Company controller Plony, CPA, prepared his employer’s 2007 financial statements knowing that they misstated revenues. The company’s CEO, who could fire Plony at will, “strongly urged” Plony to record sales at full invoice prices despite customers’ rights to return merchandise long after a normal return period. Plony’s brother-in-law, a company in-house lawyer, wrote the sales contracts and assured Plony that recording the full sales amounts was appropriate. After investigating the misstatement, the Illinois Department of Financial and Professional Regulation revoked Plony’s CPA certificate for “negligence in the preparation of financial statements” and “subordination of judgment” even though he was not in public practice. In another ethics violation case, the California Board of Accountancy disciplined Hy Falutin & Co., CPAs, (the firm’s name and other facts have been modified) when it audited a bank’s financial statements while the firm’s consulting group concurrently sold the client’s debt consolidation services. The Board of Accountancy imposed a three-year CPA license probation plus frequent and costly peer reviews. While the first example is a fictitious case intended to illustrate threats in the workplace, the second example is based on an actual situation that resulted in disciplinary action by the SEC and California Board of Accountancy. Attention to the AICPA’s Guide for Complying with Rules 102–505 could have helped these CPAs solve their ethical dilemmas and avoid violations of the AICPA Code of Professional Conduct. Using these two general examples, this article explains the guide’s “threats and safeguards” approach to achieving compliance with the AICPA Code of Professional Conduct and applies that approach to the above ethical dilemmas. Definitions Threat. The risk that relationships or circumstances could compromise a member’s compliance with the rules. Safeguards. Actions or other measures to eliminate threats or reduce them to acceptable levels. OVERVIEW Since the code’s rules, interpretations and rulings cannot address every possible ethically challenging relationship or circumstance, the AICPA issued on Nov. 10 A Guide for Complying with Rules 102–505 to help CPAs solve ethical dilemmas not explicitly addressed in the code. The guide’s use is not mandatory, and while it helps CPAs comply with the code in unusual ethical relationships or circumstances, the guide can never justify noncompliance with the code. The guide’s approach to ethical dilemmas applies to all rules except Rule 101, Independence, for which the Conceptual Framework for AICPA Independence Standards (2006, AICPA, Professional Standards, vol. 2, ET sec. 100.01) provides authoritative guidance. Rules of Conduct Covered by the GuideThe AICPA Code of Professional Conduct includes 11 rules (AICPA, Professional Standards , vol. 2, ET sections 100 to 500):
The threats and safeguards approach identifies threats to compliance with the rules and evaluates the significance of those threats. If a threat is not at an “acceptable level” (see box, “Definitions”), members should determine whether safeguards can eliminate or reduce the threat to an acceptable level and, if so, apply such safeguards or, if not, avoid the situation that creates the threat. Members should evaluate in-the-aggregate a situation with multiple threats since the cumulative effect could be at an unacceptable level. Identifying threats. Members often face risks of encountering relationships or circumstances that could compromise compliance with the rules (in other words, “threats”) in their duties or work environments. The guide provides six threat categories to help members identify and develop sensitivity to potential threats:
Evaluating the significance of a threat. The existence of a threat does not necessarily mean noncompliance with the rules; rather, members should evaluate a threat’s significance by considering whether a reasonable and informed third party, weighing all quantitative and qualitative facts and circumstances, would likely conclude that the threat would compromise the member’s compliance with the rules. If this evaluation finds that the threat would not compromise a member’s compliance, the threat is at an acceptable level, requiring no further evaluation under the guide. If the evaluation finds the threat at an unacceptable level, the member should identify and apply appropriate safeguards. Identifying and applying safeguards. Required or prohibited actions and internal control measures can serve as safeguards to eliminate or reduce threats to acceptable levels. The profession, legislation and public regulations create some safeguards for all members. Employers implement other safeguards in the specific work environment. Members in public practice also may consider their client’s safeguards when evaluating the significance of a threat. Below are examples of safeguards and associated threats they might reduce:
Determining which safeguard to apply requires judgment, since a safeguard’s effectiveness can vary from one environment to another. Members should analyze a particular situation’s facts and circumstances, identify significant threats and then design safeguards, considering:
A threat is reduced to an acceptable level if, after applying safeguards, a reasonable and informed third party would likely conclude that compliance with the rules is not compromised. What if there are no effective safeguards? A threat may be so significant that no safeguard can eliminate or reduce it to an acceptable level. If so, providing the specific professional or employee service will likely cause noncompliance with the rules. While declining or discontinuing the service would prevent a rules violation, the member should also consider the stronger response of resigning from the client or employment position. Seek Advice a. Recognize and consider all relevant facts and circumstances, including applicable rules, laws or regulations, b. Consider the ethical issues involved, c. Consider established internal procedures, and then d. Formulate alternative courses of action. After weighing the consequences of each course of action, the member should select the course that best enables compliance with the rules. Before pursuing the selected course of action, the member may want to consult with legal counsel, applicable professional bodies (see sidebar, “Seek Advice”) and appropriate firm or employer personnel. If the conflict remains unresolved after pursuing the selected course of action, the member should consider further consultation with those advisers to review the process and reach a different resolution. Members may be well-advised to document the ethical conflict’s substance, details of discussions and suggested decisions. What if there is no effective resolution? If, after exhausting all reasonable possibilities, the ethical conflict remains unresolved, members will probably not be in compliance with the rules if they remain associated with the matter creating the conflict. In this case, members should consider withdrawing from the engagement team or specific assignment, and perhaps consider the stronger response of resigning from the client or employment position. APPLYING THE GUIDE TO TWO ETHICS VIOLATION CASES However, with the guide’s “threats and safeguards” approach, the unwelcomed need to invoke Interpretation 102-4 might have been avoided, as in this scenario: Plony recognized the CEO’s authority to fire him at-will as an “undue influence threat” and his brother-in-law’s legal counsel as a “familiarity threat.” Plony wrote a memo to his files discussing both threats and his belief that a reasonable and informed third party, weighing all the facts and circumstances, would likely conclude that the threats—separately and in the aggregate—compromise his compliance with rules 102, 201 and 202. He considered actions or policies that might reduce the two threats to acceptable levels and wrote to the company’s audit committee suggesting safeguards to protect his objectivity: (1) an officer’s employment termination should require a due process hearing before an independent arbitrator, allowing the officer to respond to allegations; and (2) staff preparing financial statements cannot be related to staff generating transactions or related documents. The audit committee adopted the due process personnel policy and assigned Plony’s brother-in-law to other legal matters. Plony properly deferred revenue recognition on the dubious sales in accordance with the provisions of FASB Statement no. 48. The guide also could have helped Hy Falutin & Co., as in this revised sequence of events: Two audit team members familiar with the AICPA’s threats and safeguards approach knew that the firm’s consulting group was negotiating a client-firm joint marketing venture and wrote memos identifying a “self-review threat,” “advocacy threat,” “self-interest threat” and independence issues. Their memo labeled the threats “severe and urgent.” The lead partner found that no safeguards could adequately reduce the threats to acceptable levels, and the firm immediately withdrew from the nonaudit activities. CONCLUSION When no safeguard can reduce a significant threat to an acceptable level or when an ethical conflict remains unresolved, members will probably not comply with the rules, requiring them to consider declining or discontinuing the service, withdrawing from the engagement team or specific assignment, or even resigning from the client or employment position. Examples of Threats to Compliance With AICPA Rules of Conduct Situation: A member has charged his employer with violating certain labor laws. Situation: An employer pressures a member to be associated with misleading information. Situation: A member is directed to complete a task within an unrealistic time frame. Situation: Revenue received from a single client is significant to the firm. The AICPA recently issued a guide to help CPAs comply with rules 102–505 of its Code of Professional Conduct, affecting members in public practice, business, academia and government. The guide, while not an authoritative standard, provides an approach to help solve CPAs’ ethical dilemmas. The approach involves identifying and evaluating ethical “threats” and, if a threat is more than trivial, applying “safeguards” to eliminate or mitigate the threat. A “threat” is the risk that relationships or circumstances could compromise a member’s compliance with rules of the AIPCA Code of Professional Conduct. “Safeguards” are actions or other measures that eliminate threats or reduce them to acceptable levels. Facing nontrivial threats and lacking effective safeguards, members should usually decline or discontinue the services creating the threats or consider resigning from the client or employing organization. Martin A. Leibowitz, CPA, Ph.D., is a faculty member of the Sy Syms School of Business at Yeshiva University in New York City, and Alan Reinstein, CPA, DBA, is the George R. Husband Professor of Accounting at Wayne State University in Detroit. Their e-mail addresses, respectively, are and . AICPA RESOURCES Publication CPE For more information or to place an order, go to www.cpa2biz.com or call the Institute at 888-777-7077. OTHER RESOURCES Publication |