Sharp increases in the number of multinational audits being performed by U.S. accounting firms means that more CPAs are performing services under the International Federation of Accountants (IFAC) audit and attest standards. Although auditors must comply with the specific standards adopted in each jurisdiction, familiarity with IFAC’s International Ethics Standards Board for Accountants (IESBA) Code of Ethics for Professional Accountants (IESBA Code) in addition to the AICPA Code of Professional Conduct (AICPA Code) is a critical first step. When specifications differ, members should comply with the more restrictive of the applicable standards.
This article compares the AICPA and IESBA codes and highlights the AICPA’s efforts to codify the AICPA ethics standards and align them with the international standards.
COMPARING THE AICPA CODE TO THE GLOBAL STANDARD
The IESBA Code sets the global standard for the accountancy profession. The Code, available at tinyurl.com/372k2wg, was updated and revised in July 2009. The revisions clarified the requirements for all professional accountants and significantly strengthened the independence requirements. The new code is effective Jan. 1, 2011, with early adoption permitted. Several transitional provisions have been incorporated to allow professionals and firms time to implement the more stringent standards.
More similar than different. The IESBA and AICPA codes are more similar than different although some differences are significant. Though this article will focus mainly on the differences, in many cases, applying the codes to the same fact pattern will yield similar results. Also, some differences reflect formatting approaches and drafting conventions. For example, the IESBA Code is divided into three parts: Part A applies to all professional accountants; Part B, only to persons in public accounting; and Part C, to persons in business, in other words, everyone who is not in public practice. The AICPA does not apportion its principles and rules in this manner. Other differences are more substantive.
As for similarities, both codes address areas such as independence, due care, confidentiality and the truthful reporting of information. The principles underlying each code are also similar except that the IESBA addresses confidentiality and marketing as principles (the latter under professional behavior), applicable to all professionals, whereas the AICPA Code includes these as rules applicable to members in public practice. The IESBA ethics requirements for professional accountants in business, such as corporate accountants, are much like those found in the AICPA Code although certain IESBA guidance is more comprehensive (for example, inducements, acting with sufficient expertise).
Principles vs. rules. The IESBA Code is often referred to as a principles-based code while many consider the AICPA Code to be more rules based. Similar to comparisons made between IFRS and U.S. GAAP, these descriptions can be misleading. Professional accountants are required to comply with the fundamental principles of the IESBA Code and apply a “conceptual framework approach” to determine their compliance with the fundamental principles whenever they know (or should know) that circumstances or relationships may compromise their compliance (§ 100.08). While the onus is on the professional accountant to do this, the bulk of the IESBA Code describes how the conceptual framework applies in specific situations, for example:
- How providing nonassurance services (such as valuations) to an audit client may threaten an accounting firm’s independence.
- How receiving gifts or other inducements from a superior may threaten a corporate accountant’s objectivity.
Like the AICPA Code, the IESBA Code provides guidance for the more common—but certainly not all—practice situations. In all other instances, once a threat is identified, the IESBA requires a professional accountant to:
(i) Evaluate the significance of the threat (that is, determine whether the threat is at an acceptable level, meaning the threat would not compromise or appear to compromise the accountant’s compliance with the principle(s)) and
(ii) If the threat is insignificant (that is, at an acceptable level), no further evaluation is required, or
(iii) If the threat is significant (that is, not at an acceptable level), consider whether safeguards could eliminate or sufficiently reduce the threat to an acceptable level, and
- Apply safeguards, as necessary, to eliminate or sufficiently reduce the threat to an acceptable level, or
- Decline to perform (or discontinue) the engagement or professional services.
The sidebar “Threats and Safeguards” (at bottom of page) defines the terms and provides examples of each.
Despite the principles vs. rules argument, the IESBA Code does contain de facto rules; in several instances the Code states that the threats are so significant that no safeguards can be applied to reduce or eliminate threat(s) to an acceptable level. For example, an audit team member could not own stock in his or her client and apply safeguards to mitigate the threat to independence because the IESBA Code prohibits audit team members from investing in their clients (§ 290.104). In other words, it explicitly states that the threat to independence is insurmountable.
Differences in approach. Overall, the codes take somewhat different approaches. The IESBA uses the conceptual framework approach (described above) to evaluate ethical conduct throughout its code; the AICPA only requires members to use this approach if the rules do not address their situation. See the Conceptual Framework for AICPA Independence Standards (ET § 100.01 of the AICPA Code)—the “AICPA Conceptual Framework.” Under guidance issued by the AICPA in 2009, members also have the option of applying the Conceptual Framework approach when other rules in the Code do not address their situations. (See Guide for Complying with Rules 102–505 at tinyurl.com/34wyyzn).
Topics addressed. As mentioned, the codes address many of the same topical areas. However, some differences exist. For example, the AICPA Code dictates how members in public practice may structure and name their accounting practices (ET § 505) and describes several “discreditable acts” that violate the Code (ET § 501); the IESBA does not. Likewise, the IESBA Code includes three topics (outside of the independence area) for professional accountants in public practice that are not specifically addressed in the AICPA Code (see Exhibit 1).
Comparing independence. The IESBA Code discusses certain potential independence matters that do not appear in the AICPA independence rules. Examples include Long Association of Senior Personnel (Including Partner Rotation) with a Client (§§ 290.150–.155) and Fees—Relative Size (§§ 290.220–.222). So, for example, a member concerned about the significance of his or her audit fee would apply the AICPA Conceptual Framework (because no AICPA independence rule exists on the subject). Since both codes base their independence standards on the conceptual framework approach, the member should achieve a similar result applying the AICPA Code as he or she would applying the IESBA Code (see sidebar, “Application of the AICPA Conceptual Framework vs. Certain Comparable Provisions in the IESBA Code,” at bottom of page).
Public interest entities. The IESBA Code imposes additional independence provisions that reflect the public’s keen interest in certain types of entities. Public interest entities—or “PIEs”—are listed entities (for example, entities whose securities are listed on a recognized stock exchange) and entities whose auditors are required by law or regulation to comply with the same independence requirements as listed entities, which depending on the jurisdiction, may include certain banks or pension funds. Additional provisions fall into the following areas:
- Employment of audit team member or senior/managing partner (one-year “cooling off” period);
- Long association of senior audit personnel with audit client;
- Bookkeeping/payroll services;
- Valuation services;
- Tax calculations;
- Internal audit services;
- Information technology system design or implementation services;
- Recruitment services; and
- Significant client fees.
The AICPA rules do not include similar provisions for PIEs in these areas; however, the Code broadly requires members to comply with more restrictive rules applicable to their engagements, which can bring about similar results as the IESBA PIE rules. For instance, if B Company lists its common stock on the New York Stock Exchange, it would be considered a PIE under IESBA standards. A member auditing B Company who complies with the independence rules of the SEC and the PCAOB would also be in compliance with the AICPA and the IESBA codes because the SEC/PCAOB rules are as stringent (in some cases, more so) than the IESBA requirements.
Split-level independence. The IESBA also splits its independence requirements into two sections. The first—section 290—provides the strongest proscriptions and applies to audits and reviews of financial statements. The other—section 291—provides generally less restrictive independence standards that apply to all other assurance engagements. The AICPA does not bifurcate its independence standards; however, a very narrow exception exists for certain restricted-use reports issued under the Statements on Standards for Attestation Engagements (SSAEs), and a newly adopted standard on network firms applies only to financial statement audit and review engagements.
Exhibit 2, “IESBA Independence Requirements in § 290 That Generally Exceed AICPA Requirements,” highlights provisions in IESBA Section 290, Independence—Audit and Review Engagements, that are generally more stringent than relevant provisions of the AICPA Code (ET § 101, Independence). Exhibit 3, “AICPA Independence Requirements That Generally Exceed IESBA Requirements,” lists AICPA provisions that are generally more restrictive than the comparable IESBA provisions.
AICPA CODIFICATION AND CONVERGENCE PROJECTS
As a member body of IFAC, the AICPA agrees to have ethics standards that are at least as stringent as the IESBA standards. Since 2001, the AICPA Professional Ethics Executive Committee (PEEC) has undertaken certain convergence projects to align the AICPA Code with the IESBA Code (for example, network firms, AICPA Conceptual Framework). Efforts are ongoing and currently include initiation of a task force to evaluate the IESBA provisions for members in business and industry and another to review the application of independence rules to affiliates of an attest client.
Meaning of convergence. “ Convergence” in this context means PEEC may propose new or revised interpretations of AICPA rules if they are less strict than comparable guidance in the IESBA Code. Any proposed changes to the Code follow full due process under the AICPA bylaws, which includes exposure of the proposed standard to the membership and consideration of all comments at PEEC meetings that are open to the public. Convergence does not mean that PEEC will adopt lower standards when the IESBA standards are less strict.
Ethics Codification Project. In December 2008, the AICPA launched an Ethics Codification Project to reformat and enhance its ethics literature. Today, the literature exists in multiple locations, such that similar subject matters are sometimes disjointed, making it difficult for members to know for certain whether they have considered all the relevant matters. Similar to the FASB Accounting Standards Codification, the AICPA ethics literature will be put into a logically structured, topical format and redrafted using consistent wording conventions and styles. PEEC is re-evaluating ethics guidance that is outside the AICPA Code (for example, informal AICPA staff positions and basis for conclusions documents, which carry no authority but provide helpful guidance or background on the rules) to determine whether that guidance should be proposed for inclusion in the Codification as part of the authoritative standards.
The primary objective of the Codification Project is to improve the Code by making it topical and easier to use. Other important goals are to improve research capability through technology and to enhance the clarity of the Code. At the time this article was developed, PEEC’s Codification Task Force was considering the IESBA Code as a structural model for the Codification. AICPA members who perform audit and attest services under IFAC standards may find it simpler to understand any differences and comply with both codes if they are structured similarly. This approach is also consistent with recommendations in the U.S. Treasury Department’s Advisory Committee on the
Auditing Profession’s October 2008 report to promote the understanding of and compliance with professional independence requirements.
Member and other constituent feedback. Due to the significant changes PEEC expects to make to the style and structure of the AICPA Code, the committee will expose the Codification to the membership and consider those comments before adopting the new Code. PEEC will also communicate with and request input from constituent groups, including AICPA members, state boards of accountancy, CPA societies, accounting regulators and others, to keep them informed about the proposed changes and solicit their feedback.
The Codification Project is scheduled to be completed in about two years. Members and other interested parties are encouraged to relay their comments and questions about this project to PEEC at firstname.lastname@example.org.
- Sidebar: Threats and Safeguards
- Case Study: Application of the AICPA Conceptual Framework vs. Certain Comparable Provisions in the IESBA Code
Threats and Safeguards
Threats (Based on IESBA § 100.12)
Threats may be created by a broad range of relationships and circumstances. When a relationship or circumstance creates a threat, such a threat could compromise, or could be perceived to compromise, a professional accountant’s compliance with the fundamental principles. Examples include:
- Self-interest threat . The threat that a financial or other interest will inappropriately influence the professional accountant’s judgment or behavior.
- Familiarity threat. The threat that due to a long or close relationship with a client or employer, a professional accountant will be too sympathetic to their interests or too accepting of their work.
Safeguards (Based on IESBA §§ 100.13–.14)
Safeguards are actions or other measures that may eliminate threats or reduce them to an acceptable level and may be created by the profession, legislation or regulation or exist in the working environment. Examples include:
- Professional or regulatory monitoring and disciplinary procedures.
- External review by a legally empowered third party of the reports produced by a professional accountant.
- Using different partners and engagement teams with separate reporting lines for the provision of nonassurance services to an assurance client.
- Having a professional accountant, who was not a member of the assurance team, review the assurance work performed or otherwise advise as necessary.
Application of the AICPA Conceptual Framework vs. Certain Comparable Provisions in the IESBA Code
This brief case study illustrates how proper application of the AICPA Conceptual Framework should provide similar results as the application of a comparable provision in the IESBA Code.
Partner A has been the lead partner on the audit of Company Z, a privately owned manufacturer, for eight years. Given her tenure as Company Z’s auditor and long association with its management, Partner A was concerned about the possible impact of the long-term relationship on the appearance of her independence. She researched the AICPA Code, but found no specific independence rule that addressed her concern. Thus, as required under ET § 101.02, Partner A applied the AICPA Conceptual Framework (ET § 101.01).
In the framework, she learned that prolonged association with an attest client may cause a familiarity threat to the appearance of independence (ET § 101.01.16(b)). She believed the threat was at an unacceptable level and required the application of safeguards. Partner A and her firm agreed that the following safeguards would sufficiently mitigate the threat to independence: (i) have an independent partner in the firm, who was not associated with the engagement, perform a pre-issuance review of the engagement (ET § 101.01.26(p)), and (ii) identify the engagement in the firm’s peer review taking place later that year.
Both the AICPA and the IESBA codes allow professional accountants to apply judgment in determining whether threats require the application of safeguards, and if they do, to determine whether (and which) safeguards would effectively reduce or eliminate those threats. While the IESBA Code provides factors to consider and examples of safeguards that may mitigate threats to independence specific to the type of situation, the AICPA Conceptual Framework also provides guidance on the types of relationships that cause familiarity and other threats to independence (for example, ET §§ 101.01.12–.19) and safeguards that may reduce or eliminate threats (for example, ET §§ 101.01.24–.26). Thus, whether Partner A applies the AICPA Code or the IESBA Code to these facts, the outcome likely would be similar. Other areas in which a similar comparison could be made would be for partner compensation and evaluation and significant clients.
in new window; click once on image to
IFAC’s International Ethics Standards Board for Accountants promulgates the Code of Ethics for Professional Accountants (IESBA Code). The latest edition of the IESBA Code was updated and revised in July 2009 and is effective Jan. 1, 2011. The revisions clarified the requirements for all professional accountants and significantly strengthened the independence requirements.
The IESBA and AICPA codes are more similar than different although some differences are significant. In many cases, applying the codes to the same fact pattern will yield similar results.
The IESBA Code discusses certain potential independence matters that appear in the AICPA Conceptual Framework but not in the AICPA independence rules. Examples include Long Association of Senior Personnel (Including Partner Rotation) with a Client (§§ 290.150–.155) and Fees—Relative Size (§§ 290.220–.222).
The IESBA Code imposes additional independence provisions that reflect the “extent of public interest in certain entities.” Public interest entities—or “PIEs”—are listed entities (for example, entities whose securities are listed on a recognized stock exchange) and entities whose auditors are required by law or regulation to comply with the same independence requirements as listed entities.
The IESBA splits its independence requirements into two sections. Section 290 provides the strongest proscriptions and applies to audits and reviews of financial statements. Section 291 provides generally less restrictive independence standards that apply to all other assurance engagements. The AICPA does not bifurcate its independence standards.
Catherine Allen (email@example.com) is the founder of the consulting firm Audit Conduct.
To comment on this article or to suggest an idea for another article, contact Matthew G. Lamoreaux, senior editor, at firstname.lastname@example.org or 919-402-4435.
- “A Global Standard for Professional Ethics,” May 2008, page 46
- “Navigating the Crossroads of Control and Independence,” Dec. 2007, page 42
- “Ethics Rules Get Tighter,” Dec. 2006, page 59
Use journalofaccountancy.com to find past articles. In the search box, click “Open Advanced Search” and then search by title.
Independence and Ethics Developments Audit Risk Alert (#0224709)
For more information or to make a purchase, go to cpa2biz.com or call the Institute at 888-777-7077.
AICPA Professional Ethics Division, tinyurl.com/267adgk
- International Ethics Standards Board for Accountants, ifac.org/Ethics
- International Auditing and Assurance Standards Board, ifac.org/IAASB
- Public Interest Oversight Board, ipiob.org
More from the JofA: