Warning

The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

  • No human verification has been conducted of the converted content.
  • While we strive for accuracy errors or omissions may exist.
  • This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
  • For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

FRC Response to IESBA’s Consultation on Safeguards

Ken Siong IESBA Technical Director IFAC 6th Floor 529 Fifth Avenue New York 10017 USA

24 April 2017

Dear Mr Siong,

Exposure Draft - Proposed Revisions Pertaining to Safeguards in the Code – Phase 2

The Financial Reporting Council (FRC) welcomes the opportunity to comment on the proposed changes to the Code of Ethics for Professional Accountants (the Code) pertaining to safeguards set out in the above exposure draft.

The FRC endorses the Board's proposals to make revisions to the Code, intended to clarify the requirements pertaining to safeguards, and to provide a better definition of safeguards and clarify that certain conditions, policies and procedures established by the profession, legislation, regulation, the firm or the employing organisation are not regarded as safeguards. We also strongly endorse IESBA's efforts to bring greater consistency between the terms used in the Code.

The Phase 2 ED has been drafted in a way that reflects conclusions drawn by IESBA after considering the responses to the Phase 1 ED. We respond below to the Phase 2 specific proposals. However, having considered the explanations in the Phase 2 Explanatory Memorandum and the 'Basis for Agreement in Principle for Proposed Revisions Pertaining to Safeguards in the Code - Phase 1', we are concerned that a number of the issues and related recommendations we set out in our response to the Phase 1 ED have been satisfactorily addressed.

These issues continue, therefore, to be a concern in the Phase 2 ED and the wider Safeguards and Restructuring projects. In particular, the concepts of the "reasonable and informed third party" and "acceptable level", and the description of "safeguards" fall significantly short of what we proposed in our response to the Phase 1 ED. We also have continuing concerns relating to the absence of clear linkage between the fundamental principles and the detailed requirements, which we will explain in our response to the Structure Phase 2 ED.

Reasonable and informed third party (RITP)

We are pleased that the RITP is no longer described as a "hypothetical person" and that it is explicitly made clear that such a person does not need to be an accountant. However, it is now stated that the RITP "would possess the relevant knowledge and experience to understand and evaluate the appropriateness of the accountant's conclusions in an impartial manner" (emphasis added) - this maintains a risk that the third party test will still be applied from the perspective of an accountant rather than the objective lens of the public in whose interests the professional accountant has a responsibility to act. This description risks insufficient regard being given to perception issues. For example, information available to the public may give rise to a perception that an auditor's independence is compromised, and thereby a loss of confidence in the audit.

First page of a Financial Reporting Council document discussing proposed revisions to safeguards in the Code.

Accordingly, we reiterate that the third party test should reflect the anticipated views of the public in whose interests the professional accountant has a responsibility to act, assuming that they are informed about the circumstances (e.g. about the nature of the threats and the nature of any safeguards) and on the assumption that they would be reasonable (i.e. rational, fair and moderate rather than extreme) in forming those views. Being "informed" should be considered in the general sense rather than suggesting a need for specific knowledge and experience.

We also suggest again that the reference to the third party be extended to read 'objective, reasonable and informed third party', which would reflect the importance of the objectivity of the third party (i.e. one not influenced by interests that would conflict with the public interest) and would also align it with the term used in the 2014 EU Audit Regulation (EU 537/2014) and Directive (2014/43/EC). While the Basis for Agreement in Principle identified that such recommendations were made by respondents (although in our case mistakenly suggesting it was intended as an alternative to "hypothetical") it does not explain why IESBA did not consider it appropriate. Aside from adding to the explanation of the appropriate characteristics of the third person, it would also prevent an unhelpful inconsistency with the applicable legal requirements in the EU.

Acceptable level

In our response to the Phase 1 ED we supported the aim of expressing the requirement to eliminate or reduce threats "to an acceptable level" in an affirmative manner. However, as then, the continued use of the term "acceptable level" causes us concern for a number of reasons. Firstly, the term 'acceptable' is in plain usage a low bar - for example it is defined in Merriam-Webster's dictionary as encompassing: "capable or worthy of being accepted", "a compromise that is acceptable to both sides", "welcome, pleasing" and "barely satisfactory or adequate". It does not convey a sense of high standards and public interest. Secondly, the meaning of the term as it is used in the Code is distanced from the requirements that apply (that meaning being set out in the Conceptual Framework and Glossary). As a result, reading the requirements in isolation, the professional accountant could believe it implies a bar that is at too low a level to appropriately protect the interests of stakeholders.

We believe that the most direct and affirmative manner in which to express this bar is to include in the requirements that threats are to be eliminated or reduced "to a level at which the fundamental principles would not be compromised". This would help ensure that the professional accountant focuses on ensuring that threats are eliminated or reduced to a level where the third party test would be passed. We believe this (implicit) link to the third party test would better accord with the expectations of stakeholders, better support their confidence in the professional accountant, and be more likely to anchor the professional accountant to those expectations when evaluating threats and safeguards.

We disagree strongly with the revised definition in the Phase 2 ED of "acceptable level" as "a level at which a professional accountant using the reasonable and informed third party test would likely conclude that the accountant complies with the fundamental principles". This has the effect of applying the third party test from the perspective of a professional accountant rather than from the perspective of the public in whose interests the professional accountant has a responsibility to act. We also reiterate our suggestion that it should be made clear that the third party test would only be passed when it is at least probable (i.e. more likely than not) rather than 'likely', that the [objective,] reasonable and informed third party would conclude that none of the fundamental principles had been compromised.

Page discussing acceptable levels of safeguards and interactions with third parties.

We note that the Basis for Agreement in Principle identified that such recommendations had been given in relation to the "acceptable level" but the IESBA's rationale for rejecting them is not clearly set out.

Description of safeguards

In our response to the Phase 1 ED we supported IESBA's proposed description of safeguards but suggested how it should be expanded to make it more effective. In relation to those suggestions we are pleased that it is now made clearer in the Phase 2 ED that an appropriate safeguard to eliminate a threat to meeting the outcomes required by the fundamental principles might include removing a professional accountant from any involvement in an engagement, or withdrawing from the engagement. However, this could be read as only addressing the possible need to remove someone from a position where they have direct involvement in an engagement. Threats can also arise in relation to someone not directly involved but nonetheless in a position where they could influence an engagement, for example someone responsible for performance appraisal and/or remuneration of a person directly involved. This is not addressed in the Basis for Agreement in Principle.

We note that the definition of "audit team" in the Glossary includes persons who can directly influence the outcome of the audit engagement. We recommend that the descriptions of safeguards should include the need for restrictions to apply to someone in a position where they could influence an engagement. For example, restrictions on holding financial interests in an audit client should apply also to persons who are in a position to influence senior members of the audit team. The requirement in R510.7(c) of the Proposed Restructured Code that a direct financial interest or a material indirect financial interest in the audit client shall not be held by "Any other partner in the office in which an engagement partner practices in connection with the audit engagement, or any of that other partner's immediate family" will not necessarily cover this.

Consistent with our comments above, we believe that the test to be passed when assessing whether a safeguard would be effective is whether an objective, reasonable and informed third party would conclude that the fundamental principles are not compromised. We believe that this should be made clear in each of the sections that establish more detailed requirements.

Responses to questions asked in the Exposure Draft

Section 600, Provision of Non-Assurance Services to an Audit Client

1. Do respondents support the proposals in Section 600? If not, why not?

In particular, do respondents agree with the proposal to extend the scope of the prohibition on recruiting services as described in paragraph [26(h) of the Explanatory Memorandum] to all audit client entities? If not, please explain why.

When we responded to IESBA's 2014 consultation on proposed changes to certain non-audit assurance services provisions we identified a number of areas where the proposed changes to the IESBA Code were less stringent than the requirements established in the EU Audit Regulation for public interest entities (PIEs). We noted that IESBA's analysis of responses to its benchmarking survey shows that a significant number of jurisdictions reported they have more restrictive provisions (typically around half or more of the respondents for each of the services discussed). We also noted that IOSCO's Committee on Issuer Accounting, Audit and Disclosure stated that, in order to improve the Code, IESBA may consider the regulatory requirements of large jurisdictions as the Committee believes the Code appears to reflect a number of compromises to address perceived practical issues in some, particularly smaller, jurisdictions. We support the view of the IOSCO committee - to serve the public interest, and alleviate concerns about threats to auditor independence and objectivity, ethical principles for auditors of PIEs should not be subject to such compromises.

Page detailing safeguards, non-assurance services, and audit client queries.

We are concerned that the proposed requirements for PIEs in Section 600 do not address those earlier comments and that they remain less stringent than the EU Audit Regulation. We strongly encourage IESBA to give further consideration to aligning the Code more closely with the position introduced under the EU Audit Regulation for PIEs. Not only would it be helpful, especially for auditors of international groups, if the Code were brought more into line with the EU Audit Regulation but it would also further assist in reducing perceived threats to auditor independence arising from the provision of non-audit services.

Significant examples of the inconsistencies include:

  • bookkeeping and preparing accounting records and financial statements - the EU Audit Regulation establishes an outright prohibition. The proposed IESBA requirements for PIEs allow conditional exceptions for [collectively immaterial] "services of a routine or mechanical nature for [collectively immaterial] divisions or related entities".
  • designing and implementing internal control or risk management procedures related to the preparation and/or control of financial information or designing and implementing financial information technology systems - the EU Audit Regulation establishes an outright prohibition. The proposed IESBA requirements for PIEs apply only to IT systems services that form a significant part of the internal control over financial reporting; or generate information that is significant to the client's accounting records or financial statements on which the firm will express an opinion.
  • services related to the audited entity's internal audit function - the EU Audit Regulation establishes an outright prohibition. The proposed IESBA requirements prohibit for PIEs only internal audit services relating to: a significant part of the internal controls over financial reporting; financial accounting systems that generate information that is, separately or in the aggregate, material to the client's accounting records or financial statements on which the firm will express an opinion; or amounts or disclosures that are, separately or in the aggregate, material to the financial statements on which the firm will express an opinion.
  • services linked to the financing, capital structure and allocation, and investment strategy of the audited entity, (except providing assurance services in relation to the financial statements, such as the issuing of comfort letters in connection with prospectuses issued by the audited entity) - the EU Audit Regulation establishes an outright prohibition. The proposed IESBA revisions for all entities (there are no PIE specific requirements) apply only to a narrower range of 'corporate finance services' where: the effectiveness of corporate finance advice depends on a particular accounting treatment or presentation in the financial statements and the audit team has reasonable doubt as to the appropriateness of the related accounting treatment or presentation under the relevant financial reporting framework; and the outcome or consequences of the corporate finance advice will have a material effect on the financial statements on which the firm will express an opinion.

Management responsibilities

Paragraph 600.7 A4 states "Providing advice and recommendations to assist the management of an audit client in discharging its responsibilities is not assuming a management responsibility." This is unchanged from the proposed guidance that we commented on in 2014. We stress again that whilst providing advice and recommendations may not, in itself, constitute the assumption of a management responsibility, it may in substance amount to that. The EU Audit Regulation prohibits auditors of PIEs from providing "services that involve playing any part in the management or decision-making of the audited entity" and the Code does not address whether such services constitute the assumption of a management responsibility. Depending on the interpretation of "playing any part", it may have a very wide ranging impact and may in effect prohibit the auditor from "providing advice and recommendations to assist management in discharging its responsibilities". We strongly encourage IESBA to explore this potential conflict with the EU Audit Regulation and how it might be addressed in finalising the changes to the Code.

Page outlining management responsibilities and services related to financing, capital structure, and allocation.

Administrative services

Subsection 602 does not include any requirements and may be better presented as part of subsection 601 on accounting and bookkeeping services. Paragraph 602.1 states "Providing administrative services to an audit client does not usually create a threat." This implies that there may be circumstances where it does create a threat and we believe it would be appropriate to give direct attention to that in this subsection rather than just referring to the Conceptual Framework and the more general requirements set out in the Section 600. In our 2014 response we stated that auditors should not be permitted to provide such services to PIES to avoid the perception of threats to their independence.

Threats

We note that, with the exception of administrative services, which are stated to not usually create a threat (see our comments above) and recruiting services, all the subsections identify self-review as a possible threat. Advocacy is also identified as a possible threat for certain tax services and legal and corporate finance services. It is only for recruiting services that other possible threats of self-interest, familiarity or intimidation are identified.

We agree that self-review will be a general threat for most non-audit services. However, other threats can also arise in relation to more services than IESBA's guidance suggests and we strongly recommend that the guidance is amended to clarify that these may be the primary threats that arise, however there may be other threats to be addressed. The statement in paragraph 600.1 that "Firms are required to comply with the fundamental principles, be independent, and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats to independence" is not sufficient to address this when the start of each subsection is worded in a way that suggests the specific threat(s) identified there are the only ones relevant to a particular service. For example, the self-interest threat, which could include reputational risk, is likely to be more wide ranging than just for recruiting services.

We are concerned that the limited identification of threats and the related actions that might be safeguards (see below) will result in firms too easily, and inappropriately, concluding that, subject to complying with the specified restrictions, any service can be provided as long as a different team is used and / or there is review by a professional who is not part of the team.

Safeguards

Given that self-review is the most commonly identified threat it is not surprising that the most common action identified that might be a safeguard is using professionals who are not audit team members to perform the non-audit service. It would be helpful to be clearer that "audit team" is a defined term and includes persons other than those directly involved in the audit (i.e. also those persons in the firm or network who can directly influence the outcome of the audit engagement). This is important as the IAASB does not define "audit team" for the purpose of International Standards on Auditing (ISAS) but the IAASB (and IESBA) include "engagement team" as a defined term. The significant difference between the definitions of audit team and engagement team, and the fact that audit team is not an IAASB defined term, is unhelpful and risks inconsistent application of the terms, particularly by auditors who may be focussed on the definition of engagement team for purpose of the ISAs.

Page discussing administrative services, threats, and safeguards against risks.

The other possible safeguard generally identified is review of the audit / service by a professional who is not a member of the audit team / not involved in providing the service. How this is described varies depending on the particular non-audit service. For accounting and bookkeeping services it is suggested that if such services are performed by an audit team member (i.e. the safeguard of not using audit team members has been applied), a safeguard is using a partner or senior professional who is not an audit team member, with appropriate expertise, to review "the work" performed. With respect to this, it is not clear whether "the work" is the audit, the service or both. The audit engagement should also be reviewed by someone, with relevant expertise to ensure the accounting services performed have been properly and effectively assessed in the context of the audit engagement.

We do not agree that in relation to certain tax work a safeguard could be "obtaining pre-clearance from the tax authorities". Such pre-clearance would have no mitigating effect on the possible self-review or advocacy threats, even if the tax authorities would provide any sort of pre-clearance.

Recruiting services

We agree with the proposal to extend the scope of the prohibition on recruiting services as described in paragraph [26(h) of the Explanatory Memorandum] to all audit client entities, not just PIEs as in the current Code.

Section 950, Provision of Non-Assurance Services to an Assurance Client

2. Do respondents support the proposals in Section 950? If not, why not?

Section 950 addresses the provision of non-assurance services to an assurance client. A case may be made for less stringent requirements applying to private reporting engagements, where all parties are knowledgeable of the circumstances and there may, for example, be less perception risk. However, we consider the independence considerations for public interest assurance engagements are the same as those for audit engagements. When we revised our Ethical Standard we developed it to apply to audit and other "public interest assurance engagements" and we recommend the IESBA takes the same approach.

In the Explanatory Memorandum IESBA comments that it "concluded that it is appropriate to incorporate in Section 950 proposed enhancements that are similar to most of those that apply when providing a NAS to an audit client." However, Section 950 is considerably shorter than Section 600 and does not include any subsections specific to particular types of non-assurance service. The rationale for the inconsistency with Section 600 is not clear.

Examples of Safeguards

3. Do respondents have suggestions for other actions that might be safeguards in the NAS and other sections of the Code that would meet the revised description of a safeguard?

Please refer to our comments above regarding the examples of possible safeguards that are currently given in Section 600 of the ED. We also express our concern that the limited identification of threats and the related actions that might be safeguards will result in firms too easily, and inappropriately, concluding that, subject to complying with the specified restrictions, any service can be provided as long as a different team is used and / or there is review by a professional who is not part of the team.

We do not believe that our concern will necessarily be resolved by identifying more examples of actions that could be safeguards, although there may be stronger, or more effective examples of safeguards (e.g. Chinese walls and the use of separate teams) that could more effectively illustrate the point. Indeed this could exacerbate the risk that the list of examples is perceived to be complete and applying one or more of them will always serve to reduce threats to an "acceptable level". Our observations in this response are drawn from our own experience of making revisions to the FRC Ethical Standard. In doing so, we sought to focus practitioners on the paramount importance of meeting the ethical outcomes required by our overarching ethical principles and supporting ethical provisions. We believe this will enable practitioners to better understand that this is the context in which the detailed requirements should be interpreted and that meeting those requirements is not in itself enough. In so doing, we are providing users of the standard with greater clarity as to the ethical outcomes they are expected to meet, and are supplementing the overarching principles and provisions with information on certain actions and behaviours that are necessary to meet those ethical outcomes.

Page on recruiting services, non-assurance services, and examples of safeguards.

While it is helpful to give examples of possible safeguards, it is important that threats and safeguards are considered in the light of the specific circumstances and the third party test applied.

Conforming Amendments Arising from the Safeguards Project

4. Do respondents agree with proposed conforming amendments set out in:

  1. Chapter 2 of [the Exposure Draft]?
  2. The grey text in Chapters 2-5 of Structure ED 2?

We will address the text in Structure ED 2 in our response to that ED.

With respect to the conforming amendments in Chapter 2, we disagree with some of the examples of "actions that might be safeguards". While it could be argued that some of these are possible safeguards against the threats to compliance with the fundamental principles of competence, integrity and professional behavior, they should rather be presented as requirements to be met if a professional accountant is to undertake an engagement. For example:

  • Assigning sufficient engagement personnel with the necessary competencies.
  • Agreeing on a realistic time frame for the performance of the engagement.
  • Describing limitations surrounding any opinion in communications with the client.
  • Adjusting the level of fees or scope of the engagement [to a realistic level].
  • Obtaining advance agreement from a client for commission arrangements.

In many Sections an example of a safeguard is "having a professional accountant review [the work]". Such a professional accountant should be independent of the team that did the work.

Some example safeguards are actually remedial actions where an accountant has not complied with a requirement. For example, in relation to applying the conceptual framework to independence for audits and reviews (Section 400) "engaging another firm to evaluate the results of the non-audit service" and "having another firm re-perform the non-assurance service to the extent necessary to enable the other for to take responsibility for the service". These actions are likely to be very costly for a client and it would better if safeguards had been in place to prevent the need for these actions arising.

Some example safeguards would be better described as positions a firm / professional accountant should adopt before taking on a client, rather than actions to take in relation to an existing client. For example, in relation to fees (Section 410) "increasing the client base in the firm to reduce dependence on the audit client," and "increasing the client base of the partner or the office to reduce dependence on the audit client." Other example safeguards are unhelpful, for instance, where threats arise from overdue fees, it does not seem credible to suggest that a safeguard might be ""obtaining payment of overdue fees".

Page discussing amendments to the Safeguards Project and examples of effective safeguards.

Similarly, in relation to loans and guarantees to a firm from an audit client (Section 511) the ED suggests that a safeguard might be having the work reviewed by a professional accountant from a network firm which would be unlikely to satisfy the third party test.

Further examples which may need further consideration include those given in relation to:

  • family and personal relationships (Section 521). When an immediate family member of an audit team member is an employee in a position to exert significant influence over the client's financial position, financial performance or cash flows, a safeguard might be structuring the responsibilities of the audit team so that the audit team member does not deal with matters that are within the responsibility of the immediate family member. We believe that the audit team member should also not be in position where they could influence other team members who are dealing with the matters. Accordingly, they should not be involved in the audit.
  • recent service with an audit client (Section 522). If an audit team member: (a) Had served as a director or officer of the audit client; or (b) Was an employee in a position to exert significant influence over the preparation of the client's accounting records or financial statements on which the firm will express an opinion, a safeguard might be "conducting a review of the work performed by the individual as an audit team member". In our view this is not sufficient, such a person should be excluded from the audit team for at least two years after leaving the audited entity, or longer if necessary so that information in the financial statements is not materially affected by the work of that person when they were employed by the audit client.
  • employment with an audit client (Section 524). Where a former partner or employee is now employed by an audit client, safeguards to address threats created by such employment relationships might include: "modifying the audit plan", or assigning individuals who have "sufficient experience relative to the individual who has joined the client". This guidance needs further explanation to be clear how effective safeguards would be established. Under EU legislation, and in our Ethical Standard, there are restrictions on partners and statutory auditors leaving a firm to join an audit client and on a firm accepting audit engagements where they do.
  • temporary personnel assignments (Section 525). A safeguard might include "not giving the loaned personnel audit responsibility for any function or activity that the personnel performed during the loaned personnel assignment". We believe this should be a requirement.

Page detailing specific safeguards related to audit client relationships and personnel.

5. Respondents are asked for any comments on any other matters that are relevant to Phase 2 of the Safeguards project.

We have no further comments to make in this response. However, other matters relevant to Phase 2 of the Safeguards project may emerge as we develop our response to the Structure ED 2 and, if they do, we will address them in that response. If you wish to discuss our response further please contact Mark Babington, Deputy Director of Audit Policy on +44-207-492-2323 or [email protected].

Yours sincerely,

Concluding page with signature of Melanie McLaren, Executive Director, Audit and Actuarial Regulation.

Melanie McLaren Executive Director, Audit and Actuarial Regulation DDI: 020 7492 2406 Email: [email protected]

File

Name FRC Response to IESBA’s Consultation on Safeguards
Publication date 27 September 2023
Type Response to external consultations
Format PDF, 3.2 MB
Download original
Back to top