When ethics appears in an optional question in the Paper P7 exam, it is often a popular choice for candidates, but their answers often lack detail and are not well applied to the question scenario. This article aims to assist candidates in terms of knowledge and question technique when tackling a question on ethics
Paper P7, Advanced Audit and Assurance often contains question scenarios and requirements dealing with ethical issues, in both the compulsory and optional questions. When ethics appears in an optional question, it seems to be a popular choice for candidates in the exam, but answers are often lacking in detail and not well applied to the question scenario. The purpose of this article is to assist candidates in terms of knowledge and question technique when tackling a question on ethics.
The IESBA Code
IESBA’s (IFAC’s) Code of Ethics for Professional Accountants provides a conceptual framework that requires a professional accountant to identify, evaluate, and address threats to compliance with the fundamental principles. The conceptual framework approach should assist professional accountants to comply with the ethical requirements of the IESBA Code, and to serve the public interest. Guidance is provided in several areas: the identification of threats; the evaluation of the significance of those threats; and the use of safeguards that may serve to reduce threats to an acceptable level. In addition there are circumstances in which safeguards cannot reduce a threat to an acceptable level, and guidance is given on this also. Each of these points is discussed below.
Threats to compliance with the fundamental principles
The IESBA Code states that threats may be created by a broad range of relationships and circumstances. A circumstance or relationship may create more than one threat, and a threat may affect compliance with more than one fundamental principle.
The threats to compliance are listed and described as follows in the IESBA Code:
- Self-interest threat – the threat that a financial or other interest will inappropriately influence the professional accountant’s judgment or behaviour.
- Self-review threat – the threat that a professional accountant will not appropriately evaluate the results of a previous judgment made or service performed by the professional accountant, or by another individual within the professional accountant’s firm or employing organisation, on which the accountant will rely when forming a judgment as part of providing a current service.
- Advocacy threat – the threat that a professional accountant will promote a client’s or employer’s position to the point that the professional accountant’s objectivity is compromised.
- Familiarity threat ─ the threat that due to a long or close relationship with a client or employer, a professional accountant will be too sympathetic to their interests or too accepting of their work.
- Intimidation threat – the threat that a professional accountant will be deterred from acting objectively because of actual or perceived pressures, including attempts to exercise undue influence over the professional accountant.
Exam technique point – when answering exam requirements, candidates often simply state that a situation creates a threat, for example an answer may state ‘this situation creates a self-interest threat’ but without further explanation. Candidates must explain why a situation creates a particular threat in order to gain full credit, i.e. the answer must be tailored and specific to the scenario. Some candidates take a scattergun approach to their answer and simply list out all of the threats in the hope that one or more will be relevant to the scenario. Again, this approach is wasteful of time in the exam, as full credit can only be given where the correct threat or threats have been identified and also explained.
The evaluation of the significance of threats
The IESBA Code requires that a professional accountant shall take qualitative as well as quantitative factors into account when evaluating the significance of a threat. This is a matter of judgment and the matters that form part of the evaluation will depend on the type of threat that exists. Some examples are given below for several types of threat to illustrate the evaluation:
Family and personal relationships
A close personal relationship between a member of the audit team and an employee of a client company can create self-interest, intimidation, and familiarity threats to objectivity because the audit team member may not be sufficiently sceptical of, or sympathetic towards the employee with whom they have a relationship. In evaluating the significance of this threat, the seniority of the member of the audit team and of the client employee should be considered, as the threat is more significant for more senior personnel who have more influence over the preparation and audit of the client’s financial statements.
Gifts and hospitality
A client’s offer of gifts or hospitality to a member of the audit team can give rise to a self-interest threat to objectivity because the offer may sway the judgment of the auditor in favour of the client. In evaluating the significance of this type of threat matters such as the nature and monetary value of the gift or hospitality to both the client and the auditor, and the intention of the offer should be considered. For example, large value gifts will not represent a more significant threat than say a client buying lunch for a member of the audit team during the audit.
Providing non-assurance services to audit clients
The audit firm providing non-audit services to audit clients may create a self-review threat because the service provided may affect transactions recorded in the financial statements, on which the auditor must then express an opinion. In addition, a self-interest threat may arise due to the income generated from providing the non-assurance service, and advocacy threats may arise depending on the type of service provided. Evaluating the significance of the threats created could include, but are not limited to, considering the materiality of any balances, transactions or disclosures impacted by the service provided, the level of fee that is charged for providing the service, and the level of management involvement and level of management expertise in relation to the subject matter of the service.
Exam technique point – evaluating the level of significance of an identified threat or threats is a higher level skill that candidates should try to display. This could be through a proper explanation and conclusion as to whether an identified threat or threats are significant, or by prioritising the threats that have been identified.
The use of safeguards
Safeguards are necessary when the auditor concludes that the identified threats are at a level at which compliance with the fundamental principles is compromised. In other words, safeguards should be applied, when necessary, to eliminate the threats or reduce them to an acceptable level. Safeguards fall into two broad categories:
Safeguards created by the profession, legislation or regulation – this may include for example, the requirements of professional standards, corporate governance regulations and education and training of auditors.
Safeguards in the work environment – the IESBA Code gives examples of two types of safeguards in the work environment – those that are firm-wide, and those that are engagement-specific. Examples of firm-wide safeguards include, but are not limited to:
- Policies and procedures to implement and monitor quality control of engagements.
- Policies and procedures that will enable the identification of interests or relationships between the firm or members of engagement teams and clients.
- Policies and procedures to monitor and, if necessary, manage the reliance on revenue received from a single client.
- Using different partners and engagement teams with separate reporting lines for the provision of non-assurance services to an assurance client.
- Policies and procedures to prohibit individuals who are not members of an engagement team from inappropriately influencing the outcome of the engagement.
- Advising partners and professional staff of assurance clients and related entities from which independence is required.
- A disciplinary mechanism to promote compliance with policies and procedures.
Examples of engagement-specific safeguards include, but are not limited to:
- Having a professional accountant who was not a member of the assurance team review the assurance work performed or otherwise advise as necessary.
- Consulting an independent third party, such as a committee of independent directors, a professional regulatory body or another professional accountant.
- Discussing ethical issues with those charged with governance of the client.
- Disclosing to those charged with governance of the client the nature of services provided and extent of fees charged.
- Rotating senior assurance team personnel.
The auditor may also be able to rely to an extent on safeguards implemented by the client, if they are relevant to the threat or threats identified. However the IESBA Code states that it is not possible to rely solely on such safeguards to reduce threats to an acceptable level.
Examples of safeguards within the client’s systems and procedures include:
- The client requires persons other than management to ratify or approve the appointment of a firm to perform an engagement.
- The client has competent employees with experience and seniority to make managerial decisions.
- The client has implemented internal procedures that ensure objective choices in commissioning non-assurance engagements.
- The client has a corporate governance structure that provides appropriate oversight and communications regarding the firm’s services.
Exam technique points – Requirements often ask candidates to recommend actions to be taken by the audit firm, or to comment on ethical matters raised in a scenario, both of which indicate that appropriate safeguards should be described in the answer. First, it is important that safeguards described in answering requirements are specific to the threat or threats identified. Second, different types of safeguards may be described, including those created by the profession, legislation or regulation if relevant, such as the prohibition of an action such as the provision of certain types of non-assurance service, as well as firm-wide and engagement specific safeguards. More than one safeguard may be relevant to an identified threat, and so it may be appropriate to discuss or recommend a range of safeguards.
Situations where threats cannot be eliminated or reduced to an acceptable level
An auditor may encounter a situation in which threats cannot be eliminated or reduced to an acceptable level, either because the threat is too significant or because appropriate safeguards are not available or cannot be applied. In such situations, the IESBA Code requires the auditor to decline or discontinue the specific professional service involved or, when necessary, resign from the audit engagement.
Exam technique point – it is a matter of professional judgment to decide if an audit engagement or other professional service should be declined or discontinued due to the severity of threats and/or lack of appropriate safeguards. If relevant in a scenario candidates should carefully explain why the threats are so severe, or why appropriate safeguards cannot be employed, remembering that withdrawing from an audit engagement is a last resort and will need to be appropriately justified.
Matters specific to candidates attempting the UK, IRL and SGP adapted papers
The Financial Reporting Council issues Ethical Standards for Auditors, which are examinable documents for candidates attempting the UK and IRL adapted papers. The Ethical Standards contain broadly similar guidance to the IESBA Code, and promote the use of a conceptual framework based on the same principles as the IESBA Code for the identification and evaluation of threats, and the use of appropriate safeguards. Candidates are expected to understand of the main provisions of the Ethical Standards as they form an important part of the regulatory framework for auditors in the UK and Ireland.
Similarly, candidates attempting the SGP adapted paper are expected to be aware of the principles and requirements of The Institute of Certified Public Accountants of Singapore (ICPAS) Code of Professional Conduct and Ethics which is an examinable document.
Questions containing requirements on ethics are a common feature of Paper P7, and candidates should follow the technical content and exam technique points provided in this article to enhance their understanding of this area of the syllabus. In particular, answers should emulate the conceptual framework approach to ethics by identifying and explaining the types of threat present in a scenario, evaluating the level of significance of the threat, and identifying appropriate safeguards. In cases where threats cannot be mitigated by the use of safeguards and an engagement be declined or withdrawn from, the rationale for this should be clearly explained.
Written by a member of the Paper P7 examining team