III. Insights and Recommendations
- This section details the Working Group’s insights and recommendations arising from its analysis and evaluation process. The Working Group has aimed to identify which key themes and issues arising from its fact-finding during stakeholder outreach and desk research have the potential to impact the Code or the IESBA’s work more broadly. The Working Group’s analysis and evaluation have been informed by input from the TEG and in coordination with representatives of IAASB’s Technology Initiative and IFAC’s IPAE.
- Insights and recommendations pertain to ten matters that:
- Are Technology Specific:
A – Data Used for AI training;
B – Transparency and Explainable AI; and
C – Data Governance, including Custody of Data.
- Have wider ethics relevance and application (including, but not limited to, technology) to the Code:
D – Ethical Leadership and Decision-making;
E – Communication with Those Charged With Governance;
F – Reliance on, or Use of, Experts;
G – Threshold for “Sufficient” Competence;
H – Pressure on PAs; and
I – Business Relationships
- Result in broader implications on the IESBA’s work:
J – Advocacy of the Code and development of non-authoritative guidance.
- The Working Group then further reflected on those recommendations having a potential impact on the Code and prioritized them based on how soon they could be considered as part of current, or proposed new, workstreams:
- Short-term priority (Recommendations A, B, and H): Matters that can be quickly addressed as they align with “open” revisions related to the Technology project, or whether the solution to address the recommendation is considered relatively straightforward as a new workstream.
- Medium-term priority (Recommendations E and F): Areas that are currently under consideration by non-technology workstreams, but for which the Working Group believes that there is an opportunity to generalize or consider these recommendations more broadly as they are not unique to technology.
- Long-term priority (Recommendations C and I): Matters to be considered in the context of other priorities in the upcoming strategic work plan for 2024 to 2027.
All recommendations are described in detail below.
Technology-specific
A. Data Used for AI training
- AI models need data to train on, and training on actual client or customer data provides the most effective and efficient training. As a result, it is becoming more common for firms and companies to use anonymized client or customer data to train AI models to enhance or improve audit quality, business insights, and the efficiency and sustainability of internal processes.
- The use of such data to enhance internal, firm-wide or organizational functions is seen by some stakeholders as akin to PAs taking their “lessons learned” of the past and applying the learning to their next project or task. What is different is that now the “lessons learned” are being applied by the AI model instead. As technology allows us to use data in a more cohesive way, such “learning” has increased the challenges when identifying, evaluating, and addressing threats to compliance with the fundamental principles of integrity and confidentiality (which also existed in the non-digital environment):
- A lack of transparency to clients or customers about the use of their data, even if anonymized, might be a breach of R111.2(c),191 which requires the PA not to be associated with information that is misleading through omission or obscurity.
In this regard, the Working Group notes that PAs can apply safeguards – such as obtaining consent from the client or customer whose information is being anonymized and used for the AI training – in order to reduce the threat to complying with the fundamental principle of integrity to an acceptable level.
- R114.1(e)192 specifies requirements for maintaining confidentiality, and explicitly states that confidential information cannot be used for the personal advantage of the accountant or for the advantage of a third party (which would include the firm or employing organization). In addition, R114.1(f) states that any confidential information cannot be used or disclosed after a professional or business relationship has ended. These requirements might lead users of the Code to believe that the use of client/customer data, whether anonymized or otherwise, to train internal AI systems would be prohibited, even with consent.
The Working Group recognizes that there is a public interest benefit regarding the use of real client or customer data, with consent, for the purpose of enhancing firm- or organization-wide functions. This public interest benefit should be considered alongside the evaluation of threats to confidentiality and integrity.193
Recommendation A:
- Revise the Code, for example, in Subsection 114 Confidentiality, to clarify whether firms and organizations may use client or customer data for internal purposes, such as training AI models, and if so, the parameters of such use (prior, informed consent; anonymization). Non-authoritative guidance should be developed to specifically emphasize the expectations for complying with the fundamental principle of integrity when using client or customer data for AI training, i.e., obtaining consent that is meaningful, informed, and transparent.
B. Transparency and Explainable AI
- The decision-making processes or rationale of an AI system might not be explainable or understood by a human194 (i.e., the system might operate as a “black box” process). Some types of machine learning are more prone to the development of AI systems that are less inherently explainable.195 As AI systems become more sophisticated, complex, and autonomous, there is a heightened need for AI to be explainable, and to allow for sufficient human oversight.196 Accordingly, transparency and explainability in support of a PA’s public interest responsibility will become even more important as technology developments rapidly advance, for example, as the realm of “cognitive AI” emerges.
- In the business world, decisions can very broadly be categorized as low- or high- risk, based on the significance of the economic and/or social impacts. The use of AI for relatively low-risk automated decision-making might be a commercially optimal approach. On the other hand, the use of AI for high-risk decisions, such as decisions in the public sector around social programs, diagnostic decisions in healthcare, and safety-critical systems in autonomous vehicles, requires more scrutiny.197 In these high-stakes contexts, a single decision might have significant economic, business, social, or human impacts. The higher the stakes, the more important it is that the AI be explainable in order for humans to have appropriate oversight of decisions being made. Such oversight would not be possible without the system being adequately explainable. Regulators and multilateral organizations have begun recognizing this need for greater consistency and oversight. For example, see the UNESCO Recommendation on the Ethics of Artificial Intelligence198 and the proposed EU AI Act referenced in the section above on Technology Landscape: Artificial Intelligence.
- The Working Group also notes that the concept of understanding AI (which implicitly means AI must be “explainable”) is outlined in non-authoritative guidance issued by IAASB staff on the Use of Automated Tools and Techniques When Performing Risk Assessment Procedures in Accordance with ISA 315 (Revised 2019).199 For example, in an AI (machine learning) environment, the FAQ highlights the importance of an auditor:
- Considering the algorithms embedded in, and the learning by, the AI.
- Understanding how the creation and modification of the algorithms are controlled and maintained.
The IOSCO has also published guidance for intermediaries and asset managers using AI and machine learning that highlights several areas where potential risks and harms may arise in relation to the development, testing, and deployment of solutions incorporating such technology.200 Transparency and explainability are among the six areas highlighted, and although the guidance is not directed at PAs and firms, it illustrates that the topic area has gained significant regulatory attention.
Recommendation B:
- Develop further guidance around the importance of transparency and explainability, whether through non-authoritative guidance or in the Code, specific to when a PA relies on or uses transformative technologies (e.g., AI). Such guidance would highlight that PAs cannot abdicate their public interest responsibility and accountability when relying on or using technology (even in highly automated environments).
- This additional guidance might explicitly set out expectations for a PA when relying on a technological solution. For example, before relying on a machine learning tool, the PA would be expected to ensure that the tool is explainable (i.e., that they can reasonably understand the rationale for decisions made by the technology). The Working Group believes that the PA need not be the expert who can explain the tool, but should have access to such an expert and should obtain a reasonable understanding in order to be comfortable with the tool’s inputs, processing, and outputs.
- Furthermore, consideration should be given to the ethics expectations for PAs when they are involved with developing transformative technology solutions, for example, that they are expected to promote the development of explainable systems, particularly in high-stakes applications.
C. Data Governance, including Custody of Data
- Recognizing that data is key to driving the effective application of technology, the Working Group believes that it is important for PAs to recognize that they have strategic value in data governance and management (including cybersecurity implications). For example, a discussion paper201 proposing a data management value chain202 was jointly released by IFAC and CPA Canada in April 2021 to capture how the expertise of accountants can be applied in four different areas – as data engineers,203 data controllers,204 data scientists,205 and strategic advisors.206 Commentators on the discussion paper largely provided suggestions around the development of non-authoritative educational material so that PAs can be appropriately upskilled and made aware of the expectations around data governance.207
- Furthermore, the Working Group notes that holding data is becoming increasingly common, given that most organizations are flooded with data, and where services provided by firms and activities performed by PAs are increasingly performed digitally. Data created or collected is not recognized as an asset under current financial reporting standards. However, there is consensus that if data is lost, misappropriated or misused, or subject to unauthorized access (including, for example, a breach of privacy), then there is – at the very least – a reputational loss, if not financial and legal consequences, to the organization or firm. For example, it is noted that:
…many, if not most, accountants continue to appreciate the fact that data reflects the characteristics of a financially reportable asset because it has a probable future economic benefit… For some, data is some- thing that is either loaned temporarily to accountants so that they may use it to create something of value for its owner, like a liability. Still others believe that the accountant’s role as it relates to data is a custodial one; the owner trusts the accountant with information, and the accountant implements appropriate due care controls that ensure the data’s protection.208 |
- In this regard, the Working Group notes that Section 350 of the Code addresses custody of client assets but does not explicitly contemplate custody (i.e., the holding) of data belonging to clients, customers, or other third parties.209 Data is the foundation of all financial and non-financial (e.g., sustainability) reporting, and impacts both PAPPs as well as PAIBs. For this reason, the Working Group believes that ethics considerations with respect to the custody of data should be broader in scope than data underlying financial reporting or internal controls over financial reporting, and extend to all PAs.
Recommendation C:
- Revise the Code to address the ethics implications of a PA’s custody or holding of financial or non-financial data belonging to clients, customers, or other third parties. Such a workstream could be scoped to also include considering threats to compliance with the fundamental principles given the complexity created for PAs who need to remain current with an evolving patchwork of cross- and intra-jurisdictional data privacy laws and regulations, as well as the ethics challenges related to data governance and management (including cybersecurity).
- Continue raising awareness of a PA’s strategic role in data governance and management (including cybersecurity), and develop educational resources to highlight such a role.
Insights With a Wider Ethical Relevance and Application, Including Technology
D. Ethical Leadership and Decision-making
- Technological innovations are increasingly being developed, applied, and commercialized to enhance efficiencies, insights, and profits within professional and business services. In this context, stakeholders noted that there are instances where developing, implementing or using technology raises questions about the extent to which ethics-related issues are considered in decision- making.210 Examples include considering:
- Threats of data misuse and to privacy, and security.
- The risk of social harm.
- Bias in the outputs of technology, such as AI.
- Inadvertently spreading mis- or disinformation.
- A lack of effective human oversight and acceptance of responsibility over unintended consequences arising from technology.
These have the potential to threaten the PA’s compliance with the fundamental principles.
- The Working Group notes a PA’s responsibility211 to act in the public interest under the Code, as well as the expectation for PAs to encourage and promote an ethics-based culture in their organizations, taking into account their position and seniority.212 This expectation to exhibit ethical leadership and decision-making extends across every industry and role that PAs work in, as well as to emerging forms of technological innovation that might underpin such work. Understanding the underlying economic substance and commercial purpose of transactions or business models (including those being conducted with, or through, technology such as e-commerce, cloud-based transactions, etc.) is important to enable PAs to act in the public interest.213 Accordingly, it is crucial that PAs are “at the table” when decisions are being made about the development and use of technology, especially in situations where there is a potential for unintended consequences. See discussion on Key Themes Observed: Public Interest Accountability of PAs.
- The Working Group and stakeholders noted that this responsibility for ethical leadership in all roles that PAs are involved in includes, but also extends beyond, the issues raised by technological innovation, and is common to all types of complex situations. As such, the consideration of how the profession should respond is a matter that should not be limited to the context of technology – a holistic approach will likely be more effective.
Recommendation D:
- With a view to the broader expectations214 for PAs to exhibit and champion ethical leadership and decision-making, develop non-authoritative guidance to emphasize the potential actions a PA might take when applying the conceptual framework and complying with the Code’s fundamental principles in technology-related scenarios relevant across various PA roles and activities.215
- The Working Group also believes that the IESBA can leverage the opportunities offered by its ongoing workstreams to further emphasize such expectations, for example, by collaboration among the:
- Tax Planning and Related Services Task Force, which is developing an ethics framework to aid PA decision-making in situations pertaining to tax planning. The Working Group believes such a framework can have broader applicability;
- Sustainability Working Group, which is developing a strategic vision to guide the IESBA’s standard-setting actions in relation to sustainability reporting and assurance, given this domain’s considerable potential for ethical issues that PAs will need to manage; and
- Planning Committee, which is initially considering the responses to the Strategy Survey 2022 that requested stakeholder views on whether the IESBA should dedicate strategic focus on further raising the bar of ethical behavior for PAIBs in its next strategy period (2024 to 2027).
In this regard, the Working Group can provide further input, as relevant, on identified technology-related implications.
E. Communication with Those Charged with Governance
- Stakeholders increasingly observe that when technology is used or relied upon, there might be an “outsourcing,” or the perception of “outsourcing” by a reasonable and informed third-party, of responsibility for oversight to the technology provider or an external consultant, resulting in a potential lack of appropriate due care, competence, and objectivity. For example, when a PA relies on an external expert or consultant to develop or implement technology, or to provide advice on a technology-related issue (e.g., cybersecurity risks), such reliance is sometimes treated as a “silver bullet”216 or used as a rationale by the PA to minimize their own responsibility for overseeing the technology or issue.
Recommendation E:
- To strengthen the concepts of transparency and accountability, add new material to the Code as part of the subsections on “communication with TCWG” in Parts 2 and 3 to encourage, or require, meaningful communication217 with TCWG by PAs (including individual PAPPs and firms)218 about technology-related risks and exposures that might affect PAs’ compliance with the fundamental principles and, where applicable, independence requirements.
- These concepts are not unique to technology-related risks and exposures, but rather are broadly applicable whenever there are risks and exposures that might affect PAs’ compliance with the fundamental principles and, where applicable, independence requirements (e.g., technology, tax planning, sustainability). There is an opportunity to incorporate such communications into the Code more generally in the future, so that it can be considered under all circumstances.219
- Technology-related communications could, for example, include information on:
- The nature of the activity to be performed by the technology, and how the PA has determined that such technology is effective for the purpose intended.
- Any limitations in understanding or explaining the technology, in particular how such limitations might affect acting with sufficient expertise, training, or experience.
- The nature and scope of a technology expert’s service, if such expertise is sought and relied upon or used, and the plan for managing and monitoring the system in the future if the expert’s service is a limited term engagement.
- Any potential conflicts of interest, such as whether the technology expert relied upon has a self-interest in recommending a particular technology or implementation approach.
- Any threats to the fundamental principles and, where applicable, independence, that have been identified in relation to the use of, or reliance on, technology or a technology expert, the basis for the PA’s assessment that the threats are at an acceptable level or, if not, the actions the PA will take to eliminate or reduce the threats to an acceptable level.
Strengthening such communication provisions in the Code could, in particular, make it explicit where the responsibility for oversight of developing, implementing, or using technology lies (i.e., including PAs and IT professionals, such as data scientists, technologists, and engineers). For example, this would make it clear to TCWG who is in charge of, and accountable for, each specific process or function. This will be beneficial given the increasing inter-disciplinary interactions, complexity, and sophistication arising from the development, implementation, and use of disruptive and transformative technologies.
F. Reliance on, or Use of, Experts
- Preparing and presenting financial and, in particular, non-financial information (e.g., sustainability information) typically involve the assistance of, or reliance upon, technology experts. The question arose as to the factors PAs should consider when gaining confidence that a technology expert can be trusted and relied-upon to make ethically appropriate decisions (i.e., that are in alignment with the Code’s ethics principles), and to what extent the Code could serve as the basis for an evaluation approach.
- Stakeholders acknowledged that this is not a new question and represents a matter of professional judgment when applying extant Sections 220 and 320. Several suggested, however, that more explicit consideration of the ethics across the decision- making ecosystem would be beneficial in enhancing the reliability of the information prepared and presented. This would also support the resultant decisions made, given the increasing complexity of various subject matters that require a multi- disciplinary approach and reliance on third-party specialists (i.e., deploying advanced technologies, sustainability, valuations, tax planning, etc.).
- A few stakeholders went so far as to recommend that consideration be given as to how the Code might be made more relevant and applicable to others in the ecosystem who are not PAs.
Recommendation F:
- Develop non-authoritative guidance and/or revise the Code in paragraphs 220.7 A1220 and 320.10 A1221 to emphasize the importance of a PA assessing the extent to which an expert being used and relied upon behaves in alignment with the Code’s fundamental principles, and the factors to consider in making such an assessment.
- Such guidance would be applicable whenever experts are used (e.g., technology, tax planning, sustainability) and goes beyond independence considerations.
- The Working Group notes that this matter of “experts” is significantly broader than just technology experts. It is also particularly relevant in other emerging PA activities, such as sustainability reporting.
- The Working Group also believes there is an opportunity for the Code (or parts of it) to be applied by professionals other than PAs. In this regard, the Working Group acknowledges that respondents to the IESBA Strategy Survey 2022 agreed that the IESBA should explore the concept of enlarging the scope of the Code to permit its applicability in relation to sustainability assurance services provided by professionals other than PAPPs.
G. Threshold for “Sufficient” Competence
- As noted in the discussion of the Competence theme above, there is an ongoing need for continuous upskilling resulting from the pace of change in technology. Recognizing this general need to upskill all PAs, stakeholders commented on and questioned what competence threshold should be considered as “sufficient” in today’s complex, dynamic, and uncertain world. The general consensus is that PAs need to be well enough versed to ask appropriate questions to identify and manage the risks and take advantage of the opportunities related to innovative and transformative technologies, but that mastery of specific technologies by all PAs would be neither necessary nor realistic.
Recommendation G:
- Engage more actively with other bodies, such as IFAC’s International Panel on Accountancy Education (IPAE) and PAOs, to encourage them to arrange educational activities to raise awareness about the characteristics of “sufficient” competence in the context of the Code and the International Education Standards (IESs). Such other bodies are better placed to develop non- authoritative guidance to illustrate and emphasize how the Code’s principles apply when determining sufficient competence.
H. Pressure on PAs
- Concerns continue to be heard regarding pressures faced by PAs due to:
- Information overload.
- Pace of change in technology, laws, and regulations, etc.
- Time pressures that threaten the ability to effectively understand and/or assess the reasonableness or appropriateness of using technology.
- Organizations seeking to find the “silver bullet” technology to achieve performance targets, including automation and AI.
In discussions with stakeholders, these pressures are sometimes framed as PAs feeling intimidated, but often not in the typical sense described in the Code now. The “intimidation” can come from a sense of being legitimately overwhelmed by the technology (including simply not possessing the capacity to understand the technology, a lack of time, or the pace of change), rather than based on the pressure exerted by another individual.222
- These drivers of pressure on PAs are aligned with the “elements of complexity” that respondents highlighted as part of the IESBA’s 2020 global survey on Complexity and Technology in the Professional Environment (the results of which were considered in the Technology Project).223 In setting the scope of the Technology project, the IESBA determined at the time not to encapsulate such elements in a new category of threat nor modify an existing category of threat.
- For now, in response to the continued stakeholder concerns about the pressure felt by PAs, the Working Group has contributed and provided input to non-authoritative resources that highlight such pressure on PAs. For example:
- Ethical Leadership in an Era of Complexity and Digital Change: Paper 1 – Complexity and the professional accountant: Practical guidance for ethical decision-making, released in August 2021.
- Exploring the IESBA Code – A Focus on Technology: Artificial Intelligence, released in March 2022.
- Ethical Leadership in a Digital Era: Applying the IESBA Code to Selected Technology-related Scenarios, released in September 2022.
Recommendation H:
- Revise the Code, for example, within Section 270 Pressure to Breach the Fundamental Principles, to include illustrations of pressures on PAs (such as time and resourcing constraints; competence gaps; the complexity of technology, laws and regulations; the pace of change; uncertainty, etc.).
- In addition, consider revising the description of the intimidation threat (paragraph 120.6 A3)) to acknowledge that objectivity is not the only fundamental principle that might be impacted by this threat. For example, feeling pressured or intimidated as a result of information overload or an exponential pace of change might threaten professional competence and due care.
- Finally, advocate to PAOs and other bodies, such as IFAC’s IPAE, the development of additional non-authoritative resources to raise awareness of, and provide guidance on, how PAs can manage sustained pressures.
I. Business Relationships
- The profession is seeing a rise in strategic and commercial relationships (often referred to as “alliances,” “partnerships,” or “ecosystems”) between accounting firms and technology and other companies. Whereas Section 520 Business Relationships addresses “close business relationships” between an audit firm and an audit client or its management, such as through joint ventures or combining products or services, it does not address broader business relationships.
- The Working Group notes that the revisions arising from the Technology project considers:
- An example of a close business relationship where a firm and a technology company co-develop and market a product together for their clients, which do not include the firm’s audit clients.224
- Situations where, depending on the facts and circumstances, arrangements under which the firm or a network firm licenses products or solutions to or from a client might create a close business relationship.
- Depending on the facts and circumstances, the applicability of Section 600 of the Code (i.e., the risk of a self-review threat) to a firm’s products or solutions that are “on-sold” to the client’s customers, which might include one or more of the firm’s audit clients.
- However, the Working Group believes that the implications of business relationships are broader than the current Technology project’s scope because as these types of relationships continue to rise, there is greater potential for the emergence of other threats to complying with the fundamental principles. This warrants closer ethics consideration with respect to Part 3 of the Code and goes beyond independence considerations.
- One example provided by stakeholders included where a firm’s logo was marketed prominently alongside a technology company’s for a software product, even though the involvement of the firm was limited to a very specific component within the considerably more comprehensive product being marketed by the company. Such marketing might mislead purchasers or licensees of the tool to believing that the application has been appropriately tested by the firm, resulting in an immediate “trust” or over-reliance on the tool.225 The Working Group believes that increased transparency and related disclosures would be useful to better understand the nature and extent of the relationship between the firm and the technology or other company.
Recommendation I:
- Given the rise in strategic and commercial relationships between accounting firms and technology and other companies, consider revising Part 3 of the Code to consider the ethics implications of business relationships, in addition to revising Section 520 Business Relationships more comprehensively to address potential threats to the fundamental principles and, where relevant, independence, in the context of broader business relationships and new forms of relationships that are emerging.
- Specific to the independence implications of business relationships, the Working Group acknowledges that respondents to the IESBA Strategy Survey 2022 also observed a growing number of activities involving firms and their audit clients that involve different business relationships, and that issues relating to these relationships arise quite often and can be complicated. Accordingly, there is a call for IESBA to conduct a holistic review of Section 520, including suggestions for a definition for the term “business relationship”. It was also suggested that the focus should be on identifying the specific attributes / characteristics that render a commercial relationship inappropriate from an independence perspective, rather identifying all types of commercial arrangements that impede independence.
- The Working Group notes that the key themes in Section II also have broader implications pertaining not only to the IESBA, but also to its stakeholders (including regulators and other standard-setters, as well as PAOs, firms, and academics) in the broader ecosystem.
Recommendation J:
- Continue initiatives to:
- Advocate the importance and relevance of Code: PAs are bound by the requirements of the Code, but the Working Group observed that some stakeholders exhibited a lack of awareness of the Code’s fundamental principles, conceptual framework, and a PA’s duty to act in the public interest.
The Working Group believes that it is therefore of utmost importance for the IESBA to further raise awareness of the Code, which enables PAs to fulfil their professional responsibility to act in the public interest, and promote reference to the Code by other standard-setters and regulators.226 This, of course, requires other such bodies and stakeholders – such as TCWG and investors – to recognize the importance of high standards of ethical behavior. It is also important that they recognize the role and contributions of the Code to guide ethical decision-making in the public interest and to meet the organizational and market needs for trustworthy financial and non-financial information.
To drive this, the IESBA and its representatives should further engage with other bodies to advocate for227 how and why the Code is increasingly relevant in today’s environment. This would also help promote greater involvement by PAs at more diverse decision-making tables. This is because PAs can demonstrate not only ethical behavior, but also assist in driving the ethical design, implementation, and use of technology solutions.
- Develop, facilitate the development of, and/or contribute to non-authoritative resources and materials: Rapid advancements in technology, its applications and related issues mean that the continued development and release of practical application guidance based upon the provisions of the Code is critical, especially in relation to important emerging issues.
The Working Group believes that to enable agility, speed to market, and fit-for-purpose guidance, issuing non- authoritative resources and materials is best done in collaboration with other stakeholders, rather than by the IESBA alone.
To this end, the Working Group has summarized for the IESBA and other stakeholders (i.e., IFAC, PAOs, NSS, and other standard-setters), the pertinent technology-related topics that would particularly benefit from additional non-authoritative guidance to draw out potential ethics issues that might arise and how the Code applies in such scenarios.
These suggestions are presented a Appendix II.
- The Working Group further believes that the effective undertaking and execution of such initiatives will support and promote the timely adoption and effective implementation of the Code, which is aligned with the proposed fourth strategic focus for the IESBA’s next Strategic Work Plan (2024 to 2027).
Endnotes
191 “… A PA shall not knowingly be associated with reports, returns, communications or other information where the accountant believes that the information: … Omits or obscures required information where such omission or obscurity would be misleading.”
192 “… An accountant shall not use confidential information acquired as a result of professional and business relationships for the personal advantage of the accountant or for the advantage of a third party. …”
193 Further commentary on some of the risks associated with training AI systems using “real” data are included in a meta-analysis of AI ethics guidelines implementations by Hagendorff, Thilo. “The Ethics of AI Ethics: An Evaluation of Guidelines.” Minds and Machines 30, 99-120, March 2020, https://link.springer.com/article/10.1007/s11023-020-09517-8.
194 The terminology in this area is still somewhat dynamic, and might refer to concepts such as explainable AI, understandability, interpretability, explicability, etc.
195 Supra note 44
196 Ibid.
197 Ibid.
198 Supra note 55
199 Question 5: “…the auditor may need to consider the algorithms embedded in, and the learning by the AI as a complement to the human thinking and decision-making process. As such, the auditor’s understanding of how the creation and modification of the algorithms operating are controlled and maintained may be important.”
200 “The use of artificial intelligence and machine learning by market intermediaries and asset managers: Final Report.” IOSCO, September 2021, https://www.iosco.org/library/pubdocs/pdf/IOSCOPD684.pdf.
201 “The Professional Accountant’s Role in Data – Discussion Paper.” IFAC and CPA Canada, April 2021, https://www.ifac.org/knowledge-gateway/preparing-future-ready-professionals/publications/professional-accountants-role-data.
202 Gould, Stathis. “Data and the Future-Fit Accountant.” IFAC, 25 May 2021, https://www.ifac.org/knowledge-gateway/preparing-future-readyprofessionals/discussion/data-and-future-fit-accountant.
203 To ensure data has integrity, is clean and reliable in the data gathering phase
204 To ensure the stewardship of data resources in the data sharing phase in the same way as the existing controllership role covers the stewardship of financial and physical resources
205 To provide insights through the analysis and interpretation of complex data to support decision-making
206 As an effective communicator, analyzing and explaining complex business issues within a local, national or global context based on the strengths and limitations of the data, and on the assumptions and models that underpin derived insights
207 As such, following this, a webinar was arranged in this regard, see “Data management value chain: An opportunity for accountants in the digital age.” CPA Canada and IFAC, Data Management Value Chain: An Opportunity for Accountants in the Digital Age.
208 Collins, Virginia, and Joel Lanz. “Managing Data as an Asset.” CPA Journal, June 2019, https://www.cpajournal.com/2019/06/24/managing-data-asan-asset/.
209 To enable more information gathering, the IESBA determined in June 2021 that the “custody of client data” by a PAPP in a non-audit context is not in the scope of its current Technology Project (See IESBA June 2021 Meeting Agenda Item 5B: Huesken, Rich. “Technology – Proposed Revisions to the Code.” IFAC, June 2021, https://www.ifac.org/system/files/meetings/files/Agenda-Item-5B-Technology-Project-Presentation-Matters-for-IESBAConsideration.pdf).
210 Note that these questions around ethics do not necessarily represent concerns related to falling foul of laws or regulations, i.e., not rising to the level that would trigger the Code’s provisions on responding to non-compliance with laws and regulations (NOCLAR).
211 The Code outlines a PA’s responsibility for ethical leadership in terms of holding themselves and their organizations accountable for ethical decisionmaking in the public interest (see paragraphs 100.1, R100.6 and 100.6 A1). The Working Group notes that this is inclusive of decisions regarding the responsible development, implementation, and use of technology. In this regard, the Working Group also notes the revisions arising from the Technology Project are intended to guide the ethical mindset and behavior of PAs as they deal with changes brought by technology in their work processes and the content of the services they provide.
212 Paragraph 120.13 A3 of the Code
213 See, for example, IESBA June 2022 Meeting Agenda Item 5: Poll, Jens. “Tax Planning & Related Services.” IFAC, June 2022, https://www.ifac.org/system/files/meetings/files/Agenda-Item-5-Tax-Planning-and-Related-Services-Jens-Poll.pptx.
214 Revisions arising from the Technology Project explicitly broadens this expectation to business organizations and individuals with which the PA has a professional or business relationship.
215 See, for example, the CPA Canada, ICAS, IFAC and IESBA series on “Ethical Leadership in the Digital Age.” CPA Canada, ICAS, IFAC and IESBA, https://www.ifac.org/knowledge-gateway/building-trust-ethics/discussion/ethical-leadership-digital-age and supra note 169.
216 For example, the US Public Accounting Oversight Board (PCAOB) in its publication on 2021 Conversations with Audit Committee Chairs notes that: “One recurring idea that we heard from audit committee chairs is that emerging technologies, despite all their promise, may never be a silver bullet. One audit committee chair, for example, expressed the view that emerging technologies should be thought of as supplemental tools. Another suggested that reliance on technology may be just the opposite of a silver bullet, to the extent that it dulls auditors’ ability or inclination to incorporate their business insights into procedures.” (Supra note 123)
217 For example, in the US PCAOB’s publication on 2021 Conversations with Audit Committee Chairs, it was highlighted that “one [audit committee] chair added appreciation for the auditor’s ability to explain how technology can be used to identify risk areas and to make the audit more effective.” (Supra note 123)
218 The Working Group notes that the IESBA’s current strategy and work plan (2019 to 2023) had considered whether strengthening the provisions in the Code regarding communication with TCWG would promote stakeholder confidence in the audit profession. At the time, the IESBA determined not to prioritize it given the relatively low support among respondents for this topic. The IESBA determined instead to direct its NAS Task Force to address the specific matter of communication with TCWG in the context of NAS. In this regard, the revised NAS provisions set out the new provisions regarding communication with TCWG in relation to NAS.
219 The Working Group notes that the question of whether to include specific provisions in the Code to enhance PAs’ communications with TCWG is being considered as part of the IESBA’s Tax Planning and Related Services Project.
220 Factors to consider in determining whether reliance on others is reasonable include:
- The reputation and expertise of, and resources available to, the other individual or organization.
- Whether the other individual is subject to applicable professional and ethics standards.
Such information might be gained from prior association with, or from consulting others about, the other individual or organization.
221 Factors to consider when a professional accountant intends to use the work of an expert include the reputation and expertise of the expert, the resources available to the expert, and the professional and ethics standards applicable to the expert. This information might be gained from prior association with the expert or from consulting others.
222 In the broader sense, this “overwhelm” is sometimes discussed in the context of burnout and other mental wellness issues. For example, a recent CPA British Columbia survey found that CPAs were more likely than other workers to feel physically and/or mentally exhausted after finishing their workday. See Midgley, Jamie. “Mental wellness in the CPA profession.” CPA British Columbia, 5 May 2022, https://www.bccpa.ca/news-events/latestnews/2022/may/mental-wellness-in-the-cpa-profession/.
223 Revisions arising from the Technology Project include a discussion of complex circumstances and provides guidance to help PAs manage these complex circumstances and mitigate the resulting challenges.
224 See revisions arising from the Technology Project.
225 See paragraph 145
226 For example, to enable the enforcement of the Code by jurisdictional regulators, and where regulators already enforce the Code, to help promote its consistent enforcement