Framework for dealing with COI

The audit standards set out a conceptual framework for dealing with COI issues. This framework involves three steps:

1. Identify any COI issues

2. Evaluate the issues

3. Address the issues — eliminate or reduce to an acceptable level.

When using this framework, the audit standards require auditors to:

● exercise professional judgement

● remain alert for new information and to changes in facts and/or circumstances

● use the reasonable and informed third party test (discussed in section on evaluating COI issues).

Identifying COI

The first step is to identify the facts and circumstances that might constitute a conflict of interest. These include professional activities, interests and relationships.

The framework focuses on five threats to an auditor’s independence. If an auditor does not deal appropriately with any of these threats, then it represents a competing interest or loyalty — a conflict of interest. The threats are:

● self-interest

● self-review

● familiarity

● intimidation

● advocacy.

Self-interest

The self-interest threat is that financial or other interests may influence an auditor’s judgement or behaviour. It is a common one. Examples of this threat include:

● High level of fee dependency on the organisation being audited.

● Participants in the audit having a financial interest in the audited body.

Self-review

This is the threat of not appropriately evaluating the results of a previous judgement or activity the auditor, or another individual within their audit firm, performed, and the auditor relies on those results when forming a judgement as part of performing the audit. Examples of this threat include:

● Performing non-audit services, including consulting, for the audited body.

● Using external experts to support the audit where the experts have provided consulting services to the audited body.

● Advising corrections to the audited body.

Familiarity

Under this threat, an auditor will be too sympathetic to the interests of an audited body, or too accepting of their work — the auditor’s objectivity is compromised. This may result from a long or close relationship with the audited body or another relevant person. Examples of this threat include:

● An audit team leader using the same peer reviewer for all or most audits.

● An audit team member has a close relationship with an employee of the audited body.

● Lacking timely confirmation of independence by audit team members.

● Not identifying all relevant parties when considering COI.

Intimidation

This is the threat that an auditor will be deterred from acting objectively because of actual or perceived pressures, including attempts to exercise undue influence over them. An example of this threat is:

● An audited body placing excessive pressure for the audit to be completed by a certain date.

Advocacy

In this threat, an auditor will promote an audited body’s position to the point that the auditor’s objectivity is compromised. An example of this threat is:

● The audited body asking the auditor to act as a referee for them in a business proposal.

Know the risks

To effectively identify threats to independence, auditors also need to know the risk factors that may lead to a COI issue not being identified, and also the factors that may lead to their own judgement being impaired or influenced.

One of the most effective safeguards can be to seek the advice of others that are not directly involved in the situation. This not only helps the auditor understand perspectives that may be different to their own, it also helps ensure their decision making is objective and free from these influences and biases.

So, when faced with these decisions, it can be helpful for an auditor to ask themselves:

● Is their behaviour consistent with ethical and professional standards, especially around integrity?

● Does their decision reflect the right thing to do and is driven by responsible professional judgement?

Evaluating issues

The second step is to evaluate whether the threat of a COI issue is at an ‘acceptable level’. This is a level at which the auditor using the reasonable and informed third party test would likely conclude that they comply with the fundamental ethical principles.

The reasonable and informed third party test

This test is a consideration by the auditor about whether a reasonable and informed third party would reach the same audit conclusions as the auditor did. This is on the basis of the third-party having access to all the relevant facts and circumstances that the auditor knows, or could reasonably be expected to know, at the time the conclusions were made.

The reasonable and informed third party does not need to be an auditor but would possess the relevant knowledge and experience to understand and evaluate the appropriateness of the auditor’s conclusions in an impartial manner.

Examples of reasonable and informed third parties may include regulators, board members, senior members in business or public practice, or investors.

Factors relevant for evaluating issues

The consideration of qualitative and quantitative factors is relevant to an auditor’s evaluation of issues, as is the combined effect of multiple issues, if applicable. If multiple issues are identified they are evaluated in aggregate, even if the issues are individually insignificant.

Other examples of factors relevant to the audited body and its operating environment that may impact on the evaluation of the level of a threat can be found in the Code of Ethics for Professional Accountants of the International Ethics Standards Board for Accountants (IESBA).

Addressing issues

If a COI issue is evaluated as not being at an acceptable level, the final step in the conceptual framework is to address the issue by eliminating or reducing it to an acceptable level by:

1. Eliminating the circumstances, including interests or relationships, that are causing the issue.

2. Applying safeguards, where available and capable of being applied, to reduce the issue to an acceptable level.

3. Declining or ending the audit.

Depending on the facts and circumstances, an issue might be addressed by eliminating the circumstances causing the COI issue. However, in some situations declining or ending the audit may be the only way to address the issue as the circumstances creating it cannot be eliminated and safeguards are not capable of being applied to reduce the issue to an acceptable level.

APES 110 defines safeguards as actions, individually or in combination, that an auditor can take that effectively reduces issues to an acceptable level.

The auditor must conclude whether overall the actions they have taken eliminate or reduce the issues to an acceptable level, including reviewing significant judgements made or conclusions reached and using the reasonable and informed third party test.