Ethics and Governance

Karen Flannery and Níall Fitzgerald consider the critical points in the revised Chartered Accountants Ireland Code of Ethics, which came into effect on 1 March 2020. The revised Chartered Accountants Ireland Code of Ethics took effect on 1 March 2020. The revised Code was necessary to increase alignment with the International Ethics Standards Board for Accountants (IESBA) Code of Ethics, which underwent a significant restructure in recent years. While there are no changes to the fundamental principles, Chartered Accountants familiar with the previous Code of Ethics (effective September 2016 to 29 February 2020) will find the look and feel of the revised Code significantly different. While additional sections and emphasis were included, others were removed. This results in greater clarity and ease of navigation. Figure 1 provides an overview of the revised Chartered Accountants Ireland Code of Ethics. Added emphasis on fundamental principles The five fundamental principles of the Code of Ethics remain unchanged. These include integrity; objectivity; professional competence and due care; confidentiality, and; professional behaviour. The conceptual framework that describes the approach used to identify, evaluate and address threats to compliance with the fundamental principles also remains the same. However, there is now a heightened emphasis on the fundamental principles and the use of the overarching conceptual framework underlying each section of the Code. Before, much of the narrative was contained in a single section of the Code. Responding to non-compliance with laws and regulations New sections were added concerning non-compliance with laws and regulations (NOCLAR) for professional accountants in practice (Section 360) and professional accountants in business (Section 260). These bring the NOCLAR provisions of the IESBA Code of Ethics into the Institute’s Code. A vital feature of the NOCLAR provisions is the specific in-Code permission to breach the principle of confidentiality in the public interest. This permission has been explicit in the Institute’s Code for several years and so, the NOCLAR provisions can be seen as a change of detail rather than of substance. The new sections outline the required actions when NOCLAR is discovered and provide additional guidance in this area. Key points to note concerning the NOCLAR provisions are: The first response to identified NOCLAR is to raise the matter, and seek to address it, at the appropriate level within the relevant organisation (internally); Where NOCLAR is not dealt with appropriately internally, the professional accountant considers whether to report to an external authority in the public interest. The decision to report externally is (as it always has been) a complex one; and Where a report is made in the public interest and good faith, there is no breach of the confidentiality requirements of the Code of Ethics. However, there may be legal implications for the professional accountant to consider. Revised layout The most obvious change is the revised layout of the Code of Ethics, which now mirrors the structure of the IESBA Code of Ethics with additional material for members of Chartered Accountants Ireland. A new paragraph numbering format was introduced and as a result, sections were restructured (e.g. what was “Part C” (Professional Accountants in Business) is now “Part 2” in the revised Code).The revised layout facilitates more natural referencing and distinguishes between the Code’s requirements (in bold text and denoted by the letter ‘R’) and application material or guidance (indicated by the letter ‘A’). Complexity has been reduced by simplifying sentences and language in parts. Also a new ‘Guide to the Code’, explaining how it works, has been included. Other content changes Table 1 highlights other notable developments in the revised Code of Ethics and suggests where you might focus your attention depending on whether you are a member in practice or business. Retained Institute ‘add-on’ material Where existing Institute ‘add-on’ content created important additional requirements beyond the IESBA Code, these ‘add-on’ requirements are retained in the revised Code of Ethics. Such requirements include: Specific requirements regarding communicating with the predecessor accountant (Section 320); Particular obligations regarding transparency around the basis for fees and dealing with fee disputes (Section 330); and Agencies and referrals (Section 331). No new ‘add-on’ material was created. Additional support for members The Institute’s online Ethics Resource Centre is updated regularly with a range of supports and guidance for members. Additional information included in the old Code of Ethics, but removed in the revised Code and still considered useful, has been reproduced in a series of new Ethics Releases. The Ethics Releases are not a substitute for the requirements of the Code, but they do provide additional support for members in particular scenarios, including: Code of Ethics and changes in professional appointments; Code of Ethics and confidentiality; Code of Ethics and marketing of professional services; and Code of Ethics and corporate finance advice. Future updates The last substantial change to the Institute’s Code of Ethics was in 2016. While the Code does not change regularly, there is a significant body of work happening behind the scenes to ensure it remains appropriate, precise and effective in the context of the issues affecting the accounting profession. Members can, therefore, expect amendments from IESBA in the coming years; for example, considerations addressing the impact of technology-related ethics issues on the accounting profession. For members who are insolvency practitioners, a new Insolvency Code of Ethics is imminent. The current Code of Ethics for Insolvency Practitioners, appended as Part D of the Institute’s old Code of Ethics for members, remains in effect until then.  Actions speak louder than words It was evident from the Ethics Research Report, published by the Institute in January 2019, that members hold their professional and business ethics in high regard. While the Code of Ethics does not change regularly, it is a hallmark that establishes a minimum standard which is signed up to and shared by all members of the profession. It is useful to be familiar with its requirements and to remember that it is individual member actions that express commitment to the Code of Ethics in addition to a member’s personal ethics. The revised Code is available via the Institute’s Ethics Resource Centre.   Níall Fitzgerald FCA is Head of Ethics and Governance at Chartered Accountants Ireland.  Karen Flannery FCA is Head of Professional Standards Projects at Chartered Accountants Ireland.

Apr 01, 2020

The Institute’s Code of Ethics for members has been revised and restructured and this revised Code will take effect from 1 March 2020 replacing the current Code of Ethics (effective September 2016). The revised Code of Ethics is available to read here. The Institute’s Code of Ethics has been closely aligned for many years to the Code of Ethics issued by the International Ethics Standards Board for Accountants (‘IESBA’).  In 2018 IESBA finalised a significant project to clarify and restructure its Code of Ethics.  IESBA’s primary intention behind this restructuring of the Code was not to fundamentally change the substance of the Code, but to improve clarity and navigation.  Some key features of the restructuring include: a more consistent approach to each section, including separating out material into requirement paragraphs and related application material; reordering material, dividing larger sections and including more sub headings; simplifying the more complex sentences; changing numbering to clarify the intent of each paragraph, and to allow for further changes without having to renumber existing material; and Introducing a “Guide to the Code” to explain how it works. The Institute’s Code of Ethics has now been revised to align with the restructured IESBA Code and so the format and layout of the revised Institute Code of Ethics will look completely different to members.  To help members become familiar with the revised Code of Ethics we have made available a table of destinations which shows where each paragraph in the 2016 Code appears in the revised 2020 Code.  This table of destinations can be accessed here. The new structure, compared to the old structure, is as follows: Revised Code of Ethics for members of Chartered Accountants Ireland (effective 1 January 2020) Extant (‘old’) Code of Ethics for members of Chartered Accountants Ireland (effective 30 September 2016) Guide to the Code This is a new section in the revised Code of Ethics Part 1 – Complying with the Code, Fundamental Principles and Conceptual Framework Sections 100–120 Part A – General application of the Code Sections 100-150 Part 2 –Professional Accountants in Business Sections 200-299 Part C – Professional Accountants in Business Sections 300-350 Part 3 –Professional Accountants in Public Practice Sections 300-399 Part B– Professional Accountants in Public Practice Sections 200-280 Part 4A – Independence for Audit and Review Engagements* Sections 400-800 Part B – Professional Accountants in Public Practice Sections 290 Part 4B – Independence for Assurance Engagements other than Audit and Review Engagements Sections 900-990 Part B – Professional Accountants in Public Practice Sections 291 Part 5** - Applicable to Insolvency Practitioners Part D – The Practice of Insolvency Section 400  *        The Institutes’ Code of Ethics does not apply to the performance of statutory audit work.  Independence and other ethical requirements for auditors are contained in the Ethical Standard for Auditors issued by the FRC and IAASA in the UK and Ireland respectively. **     The revision of the part of the Code of Ethics applicable to the practice of insolvency is still ongoing and is expected to be published in the first half of 2020.  Non- IESBA content – ‘add-on’ material The Institute’s Code of Ethics has historically contained ‘add-on’ material (shown in italics in the Institute’s Code) over and above the provisions of the IESBA Code of Ethics.  Where the revised IESBA Code of Ethics now addresses the matters included in Institute ‘add-on’ material or where the add-on material has been assessed to be descriptive in nature rather than core to the Code of Ethics,  such ‘add-on’ material has been removed as part of the revision project.  The revised Institute Code of Ethics is now closer than ever to the IESBA Code of Ethics.   Removed ‘add-on’ material which is considered useful but not core to the Code has been made available for members in a series of Ethics Releases on the following topics: Code of Ethics and changes in professional appointments; Code of Ethics and confidentiality; Code of Ethics and corporate finance advice; Code of Ethics and marketing.  These Ethics Releases are available in the Institute’s online Ethics Resource Centre. Key developments in the revised Code As well as the significant restructure there have been some enhancements of the content in the revised Code of Ethics although there is no fundamental change to ethical requirements.  These include the following: “Guide to the Code” This new introductory section does not form part of the Code but provides some useful information on the purpose of the Code, it’s structure and how it is to be used. Enhanced and overarching conceptual framework There is a clear emphasis on the fundamental ethical principles and the use of the conceptual framework for applying those principles underlying every section of the Code.  In this context there is also new guidance to emphasize the importance of understanding facts and circumstances when exercising professional judgment and new guidance to explain how compliance with the fundamental principles supports the exercise of professional skepticism in an audit or other assurance engagements. Safeguards Revised ‘safeguards’ provisions better align to threats to compliance with the fundamental principles.  A new definition of ‘safeguards’ clarifies that ‘safeguards’ are specific actions (no longer ‘actions or measures’) to be taken to reduce threats.  Additional guidance is provided in the revised Code of Ethics in relation to example ‘safeguards’. Application of relevant Code provisions to all professional accountants Clear guidance that relevant provisions for professional accountants in business are also applicable to professional accountants in practice, in the context of their role other than when providing professional services to clients.  The converse also applies where appropriate.  This is not a change to requirements of the Institute’s 2016 Code of Ethics but rather provides clarification as to how the provisions of the Code apply. Professional accountants in business (‘PAIBs’) New and revised sections dedicated to PAIBs relating to: preparing and presenting information (extended new section 220); and dealing with pressure to breach the fundamental principles (new section 270) These changes add additional explanation to existing requirements in the Institute’s 2016 Code of Ethics and have, for the most part, been regarded as implicit in the 2016 Code.   Non-compliance with laws and regulations (‘NOCLAR’) Dedicated sections on non-compliance with laws and regulations (‘NOCLAR’) (new sections 260 and 360).  The 2016 Code of Ethics includes specific permission to breach confidentiality in the public interest and so the NOCLAR provisions can be seen as a change of detail, rather than of substance.  The new sections provide additional guidance in this area. Inducements Additional guidance is provided in relation to the threats posed by gifts and hospitality and more broadly now referred to as inducements.  The revised Code of Ethics introduces an ‘intent’ test.   The acceptance of any inducement which is offered with an intent to influence inappropriately is prohibited whereas there may be possible safeguarding actions to take in relation to inducements where there is no intent to influence inappropriately.

Feb 13, 2020
Ethics and Governance

Barry Robinson explains the obligations placed on private companies arising from the new EU Whistleblower Directive. On 7 October 2019, the EU approved a new Directive on the protection of persons reporting on breaches of European Union Law, also referred to as the Whistleblower Directive. In Ireland, public bodies have had regard to the Protected Disclosures Act 2014, which was amended in June 2018 to incorporate provisions of the EU Protection of Trade Secrets Directive. The current legislation entitles a worker (as defined in the 2014 Act) to report wrongdoing in a public body if there is a reasonable belief of such wrongdoing, and have their identity protected. However, the Whistleblower Directive, which must be adopted into Irish law within two years, will mean that the obligations under the 2014 Act will extend to the private sector as well. The Association of Certified Fraud Examiners’ (ACFE) 2018 Report to the Nations, a global analysis of the costs and effects of occupational fraud, shows that tip-offs or whistleblowing is still the most effective method of detecting occupational fraud, which highlights the importance of this legislation. What will the EU Whistleblower Directive mean for private companies in Ireland? The Directive will make it mandatory for companies with over 50 employees to establish internal reporting channels, both for reporting and follow-up. The Directive allows for companies with between 50 and 249 employees to share resources as regards the receipt of reports and any investigation to be carried out. Who will “reporting persons” be? The 2014 Act currently defines a “worker” who can make a protected disclosure as an employee or a contractor. In the future, under Article 4(1) and 4(2), the Directive will extend the scope of the definition of “reporting persons” to include shareholders, who are not currently included within the 2014 Act. It will also include volunteers and unpaid trainees, and individuals who report on breaches within their knowledge acquired through a work-based relationship, which has since ended. What are the required timeframes for following-up on a disclosure? The Directive will impose timeframes on companies that receive a protected disclosure by creating an obligation to respond to, and follow-up on, the whistleblowers’ reports within three months (with the option to extend this to six months for external channels in duly justified cases). The receipt of a disclosure must be acknowledged within seven days. Will the reporting channels be internal or external? The Directive seeks to encourage disclosures internally in the first instance. The Directive states: “as a principle, therefore, reporting persons should be encouraged to first use internal reporting channels and report to their employer, if such channels are available to them and can reasonably be expected to work”. However, the Directive also allows for external reporting channels. Third parties could be authorised to receive reports of breaches on behalf of legal entities in the private and public sector, provided they offer appropriate guarantees of respect for independence, confidentiality, data protection and secrecy. Such third parties could be external reporting platform providers, external counsel, auditors, trade union representatives or employees’ representatives. Protections against any form of retaliation from employers will be given to persons who report wrongdoing internally and externally. The protections under the Directive will also extend to persons “who make such information available in the public domain, for instance, directly to the public through online platforms or social media, or to the media, elected officials, civil society organisations, trade unions, or professional and business organisations.” Who are “prescribed persons”? The Directive includes provisions in respect of “competent authorities” to whom a disclosure can be made. The Directive states: “in the case of legal entities in the private sector that do not provide for internal reporting channels, reporting persons should be able to report externally to the competent authorities”. Are there any new requirements? The Directive introduces a wide range of new requirements for companies who receive disclosures, which are summarised below: Secure channels for internal reporting. The Directive states that internal reporting shall require “channels for receiving the reports which are designed, established and operated in a secure manner that ensures that the confidentiality of the identity of the reporting person and any third party mentioned in the report is protected, and prevents access thereto by non-authorised staff members”. Dedicated, impartial staff to handle reports. The Directive requires the designation of a neutral person or department competent for following-up on the reports, which may be the same person or department as the one that receives the reports. These dedicated staff members will maintain communication with the reporting person and, where necessary, ask for further information from – and provide feedback to – that reporting person. Diligent follow-up. The Directive requires thorough follow-up and the provision of feedback within three months (which may be extended to six months in duly justified cases). Transfer to another competent authority. The Directive allows for the transfer of a disclosure to another competent authority where the receiving body does not have the competence to deal with the matter. The Directive states that this must happen “within a reasonable time, in a secure manner, and that the reporting person is informed, without delay, of such a transmission”. Reporting the outcome per national law. The Directive states that the receiving body must communicate to the reporting person the result of investigations triggered by the report, in accordance with procedures provided for under national law. Procedures for making a disclosure Article 13 of the Directive sets out the information a competent authority must publish concerning receipts of disclosures. The following information must be published on the competent authority’s website, which must be reviewed and updated every three years: The conditions under which reporting persons qualify for protection; Contact details for the external reporting channels – in particular, the electronic and postal addresses, and the phone numbers for such channels, indicating whether the phone conversations are recorded; Details of how the disclosure will be processed; Details of the timeframes and format for feedback; Details of the confidentiality regime and how personal data will be processed; Details of whether or not a discloser will be held liable for a breach of confidentiality; Remedies and procedures available against retaliation; and Contact details for any other relevant body or information body providing advice to the discloser. Protections against penalisation The 2014 Act makes clear the rights of an individual if an employee is penalised for making a Protected Disclosure. The Directive states: “it should not be possible for employers to rely on individuals’ legal or contractual obligations, such as loyalty clauses in contracts or confidentiality or non-disclosure agreements, so as to preclude reporting, to deny protection or to penalise reporting persons for having reported information on breaches or made a public disclosure providing the information falling within the scope of such clauses and agreements is necessary for revealing the breach. Where those conditions are met, reporting persons should not incur any kind of liability, be it civil, criminal, administrative or employment-related”. Article 20 of the Directive states that reporting persons shall not incur liability of any kind in respect of such a report or public disclosure, provided they had reasonable grounds to believe that the reporting or public disclosure of such information was necessary to reveal a breach under this Directive. What about trade secrets? The 2014 Act was amended in 2018 to incorporate provisions of the EU Provision of Trade Secrets Directive. This required whistleblowers to demonstrate that they acted in “the general public interest” when disclosing commercially sensitive information. The Directive, however, states that where a reporting person can show “reasonable grounds”, they will incur no liability in respect of disclosures including for defamation, breach of copyright, breach of secrecy, breach of data protection rules, disclosure of trade secrets, or for compensation claims based on private, public, or collective labour law. This appears to narrow the burden of proof for reporting persons from acting in the public interest to acting on reasonable grounds. What should companies do? All companies in Ireland should review their obligations under the Whistleblowing Directive and assess their ability to implement internal reporting channels and assign dedicated staff to handle such reports. Companies should undertake planning to identify how reports will be investigated independently, and within the required timeframes of the Directive. While many companies may adopt a “wait and see” approach, companies must act to implement systems and reporting channels per the Directive. Barry Robinson FCA is a Director, Forensic Services, at BDO Ireland.

Feb 10, 2020