Skip to main content

Technology Working Group Final Phase 2 Report Executive Summary

  1. In accordance with the Phase 2 Terms of Reference of the IESBA’s Technology Initiative, the Technology Working Group (Working Group) conducted fact-finding in a number of focus areas to identify and assess the potential impact of technology on the behavior of professional accountants (PAs) on the relevance and applicability of the IESBA’s International Code of Ethics for Professional Acuntants (including International Independence Standards) (the Code). The focus areas included robotic process automation (RPA), artificial intelligence (AI), blockchain, cloud computing, and data governance, including cybersecurity.
  2. In addition to desk research, the Working Group considered a balanced and diverse set of perspectives, professional and business roles, and experiences from a variety of stakeholders through its targeted outreach.1 The key PA ethics-related points arising from such outreach were distilled and synthesized into the eight key themes, as outlined in Section II: Key Themes Observed of this report. These key points were also analyzed and evaluated against the Code to determine whether they have the potential to impact the Code or the IESBA’s work more broadly.

CONCLUSION

  1. Reflecting on the substantive stakeholder outreach, desktop research, and other activities undertaken by the IESBA during both Phase 1 (2019-2020) and this second phase (2021-2022) of its fact-finding; The Working Group notes that the key themes observed have become increasingly consistent over time. The broad insights gathered also remain relevant despite the different types of technology being assessed and evaluated.
  2. Specifically, the technology landscape, although dynamic and evolving, has not seen a revolutionary turn that would significantly impact the relevance of the Code. Rather, the findings of Phase 2 underpin the fact that, with few exceptions, the Code continues to remain applicable and relevant to guide ethical decision-making around a PA’s involvement with the design, implementation, or use of disruptive and transformative technologies and related issues.
  3. The revisions to the Code arising from the IESBA’ technology project will additionally enhance the Code’s robustness and expand its relevance in this environment. Also, the IESBA’s careful consideration of the Working Group’s Phase 2 recommendations, as outlined in Section III: Insights and Recommendations of this report, will help ensure the Code’s continued relevance as technology reshapes the roles PAs undertake.
  4. Looking ahead, it is clear that technology is not “one and done”, and innovations in technology will continue to be monitored by the IESBA.

 

SUMMARY OF RECOMMENDATIONS

  • A. Data Used for AI training

    Revise the Code, for example, in Subsection 114 Confidentiality, to clarify whether firms and organizations may use client or customer data for internal purposes, such as training AI models, and if so, the parameters of such use (prior, informed consent; anonymization). Non-authoritative guidance should be developed to specifically emphasize the expectations for complying with the fundamental principle of integrity when using client or customer data for AI training, i.e., obtaining consent that is meaningful, informed, and transparent.

  • B. Transparency and Explainable AI

    Develop further guidance around the importance of transparency and explainability, whether through non- authoritative guidance or in the Code, specific to when a PA relies on or uses transformative technologies (e.g., AI). Such guidance would highlight that PAs cannot abdicate their public interest responsibility and accountability when relying on or using technology (even in highly automated environments).

    This additional guidance might explicitly set out expectations for a PA when relying on a technological solution. For example, before relying on a machine learning tool, the PA would be expected to ensure that the tool is explainable (i.e., that they can reasonably understand the rationale for decisions made by the technology). The Working Group believes that the PA need not be the expert who can explain the tool, but should have access to such an expert and should obtain a reasonable understanding in order to be comfortable with the tool’s inputs, processing, and outputs.

    Furthermore, consideration should be given to the ethics expectations for PAs when they are involved with developing transformative technology solutions, for example, that they are expected to promote the development of explainable systems, particularly in high-stakes applications.

  • C. Data Governance, including Custody of Data

    Revise the Code to address the ethics implications of a PA’s custody or holding of financial or non-financial data belonging to clients, customers, or other third parties. Such a workstream could be scoped to also include considering threats to compliance with the fundamental principles given the complexity created for PAs who need to remain current with an evolving patchwork of cross- and intra-jurisdictional data privacy laws and regulations, as well as the ethics challenges related to data governance and management (including cybersecurity).

    Continue raising awareness of a PA’s strategic role in data governance and management (including cybersecurity), and develop educational resources to highlight such a role.

  • D. Ethical Leadership and Decision-making

    With a view to the broader expectations for PAs to exhibit and champion ethical leadership and decision-making, develop non-authoritative guidance to emphasize the potential actions a PA might take when applying the conceptual framework and complying with the Code’s fundamental principles in technology-related scenarios relevant across various PA roles and activities.

  • E. Communication with Those Charged with Governance (TCWG)

    To strengthen the concepts of transparency and accountability, add new material to the Code as part of the subsections on “communication with TCWG” in Parts 2 and 3 to encourage, or require, meaningful communication with TCWG by PAs (including individual Professional Accountants in Public Practice (PAPPs) and firms) about technology-related risks and exposures that might affect PAs’ compliance with the fundamental principles and, where applicable, independence requirements.

    These concepts are not unique to technology-related risks and exposures, but rather are broadly applicable whenever there are risks and exposures that might affect PAs’ compliance with the fundamental principles and, where applicable, independence requirements (e.g., technology, tax planning, sustainability). There is an opportunity to incorporate such communications into the Code more generally in the future, so that it can be considered under all circumstances.

  • F. Reliance on, or Use of, Experts

    Develop non-authoritative guidance and/or revise the Code in paragraphs 220.7 A1 and 320.10 A1 to emphasize the importance of a PA assessing the extent to which an expert being used and relied upon behaves in alignment with the Code’s fundamental principles, and the factors to consider in making such an assessment.

    Such guidance would be applicable whenever experts are used (e.g., technology, tax planning, sustainability) and goes beyond independence considerations.

  • G. Threshold for “Sufficient” Competence

    Engage more actively with other bodies, such as IFAC’s International Panel on Accountancy Education (IPAE) and professional accountancy organizations (PAOs), to encourage them to arrange educational activities to raise

    awareness about the characteristics of “sufficient” competence in the context of the Code and the International Education Standards (IESs). Such other bodies are better placed to develop non-authoritative guidance to illustrate and emphasize how the Code’s principles apply when determining sufficient competence.

  • H. Pressure on PAs

    Revise the Code, for example, within Section 270 Pressure to Breach the Fundamental Principles, to include illustrations of pressures on PAs (such as time and resourcing constraints; competence gaps; the complexity of technology, laws and regulations; the pace of change; uncertainty, etc.).

    In addition, consider revising the description of the intimidation threat (paragraph 120.6 A3)) to acknowledge that objectivity is not the only fundamental principle that might be impacted by this threat. For example, feeling pressured or intimidated as a result of information overload or an exponential pace of change might threaten professional competence and due care.

    Finally, advocate to PAOs and other bodies, such as IFAC’s IPAE, the development of additional non-authoritative resources to raise awareness of, and provide guidance on, how PAs can manage sustained pressures.

  • I. Business Relationships

    Given the rise in strategic and commercial relationships between accounting firms and technology and other companies, consider revising Part 3 of the Code to consider the ethics implications of business relationships, in addition to revising Section 520 Business Relationships more comprehensively to address potential threats to the fundamental principles and, where relevant, independence, in the context of broader business relationships and new forms of relationships that are emerging.

  • J. Broader Implications on IESBA’s Work

    Continue initiatives to advocate the importance and relevance of Code, as well as to develop, facilitate the development of, and/or contribute to non-authoritative resources and materials. Appendix II of this report summarizes the pertinent technology-related topics that would particularly benefit from additional non-authoritative guidance to draw out potential ethics issues that might arise and how the Code applies in such scenarios.

Including with individuals representing those charged with governance, investors, regulators, public sector and oversight bodies, technologists (software vendors and developers) and professional accountants in business (PAIBs), professional accountancy organizations (PAOs) including national standard setters (NSS), and accounting firms and individual professional accountants in public practice (PAPPs).