As a recognition that registered auditors may at times be exposed to imperfect situations, the code of conduct equips IRBA’s members to think through ethical complexity, by referring to its conceptual framework. The code requires RAs to be able to identify, evaluate and address possible threats to the achievement of the code’s fundamental principles.
Professional codes are to their members what the security features of an operating system are to a piece of computer hardware. In October, SAICA held a series of webinars themed around Ethics, which could be thought of as the latest security patch for the registered auditor’s (RA’s) understanding of sound professional conduct. It was a check-in with the server to see whether the operating system has the latest security definitions. With an updated understanding of the latest threats in the market, the PC is able to better identify and evaluate them and apply safeguards to reduce them to an acceptable level. While auditors might have a knack for numbers, they exist in a world where their behaviour and relationships require the kind of nimble thinking that machines are not yet capable of. For these kinds of situations, RAs are equipped with a conceptual framework, to help them think and walk through ethical complexity.
The presentation of the code was delivered by Saadiya Adam, who holds the position of Senior Professional Manager: Standards at the Independent Regulatory Board of Auditors (IRBA) and is a newly appointed board member of the International Ethics Standards Board for Accountants (IESBA).
Beginning with a view of the codes that guide the accountancy profession, Adam turned the focus onto the IRBA Code of Professional Conduct. A recap of the code, and reflection on its requirements, was followed by a view into what the future may hold for the standards on professional conduct.
Identify. Evaluate. Address.
As a recognition that registered auditors may at times be exposed to imperfect situations, the code of conduct equips IRBA’s members to think through ethical complexity, by referring to its conceptual framework. Like a PC that assesses a security threat while performing a scan, the code requires RAs to be able to identify, evaluate and address possible threats to the achievement of the code’s fundamental principles. Taking an ethically unclear professional situation into consideration, registered auditors must assess whether a ‘reasonable and informed third party’ might conclude, given the necessary facts of the situation, that the registered auditor is still able to achieve the fundamental principles of the code by continuing the professional engagement. If so, then the threat is considered to be of an ‘acceptable level’, and no further action is required. If not, then the registered auditor is required to manage the threat by applying safeguards to reduce it to an acceptable level. This may be compared to the times when Windows OS has detected a security threat after performing a scan and tried to resolve it. Where it can’t, the security software might give the user the option of ‘quarantining’ it and therefore preventing it from impacting the other, healthy operations of the PC.
An example of this might be a threat to the values of objectivity or independence created by the following situation: an audit firm also provides ‘non-assurance’, ‘ad-hoc’ or tax-planning services to the same client. This kind of situation received particular attention in the webinar as the No 2 entry in the ‘Top 10 R-paragraphs’ which are sited in frequently asked questions by IRBA members. ‘R-paragraphs’ in the code are requirements which embed and support the conceptual framework. Specific guidance is provided for these kinds of situations. In the example used, R600.7 prohibits ‘a firm or network firm’ from assuming management responsibilities for an audit client. This particular type of situation forms part of the upcoming changes to the code, which will be clearer on what is prohibited.
Security update for COVID-19
Having provided a view into the code’s reflection mechanism, the presentation highlighted specific issues brought about by the current social context, which registered auditors should have a higher level of awareness about. This included an acknowledgment of additional risks that the pandemic – and the subsequent economic response to it – has presented for organisations and their auditors. Some of these include pressures on the ability of organisations to continue as going concerns into the foreseeable future and, the ability of auditors to make these assessments. This may have a cascading effect on the negotiations between registered auditors and their clients over audit and non-assurance service fees. The current challenging socio-economic conditions may also provide an incentive for clients to avoid complying with the laws and regulations that are applicable to their operations.
Working on updates – don’t turn off your computer
It is customary upon downloading security updates for a PC to ask its user to click on the “restart” icon. This allows time for the operating system to apply what it has learned and prepare for improved performance. For IRBA, this means taking time to respond to issues that have arisen in practice, and developing the code’s response to them. Among its future projects is an improvement of the “role and mind-set” of registered auditors, who will soon be required to consider what it means to maintain an “inquiring mind” throughout the completion of all kinds of professional services. This is in addition to the requirement that registered auditors maintain an attitude of “professional scepticism” to their assurance work. Another project in the works is the development of an “app-like” electronic version of the code. This is something which the International Federation of Accountants (IFAC) has developed for its code of ethics, which can be accessed via their website.