of problematic relationships may be wider than a spouse or dependent (e.g., the child or its spouse, the parent or grandparent, parent-in-law, brother, sister, or brother-in-law or sister-in-law of the client). This could happen if the same senior personnel on an assurance engagement have been used over a long period of time. This could also happen if a member of the assurance team has an immediate family member or close family member who is a director or an officer of the assurance client. Another example is if the member of the assurance team has a close family member who is an employee of the assurance client and, hence, is in a position to significantly influence the subject matter of the assurance engagement. Acceptance of gifts is another indicator of the familiarity threat (unless the value is clearly insignificant).
In the case of a financial statement audit, Section 290.154 notes that using the same engagement partner or the same individual responsible for the engagement quality control review over a prolonged period may also create a familiarity threat. Accordingly, auditors may be better prepared to defend their work should litigation arise if the engagement partner and the individual responsible for the engagement quality control review are rotated after serving in either capacity or a combination thereof. Section 290.154 provides that the engagement partner and the individual responsible for the engagement quality control review should be rotated after having served for seven years and, upon rotation of the engagement, should not participate in any capacity in the audit until two years have elapsed. However, Section 290.156 provides some flexibility to auditors. If rotation has not occurred as required in Section 290.154, then the standard states that the auditor can still protect himself or herself if the auditor can prove the following:
This occurs when a former officer, director or employee of the assurance client serves as a member of the assurance team. In the case of a financial statement audit engagement, Section 290.149 notes that if a partner or employee of a network firm were to serve as an officer or as a director on the board of the audit client, the threats would be so significant that no safeguard would reduce the threats to an acceptable level. The only course is for the auditor to withdraw from the audit engagement.
This relates to the provision of non-assurance services. Audit firms have traditionally provided to their clients a range of non-assurance services consistent with their skills and expertise. As discussed in Section 290.167, assisting a financial statement audit client in matters such as preparing accounting records or financial statements may create a self-review threat when the financial statements are subsequently audited by the firm. A self-review threat exists when an auditor may be reluctant to report a problem that problem originates because of the auditor’s error. Self-review threats can also occur in the following situations as explained in Section 290.159:
All these are self-review threats because the auditor is subsequently auditing transactions over which the auditor had authority and checking assets over which the auditor had custody or checking the work of employees whom the auditor supervised in the performance of their duties.
While allowing the above mentioned activities by the auditor, section 290.167 notes that, while it is the responsibility of financial statement audit client management to ensure that accounting records are kept and financial statements are prepared, they can request the audit firm to provide assistance for clients whose shares are not listed on a stock exchange. However, the section notes, that while this is acceptable, the auditors must not be in a position where they can influence management decisions for these unlisted clients. Noted examples of management decisions include:
Section 290.169 notes that a self-review threat could also be created if the firm developed and prepared prospective financial information and subsequently provided assurance on this prospective financial information. Prospective financial information is material that gives management’s view as to what the firm’s financial information will look like in the future.
If the client is not listed on a stock exchange, the audit firm may provide accounting and book keeping services including payroll services of a routine or mechanical nature. These include
According to Section 290.170, the significance of any threat created should be evaluated, and if the threat is other than clearly insignificant, safeguards should be considered and applied as necessary to reduce the threat to an acceptable level. Safeguards noted in the standard include:
If the audit client is listed on a stock exchange, then bookkeeping services, including payroll services and the preparation of financial statements or financial information are prohibited.
Valuation service is defined in Section 290.174 as comprising the making of assumptions with regard to future developments, the application of certain methodologies and techniques, and the combination of both in order to compute a certain value, or range of values, for an asset, liability, or a business as a whole. Section 290.176 notes that, if the valuation service involves the valuation of matters material to the financial statements and the valuation involves a significant degree of subjectivity, a self-review threat is created, and hence, such services are prohibited.
However, valuation services may be allowed under Section 290.177 if the services are neither separately nor in the aggregate material to the financial statements or do not involve a significant degree of subjectivity. This is because it is felt that this may create a self-review threat that could be reduced to an acceptable level by the application of safeguards. Noted safeguards could include:
Taxation services according to Section 290.180 comprise a broad range of services, including compliance, planning, provision of formal taxation opinions, and assistance in the resolution of tax disputes. Such assignments are allowed because they are not seen to be threats to independence.
Section 290.182 defines internal audit services as services involving an extension of the procedures required to conduct a financial statement audit in accordance with international standards on auditing. This is not considered to impair auditor’s independence and is allowed. However, performing a significant portion of the financial statement audit client’s internal audit activities may create a self-review threat. While this is still allowed, Section 290.185 states that adequate safeguards should be applied in all circumstances to reduce the threats created to an acceptable level. Noted safeguards include the following:
Section 290.193 defines litigation support services as including activities such as acting as an expert witness, calculating estimated damages or other amounts that might become receivable or payable as the result of litigation or other legal dispute, and assistance with document management and retrieval in relation to a dispute or litigation. Conflicts of interest could arise if the auditor is engaged in both auditing and litigation services because the litigation function requires the auditor to be an advocate for the client. Acting as an advocate for the client is in conflict with the duty of the auditor to practice with professional skepticism.
According to Section 290.194, litigation support services will not be prohibited if the auditor evaluates the significance of threats to independence by examining:
The audit firm is then required to reduce the threat to an acceptable level by including safeguards such as:
Information Technology (IT) systems services are defined as services that involve the design and implementation of financial information technology systems that are used to generate information forming part of a client’s financial statements. While this is considered to impair auditor’s independence under self-review threats, Section 290.188 does allow the provision of such services by an auditor if safeguards are in place. These safeguards require the audit client to:
The lending of staff by an audit firm to its client while potentially creating a self-review threat is allowed if the auditor is not allowed to do the following activities under Section 290.192:
Further, it is required that:
Legal services encompass a wide and diversified range of areas including both corporate and commercial services to clients such as contract support, litigation, mergers and acquisition advice, and support and provision of assistance to clients’ internal legal departments. This is allowed provided safeguards are met. Section 290.201 stipulates the following safeguards:
The recruitment of senior management for an assurance client may create self-interest, familiarity, and intimidation threats. The severity of the threat may depend on factors such as (a) the role of the person to be recruited and (b) the nature of the assistance sought. Despite this, providing such services by an audit client are allowed under Section 290.203 if adequate safeguards are met. The definition of adequate safeguards is provided in Section 290.163. In summary these safeguards include:
Corporate finance and similar activities include activities such as promoting, dealing in, or underwriting of a client’s shares or consummating a transaction on behalf of the client. Section 290.204 notes that the provision of corporate finance services, advice, or assistance to an assurance client may create advocacy and self-review threats. It is held that the independence threats could be so significant that no safeguards could be applied to reduce the threats to an acceptable level. For example, promoting, dealing in, or underwriting of an assurance client’s shares is not compatible with providing assurance services. However, Section 290.205 does provide exceptions to the general rules for certain types of corporate finance activities. The general exceptions noted in the section include:
Section 103(a) of the Sarbanes Oxley Act of 2002 directs the PCAOB to establish “ethics standards to be used by registered public accounting firms in the preparation and issuance of audit reports”. Moreover Section 103(b) of the Act directs the Board to establish rules on auditor independence “as may be necessary or appropriate in the public interest or for the protection of investors, to implement, or as authorized under Title II of the Act.”
In early 2003, the SEC adopted new independence rules in order to implement Title II of the Act. Neither the Act nor the SEC’s 2003 independence rules prohibit tax services as long as the services are preapproved by the company’s audit committee and do not fall into one of the categories of expressly prohibited services. This is similar to the IFAC rules, which were discussed earlier. However, the major difference between the IFAC Code of Ethics and the ethics standards proposed by the PCAOB relates to the tax services. Since the SEC issued its new rules, two types of tax services have raised serious questions in the United States. First, the IRS and the U.S. Department of Justice have brought a number of cases against accounting firms advising client firms on tax shelters for their products. Audit firms have also been criticized for advising senior executives of clients whom they are auditing regarding tax shelters. Although such advice is not considered illegal, it is considered highly unethical because companies and their executives are being advised on how to evade tax by abusing tax shelter laws. Some have questioned whether an auditor’s provision of such services could lead to self-interest threats to independence. If the auditor charges contingent fees for such services, this could impair independence. This issue, to date, has not been raised in Europe and by the IFAC.
In order to deal with this, the PCAOB has issued rules on this. (Initially the PCAOB, when it began its work in 2003, adopted all the then existing AICPA rules as interim rules before making changes and amendments (see PCAOB Rule 3500T.)) Relevant PCAOB rules are as follows:
This treats registered public accounting firms as not independent of their audit clients if they enter into contingent fee arrangements with those clients.
Rule 3522(a) treats a registered public accounting firm as not independent of an audit client if the firm provides services related to planning or opining on the tax consequences of a transaction that is a listed or confidential transaction under Treasury regulations.
In addition, Rule 3522(b) included a provision that treats a registered public accounting firm as not independent if the firm provides services related to planning or giving an opinion on a transaction that is based on an aggressive interpretation of applicable tax laws and regulations.
Rule 3523 sets a new requirement to treat a registered public accounting firm as not independent if the firm provided tax services to officers in a financial reporting oversight role of an audit client.
Rule 3524 requires a registered public accounting firm to seek pre-approval for tax services and to supply the audit committee with detailed information about tax services provided and discuss with the audit committee the potential effects of the services on the firm’s independence and to document the substance of that discussion.
Rule 3502 codifies the principle that persons associated with a registered public accounting firm should not cause the firm to violate relevant laws, rules, and professional standards due to an act or omission the person knew or should have known would contribute to such violation.
In this chapter, we discussed the ethical standards required by the IFAC. These standards are followed by all countries in the EU and most other industrialized and developing countries. We also discussed the key differences between the ethical standards in the United States, as set by the PCAOB, and in Europe. The main differences in standards relates to the provision of tax services and certain other consulting services. These are seen as more complex in the U.S. relative to other countries. Finally, we comment that the process of establishing ethical principles is complicated. In France and Japan, the ethical code is part of the law. In the United States, Singapore, Mexico and the UK, the standards are developed and regulated by professional bodies. As we noted in Chapter 2, violation of the ethical standards could subject the auditor to sanction by the court in certain instances by professional bodies and may also result in the suspension of the auditor’s right to practice before the SEC in the United States.
The key takeaway from this chapter is the general similarity between the ethical standards implemented in the United States and and those enforced by IFAC. However, similar does not mean identical, and therefore, the reader must be careful to relate the relevant ethical code to the geographic area or nation that they are interested in. Also, the reader must be aware that organizations that belong to IFAC must have ethical codes that are at least as strict as those set forth by IFAC. Different countries will have different specific restrictions that are relevant to proposed auditor behavior in those nations. They should also be aware of any differences in acceptable auditor behavior for listed as opposed to unlisted clients and adjust their expectations of appropriate auditor behavior accordingly. This overview will help readers to decide where further, if anywhere, they need to go for additional information.