IESBA issues an Exposure Draft on proposed technology related changes to its Code of Ethics, including International Independence Standards
By James E Barbour CA, Director, Policy Leadership
28 February 2022
The proposed revisions have been developed to preserve the relevance of the Code as technology evolves. ICAS will be responding to the consultation and is encouraging Members to share their views on the Exposure Draft.
The ICAS Code of Ethics is substantively based on the International Ethics Standards Board for Accountants (IESBA) Code of Ethics. IESBA has issued an Exposure Draft of proposed technology-related revisions to its Code of Ethics, including International Independence Standards. These proposed revisions to the extant Code have been developed in a principles-based manner in order to preserve the relevance of the Code as technology evolves. Accordingly, the use of the term “technology” in the proposals is broad and is meant to encompass all technologies, including artificial intelligence and machine learning, blockchain, and other future technologies not yet known.
The key proposed revisions are set out below.
Part 1 of the Code – Applicable to All Professional Accountants
The proposed revisions to Part 1 of the Code:
- Expand on the extant Code (including the role and mindset revisions) to acknowledge further technology-related considerations in describing the fundamental principles of professional competence and due care and confidentiality (see proposed revisions to paragraphs 113.1 A1, R113.3, 114.1 A3; and proposed paragraph 114.1 A1 and the glossary).
- Provide additional considerations to assist in applying the conceptual framework, including:
- A recognition that public trust is driven in part from a professional accountant’s ethical behaviour in professional or business relationships, which might involve technology-related facts and circumstances (see proposed revisions to paragraph 120.14 A3).
- A discussion of complex circumstances and why these circumstances are a consideration in applying the conceptual framework. The discussion includes a description of the facts and circumstances involved when complex circumstances arise and provides guidance to assist professional accountants manage such circumstances or mitigate their impact (see proposed paragraphs 120.13 A1 to A3).
Parts 2 and 3 of the Code
Within Part 2 (Professional Accountants in Business) and Part 3 (Professional Accountants in Public Practice) of the Code, the proposals:
- Provide new application material to assist in identifying threats to compliance with the fundamental principles when a professional accountant uses or relies upon the output from technology (see proposed paragraphs 200.6 A2 and 300.6 A2).
- Provide guidance to assist professional accountants when they rely on, or use, the output of technology. In particular, the proposals include a range of factors and other considerations intended to guide such thinking (see proposed revisions to paragraphs R220.7 and R320.10, and proposed paragraphs 220.7 A2, 220.7 A3 and 320.10 A2).
Parts 4A and 4B – International Independence Standards (IIS)
In the case of the independence provisions that apply to audit and review engagements (Part 4A), the proposals:
- Include clarifications and refinements to the revised Non-Assurance Services (NAS) provisions that were issued by IESBA in April 2021. In particular, proposed revisions are being made to revised Section 600 to:
- Clarify that the NAS provisions apply (i.e., firms should consider the relevance of such provisions) in circumstances where technology is used by a firm or network firm to provide a NAS to an audit client, or where a firm or network firm provides, sells, resells or licenses technology to an audit client (see proposed paragraphs 600.6 and 520.7 A1).
- Explicitly draw out that the client’s dependency on the service, including the frequency with which the service will be provided, is relevant in identifying the different threats that might be created by providing a NAS to an audit client, and in evaluating the level of such threats (see proposed third bullet of paragraph 600.9 A2).
- Provide a description of IT systems services that is broad in scope and goes beyond design and implementation (see proposed paragraph 606.2 A1). There is also enhanced clarity about the examples of IT system services that:
- Result in the assumption of a management responsibility for an audit client (e.g., services relating to hosting of an audit client’s data) and therefore are prohibited (see proposed paragraphs 606.3 A1 to 606.3 A2).
- Might create a self-review threat (e.g., implementing accounting or financial information reporting software) (see proposed paragraph 606.4 A3). In the case of audit clients that are Public Interest Entities (PIEs), such services are prohibited.
- Withdraw the presumption in extant paragraph 606.4 A2 that providing certain IT system services does not usually create a threat as long as individuals within the firm or network firm do not assume a management responsibility.
- Acknowledge that accounting and bookkeeping services can either be manual or automated and provide new application material to prompt firms’ consideration of how the technology functions and whether the technology is based on expertise or judgements of the firm or a network firm when determining whether an automated accounting or bookkeeping service is “routine or mechanical” (see proposed paragraph 601.5 A2 and proposed revisions in paragraph 601.5 A3). There is also enhanced clarity on the prohibition on assuming management responsibilities to emphasise that when technology is used in performing a professional activity for an audit client, the requirements in paragraphs R400.15 and R400.16 apply regardless of the nature or extent of such use (see proposed paragraph 400.16 A1).
- Provide enhanced clarity about the nature of technology-related arrangements that create a close business relationship (see proposals in paragraph 520.3 A2).
In the case of the independence provisions that apply to assurance engagements other than audit and review engagements (Part 4B), the proposals:
- Clarify, by an explicit statement that “…[Part 4B of the Code] applies to assurance engagements on an entity’s non-financial information, for example, environmental, social and governance (ESG) disclosures” (see proposal in paragraph 900.1).
- Include proposed amendments that are intended to preserve the existing alignment between Parts 4A and 4B of the Code (see proposed paragraphs 900.14 A1, 920.3 A2, 920.6 A1, 950.5 and 950.7 A2 third bullet).
- Provide an example of a technology-related NAS that might create a self-review threat in relation to the subject matter information of an assurance engagement, and examples of certain technology-related professional activities that involve the assumption of management responsibility in relation to the underlying subject matter and, in an attestation engagement, the subject matter information of an assurance engagement (see proposed paragraphs 950.10 A1 and 900.13 A4 and A5).
Interactions with Other IESBA Work Streams and the IAASB
In addition to its Technology Task Force (which is responsible for the proposed revisions in this Exposure Draft), IESBA has established a new Technology Working Group. That Working Group is responsible for:
- Developing or facilitating thought leadership and other materials that highlight technology trends and developments and the resulting ethics (and independence) implications for professional accountants.
- Undertaking fact-finding to identify and assess the potential impact of technology developments on the accountancy profession.
The Technology Working Group’s work is still ongoing. However, it has shared relevant insights and observations with the Task Force and these were considered in developing the technology-related proposals.
In developing the proposals, IESBA coordinated with the International Auditing and Assurance Standards Board (IAASB) to maintain the alignment and interconnectivity between the two Boards’ sets of standards. Steps have in particular been taken to ensure that the proposed enhancements preserve the existing consistency in Part 4B of the Code with the terms and concepts in the IAASB’s International Standard on Assurance Engagements (ISAE) 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information.
Next Steps
ICAS will be responding to the consultation which has a deadline date of 20 June 2022. Any Member who would like to share their views on the Exposure Draft should send their comments to James Barbour by 15 May 2022.