ETHICS, LEGAL LIABILITY
AND CLIENT ACCEPTANCE
Moroney
Chapter 2
WIRECARD
In Germany, EY issued unqualified audit opinions to Wirecard over a ten year
period, failing to spot that much of the revenues and hundreds of millions of
corporate currencies were fake.
Following Wirecard’s insolvency, EY is facing large lawsuits and Germany’s
audit regulator APAS is expected to impose significant sanctions.
German regulators accused auditors of lacking independence and called for
more professional scepticism.
As a result, auditors worldwide have become more selective in accepting and
continuing clients, rejecting those which are considered high risk, with weak
governance and management with a questionable ethical record.
Source: Financial Times ‘EY, KPMG and the fallout of two accounting scandals’,
Olaf Storbeck, 22 March 2023, olaf.storbeck@ft.com. See also the Netflix
Documentary ‘Skandal’.
LECTURE CONTENT
The fundamental principles of professional ethics
The Code of professional conduct
Auditor independence
Auditors and key groups during the audit engagement
Auditor’s legal liability to their client and third parties
Factors in the client acceptance or continuance
decision.
AIMS OF PROFESSIONAL CODE OF
CONDUCT
Recognize the public interest responsibility of the accounting
profession.
Establish the standard of behavior expected of an assurance
practitioner (the Code).
Provide a conceptual framework that assurance practitioners are to
apply in order to identify, evaluate and address threats to compliance
with the fundamental principles.
ETHICS STANDARDS
Professional and ethical standard (PES) 1: International Code of Ethics
for Assurance Practitioners, including Independence
This PES is known as ‘The Code’.
Also there are:
PES 3 : Quality Management for Firms that Perform Audits or Reviews
of Financial Statements, or Other Assurance or Related Services
Engagements
PES 4: Engagement Quality Reviews
FUNDAMENTAL PRINCIPLES OF
PROFESSIONAL ETHICS
All members of the professional accounting bodies are to comply with the
fundamental ethical principles (PES 1):
1.
integrity
2.
objectivity
3.
professional competence and due care
4.
confidentiality
5.
professional behaviour.
Mnemonic: IOPCP
LITERAL AND PRACTICAL MEANING OF
ETHICS TERMS (SUMMARY)
Integrity: The quality of being honest and having strong moral principles
Objectivity: As an adjective ‘objective’ has a number of meanings. In the context of a
person or their judgment, it literally means not being influenced by personal feelings or
opinions in considering and representing facts.
Professional competence: the ability to do something well in defined tasks.
Confidentiality: the state of keeping or being kept secret or private. (How does one
balance this with ‘transparency’?)
Professional behaviour: a form of etiquette in the workplace which is linked primarily
to respectful and courteous conduct.
FUNDAMENTAL PRINCIPLES OF
PROFESSIONAL ETHICS: INTEGRITY
 To the obligation that all members of the professional bodies be straightforward
and honest.
 A member shall not knowingly be associated with reports, returns, communications
or other information where the Member believes that the information:
 contains materially false or misleading statements
 contains statements or information furnished recklessly
 omits or obscures information required to be included where such omission or
obscurity would be misleading.
(Is this last bullet point related to transparency, perhaps?)
FUNDAMENTAL PRINCIPLES OF
PROFESSIONAL ETHICS: OBJECTIVITY AND
PROFESSIONAL COMPETENCE
Objectivity:
• Not allow personal feelings or prejudices to influence
professional judgement.
• Be unbiased.
• Not allow conflict of interest or influence of others to impair
decision process.
•Professional competence and due care:
• Maintain knowledge and skill at a level required by
professional bodies.
• Keep up-to-date with changes in regulations and standards.
• Continue education and work experience.
• Act diligently, taking care to complete each task thoroughly,
document all work, finish on a timely basis.
FUNDAMENTAL PRINCIPLES OF
PROFESSIONAL ETHICS: CONFIDENTIALITY AND
PROFESSIONAL BEHAVIOUR
Confidentiality:
• Refrain from disclosing information to people outside the
workplace that is learned as a result of employment.
• Exception if legal requirement to disclose.
• Not allowed to use confidential information to their advantage or
advantage of another person.
•Professional behaviour:
• Comply with rules and regulations and do not harm reputation of
the profession.
• Be honest in representations to current and prospective clients.
• Do not claim to provide services they cannot provide, or
qualifications they do not possess, or experience they do not
have.
• Do not undermine reputation of, or quality of work produced by,
others.
INDEPENDENCE
Independence is the ability to act with integrity,
objectivity and with professional scepticism
(questioning mind).
Independence is the quality of an auditor and
auditing that overlays the principles embodied in
the Ethics standards (overlaps with these).
Lack of auditor independence impacts on credibility
and reliability of financial reports and the
profession.
The auditor must be, and be seen to be,
independent.
INDEPENDENCE
•Independence of mind of the auditor:
• ability to act independently
• ability to make a decision free from bias
• personal belief and client pressures.
•Independence in appearance of the auditor:
• belief of third parties that independence of mind of the
auditor has been achieved.
CONCEPTUAL FRAMEWORK (FOR ETHICS
STANDARDS AND INDEPENDENCE)
The Code provides a conceptual framework for assurance practitioners
that are to be applied to identify, evaluate and address threats to
compliance with the fundamental principles.
Doing this requires exercising professional judgement, remaining alert for
new information, and using the reasonable and informed third party test.
The reasonable and informed third party test: Would the same conclusions
be reached by a reasonable third party with the same facts?
When threats are not at an acceptable level, the conceptual framework
requires the assurance practitioner to address those threats.
Applying safeguards is one way that threats might be addressed.
Safeguards are actions individually or in combination that the assurance
practitioner takes that effectively reduce threats to an acceptable level.
TYPES OF THREAT
Threats to the fundamental principles:
1. self-interest
2. self-review
3. advocacy
4. familiarity
5. intimidation.
Mnemonic: SSAFI ? or S(i)S(r)AFI or something else!
THREATS TO FUNDAMENTAL PRINCIPLES
Self-interest threat:
 Occurs if the audit firm or its staff have a financial interest in
the audit client.
 Examples:
 Can occur if the audit firm or its staff have financial interest
in audit client.
 Bank account held with the client.
 Shares owned by staff of the audit firm in the client.
 A loan to or from the audit firm by the client.
 Fee dependence, where the fees from a client form a
significant proportion of all fees of the firm.
 Close business relationship with the client.
THREATS TO FUNDAMENTAL PRINCIPLES
Self-review threat:
 Occurs when the assurance team assess their own work or
work done by others in their firm.
 Examples:
Assurance team member has recently been an
employee or director of the client.
Preparing information for the client that is then assured.
Performing services for the client that are then assured.
THREATS TO FUNDAMENTAL PRINCIPLES
Advocacy threat:
• Examples:
•Encouraging others to buy client’s shares or bonds.
•Representing client in negotiations with third party.
•Representing the client in a legal dispute.
•Occurs when an audit firm or assurance staff act, or is
believed to act, on behalf of assurance client.
•Leads to questioning of auditor’s objectivity.
THREATS TO FUNDAMENTAL PRINCIPLES
Familiarity threat:
 Occurs when a close relationship exists or develops between assurance
firm and client, or firm and client personnel.
 Assurance staff can become too sensitive to needs of client and lose
objectivity.
 Examples:
 Long association between assurance firm and client.
 Long association between assurance firm and client personnel.
 Close personal relationships between assurance firm staff and senior
client personnel.
 Former partner of assurance firm holding senior position at the client.
 Acceptance of gifts by members of assurance team from their client
(other than minor tokens).
 Acceptance of hospitality by members of assurance team from client
(other than minor gestures).
THREATS TO FUNDAMENTAL PRINCIPLES
Intimidation threat:
 Can occur when member of assurance team feels threatened
by the client’s staff or directors.
 Assurance team member unable to act objectively, fearing
negative consequences.
 Examples:
 Threat that client will use different assurance firm next year.
 Undue pressure to reduce audit hours to reduce fees paid.
ADDRESSING THREATS
PES 1 R120.10 If the assurance practitioner determines that the
identified threats to compliance with the fundamental principles are
not at an acceptable level, the assurance practitioner shall address
the threats by eliminating them or reducing them to an acceptable
level. The assurance practitioner shall do so by:
(a) Eliminating the circumstances, including interests or relationships,
that are creating the threats;
(b) Applying safeguards, where available and capable of being
applied, to reduce the threats to an acceptable level; or
(c) Declining or ending the specific professional activity.
EXAMPLES IN PES 1 OF TYPES OF BIAS
(R120.12 A2)
Anchoring bias
Automation bias
Availability bias
Confirmation bias
Groupthink
Overconfidence bias
Representation bias
Selective perception
EXAMPLES OF ACTIONS TO ADDRESS THE
EFFECT OF BIAS (PES 1 120.12 A3)
Seeking advice from experts to provide additional input.
Consulting with others to ensure appropriate challenge as part of the
evaluation process
Receiving training related to the identification of bias as part of
professional development.
Note: These examples in PES 1 of the threat to the fundamental
principle of objectivity and how it might be addressed by the auditor
are an illustration of the extensive content in PES 1 concerning threats
and safeguards. Sections 210 to 270 describe certain threats that
might arise during the course of performing professional activities and
include further examples of actions that might address such threats.
SOURCES OF SAFEGUARDS TO FUNDAMENTAL
PRINCIPLES
•Legislation or regulation:
•Code of ethics
•Licensee auditors of FMCs are required to comply with all
mandatory, ethical, professional standards and pronouncements
of CAANZ and the CPPA, including independence.
•A statement of the auditor’s independence is made in the audit
report ISA(NZ) 720 (Revised).
•quality control standards - ISA(NZ) 200 series; PES 3.
•client acceptance and continuance criteria (ISA(NZ) 210; PES 4.
•Implementation of ISA (NZ).
•Created by clients:
•corporate governance; management policies and procedures.
SOURCES OF SAFEGUARDS TO FUNDAMENTAL PRINCIPLES
•Auditors and shareholders:
• Audit report addressed to shareholders.
• Attendance at AGM.
• Formal responsibility for auditor appointment.
•Auditors and the board of directors:
• Executive and non-executive directors.
• Large companies have committees made up of
several directors to deal with specific issues.
SOURCES OF SAFEGUARDS TO FUNDAMENTAL
PRINCIPLES
Auditors and the audit committee:
• A special committee of the board of directors.
•Acts on behalf of board in financial reporting and audit
matters.
•NZX Listing Rules require all issuers to establish an audit
committee and stipulate its minimum membership and
responsibilities.
•The Reserve Bank of New Zealand requires NZ incorporated
banks and licensed insurers to establish an audit committee
•Audit Committees enhance auditor independence via such things
as:
•Having a majority of non-executive directors.
•Members possessing financial accounting knowledge.
•Meetings with external and internal auditors.
SOURCES OF SAFEGUARDS TO FUNDAMENTAL
PRINCIPLES
Auditors and internal auditors:
•Viewed by external auditor as part of client.
•External auditor can reduce scope of external
audit testing if there is an effective internal
audit function ( ISA (NZ) 610).
•Depends on internal auditor’s:
•objectivity
•technical competence
•professional due care
•communication with external auditors.
CLASS QUIZ
Professional competence refers to the members of a professional body;
a.
Maintaining the knowledge to adequately operate in
their clients industry.
b.
Maintaining a level of understanding of their clients
business operations.
c.
Maintaining a level of commitment to their industry
associations.
d.
Maintaining their level of knowledge and skill required
by the professional body.
Answer: d
CLASS QUIZ
Professional behaviour refers to the obligation that all members of the
professional bodies:
a.
refrain from disclosing information to people outside of their
workplace that is learned as a result of their employment.
b.
not allow their personal feelings or prejudices to influence their
professional judgement.
c.
ensure that they do not harm the reputation of the accounting
profession.
d.
be straightforward and honest.
Answer: c
CLASS QUIZ
Objectivity refers to the obligation that all members of the professional
bodies:
a.
ensure that they do not harm the reputation of the accounting
profession.
b.
refrain from disclosing information to people outside of their
workplace that is learned as a result of their employment.
c.
be straightforward and honest.
d.
not allow their personal feelings or prejudices to influence their
professional judgement.
Answer: d
CLASS QUIZ
Independence in appearance is:
a.
the belief that independence of mind has been achieved.
b.
the ability to act with integrity, objectivity and professional
scepticism.
c.
also referred to as actual independence.
d.
the ability to make a decision that is free from bias, personal
beliefs and client pressures.
Answer: a
LEGAL LIABILITY
Generally, an external auditor must exercise due care, be
diligent in applying standards and documenting work.
Auditors can be found negligent and liable for damages if
it is established that:
1. A duty of care was owed by the auditor.
2. There was a breach of the duty of care.
3. A loss was suffered as a consequence of that
breach.
LEGAL LIABILITY
Legal liability to clients:
 Liability under either contract or tort law.
 Negligence: failed in performance of audit by
being careless and breaching duty of care.
 Contract: failed duty of care implicit in acting as
auditor and explicit in engagement letter.
 Case law shows the change in definition of
‘reasonable’ care and skill over time as standards
change.
LEGAL LIABILITY
Legal liability to clients:
Key cases:
London and General Bank Ltd (1895).
Kingston Cotton Mill (1896).
Pacific Acceptance (1970)* Not enough auditor scepticism.
AWA (1995)* Auditor liable for not reporting deficiencies.
Centro (2012)* No judgement. PwC settled.
HIH Royal Commission Report (2003) (‘scepticism’ of auditors
mentioned in report ).
Contributory negligence:
Contributory negligence applied in AWA (1995) case.
If directors are also negligent, each party is held accountable in
proportion to their guilt.
This principle applies in Australia, not clear if it applies or will
apply in New Zealand in the future.
PACIFIC ACCEPTANCE CASE
Justice Moffit on duties of the auditor:
1.
Reasonable skill and care (confirming same principle as in
London and general bank)
2.
Check data themselves
3.
Audit the whole year
4.
Supervise staff quality
5.
Document procedures
6.
Inform management
7.
Take appropriate further action
8.
Follow professional standards
LEGAL LIABILITY
Legal liability to third parties:
No contract between auditor and third parties, they must rely on tort law
and show duty of care.
Duty of care less likely with third parties.
Key cases:
Candler (1951): Auditors liable to third parties that the auditors know
their clients will show the accounts to (dissenting obiter by Denning).
Scott Group (1978)**: Auditors liable to third parties that they can
reasonably foresee may rely on the financial report of their client.
Caparo (1990): Reasonable proximity between auditor and third
parties as a group (e.g. shareholders), and knowledge of the decisions
they intend to make.
Columbia Coffee and Tea (1992): Audit firm had manual stating they
acknowledge that third parties would rely on audited accounts.
However, this decision was rejected in Esanda.
LEGAL LIABILITY
Legal liability to third parties:
 Key cases:
 Esanda (1997):
 Contrasts against Columbia finding.
 Australian High Court ruled that for a third party to establish duty of
care, they must show:
 The report was prepared on the basis that it would be communicated to a
third party.
 The report was likely to be relied upon by that third party.
 The third party ran the risk of suffering a loss if the report was negligently
prepared.
 Third parties can request privity letter.
PROCEDURES TO REDUCE RISK OF LEGAL
LIABILITY
Avoidance of litigation:
 Hire competent staff, regular training.
 Comply with ethical and auditor regulations.
 Implement policies and procedures:
 Client acceptance.
 Staff allocation.
 Ethical and independence issue identification and rectification.
 Adequate work documentation.
 Gather adequate and appropriate evidence to support opinion.
 Auditor can take steps to avoid litigation:
 Meet with client’s audit committee to discuss significant issues arising in
audit.
 Follow up any significant weaknesses in client’s internal control
procedures from previous year audit.
CLIENT ACCEPTANCE AND CONTINUANCE
DECISIONS
The first stage in any audit is client acceptance or continuance decision.
 Step 1: assess client integrity.
 Step 2: assess audit firm’s ability to meet ethical requirements, service client.
 Step 3: prepare client engagement letter.
Client integrity - auditor should consider:
 Reputation of client, management, directors, key stakeholders.
 Client’s reason for switching auditor.
 Client’s attitude to risk exposure and management.
 Client’s attitude to using internal controls to mitigate risk.
 Appropriateness of the client’s interpretation of accounting rules.
 Client’s willingness to allow auditor full access to information required
to form an opinion.
 Client’s attitude and willingness to pay fair amount for audit work.
CLIENT ACCEPTANCE AND CONTINUANCE
DECISIONS
Auditor can obtain information from:
 Communication with prior auditor (with client’s permission, PES 1),
client personnel, third parties, key competitors.
 Review of press articles.
Ethical requirements:
 Consider if any threats to fundamental principles arise from
appointment (PES 1).
 Auditor must ensure it has sufficient staff available with required
knowledge to complete audit (professional competence and due
care).
 Consider potential threats, safeguards and remedies.
 Decline appointment if threat insurmountable.
CLIENT ACCEPTANCE AND CONTINUANCE
DECISIONS
Engagement letter (ISA(NZ) 210):
 Prepared by auditor, acknowledged by client.

Form of contract, can expand on obligations in Corporations
Act.

Explains scope of audit, timing of various aspects of audit,
overview of client responsibilities.

Confirms auditor’s right of access to information,
independence considerations.

Sets fees.
FORM OF ENGAGEMENT LETTER
To the Board of Directors of ABC Company:
1.
The objective and scope of the audit
2.
The responsibilities of the auditor
3.
The responsibilities of the directors and identification of the
applicable financial reporting framework
4.
Other relevant information
5.
Reporting - reference to the expected form and content of the
auditor’s report
XYZ & Co.
Acknowledged and agreed on behalf of ABC Company by
(Signed)
CLASS QUIZ
Which of the following was an observation or recommendation by
Justice Owen in the HIH Royal Commission Report?
a.
audit reports should be addressed to shareholders.
b.
auditor independence is not a critical element in establishing
the credibility of an auditor's report.
c.
boards of directors should establish an audit committee.
d.
an independent and objective audit, conducted with an
appropriate degree of professional scepticism, is required.
Answer: d
CLASS QUIZ
Under tort law, to prove that and auditor has been negligent the
plaintiff must establish:
a.
a duty of care was owed by the auditor.
b.
a loss was suffered as a result of the breach of duty of care.
c.
there was a breach of the duty of care.
d.
all of the above.
Answer: d
CLASS QUIZ
Which of these cases established the legal principle that auditors owe
a duty of care to shareholders as a group and not to individual
shareholders?
a.
Caparo.
b.
Esanda.
c.
Pacific Acceptance.
d.
Scott Group.
Answer: a