This webinar focuses on specific ethical examples related to both public accounting and industry. There is also a discussion on key points in the AICPA Code of Professional Conduct and their application to our daily responsibilities.
Ethics: Real Life Application of the AICPA Code of Professional Conduct
1. Ethics: Real Life Application of the
AICPA Code of Professional Conduct
2. Michael Hoffner
• CPA
• Partner
• mhoffner@macpas.com
Janice Snyder
• CPA
• Partner
• jsnyder@macpas.com
About Us
3. Disclaimer
The information contained in this presentation, both that contained
in the slides and that expressed by the presenter, is not intended to
be complete and comprehensive. To obtain a more detailed
understanding of technical literature mentioned, please consult the
full standards and interpretations.
4. Program Outline
AICPA Code – Quick Refresher
Case Studies:
• Members in Public Practice
• Members in Business
5. AICPA Code of Professional Ethics
• Organized by Topic based on a Conceptual
Framework approach
• 3 Parts
• Members in Public Practice
• Members in Business
• All other members (retired, unemployed)
6. AICPA Code of Professional Ethics
Incorporates two interpretations – one for members in public
practice and another similar one for members in business.
• Additionally, for those providing attest services, there is a
conceptual framework focused on specific threats to
independence.
• These are designed to provide assistance for circumstances where
no specific guidance exists.
7. AICPA Code of Professional Ethics
• Conceptual frameworks and related interpretations became
effective on December 15, 2015.
• The code is organized intuitively
• Separates guidance by line of business, then by topic
• Where necessary, Topics are broken into subtopics and sections
8. AICPA Code of Professional Ethics
• Conceptual Frameworks
• Incorporate a “Threats and Safeguards” approach, designed
to assist users in analyzing relationships and circumstances
that the code does not specifically address
• Under this approach, users:
• Identify threats to compliance with the rules
• Evaluate the significance of those threats to determine if it is at an
acceptable level
• If not at an acceptable level, users apply safeguards to eliminate the
threats or reduce them to an acceptable level
10. AICPA Code of Professional Ethics
Preface All Members
• Responsibilities principle In carrying out their responsibilities as
professionals, members should exercise sensitive professional and moral
judgments in all their activities.
• The public interest principle Members should accept the obligation to act
in a way that will serve the public interest, honor the public trust, and
demonstrate a commitment to professionalism.
• Integrity principle To maintain and broaden public confidence, members
should perform all professional responsibilities with the highest sense of
integrity.
• Objectivity and independence principle A member should maintain
objectivity and be free of conflicts of interest in discharging professional
responsibilities. A member in public practice should be independent in fact
and appearance when providing auditing and other attestation services.
11. AICPA Code of Professional Ethics
Preface All Members
• Due care principle A member should observe the profession’s
technical and ethical standards, strive continually to improve
competence and the quality of services, and discharge professional
responsibility to the best of the member’s ability.
• Scope and nature of services principle A member in public practice
should observe the Principles of the Code of Professional Conduct in
determining the scope and nature of services to be provided.
12. AICPA Code of Professional Ethics
Part 1 Members in Public Practice
• Public Practice: the performance of professional services for a client by a
member or a member’s firm. Also includes Governmental Auditors working in a
gov’t organization
• Framework:
A. Identify threats
• Relationships or circumstances that could compromise a member’s compliance with the rules.
B. Evaluate the significance of a threat
• Acceptable level. A level at which a reasonable and informed third party who is aware of the relevant
information would be expected to conclude that a member’s compliance with the rules is not compromised.
C. Identify and apply safeguards
• Actions or other measures that may eliminate a threat or reduce a threat to an acceptable level
13. AICPA Code of Professional Ethics
Many threats fall into one or more of the following seven broad
categories:
• Adverse Interest
• Advocacy
• Familiarity
• Management Participation
• Self-Interest
• Self-Review
• Undue Influence
14. AICPA Code of Professional Ethics
Safeguards that may eliminate a threat or reduce it to an
acceptable level fall into three broad categories:
• Safeguards created by the profession, legislation, or regulation.
• Safeguards implemented by the client. It is not possible to rely solely
on safeguards implemented by the client to eliminate or reduce
significant threats to an acceptable level.
• Safeguards implemented by the firm, including policies and
procedures to implement professional and regulatory requirements.
15. Case Study #1
Members in Public Practice - Valuation Example
The CFO of an audit client calls and asks for your firm to perform a
valuation of the Company. You have audited the Company for years and
have the historical financial information and knowledge of the Company.
The purpose of the valuation is a potential large sale of stock based upon
the stock value as determined in the valuation.
May A Firm Provide Valuation Services to an Attest Client?
17. Case Study #1
Members in Public Practice - Valuation Example
A firm may not provide valuation, appraisal, or actuarial services to an attest client if:
• the results of the service would be material to the attest client’s financial statements.
• the service involves a significant amount of subjectivity.
For instance, your firm may not perform a valuation in connection with a business combination that would
have a material effect on an attest client’s financial statements because that service involves significant
subjectivity (for example, setting the assumptions and selecting and applying the valuation methodology).
Two limited exceptions apply to this rule.
1. Valuation, appraisal, or actuarial services performed for nonfinancial statement purposes may be provided if safeguards from
the “General Requirements for Performing Nonattest Services” interpretation are met. (For example, the attest client assigns
an individual to make an informed judgment on, and accept responsibility for, the results of the service.)
2. Actuarial valuation of an attest client’s pension or postretirement liabilities because the results of the valuation would be
reasonably consistent, regardless of who performs the valuation.
18. Case Study #2
Members in Public Practice – Cyber Security Services
The CISO (Chief Information Security Officer) of an attest client requests your
firm’s support in providing the following services:
1. Best practice review of cybersecurity practices, including benchmarking against
a framework (NIST).
2. Advice and recommendations to improve the company’s policies, procedures
and internal control relating to cybersecurity threats or practices.
3. Attack and penetration testing related to cybersecurity.
19. Case Study #2
Members in Public Practice – Cyber Security Services
Can these services be provided to an attest client?
1. Best practice review of cybersecurity practices, including benchmarking against a
framework (NIST). Yes, provided the services are only advisory in nature.
2. Advice and recommendations to improve the company’s policies, procedures and
internal control relating to cybersecurity threats or practices.
•Yes, provided services provided the services are only advisory in nature and comply
with the “General requirements for Performing Nonattest Services”
20. Case Study #2
Members in Public Practice – Cyber Security Services
Can these services be provided to an attest client?
3. Attack and penetration testing related to cybersecurity.
It depends. Independence will be impaired if the “attack and penetration” testing is done by
performing ongoing evaluations of the attest client’s controls as part of the attest client’s monitoring
activities. Ongoing evaluations monitor the presence and functioning of controls in the ordinary
course of managing the attest client’s business. These activities would result in the member accepting
responsibility for maintaining the attest client’s internal control which would be assuming a
management responsibility.
However, the member may be able to provide “attack and penetration” testing without impairing
independence if the testing is done by performing separate evaluations of the controls. The scope and
frequency of such separate evaluations are a matter of judgment.
21. AICPA Code of Professional Ethics
Part 2 Members in Business
• Structured very similar to Part 1
• Threats / Safeguards similar, tailored more towards individuals in
business vs. public practice
Both parts followed by detailed interpretations broken down into broad
categories and scenarios to provide specific answers and guidance.
22. Case Study #3
Members in Business – Subordination of Judgement
Nick Jones, CPA, is a Divisional Controller for a publically traded company.
Monthly, Nick signs off on the divisional financial statements and sends them to
the Corporate office for inclusion in the Company’s results and filings. Upon a
more detailed review of the Company’s Q3 filing, Nick had some questions on how
his division was being reported – the Corporate Controller and Director of
Financial Reporting indicated that they recorded some topside entries, adjusting
some of the reserves and estimates, and Nick should support these adjustments
when asked by the auditors. Nick suspects that the entries were made so that the
Company would meet Earnings estimates, which they would have missed by a very
small margin otherwise.
23. Case Study #3
Members in Business – Subordination of Judgement
• Code of Prof. Conduct 2.130.020 Subordination of Judgment
• The “Integrity and Objectivity Rule” [2.100.001] prohibits a member from knowingly
misrepresenting facts or subordinating his or her judgment when performing
professional services for an employer or on a volunteer basis. This includes differences
of opinion with a members supervisor
• In evaluating the significance of any identified threats, the member should determine,
after appropriate research or consultation, whether the result of the position taken by
the supervisor or other person
• fails to comply with professional standards, when applicable;
• creates a material misrepresentation of fact; or
• may violate applicable laws or regulations.
24. Case Study #3
Members in Business – Subordination of Judgement
• Code of Prof. Conduct 2.130.020 Subordination of Judgment
• If the member concludes that threats are at an acceptable level, the
member should discuss his or her conclusions with the person taking the
position. No further action would be needed under this interpretation.
• If the member concludes that the position results in a material misrepresentation of fact
or a violation of applicable laws or regulations, then threats would not be at an
acceptable level. In such circumstances, the member should discuss his or her concerns
with the supervisor.
• If the difference of opinion is not resolved after discussing the concerns with the
supervisor, the member should discuss his or her concerns with the appropriate higher
level(s) of management within the member’s organization.
25. Case Study #3
Members in Business – Subordination of Judgement
• 2.130.030 Obligation of a Member Employer’s External Accountant
• When dealing with an employer’s external accountant, a member must
be candid and not knowingly misrepresent facts or knowingly fail to
disclose material facts.
NOTE: Resignation may be the final outcome, but the Code specifically states that
“resignation may not relieve the member of responsibilities in the situation,
including any responsibility to disclose concerns to third parties such as regulatory
authorities or the former employer’s external accountant.”
26. Case Study #3
Additional Thoughts – Ethical Conflicts
If Fraud is suspected, how do you balance considerations of
responsibilities to maintain confidentiality of the employers information?
• Consider all facts and established internal procedures
• Be prepared to justify departures from either rule
• Consult within the employer – if not resolved within, generally consult
Legal Council
• IF conflict remains unresolved – the member will generally be considered
to be in violation of the ethics rules if he/she remains associated with the
matter – consider resignation.
• DOCUMENT
27. Case Study #4
Members in Business – Conflict of Interest
Mary Jones, CPA, is the Director of Accounting for a large nonprofit organization.
As part of Mary’s job responsibilities, she signs off on all major contracts and selects
all professional service providers. The nonprofit’s board has approved Mary to engage
a marketing firm for a series of special projects around driving fundraising in support
of a new program to be launched on the eve of the organizations 50th anniversary.
Mary’s husband is a shareholder and senior designer at one of the areas best
marketing firms, with a strong track record of helping nonprofits in their development
efforts. How should she handle the process?
28. Case Study #4
Code of Prof. Conduct 2.110.010 Conflicts of Interest for Members
in Business
• In determining whether a professional service, relationship, or matter
would result in a conflict of interest, a member should use professional
judgment, taking into account whether a reasonable and informed third
party who is aware of the relevant information would conclude that a
conflict of interest exists.
• The following is one of a number of listed examples in the Code:
• Being responsible for selecting a vendor for the member’s employing
organization when the member or his or her immediate family member could
benefit financially from the transaction
29. Case Study #4
Code of Prof. Conduct 2.110.010 Conflicts of Interest for Members
in Business
• When an actual conflict of interest has been identified, the member should
evaluate the significance of the threat created by the conflict of interest to
determine if the threat is at an acceptable level.
• In evaluating the significance of an identified threat, members should
consider the following:
• The significance of relevant interests or relationships.
• The significance of the threats created by undertaking the professional service or services.
In general, the more direct the connection between the member and the matter on which
the parties’ interests are in conflict, the more significant the threat to compliance with the
rule will be.
30. Case study #4
Code of Prof. Conduct 2.110.010 Conflicts of Interest for Members
in Business
• If the member concludes that the threat is not at an acceptable level, the
member should apply safeguards to eliminate the threat or reduce it to
an acceptable level. Examples of safeguards include the following:
• Restructuring or segregating certain responsibilities and duties
• Obtaining appropriate oversight
• Withdrawing from the decision making process related to the matter giving rise
to the conflict of interest
• Consulting with third parties, such as a professional body, legal counsel, or
another professional accountant
31. Case Study #4
Code of Prof. Conduct 2.110.010 Conflicts of Interest for Members
in Business
• The member should:
• Disclose the nature of the conflict to the relevant parties and obtain consent as to the
safeguards
• Document the nature of the circumstances, and the applied safeguards
• Ensure that federal, state or local regulations also support the conclusions
• Question:
• If Mary implements all available safeguards (recusal from selection process), and her
husband’s firm is selected, must still consider public perception. Would a donor to the
organization understand the safeguards that kept her removed from a process that
resulted in her husband’s Firm being selected? Perception vs. Reality
32. Enforcement Process
Joint Ethics Enforcement Program (JEEP) process
• Complaint is filed
• Preliminary inquiry and analysis
• Respondents are identified
• Case investigator is assigned
• Opening letters are sent to respondents
• Evidence and interviews are collected
• Case is presented to the committee
• Committee votes on case and outcome
33. Enforcement Process
Possible conclusions of an investigation
• No violation
• If there is no evidence of a violation, the investigation will be closed.
• Required corrective action (RCA)
• The actions generally include CPE or pre-issuance reviews of engagements.
• Settlement agreement
• In lieu of referring the case to the Joint Trial Board, the committee may, at its
discretion, choose to offer the respondent a non-negotiable settlement agreement.
• Referral to the Joint Trial Board (JTB)
• The panel may find a respondent not guilty or, if a guilty verdict is issued, may expel or
suspend the respondent’s membership, admonish the respondent, or take additional
action as it considers appropriate. A respondent may appeal a guilty verdict.
Note – in some cases an identified threat may be so significant, no safeguard will eliminate it, as such providing the service would violate compliance – should determine if need to decline or discontinue the professional service.
Refer to page 26+ of the Code
See page 29+ for discussion points
See page 29+ for discussion points
Threats include : Self-Review
Threats include : Management Participation; Self-Review; Undue Influence
See page 29+ for discussion points
See page 29+ for discussion points
Spend XX minutes reviewing the various breakdown of interpretations and scenarios
See page 29+ for discussion points
See page 29+ for discussion points
See page 29+ for discussion points
See page 29+ for discussion points
See page 29+ for discussion points
See page 29+ for discussion points
See page 29+ for discussion points
See page 29+ for discussion points
See page 29+ for discussion points
See page 29+ for discussion points
Complaint is filedComplaints can be filed by a member of either organization or by the public. Alternatively, they can come to the attention of the committee from federal, state, and local governments; newspaper articles or media reports; or public decisions of judicial and regulatory authorities
Respondents are identifiedJEEP ethics cases may only be brought against members of one or more participating CPA societies
Case investigator is assignedOne member of the committee will serve as the case investigator and primary liaison with respondents. All correspondence related to the case is sent to the case investigator.
Opening letters are sent to respondentsEach respondent is sent a letter informing them of the investigation, the specific violations of the Code of Conduct alleged by the complaint, and questions to be answered or documents to be provided. Respondents are required to respond to the opening letter, generally within 30 days.
Evidence and interviews are collectedThe case investigator will gather evidence from the respondents. In addition, all respondents will be given the opportunity for an interview to discuss the investigation and offer additional evidence.
Case is presented to the committeeOnce the investigator has collected and evaluated the relevant evidence, a summary of the case will be presented to the committee. The committee will review the evidence and issue a decision as to whether there is prima facie evidence of a violation of the Code of Professional Conduct.
No violationIf there is no evidence of a violation, the investigation will be closed.
Required corrective action (RCA)If there is evidence of a minor infraction, the committee may choose to offer the respondent a letter specifying corrective actions that should be undertaken. The actions generally include CPE or pre-issuance reviews of engagements.
Settlement agreementIn lieu of referring the case to the Joint Trial Board, the committee may, at its discretion, choose to offer the respondent a non-negotiable settlement agreement. The agreement will specify whether it may be published as directed by AICPA and PICPA bylaws. A respondent may reject the non-negotiable settlement agreement, but will then be subject to a Joint Trial Board hearing.
Referral to the Joint Trial Board (JTB)If there is evidence of a violation, and the parties do not agree on one of the above options, the case will be referred to the JTB for a panel hearing. The panel may find a respondent not guilty or, if a guilty verdict is issued, may expel or suspend the respondent’s membership, admonish the respondent, or take additional action as it considers appropriate. The decision of the JTB will be published under AICPA and PICPA bylaws. A respondent may appeal a guilty verdict.