Directors faced with a court application to restrict them  as a director must be able to demonstrate clearly that they acted responsibly at all times to avoid restriction.  By Claire Lord A liquidator of a company that is unable to pay its debts is required to apply to court for a declaration that any director of that company, either at the time of commencement of its winding up or during the period of 12 months before that date, cannot be appointed or act as a director of a company or be concerned in or take part in the formation or promotion of a company, for a period of five years. This requirement does not apply where the Director of Corporate Enforcement relieves the liquidator of the obligation, or the company in question meets certain share capital requirements. In addition, the court is not required to make a declaration of restriction where it is satisfied that the director in question acted honestly and responsibly in relation to the conduct of the affairs of the company, whether before or after it became unable to pay its debts. The concept of “acting responsibly” was recently considered by the Irish High Court in connection with an application made by the liquidator of IQ Content Limited for a declaration of restriction against two of its directors. One of these directors was Morgan McKeagney, the founder and former managing director of IQ Content Limited.  The case IQ Content Limited was an IT consulting and web design firm that had enjoyed considerable success until 2014, when an unfortunate coincidence of events caused it to suffer an unprecedented collapse in revenues. As a consequence, in July 2014, a decision was made to wind up the company. At that time, Morgan McKeagney remained as a director of the company but was no longer involved in its day-to-day operations. Representing himself, and assisted by a successful application for an order of discovery of documents held by the company, Morgan McKeagney presented evidence of “a story of intrigue” to the court. The evidence presented by Mr McKeagney demonstrated that his colleagues had acted in a coordinated and calculated manner to drive the company into liquidation while at the same time, establishing a new company into which they planned to move all of the company’s assets. Mr McKeagney was also able to show the court that throughout this period of crisis, he had been deliberately removed from decisions that were made and otherwise isolated within the company. The judgment The application for Morgan McKeagney to be declared by the court as being restricted from acting as a director was declined. The presiding judge instead declared that Mr McKeagney had acted responsibly and with integrity throughout the process. The judgment notes that the court was highly impressed with Mr McKeagney’s actions in his role as a director of IQ Content Limited and in opposing the restriction application. In this regard, it is stated in the judgment that Mr McKeagney had presented his case in a clear and articulate manner and had presented clear evidence that he had acted in the best interests of the company at all times. This case demonstrates that the court will decline to make an order for restriction in circumstances where a director has acted responsibly in relation to the conduct of the affairs of a company in liquidation. However, a director in this situation needs to be able to clearly demonstrate to the court that this was the case. Morgan McKeagney went to impressive lengths to contest the application being made to restrict him as a director, and he was successful in demonstrating that he had truly acted responsibly in relation to the conduct of the affairs of IQ Content Limited. These lengths are indicative of the burden of proof placed on directors that find themselves in a similar position to successfully argue a positive outcome.   Claire Lord is a Corporate Partner and Head of Governance and Compliance at Mason Hayes & Curran.

Welcome to a special 50th anniversary edition of Accountancy Ireland. As this is my first comment piece in the magazine since our AGM, I’d like to say what a tremendous honour it is to follow in the footsteps of a long list of remarkable Presidents. I would also like to congratulate my predecessor, Feargal McCormack, for a tremendously successful year. The audit challenge As a member who has spent his career working in audit, it will come as no surprise that I am keen to address the challenge that currently faces the audit profession. I have been looking to our nearest neighbour in the UK and reflecting on the fractured relationship with the regulator, the Financial Reporting Council, and with politicians. Many of the reforms recommended by Sir John Kingman’s recent independent review have now been accepted. However, the wider review by the Competition and Markets Authority and also the independent review into ‘The Quality and Effectiveness of Audit’ being conducted by Lord Brydon will be fundamental to our future, and the future of business more broadly. We must remember that what may be required to work in the UK is not necessarily or automatically right for Ireland. We must work hard to ensure good communication between the profession, politicians and regulators to ensure that the very particular strengths we have in Ireland are protected and nurtured. Routes to our profession My second area of focus will be around access to the profession. I see this as having three different strands. Firstly at graduate level, secondly by facilitating more graduates to train in industry and public sector, and thirdly by opening up a route to non-graduate entry. Over many years, the Institute’s dependence on the audit functions of the big accounting firms has become more and more accentuated. I believe there is real opportunity both to widen our graduate pool, but also to work with Ireland’s largest corporates – and, indeed, our influential senior members – to revitalise and enhance the ‘training in business’ route to the qualification. The other thing we need to get right is our school-leaver route. It is inevitable that college fees for university education will be reintroduced at some stage, making third-level education inaccessible to many. Through Accounting Technicians Ireland, we already have a ready-made route for school-leavers to Chartered Accountancy, which presents a fantastic opportunity. Strategy My third area of focus will be strategy. We are now working with our Strategy Board to make sure that by the end of the year, we have progressed a new strategy up to 2025. In doing this, we will engage with the full spread of our membership. We have so many business leaders who are Chartered Accountants and who play a very significant role in Irish business life – creating value, creating opportunities for careers, and sustaining families. With your help, we will deliver a strategy that secures our reputation and delivers important services to members. I am very confident that together, we can deliver on our themes and strategy for all of our membership. Conall O’Halloran President

Gary McErlean of Quarter Chartered Accountants writes: The ancient saying that change is the only constant seems to be more true today than ever before. The pace of change in the accounting world, driven by continuous technological advances, has never been swifter, or more unforgiving. As a practice which has embraced and adopted the new technologies available, we at Quarter Chartered Accountants can confidently say that this has only been advantageous. There are various Cloud Accounting Software providers such as Xero, Surf, Quickbooks, Sage 1 etc. A few years ago, we decided to invest time with Xero, and I thought it would be useful to outline some of the areas where we have benefited from significant time (and ultimately cost) savings by utilising a Cloud Accounting System. Bank reconciliations still comprise a key component of the accounting process, with staff time requirements being quite significant with bank accounts comprising high numbers of transactions. Not any more – Cloud Accounting Systems have the ability to link directly to most banks, with all underlying transactions being posted within the accounting system automatically, and on a daily basis. Granted that, although such a system automatically records every single lodgement and payment going through the bank, it doesn’t necessarily know where to post the other side of the transaction. However, all the processer needs to do is click on each item and allocate it to the relevant nominal code etc. The time required to do this is a fraction of the time required to post the bank the old fashioned way. Furthermore, the system learns, or can be told, where certain recurring items should be posted and this can also be done automatically, saving even more time. Cloud Accounting Systems also link in with lots of different mobile phone/tablet apps. For example, there are apps that allow the user to take a photograph, on their mobile phone/tablet, of supplier invoices which are then automatically posted to the Cloud Accounting system, to which the app is linked. All you have to do is approve the transaction. Based on the above, it is therefore quite conceivable for all your bank transactions and your supplier invoices to be posted to your Cloud Accounting System before you have even opened it! Another prominent feature of Cloud Accounting Systems is that they can be accessed from anywhere with an internet connection. Gone are the days when all work was carried out in the office on a 9 to 5 basis. It is becoming increasingly common for people to work from home, or on the move, and with the ability to log in to their accounting system being as equally mobile, the business finances can be processed or monitored anywhere on a real time basis. Cloud Accounting Systems provide a platform for offering a more regular reporting service to clients, which is better for the firm as well as the clients. They allow practices to develop client relations and, in our experience, leads to additional revenue streams being generated. In summary, if I was to use one word to sum up the effects of these technological advances in Cloud Computing, it would be EFFICIENCY, and, in my opinion, those that want to survive and thrive in this ever changing world of technology need to embrace it. Gary McErlean is a Principal in Quarter Chartered Accountants, and is a member of the Members in Practice Committee of the Institute. The Members in Practice Committee represents the interests of smaller practices.

The Property Services Regulatory Authority (PSRA) writes: The Property Services Regulatory Authority (PSRA) licences and regulates Auctioneers, Estate Agents, Management Agents and Letting Agents (licensees). The PSRA works to protect the interests of the public by ensuring that high standards are maintained in the delivery of property services by licensees. The PSRA considers the opinion of the Reporting Accountant, and the work leading to that opinion, on whether client moneys are managed in accordance with PSRA Client Moneys Regulations by a licensee as paramount in their assessment of licence renewal applications. In this regard, a licence renewal application must be accompanied by a signed accountant’s report relevant to the licence(s) held. The PSRA acknowledges the vital work undertaken by accountants in completing these reports effectively.   Accountants are required to review the books of account and records of the licensee and give an opinion on whether the licence holder has complied with the PSRA Client Moneys Regulations and to report where breaches of the Regulations have occurred. While the vast majority of reports received do not require the PSRA to request additional information, in some instances the PSRA is required to query the licensee’s application, including the content of the accountant’s report. By way of information, common issues encountered by the PSRA while reviewing licensees’ applications and accountant’s reports include: The most recent updated specified accountant’s report is not completed. Specified accountants reports are available at http://www.psr.ie/en/psra/pages/accountant’s_report Accountants fail to complete Section 4 of Part I of the relevant renewal accountant’s report expressing an opinion as to whether the regulations have been complied with by the licensee. Incorrect calculation of the balance on the Balancing Statement. The name of the Client Account(s) does not match exactly with the name on the relevant bank statement. A client account must be in the name of the licensee and contain the word “client” in the title. Issues of greater concern to PSRA identified in 2018 include: Liabilities to clients reduced on the balancing statement (Appendix 3A of PSRA/S35 – Renewal ABC) by deducting moneys owed in, which were intended for clients, but had not yet been received or placed in the client account. An example includes: where a licensee pays money out of the client account to a landlord in advance of receipt of rent by the licensee from the tenant. In a small number of instances this transaction is not shown as a liability on the client account by the licensee when completing the balancing statement. Before giving an opinion, the accountant should be satisfied in respect of the statement in section 3.3 of the report, namely “I have obtained the client account balancing statement(s) prepared by the Licensee as set out in Appendix 3A and checked that the information therein is in agreement with the books of account and records of the Licensee”. Liabilities to clients are not reported on the balancing statement (Appendix 3A of PSRA/S35 – Renewal ABC). Before giving an opinion, the accountant should be satisfied in respect of the statement in section 3.3 of the report as noted above. Licensee using one account for all client and business transactions. This is a breach of the Client Moneys Regulations and is required to be included by the accountant at Appendix 2 of the accountant’s report. Instances where a deficit/surplus on the client account has been identified but not addressed by the licensee, despite confirmation in Appendix 3B that funds have been paid into/withdrawn from (as appropriate) the client account by the licensee and the signed accountant’s report being submitted as part of the licence renewal application. In these instances, the PSRA has by way of follow up confirmed that in such cases outstanding monies owed have not been repaid to the client account. The PSRA encourages that you consider whether there is evidence of any of the above issues arising when completing the accountant’s reports on behalf of licensees. The PSRA acknowledges the engagement of accountants with licensees and the cooperation extended to the PSRA in addressing queries. More information regarding accountant’s reports and the PSRA in general can be found on www.psr.ie. The PSRA may be contacted on 046 9033800 or by email at info@psr.ie in relation to any query you may have when completing PSRA Accountant’s Reports. Members should refer to Technical Release (TR) 03/2018 ‘Licence applications under the Property Services (Regulation) Act 2011 and the Property Services (Regulation) Act (Client Moneys) Regulations 2012’ issued in June 2018.  

Orla McGahan writes: 1. Join a network “If you want to go fast, go alone; if you want to go far, go together.” There are 1,730 Chartered firms in practice in Ireland. Of that, around 950 are sole practitioners; and yet, there are only 40 listed networks. Even with an average of ten members per network, there are a lot of people out there going it alone. Don’t isolate yourself. The benefits of being part of a network are copious: A case study group – for those times when a case needs to be talked out.  A forum to benchmark – to benchmark fees, charge out rates, overheads, staff salaries, and so on, can be invaluable. Consider joining a network outside your geographical or competitive area if necessary.  Knowledge sharing – share experiences on dealing with Revenue, CRO and other areas. For that moment when you are just having a blank, being able to run it by a trusted colleague. Referrals – often within a network various members specialise in varying fields, industries or disciplines. This can lead to additional work through referrals. CPD and training – organising training by network offers more flexibility to custom make the course, attendees, and location, while gaining cost reductions. 2. Don’t underestimate the value of your work I was lucky enough to be shown early in my practice life (by a client!) that the value of your work is not the time it took to put together the relevant documents and submit them to the appropriate authority. But rather, and more importantly, your fee should reflect the time, effort, knowledge and experience you have gained over the years which gives you the technical and practical knowhow. For a lot of practitioners, our work revolves around solving problems or doing work our clients do not have the time, knowledge, skill or experience to do. Make sure the price you put on your work adequately reflects value to both you and your client. 3. Stock control - record your time How often do we criticize clients for inadequate stock control and yet how many of us, particularly partners, do not record our time? We sell time. Fact. And yet quite often we have no control over it. There are many good CRM packages available to practitioners offering time recording systems with simple reporting facilities. Invest in one and use it. It will pay for itself, and then some. Find the discipline to record your time, every day. 4. Organise your time and stick to it! As the saying goes – “Failing to plan is planning to fail.” If I were to pick one thing that will make a difference, it’s time management. This is crucial to creating and maintaining an easy (easier) practice life. Plan, systemise where possible, and stay on top of The annual return and compliance review - do this when it comes in or as it falls due; Anti-money laundering compliance; Engagement letters; Practice housekeeping – A Chartered Accountant I know, who runs a very successful practice, has developed the habit of spending the first hour of his day, every day, without fail, to practice housekeeping. And his success is testament that it works; CPD and your CPD record; Staff mentoring records. 5. Embrace technology and update your software regularly Efficiencies leading to higher profitability and better cash-flow can be achieved with regular investment in software and technology. Incorporate this cost as an ongoing overhead. 6. Value your staff I’m sure this is not the first time you have been told this, but your staff are your most valuable asset. “We are only ever as good as the people around us”. Invest in your staff. The cost of losing an experienced staff member goes far beyond the financial cost. Added to that, a new staff member will take at least six months to become comfortable and familiar with the position. The cost of this should never be underestimated. Invest in training, talk to your staff openly and regularly (maybe over a nice lunch) about the things that make a difference to their enjoyment of the position, and it’s not always about salary. Particularly in the current environment, taking care of your staff should be a high priority. 7. Self-care In the words of Stephen Covey (The 7 habits of highly effective people) – “sharpen the saw”. Take care of yourself, your health, your mental health and your private life. As a practitioner, the pressure to develop, to stay up to date technically, meet deadlines, manage staff, and still live your life can sometimes be overwhelming, not to mention managing the expectations of clients. We carry a huge responsibility. So take time out regularly and routinely to take care of yourself. 8. Get involved in your Institute For some members “The Institute” may seem like an anonymous entity from which they can feel somewhat disconnected. But the Institute has many more facets than members realise and offers many valuable services. In addition to the staff, many member volunteers are lobbying and working away for the interests of its members. Volunteers are always required in many areas. The benefit of involvement and having an active role is that you can help shape and change the world in which you work, influence policy and changes in legislation, education, membership and many other areas. And as an added bonus, involvement gives you a sense of belonging to the Institute of which you are a member. 9. Agree fees upfront and in writing When you make this routine a habit, it is second only to time recording in revolutionising your practice, your fee recovery and your cash flow. It focuses your mind in identifying exactly what service is required, what the client is willing to pay for that service, and the timing of when you will get paid. It opens the doors for a discussion on what work the client wants done, and identify any work they are willing to do themselves. Make a list of the steps involved in the work and use this as a template to assist in the conversation. The benefit is that it saves a lot of stress and bad feeling when you think you’ve done a great job only to find that the client does not appreciate it and is unwilling to pay for it. Orla McGahan is the principal of McGahan and Co, and is a member of the Members in Practice Committee of Chartered Accountants Ireland.  

Jeremy Twomey writes: With autumn’s arrival, it is timely to look back at the key events thus far in 2018 that have impacted accountancy practitioners. As in previous years, regulatory and legislative change has continued apace, including: The General Data Protection Regulation (GDPR) came into force across Europe on 25 May, resulting in the largest change to the Irish & UK Data Privacy regimes in over a generation, with wide ranging effects on all businesses, including accountants; and The Companies (Statutory Audits) Act 2018 was signed into Irish law in late July, with its resulting principal changes for practitioners outlined in a dedicated article in Technical Signpost below. It is fair to say that achieving compliance with these new requirements presents a challenge for practitioners, especially so soon after the introduction of the Small and Micro Company regimes in ROI via the Companies (Accounting) Act 2017, as well as the new and separate Auditing Frameworks for Ireland and the UK early last year. 2018 has thus far also been a very busy year for the Institute’s Practice Consulting team, as we work to assist our members across the island in meeting the challenges they face. Our Training courses in the areas of Auditing, Financial Reporting and GDPR are proving particular popular. We have developed these three courses to address the practical needs of our members, providing clear examples of how to address the issues in each respective area that both you and your clients face each day. An example from our Financial Reporting course includes how to meet the various financial statements note disclosure requirements under the Small & Micro Company regimes. We use the experience that we have gained from numerous compliance assignments at practices over the years, together with the knowledge garnered from developing our practice aids such as Pro Forma Financial Statements, Procedures for Quality Audit (PQAs) and our recent comprehensive GDPR guidance and related templates. Marrying these with insights from the Institute’s Professional Standards Department on key regulatory compliance issues that they see at firms as part of their monitoring role, our courses help to ensure that both you, and your clients, stay ahead of emerging issues and meet your regulatory requirements. Feedback that we have received over recent months on these courses has been very positive and each carries a 3 hours CPD credit. Looking ahead, our upcoming courses during the autumn months include courses on Auditing and Financial Reporting in five regional centres across the island (Belfast, Cork, Galway, Limerick and Sligo), as well as Dublin. We typically provide both of these courses in one day at each centre, allowing participants to attend both courses, should they wish. Further details on the dates and times during November and December for each course/location, as well as booking details, are available on the Professional Development area of the Institute website. The option of availing of these three courses in-house at your firm also continues to be very much in demand. This option allows you to tailor a particular course to your firm/staff’s specific needs, while having one of our consultants provide a course at your practice is a particularly cost efficient way to meet CPD requirements for both you and your staff. One very popular example of such an in-house course over recent months is our half day GDPR consultation, where one of our team can visit your firm and offer practical advice and guidance on how to tailor your procedures, make progress on your GDPR journey, and meet key compliance milestones. Other courses that we are running during October and November at the Institute include two courses focused on regulated areas. The first in late October focuses on Accounting and Auditing for Charities and Not-for-Profit Entities, while the second in late November concentrates on other Regulated Entities such as Insurance Brokers, Auctioneers, Owners’ Management Companies, Occupational Pension Schemes and Solicitors. If you are providing accounting or audit services to any of these organisations, then these courses may be for you, as we provide practical updates on the recent key changes in the standards, regulations and legislation affecting these sectors. As you prepare for the remaining busy months of the year, and indeed for 2019, it may be worthwhile taking some time now to consider your current CPD requirements and how best to tackle these needs. As ever, my colleague Conal Kennedy and I are available to contact (see contact points below) on any of your practice related training needs over the coming months.

Jeremy Twomey writes: Meeting General Data Protection Regulation (GDPR) compliance requirements has become a top priority for Irish businesses over recent months and accountancy practices are no different. Recognising that GDPR implementation presents both specific challenges and opportunities for accountants in practice, the Practice Consulting team has also been busy both offering advice and providing practical guidance in this area for our members. This guidance can be found at  https://www.charteredaccountants.ie/knowledge-centre/guidance/gdpr/gdpr-resources and includes the following: GDPR 8 Step Guide; Explanation of GDPR terms; GDPR Template Outline Procedures to be tailored and used by an accountancy firm; and Example paragraphs for a client engagement letter addressing GDPR and a template privacy statement. From talking with our members in practice over recent weeks, it is evident that practitioners are at different stages on their journey to GDPR compliance. While it may appear a daunting exercise at the outset, the process of becoming GDPR ready can be broken down into a few key practical steps. With this in mind, in this article, I am going to outline the key points to achieve GDPR implementation from our 8 Step Guide: 1.  Raise GPPR awareness As a starting point on your GDPR journey, the partners and staff at your firm need to be fully aware of the Regulation, the work to be undertaken to ensure compliance, the likely problems that may arise and any budgetary implications. A basic step that can be undertaken in-house at your firm is a GDPR awareness presentation for all the staff. Your clients also have to comply with GDPR, so it is worthwhile checking that they are aware of these changes, to tell them of their GDPR obligations and how your processes may be changing. Such support may be an ‘added value’ opportunity for your firm to assist your clients. 2.  Appoint someone senior to oversee the process & resource this appropriately Your firm should appoint someone internally to take control of understanding GDPR and how it will affect your practice. It is essential that this a senior member of staff who will take responsibility for overseeing the GDPR compliance process at your firm. While it is expected that the majority of the work in relation to meeting the requirements of GDPR can be undertaken internally, a project team may be required, which may include external support and assistance on certain issues. Hence, it is vital that reasonable funding and resources are set aside to achieve your GDPR requirements. It is currently envisaged that most accountancy firms will not be required to appoint a Data Protection Officer (DPO). It is, however, recommended that you still appoint someone to be responsible for data protection within the firm going forward, but give them a title other than DPO (i.e. “Data Privacy Lead”). 3.  Review and update existing information and cyber security measures Having comprehensive levels of information and cyber security is a key step towards building a resilient organisation and ensuring GDPR compliance. It is therefore recommended that members should review their existing security measures and update as necessary. Both controllers and processors are required under the Regulation to implement “appropriate technical and organisational measures” to ensure a level of security appropriate to the risks that are presented by the processing of personal information. Such measures are described as including: Pseudonymisation and encryption of data (The use of secure portals to share documents is also of benefit); The ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services; The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and A process for regularly testing, accessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Detailed listings of examples of both practical physical and technical security measures to aid GDPR compliance at your firm are included in the full version of our 8 Step Guide as published on the Institute website. It is important to remember that managing cyber risk is not simply about managing data within your firm. Therefore, it becomes necessary to document the security risks from your supply chain (e.g. cloud service provider), as well as your own organisation. 4.  Map your data With the many potential pitfalls of non-compliance to GDPR, taking action to map any gaps in relation to the personal data your firm holds is critical. The first step is to get started by scoping the problem and mapping the data flows associated with your firm. It involves identifying, understanding and mapping out the data flows into and out of the organisation. As the data map evolves, you should be able to identify the flow of data, as well as gaps in required contracts and consents for processing data under the GDPR, and risks in security measures etc. that will need to be prioritised and resolved to ensure compliance. This requirement for data mapping is quite far reaching when you think about it. A typical accountancy practice possesses the following: accounting and tax software, audit software, payroll software, practice management systems, network drives and, of course, paper accounting, tax, company secretarial and audit files. This review will also need to extend to the many individual devices on which information is stored (e.g. laptops, desktops, tablets, phones and memory sticks). Finally, it is important to emphasise that, when completing your data mapping, GDPR compliance is only required for personal data that you hold. Company data is, for example, beyond the scope of the regulation, however your data mapping exercise may have an added benefit of identifying efficiencies that you can implement at your firm for non-personal data as well. 5.  Review your contracts with clients and suppliers As the GDPR imposes new obligations on data controllers and data processors, you will need to make sure you understand your status and your responsibilities with regard to both client data and firm data. At the very least, firm contracts will need to be updated to reflect the requirements of the GDPR. Accountancy firms should review their existing contracts with their clients, suppliers and sub-contractors to identify whether the accountancy firm is the data controller or data processor of any personal data it processes under the different contracts. This involves identifying which party ultimately determines the purpose and means of processing data. It is of vital importance that you satisfy yourself that your firm is correctly assigned the role of either data controller or processor (with matching appropriate requirements/liabilities) before signing any contract with your client or supplier. Remember that entering into a contract on the wrong basis may potentially open both you and your firm to unnecessary requirements/liabilities that may be difficult to overturn. More detailed guidance on each of these areas is included in the full 8 Step Guide, while Section 5 of our Outline Policies and Procedures provides advice on your firm’s likely status as either a Data Controller or Processor for a variety of possible assignments that you may undertake. Both of these documents can be found on the Institute website under GDPR resources. 6.  Employment contracts & information for your employees As with existing legislation in this area, under GDPR, certain information must be supplied to employees before their personal data is collected and processed by your firm. The information will typically be provided in the form of a notice to job candidates, and a further privacy policy will be supplied to successful job applicants as part of their on-boarding induction to the firm (typically included in an Employee Handbook along with other firm policies). It is also important to remember that, for the processing of employees’ personal data, where possible, the employer should rely on performance of the employment contract as the legal basis for processing, rather than consent. Consent is a weaker legal basis for such processing, as it can for example be easily withdrawn by the data subject Finally, do not forget to review (and redraft as necessary) employment contracts to update any data protection references or sections to comply with GDPR. 7.  Draft/update data protection policies and controls to meet the new requirements The GDPR introduces the principle of ‘accountability’. This means that all organisations must not only ensure they are compliant with the GDPR, but be in a position to prove this too. The best way to prove this is to document your data protection policies and procedures. We suggest that your firm’s GDPR policies and procedures should include, but not be limited to, the following (Outline policies in several of these areas are included in “Outline GDPR Policies and Procedures” on our website): Who is responsible for GDPR at your firm and what are the reporting lines? Data Processing Your policies in this area should detail the categories of personal data collected by your firm and the purpose for which it is collected. In addition, these policies should detail your firm’s role as a Data Controller and also instances when you act as a Data Processor, together with your responsibilities in fulfilling these roles. Data Subject Rights Your firm will need to have specific policies and procedures in place to ensure the rights of your data subjects are upheld under GDPR and that you have adequate processes and resources to meet the requirements of the Regulation. Specific subject rights areas requiring defined policies and procedures include: Data Subject Access Requests (DSARs); Right of erasure (Right to be forgotten); The right to restrict processing; The right to object to processing; and The right to data portability Some of these rights may not be enforceable by the data subject where data is held under legitimate purpose.   Data Governance Example areas of data governance to be considered for inclusion in your GDPR related policies and procedures include the following: Data Protection Impact Assessments (DPIAs), Privacy by Design and Privacy Notices, Document Retention, Security and Breaches. 8.  Staff training and ongoing compliance While not all staff will need to understand the GDPR in its entirety at your firm, each of your staff should at least be aware that data protection is an issue for everyone. For staff who do not deal with personal data, training can be limited to an annual (refresher) course on information and cyber security. On the other hand, for staff who regularly deal with personal data, training should focus on security over data, plus an awareness of the firm GDPR policies and procedures on a regular basis (at a minimum annually or more often if the need arises). Again this can be tailored to their particular role and responsibilities. Ongoing testing Testing in the areas of IT Security and other key aspects of GDPR compliance (e.g. audits of records held for constant compliance) should be formalised into a regular ongoing programme of work at your firm, as well as outsourced providers. Cyber security is a rapidly evolving area. Meeting best practice in May 2018 does not mean you will maintain compliance over the months and years ahead; you will need to keep this area under review. Conclusion At first glance, the process to ensuring GDPR compliance may appear to be a massive undertaking and a drain on resources for your firm. It is important to bear in mind that most accountancy firms and small businesses are in the same boat as you, and that by breaking down the required steps into clear manageable stages as above, you too can achieve GDPR Compliance in a timely manner. Should you need further assistance, Practice Consulting has also developed a half day consultation offering. One of our consultants can visit your firm and offer practical advice and guidance on how to tailor your procedures, make progress on your GDPR journey, and meet key compliance milestones. If you have any question in relation to GDPR, please feel free to contact either Conal Kennedy or myself in Practice Consulting.

Jeremy Twomey writes: Billed as the most important change in data privacy regulation in over 20 years, and with its enforcement deadline of 25 May 2018 fast approaching, ensuring General Data Protection Regulation (GDPR) compliance has become a top priority for the majority of Irish businesses. Over the last year, the Institute has been helping its members to prepare for GDPR in a number of ways. For example, we have provided guidance via articles in recent issues of Accountancy Ireland, while in the last few weeks we have run a series of half day roadshows and courses in a number of towns and cities across Ireland. In addition, the Practice Consulting team has been busy preparing detailed practical guidance in this area, explaining what the changes resulting from GDPR will mean for accountants and their clients. This guidance will be available under the Knowledge Centre section of the Institute website, and is designed to answer the GDPR-related questions that members have contacted us on over recent months. While preparing this guidance, it became evident that a number of “myths” have developed over the last couple of years surrounding the implementation of GDPR. In this article, I am going to address a few of these and try to help you ensure that you do not fall foul of these, as you prepare to achieve GDPR compliance at your firm. Myth 1 - GDPR Compliance is a once off project to be achieved by 25 May With so much hype surrounding the regulation, one should remember it is not a once off event or test for compliance. Unlike planning for the Y2K deadline in 1999, GDPR preparation doesn’t end on 25 May; it requires ongoing effort. It’s an evolutionary process for organisations; 25 May is the date that GDPR will be enforced but no business stands still. You will be expected to continue to identify and address emerging privacy and security risks in the weeks, months and years beyond May of this year. GDPR will require ongoing governance of data, as organisations migrate to new systems or apply their customer data to new markets and trends. Initial compliance is the first heavy lift, but ongoing governance is the long-term reality! All entities falling under GDPR should endeavour to be fully compliant by the implementation day, although this may not be possible in all instances. In such circumstances it is important that you address the essential elements of compliance at your firm as soon as possible, and can demonstrate your ongoing efforts in this regard in a comprehensive documented plan of work. Myth 2 - GDPR is only for large firms, a small accountancy practice or company is not expected to have the time or resources to achieve compliance You will have to comply with GDPR, regardless of your size, if you process personal data. Small accountancy practices do not escape the demands of compliance. GDPR needs to be prioritised by all firms, regardless of size. The vast majority of businesses across Ireland are small businesses and it is important to remember these firms often process a lot of personal data, and their data protection reputation and liability risks are just as real as for larger entities. Myth 3 - With Brexit, entities located in the UK, including Northern Ireland, will not have to comply with GDPR GDPR will apply to all EEA countries and any individual or organisations trading with them. As it comes into force on 25 May 2018 (before the UK is due to leave the EU), UK individuals & organisations must ensure compliance with the new regime by then. The British government has confirmed that the UK’s decision to leave the EU following Brexit will not affect the commencement of GDPR. Post Brexit, it is envisaged that if a UK organisation or individual processes personal data, then they will have to do this in accordance with GDPR. To ensure that the UK will be GDPR-compliant post Brexit, the new Data Protection Bill (currently going through Parliament in London) incorporates all of the GDPR. Myth 4 - GDPR is a completely new approach to Data Protection It is vital to remember that GDPR builds upon the existing legislation in this area. It is an update, not a wholesale revision, to meet the changes in technology and data use over the last twenty years or so. As a result of these changes, consumers’ privacy and data were not by now as well protected as they could be. GDPR rectifies this by increasing the responsibility on organisations to use personal data appropriately and to hold it securely. Although GDPR is not a completely new approach, it is more stringent in its application and the fines for non-compliance have been considerably increased. This means that doing nothing is not an option, although GDPR does allow organisations to take a risk based approach, based on your size and circumstances. Many organisations struggle to assess where they should start in preparing for GDPR. It is helpful to remember that we have had data protection legislation in both the UK and the Republic of Ireland for a number of decades and therefore, firms who have taken data protection compliance seriously are already in good shape for beginning to meet GDPR’s increased compliance standards. Myth 5 - GDPR is just more bureaucracy and work for small firms, with no potential  benefits When legislation of this nature is announced, one can take either a positive or negative view of the task at hand. If you take a negative view, you will see GDPR as more bureaucracy and cost to your firm. If you take a positive view, on the other hand, you will view GDPR as a necessary strengthening of the rights of individuals, and indeed a potential  opportunity. As accountants position themselves as strategic advisers to clients, GDPR is also an opportunity for firms to demonstrate to clients that they can securely hold and process information in accordance with data requirements, and that protection of client data is a priority for the practice. As a result, clients are likely to see their accountants as trusted professionals with whom they can partner to drive their business forward. Therefore, being a leader in this area may enhance your practice and its reputation. In addition, as trusted business advisors to your clients, you must have sufficient knowledge of this new legislation to be able to provide sound advice. SMEs need to be ready when the new law comes into force, but they may struggle to know where to start. Chartered Accountants in practice can help these small businesses bridge the gap to GDPR compliance and, in the process, win new business. Myth 6 - Outsourcing GDPR compliance will be a quick fix for me and my firm There is no quick fix to GDPR compliance. No one piece of software or outsourced service provider is going to provide everything you need to comply with GDPR. For accountancy practices, GDPR will impact on how you manage and store data across your entire firm (e.g. client, prospective client, contact, supplier and staff data). You cannot outsource your responsibility for this information, and compliance with GDPR will require considerable time and preparation from all levels within your practice. With the implementation date of 25 May approaching quickly, it is important to start sooner rather than later on this. Myth 7 - GDPR only applies to Digital Processing Under GDPR, data processing covers both automated personal data and manual filing systems. Manual/paper records are included if they are part of a ‘relevant filing system’. This means papers stored systematically, for example, in a filing cabinet are probably included, but ad hoc paper files may not be. Members should ensure that they apply the same levels of diligence to paper records as they do digital records and that any decisions made regarding the lawful basis for processing, adhering to data protection principles and upholding data subjects’ rights include paper records held. Myth 8 - Under GDPR, accountants will only be seen as Data Processors and hence avoid much of the responsibility that falls on Data Controllers in this new regulation The UK Information Commissioner’s Office (ICO) has previously advised that it considers that an accountancy firm providing accountancy services acts as a data controller. The firm’s status as a data controller in relation to clients arises because the firm has flexibility over the manner in which it provides services to its clients and will not be simply acting on their instructions. In addition to this, the firm has its own professional responsibilities regarding record-keeping and confidentiality. Therefore, because an accountant “determines what information to obtain and process in order to do the work”, firms act as “controllers in common” with clients. Under GDPR, member firms will also be data controllers with regard to their firm data (e.g. employee information). If there is any doubt regarding your status as a processor or controller in relation to your firm’s activities, you should take legal advice. Going forward, firms will need to ensure that client terms and conditions reflect this reality, potentially extending engagement terms as appropriate. No doubt, for many accounting practitioners, much work remains to be done to fully meet GDPR compliance requirements. Between now and the end of May, firms new  to the process will need to examine their existing data processing, review their data protection policies, procedures & controls, and identify any gaps that need to be addressed. Following on from this, firms will need to implement any changes required in a structured documented manner to meet the needs of GDPR and continue to show full compliance long after the implementation date. The Institute will continue to assist members on your GDPR compliance journey, with ongoing updates to our available guidance in this area and, should you have a specific query in this area, please feel free to contact the Practice Consulting Team.

Conal Kennedy writes: In the past few years, accountants in practice have had to deal with a wave of change that has washed over them, including the new accounting frameworks in the UK and Republic of Ireland. In both jurisdictions, small and micro company regimes have been introduced which are generally welcome, but like any change in standards, can present challenges in just getting it right first time. In Practice Consulting we have given assistance and support to a large number of members and firms as they applied the new frameworks. Most of the firms that we have encountered have been successful in the transition process. However, we thought that you would be interested in a list of some of the more common issues that we have encountered, with a view to avoiding them, of course! OK, so here’s what we have observed… Directors’ remuneration disclosures. In ROI, including the directors’ remuneration information on the face of the profit and loss account does not mean it can be omitted from the abridged financial statements.  Section 353 of the Companies (Accounting) Act (‘2017 Act’) specifically requires this information to be included in the abridged financial statements filed with the CRO. Mixing and matching. Care should be taken when early adopting the ‘specified provision’ of the 2017 Act. For instance, we came across some ROI companies preparing statutory financial statements under the small companies regime but using the old abridging rules. Departure from FRS 102 or Company Law. This is expected to be rare and only to arise in very unusual circumstances.  We have seen instances where preparers departed from legislation or standards to account for relatively straightforward transactions and balances. Non-disclosure of critical accounting judgements and estimates. FRS 102, when applied in full, requires these to be disclosed in the notes to the financial statements.  Section 1A of FRS 102 encourages entities applying the small companies regime to disclose critical accounting judgements (but not estimates).  We have seen cases where these disclosures were omitted altogether, or where standard boilerplate wording was used, not reflecting the circumstances of the preparing entity. Connected entity or connected person loans. Under FRS 102, loans which are interest free or are low interest may be required to be classified as financing transactions and valued at the present value of future payments discounted at a market rate of interest if they are due after more than one year. This is a difficult area and some preparers have struggled to apply the accounting standard correctly. In some instances, a loan whose terms were undocumented was mistakenly treated as being due after more than one year. A loan whose terms are undocumented may be considered to be repayable on demand, notwithstanding the intentions of the parties to repay it over a longer period. The solution: if the loan is repayable on demand, then, unless there is an impairment issue, it should be carried at the original transaction price with no adjustment, and as an amount due in less than one year. In ROI, reference may also need to be made to the Evidential Provisions in Sections 236 and 237 of the Companies Act. See also the new concession applying to small entities for loans from persons who are within a director’s group of close family members (including the director), when that group contains at least one shareholder in the entity - for details, please see the Amendments to FRS 102 publication issued by FRC in December 2017 (this publication is also mentioned later in Technical Signpost). We hope that this article will prove useful in identifying issues. Naturally, it is not a comprehensive list in part because we have concentrated on errors which are completely new and particular to the new frameworks. The article has been written in general terms, and should be viewed as a pointer towards issues that may have been overlooked and should not be relied upon.

Conal Kennedy writes: For many years we in Practice Consulting have assisted members to buy, sell and merge their practices. During the recession years, and for some time afterwards, there was very little activity, but in recent times we have been receiving more enquiries and helping more practices. A firm with a recurring fee base has a value based primarily on its goodwill. It is usually preferable to arrange succession from within a practice, but in the absence of this, a sole practitioner approaching retirement age might consider realising the value of the firm by selling the goodwill to a growing practice. There are other circumstances where a practitioner may be interested in selling their practice. On the other hand, many practices have informed us of their intent to purchase, if an opportunity arises. In other cases practices may come together by way of acquisition or merger in order to pool resources and leverage the benefits of increased size and more diverse skillsets. Many mid-sized practices would be interested in offering a senior position or partnership to a dynamic sole practitioner. This possibility might be of interest to a member who has set up on practice relatively recently. The member has found that he or she has the ability to run a business and acquire clients, but the pressures of being entirely alone are just too much. This profession is a people business and in any deal, the human element is always crucial. More important than top line valuations is the ability to trust your counterparty, to establish open communication and a good working relationship. The value of a practice still tends to be based on a multiple of its fee income and the classic 1:1 ratio of recurring fees to practice value is the starting point of many conversations. That said, buyers and sellers should be aware of the changes and pressures arising in recent years due to market forces. The general skill shortage in the profession means that the staff of the practice may be the most important element in judging the inherent value of the practice. Specific purchasers may be interested in purchasing a niche practice with clients that fit specific criteria. There is any number of ways to structure the deal. If a capital sum changes hands, then this may be based paid in stages over time. There may be a clawback based on clients who do not transfer. Separate arrangements need to be made to deal with WIP and debtors that are outstanding at the date of transfer. In general every aspect can be varied by either party to suit the circumstances of the deal. Practice Consulting assists practices to come together. We work in complete confidence. If you are interested discussing any of the matters in this article, please contact Conal Kennedy Tel: 00 353 1 6377396 or Jeremy Twomey  Tel: 00 353 1 6373972.

Claire Percy writes: Members consistently tell us that “protecting and promoting the Chartered brand” is one of the key services that Chartered Accountants Ireland can provide to them. Often, this feedback relates to student recruitment and the continuity of the profession. However it is also critical in terms of helping consumers, employers and business decision-makers understand the value of choosing a Chartered Accountant. The Institute supports the brand year-long across all its services and through a range of promotional activities. This includes the annual brand advertising campaign, “Make Sure your Accountant is a Chartered Accountant”, which is currently running. The key message of the campaign is that businesses can have confidence in the training, standards and experience of Chartered Accountants in every sector. This “confidence” message is being carried across radio, press and online. This year, in order to maximise the local benefit to our firms and members nationwide, a number of regional innovations have been introduced, with regional press and radio in use alongside national outlets. In order to connect the advertising even more directly with our network of 1,500+ practices around the island, the campaign is also supplemented by a direct mail initiative. All firms should by now have received a pack containing two high-quality window vinyls for use on their offices windows or doors. The purpose of this is to promote visibility of the recently-refreshed Institute logo on the high street. This will help consumers link the advertising message to their own local Chartered Accountant – and create a “multiplier effect” that builds the confidence message for all members. The pack also provides access to co-branded marketing materials and gives links to download logos for use on firms’ own websites and promotional materials. There was also an online competition to win a table at this year’s annual dinner – simply by showing the Chartered logo in action. The design of this campaign was greatly assisted by the input of the Members in Practice committee and Strategic Communications committee. We are very keen to  hear wider feedback, and in particular may look at offering a more permanent signage option in future. Please take a look at www.charteredaccountants.ie/Brand for more information or to get in touch with feedback on the campaign or how we can assist you to make the Chartered brand work for your firm.  

The Professional Standards Department (PSD) Quality Assurance Team has recently compiled a list of common matters arising on audit and investment business inspection visits, which are set out below. Please note that, where PSD returns to firms that have had a relatively recent visit, it conducts follow-up procedures to ensure that the firm has taken action to address matters raised at the previous visit. Audit Inspections Financial  Reporting Firms need to perform audit procedures to evaluate whether the overall presentation of the financial statements, including the related disclosures, is in accordance with the applicable financial reporting framework which, in recent years, has been substantially changed by the introduction of FRS 100-105 and amendments to company law. PSD found that, for the most part, firms had adequately addressed the requirements of FRS 102 and, in RoI, the Companies Act 2014 (‘CA 2014’) through the use of checklists. However, non-application of FRS 102 by audit clients was sometimes not identified. Firms should ensure that their audit procedures to assess the appropriateness and completeness of disclosures are up to date for the relevant financial reporting regimes. Certain common omissions were identified: Statement of Changes in Equity or Statement of Cash Flows, where relevant; Significant judgements and key sources of estimation uncertainty in relation to amounts recognised in the financial statements (FRS 102 s8.6-8.7); Where relevant, material uncertainties related to events or conditions that cast significant doubt upon the entity’s ability to continue as a going concern (FRS 102 s3.8-3.9); The measurement basis (or bases) used for financial instruments and the other accounting policies used for financial instruments that are relevant to an understanding of the financial statements (FRS 102 s11.40); Disclosures relating to creditors required by CA 2014 Schedule 3, such as terms of payment/repayment and the rate of any interest payable on debts. (N.B.The specific FRS 102-related matters noted above relate to financial statements prepared in accordance with the full requirements of FRS 102 and may not be relevant to financial statements where the small/micro companies regime is applied.) International Education Standard (IES) 8 (Revised) IES 8 Professional Competence for Engagement Partners Responsible for Audits of Financial Statements (Revised) was issued by the International Accounting Education Standards Board (IAESB) in December 2014 and is effective from 1 July 2016. Its objective is to establish the professional competence that professional accountants develop and maintain when performing the role of an Engagement Partner. During an audit monitoring visit, the inspector will make enquiries to assess whether a firm is familiar with IES 8 (Revised), including consideration of the learning outcomes which are listed in Table A to the Standard. Firms can obtain a copy of IES 8 (Revised) at: http://www.ifac.org/system/files/publications/files/IAESB-IES-8.pdf Investment Business inspections Investment Business (IB) inspections carried out by PSD over the last few years had focused on firms holding IB1/IB2 authorisation. However, PSD is now conducting an increased number of IB inspections to firms holding all levels of IB authorisation, including a sample of firms holding IA1/IA2 authorisation. Firms should be mindful of, and ensure they address, the following  matters Investment business procedures (IBR 2.56) All authorised firms are required to establish and maintain adequate written investment business procedures. These should include managing conflicts of interest, maintaining ‘Chinese Walls’ and the consequences of breaching them, along with the handling of errors and complaints. A firm must adequately train its principals carrying on investment business and its employees using these procedures. Training (IBR 2.60) Authorised firms must make arrangements to ensure that principals and employees involved in investment business maintain an appropriate level of competence and comply with Institute CPD requirements. Firms authorised in Category IA2 and above must make arrangements to ensure compliance with the Central Bank Minimum Competency Code, which has recently been updated. A copy of the Code can be obtained on the Central Bank of Ireland’s website. Investment Business Compliance Review (IBR 2.58) An authorised firm must carry out an Investment Business Compliance Review (IBCR) at least annually. PSD found that, for some firms, an annual IBCR had not been carried out, or did not include a whole firm review, a review of accounting records and a sample of client files. Some IBCRs did not identify different types of IB advice provided by the firm or non-compliance with the IBRs. Corrective action was not always taken in a timely manner. Engagement letters (IBR 3.19-3.20) PSD found that some firms did not have an engagement letter in place, or the letter had not been agreed with the client prior to investment business advice being provided, as required by IBR 3.19 or did not include the minimum details required by IBR 3.20. Commission consent and disclosure (IBR 3.30-3.32) If a firm receives commission it must account to the client for that commission, and both the terms (%) of the commission and the amount (€/£) must be disclosed. In cases where the firm retains the commission, it must have the client’s written consent to do so. Consent to retain commission can be obtained in the client engagement letter. The Quality Assurance Committee views non-compliance with commission consent and disclosure requirements very seriously. Section 30 receipts (IBR 4.44-4.46) Firms must issue receipts when they receive client premiums or investment business clients’ money. Details of what must be included on the receipt are specified in IBR 4.45. Other matters Firms should ensure that they are aware of their category of IB authorisation and the limits of that category. Category IA2 is required to hold client premiums; Category IB2 is required to hold investment business clients’ money; and If handling or holding client premiums or investment business clients’ money, the firm must appoint an independent accountant and submit an independent accountant’s report to the Institute. Carrying on investment business, when not authorised to do so, is an offence under the Act. Firms may wish to review their category of investment business authorisation and assess whether it is suitable for their needs. Firms should refer to Schedule 1 to Chapter 1 of the IBRs for activities which may be undertaken under the various categories. For further details on the above matters, please look out for PSD’s forthcoming Regulatory Bulletin. For advice or support on the above matters, firms may contact, in strict confidence, the Practice Consulting Team, which is independent of the Professional Standards Department.

Michael McAllister writes: Chartered Accountants Ireland often receives requests from members for clarification on how to deal with confirmation requests from third parties, such as banks or other funders, concerning client matters. For example, a bank may request some form of confirmation regarding a proposed loan. Usually there is no obligation on accountants and auditors to provide the reports/assurances being sought, as they are not bound by arrangements between clients and third parties to which they were not party. However, accountants may come under pressure from lenders and funders, and wish to assist their clients wherever possible. The general principles that need to be applied when members are asked for these confirmation requests are set out in ‘Miscellaneous Technical Statement M39 – Reporting to third parties’ (M39). The main steps in the process that should be followed are: Determine who will rely on the accountants’ work and for what purpose; Consider the form of report requested by the third party; Agree the work to be performed and the form of report to be given; Agree appropriate terms of engagement; Perform the work; and Report. It is advisable that appropriate engagement terms are agreed at the commencement of the engagement for providing such reports, in order to avoid disagreements with the client or the third party regarding the form of the report that is needed, and to ensure sufficient time for the work to be completed and the report to be given. Confirmation requests often take the form of a standard form for the accountant to complete and sign. The Institute advises members to avoid signing such forms where they incorporate a broad and open- ended statement confirming the client’s ability and/or willingness to repay borrowings. Sometimes, the assurance being sought is of a legal nature, in which case it should either be a matter for the third party’s own lawyers, or contact should be made with the client’s legal advisers. Should you agree to provide any form of report to a third party, Appendix 2 of M39 provides some examples of types of wording or opinions that are “unacceptable”. Accountants are advised against using language such as “we certify”, “correct”, “accurate” or “we have ensured” since it implies a level of certainty which cannot necessarily be given. The Institute also advises against the use of words such as “we verify” or "certificate”. Notable other examples in M39 include “true and fair” opinions (other than with regard to the auditor’s opinion on financial statements), opinions that are open-ended or that are beyond the professional competence, knowledge and experience of the accountant. Appendix 2 also advises against providing qualifications to the report in a covering letter – such qualifications should be included in the main body of the report. The Representation & Technical Policy Department has recently issued TR 11/2016 ‘Third Party– Letters of Confirmation’ (which replaces IS 01/2005 ‘Bank of Scotland (Ireland) – Letter of serviceability’). This provides a pro-forma wording for a letter to a third party in connection with a request for confirmation that members may use instead of a standard form. It is confined to confirming some factual information that the accountant is in a position to stand over and may be amended to suit particular situations. Another common area is that of grant claims, the subject of ‘Miscellaneous Technical Statement M45 – Grant Claims’ (M45). The usual scenario is that a claim for payment under a previously approved grant must be accompanied by an independent accountant’s report. M45 highlights matters on which accountants cannot provide meaningful assurance, such as whether expenditure was incurred on an “arm’s length basis” or non-accounting criteria such as engineering specifications. Sometimes, the agency issuing the grant asks for confirmation on whether the expenditure claimed has been the subject of another grant claim. It is unlikely that the accountant will be in a position to provide such an assurance. M45 includes an example accountant’s report at Appendix C. The opinion is worded as follows: “Based on the procedures set out above, in our opinion, the statement of grant claim attached dated [date] is consistent with the records we inspected and has been prepared, in all material respects, in accordance with the requirements set out in the letter of offer or grant agreement dated [date]”. It should be noted that the opinion does not “certify” anything. Instead, it provides an opinion based on the conclusions of work carried out by the accountant, in accordance with the principles explained above. M45 also provides a recommended work programme and model terms of engagement. M45 was produced in conjunction with several agencies in the Republic of Ireland, but the principles set out therein should be applied to all accountant’s reports on grant claims. However, members should note that, for grant claims from Invest NI, ‘Information Sheet IS 02/2009 - Invest NI Grant Claims’ sets out a proforma engagement letter and several example pro forma reports. Reports to Invest NI should be worded in accordance with this document rather than M45. Members are advised to read the abovementioned documents in full, which are available on CHARIOT at www.charteredaccountants.ie