Audit Conduct

call (631) 849-2392

A CPA Firm advises two clients who are competing to acquire ABC company or provides financial planning services to several family members who have opposing interests. Conflicts arise when CPAs perform services to two or more parties with conflicting interests, or where the CPA’s or the firm’s interests are at odds with those of the client.  The CPA’s family members, personal friends, business associates and the firm’s and the client’s affiliated entities are often part of the mix.  For decades, the profession’s Code of Conduct has dictated a CPA’s professional responsibilities when faced with conflicts of interest, which are inevitable in the practice of public accounting.  This article walks through the rules that apply to CPAs in public practice, whether you are an auditor, tax practitioner, or a consultant. 

Fundamentals

The AICPA Code of Professional Conduct (the Code) describes but does not define conflicts of interests. The primary guidance in the Code exists in an interpretation of the Integrity and Objectivity Rule, which provides several examples and a framework for addressing potential conflicts.  That interpretation begins as: 

A member or his or her firm may be faced with a conflict of interest when performing a professional service. In determining whether a professional service, relationship or matter would result in a conflict of interest, a member should use professional judgment, taking into account whether a reasonable and informed third party who is aware of the relevant information would conclude that a conflict of interest exists.

Anyone familiar with the Code knows that it is based on the “conceptual framework approach,” which requires members to analyze potential “threats” to their compliance with rules in the Code and determine whether it is necessary to apply “safeguards” to eliminate the threat(s) or at least reduce them to an “acceptable level”.  In the case of conflicts of interest, the relevant threat is an adverse interest or self-interest threat (see the Sidebar for definitions) to compliance with the Integrity and Objectivity Rule, which says – 

In the performance of any professional service, a member shall maintain objectivity and integrity, shall be free of conflicts of interest, and shall not knowingly misrepresent facts or subordinate his or her judgment to others. 

This rule applies to all AICPA members, including professionals who do not service clients, for example, members who work for corporations, not-for-profit entities, colleges, and governmental bodies. This article focuses on the rule’s application to CPAs in public practice.  

Different from Independence

It’s important to distinguish conflicts of interest from independence.  The Code warns that certain professional engagements, such as audits, reviews and other attest services, require independence and that members cannot override the independence requirements by applying the conflict of interest interpretation instead.  That said, some independence rules refer the member to the conflict of interest interpretation as an additional consideration. In those cases, the member may satisfy independence requirements and be considered independent, but a conflict of interest may still exist. It’s best to remember this: the Independence Rule and the Integrity and Objectivity Rule may overlap in that objectivity is part of being independent, but the rules comprise two separate and distinct ethical requirements. Consider independence when your firm performs an attest engagement for the client; but for all engagements, you must consider the Integrity and Objectivity Rule, which requires you to formally consider – and if identified, clear – potential conflicts of interests.  

Three “Easy” Steps – Identification / Evaluation / Disclosure and Consent

The framework for managing potential conflicts of interest consists of three (3) steps described below: 

Step 1: Identification

The first step begins when a member considers a new client engagement.  You should take steps to identify potential conflicts by considering the nature of the services, the parties involved and any interests and relationships that may impact your objectivity.  Keep in mind that situations can change; you may not identify a conflict pre-engagement but if circumstances arise that create an adversarial situation, you must reconsider whether you now have a conflict by following the framework. Important questions to ask are: 

  • What’s the nature of the service and how will it impact the client? 
  • What relationships exist between the firm, members of the firm (including close personal and family relationships and business associates) and the client and its affiliates? 
  • Does the firm or any of its members (including close family, etc.) have any financial or other interests in the outcome of the engagement? 

A formal process for evaluating possible conflicts pre-engagement and throughout will help ensure that conflicts are identified on a timely basis. Matters identified earlier will have a greater likelihood of being resolved appropriately and with the least disruption. 

If you operate within a network firm, you are not responsible for identifying possible conflicts beyond your firm.  However, if you know or have reason to believe that a conflict of interest may exist or arise due to a network firm’s interests or relationships, you should address the conflict using the framework.

 

Step 2: Evaluation

Once a conflict is identified, you should determine the significance of the threat, and specifically, whether the threat(s) to compliance with the Integrity and Objectivity Rule are at an acceptable level.  When a threat is at an “acceptable level,” it means that a reasonable and informed third party armed with the relevant facts would conclude that a member likely would be able to comply with the rule.  During this step, consider: 

  • Both qualitative and quantitative factors. 
  • Whether safeguards are in place help to mitigate the threat. 
  • The more direct the connection between the professional service and the matter creating the conflict, the more significant the threat to compliance with the rule.


If you conclude that threats are significant, you should apply safeguards to eliminate or reduce the threat(s) to an acceptable level.  The firm may employ safeguards to prevent unauthorized disclosure of confidential client information such as: 

  • Separate engagement teams who apply strict policies and procedures to maintain confidentiality of client information
  • Separate areas of practice for specialty functions within the firm to act as a barrier to passing confidential client information from one practice area to another 
  • Policies and procedures to limit access to client files
  • Confidentiality agreements 
  • Physical and electronic partitioning of confidential information 
  • An independent, senior person in the firm regularly reviews the application of safeguards for compliance purposes
  • An independent person in the firm reviews the work performed to assess whether the key judgments and conclusions are appropriate 
  • Consultations with third parties, such as a professional body, legal counsel, or another CPA 


What if the identified threat is so significant that no safeguards will eliminate the threat or reduce it to an acceptable level? Or, due to the size and structure of your firm, you are unable to implement effective safeguards?  What then?  You should decline to perform or discontinue the professional services that would result in the conflict of interest. Another option (in some cases) is to terminate the relevant relationships or dispose of the relevant interests to eliminate the threat or reduce it to an acceptable level.  Though it runs counter to a firm’s goal of retaining clients and business, in the long run, these courses of action will not only keep you in compliance with the Code, but can greatly reduce the likelihood of lawsuits or investigations by the AICPA or state accountancy boards later. 


Step 3: Disclosure and Consent   

When a conflict of interest exists, you should disclose the conflict to the affected clients (including possibly former clients) and any other parties affected by the conflict (e.g., users of your report) to seek their consent to perform the professional services. You are required to disclose the conflict and obtain consent even if you concluded that threats are at an acceptable level.  The manner of disclosure is not prescribed and can vary depending on the circumstances.  Some examples are:

  • General disclosure to clients, typically in the engagement letter stating that the firm performs services for a certain sector (e.g. banking) or specialty area (e.g. cyber-security) to put the client on notice that other companies in their sector or seeking similar services may also be clients of your firm.  The client consents by signing the engagement letter. 
  • Specific disclosure to address a conflict, which includes an explanation of the situation and any planned safeguards, and enables the client to make an informed decision with respect to the matter and to provide specific consent.

 

On the appropriate manner of disclosure, the Code says:  

The member should determine whether the nature and significance of the conflict of interest is such that specific disclosure and specific consent are necessary, as opposed to general disclosure and general consent. For this purpose, the member should exercise professional judgment in evaluating the circumstances that create a conflict of interest, including the parties that might be affected, the nature of the issues that might arise and the potential for the particular matter to develop in an unexpected manner.

Once you notify the appropriate parties, the possible outcomes are: (1) the parties consent, (2) the parties do not consent, or possibly (3) the parties request more information.  If the parties consent, you may move forward with the service.  However, if consent is not forthcoming, you must: 

  • Decline to perform or discontinue professional services that would result in the conflict of interest or 
  • Apply additional safeguards, i.e., terminate the relevant relationship or dispose of the relevant interests to eliminate the threat or reduce it to an acceptable level, so that consent can be obtained.

Documentation

You are encouraged to document the nature of the circumstances giving rise to the conflict of interest, the safeguard(s) applied to eliminate or reduce threats to an acceptable level, and the consent(s) obtained.  From a risk management perspective, it is in your best interest to carefully and thoroughly document the matter.  

Confidentiality

CPAs in public accounting should be well-acquainted with requirements of the Confidential Client Information Rule, and in their zeal to address a potential conflict should not lose sight of this strict requirement. Firms can incorporate a reminder into policies and procedures to help ensure its members only share information about a client with third parties when the client has provided consent.  Federal, state, or local regulations concerning confidentiality of client information may be more restrictive than the Code’s requirements.   For example, Treasury Department Circular No. 230, Regulations Governing Practice before the Internal Revenue Service, requires written consent from the client when a conflict of interest exists.

Examples

The following are sample situations in which conflicts of interests may arise:  

  • CPA Firm provides corporate finance services to ABC, which is seeking to acquire XYZ, an audit client of the firm, and the firm has obtained confidential information during the audit that may be relevant to the transaction
  • CPA Firm prepares valuations of assets for two clients who are in an adversarial position with respect to those assets
  • CPA Firm represents two clients concurrently regarding the same legal matter (e.g., divorce proceedings or partnership dissolution)
  • CPA Firm advises ABC to invest in XYZ and the engagement partner’s husband has a financial interest in XYZ
  • CPA Firm provides strategic advice to ABC on its competitive position while having a joint venture with XYZ, a competitor of ABC
  • Advises a client on the acquisition of a business, which CPA Firm is also interested in acquiring
  • CPA Firm refers ABC, a personal financial planning client to an insurance broker, which refers clients to the CPA Firm under an exclusive arrangement