New Ethics Guidance for CPAs in Public Practice and Business [CPA Journal, The]

An Examination of Changes to the Code ofProfessional Conduct

The AICPA' s Professional Ethics Executive Committee (PEEC) recently amended parts of the Code of Professional Conduct, which went into effect on November 30, 2011. It also issued an exposure draft on September 23, 2011, that focused on departures from established accounting principles and requests for records by clients and will become effective on April 30, 2012. The new or revised ethics interpretations and rulings (EIR) will affect accountants in both public and private practice. In the Exhibit, the first column denotes the new sections of the code, the second and third columns compare the previous requirements to the new guidance, and the fourth column reveals the effects on CPAs.

The following are the major new goals of the EIRs:

* Further refine a comprehensive, conceptual framework for independence standards

* Clarify the applicability of the code

* Define members in business

* Limit members from disclosing client information to outsiders

* Limit disclosure of confidential information learned from former employers

* Require members in business to recognize and respond to financial interest "threats and safeguards" to their integrity and objectivity

* Extend the ban on false, misleading, or deceptive acts to members in business

* Reinterpret how to apply independence requirements to entities affiliated with attest clients

* Permit auditors of educational institutions to work as part-time faculty for these clients

* Bring Interpretation 101-3, Performance of Nonattest Services, under Rule 101, Independence

* Permit non-GAAP financial reporting frameworks to fall within the context of Rule 203

* Clarify such terms as client-prepared records and member-prepared records, and when a member can withhold records for unpaid client fees.

Revised ET Section 100-1: Conceptual Framework

To help clarify which type of entity should be considered a public interest entity (PIE) when determining the nature and extent of applicable independence safeguard standards, the PEEC has revised ET section 100-1, Conceptual Framework for AICPA Independence Standards. This framework considers the following entities as PIEs: "all listed entities and any entity for which an audit is required by regulation or legislation to be conducted in compliance with the same independence requirements that apply to an audit of listed entities (for example, the Securities and Exchange Commission, the Public Company Accounting Oversight Board, and other similar regulators or standard setters)." This revision uses a less comprehensive definition of entities to be considered PIEs, and thus does not include such entities as governmental retirement plans or entities subject to the requirements of the Single Audit Act.

The PEEC is also moving to codify the AICPA' s ethics standards to help members apply the rules and reach the right conclusions more easily. The PEEC still must restructure the code into topical areas and edit the code using consistent drafting and style conventions. For example, ET section 100-1 recognizes that safeguards include controls that now reduce threats impairing independence to an acceptable level, based upon the auditor's experience and judgment.

Similar to FASB's current work developing a conceptual framework to help coordinate U.S. GAAP and International Financial Reporting Standards, the PEECs improved conceptual framework should help members comply with certain ethics requirements by defining concepts and terms - such as independence, threat, safeguard, acceptable level - and providing examples of different types of threats and safeguards. Once a threat to their compliance with the independence standard is identified, members may use the framework to evaluate the threat and determine whether applicable safeguards can eliminate threats or reduce them to acceptable levels.

Revising or recasting independence provisions to reflect the conceptual framework approach should enhance the understanding of the Code of Professional Conduct and provide additional context for the rules and guidance used in applying the framework. But recasting the independence provisions will not change the substance of existing rules that allow members to apply judgment. For example, if a covered member holds stock in an audit client, the only safeguard against the financial selfinterest threat to independence is to relinquish the stock or cease being a covered member, which is identical to current rules.

Revised ET Section 91: Applicability

The AICPA bylaws require members to adhere to the rules in its Code of Professional Conduct. The PEEC has adopted new guidance in ET section 91, Applicability, which will not discipline a member for the code violation of a foreign component auditor whose conduct complied with the International Ethics Standards Board for Accountants (IESBA) ethics or independence standards. Likewise, a member of a network firm would not face AICPA disciplinary action for a code violation by a firm in the network located outside the United States, as long as the foreign firm followed IESBA ethics and independence standards.

Case 1. Jim Francis is the engagement partner auditing Hi-Tech Ltd., a Europeanbased corporation. Francis was just made aware of a departure from the AICPA Code of Professional Conduct, committed by the foreign auditor on the engagement. Francis is now concerned that he may be subject to disciplinary action by the AICPA and has requested advice from the firm's executive office.

According to the revised ET section 91, Francis would not be disciplined by the AICPA as long as the foreign component auditor follows the IESBA standards at a minimum.

New ET Section 92: Definitions

The PEEC also clarified which sections of the code apply to members in the practice of public accounting or in business, and which apply to all members. Members deemed to be in business include those employed by or serving as a volunteer in industry, the public sector, education, notfor-profit, or a regulatory setting. Therefore, a member in public practice is also considered a member in business if serving as a volunteer at a not-for-profit entity. While serving as a volunteer, the member must follow applicable ethical requirements for members in business as well as those requirements for public members related to their specific roles.

The PEEC further clarified the definition of confidential client information by evaluating the question of whether a member would violate the confidentiality rule if client information were distributed to a third party on a no-name basis for academic research or benchmarking purposes. A PEEC task force identified three categories of client information: 1) information in the public domain, 2) information not in the public domain, and 3) information in the member's possession. These new definitions of members in business and confidential client information are introduced in the following case study, which will continue to develop as the article highlights the new or revised interpretations or sections of the code.

Case 2: introducing the issues. Max & Carl (M&C) recently decided to become a client-based, full-service business organization, one that will go beyond providing financial planning to offer management consulting services to its over 1,000 clients. M&C also has two subsidiaries: a broker-dealer and an insurance company. The insurance company is an attest client of Sax & Coe CPAs LLP (S&C). Many such clients have recently asked M&C to provide attest services. M&C has proposed that S&C become an M&C subsidiary under an alternative practice structure format, where S&C would continue to operate its audit practice as before. Currently, the insurance subsidiary has controlling interests in two unrelated entities - a payroll processing entity and a small savings bank.

During the merger negotiations, S&C s managing partner asked to review M&C s client base for potential conflicts of interest. M&C s board members politely refused, stating that its client base contains many very reputable businesses and individual clients that were very carefully selected. But M&C agreed to let S&C review its top 25 clients' financial profiles. In exchange, M&C requested that S&C provide certain confidential, but redacted, information about select S&C clients for possible future consulting engagements for M&C s other service entities. After much discussion, S&C agreed to this concession.

The merger agreement also included a negotiated amount to rent office equipment, back office, billing, and collection functions for S&C. As a new M&C member, S&C looked forward to expanding its attest services to M&C s clientele. After the merger agreement, two S&C employees told the managing partner that they had family members who were in key financial positions in the payroll processing division of the insurance subsidiary.

An S&C partner has now questioned the threats to independence requirements related to the new association and is investigating which AICPA independence rules, if any, apply to these issues.

Revised ET Section 391: Disclosure of Client Information to Third Parties

Trade associations, college professors, and others often ask members for client information that is unavailable to the public for benchmarking or research purposes. Under the new guidance, members may no longer disclose such information without the client's permission, unless it is already in the public domain or available to the public, such as through the public press, commercially available databases, on client websites, or publicly available regulatory or other government websites.

In 2008, the PEEC created a task force to consider whether a member disclosing information on a no-name basis to a third party would be in violation of Rule 301, Confidential Client Information. The PEECs new ethics interpretation states that a member would be in violation of Rule 301 if the information were deemed confidential client information, even on a noname basis, unless specific client consent was received. Thus, before disclosing confidential client information directly to third parties or others who can reach third parties, a member should obtain the client's specific consent - preferably in writing - about the nature of the disclosed information, the type of third party to whom it may be disclosed, and its intended use. Members can market business services or advise current or prospective clients of information based on their expertise or knowledge obtained from prior client experiences (e.g., services provided to other clients or common practices within a client's industry), but they cannot disclose information that could identify specific clients.

Case 2: resolving the disclosure issue. Given the information above, S&C cannot disclose redacted client information without the client's permission in Case 2, unless the information resides in the public domain, such as the public press or a commercial (or government) database.

New Interpretation 101-18: Entities Affiliated with Attest Clients

To clarify when client affiliates can affect a member's independence, the new Interpretation 101-18 relies on the guidance in FASB's Accounting Standards Codification (ASC) 810-10-15-8, Consolidation. It defines a controlling financial interest as "ownership of a majority voting interest, and thus as a general rule ownership by one reporting entity, directly or indirectly, of more than 50 percent of the outstanding voting shares of another is a condition pointing toward consolidation." The power to control may also exist with a lower percentage of ownership.

The new interpretation identifies various types of entities that can be considered affiliates of a financial statement attest client, primarily the following two groups: 1) traditional entities, such as subsidiaries and parents, and 2) nontraditional entities, such as unregistered investment companies and benefit plan sponsors. Thus, members should now apply the independence provisions of the code that are applicable to a financial statement attest client to its affiliates as well. The new interpretation does contain the following four exceptions to this requirement:

* The AICPA Code of Professional Conduct now allows covered members to loan funds or to receive loans from an officer, director, or 10%-or-more affiliate coowner of an attest client, unless the members know that the individual is in a key position with the affiliate. In such cases, members should now consult the new conceptual framework when they have knowledge that the individual making or receiving the loan is in a key position with an affiliate.

* Members reasonably ascertaining no existing self-review, management participation, or other similar threats can often provide nonattest services to affiliates, such as compilation or review services, with the proper disclosures.

* Under certain conditions, members can work at affiliates (as noted in the definitions section for affiliates) in key accounting positions. Members in a position to influence an attest engagement or part of the engagement team must report any consideration of employment with the affiliate.

* Affiliates can hire members' immediate family members and other close relatives of the entity only when the position does not place them in a key position with the audit client.

Case 2: resolving the issue of the insurance subsidiary's affiliates. In Case 2, the two unrelated entities are identified as the insurance subsidiary's affiliates, which the subsidiary controls. S&C should therefore evaluate its independence under ET section 100-1, Conceptual Framework for AICPA Independence Standards, which would require S&C to consider the threats and safeguards related to the affiliates due to the subsidiary's control issue, as well as S&C employees' family members having key financial positions in the payroll processing division.

New Interpretation 501-9: Information Obtained from Former Employment

Members often apply information - such as new technology issues - learned from one employer to their next employment position. The new Interpretation 501-9 deems disclosing confidential information arising from such employment, without the former employer's specific consent, as an act discreditable to the profession - unless a legal or professional responsibility allows such disclosures or the information is in the public domain. Members may no longer disclose confidential information pertaining to a current or previous employer, subsidiary, affiliate, or parent company (even if working there as a volunteer); nor may they hold discussions with a former employer's vendors, customers, or lenders. Members should also not make inadvertent disclosures to close business associates or family members, and should ensure that employees under their control recognize this requirement of confidentiality, even after they have changed jobs. But this new interpretation does not prohibit members who change employment from using nonconfidential experiences for the new employer's benefit.

Case 3. Alex Jones had a successful public accounting career, rising to become a senior manager. After working 10 years in public accounting, he accepted a position as CFO with a former client. During his last six years as CFO, he and his coworkers developed new process methodologies related to selected internal control activities that were unique to his company and industry. Jones later wanted to reenter the public practice and received an attrac tive partnership position with a mediumsize CPA firm in his hometown that he decided to accept.

In his new position, Jones was asked by the managing partner to share his unique process methodologies with the firm's partners for possible consulting or benchmarking engagement uses. Jones concluded that because he worked in industry during the development of the methodologies, he could share this information from his previous business employment with his new employer. But according to the new Interpretation 501-9, Jones should not disclose information obtained from a former employer without its consent. Such disclosure without the employer's consent would be considered an act discreditable to the profession.

New Interpretation 101-19: Employment with Client Educational Institution

The new Interpretation 101-19 allows partners or staff of CPA firms that are auditing an educational institution to serve concurrently as part-time or nontenured faculty members, as long as the faculty member 1) holds no key position at that institution, 2) does not participate on the attest engagement team, 3) does not serve in a position that can influence the attest engagement, and 4) assumes no management responsibilities and does not determine policies for the educational institution.

Case 4. During the fall of his first year back in public accounting, Alex Jones had a brief discussion with the accounting department chair. The chair asked Jones to accept a part-time adjunct teaching position at the university. At first, Jones first thought that an independence problem existed because his CPA firm audited the university, and he informed the chair that he needed to evaluate this issue.

Interpretation 101-19 would now allow Jones to accept the faculty position as long as he meets the specific restrictions noted above.

New Interpretation 501-10: False, Misleading, or Deceptive Acts in Promoting or Marketing Professional Services

The provisions of Rule 501, Advertising and Other Forms of Solicitation, prohibit members in public practice from performing false, misleading, or deceptive acts. Now, members in business similarly can no longer make claims about their professional experience or other qualifications in a false, misleading, or deceptive manner.

Revised Interpretation 101-11: Applying Rule 101 to SSAE and AUP Engagements