ethics: real life application of the aicpa code of professional conduct

Ethics: Real Life Application of the AICPA Code of Professional Conduct

Michael Hoffner

• CPA

• Partner

• [email protected]

Janice Snyder

• CPA

• Partner


About Us

Disclaimer

The information contained in this presentation, both that contained in the slides and that expressed by the presenter, is not intended to be complete and comprehensive. To obtain a more detailed understanding of technical literature mentioned, please consult the full standards and interpretations.

Program Outline

AICPA Code – Quick RefresherCase Studies:

• Members in Public Practice• Members in Business

AICPA Code of Professional Ethics

•Organized by Topic based on a Conceptual Framework approach• 3 Parts

• Members in Public Practice• Members in Business• All other members (retired, unemployed)


Incorporates two interpretations – one for members in public practice and another similar one for members in business.

• Additionally, for those providing attest services, there is a conceptual framework focused on specific threats to independence.

• These are designed to provide assistance for circumstances where no specific guidance exists.


• Conceptual frameworks and related interpretations became effective on December 15, 2015.

• The code is organized intuitively • Separates guidance by line of business, then by topic

• Where necessary, Topics are broken into subtopics and sections


• Conceptual Frameworks• Incorporate a “Threats and Safeguards” approach, designed

to assist users in analyzing relationships and circumstances that the code does not specifically address

• Under this approach, users:• Identify threats to compliance with the rules

• Evaluate the significance of those threats to determine if it is at an acceptable level

• If not at an acceptable level, users apply safeguards to eliminate the threats or reduce them to an acceptable level


Preface All Members• Responsibilities principle In carrying out their responsibilities as

professionals, members should exercise sensitive professional and moral judgments in all their activities.

• The public interest principle Members should accept the obligation to act in a way that will serve the public interest, honor the public trust, and demonstrate a commitment to professionalism.

• Integrity principle To maintain and broaden public confidence, members should perform all professional responsibilities with the highest sense of integrity.

• Objectivity and independence principle A member should maintain objectivity and be free of conflicts of interest in discharging professional responsibilities. A member in public practice should be independent in fact and appearance when providing auditing and other attestation services.


Preface All Members• Due care principle A member should observe the profession’s

technical and ethical standards, strive continually to improve competence and the quality of services, and discharge professional responsibility to the best of the member’s ability.

• Scope and nature of services principle A member in public practice should observe the Principles of the Code of Professional Conduct in determining the scope and nature of services to be provided.


Part 1 Members in Public Practice • Public Practice: the performance of professional services for a client by a

member or a member’s firm. Also includes Governmental Auditors working in a gov’t organization

• Framework:A. Identify threats• Relationships or circumstances that could compromise a member’s compliance with the rules.

B. Evaluate the significance of a threat• Acceptable level. A level at which a reasonable and informed third party who is aware of the relevant

information would be expected to conclude that a member’s compliance with the rules is not compromised.

C. Identify and apply safeguards• Actions or other measures that may eliminate a threat or reduce a threat to an acceptable level


Many threats fall into one or more of the following seven broad categories:

• Adverse Interest

• Advocacy

• Familiarity

• Management Participation

• Self-Interest

• Self-Review

• Undue Influence


Safeguards that may eliminate a threat or reduce it to an acceptable level fall into three broad categories:

• Safeguards created by the profession, legislation, or regulation.

• Safeguards implemented by the client. It is not possible to rely solely on safeguards implemented by the client to eliminate or reduce significant threats to an acceptable level.

• Safeguards implemented by the firm, including policies and procedures to implement professional and regulatory requirements.

Case Study #1

Members in Public Practice - Valuation Example

The CFO of an audit client calls and asks for your firm to perform a valuation of the Company. You have audited the Company for years and have the historical financial information and knowledge of the Company. The purpose of the valuation is a potential large sale of stock based upon the stock value as determined in the valuation.

May A Firm Provide Valuation Services to an Attest Client?

Case Study #1

Members in Public Practice

Independence Example

Case Study #1

Members in Public Practice - Valuation ExampleA firm may not provide valuation, appraisal, or actuarial services to an attest client if:

• the results of the service would be material to the attest client’s financial statements.

• the service involves a significant amount of subjectivity.

For instance, your firm may not perform a valuation in connection with a business combination that would have a material effect on an attest client’s financial statements because that service involves significant subjectivity (for example, setting the assumptions and selecting and applying the valuation methodology).

Two limited exceptions apply to this rule.

1. Valuation, appraisal, or actuarial services performed for nonfinancial statement purposes may be provided if safeguards from the “General Requirements for Performing Nonattest Services” interpretation are met. (For example, the attest client assigns an individual to make an informed judgment on, and accept responsibility for, the results of the service.)

2. Actuarial valuation of an attest client’s pension or postretirement liabilities because the results of the valuation would be reasonably consistent, regardless of who performs the valuation.

Case Study #2

Members in Public Practice – Cyber Security Services

The CISO (Chief Information Security Officer) of an attest client requests your firm’s support in providing the following services:

1. Best practice review of cybersecurity practices, including benchmarking against a framework (NIST).

2. Advice and recommendations to improve the company’s policies, procedures and internal control relating to cybersecurity threats or practices.

3. Attack and penetration testing related to cybersecurity.

Case Study #2


Can these services be provided to an attest client?

1. Best practice review of cybersecurity practices, including benchmarking against a framework (NIST). Yes, provided the services are only advisory in nature.

2. Advice and recommendations to improve the company’s policies, procedures and internal control relating to cybersecurity threats or practices.

•Yes, provided services provided the services are only advisory in nature and comply with the “General requirements for Performing Nonattest Services”

Case Study #2


Can these services be provided to an attest client?3. Attack and penetration testing related to cybersecurity.

It depends. Independence will be impaired if the “attack and penetration” testing is done by performing ongoing evaluations of the attest client’s controls as part of the attest client’s monitoring activities. Ongoing evaluations monitor the presence and functioning of controls in the ordinary course of managing the attest client’s business. These activities would result in the member accepting responsibility for maintaining the attest client’s internal control which would be assuming a management responsibility.

However, the member may be able to provide “attack and penetration” testing without impairing independence if the testing is done by performing separate evaluations of the controls. The scope and frequency of such separate evaluations are a matter of judgment.


Part 2 Members in Business• Structured very similar to Part 1

• Threats / Safeguards similar, tailored more towards individuals in business vs. public practice

Both parts followed by detailed interpretations broken down into broad categories and scenarios to provide specific answers and guidance.

Case Study #3

Members in Business – Subordination of Judgement

Nick Jones, CPA, is a Divisional Controller for a publically traded company. Monthly, Nick signs off on the divisional financial statements and sends them to the Corporate office for inclusion in the Company’s results and filings. Upon a more detailed review of the Company’s Q3 filing, Nick had some questions on how his division was being reported – the Corporate Controller and Director of Financial Reporting indicated that they recorded some topside entries, adjusting some of the reserves and estimates, and Nick should support these adjustments when asked by the auditors. Nick suspects that the entries were made so that the Company would meet Earnings estimates, which they would have missed by a very small margin otherwise.

Case Study #3

Members in Business – Subordination of Judgement• Code of Prof. Conduct 2.130.020 Subordination of Judgment

• The “Integrity and Objectivity Rule” [2.100.001] prohibits a member from knowingly misrepresenting facts or subordinating his or her judgment when performing professional services for an employer or on a volunteer basis. This includes differences of opinion with a members supervisor

• In evaluating the significance of any identified threats, the member should determine, after appropriate research or consultation, whether the result of the position taken by the supervisor or other person

• fails to comply with professional standards, when applicable;

• creates a material misrepresentation of fact; or

• may violate applicable laws or regulations.

Case Study #3

Members in Business – Subordination of Judgement• Code of Prof. Conduct 2.130.020 Subordination of Judgment

• If the member concludes that threats are at an acceptable level, the member should discuss his or her conclusions with the person taking the position. No further action would be needed under this interpretation.

• If the member concludes that the position results in a material misrepresentation of fact or a violation of applicable laws or regulations, then threats would not be at an acceptable level. In such circumstances, the member should discuss his or her concerns with the supervisor.

• If the difference of opinion is not resolved after discussing the concerns with the supervisor, the member should discuss his or her concerns with the appropriate higher level(s) of management within the member’s organization.

Case Study #3

Members in Business – Subordination of Judgement• 2.130.030 Obligation of a Member Employer’s External Accountant

• When dealing with an employer’s external accountant, a member must be candid and not knowingly misrepresent facts or knowingly fail to disclose material facts.

NOTE: Resignation may be the final outcome, but the Code specifically states that “resignation may not relieve the member of responsibilities in the situation, including any responsibility to disclose concerns to third parties such as regulatory authorities or the former employer’s external accountant.”

Case Study #3

Additional Thoughts – Ethical ConflictsIf Fraud is suspected, how do you balance considerations of responsibilities to maintain confidentiality of the employers information?

• Consider all facts and established internal procedures• Be prepared to justify departures from either rule• Consult within the employer – if not resolved within, generally consult

Legal Council • IF conflict remains unresolved – the member will generally be considered

to be in violation of the ethics rules if he/she remains associated with the matter – consider resignation.

• DOCUMENT

Case Study #4

Members in Business – Conflict of Interest

Mary Jones, CPA, is the Director of Accounting for a large nonprofit organization. As part of Mary’s job responsibilities, she signs off on all major contracts and selects all professional service providers. The nonprofit’s board has approved Mary to engage a marketing firm for a series of special projects around driving fundraising in support of a new program to be launched on the eve of the organizations 50th anniversary. Mary’s husband is a shareholder and senior designer at one of the areas best marketing firms, with a strong track record of helping nonprofits in their development efforts. How should she handle the process?

Case Study #4

Code of Prof. Conduct 2.110.010 Conflicts of Interest for Members in Business

• In determining whether a professional service, relationship, or matter would result in a conflict of interest, a member should use professional judgment, taking into account whether a reasonable and informed third party who is aware of the relevant information would conclude that a conflict of interest exists.

• The following is one of a number of listed examples in the Code:• Being responsible for selecting a vendor for the member’s employing

organization when the member or his or her immediate family member could benefit financially from the transaction

Case Study #4

Code of Prof. Conduct 2.110.010 Conflicts of Interest for Members in Business• When an actual conflict of interest has been identified, the member should

evaluate the significance of the threat created by the conflict of interest to determine if the threat is at an acceptable level.

• In evaluating the significance of an identified threat, members should consider the following:• The significance of relevant interests or relationships.

• The significance of the threats created by undertaking the professional service or services. In general, the more direct the connection between the member and the matter on which the parties’ interests are in conflict, the more significant the threat to compliance with the rule will be.

Case study #4


• If the member concludes that the threat is not at an acceptable level, the member should apply safeguards to eliminate the threat or reduce it to an acceptable level. Examples of safeguards include the following:• Restructuring or segregating certain responsibilities and duties

• Obtaining appropriate oversight

• Withdrawing from the decision making process related to the matter giving rise to the conflict of interest

• Consulting with third parties, such as a professional body, legal counsel, or another professional accountant

Case Study #4


• The member should:• Disclose the nature of the conflict to the relevant parties and obtain consent as to the

safeguards• Document the nature of the circumstances, and the applied safeguards• Ensure that federal, state or local regulations also support the conclusions

• Question:• If Mary implements all available safeguards (recusal from selection process), and her

husband’s firm is selected, must still consider public perception. Would a donor to the organization understand the safeguards that kept her removed from a process that resulted in her husband’s Firm being selected? Perception vs. Reality

Enforcement Process

Joint Ethics Enforcement Program (JEEP) process• Complaint is filed

• Preliminary inquiry and analysis

• Respondents are identified

• Case investigator is assigned

• Opening letters are sent to respondents

• Evidence and interviews are collected

• Case is presented to the committee

• Committee votes on case and outcome

Enforcement Process

Possible conclusions of an investigation• No violation

• If there is no evidence of a violation, the investigation will be closed.

• Required corrective action (RCA)• The actions generally include CPE or pre-issuance reviews of engagements.

• Settlement agreement• In lieu of referring the case to the Joint Trial Board, the committee may, at its

discretion, choose to offer the respondent a non-negotiable settlement agreement.

• Referral to the Joint Trial Board (JTB)• The panel may find a respondent not guilty or, if a guilty verdict is issued, may expel or

suspend the respondent’s membership, admonish the respondent, or take additional action as it considers appropriate. A respondent may appeal a guilty verdict.

Michael Hoffner

• CPA

• Partner


Janice Snyder

• CPA

• Partner


Questions?

Building SuccessfulEmployee Relationships

A Cornerstone to Fraud Prevention

and Risk Management