DPA50153 AUDIT 2

1
TOPIC 5: CODE OF ETHICS OF
AUDITOR
CIK AMIRAH ZAWANI WAKHI ANUAR
 Fundamental principles of Ethics and Professional Conduct
(MIA By-Laws)
Importance of Professional Ethics

Concept of Independence and its importance

Situations influence independence in appearance and in

fact
2 Outline Elements of Quality Control Systems

Advertising and other methods

Services impaired independence

Safeguards for threats to independences

 BY-LAWS (ON PROFESSIONAL ETHICS,
3
CONDUCT AND PRACTICE) OF THE
MALAYSIAN INSTITUTE OF ACCOUNTANTS
(AMENDED AS AT 20 MAY 2020)

 By-Laws was issued by MIA (Accountants Act 1967)

 MIA: ensure auditing is performed by qualified public accountants
accordance to International Standards on Auditing (IAS)
 Attempted to provide guidance of ethical requirement and
standards of professional ethics and professional conducts
applicable to all members of a professional accountants in public
practice and their firms.
 4
MIA By-Laws

Part A: Part B:
By-Laws on By-Laws on
Professional Professional
Ethics Conduct and
Practice

Part 1: Part 4A:

Complying Independence
with the Part 3: for Audit and
Part 2: Part 1: All Part 2:
Code, Professional Review
Professional Professional Members in
Fundamental Accountant Engagement
Accountants Accountants Public
Principles in Public Part 4B:
in Business Practice
and Practice Independence
Conceptual for Assurance
Framework Engagements
 Five Fundamental Principles of Ethics
5

Professional Competence
Integrity Objectivity
and due care
• Straightforward and • Not allow bias, conflict of • Attain and maintain
honest in all professional interest or undue professional knowledge
and business relationship. influence of others that and skill at the level
can override professional required, in result of client
• Includes not associated or audit judgment. receive competent
with information that professional service.
contains materially false • Auditor must be
or misleading statement. independent to produce • Continuous professional
audit report more development (CPD)
relevant and reliable.
• Act diligently applicable
to professional standards.
 Five Fundamental Principles of Ethics (cont’d)
6
Confidentiality Professional behavior
• Comply with the relevant laws
• Respect confidentiality
and regulations, including to
information that acquired along
avoid any conduct that can
through business relationship.
affect discredit the profession.
• Serves as public interest – not
disclose confidential
information to any third party. • Not engage in any business,
occupation or activity impairs
integrity, objectivity, or good
• Exceptional for disclosure, reputation
depending on circumstances:
• As required by law;
• As a professional duty or right
to disclose which not
prohibited by law, as instance
for quality review,
investigation, legal proceeding
and ethics requirement.
7 Conceptual Framework

 Professional accountants might create threats in order to

comply with the fundamental principles while performing
audit.
 Conceptual framework – to assist professional accountants in
complying with the fundamental principles and hold a
responsibility to act in public interest.
 Exercise of professional judgment – knowledge, expertise and
experience
 Conceptual framework approach:
 Identify threats to compliance with the fundamental principles;
 Evaluate the threats identified;
 Address the threats by eliminating or reducing to an acceptable
level.
 Conceptual Framework (cont’d)
8

• Threat that a financial or other interest will inappropriately influence a

Self-interest threat professional accountant’s judgment or behavior

• Threat that a professional accountant will not appropriately evaluate

Self-review threat the results of a previous judgment made.

• Threat that a professional accountant will promote a client’s or

Advocacy threat employing organization’s position to the point that the accountant’s
objectivity is compromised.

• Threat that due to a long or close relationship with a client, or

Familiarity threat employing organization, a professional accountant will be too
sympathetic to their interests or too accepting of their work

• Threat that a professional accountant will be deterred from acting

Intimidation threat objectively because of actual or perceived pressures.
9 Professional Conduct and Practice

By-Laws on Professional Conduct and Practice

sets out the obligations applicable to all
members as professional accountants or to
member firms in respect of their professional
conduct or the practice of their firms.
10 Importance of Professional Ethics

 To access potential actions in terms of threats to adherence

to five fundamental practice of ethics, and where
necessary and applicable, to apply safeguards or refrain
from engaging that activity.

 Responsible in considering and protecting public interest.

11 Importance of Professional Ethics
(cont’d)

 Professional accountant shall not be associated with

reports, returns, or other communications that they
believe :

Omits information
Contains materially Contains statement or required to be
false or misleading information furnished included where such
statement recklessly omission would be
misleading.
12 Importance of Professional Ethics
(cont’d)
 Behavioral characteristics behaving with integrity in a
professional context:

Being Comply with the

straightforward, spirit as well as the
Deal fairly
honest, and letter of laws and
truthful. regulations.

Take into Take into Take corrective

considerations considerations action, if
public interest. public interest. necessary.
 13 Concept of Independence

• Professional accountants in public practice are required by International Independence

Standard to be independent when conducting audits, reviews, or other assurance
engagements.

• Linked to the fundamental principles of objectivity and integrity.

Independence of mind Independence in appearance

the state of mind that permits the expression of the avoidance of facts and circumstances that
a conclusion without being affected by are so significant that a reasonable and informed
influences that compromise professional third party would be likely to conclude that a
judgment, thereby allowing an individual to act firm’s, or an audit or assurance team member’s
with integrity, and exercise objectivity and integrity, objectivity or professional skepticism has
professional skepticism. been compromised.
14 Concept of Independence (cont’d)
Importance of concept independence:
 Independent auditors must avoid all relationship with managers
and staff that may threaten ability of auditor to be act
independently.

 Avoid relationship that may arise risk of corruption that would

doubt their objectivity and independence.

 Not lead to conflict of interest when auditors are permitted to

provide advice or other service.

 Ensure that any audit advice not include management

responsibilities or power.
 15 Quality Control System

ISQC 1 Quality Control for

Firms that performs Audits and Required to be
review of Financial Statement, established by
other Assurance and related 1 January 2010.
service engagements
Quality Control (Updated February 2018)
System

ISA 220 Quality Control for an Effective for audits of FS

Audit of Financial Statement for periods beginning on
(Updated January 2020) or after 1 January 2010.
16 Quality Control System (cont’d)
Objective
ISQC 1 ISA 220
The objective of the firm is to establish The objective of the auditor is to
and maintain a system of quality establish and maintain a system of
control to provide it with reasonable quality control to provide auditor with
assurance that: reasonable assurance that:

• The firm and its personnel comply • The audit complies with professional
with professional standards and standards and applicable legal
applicable legal and regulatory and regulatory requirements;
requirements;
• The auditor’s reports issued is
• Reports issued by the firm or appropriate in the circumstances.
engagement partners are
appropriate in the circumstances.
17 Quality Control System (cont’d)

Applying, and Complying with, Relevant Requirements

ISQC 1 ISA 220
• Personnel within the firm responsible • Engagement teams have a
for establishing and maintaining the responsibility to implement quality
firm’s system of quality control. control procedure that are
applicable to the audit
• shall have an understanding of the engagement.
entire ISQC, including to
understand its objective and to • Provide the firm with relevant
apply its requirements properly. information to enable the
functioning of system of quality
control relating to independence.
18 Quality Control System (cont’d)
Elements of quality control system
ISQC 1 ISA 220
• Leadership Responsibilities for Quality • Leadership Responsibilities for Quality on
within the Firm Audits

• Relevant Ethical Requirements • Relevant Ethical Requirements

• Acceptance and Continuance of Client • Acceptance and Continuance of Client

Relationships and Specific Engagements Relationships and Audit Engagements

• Human Resources • Assignment of Engagement teams

• Engagement Performance • Engagement Performance

• Monitoring • Monitoring

• Documentation of the System of Quality • Documentation of the System of Quality

Control Control
19 Quality Control System (cont’d)
Leadership Responsibilities for Quality
ISQC 1 (Leadership Responsibilities for Quality ISA 220 (Leadership Responsibilities for Quality
within the Firm) on Audits)
• The firm shall establish policies and • The engagement partner shall take
procedures designed to promote an responsibility for the overall quality on each
internal culture recognizing that quality is audit engagement to which that partner is
essential in performing engagements. assigned.

• Policies and procedures shall require the

firm’s board of partners to assume ultimate
responsibility for the firm’s system of quality
control.

• Managing board of partners has sufficient

and appropriate experience and ability,
and the necessary authority, to assume that
responsibility.
20 Quality Control System (cont’d)
Relevant Ethical Requirements
ISQC 1 ISA 220
• The firm shall establish policies and • Throughout audit engagement, partner
procedures designed to provide it with shall remain alert for evidence of non-
reasonable assurance that the firm and its compliance with relevant ethical
personnel comply with relevant ethical requirement by members of the
requirements: engagement team.

1) Independence 1) Independence
• Communicate its independence • Partner shall form a conclusion compliance
requirements to its personnel with independence that apply to audit
• Identify and evaluate circumstances and engagement.
relationships that create threats to • Evaluate relationships that create threat to
independence independence to audit engagement
• take appropriate action to eliminate those • Apply safeguards; withdraw from audit
threats or reduce them to an acceptable engagement.
level by applying safeguards
21 Quality Control System (cont’d)
Acceptance and Continuance of Client Relationships
ISQC 1 ISA 220
• Firm shall establish policies and procedures • Engagement partner shall be satisfied that
designed to provide the firm with appropriate procedures regarding
reasonable assurance that it will only acceptance.
undertake or continue relationships and
engagements where the firm: • Engagement partner shall communicate
information promptly to the firm that will
1) Competent to perform the engagement cause firm to decline engagement.
and has the capabilities, including time
and resources to perform audit.
2) Can comply with relevant ethical
requirements
3) considered the integrity of the client.
22 Quality Control System (cont’d)
Acceptance and Continuance of Client Relationships (cont’d)
ISQC 1
• Policies and procedures:

1) firm to obtain such information as it

considers necessary in the circumstances
before accepting an engagement

2) firm to determine whether it is appropriate

to accept the engagement if a potential
conflict of interest is arise.

3) firm to document how the issues were

resolved if firm decides to continue with
client relationship.
23 Quality Control System (cont’d)
Human Resources
ISQC 1
• Firm shall establish policies and procedures designed to provide it with
reasonable assurance that it has sufficient personnel with the competence,
capabilities, and commitment to ethical principles:

1) Perform engagements in accordance with professional standards and

applicable legal and regulatory requirements.

2) Enable the firm or engagement partners to issue reports that are

appropriate in the circumstances.

3) Firm assign responsibility to an engagement partner in which

communicated to key members of client.
24 Quality Control System (cont’d)

Assignment of Engagement Teams

ISA 220
• Engagement team partner should satisfied that engagement team have
appropriate competence and capabilities to:

1) Perform audit engagement accordance with professional standards and

applicable legal and regulatory requirement, and

2) Enable auditor’s report is appropriate to be issued.

25 Quality Control System (cont’d)
Engagement Performance
ISQC 1 ISA 220
• Firm shall establish policies and procedures • Direction, Supervision and Performance
include: 1) Engagement partner should take
responsibility
1) Matters relevant to promoting consistency in
the quality of engagement performance. • Review
2) Supervision responsibilities 1) On or before date of auditor’s report,
3) Review responsibilities. engagement partner shall review audit
documentation, satisfied audit evidence has
• Consultation been enough obtained in support
1) Firm shall establish policies and procedure for conclusion reached.
appropriate consultation takes place.
2) Sufficient resources are available
3) Nature and scope of such consultations are
documented
4) Conclusions resulting are implemented.
26 Quality Control System (cont’d)
Engagement Performance (cont’d)
ISQC 1 ISA 220
• Engagement Quality Control Review: • Consultation
1) Engagement partner shall take responsibility
1) Require EQCR for all audits of FS of listed undertaking appropriate consultation on
entities – review report, documentation difficult or contentious matters.
2) Set out criteria for all audit engagement to 2) Be satisfied that the nature and scope of,
be evaluated and conclusions resulting from are agreed
with the party consulted.
3) Conclusion have been implemented.

• Engagement Quality Control Review

1) Determine EQCR has been appointed.
2) Discuss significant matters arising during
EQCR
3) Date of auditor’s report until the completion
of EQCR.
 27 Quality Control System (cont’d)
Monitoring
ISQC 1 ISA 220
• Include an ongoing consideration and • An effective system of quality control includes
evaluation of the firm’s system of quality a monitoring process in providing the firm with
control including, on a cyclical basis, reasonable assurance that procedure relating
inspection of at least one completed to system of quality control are relevant,
engagement for each engagement partner. adequate and operating effectively.

• Require responsibility for the monitoring • Engagement partner shall consider the results
process to be assigned to a partner with of the monitoring process as evidence.
sufficient and appropriate experience and
authority in the firm to assume that
responsibility.

• Require that those performing the

engagement, or the engagement quality
control review are not involved in inspecting
the engagement
 28 Quality Control System (cont’d)
Documentation
ISQC 1 ISA 220
• Firm shall establish policies and procedures • Auditor shall include in audit documentation:
requiring: 1) Issues identified with respect to compliance
with relevant ethical requirement.
1)appropriate documentation to provide
evidence of the operation of each element of its 2) Conclusion on compliance with
system of quality control. independence requirement apply to the
audit engagement.
2) retention of documentation for a period of
time sufficient to permit those performing • EQCR shall document, for audit engagement
monitoring procedures. reviewed:
1) Procedure required by the firm on EQCR have
3) Documentation of complaints and allegations been performed.
and the responses to them. 2) EQCR has been completed before date of
auditor’s report.
29 Services impaired Independence

 Threats to independence are created if a non-assurance

service was provided to an audit client during audit
engagement period.

 Providing a non-assurance service to an audit client creates

self-review and self-interest threats if the firm or network firm
assumes a management responsibility when performing the
service.
30 Services impaired Independence
(cont’d)
 Accounting and bookkeeping services
 Providing accounting and bookkeeping services to an audit client might
create a self-review threat.
 Comprise a broad range of services including preparing accounting
records and financial statements, recording transactions and payroll
services.
 These activities are considered to be a normal part of the audit process and
do not usually create threats as long as the client is responsible for making
decisions in the preparation of accounting records and financial
statements.
 Calculating depreciation on fixed assets when the client determines the
accounting policy and estimates of useful life and residual values.
 Posting transactions coded by the client to the general ledger.
31 Services impaired Independence
(cont’d)
 Administrative services
 Providing administrative services to an audit client does not usually create
a threat.
 Administrative services involve assisting clients with their routine or
mechanical tasks within the normal course of operations. Such services
require little to no professional judgment and are clerical in nature.
 Examples of administrative services include:
• Preparing administrative or statutory forms for client approval.
• Submitting such forms as instructed by the client.
• Monitoring statutory filing dates and advising an audit client of those
dates.
32 Services impaired Independence
(cont’d)
 Valuation services
 Providing valuation services to an audit client might create a self-review or advocacy
threat.
 Use and purpose of valuation report.
 Whether the valuation will have a material effect on financial statement.
 Extent of the client’s involvement in determining and approving the valuation
methodology.
 Extent and clarity of the disclosures related to the valuation in the financial statements.
 Degree of subjectivity inherent in the item for valuations involving standard.
 Degree of dependence on future events of a nature that might create significant
volatility inherent in the amounts involved.
 Services impaired Independence
33
(cont’d)
 Management responsibility decision
 Setting policies
 Authorising transaction
 Deciding recommendation of the firm
 Responsibility for designing, implementing and maintaining internal control.
 Tax services
 Providing tax services to an audit client might create a self-review or advocacy
threat.
 Tax activities:
 Preparation of tax return
 Tax calculations for the purpose of preparing accounting entries
 Tax planning and other tax advisory services
 Assistance in resolution of tax disputes
 system by which the tax authorities assess and administer the tax
 complexity of the relevant tax regime
34 Services impaired Independence
(cont’d)
 Internal Audit Services
 Providing internal audit services to an audit client might create a self-review threat.
 Internal audit activities might include:
 Monitoring of internal control
 Examining financial and operating information
 Reviewing client co’s compliance
 IT Services
 Providing information technology (IT) systems services to an audit client might create a
self-review threat.
 Include the design or implementation of hardware or software systems.
 Providing the following IT systems services to an audit client does not usually create a
threat as long as personnel of the firm do not assume a management responsibility.
35 Services impaired Independence
(cont’d)
 Legal Services
 Providing legal services to an audit client might create a self-review or
advocacy threat.
 Example: Mergers and acquisitions, legal due diligence and restructuring,
 Recruiting Services
 Providing recruiting services to an audit client might create a self-interest,
familiarity or intimidation threat.
 A firm shall not provide a recruiting service to an audit client if the service
relates to:
 Searching for or seeking out candidates
 Undertaking reference checks of prospective candidates,
 Act as a negotiator on the client’s behalf
 36 Safeguards to protect threats to
Independence

 Financial Interest (Self-Interest threat)

 Holding a financial interest in an audit client might create a self-interest threat.
 Financial interest might be held directly or indirectly through an intermediary such as a
collective investment vehicle, an estate or a trust.
 When owner has control over the intermediary or ability to influence its investment decisions,
the Code defines that financial interest to be direct.
 Factors that are relevant in evaluating the level of a self-interest threat created by holding a
financial interest in an audit client include:
• The role of the individual holding the financial interest.
• Whether the financial interest is direct or indirect.
• The materiality of the financial interest.
 Action safeguard: Completely dispose of the whole interest, dispose enough of the interest so
that the remaining of the interest no longer material.
37 Safeguards to protect threats to
Independence (cont’d)
 Loans and guarantees (Self-interest threat)
 A loan or a guarantee of a loan to or from an audit client might create a
self-interest threat.
 A firm or an audit team member, shall not make or guarantee a loan to
an audit client unless the loan or guarantee is immaterial to the firm and
to the client based on normal lending procedure, terms and conditions.
 Examples of loans include mortgages, bank overdrafts, car loans, and
credit card balances.
 Action safeguard: having the work reviewed by an appropriate reviewer,
who is not an audit team member, or from a firm that is not a beneficiary
of the loan.
38 Safeguards to protect threats to
Independence (cont’d)
 Business relationship (Self-Interest or Intimidation threat)
 Close business relationship with an audit client or its management might
create a self-interest or intimidation threat.
 Examples of a close business relationship arising including financial
interest in a joint venture, distribution or marketing arrangements of
clients products or services.
 Action safeguard: Eliminating or reducing the magnitude of the
transaction and removing the individual from the audit team.
39 Safeguards to protect threats to
Independence (cont’d)
 Family and personal relationship (Self-Interest, Familiarity or Intimidation
threat)
 Family or personal relationships with audit client might create a self-
interest, familiarity or intimidation threat.
 Action safeguard: Structuring the responsibilities of the audit team to
reduce any potential influence over the audit engagement and having
an appropriate reviewer review the relevant audit work performed.
 Gifts and Hospitality (Self-interest, Familiarity or Intimidation threat)
 Firm or an audit team member shall not accept gifts and hospitality
from an audit client, where the intent is to improperly influence
behavior even if the value is trivial and inconsequential.