The AICPA’s Professional Ethics Executive Committee adopted two new interpretations of the “Integrity and Objectivity Rule” (ET 1.100.001 and ET 2.100.001) of the AICPA Code of Professional Conduct in 2022—one directed to members in public practice and the other applicable to members in business. The two interpretations of the same name, “Responding to Noncompliance with Laws and Regulations” (ET 1.180.010 and ET 2.180.010) provide guidance on a member’s responsibilities when encountering noncompliance or suspected noncompliance with laws and regulations (NOCLAR) while providing a professional service to a client or employer. The interpretations were effective June 30, 2023. (Note that the effective date of SAS No. 147, Inquiries of the Predecessor Auditor Regarding Fraud and Noncompliance With Laws and Regulations, which applies to audits of financial statements for periods beginning on or after June 30, 2023, aligns with the effective date of these ethics interpretations.)
To assist members in their implementation of the interpretations, the AICPA has issued 27 nonauthoritative Technical Questions and Answers (Q&A 90.01 to .27). In the following paragraphs, we’ll highlight the Q&As that are of most interest to government auditors. However, given the limitations of space in this newsletter, we suggest you review the list of Q&As in its entirety.
This Q&A reminds members that the new interpretations contain requirements beyond general guidance (designated by the word “should”), that a member must follow, which vary for members in public practice performing an audit or review of financial statements or providing another professional service versus members in business.
Interaction with Other Laws and Regulations (Q&A 90.02)
Even if a member has complied with the applicable legal or regulatory provisions in addressing an instance of NOCLAR, this Q&A states that compliance with the interpretations is required since the interpretations might provide additional requirements outside of the applicable laws and regulations themselves.
Noncompliance Before the Effective Date (Q&A 90.04)
This Q&A states that an act of NOCLAR the member becomes aware of after the Interpretations’ effective date of June 30, 2023, still requires a response even though the act was committed before its effective date.
Noncompliance by Contractors or Agents (Q&A 90.07)
A member has the responsibility to respond to acts of NOCLAR regardless of whether a formal employment relationship exists between the client or employer and the party who committed the act, as long as such acts are related to their business activities. Contractors and agents are examples of parties who work for or under the direction of the client or employer and would therefore be scoped into the interpretations.
Responsibility for Detecting Noncompliance (Q&A 90.08)
Members are reminded that the interpretations don’t require them to perform specific procedures to identify acts of NOCLAR when providing professional services. However, members performing audit or review services have certain requirements regarding possible illegal acts and must comply with any applicable professional standards in addition to the Interpretation.
Noncompliance without Financial Effect (Q&A 90.11)
This Q&A asks if members have an expectation to be able to identify NOCLAR that doesn’t have a direct effect on the financial statements. In response, the Q&A indicates that to perform a client engagement or perform their role in an employing organization, members are expected to have a certain level of knowledge of laws and regulations. Members are expected to be able to recognize NOCLAR or suspected NOCLAR related to their subject matter expertise if applicable information comes to their attention. Members are not expected to be able to recognize NOCLAR in areas beyond their training or beyond which they have been engaged to apply specialized skill. Several examples are provided in the Q&A.
Noncompliance Response (Q&A 90.13)
This Q&A notes that management and those charged with governance’s unwillingness to address an identified or suspected NOCLAR would be grounds for a conclusion by the member that the response to the matter was inappropriate. Members in public practice are required by the Interpretation to determine whether further action is required. The Interpretation provides factors to consider in making this decision.
Effect on Professional Standards (Q&A 90.19)
This Q&A emphasizes that the Interpretation doesn’t modify or interpret any applicable professional standards for members in public practice. It notes that the application of the Interpretation differs from that of professional standards due to the different objectives of the Code. Under professional standards, members focus on whether the consequences of identified or suspected NOCLAR have a material impact on the financial statements. While this also applies for purposes of the Code, the Interpretation goes further in alerting members to focus on possible public interest implications that could substantially impact stakeholders in any way, financial or otherwise.
Management Disagreement (Q&A 90.21)
This Q&A notes that if management disagrees with the member regarding information and the conclusion pertaining to suspected NOCLAR, in a financial statement audit, the member might need to go further than interactions with those charged with governance. A member needs to be satisfied with management’s explanations regarding the matter; if they are not, the member may need to talk to the member’s legal counsel, have consultations, or consider other applicable professional standards.
Component Noncompliance (Q&A 90.23)
This Q&A addresses the situation in which an engagement partner in a group audit becomes aware of an instance of NOCLAR at a component during the group financial statement audit. Although the interpretation requires that the group engagement partner communicate the matter to those performing the work at the component (unless prohibited from doing so by law or regulation), the responsibilities for assessing the possible impact of the NOCLAR rests with those who are performing the work at the component.
Other Service Noncompliance (Q&A 90.26)
In instances where a member provides a professional service other than an audit or review of financial statements, this Q&A indicates that the requirements in the Interpretation to address identified or suspected NOCLAR are significantly less than those where the member is performing an audit or review of financial statements. The Interpretation indicates that when providing professional services other than an audit or review of financial statements, the member is only required to “seek to obtain an understanding of the matter,” as contrasted to a requirement to “obtain an understanding” when a member performs an audit or review.
| Practical Consideration: The NOCLAR interpretation for providing a professional service to a client can be found on Checkpoint at ET 1.180.010. The NOCLAR interpretation for providing a professional service to an employer can be found on Checkpoint at ET 2.180.010. |
