The impact of technology

The revisions are principles-based and apply to all technologies. This is to ensure the revisions are as future proof as possible. Specifically, the revisions:

• provide guidance on applying the Fundamental Principles set out in the Code to the challenges introduced by the digital age;
• advocate a robust approach to the mindset and behaviour required of professional accountants in both business and in public practice as they navigate technological change;
• strengthen the International Independence Standards by clarifying when firms and network firms are permitted to provide a technology-related NAS to an audit or assurance client.

In Part 1 of the Code, references to the Fundamental Principle of Professional Competence and Due Care, and the Fundamental Principle of Confidentiality, have both been expanded to acknowledge technology-related considerations.

Professional competence and due care  

Subsections 113 A1-A3 have been revised to recognise that the professional knowledge and skills that a professional accountant needs to perform a professional activity competently, will vary depending on the nature of the activity.

Revised section 113.1 A3 now provides that “maintaining professional competence requires a professional accountant to have a continuing awareness and understanding of technical, professional, business and technology-related developments relevant to the professional activities undertaken.” The revisions highlight that a professional accountant should achieve a level of understanding “relevant to the activities undertaken by the professional accountant.”

These revisions also emphasise that interpersonal, communication and organisational skills are only examples of professional skills which facilitate a professional accountant’s interaction with others, and therefore are not the only skills relevant when a professional accountant undertakes professional activities.

The revisions are intended to prompt professional accountants, and to guide their thinking about the level and type of professional skills and knowledge which are necessary to enable them to comply with the Fundamental Principle of Professional Competence and Due Care (revised section R113.1); and to enable them to provide a competent professional service.

Revised Section R.113.3 now imposes an obligation on professional accountants to explain the implications of limitations inherent in their professional activities to clients. Previously, the requirement was simply to make clients aware of such limitations. The revised application material at 113.1.A3 clarifies that this includes limitations related to technology.

Confidentiality 

A new definition of “Confidential Information” is now set out in the Glossary, as follows: “Any information, data or other material in whatever form or medium (including written, electronic, visual or oral) that is not publicly available.”

The new definition is intended to encompass all the possible scenarios in which information might be obtained and establishes a threshold for confidential information (i.e., information that is not in the public domain). The approach mitigates the risk of having varying levels of subjectivity to determine what constitutes confidential information. In addition, what constitutes “confidential information” should not be impacted by the capacity or format in which the professional accountant receives the information.

IESBA considers that this new definition more closely reflects the realities of the current working environment and the ease with which data is accessible. In a similar vein, the language used in section 114.1 A3 has been modernised ( “type of communication and to whom it is addressed” has been revised to  “means of communicating the information”).

Revised section R114.1.A1 emphasises that to maintain the confidentiality of information, the professional accountant must take “appropriate action” “… in the course of its collection, use, transfer, storage or retention, dissemination and lawful destruction.”(i.e., throughout the entire data governance life cycle).

New section R114.2(d) clarifies that a professional accountant is not able to use or disclose information, which is subject to the duty of confidentiality, even where that information has become publicly available (either properly or improperly).

Additionally, the Fundamental Principle of Confidentiality has been strengthened by extending the prohibition on disclosing confidential information, to include disclosure to other individuals within a professional accountant’s own firm or employing organisation (new section R114.2(a)). This is the effect of removing the words “outside the firm or employing organisation” which were in the previous edition of the Code.

New section R114.2(b) clarifies that the prohibition on the improper use of confidential information extends beyond using it for the personal advantage of the professional accountant. The prohibition includes using such information for the advantage of the professional accountant’s firm or employing organisation, or a third party.

New section R114.3 provides an exception to paragraph R114.2 by detailing the specific conditions under which it is possible to use or disclose confidential information: “(a) there is a legal or professional duty or right to do so; or (b) this is authorised by the client or any person with the authority to permit disclosure or use of the confidential information and this is not prohibited by law or regulation.”

Complex circumstances

New sections 120.5 A6 to A8 incorporate the notion of complexity into the Conceptual Framework. The revisions highlight that complexity is a factor to consider when exercising professional judgment, rather than a discrete circumstance that increases the challenges of applying the conceptual framework.

The application material set out in new section 120.5 A8 has introduced new actions for professional accountants to consider in “complex situations”. These include:

• analysing, and investigating, as relevant, any uncertain elements, the variables and assumptions and how they are connected or interdependent;
• using technology to analyse relevant data to inform the professional accountant’s judgement; and
• consulting with others, including experts, to ensure appropriate challenge and additional input as part of the evaluation process.

Use of technology

New section 206.A2 sets out examples of self-interest threats associated with the use of technology such as whether the data available is sufficient; the technology is appropriate; or the professional accountant has sufficient information or expertise (or access to an expert) to use and explain the technology. The section also sets out examples of self-review threats, such as whether the technology was designed or developed using the knowledge, expertise or judgement of the professional accountant or their employing organisation.

New section 207.A4 provides that the professional accountant’s evaluation of the level of a threat associated with  the use of technology might be impacted by the work environment within the employing organisation, and factors such as the level of corporate oversight and internal controls over technology; third party assessments about the quality and functionality of technology; and training issues.

New sections 300.6A2 and 300.7 A6 set out these same requirements for professional accountants in public practice.

Preparation and presentation of information

Where professional accountants intend to use the output of technology in preparing and presenting information, new section R220.8 requires them to use their professional judgement in determining the appropriate steps to take, including whether the technology is to be developed internally or to be provided by third parties. This is to ensure that their professional responsibilities in relation to such information (as set out in section R220.4) are properly discharged.

New section 220.8 A1 sets out factors for professional accountants to consider in determining whether reliance on the output of technology is reasonable. These factors include:

• a) The employing organisation’s or firm’s oversight of the design, development, implementation, operation, maintenance, monitoring, updating or upgrading of the technology.
• b) The controls relating to the use of the technology, including procedures for authorising user access to the technology and overseeing such use.
• c) The appropriateness of the inputs to the technology and decisions made by individuals  using the technology.

New section 220.12 A4 stipulates that when a professional accountant is using the work of others or the output of technology, they should consider whether they are in a position within the employing organisation to obtain information in relation to the factors necessary to determine whether such use is appropriate.

Professional accountants in public practice

New section 300.5.A2 requires professional accountants to encourage and promote an ethics-based culture in the firm and to exhibit ethical behaviour in dealing with individuals with whom, and entities with which, they or the firm have a professional or business relationship. This is to the extent that they are able to do so, taking into account their position and seniority in the firm.

Examples of actions that should be taken, include the introduction, implementation and oversight of:

• a) ethics education and training programs;
• b) firm processes and performance evaluation and reward criteria that promote an ethical culture;
• c) ethics and whistle-blowing policies; and
• d) policies and procedures designed to prevent non-compliance with laws and regulations.

The use of technology will become increasingly relevant to “firm processes” and “procedures”. New section 300.6A2 identifies threats associated with the use of technology. These include the sufficiency of the available data; whether the technology is appropriate for the intended purpose; and whether the professional accountant has sufficient information and expertise to use the technology appropriately.

In evaluating whether threats to compliance with the Fundamental Principles is at an acceptable level, the firm’s operating environment (including its policies and procedures) will be a relevant consideration (section 300.7A1).

Professional appointments

Revised sections R320.10 and 320.10 A1 have been aligned with section 220.7 A1 to recognise that the use of an expert in Part 3 involves consideration of “whether the expert is subject to applicable professional and ethics standards,” rather than the previous presumption that the expert has applicable professional and ethics standards.

New section R320.11 provides that when a professional accountant intends to use the output of technology in the course of undertaking a professional activity, they should determine whether the use is appropriate for the intended purpose.

New section 320.11.A1 sets out a range of factors for professional accountants to consider when determining whether to use the output of technology, including matters such as the nature of the activity; expected extent of reliance on the output of technology; access to experts with the ability to understand and explain the technology; whether the technology has been appropriately tested and evaluated; firm oversights and controls; and the appropriateness of inputs to the technology (including data and decisions made by individuals).

New section 320.12 A1 requires that when a professional accountant is considering using the work of experts or the output of technology, a matter to be considered is whether they are in a position within the firm to obtain information in relation to the factors necessary to determine whether such use is appropriate.

Applying the conceptual framework

Applying the conceptual framework to independence for audit and review engagements. 

37. New section 400.21 A1 provides that when technology is used in performing a professional activity for an audit client, the prohibitions on assuming management responsibility for that client apply, regardless of the nature or extent of such use of the technology.

Business relationships

Revised section 520.3 A2 includes examples of a technology-related close business relationship; and adds the concepts of “selling” and “reselling” to the existing examples of close business relationships where a firm or a network firm distributes or markets a client’s products or services, or vice versa.

New section 520.3 A3 provides an example that might create a close business relationship, depending on the facts and circumstances: an arrangement under which the firm or a network firm licenses products or solutions to or from a client.

Corresponding amendments have also been made to section 920.

Buying goods and services

Revised section 520.3 A2 includes examples of a technology-related close business relationship; and adds the concepts of “selling” and “reselling” to the existing examples of close business relationships where a firm or a network firm distributes or markets a client’s products or services, or vice versa.

New section 520.3 A3 provides an example that might create a close business relationship, depending on the facts and circumstances: an arrangement under which the firm or a network firm licenses products or solutions to or from a client.

Corresponding amendments have also been made to section 920.

Provision of non-assurance services to an audit client

New section 600.6 provides that the requirements and application material in section 600 apply where a firm or a network firm uses technology to provide a non-assurance service to an audit client; or provides, sells, resells or licenses technology resulting in the provision of a non- assurance service by the firm or a network to an audit client, or to an entity that provides services using such technology to audit clients of the firm or network firm.

Section 600.10.A2 has been revised to add an additional factor to the list of factors that are relevant in identifying the different threats that might be created by providing a non-assurance service to an audit client. The list now includes the client’s dependency on the service, including the frequency with which the service will be provided.

Accounting and book-keeping services

New section 601.5 A2 clarifies that accounting and bookkeeping services can either be manual or automated. In determining whether an automated service is routine or mechanical, factors to be considered include the activities performed by, and the output of, the technology, and whether the technology provides an automated service that is based on or requires the expertise or judgment of the firm or network firm.

Section 601.5A (examples of services that might be regarded as routine or mechanical) has been revised to clarify that it applies to services regardless of whether they are manual or automated.

Information technology systems services

New section 606.2 A1 expands the definition of IT systems services.

The revisions in Subsection 606 would not immediately preclude firms from providing advice and recommendations in relation to IT systems (including cybersecurity) to their audit clients. However, firms would need to apply the general provisions relating to the provision of advice and recommendations in paragraphs 600.11 A1, R600.14, and R600.16 to 600.17 A1.

Equivalent amendments have been made to section 950.

Independence for other assurance engagements

Applying the conceptual framework to independence for assurance engagements other than audit and review engagements.

Revised section 900.1 clarifies that Part 4B of the Code applies to assurance engagements relating to an entity’s non-financial information, for example, environmental, social and governance (ESG) disclosures.

New sections 900.13 A4 and 900.13 A5 introduce an example to explain that the provision of certain types of IT systems services might create a self-review threat in relation to the subject matter information of an assurance engagement.

New section 900.14 A1 clarifies that when technology is used in performing a professional activity for an assurance client, the requirements in paragraphs R900.13 and R900.14 will apply, regardless of the nature or extent of such use of the technology.