AICPA Code of Conduct - Safeguards
Safeguards
Safeguards may partially or completely eliminate a threat or diminish the potential influence of a threat. The nature and extent of the safeguards applied will depend on many factors. To be effective, safeguards should eliminate the threat or reduce it to an acceptable level.
The following are examples of safeguards created by the profession, legislation, or regulation:
a. Education and training requirements on independence and ethics rules b. Continuing education requirements on independence and ethics c. Professional standards and the threat of discipline d. External review of a firm's quality control system e. Legislation establishing prohibitions and requirements for a firm or a firm's professional employees f. Competency and experience requirements for professional licensure g. Professional resources, such as hotlines, for consultation on ethical issues
The following are examples of safeguards implemented by the firm:
a. Firm leadership that stresses the importance of complying with the rules and the expectation that engagement teams will act in the public interest. b. Policies and procedures that are designed to implement and monitor engagement quality control. c. Documented policies regarding the identification of threats to compliance with the rules, the evaluation of the significance of those threats, and the identification and application of safeguards that can eliminate identified threats or reduce them to an acceptable level. d. Internal policies and procedures that are designed to monitor compliance with the firm's policies and procedures. e. Policies and procedures that are designed to identify interests or relationships between the firm or its partners and professional staff and the firm's clients. f. The use of different partners, partner equivalents, and engagement teams from different offices or that report to different supervisors. g. Training on, and timely communication of, a firm's policies and procedures and any changes to them for all partners and professional staff. h. Policies and procedures that are designed to monitor the firm's, partner's, or partner equivalent's reliance on revenue from a single client and that, if necessary, trigger action to address excessive reliance. i. Designation of someone from senior management as the person responsible for overseeing the adequate functioning of the firm's quality control system. j. A means for informing partners and professional staff of attest clients and related entities from which they must be independent. k. A disciplinary mechanism that is designed to promote compliance with policies and procedures. l. Policies and procedures that are designed to empower staff to communicate to senior members of the firm any engagement issues that concern them without fear of retribution. m. Policies and procedures relating to independence and ethics communications with audit committees or others charged with client governance. n. Discussion of independence and ethics issues with the audit committee or others responsible for the client's governance. o. Disclosures to the audit committee or others responsible for the client's governance regarding the nature of the services that are or will be provided and the extent of the fees charged or to be charged. p. The involvement of another professional accountant who (a) reviews the work that is done for a client or (b) otherwise advises the engagement team. This individual could be someone from outside the firm or someone from within the firm who is not otherwise associated with the engagement. q. Consultation on engagement issues with an interested third party, such as a committee of independent directors, a professional regulatory body, or another professional accountant. r. Rotation of senior personnel who are part of the engagement team. s. Policies and procedures that are designed to ensure that members of the engagement team do not make or assume responsibility for management decisions for the client. t. The involvement of another firm to perform part of the engagement. u. Having another firm to reperform a nonattest service to the extent necessary for it to take responsibility for that service. v. The removal of an individual from an attest engagement team when that individual's financial interests or relationships pose a threat to independence or objectivity. w. A consultation function that is staffed with experts in accounting, auditing, independence, ethics, and reporting matters who can help engagement teams i. assess issues when guidance is unclear or when the issues are highly technical or require a great deal of judgment; and ii. resist undue pressure from a client when the engagement team disagrees with the client about such issues. x. Client acceptance and continuation policies that are designed to prevent association with clients that pose a threat that is not at an acceptable level to the member's compliance with the rules. y. Policies that preclude audit partners or partner equivalents from being directly compensated for selling nonattest services to the attest client. z. Policies and procedures addressing ethical conduct and compliance with laws and regulations. [No prior reference: new content]
Safeguards that may eliminate a threat or reduce it to an acceptable level fall into three broad categories:
a. Safeguards created by the profession, legislation, or regulation. b. Safeguards implemented by the client. It is not possible to rely solely on safeguards implemented by the client to eliminate or reduce significant threats to an acceptable level. c. Safeguards implemented by the firm, including policies and procedures to implement professional and regulatory requirements.
Examples of safeguards implemented by the client that would operate in combination with other safeguards are as follows:
a. The client has personnel with suitable skill, knowledge, or experience who make managerial decisions about the delivery of professional services and makes use of third-party resources for consultation as needed. b. The tone at the top emphasizes the client's commitment to fair financial reporting and compliance with the applicable laws, rules, regulations, and corporate governance policies. c. Policies and procedures are in place to achieve fair financial reporting and compliance with the applicable laws, rules, regulations, and corporate governance policies. d. Policies and procedures are in place to address ethical conduct. e. A governance structure, such as an active audit committee, is in place to ensure appropriate decision making, oversight, and communications regarding a firm's services. f. Policies are in place that bar the entity from hiring a firm to provide services that do not serve the public interest or that would cause the firm's independence or objectivity to be considered impaired.
The effectiveness of a safeguard depends on many factors, including those listed here:
a. The facts and circumstances specific to a particular situation b. The proper identification of threats c. Whether the safeguard is suitably designed to meet its objectives d. The party(ies) who will be subject to the safeguard e. How the safeguard is applied f. The consistency with which the safeguard is applied g. Who applies the safeguard h. How the safeguard interacts with a safeguard from another category i. Whether the client is a public interest entity
