You are on page 1of 29

Audit and Assurance

Lecture 5
Professional Ethics and Codes
of Conduct

Fundamental principles
The application of professional ethics
The law regulates some aspects of auditing, to a
degree. Company law regulates the requirement
for external auditing, but internal auditing is not
normally subject to statutory regulation
However, all accountants who are members of a
professional body are required to comply with a
code of ethics and regulations of that professional
Such professional regulations therefore apply to
both external auditors and assurance providers
and internal auditors
In providing a code of ethics, the professional
body is complying with one of its regulatory

Fundamental principles
Code of ethics and conduct

Professional competence
and due care
Professional behaviour

Members shall be
straightforward and honest in
all professional and business
Integrity implies not just
honesty but also fair dealing
and truthfulness

Members should not allow bias, conflicts of
interest or undue influence of others to
override their professional or business
The auditor must remain impartial and
independent of management, so that he can
give an objective opinion on the financial
statements of an entity
The onus is always on the auditor not only to
be ethical but also to be seen to be ethical

Professional Competence
Members have a duty to maintain their
professional knowledge and skill at
such a level that a client or employer
receives a competent service, based
on current developments in practice,
legislation and techniques
Members should act diligently and in
accordance with applicable technical
and professional standards

Due skill and care

It is a fundamental principle that members of a professional body
should carry out their work with professional competence and
due care
The concept of due care or reasonable care is important. The
implication is that audit work performed by an auditor for a client
must be adapted to the specific circumstances and characteristics
of the client. There is no such thing as a standard audit.
If the auditor fails to exercise a proper degree of care, a number of
consequences may follow:
There may be legal claims against the auditor
There may be disciplinary proceedings against the auditor by the
professional body
The auditor or audit firm may earn a reputation in the business
community for poor standards of work, and may therefore lose

Members should respect the confidentiality
of information acquired as a result of
professional and business relationships and
should not disclose such information to third
parties without authority or unless there is a
legal or professional right or duty to disclose
Confidential information acquired as a result
of professional and business relationships
should not be used for the personal
advantage of members or third parties.

Professional Behaviour
Members should comply with
relevant laws and regulations and
should avoid any action which
discredits the profession
They should behave with courtesy
and consideration towards all with
whom they come into contact in a
professional capacity

Disciplinary regime
Members of a professional body are
required to follow proper standards
of professional conduct
The professional body takes
disciplinary action against members,
firms and students where there is
evidence of a sufficiently serious
failure to observe those standards.

Conceptual framework
The application of the fundamental
principles set out above is considered
within a conceptual framework
This framework acknowledges that
these principles may be threatened by a
broad range of circumstances
This approach identifies the following
five potential categories of threats to
the fundamental principles


Self-interest threat (for example, if the auditor earns

a large proportion of his revenue from a particular
client, he may be unwilling to upset that client by issuing an
unfavourable audit report)
Self-review threat (for example, if the auditor
performs accountancy work for a client in addition to
the audit, he may find himself in a situation where he is
reviewing his own work and may therefore not be as critical
of it as he might be if he was reviewing someone elses
Advocacy threat (for example, supporting the client
in a legal case may lead to a perceived loss of
Familiarity threat (for example, acting for a client for
a long period of time may mean that the auditor
becomes less critical of that clients reporting practices)

Safeguards which may remove or
reduce threats to members fall into
three categories:
safeguards created by the profession,
legislation or regulation
safeguards in the work environment
safeguards created by the individual

Safeguards created by the

Profession, Legislation or
Educational, training and experience requirements
for entry into the profession
Continuing professional development requirements
Corporate governance regulations
Professionals standards (such as ISAs)
Professional or regulatory monitoring and
disciplinary procedures (professional bodys own
disciplinary procedures)
External review by a legally empowered third party
(such as a regulator appointed by the Government)
of the reports or information produced by a member

Safeguards in the Work


The employers own systems of monitoring and ethics

Recruitment procedures, ensuring that only high-calibre,
competent staff are recruited
Appropriate disciplinary processes
Strong internal controls
Leadership that stresses the importance of ethical behaviour and
which expects employees to behave ethically
Policies and procedures to implement and monitor the quality of
employee performance
Policies and procedures to implement and monitor the quality of
Documented policies regarding the identification of threats to
compliance with the fundamental principles, the evaluation of
those threats and the implementation of appropriate safeguards
Communication of such policies and procedures and training on

Safeguards created by the

Complying with continuing professional
development requirements
Keeping records of contentious issues and
approach to decision-making
Having a broader perspective on how other
organisations operate by forming business
relationships with other professionals
Using an independent mentor
Keeping in contact with legal advisors and
professional bodies

Duty of confidentiality
One of the reasons for this requirement for
auditors is that auditors need to obtain full
and open disclosure of information from a
client in order to carry out their duties. If
the client cannot be assured of the
confidentiality of this information, he may
be unwilling to provide the auditors with
all the information that they need

Exceptions to the duty of

Obligatory disclosure
Obliged to disclose relevant information to an
appropriate authority if he knows, or has reason to
suspect, that a client has committed treason,
terrorism, drug trafficking, or money laundering
Obliged to disclose information if forced to do so by
the process of law (for example, a court case
might require the production of audit documents for
inspection by the court)
In these circumstances, the requirements of the law
override the duty of confidentiality

Exceptions to the duty of

Voluntary disclosure
To protect the members interests (for example,
in making a defence against an official
accusation of professional negligence)
In the public interest (for example, making
disclosures to the tax authorities of noncompliance by a client company with tax
When authorised by local statute
To non-governmental bodies which have the
power to force such disclosure

Conflicts of Interest
Conflicts between Members and Clients

Members or firms should not accept

or continue an engagement where
there is a conflict of interest between
the member or firm and its client
The test is whether a reasonable
and informed third party would
consider the conflict of interest as
likely to affect the judgement of the
member or the firm

Conflicts of Interest
Conflicts between Competing Clients
An firm might act for two clients that are in
direct competition with each other
The firm has a professional duty of
confidentiality, and so will not disclose
confidential information about one client
company to its competitor
Again, the test is whether a reasonable
and informed third party would consider
the conflict of interest as likely to affect the
judgement of the firm

Obtaining a new audit


Advertising and publicity

Fee negotiation

Accepting an audit appointment:

ethical matters
Before accepting an appointment, the audit firm should take the
following steps:
It should assess whether acceptance would create any threats to
compliance with the fundamental principles. For example, a personal
relationship between a partner at the firm and a senior member of the
clients staff could create a threat to objectivity Lack of technical
expertise could create a threat to professional competence and due care.
It should ensure that resources are available to complete the audit
assignment; in particular, it must ensure that there will be sufficient
staff (of the right level of expertise) available at the right time. Again, not
to have sufficient resources available would create a threat to
professional competence and due care.
It should take up references on the proposed client company and its
directors, if they are not already known to the auditors. This is usually
referred to as client screening.

Accepting an audit appointment:

ethical matters
It should communicate with the current auditors, if there are
any, to establish if there are any matters that it should be aware of
when deciding whether or not to accept the appointment
The following points should be noted in connection with
communicating with the current auditors:
Client permission is required for any such communication. If the client refuses
to give its permission, the appointment as auditor should not be accepted
If the client does not give the current auditor permission to reply to any
relevant questions, the appointment as auditor should not be accepted
If the current auditor does not provide any information relevant to the
appointment, the new auditor should accept or reject the engagement based
on other available knowledge
If the current auditor does provide such information, the new auditor should
assess all the available information and take a decision about whether or not
to accept the audit work

Procedures after accepting an

After accepting the appointment as auditor, the
audit firm should take the following
It should ensure that the current auditor (if any)
has resigned from the audit in a proper manner,
or has been removed from office in accordance
with any appropriate local legislation
It should ensure that its appointment is valid in
law and is properly documented
It should prepare and submit an engagement
letter to the board of the new client

Engagement letters (ISA

Having accepted an appointment as
auditor of a client company, the audit
firm should submit an engagement
letter to the board of directors of the
client company.
The engagement letter can be seen
as the basis for the contract
between the company and the

The objective of the

engagement letter
The objective of the auditor, per ISA 210 Agreeing the terms of audit engagements is
accept or continue an audit engagement only when the basis upon which it is to be
performed has been agreed
To establish if the preconditions for an audit are present ISA 210 requires the auditor to:

establish if the financial reporting framework to be used in the preparation of the financial
statements is acceptable
obtain the agreement of management that it acknowledges and understands its
for the preparation of the financial statements
for internal controls to ensure that the financial statements are not materially misstated
to provide the auditor with all relevant and requested information and unrestricted
access to all personnel
The auditor is required to refuse the engagement where:

a limitation on scope is imposed by management such that he auditor would be unable to

express an opinion on the financial statements, or
the financial reporting framework to be used in the preparation of the financial statements
is unacceptable, or management do not agree to the above responsibilities

The content of the engagement

The engagement letter should include reference
to the following:
The objective and scope of the audit
The responsibilities of the auditor
The responsibilities of management
Identification of the underlying financial reporting
Reference to the expected form and content of any
reports to be issued
In addition to the above, the auditor may feel that it
is appropriate to include additional points in the
engagement letter

Recurring audits
The engagement letter issued on the initial
appointment as auditors may state that its
provisions will apply to all future annual
audits, until it is revised
However, ISA 210 requires the auditor,
for recurring audits, to assess whether:
circumstances mean that the terms of
engagement need to be revised
management need to be reminded of the
existing terms of the engagement