PES 1

1. Professional and Ethical Standard 1, International Code of Ethics for Assurance Practitioners (including International Independence Standards) (New Zealand) (“the Code”) sets out fundamental principles of ethics for assurance practitioners, reflecting the profession’s recognition of its public interest responsibility. These principles establish the standard of behaviour expected of an assurance practitioner. The fundamental principles are: integrity, objectivity, professional competence and due care, confidentiality, and professional behaviour.

2. The Code provides a conceptual framework that assurance practitioners are to apply in order to identify, evaluate and address threats to compliance with the fundamental principles. The Code sets out requirements and application material on various topics to help assurance practitioners apply the conceptual framework to those topics.

3. In the case of audits, reviews and other assurance engagements, the Code sets out International Independence Standards (New Zealand), established by the application of the conceptual framework to threats to independence in relation to these engagements.

4. The Code contains the following material:

5. The Code contains sections which address specific topics. Some sections contain subsections dealing with specific aspects of those topics. Each section of the Code is structured, where appropriate, as follows:

6. The Code requires assurance practitioners to comply with the fundamental principles of ethics. The Code also requires them to apply the conceptual framework to identify, evaluate and address threats to compliance with the fundamental principles. Applying the conceptual framework requires exercising professional judgement, remaining alert for new information and to changes in facts and circumstances, and using the reasonable and informed third party test.

7. The conceptual framework recognises that the existence of conditions, policies and procedures established by the profession, legislation, regulation, or the firm, might impact the identification of threats. Those conditions, policies and procedures might also be a relevant factor in the assurance practitioner’s evaluation of whether a threat is at an acceptable level. When threats are not at an acceptable level, the conceptual framework requires the assurance practitioner to address those threats. Applying safeguards is one way that threats might be addressed. Safeguards are actions individually or in combination that the assurance practitioner takes that effectively reduce threats to an acceptable level.

8. In addition, the Code requires assurance practitioners to be independent when performing audit, review and other assurance engagements. The conceptual framework applies in the same way to identifying, evaluating and addressing threats to independence as to threats to compliance with the fundamental principles.

9. Complying with the Code requires knowing, understanding and applying:

• All of the relevant provisions of a particular section in the context of Part 1, together with the additional material set out in Sections 200, 300, 400 and 900, as applicable.

• All of the relevant provisions of a particular section, for example, applying the provisions that are set out under the subheadings titled “General” and “All Audit Clients” together with additional specific provisions, including those set out under the subheadings titled “Audit or Review Clients that are not Public Interest Entities” or “Audit or Review Clients that are Public Interest Entities.”

• All of the relevant provisions set out in a particular section together with any additional provisions set out in any relevant subsection.

10. Requirements and application material are to be read and applied with the objective of complying with the fundamental principles, applying the conceptual framework and, when performing audit, review and other assurance engagements, being independent.

11. Requirements are designated with the letter “R” and, in most cases, include the word “shall.” The word “shall” in the Code imposes an obligation on an assurance practitioner or firm to comply with the specific provision in which “shall” has been used.

12. In some situations, the Code provides a specific exception to a requirement. In such a situation, the provision is designated with the letter “R” but uses “may” or conditional wording.

13. When the word “may” is used in the Code, it denotes permission to take a particular action in certain circumstances, including as an exception to a requirement. It is not used to denote possibility.

14. When the word “might” is used in the Code, it denotes the possibility of a matter arising, an event occurring or a course of action being taken. The term does not ascribe any particular level of possibility or likelihood when used in conjunction with a threat, as the evaluation of the level of a threat depends on the facts and circumstances of any particular matter, event or course of action.

15. In addition to requirements, the Code contains application material that provides context relevant to a proper understanding of the Code. In particular, the application material is intended to help an assurance practitioner to understand how to apply the conceptual framework to a particular set of circumstances and to understand and comply with a specific requirement. While such application material does not of itself impose a requirement, consideration of the material is necessary to the proper application of the requirements of the Code, including application of the conceptual framework. Application material is designated with the letter “A.”

16. Where application material includes lists of examples, these lists are not intended to be exhaustive.

17. The Appendix to this Guide provides an overview of the Code.

NZ1.1 Professional and Ethical Standard 1, International Code of Ethics for Assurance Practitioners (including International Independence Standards) (New Zealand) (“the Code”) is effective from 15 June 2019 and supersedes Professional and Ethical Standard 1 (Revised), Code of Ethics for Assurance Practitioners, issued by the XRB in January 2013. Early adoption of the Code is permitted.

NZ1.2 The Code is intended to apply to all those who perform assurance engagements, even if they are not part of the accountancy profession. The Code makes reference to the accountancy profession to establish a benchmark and is not intended to exclude assurance practitioners that are not part of the accountancy profession. Some professions may have requirements and guidance that differ from those contained in the Code. Assurance practitioners from other professions, including any person or organisation appointed or engaged to perform assurance engagements, need to be aware of these differences and comply with the more stringent requirements and guidance.

NZ1.3 The Code is not intended to detract from responsibilities which may be imposed by law or regulation.

NZ1.4 In applying the requirements outlined in the Code, assurance practitioners shall be guided not merely by the words, but also by the spirit of the Code.

100.1 A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in the public interest.

100.2 Confidence in the accountancy profession is a reason why businesses, governments and other organisations involve professional accountants in a broad range of areas including financial and corporate reporting, assurance and other professional activities. Accountants understand and acknowledge that such confidence is based on the skills and values that accountants bring to the professional activities they undertake, including:

1. Adherence to ethical principles and professional standards;

2. Use of business acumen;

3. Application of expertise on technical and other matters; and

4. Exercise of professional judgement.

The application of these skills and values enables accountants to provide advice or other output that meets the purpose for which it was provided, and which can be relied upon by the intended users of such output.

100.3 The Code sets out high quality standards of ethical behaviour expected of professional accountants for adoption by professional accountancy organisations which are members of the International Federation of Accountants (IFAC), or for use by such members as a basis for their codes of ethics. The Code may also be used or adopted by those responsible for setting ethics standards for professional accountants in particular sectors or jurisdictions and by firms in developing their ethics and independence policies.

100.4 The Code establishes five fundamental principles to be complied with by all professional accountants. It also includes a conceptual framework that sets out the approach to be taken to identify, evaluate and address threats to compliance with those fundamental principles and, for audits and other assurance engagements, threats to independence. The Code also applies the fundamental principles and the conceptual framework to a range of facts and circumstances that professional accountants may encounter, whether in business or in public practice.

100.5 A1 The requirements in the Code, designated with the letter “R,” impose obligations.

100.5 A2 Application material, designated with the letter “A,” provides context, explanations, suggestions for actions or matters to consider, illustrations and other guidance relevant to a proper understanding of the Code. In particular, the application material is intended to help an assurance practitioner to understand how to apply the conceptual framework to a particular set of circumstances and to understand and comply with a specific requirement. While such application material does not of itself impose a requirement, consideration of the material is necessary to the proper application of the requirements of the Code, including application of the conceptual framework.

R100.6 An assurance practitioner shall comply with the Code.

100.6 A1 Upholding the fundamental principles and compliance with the specific requirements of the Code enable assurance practitioners to meet their responsibility to act in the public interest.

100.6 A2 Complying with the Code includes giving appropriate regard to the aim and intent of the specific requirements.

100.6 A3 Compliance with the requirements of the Code does not mean that assurance practitioners will have always met their responsibility to act in the public interest. There might be unusual or exceptional circumstances in which an assurance practitioner believes that complying with a requirement or requirements of the Code might not be in the public interest or would lead to a disproportionate outcome. In those circumstances, the assurance practitioner is encouraged to consult with an appropriate body such as a professional or regulatory body.

100.6 A4 In acting in the public interest, an assurance practitioner considers not only the preferences or requirements of an individual client or employing organisation, but also the interests of other stakeholders when performing professional activities.

R100.7 If there are circumstances where laws or regulations preclude an assurance practitioner from complying with certain parts of the Code, those laws and regulations prevail, and the assurance practitioner shall comply with all other parts of the Code.

100.7 A1 The principle of professional behaviour requires an assurance practitioner to comply with relevant laws and regulations.

R100.8 Paragraphs R400.80 to R400.89 and R900.50 to R900.55 address a breach of International Independence Standards (New Zealand). An assurance practitioner who identifies a breach of any other provision of the Code shall evaluate the significance of the breach and its impact on the assurance practitioner’s ability to comply with the fundamental principles. The assurance practitioner shall also:

1. Take whatever actions might be available, as soon as possible, to address the consequences of the breach satisfactorily; and

2. Determine whether to report the breach to the relevant parties.

100.8 A1 Relevant parties to whom such a breach might be reported include those who might have been affected by it, a professional or regulatory body or an oversight authority.

110.1 A1 There are five fundamental principles of ethics for assurance practitioners:

1. Integrity – to be straightforward and honest in all professional and business relationships.

2. Objectivity – to exercise professional or business judgements without being compromised by:

   1. Bias;

   2. Conflict of interest; or

   3. Undue influence of, or undue reliance on, individuals, organisations, technology or other factors.

3. Professional Competence and Due Care – to:

   1. Attain and maintain professional knowledge and skill at the level required to ensure that a client receives competent assurance services, based on current standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board and the New Zealand Accounting Standards Board and relevant legislation; and

   2. Act diligently and in accordance with standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board and the New Zealand Accounting Standards Board.

4. Confidentiality – to respect the confidentiality of information acquired as a result of professional and business relationships.

5. Professional Behaviour – to:

   1. Comply with relevant laws and regulations;

   2. Behave in a manner consistent with the profession’s responsibility to act in the public interest in all professional activities and business relationships; and

   3. Avoid any conduct that the assurance practitioner knows or should know might discredit the profession.

R110.2 An assurance practitioner shall comply with each of the fundamental principles.

110.2 A1 The fundamental principles of ethics establish the standard of behaviour expected of an assurance practitioner. The conceptual framework establishes the approach which an assurance practitioner is required to apply in complying with those fundamental principles. Subsections 111 to 115 set out requirements and application material related to each of the fundamental principles.

110.2 A2 An assurance practitioner might face a situation in which complying with one fundamental principle conflicts with complying with one or more other fundamental principles. In such a situation, the assurance practitioner might consider consulting, on an anonymous basis if necessary, with:

• Others within the firm.

• Those charged with governance.

• A professional body.

• A regulatory body.

• Legal counsel.

However, such consultation does not relieve the assurance practitioner from the responsibility to exercise professional judgement to resolve the conflict or, if necessary, and unless prohibited by law or regulation, disassociate from the matter creating the conflict.

110.2 A3 The assurance practitioner is encouraged to document the substance of the issue, the details of any discussions, the decisions made and the rationale for those decisions.

R111.1 An assurance practitioner shall comply with the principle of integrity, which requires an assurance practitioner to be straightforward and honest in all professional and business relationships.

111.1 A1 Integrity involves fair dealing, truthfulness and having the strength of character to act appropriately, even when facing pressure to do otherwise or when doing so might create potential adverse personal or organisational consequences.

111.1 A2 Acting appropriately would involve:

1. Standing one’s ground when confronted by dilemmas and difficult situations; or

2. Challenging others as and when circumstances warrant, in a manner appropriate to the circumstances.

R111.2 An assurance practitioner shall not knowingly be associated with reports, returns, communications or other information where the assurance practitioner believes that the information:

1. Contains a materially false or misleading statement;

2. Contains statements or information provided recklessly; or

3. Omits or obscures required information where such omission or obscurity would be misleading.

111.2 A1 If an assurance practitioner provides a modified report in respect of such a report, return, communication or other information, the assurance practitioner is not in breach of paragraph R111.2.

R111.3 When an assurance practitioner becomes aware of having been associated with information described in paragraph R111.2, the assurance practitioner shall take steps to be disassociated from that information.

R112.1 An assurance practitioner shall comply with the principle of objectivity, which requires an assurance practitioner to exercise professional or business judgement without being compromised by:

1. Bias;

2. Conflict of interest; or

3. Undue influence, or undue reliance on, individuals, organisations, technology or other factors.

R112.2 An assurance practitioner shall not undertake a professional activity if a circumstance or relationship unduly influences the assurance practitioner’s professional judgement regarding that activity.

R113.1 An assurance practitioner shall comply with the principle of professional competence and due care, which requires an assurance practitioner to:

1. Attain and maintain professional knowledge and skill at the level required to ensure that a client receives competent assurance service, based on standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board and the New Zealand Accounting Standards Board and relevant legislation; and

2. Act diligently and in accordance with the standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board and the New Zealand Accounting Standards Board.

113.1 A1 Serving clients with professional competence requires the exercise of sound judgement in applying professional knowledge and skill when undertaking professional activities.

113.1 A2 Maintaining professional competence requires a continuing awareness and an understanding of relevant technical, professional, business and technology-related developments. Continuing professional development enables an assurance practitioner to develop and maintain the capabilities to perform competently within the assurance environment.

113.1 A3 Diligence encompasses the responsibility to act in accordance with the requirements of an assignment, carefully, thoroughly and on a timely basis.

R113.2 In complying with the principle of professional competence and due care, an assurance practitioner shall take reasonable steps to ensure that those working in a professional capacity under the assurance practitioner’s authority have appropriate training and supervision.

R113.3 Where appropriate, an assurance practitioner shall make clients, or other users of the assurance practitioner’s assurance services, aware of the limitations inherent in the services.

R114.1 An assurance practitioner shall comply with the principle of confidentiality, which requires an assurance practitioner to respect the confidentiality of information acquired as a result of professional and business relationships. An assurance practitioner shall:

1. Be alert to the possibility of inadvertent disclosure, including in a social environment, and particularly to a close business associate or an immediate or a close family member;

2. Maintain confidentiality of information within the firm;

3. Maintain confidentiality of information disclosed by a prospective client;

4. Not disclose confidential information acquired as a result of professional and business relationships outside the firm without proper and specific authority, unless there is a legal or professional duty or right to disclose;

5. Not use confidential information acquired as a result of professional and business relationships for the personal advantage of the assurance practitioner or for the advantage of a third party;

6. Not use or disclose any confidential information, either acquired or received as a result of a professional or business relationship, after that relationship has ended; and

7. Take reasonable steps to ensure that personnel under the assurance practitioner’s control, and individuals from whom advice and assistance are obtained, respect the assurance practitioner’s duty of confidentiality.

114.1 A1 Confidentiality serves the public interest because it facilitates the free flow of information from the assurance practitioner’s client to the assurance practitioner in the knowledge that the information will not be disclosed to a third party. Nevertheless, the following are circumstances where assurance practitioners are or might be required to disclose confidential information or when such disclosure might be appropriate:

1. Disclosure is required by law, for example:

   1. Production of documents or other provision of evidence in the course of legal proceedings; or

   2. Disclosure to the appropriate public authorities of infringements of the law that come to light;

2. Disclosure is permitted by law and is authorised by the client; and

3. There is a professional duty or right to disclose, when not prohibited by law:

   1. To comply with the quality review of a professional body;

   2. To respond to an enquiry or investigation by a professional or regulatory body;

   3. To protect the professional interests of an assurance practitioner in legal proceedings; or

   4. To comply with standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board and the New Zealand Accounting Standards Board.

NZ114.1 A1 The circumstances in paragraph 114.1 A1 do not take into account New Zealand legal and regulatory requirements. An assurance practitioner considering disclosing confidential information about a client without their consent is advised to first obtain legal advice.

114.1 A2 In deciding whether to disclose confidential information, factors to consider, depending on the circumstances, include:

R114.2 An assurance practitioner shall continue to comply with the principle of confidentiality even after the end of the relationship between the assurance practitioner and a client. When acquiring a new client, the assurance practitioner is entitled to use prior experience but shall not use or disclose any confidential information acquired or received as a result of a professional or business relationship.

R115.1 An assurance practitioner shall comply with the principle of professional behaviour, which requires an assurance practitioner to:

1. Comply with relevant laws and regulations;

2. Behave in a manner consistent with the profession’s responsibility to act in the public interest in all professional activities and business relationships; and

3. Avoid any conduct that the assurance practitioner knows or should know might discredit the profession.

An assurance practitioner shall not knowingly engage in any business, occupation or activity that impairs or might impair the integrity, objectivity or good reputation of the profession, and as a result would be incompatible with the fundamental principles.

115.1 A1 Conduct that might discredit the accountancy profession includes conduct that a reasonable and informed third party would be likely to conclude adversely affects the good reputation of the profession.

R115.2 When undertaking marketing or promotional activities, an assurance practitioner shall not bring the accountancy profession into disrepute. An assurance practitioner shall be honest and truthful and shall not make:

1. Exaggerated claims for the services offered by, or the qualifications or experience of, the assurance practitioner; or

2. Disparaging references or unsubstantiated comparisons to the work of others.

115.2 A1 If an assurance practitioner is in doubt about whether a form of advertising or marketing is appropriate, the assurance practitioner is encouraged to consult with the relevant professional body.

120.1 The circumstances in which assurance practitioners operate might create threats to compliance with the fundamental principles. Section 120 sets out requirements and application material, including a conceptual framework, to assist assurance practitioners in complying with the fundamental principles and meeting their responsibility to act in the public interest. Such requirements and application material accommodate the wide range of facts and circumstances, including the various professional activities, interests and relationships, that create threats to compliance with the fundamental principles. In addition, they deter assurance practitioners from concluding that a situation is permitted solely because that situation is not specifically prohibited by the Code.

120.2 The conceptual framework specifies an approach for an assurance practitioner to:

1. Identify threats to compliance with the fundamental principles;

2. Evaluate the threats identified; and

3. Address the threats by eliminating or reducing them to an acceptable level.

R120.3 The assurance practitioner shall apply the conceptual framework to identify, evaluate and address threats to compliance with the fundamental principles set out in Section 110.

120.3 A1 Additional requirements and application material that are relevant to the application of the conceptual framework are set out in:

1. Part 2 – Assurance Practitioners Performing Professional Activities Pursuant to Their Relationship with the Firm;

2. Part 3 – Application of the Code, Fundamental Principles and Conceptual Framework; and

3. International Independence Standards (New Zealand), as follows:

   1. Part 4A – Independence for Audit and Review Engagements; and

   2. Part 4B – Independence for Assurance Engagements Other than Audit and Review Engagements.

R120.4 When dealing with an ethics issue the assurance practitioner shall consider the context in which the issue has arisen or might arise. Where an individual who is an assurance practitioner is performing professional activities pursuant to the assurance practitioner’s relationship with the firm, whether as a contractor, employee or owner, the individual shall comply with the provisions in Part 2 that apply to these circumstances.

R120.5 When applying the conceptual framework, the assurance practitioner shall:

1. Have an enquiring mind;

2. Exercise professional judgement; and

3. Use the reasonable and informed third party test described in paragraph

120.5 A1 An enquiring mind is a prerequisite to obtaining an understanding of known facts and circumstances necessary for the proper application of the conceptual framework. Having an enquiring mind involves:

1. Considering the source, relevance and sufficiency of information obtained, taking into account the nature, scope and outputs of the professional activity being undertaken; and

2. Being open and alert to a need for further investigation or other action.

120.5 A2 When considering the source, relevance and sufficiency of information obtained, the assurance practitioner might consider, among other matters, whether:

120.5 A3 Paragraph R120.5 requires all assurance practitioners to have an enquiring mind when identifying, evaluating and addressing threats to the fundamental principles. This prerequisite for applying the conceptual framework applies to all assurance practitioners regardless of the professional activity undertaken. Under auditing, review and other assurance standards, including those issued by the NZAuASB, assurance practitioners are also required to exercise professional scepticism, which includes a critical assessment of evidence.

120.5 A4 Professional judgement involves the application of relevant training, professional knowledge, skill and experience commensurate with the facts and circumstances, taking into account the nature and scope of the particular assurance activities, and the interests and relationships involved.

120.5 A5 Professional judgement is required when the assurance practitioner applies the conceptual framework in order to make informed decisions about the courses of actions available, and to determine whether such decisions are appropriate in the circumstances. In making this determination, the assurance practitioner might consider matters such as whether:

120.5 A6 The reasonable and informed third party test is a consideration by the assurance practitioner about whether the same conclusions would likely be reached by another party. Such consideration is made from the perspective of a reasonable and informed third party, who weighs all the relevant facts and circumstances that the assurance practitioner knows, or could reasonably be expected to know, at the time the conclusions are made. The reasonable and informed third party does not need to be an assurance practitioner, but would possess the relevant knowledge and experience to understand and evaluate the appropriateness of the assurance practitioner’s conclusions in an impartial manner.

R120.6 The assurance practitioner shall identify threats to compliance with the fundamental principles.

120.6 A1 An understanding of the facts and circumstances, including any professional activities, interests and relationships that might compromise compliance with the fundamental principles, is a prerequisite to the assurance practitioner’s identification of threats to such compliance. The existence of certain conditions, policies and procedures established by the profession, legislation, regulation, or the firm that can enhance the assurance practitioner acting ethically might also help identify threats to compliance with the fundamental principles. Paragraph 120.8 A2 includes general examples of such conditions, policies and procedures which are also factors that are relevant in evaluating the level of threats.

120.6 A2 Threats to compliance with the fundamental principles might be created by a broad range of facts and circumstances. It is not possible to define every situation that creates threats. In addition, the nature of engagements might differ and, consequently, different types of threats might be created.

120.6 A3 Threats to compliance with the fundamental principles fall into one or more of the following categories:

1. Self-interest threat – the threat that a financial or other interest will inappropriately influence an assurance practitioner’s judgement or behaviour;

2. Self-review threat – the threat that an assurance practitioner will not appropriately evaluate the results of a previous judgement made, or an activity performed by the assurance practitioner, or by another individual within the assurance practitioner’s firm, on which the assurance practitioner will rely when forming a judgement as part of performing a current activity;

3. Advocacy threat – the threat that an assurance practitioner will promote a client’s position to the point that the assurance practitioner’s objectivity is compromised;

4. Familiarity threat – the threat that due to a long or close relationship with a client, an assurance practitioner will be too sympathetic to their interests or too accepting of their work; and

5. Intimidation threat – the threat that an assurance practitioner will be deterred from acting objectively because of actual or perceived pressures, including attempts to exercise undue influence over the assurance practitioner.

120.6 A4 A circumstance might create more than one threat, and a threat might affect compliance with more than one fundamental principle.

R120.7 When the assurance practitioner identifies a threat to compliance with the fundamental principles, the assurance practitioner shall evaluate whether such a threat is at an acceptable level.

120.7 A1 An acceptable level is a level at which an assurance practitioner using the reasonable and informed third party test would likely conclude that the assurance practitioner complies with the fundamental principles.

120.8 A1 The consideration of qualitative as well as quantitative factors is relevant in the assurance practitioner’s evaluation of threats, as is the combined effect of multiple threats, if applicable.

120.8 A2 The existence of conditions, policies and procedures described in paragraph 120.6 A1 might also be factors that are relevant in evaluating the level of threats to compliance with fundamental principles. Examples of such conditions, policies and procedures include:

• Corporate governance requirements.

• Educational, training and experience requirements for the profession.

• Effective complaint systems which enable the assurance practitioner and the general public to draw attention to unethical behaviour.

• An explicitly stated duty to report breaches of ethics requirements.

• Professional or regulatory monitoring and disciplinary procedures.

R120.9 If the assurance practitioner becomes aware of new information or changes in facts and circumstances that might impact whether a threat has been eliminated or reduced to an acceptable level, the assurance practitioner shall re-evaluate and address that threat accordingly.

120.9 A1 Remaining alert throughout the professional activity assists the assurance practitioner in determining whether new information has emerged or changes in facts and circumstances have occurred that:

1. Impact the level of a threat; or

2. Affect the assurance practitioner’s conclusions about whether safeguards applied continue to be appropriate to address identified threats.

120.9 A2 If new information results in the identification of a new threat, the assurance practitioner is required to evaluate and, as appropriate, address this threat. (Ref: Paras. R120.7 and R120.10).

R120.10 If the assurance practitioner determines that the identified threats to compliance with the fundamental principles are not at an acceptable level, the assurance practitioner shall address the threats by eliminating them or reducing them to an acceptable level. The assurance practitioner shall do so by:

1. Eliminating the circumstances, including interests or relationships, that are creating the threats;

2. Applying safeguards, where available and capable of being applied, to reduce the threats to an acceptable level; or

3. Declining or ending the specific professional activity.

120.10 A1 Depending on the facts and circumstances, a threat might be addressed by eliminating the circumstance creating the threat. However, there are some situations in which threats can only be addressed by declining or ending the specific professional activity. This is because the circumstances that created the threats cannot be eliminated and safeguards are not capable of being applied to reduce the threat to an acceptable level.

120.10 A2 Safeguards are actions, individually or in combination, that the assurance practitioner takes that effectively reduce threats to compliance with the fundamental principles to an acceptable level.

R120.11 The assurance practitioner shall form an overall conclusion about whether the actions that the assurance practitioner takes, or intends to take, to address the threats created will eliminate those threats or reduce them to an acceptable level. In forming the overall conclusion, the assurance practitioner shall:

1. Review any significant judgements made or conclusions reached; and

2. Use the reasonable and informed third party test. Other Considerations when Applying the Conceptual Framework

120.12 A1 Conscious or unconscious bias affects the exercise of professional judgement when identifying, evaluating and addressing threats to compliance with the fundamental principles.

120.12 A2 Examples of potential bias to be aware of when exercising professional judgement include:

• Anchoring bias, which is a tendency to use an initial piece of information as an anchor against which subsequent information is inadequately assessed.

• Automation bias, which is a tendency to favour output generated from automated systems, even when human reasoning or contradictory information raises questions as to whether such output is reliable or fit for purpose.

• Availability bias, which is a tendency to place more weight on events or experiences that immediately come to mind or are readily available than on those that are not.

• Confirmation bias, which is a tendency to place more weight on information that corroborates an existing belief than information that contradicts or casts doubt on that belief.

• Groupthink, which is a tendency for a group of individuals to discourage individual creativity and responsibility and as a result reach a decision without critical reasoning or consideration of alternatives.

• Overconfidence bias, which is a tendency to overestimate one's own ability to make accurate assessments of risk or other judgements or decisions.

• Representation bias, which is a tendency to base an understanding on a pattern of experiences, events or beliefs that is assumed to be representative.

• Selective perception, which is a tendency for a person's expectations to influence how the person views a particular matter or person.

120.12 A3 Actions that might mitigate the effect of bias include:

• Seeking advice from experts to provide additional input.

• Consulting with others to ensure appropriate challenge as part of the evaluation process.

• Receiving training related to the identification of bias as part of professional development.

120.13 A1 The effective application of the conceptual framework by an assurance practitioner is enhanced when the importance of ethical values that align with the fundamental principles and other provisions set out in the Code is promoted through the internal culture of the assurance practitioner’s organisation.

120.13 A2 The promotion of an ethical culture within an organisation is most effective when:

1. Leaders and those in managerial roles promote the importance of, and hold themselves and others accountable for demonstrating the ethical values of the organisation;

2. Appropriate education and training programs, management processes, and performance evaluation and reward criteria that promote an ethical culture are in place;

3. Effective policies and procedures are in place to encourage and protect those who report actual or suspected illegal or unethical behaviour, including whistle- blowers; and

4. The organisation adheres to ethical values in its dealings with third parties.

120.13 A3 Assurance practitioners are expected to encourage and promote an ethics-based culture in their organisation, taking into account their position and seniority.

120.14 A1 Professional and Ethical Standard 3 (Revised)¹ sets out requirements and application material relating to firm culture in the context of a firm’s responsibilities to design, implement and operate a system of quality management for audits or reviews of financial statements, or other assurance or related services engagements.

120.15 A1 Assurance practitioners are required by International Independence Standards (New Zealand) to be independent when performing audits, reviews, or other assurance engagements. Independence is linked to the fundamental principles of objectivity and integrity. It comprises:

1. Independence of mind – the state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgement, thereby allowing an individual to act with integrity, and exercise objectivity and professional scepticism.

2. Independence in appearance – the avoidance of facts and circumstances that are so significant that a reasonable and informed third party would be likely to conclude that a firm’s or an audit, review or assurance team member’s integrity, objectivity or professional scepticism has been compromised.

120.15 A2 International Independence Standards (New Zealand) set out requirements and application material on how to apply the conceptual framework to maintain independence when performing audits, reviews or other assurance engagements. Assurance practitioners and firms are required to comply with these standards in order to be independent when conducting such engagements. The conceptual framework to identify, evaluate and address threats to compliance with the fundamental principles applies in the same way to compliance with independence requirements. The categories of threats to compliance with the fundamental principles described in paragraph 120.6 A3 are also the categories of threats to compliance with independence requirements.

120.15 A3 Conditions, policies and procedures described in paragraphs 120.6 A1 and 120.8 A2 that might assist in identifying and evaluating threats to compliance with the fundamental principles might also be factors relevant to identifying and evaluating threats to independence. In the context of audits, reviews and other assurance engagements, a system of quality management designed, implemented and operated by a firm in accordance with the quality management standards issued by the New Zealand Auditing and Assurance Standards Board is an example of such conditions, policies and procedures.

120.16 A1 Under auditing, review and other assurance standards, including those issued by the New Zealand Auditing and Assurance Standards Board, assurance practitioners are required to exercise professional scepticism when planning and performing audits, reviews and other assurance engagements. Professional scepticism and the fundamental principles that are described in Section 110 are inter-related concepts.

120.16 A2 In an audit of financial statements, compliance with the fundamental principles, individually and collectively, supports the exercise of professional scepticism, as shown in the following examples:

200.1 This Part of the Code sets out requirements and application material for assurance practitioners, performing professional activities pursuant to their relationship with the firm, when applying the conceptual framework set out in Section 120. It does not describe all of the facts and circumstances, including professional activities, interests and relationships, that could be encountered by assurance practitioners, which create or might create threats to compliance with the fundamental principles. Therefore, the conceptual framework requires assurance practitioners to be alert for such facts and circumstances.

200.2 Investors, creditors, employing organisations and other sectors of the business community, as well as governments and the general public, might rely on the work of assurance practitioners. Assurance practitioners might be solely or jointly responsible for the preparation and reporting of financial and other information, on which both their employing organisations and third parties might rely. They might also be responsible for providing effective financial management and competent advice on a variety of business-related matters.

200.3 An assurance practitioner might be an employee, contractor, partner, director (executive or non-executive), owner-manager, or volunteer of an employing organisation. The legal form of the relationship of the assurance practitioner with the employing organisation has no bearing on the ethical responsibilities placed on the assurance practitioner.

200.4 [Amended by the NZAuASB]

NZ200.4 In this Part, the term “assurance practitioner” refers to an individual who is an assurance practitioner when performing professional activities pursuant to the assurance practitioner’s relationship with the assurance practitioner’s firm, whether as a contractor, employee or owner. The provisions in Part 2 deal mainly with matters that are relevant to professional activities that occur internally within the employing organisation. A number of those provisions may be less relevant to an assurance practitioner. The assurance practitioner uses professional judgement when determining which of those provisions are relevant to the assurance practitioner. More information on when Part 2 is applicable to assurance practitioners is set out in paragraphs R120.4, R300.5 and 300.5 A1.

R200.5 An assurance practitioner shall comply with the fundamental principles set out in Section 110 and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats to compliance with the fundamental principles.

200.5 A1 An assurance practitioner has a responsibility to further the legitimate objectives of the assurance practitioner’s employing organisation. The Code does not seek to hinder assurance practitioners from fulfilling that responsibility, but addresses circumstances in which compliance with the fundamental principles might be compromised.

200.5 A2 Assurance practitioners may promote the position of the employing organisation when furthering the legitimate goals and objectives of their employing organisation, provided that any statements made are neither false nor misleading. Such actions usually would not create an advocacy threat.

200.5 A3 The more senior the position of an assurance practitioner, the greater will be the ability and opportunity to access information, and to influence policies, decisions made and actions taken by others involved with the employing organisation. To the extent that they are able to do so, taking into account their position and seniority in the organisation, assurance practitioners are expected to encourage and promote an ethics- based culture in the organisation. Examples of actions that might be taken include the introduction, implementation and oversight of:

200.6 A1 Threats to compliance with the fundamental principles might be created by a broad range of facts and circumstances. The categories of threats are described in paragraph 120.6 A3. The following are examples of facts and circumstances within each of those categories that might create threats for an assurance practitioner when undertaking a professional activity:

1. Self-interest Threats

   • An assurance practitioner holding a financial interest in, or receiving a loan or guarantee from, the employing organisation.
   • An assurance practitioner participating in incentive compensation arrangements offered by the employing organisation.
   • An assurance practitioner having access to corporate assets for personal use.
   • An assurance practitioner being offered a gift or special treatment from a supplier of the employing organisation.
2. Self-review Threats
   • An assurance practitioner determining the appropriate accounting treatment for a business combination after performing the feasibility study supporting the purchase decision.
3. Advocacy Threats
   • An assurance practitioner having the opportunity to manipulate information in a prospectus in order to obtain favourable financing.
4. Familiarity Threats
   • An assurance practitioner being responsible for the financial reporting of the employing organisation when an immediate or close family member employed by the organisation makes decisions that affect the financial reporting of the organisation.
   • An assurance practitioner having a long association with individuals influencing business decisions.
5. Intimidation Threats
   • An assurance practitioner or immediate or close family member facing the threat of dismissal or replacement over a disagreement about:
     • The application of an accounting principle.
     • The way in which financial information is to be reported.
     • An individual attempting to influence the decision-making process of the assurance practitioner, for example with regard to the awarding of contracts or the application of an accounting principle.

200.7 A1 The conditions, policies and procedures described in paragraphs 120.6 A1 and 120.8 A2 might impact the evaluation of whether a threat to compliance with the fundamental principles is at an acceptable level.

200.7 A2 The assurance practitioner’s evaluation of the level of a threat is also impacted by the nature and scope of the professional activity.

200.7 A3 The assurance practitioner’s evaluation of the level of a threat might be impacted by the work environment within the employing organisation and its operating environment. For example:

200.7 A4 Assurance practitioners might consider obtaining legal advice where they believe that unethical behaviour or actions by others have occurred, or will continue to occur, within the employing organisation.

200.8 A1 Sections 210 to 270 describe certain threats that might arise during the course of performing professional activities and include examples of actions that might address such threats.

200.8 A2 In extreme situations, if the circumstances that created the threats cannot be eliminated and safeguards are not available or capable of being applied to reduce the threat to an acceptable level, it might be appropriate for an assurance practitioner to resign from the employing organisation.

R200.9 When communicating with those charged with governance in accordance with the Code, an assurance practitioner shall determine the appropriate individual(s) within the employing organisation’s governance structure with whom to communicate. If the assurance practitioner communicates with a subgroup of those charged with governance, the assurance practitioner shall determine whether communication with all of those charged with governance is also necessary so that they are adequately informed.

200.9 A1 In determining with whom to communicate, an assurance practitioner might consider:

1. The nature and importance of the circumstances; and

2. The matter to be communicated.

200.9 A2 Examples of a subgroup of those charged with governance include an audit committee or an individual member of those charged with governance.

R200.10 If an assurance practitioner communicates with individuals who have management responsibilities as well as governance responsibilities, the assurance practitioner shall be satisfied that communication with those individuals adequately informs all of those in a governance role with whom the assurance practitioner would otherwise communicate.

200.10 A1 In some circumstances, all of those charged with governance are involved in managing the employing organisation, for example, a small business where a single owner manages the organisation and no one else has a governance role. In these cases, if matters are communicated with individual(s) with management responsibilities, and those individual(s) also have governance responsibilities, the assurance practitioner has satisfied the requirement to communicate with those charged with governance.

210.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

210.2 A conflict of interest creates threats to compliance with the principle of objectivity and might create threats to compliance with the other fundamental principles. Such threats might be created when:

1. An assurance practitioner undertakes a professional activity related to a particular matter for two or more parties whose interests with respect to that matter are in conflict; or

2. The interest of an assurance practitioner with respect to a particular matter and the interests of a party for whom the assurance practitioner undertakes a professional activity related to that matter are in conflict.

A party might include an employing organisation, a vendor, a customer, a lender, a shareholder, or another party.

210.3 This section sets out specific requirements and application material relevant to applying the conceptual framework to conflicts of interest.

R210.4 An assurance practitioner shall not allow a conflict of interest to compromise professional or business judgement.

210.4 A1 Examples of circumstances that might create a conflict of interest include:

R210.5 An assurance practitioner shall take reasonable steps to identify circumstances that might create a conflict of interest, and therefore a threat to compliance with one or more of the fundamental principles. Such steps shall include identifying:

1. The nature of the relevant interests and relationships between the parties involved; and

2. The activity and its implication for relevant parties.

R210.6 An assurance practitioner shall remain alert to changes over time in the nature of the activities, interests and relationships that might create a conflict of interest while performing a professional activity.

210.7 A1 In general, the more direct the connection between the professional activity and the matter on which the parties’ interests conflict, the more likely the level of the threat is not at an acceptable level.

210.7 A2 An example of an action that might eliminate threats created by conflicts of interest is withdrawing from the decision-making process related to the matter giving rise to the conflict of interest.

210.7 A3 Examples of actions that might be safeguards to address threats created by conflicts of interest include:

210.8 A1 It is generally necessary to:

1. Disclose the nature of the conflict of interest and how any threats created were addressed to the relevant parties, including to the appropriate levels within the employing organisation affected by a conflict; and

2. Obtain consent from the relevant parties for the assurance practitioner to undertake the professional activity when safeguards are applied to address the threat.

210.8 A2 Consent might be implied by a party’s conduct in circumstances where the assurance practitioner has sufficient evidence to conclude that the parties know the circumstances at the outset and have accepted the conflict of interest if they do not raise an objection to the existence of the conflict.

210.8 A3 If such disclosure or consent is not in writing, the assurance practitioner is encouraged to document:

1. The nature of the circumstances giving rise to the conflict of interest;

2. The safeguards applied to address the threats when applicable; and

3. The consent obtained.

210.9 A1 When addressing a conflict of interest, the assurance practitioner is encouraged to seek guidance from within the employing organisation or from others, such as a professional body, legal counsel or another assurance practitioner. When making such disclosures or sharing information within the employing organisation and seeking guidance of third parties, the principle of confidentiality applies.

220.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

220.2 Preparing or presenting information might create a self-interest, intimidation or other threats to compliance with one or more of the fundamental principles. This section sets out specific requirements and application material relevant to applying the conceptual framework in such circumstances.

220.3 A1 Assurance practitioners at all levels in an employing organisation are involved in the preparation or presentation of information both within and outside the organisation.

220.3 A2 Stakeholders to whom, or for whom, such information is prepared or presented, include:

• Management and those charged with governance.

• Investors and lenders or other creditors.

• Regulatory bodies.

This information might assist stakeholders in understanding and evaluating aspects of the employing organisation’s state of affairs and in making decisions concerning the organisation. Information can include financial and non-financial information that might be made public or used for internal purposes.

Examples include:

• Operating and performance reports.

• Decision support analyses.

• Budgets and forecasts.

• Information provided to the internal and external auditors.

• Risk analyses.

• General and special purpose financial statements.

• Tax returns.

• Reports filed with regulatory bodies for legal and compliance purposes.

220.3 A3 For the purposes of this section, preparing or presenting information includes recording, maintaining and approving information.

R220.4 When preparing or presenting information, an assurance practitioner shall:

1. Prepare or present the information in accordance with a relevant reporting framework, where applicable;

2. Prepare or present the information in a manner that is intended neither to mislead nor to influence contractual or regulatory outcomes inappropriately;

3. Exercise professional judgement to:

   1. Represent the facts accurately and completely in all material respects;

   2. Describe clearly the true nature of business transactions or activities; and

   3. Classify and record information in a timely and proper manner; and

4. Not omit anything with the intention of rendering the information misleading or of influencing contractual or regulatory outcomes inappropriately.

220.4 A1 An example of influencing a contractual or regulatory outcome inappropriately is using an unrealistic estimate with the intention of avoiding violation of a contractual requirement such as a debt covenant or of a regulatory requirement such as a capital requirement for a financial institution.

R220.5 Preparing or presenting information might require the exercise of discretion in making professional judgements. The assurance practitioner shall not exercise such discretion with the intention of misleading others or influencing contractual or regulatory outcomes inappropriately.

220.5 A1 Examples of ways in which discretion might be misused to achieve inappropriate outcomes include:

• Determining estimates, for example, determining fair value estimates in order to misrepresent profit or loss.

• Selecting or changing an accounting policy or method among two or more alternatives permitted under the applicable financial reporting framework, for example, selecting a policy for accounting for long-term contracts in order to misrepresent profit or loss.

• Determining the timing of transactions, for example, timing the sale of an asset near the end of the fiscal year in order to mislead.

• Determining the structuring of transactions, for example, structuring financing transactions in order to misrepresent assets and liabilities or classification of cash flows.

• Selecting disclosures, for example, omitting or obscuring information relating to financial or operating risk in order to mislead.

R220.6 When performing professional activities, especially those that do not require compliance with a relevant reporting framework, the assurance practitioner shall exercise professional judgement to identify and consider:

1. The purpose for which the information is to be used;

2. The context within which it is given; and

3. The audience to whom it is addressed.

220.6 A1 For example, when preparing or presenting pro forma reports, budgets or forecasts, the inclusion of relevant estimates, approximations and assumptions, where appropriate, would enable those who might rely on such information to form their own judgements.

220.6 A2 The assurance practitioner might also consider clarifying the intended audience, context and purpose of the information to be presented.

R220.7 An assurance practitioner who intends to rely on the work of others, either internal or external to the employing organisation, shall exercise professional judgement to determine what steps to take, if any, in order to fulfil the responsibilities set out in paragraph R220.4.

220.7 A1 Factors to consider in determining whether reliance on others is reasonable include:

R220.8 When the assurance practitioner knows or has reason to believe that the information with which the assurance practitioner is associated is misleading, the assurance practitioner shall take appropriate actions to seek to resolve the matter.

220.8 A1 Actions that might be appropriate include:

220.8 A2 The assurance practitioner might determine that the employing organisation has not taken appropriate action. If the assurance practitioner continues to have reason to believe that the information is misleading, the following further actions might be appropriate provided that the assurance practitioner remains alert to the principle of confidentiality:

R220.9 If after exhausting all feasible options, the assurance practitioner determines that appropriate action has not been taken and there is reason to believe that the information is still misleading, the assurance practitioner shall refuse to be or to remain associated with the information.

220.9 A1 In such circumstances, it might be appropriate for an assurance practitioner to resign from the employing organisation.

220.10 A1 The assurance practitioner is encouraged to document:

220.11 A1 Where threats to compliance with the fundamental principles relating to the preparation or presentation of information arise from a financial interest, including compensation and incentives linked to financial reporting and decision making, the requirements and application material set out in Section 240 apply.

220.11 A2 Where the misleading information might involve non-compliance with laws and regulations, the requirements and application material set out in Section 260 apply.

220.11 A3 Where threats to compliance with the fundamental principles relating to the preparation or presentation of information arise from pressure, the requirements and application material set out in Section 270 apply.

230.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

230.2 Acting without sufficient expertise creates a self-interest threat to compliance with the principle of professional competence and due care. This section sets out specific requirements and application material relevant to applying the conceptual framework in such circumstances.

R230.3 An assurance practitioner shall not intentionally mislead an employing organisation as to the level of expertise or experience possessed.

230.3 A1 The principle of professional competence and due care requires that an assurance practitioner only undertake significant tasks for which the assurance practitioner has, or can obtain, sufficient training or experience.

230.3 A2 A self-interest threat to compliance with the principle of professional competence and due care might be created if an assurance practitioner has:

230.3 A3 Factors that are relevant in evaluating the level of such a threat include:

230.3 A4 Examples of actions that might be safeguards to address such a self-interest threat include:

R230.4 If a threat to compliance with the principle of professional competence and due care cannot be addressed, an assurance practitioner shall determine whether to decline to perform the duties in question. If the assurance practitioner determines that declining is appropriate, the assurance practitioner shall communicate the reasons.

230.5 A1 The requirements and application material in Section 270 apply when an assurance practitioner is pressured to act in a manner that might lead to a breach of the principle of professional competence and due care.

240.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

240.2 Having a financial interest, or knowing of a financial interest held by an immediate or close family member might create a self-interest threat to compliance with the principles of objectivity or confidentiality. This section sets out specific requirements and application material relevant to applying the conceptual framework in such circumstances.

R240.3 An assurance practitioner shall not manipulate information or use confidential information for personal gain or for the financial gain of others.

240.3 A1 Assurance practitioners might have financial interests or might know of financial interests of immediate or close family members that, in certain circumstances, might create threats to compliance with the fundamental principles. Financial interests include those arising from compensation or incentive arrangements linked to financial reporting and decision making.

240.3 A2 Examples of circumstances that might create a self-interest threat include situations in which the assurance practitioner or an immediate or close family member:

• Has a motive and opportunity to manipulate price-sensitive information in order to gain financially.

• Holds a direct or indirect financial interest in the employing organisation and the value of that financial interest might be directly affected by decisions made by the assurance practitioner.

• Is eligible for a profit-related bonus and the value of that bonus might be directly affected by decisions made by the assurance practitioner.

• Holds, directly or indirectly, deferred bonus share rights or share options in the employing organisation, the value of which might be affected by decisions made by the assurance practitioner.

• Participates in compensation arrangements which provide incentives to achieve targets or to support efforts to maximise the value of the employing organisation’s shares. An example of such an arrangement might be through participation in incentive plans which are linked to certain performance conditions being met.

240.3 A3 Factors that are relevant in evaluating the level of such a threat include:

• The significance of the financial interest. What constitutes a significant financial interest will depend on personal circumstances and the materiality of the financial interest to the individual.

• Policies and procedures for a committee independent of management to determine the level or form of senior management remuneration.

• In accordance with any internal policies, disclosure to those charged with governance of:

• All relevant interests.

• Any plans to exercise entitlements or trade in relevant shares.

• Internal and external audit procedures that are specific to address issues that give rise to the financial interest.

240.3 A4 Threats created by compensation or incentive arrangements might be compounded by explicit or implicit pressure from superiors or colleagues. See Section 270, Pressure to Breach the Fundamental Principles.

250.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

250.2 Offering or accepting inducements might create a self-interest, familiarity or intimidation threat to compliance with the fundamental principles, particularly the principles of integrity, objectivity and professional behaviour.

250.3 This section sets out requirements and application material relevant to applying the conceptual framework in relation to the offering and accepting of inducements when undertaking professional activities that does not constitute non-compliance with laws and regulations. This section also requires an assurance practitioner to comply with relevant laws and regulations when offering or accepting inducements.

250.4 A1 An inducement is an object, situation, or action that is used as a means to influence another individual’s behaviour, but not necessarily with the intent to improperly influence that individual’s behaviour. Inducements can range from minor acts of hospitality between business colleagues to acts that result in non-compliance with laws and regulations. An inducement can take many different forms, for example:

R250.5 In many jurisdictions, there are laws and regulations, such as those related to bribery and corruption, that prohibit the offering or accepting of inducements in certain circumstances. The assurance practitioner shall obtain an understanding of relevant laws and regulations and comply with them when the assurance practitioner encounters such circumstances.

250.6 A1 The offering or accepting of inducements that is not prohibited by laws and regulations might still create threats to compliance with the fundamental principles.

R250.7 An assurance practitioner shall not offer, or encourage others to offer, any inducement that is made, or which the assurance practitioner considers a reasonable and informed third party would be likely to conclude is made, with the intent to improperly influence the behaviour of the recipient or of another individual.

R250.8 An assurance practitioner shall not accept, or encourage others to accept, any inducement that the assurance practitioner concludes is made, or considers a reasonable and informed third party would be likely to conclude is made, with the intent to improperly influence the behaviour of the recipient or of another individual.

250.9 A1 An inducement is considered as improperly influencing an individual’s behaviour if it causes the individual to act in an unethical manner. Such improper influence can be directed either towards the recipient or towards another individual who has some relationship with the recipient. The fundamental principles are an appropriate frame of reference for an assurance practitioner in considering what constitutes unethical behaviour on the part of the assurance practitioner and, if necessary by analogy, other individuals.

250.9 A2 A breach of the fundamental principle of integrity arises when an assurance practitioner offers or accepts, or encourages others to offer or accept, an inducement where the intent is to improperly influence the behaviour of the recipient or of another individual.

250.9 A3 The determination of whether there is actual or perceived intent to improperly influence behaviour requires the exercise of professional judgement. Relevant factors to consider might include:

250.10 A1 If the assurance practitioner becomes aware of an inducement offered with actual or perceived intent to improperly influence behaviour, threats to compliance with the fundamental principles might still be created even if the requirements in paragraphs R250.7 and R250.8 are met.

250.10 A2 Examples of actions that might be safeguards to address such threats include:

250.11 A1 The requirements and application material set out in the conceptual framework apply when an assurance practitioner has concluded there is no actual or perceived intent to improperly influence the behaviour of the recipient or of another individual.

250.11 A2 If such an inducement is trivial and inconsequential, any threats created will be at an acceptable level.

250.11 A3 Examples of circumstances where offering or accepting such an inducement might create threats even if the assurance practitioner has concluded there is no actual or perceived intent to improperly influence behaviour include:

250.11 A4 Relevant factors in evaluating the level of such threats created by offering or accepting such an inducement include the same factors set out in paragraph 250.9 A3 for determining intent.

250.11 A5 Examples of actions that might eliminate threats created by offering or accepting such an inducement include:

250.11 A6 Examples of actions that might be safeguards to address such threats created by offering or accepting such an inducement include:

R250.12 An assurance practitioner shall remain alert to potential threats to the assurance practitioner’s compliance with the fundamental principles created by the offering of an inducement:

1. By an immediate or close family member of the assurance practitioner to a counterparty with whom the assurance practitioner has a professional relationship; or

2. To an immediate or close family member of the assurance practitioner by a counterparty with whom the assurance practitioner has a professional relationship.

R250.13 Where the assurance practitioner becomes aware of an inducement being offered to or made by an immediate or close family member and concludes there is intent to improperly influence the behaviour of the assurance practitioner or of the counterparty, or considers a reasonable and informed third party would be likely to conclude such intent exists, the assurance practitioner shall advise the immediate or close family member not to offer or accept the inducement.

250.13 A1 The factors set out in paragraph 250.9 A3 are relevant in determining whether there is actual or perceived intent to improperly influence the behaviour of the assurance practitioner or of the counterparty. Another factor that is relevant is the nature or closeness of the relationship, between:

1. The assurance practitioner and the immediate or close family member;

2. The immediate or close family member and the counterparty; and

3. The assurance practitioner and the counterparty.

For example, the offer of employment, outside of the normal recruitment process, to the spouse of the assurance practitioner by a counterparty with whom the assurance practitioner is negotiating a significant contract might indicate such intent.

250.13 A2 The application material in paragraph 250.10 A2 is also relevant in addressing threats that might be created when there is actual or perceived intent to improperly influence the behaviour of the assurance practitioner or of the counterparty even if the immediate or close family member has followed the advice given pursuant to paragraph R250.13.

250.14 A1 Where the assurance practitioner becomes aware of an inducement offered in the circumstances addressed in paragraph R250.12, threats to compliance with the fundamental principles might be created where:

1. The immediate or close family member offers or accepts the inducement contrary to the advice of the assurance practitioner pursuant to paragraph R250.13; or

2. The assurance practitioner does not have reason to believe an actual or perceived intent to improperly influence the behaviour of the assurance practitioner or of the counterparty exists.

250.14A2 The application material in paragraphs 250.11 A1 to 250.11 A6 is relevant for the purposes of identifying, evaluating and addressing such threats. Factors that are relevant in evaluating the level of threats in these circumstances also include the nature or closeness of the relationships set out in paragraph 250.13 A1.

250.15 A1 If an assurance practitioner is offered an inducement by the employing organisation relating to financial interests, compensation and incentives linked to performance, the requirements and application material set out in Section 240 apply.

250.15 A2 If an assurance practitioner encounters or is made aware of inducements that might result in non-compliance or suspected non-compliance with laws and regulations by other individuals working for or under the direction of the employing organisation, the requirements and application material set out in Section 260 apply.

250.15 A3 If an assurance practitioner faces pressure to offer or accept inducements that might create threats to compliance with the fundamental principles, the requirements and application material set out in Section 270 apply.

260.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

260.2 A self-interest or intimidation threat to compliance with the principles of integrity and professional behaviour is created when an assurance practitioner becomes aware of non-compliance or suspected non-compliance with laws and regulations.

260.3 An assurance practitioner might encounter or be made aware of non-compliance or suspected non-compliance in the course of carrying out professional activities. This section guides the assurance practitioner in assessing the implications of the matter and the possible courses of action when responding to non-compliance or suspected non- compliance with:

1. Laws and regulations generally recognised to have a direct effect on the determination of material amounts and disclosures in the employing organisation’s financial statements; and

2. Other laws and regulations that do not have a direct effect on the determination of the amounts and disclosures in the employing organisation’s financial statements, but compliance with which might be fundamental to the operating aspects of the employing organisation’s business, to its ability to continue its business, or to avoid material penalties.

260.4 A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in the public interest. When responding to non-compliance or suspected non-compliance, the objectives of the assurance practitioner are:

1. To comply with the principles of integrity and professional behaviour;

2. By alerting management or, where appropriate, those charged with governance of the employing organisation, to seek to:

   1. Enable them to rectify, remediate or mitigate the consequences of the identified or suspected non-compliance; or

   2. Deter the non-compliance where it has not yet occurred; and

3. To take such further action as appropriate in the public interest.

260.5 A1 Non-compliance with laws and regulations (“non-compliance”) comprises acts of omission or commission, intentional or unintentional, which are contrary to the prevailing laws or regulations committed by the following parties:

1. The assurance practitioner’s employing organisation;

2. Those charged with governance of the employing organisation;

3. Management of the employing organisation; or

4. Other individuals working for or under the direction of the employing organisation.

260.5 A2 Examples of laws and regulations which this section addresses include those that deal with:

• Fraud, corruption and bribery.

• Money laundering, terrorist financing and proceeds of crime.

• Securities markets and trading.

• Banking and other financial products and services.

• Data protection.

• Tax and pension liabilities and payments.

• Environmental protection.

• Public health and safety.

260.5 A3 Non-compliance might result in fines, litigation or other consequences for the employing organisation, potentially materially affecting its financial statements. Importantly, such non-compliance might have wider public interest implications in terms of potentially substantial harm to investors, creditors, employees or the general public. For the purposes of this section, non-compliance that causes substantial harm is one that results in serious adverse consequences to any of these parties in financial or non-financial terms. Examples include the perpetration of a fraud resulting in significant financial losses to investors, and breaches of environmental laws and regulations endangering the health or safety of employees or the public.

R260.6 In some jurisdictions, there are legal or regulatory provisions governing how assurance practitioners are required to address non-compliance or suspected non- compliance. These legal or regulatory provisions might differ from or go beyond the provisions in this section. When encountering such non-compliance or suspected non-compliance, the assurance practitioner shall obtain an understanding of those legal or regulatory provisions and comply with them, including:

1. Any requirement to report the matter to an appropriate authority; and

2. Any prohibition on alerting the relevant party.

260.6 A1 A prohibition on alerting the relevant party might arise, for example, pursuant to anti- money laundering legislation.

260.7 A1 This section applies regardless of the nature of the employing organisation, including whether or not it is a public interest entity.

260.7 A2 An assurance practitioner who encounters or is made aware of matters that are clearly inconsequential is not required to comply with this section. Whether a matter is clearly inconsequential is to be judged with respect to its nature and its impact, financial or otherwise, on the employing organisation, its stakeholders and the general public.

260.7 A3 This section does not address:

1. Personal misconduct unrelated to the business activities of the employing organisation; and

2. Non-compliance by parties other than those specified in paragraph 260.5 A1.

The assurance practitioner might nevertheless find the guidance in this section helpful in considering how to respond in these situations.

260.8 A1 The employing organisation’s management, with the oversight of those charged with governance, is responsible for ensuring that the employing organisation’s business activities are conducted in accordance with laws and regulations. Management and those charged with governance are also responsible for identifying and addressing any non-compliance by:

1. The employing organisation;

2. An individual charged with governance of the employing organisation;

3. A member of management; or

4. Other individuals working for or under the direction of the employing organisation.

R260.9 If protocols and procedures exist within the assurance practitioner’s employing organisation to address non-compliance or suspected non-compliance, the assurance practitioner shall consider them in determining how to respond to such non-compliance.

260.9 A1 Many employing organisations have established protocols and procedures regarding how to raise non-compliance or suspected non-compliance internally. These protocols and procedures include, for example, an ethics policy or internal whistle-blowing mechanism. Such protocols and procedures might allow matters to be reported anonymously through designated channels.

R260.10 Where an assurance practitioner becomes aware of a matter to which this section applies, the steps that the assurance practitioner takes to comply with this section shall be taken on a timely basis. For the purpose of taking timely steps, the assurance practitioner shall have regard to the nature of the matter and the potential harm to the interests of the employing organisation, investors, creditors, employees or the general public.

260.11 A1 Senior assurance practitioners are directors, officers or senior employees able to exert significant influence over, and make decisions regarding, the acquisition, deployment and control of the employing organisation’s human, financial, technological, physical and intangible resources. There is a greater expectation for such individuals to take whatever action is appropriate in the public interest to respond to non-compliance or suspected non-compliance than other assurance practitioners within the employing organisation. This is because of senior assurance practitioners’ roles, positions and spheres of influence within the employing organisation.

R260.12 If, in the course of carrying out professional activities, a senior assurance practitioner becomes aware of information concerning non-compliance or suspected non-compliance, the senior assurance practitioner shall obtain an understanding of the matter. This understanding shall include:

1. The nature of the non-compliance or suspected non-compliance and the circumstances in which it has occurred or might occur;

2. The application of the relevant laws and regulations to the circumstances; and

3. An assessment of the potential consequences to the employing organisation, investors, creditors, employees or the wider public.

260.12 A1 A senior assurance practitioner is expected to apply knowledge and expertise, and exercise professional judgement. However, the assurance practitioner is not expected to have a level of understanding of laws and regulations greater than that which is required for the assurance practitioner’s role within the employing organisation. Whether an act constitutes non-compliance is ultimately a matter to be determined by a court or other appropriate adjudicative body.

260.12A2 Depending on the nature and significance of the matter, the senior assurance practitioner might cause, or take appropriate steps to cause, the matter to be investigated internally. The assurance practitioner might also consult on a confidential basis with others within the employing organisation or a professional body, or with legal counsel.

R260.13 If the senior assurance practitioner identifies or suspects that non-compliance has occurred or might occur, the assurance practitioner shall, subject to paragraph R260.9, discuss the matter with the assurance practitioner’s immediate superior, if any. If the assurance practitioner’s immediate superior appears to be involved in the matter, the assurance practitioner shall discuss the matter with the next higher level of authority within the employing organisation.

260.13 A1 The purpose of the discussion is to enable a determination to be made as to how to address the matter.

R260.14 The senior assurance practitioner shall also take appropriate steps to:

1. Have the matter communicated to those charged with governance;

2. Comply with applicable laws and regulations, including legal or regulatory provisions governing the reporting of non-compliance or suspected non- compliance to an appropriate authority;

3. Have the consequences of the non-compliance or suspected non-compliance rectified, remediated or mitigated;

4. Reduce the risk of re-occurrence; and

5. Seek to deter the commission of the non-compliance if it has not yet occurred.

260.14 A1 The purpose of communicating the matter to those charged with governance is to obtain their concurrence regarding appropriate actions to take to respond to the matter and to enable them to fulfil their responsibilities.

260.14 A2 Some laws and regulations might stipulate a period within which reports of non- compliance or suspected non-compliance are to be made to an appropriate authority.

R260.15 In addition to responding to the matter in accordance with the provisions of this section, the senior assurance practitioner shall determine whether disclosure of the matter to the employing organisation’s external auditor, if any, is needed.

260.15 A1 Such disclosure would be pursuant to the senior assurance practitioner’s duty or legal obligation to provide all information necessary to enable the auditor to perform the audit.

R260.16 The senior assurance practitioner shall assess the appropriateness of the response of the assurance practitioner’s superiors, if any, and those charged with governance.

260.16 A1 Relevant factors to consider in assessing the appropriateness of the response of the senior assurance practitioner’s superiors, if any, and those charged with governance include whether:

R260.17 In light of the response of the senior assurance practitioner’s superiors, if any, and those charged with governance, the assurance practitioner shall determine if further action is needed in the public interest.

260.17 A1 The determination of whether further action is needed, and the nature and extent of it, will depend on various factors, including:

260.17 A2 Examples of circumstances that might cause the senior assurance practitioner no longer to have confidence in the integrity of the assurance practitioner’s superiors and those charged with governance include situations where:

R260.18 The senior assurance practitioner shall exercise professional judgement in determining the need for, and nature and extent of, further action. In making this determination, the assurance practitioner shall take into account whether a reasonable and informed third party would be likely to conclude that the assurance practitioner has acted appropriately in the public interest.

260.18 A1 Further action that the senior assurance practitioner might take includes:

260.18 A2 Resigning from the employing organisation is not a substitute for taking other actions that might be needed to achieve the senior assurance practitioner’s objectives under this section. In some jurisdictions, however, there might be limitations as to the further actions available to the assurance practitioner. In such circumstances, resignation might be the only available course of action.

260.19 A1 As assessment of the matter might involve complex analysis and judgements, the senior assurance practitioner might consider:

260.20 A1 Disclosure of the matter to an appropriate authority would be precluded if doing so would be contrary to law or regulation. Otherwise, the purpose of making disclosure is to enable an appropriate authority to cause the matter to be investigated and action to be taken in the public interest.

260.20 A2 The determination of whether to make such a disclosure depends in particular on the nature and extent of the actual or potential harm that is or might be caused by the matter to investors, creditors, employees or the general public. For example, the senior assurance practitioner might determine that disclosure of the matter to an appropriate authority is an appropriate course of action if:

260.20 A3 The determination of whether to make such a disclosure will also depend on external factors such as:

R260.21 If the senior assurance practitioner determines that disclosure of the matter to an appropriate authority is an appropriate course of action in the circumstances, that disclosure is permitted pursuant to paragraph R114.1(d) of the Code. When making such disclosure, the assurance practitioner shall act in good faith and exercise caution when making statements and assertions.

R260.22 In exceptional circumstances, the senior assurance practitioner might become aware of actual or intended conduct that the assurance practitioner has reason to believe would constitute an imminent breach of a law or regulation that would cause substantial harm to investors, creditors, employees or the general public. Having first considered whether it would be appropriate to discuss the matter with management or those charged with governance of the employing organisation, the assurance practitioner shall exercise professional judgement and determine whether to disclose the matter immediately to an appropriate authority in order to prevent or mitigate the consequences of such imminent breach. If disclosure is made, that disclosure is permitted pursuant to paragraph R114.1(d) of the Code.

260.23 A1 In relation to non-compliance or suspected non-compliance that falls within the scope of this section, the senior assurance practitioner is encouraged to have the following matters documented:

R260.24 If, in the course of carrying out professional activities, an assurance practitioner becomes aware of information concerning non-compliance or suspected non- compliance, the assurance practitioner shall seek to obtain an understanding of the matter. This understanding shall include the nature of the non-compliance or suspected non-compliance and the circumstances in which it has occurred or might occur.

260.24A1 The assurance practitioner is expected to apply knowledge and expertise, and exercise professional judgement. However, the assurance practitioner is not expected to have a level of understanding of laws and regulations greater than that which is required for the assurance practitioner’s role within the employing organisation. Whether an act constitutes non-compliance is ultimately a matter to be determined by a court or other appropriate adjudicative body.

260.24 A2 Depending on the nature and significance of the matter, the assurance practitioner might consult on a confidential basis with others within the employing organisation or a professional body, or with legal counsel.

R260.25 If the assurance practitioner identifies or suspects that non-compliance has occurred or might occur, the assurance practitioner shall, subject to paragraph R260.9, inform an immediate superior to enable the superior to take appropriate action. If the assurance practitioner’s immediate superior appears to be involved in the matter, the assurance practitioner shall inform the next higher level of authority within the employing organisation.

R260.26 In exceptional circumstances, the assurance practitioner may determine that disclosure of the matter to an appropriate authority is an appropriate course of action. If the assurance practitioner does so pursuant to paragraphs 260.20 A2 and A3, that disclosure is permitted pursuant to paragraph R114.1(d) of the Code. When making such disclosure, the assurance practitioner shall act in good faith and exercise caution when making statements and assertions.

260.27A1 In relation to non-compliance or suspected non-compliance that falls within the scope of this section, the assurance practitioner is encouraged to have the following matters documented:

270.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

270.2 Pressure exerted on, or by, an assurance practitioner might create an intimidation or other threat to compliance with one or more of the fundamental principles. This section sets out specific requirements and application material relevant to applying the conceptual framework in such circumstances.

R270.3 An assurance practitioner shall not:

1. Allow pressure from others to result in a breach of compliance with the fundamental principles; or

2. Place pressure on others that the assurance practitioner knows, or has reason to believe, would result in the other individuals breaching the fundamental principles.

270.3 A1 An assurance practitioner might face pressure that creates threats to compliance with the fundamental principles, for example an intimidation threat, when undertaking a professional activity. Pressure might be explicit or implicit and might come from:

270.3 A2 Examples of pressure that might result in threats to compliance with the fundamental principles include:

270.3 A3 Factors that are relevant in evaluating the level of threats created by pressure include:

270.3 A4 Discussing the circumstances creating the pressure and consulting with others about those circumstances might assist the assurance practitioner to evaluate the level of the threat. Such discussion and consultation, which requires being alert to the principle of confidentiality, might include:

270.3 A5 An example of an action that might eliminate threats created by pressure is the assurance practitioner’s request for a restructure of, or segregation of, certain responsibilities and duties so that the assurance practitioner is no longer involved with the individual or entity exerting the pressure.

270.4 A1 The assurance practitioner is encouraged to document:

300.1 This Part of the Code sets out requirements and application material for assurance practitioners when applying the conceptual framework set out in Section 120. It does not describe all of the facts and circumstances, including professional activities, interests and relationships, that could be encountered by assurance practitioners, which create or might create threats to compliance with the fundamental principles. Therefore, the conceptual framework requires assurance practitioners to be alert for such facts and circumstances.

300.2 The requirements and application material that apply to assurance practitioners are set out in:

300.3 In this Part, the term “assurance practitioner” refers to individual assurance practitioners and their firms.

R300.4 An assurance practitioner shall comply with the fundamental principles set out in Section 110 and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats to compliance with the fundamental principles.

R300.5 When dealing with an ethics issue, the assurance practitioner shall consider the context in which the issue has arisen or might arise. Where an individual who is an assurance practitioner is performing professional activities pursuant to the assurance practitioner’s relationship with the firm, whether as a contractor, employee or owner, the individual shall comply with the provisions in Part 2 that apply to these circumstances.

300.5 A1 Examples of situations in which the provisions in Part 2 apply to an assurance practitioner include:

NZ300.5A1.1

The International Independence Standards (New Zealand) prohibit the firm or a network firm from providing accounting and bookkeeping services including preparing financial statements on which the firm will express an opinion or a conclusion or financial information which forms the basis of such financial statements², except in limited circumstances as described in paragraph R601.5. Accordingly, the situation described in the second bullet point of paragraph 300.5 A1 in respect of an assurance practitioner’s assurance client would not be permitted.

300.6 A1 Threats to compliance with the fundamental principles might be created by a broad range of facts and circumstances. The categories of threats are described in paragraph 120.6 A3. The following are examples of facts and circumstances within each of those categories of threats that might create threats for an assurance practitioner when undertaking an assurance service:

1. Self-interest threats

   • An assurance practitioner having a direct financial interest in a client.

   • An assurance practitioner quoting a low fee to obtain a new engagement and the fee is so low that it might be difficult to perform the assurance service in accordance with standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board and the New Zealand Accounting Standards Board for that price.

   • An assurance practitioner having a close business relationship with a client.

   • An assurance practitioner having access to confidential information that might be used for personal gain.

   • An assurance practitioner discovering a significant error when evaluating the results of a previous assurance service performed by a member of the assurance practitioner’s firm.

2. Self-review Threats

   • An assurance practitioner issuing an assurance report on the effectiveness of the operation of financial systems after implementing the systems.

   • An assurance practitioner having prepared the original data used to generate records that are the subject matter of the assurance engagement.

3. Advocacy Threats

   • An assurance practitioner promoting the interests of, or shares in, a client.

   • An assurance practitioner acting as an advocate on behalf of a client in litigation or disputes with third parties.

   • An assurance practitioner lobbying in favour of legislation on behalf of a client.

4. Familiarity Threats

   • An assurance practitioner having a close or immediate family member who is a director or officer of the client.

   • A director or officer of the client, or an employee in a position to exert significant influence over the subject matter of the engagement, having recently served as the engagement partner.

   • An audit team member having a long association with the audit client.

   • An individual who is being considered to serve as an appropriate reviewer, as a safeguard to address a threat, having a close relationship with an individual who performed the work.

5. Intimidation Threats

   • An assurance practitioner being threatened with dismissal from a client engagement or the firm because of a disagreement about a professional matter.

   • An assurance practitioner feeling pressured to agree with the judgement of a client because the client has more expertise on the matter in question.

   • An assurance practitioner being informed that a planned promotion will not occur unless the assurance practitioner agrees with an inappropriate accounting treatment.

   • An assurance practitioner having accepted a significant gift from a client and being threatened that acceptance of this gift will be made public.

300.7 A1 The conditions, policies and procedures described in paragraph 120.6 A1 and 120.8 A2 might impact the evaluation of whether a threat to compliance with the fundamental principles is at an acceptable level. Such conditions, policies and procedures might relate to:

1. The client and its operating environment; and

2. The firm and its operating environment.

300.7 A2 The assurance practitioner’s evaluation of the level of a threat is also impacted by the nature and scope of the assurance service.

300.7 A3 The assurance practitioner’s evaluation of the level of a threat might be impacted by whether the client is:

1. An audit client and whether the audit client is a public interest entity;

2. An assurance client that is not an audit client; or

3. A non-assurance client.

For example, providing a non-assurance service to an audit client that is a public interest entity might be perceived to result in a higher level of threat to compliance with the principle of objectivity with respect to the audit.

300.7 A4 The corporate governance structure, including the leadership of a client might promote compliance with the fundamental principles. Accordingly, an assurance practitioner’s evaluation of the level of a threat might also be impacted by a client’s operating environment. For example:

300.7 A5 An assurance practitioner’s evaluation of the level of a threat might be impacted by the work environment within the assurance practitioner’s firm and its operating environment. For example:

300.7 A6 New information or changes in facts and circumstances might:

1. Impact the level of a threat; or

2. Affect the assurance practitioner’s conclusions about whether safeguards applied continue to address identified threats as intended.

In these situations, actions that were already implemented as safeguards might no longer be effective in addressing threats. Accordingly, the application of the conceptual framework requires that the assurance practitioner re-evaluate and address the threats accordingly. (Ref: Paras. R120.9 and R120.10).

300.7 A7 Examples of new information or changes in facts and circumstances that might impact the level of a threat include:

300.8 A1 Paragraphs R120.10 to 120.10 A2 set out requirements and application material for addressing threats that are not at an acceptable level.

300.8 A2 Safeguards vary depending on the facts and circumstances. Examples of actions that in certain circumstances might be safeguards to address threats include:

300.8 A3 The remaining sections of Part 3 and International Independence Standards (New Zealand) describe certain threats that might arise during the course of performing assurance services and include examples of actions that might address threats.

300.8 A4 An appropriate reviewer is a professional with the necessary knowledge, skills, experience and authority to review, in an objective manner, the relevant work performed or service provided. Such an individual might be an assurance practitioner.

R300.9 When communicating with those charged with governance in accordance with the Code, an assurance practitioner shall determine the appropriate individual(s) within the entity's governance structure with whom to communicate. If the assurance practitioner communicates with a subgroup of those charged with governance, the assurance practitioner shall determine whether communication with all of those charged with governance is also necessary so that they are adequately informed.

300.9 A1 In determining with whom to communicate, an assurance practitioner might consider:

1. The nature and importance of the circumstances; and

2. The matter to be communicated.

300.9 A2 Examples of a subgroup of those charged with governance include an audit committee or an individual member of those charged with governance.

R300.10 If an assurance practitioner communicates with individuals who have management responsibilities as well as governance responsibilities, the assurance practitioner shall be satisfied that communication with those individuals adequately informs all of those in a governance role with whom the assurance practitioner would otherwise communicate.

300.10 A1 In some circumstances, all of those charged with governance are involved in managing the entity, for example, a small business where a single owner manages the entity and no one else has a governance role. In these cases, if matters are communicated to individual(s) with management responsibilities, and those individual(s) also have governance responsibilities, the assurance practitioner has satisfied the requirement to communicate with those charged with governance.

310.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

310.2 A conflict of interest creates threats to compliance with the principle of objectivity and might create threats to compliance with the other fundamental principles. Such threats might be created when:

1. An assurance practitioner provides a professional service related to a particular matter for two or more assurance clients whose interests with respect to that matter are in conflict; or

2. The interests of an assurance practitioner with respect to a particular matter and the interests of the assurance client for whom the assurance practitioner provides a professional service related to that matter are in conflict.

310.3 This section sets out specific requirements and application material relevant to applying the conceptual framework to conflicts of interest. When an assurance practitioner provides an audit, review or other assurance service, independence is also required in accordance with International Independence Standards (New Zealand).

R310.4 An assurance practitioner shall not allow a conflict of interest to compromise professional or business judgement.

310.4 A1 Examples of circumstances that might create a conflict of interest include:

R310.5 Before accepting a new client relationship, engagement, or business relationship, an assurance practitioner shall take reasonable steps to identify circumstances that might create a conflict of interest, and therefore a threat to compliance with one or more of the fundamental principles. Such steps shall include identifying:

1. The nature of the relevant interests and relationships between the parties involved; and

2. The service and its implication for relevant parties.

310.5 A1 An effective conflict identification process assists an assurance practitioner when taking reasonable steps to identify interests and relationships that might create an actual or potential conflict of interest, both before determining whether to accept an engagement and throughout the engagement. Such a process includes considering matters identified by external parties, for example clients or potential clients. The earlier an actual or potential conflict of interest is identified, the greater the likelihood of the assurance practitioner being able to address threats created by the conflict of interest.

310.5 A2 An effective process to identify actual or potential conflicts of interest will take into account factors such as:

310.5 A3 More information on client acceptance is set out in Section 320, Professional Appointments.

R310.6 An assurance practitioner shall remain alert to changes over time in the nature of services, interests and relationships that might create a conflict of interest while performing an engagement.

310.6 A1 The nature of services, interests and relationships might change during the engagement. This is particularly true when an assurance practitioner is asked to conduct an engagement in a situation that might become adversarial, even though the parties who engage the assurance practitioner initially might not be involved in a dispute.

R310.7 If the firm is a member of a network, an assurance practitioner shall consider conflicts of interest that the assurance practitioner has reason to believe might exist or arise due to interests and relationships of a network firm.

310.7 A1 Factors to consider when identifying interests and relationships involving a network firm include:

310.8 A1 In general, the more direct the connection between the professional service and the matter on which the parties’ interests conflict, the more likely the level of the threat is not at an acceptable level.

310.8 A2 Factors that are relevant in evaluating the level of a threat created by a conflict of interest include measures that prevent unauthorised disclosure of confidential information when performing professional services related to a particular matter for two or more clients whose interests with respect to that matter are in conflict. These measures include:

310.8 A3 Examples of actions that might be safeguards to address threats created by a conflict of interest include:

310.9 A1 Factors to consider when determining whether specific disclosure and explicit consent are necessary include:

310.9 A2 Disclosure and consent might take different forms, for example:

310.9 A3 [Deleted by the NZAuASB. Refer NZ R310.9.1 and NZ R310.9.2]

310.9 A4 [Deleted by the NZAuASB. Refer NZ R310.9.1 and NZ R310.9.2]

R310.10 If an assurance practitioner has determined that explicit consent is necessary in accordance with paragraph R310.9 and the client has refused to provide consent, the assurance practitioner shall either:

1. End or decline to perform professional services that would result in the conflict of interest; or

2. End relevant relationships or dispose of relevant interests to eliminate the threat or reduce it to an acceptable level.

R310.11 An assurance practitioner shall remain alert to the principle of confidentiality, including when making disclosures or sharing information within the firm or network and seeking guidance from third parties.

310.11 A1 Subsection 114 sets out requirements and application material relevant to situations that might create a threat to compliance with the principle of confidentiality.

R310.12 [Deleted by the NZAuASB. Refer to NZ R310.12.1]

NZR310.12.1 In those circumstances where adequate disclosure is not possible by reason of constraints of confidentiality the assurance practitioner shall end or decline the relevant assurance engagement.

310.12 A1 [Deleted by the NZAuASB. Refer to NZ R310.12.1]

R310.13 [Deleted by the NZAuASB.]

320.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

320.2 Acceptance of a new client relationship or changes in an existing engagement might create a threat to compliance with one or more of the fundamental principles. This section sets out specific requirements and application material relevant to applying the conceptual framework in such circumstances.

320.3 A1 Threats to compliance with the principles of integrity or professional behaviour might be created, for example, from questionable issues associated with the client (its owners, management or activities). Issues that, if known, might create such a threat include client involvement in illegal activities, dishonesty, questionable financial reporting practices or other unethical behaviour.

320.3 A2 Factors that are relevant in evaluating the level of such a threat include:

320.3 A3 A self-interest threat to compliance with the principle of professional competence and due care is created if the team does not possess, or cannot acquire, the competencies to perform the professional services.

320.3 A4 Factors that are relevant in evaluating the level of such a threat include:

320.3 A5 Examples of actions that might be safeguards to address a self-interest threat include:

R320.4 An assurance practitioner shall determine whether there are any reasons for not accepting an engagement when the assurance practitioner:

1. Is asked by a potential client to replace another assurance practitioner;

2. Considers tendering for an engagement held by another assurance practitioner; or

3. Considers undertaking work that is complementary or additional to that of another assurance practitioner.

320.4 A1 There might be reasons for not accepting an engagement. One such reason might be if a threat created by the facts and circumstances cannot be addressed by applying safeguards. For example, there might be a self-interest threat to compliance with the principle of professional competence and due care if an assurance practitioner accepts the engagement before knowing all the relevant facts.

320.4 A2 If an assurance practitioner is asked to undertake work that is complementary or additional to the work of an existing or predecessor assurance practitioner, a self- interest threat to compliance with the principle of professional competence and due care might be created, for example, as a result of incomplete information.

320.4 A3 A factor that is relevant in evaluating the level of such a threat is whether tenders state that, before accepting the engagement, contact with the existing or predecessor assurance practitioner will be requested. This contact gives the proposed assurance practitioner the opportunity to enquire whether there are any reasons why the engagement should not be accepted.

320.4 A4 Examples of actions that might be safeguards to address such a self-interest threat include:

320.5 A1 A proposed assurance practitioner will usually need the client’s permission, preferably in writing, to initiate discussions with the existing or predecessor assurance practitioner.

R320.6 If unable to communicate with the existing or predecessor assurance practitioner, the proposed assurance practitioner shall take other reasonable steps to obtain information about any possible threats.

R320.7 When an existing or predecessor assurance practitioner is asked to respond to a communication from a proposed assurance practitioner, the existing or predecessor assurance practitioner shall:

1. Comply with relevant laws and regulations governing the request; and

2. Provide any information honestly and unambiguously.

320.7 A1 An existing or predecessor assurance practitioner is bound by confidentiality. Whether the existing or predecessor assurance practitioner is permitted or required to discuss the affairs of a client with a proposed assurance practitioner will depend on the nature of the engagement and:

1. Whether the existing or predecessor assurance practitioner has permission from the client for the discussion; and

2. The legal and ethics requirements relating to such communications and disclosure, which might vary by jurisdiction.

320.7 A2 Circumstances where an assurance practitioner is or might be required to disclose confidential information, or when disclosure might be appropriate, are set out in paragraph 114.1 A1 of the Code.

R320.8 In the case of an audit or review of financial statements, an assurance practitioner shall request the existing or predecessor assurance practitioner to provide known information regarding any facts or other information of which, in the existing or predecessor assurance practitioner’s opinion, the proposed assurance practitioner needs to be aware before deciding whether to accept the engagement. Except for the circumstances involving non-compliance or suspected non-compliance with laws and regulations set out in paragraphs R360.21 and R360.22:

1. If the client consents to the existing or predecessor assurance practitioner disclosing any such facts or other information, the existing or predecessor assurance practitioner shall provide the information honestly and unambiguously; and

2. If the client fails or refuses to grant the existing or predecessor assurance practitioner permission to discuss the client’s affairs with the proposed assurance practitioner, the existing or predecessor assurance practitioner shall disclose this fact to the proposed assurance practitioner, who shall carefully consider such failure or refusal when determining whether to accept the appointment.

R320.9 For a recurring client engagement, an assurance practitioner shall periodically review whether to continue with the engagement.

320.9 A1 Potential threats to compliance with the fundamental principles might be created after acceptance which, had they been known earlier, would have caused the assurance practitioner to decline the engagement. For example, a self-interest threat to compliance with the principle of integrity might be created by improper earnings management or balance sheet valuations.

R320.10 When an assurance practitioner intends to use the work of an expert, the assurance practitioner shall determine whether the use is warranted.

320.10 A1 Factors to consider when an assurance practitioner intends to use the work of an expert include the reputation and expertise of the expert, the resources available to the expert, and the professional and ethics standards applicable to the expert. This information might be gained from prior association with the expert or from consulting others.

321.1 [Deleted.by the NZAuASB]

321.2 [Deleted.by the NZAuASB]

321.3 A1 [Deleted.by the NZAuASB]

321.3 A2 [Deleted.by the NZAuASB]

321.3 A3 [Deleted.by the NZAuASB]

R321.4 [Deleted.by the NZAuASB]

325.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

325.2 Appointing an engagement quality reviewer who has involvement in the work being reviewed or close relationships with those responsible for performing that work might create threats to compliance with the principle of objectivity.

325.3 This section sets out specific application material relevant to applying the conceptual framework in relation to the objectivity of an engagement quality reviewer.

325.4 An engagement quality reviewer is also an example of an appropriate reviewer as described in paragraph 300.8 A4. Therefore, the application material in this section might apply in circumstances where an assurance practitioner appoints an appropriate reviewer to review work performed as a safeguard to address identified threats.

325.5 A1 Quality engagements are achieved through planning and performing engagements and reporting on them in accordance with professional standards and applicable legal and regulatory requirements. Professional and Ethical Standard 3³ establishes the firm’s responsibilities for its system of quality management and requires the firm to design and implement responses to address quality risks related to engagement performance. Such responses include establishing policies or procedures addressing engagement quality reviews in accordance with Professional and Ethical Standard 4⁴.

325.5 A2 An engagement quality reviewer is a partner, other individual in the firm, or an external individual, appointed by the firm to perform the engagement quality review.

325.6 A1 The following are examples of circumstances where threats to the objectivity of an assurance practitioner appointed as an engagement quality reviewer might be created:

1. Self-interest threat

   • Two engagement partners each serving as an engagement quality reviewer for the other’s engagement.

2. Self-review threat

   • An assurance practitioner serving as an engagement quality reviewer on an audit engagement after previously serving as the engagement partner.

3. Familiarity threat

   • An assurance practitioner as an engagement quality reviewer has a close relationship with or is an immediate family member of another individual who is involved in the engagement.

4. Intimidation threat

   • An assurance practitioner serving as an engagement quality reviewer for an engagement has a direct reporting line to the partner responsible for the engagement.

325.7 A1 Factors that are relevant in evaluating the level of threats to the objectivity of an individual appointed as an engagement quality reviewer include:

325.8 A1 An example of an action that might eliminate an intimidation threat is reassigning reporting responsibilities within the firm.

325.8 A2 An example of an action that might be a safeguard to address a self-review threat is implementing a period of sufficient duration (a cooling-off period) before the individual who was on the engagement is appointed as an engagement quality reviewer.

325.8 A3 Professional and Ethical Standard 4 requires the firm to establish policies or procedures that specify, as a condition for eligibility, a cooling-off period of two years before the engagement partner can assume the role of engagement quality reviewer. This serves to enable compliance with the principle of objectivity and the consistent performance of quality engagements.

325.8 A4 The cooling-off period required by Professional and Ethical Standard 4 is distinct from, and does not modify, the partner rotation requirements in Section 540, which are designed to address threats to independence created by long association with an audit client.

330.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

330.2 The level and nature of fee and other remuneration arrangements might create a self- interest threat to compliance with one or more of the fundamental principles. This section sets out specific application material relevant to applying the conceptual framework in such circumstances.

330.3 A1 The level of fees quoted might impact an assurance practitioner’s ability to perform professional services in accordance with standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board and the New Zealand Accounting Standards Board.

330.3 A2 An assurance practitioner might quote whatever fee is considered appropriate. Quoting a fee lower than another assurance practitioner is not in itself unethical. However, the level of fees quoted creates a self-interest threat to compliance with the principle of professional competence and due care if the fee quoted is so low that it might be difficult to perform the engagement in accordance with the standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board and the New Zealand Accounting Standards Board.

330.3 A3 Factors that are relevant in evaluating the level of such a threat include:

330.3 A4 Examples of actions that might be safeguards to address such a self-interest threat include:

330.4 A1 Contingent fees are used for certain types of non-assurance services. However, contingent fees might create threats to compliance with the fundamental principles, particularly a self-interest threat to compliance with the principle of objectivity, in certain circumstances.

330.4 A2 Factors that are relevant in evaluating the level of such threats include:

330.4 A3 Examples of actions that might be safeguards to address such a self-interest threat include:

330.4 A4 Requirements and application material related to contingent fees for services provided to audit or review clients and other assurance clients are set out in International Independence Standards (New Zealand).

NZR330.5 An assurance practitioner shall not accept or pay referral fees, commissions or other similar benefits in connection with an assurance engagement.

330.5 A1 [Deleted by the NZAuASB. Refer to NZ R330.5 and NZ 330.5 A1.1]

NZ330.5A1.1 The receipt or payment of referral fees, commissions or other similar benefits in connection with an assurance engagement creates a threat to independence that no safeguards could reduce to an acceptable level.

330.5 A2 [Deleted by the NZAuASB. Refer to NZ R330.5 and NZ 330.5 A1.1]

330.6 A1 An assurance practitioner may purchase all or part of another firm on the basis that payments will be made to individuals formerly owning the firm or to their heirs or estates. Such payments are not referral fees or commissions for the purposes of this section.

340.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

340.2 Offering or accepting inducements might create a self-interest, familiarity or intimidation threat to compliance with the fundamental principles, particularly the principles of integrity, objectivity and professional behaviour.

340.3 This section sets out requirements and application material relevant to applying the conceptual framework in relation to the offering and accepting of inducements when performing professional services that does not constitute non-compliance with laws and regulations. This section also requires an assurance practitioner to comply with relevant laws and regulations when offering or accepting inducements.

340.4 A1 An inducement is an object, situation, or action that is used as a means to influence another individual’s behaviour, but not necessarily with the intent to improperly influence that individual’s behaviour. Inducements can range from minor acts of hospitality between assurance practitioners and existing or prospective clients to acts that result in non-compliance with laws and regulations. An inducement can take many different forms, for example:

R340.5 In many jurisdictions, there are laws and regulations, such as those related to bribery and corruption, that prohibit the offering or accepting of inducements in certain circumstances. The assurance practitioner shall obtain an understanding of relevant laws and regulations and comply with them when the assurance practitioner encounters such circumstances.

340.6 A1 The offering or accepting of inducements that is not prohibited by laws and regulations might still create threats to compliance with the fundamental principles.

R340.7 An assurance practitioner shall not offer, or encourage others to offer, any inducement that is made, or which the assurance practitioner considers a reasonable and informed third party would be likely to conclude is made, with the intent to improperly influence the behaviour of the recipient or of another individual.

R340.8 An assurance practitioner shall not accept, or encourage others to accept, any inducement that the assurance practitioner concludes is made, or considers a reasonable and informed third party would be likely to conclude is made, with the intent to improperly influence the behaviour of the recipient or of another individual.

340.9 A1 An inducement is considered as improperly influencing an individual’s behaviour if it causes the individual to act in an unethical manner. Such improper influence can be directed either towards the recipient or towards another individual who has some relationship with the recipient. The fundamental principles are an appropriate frame of reference for an assurance practitioner in considering what constitutes unethical behaviour on the part of the assurance practitioner and, if necessary by analogy, other individuals.

340.9 A2 A breach of the fundamental principle of integrity arises when an assurance practitioner offers or accepts, or encourages others to offer or accept, an inducement where the intent is to improperly influence the behaviour of the recipient or of another individual.

340.9 A3 The determination of whether there is actual or perceived intent to improperly influence behaviour requires the exercise of professional judgment. Relevant factors to consider might include:

340.10 A1 If the assurance practitioner becomes aware of an inducement offered with actual or perceived intent to improperly influence behaviour, threats to compliance with the fundamental principles might still be created even if the requirements in paragraphs R340.7 and R340.8 are met.

340.10 A2 Examples of actions that might be safeguards to address such threats include:

340.11 A1 The requirements and application material set out in the conceptual framework apply when an assurance practitioner has concluded there is no actual or perceived intent to improperly influence the behaviour of the recipient or of another individual.

340.11 A2 If such an inducement is trivial and inconsequential, any threats created will be at an acceptable level.

340.11 A3 Examples of circumstances where offering or accepting such an inducement might create threats even if the assurance practitioner has concluded there is no actual or perceived intent to improperly influence behaviour include:

340.11 A4 Relevant factors in evaluating the level of such threats created by offering or accepting such an inducement include the same factors set out in paragraph 340.9 A3 for determining intent.

340.11 A5 Examples of actions that might eliminate threats created by offering or accepting such an inducement include:

340.11 A6 Examples of actions that might be safeguards to address such threats created by offering or accepting such an inducement include:

R340.12 An assurance practitioner shall remain alert to potential threats to the assurance practitioner’s compliance with the fundamental principles created by the offering of an inducement:

1. By an immediate or close family member of the assurance practitioner to an existing or prospective client of the assurance practitioner.

2. To an immediate or close family member of the assurance practitioner by an existing or prospective client of the assurance practitioner.

R340.13 Where the assurance practitioner becomes aware of an inducement being offered to or made by an immediate or close family member and concludes there is intent to improperly influence the behaviour of the assurance practitioner or of an existing or prospective client of the assurance practitioner, or considers a reasonable and informed third party would be likely to conclude such intent exists, the assurance practitioner shall advise the immediate or close family member not to offer or accept the inducement.

340.13 A1 The factors set out in paragraph 340.9 A3 are relevant in determining whether there is actual or perceived intent to improperly influence the behaviour of the assurance practitioner or of the existing or prospective client. Another factor that is relevant is the nature or closeness of the relationship, between:

1. The assurance practitioner and the immediate or close family member;

2. The immediate or close family member and the existing or prospective client; and

3. The assurance practitioner and the existing or prospective client.

For example, the offer of employment, outside of the normal recruitment process, to the spouse of the assurance practitioner by a client for whom the assurance practitioner is providing a business valuation for a prospective sale might indicate such intent.

340.13 A2 The application material in paragraph 340.10 A2 is also relevant in addressing threats that might be created when there is actual or perceived intent to improperly influence the behaviour of the assurance practitioner, or of the existing or prospective client even if the immediate or close family member has followed the advice given pursuant to paragraph R340.13.

340.14 A1 Where the assurance practitioner becomes aware of an inducement offered in the circumstances addressed in paragraph R340.12, threats to compliance with the fundamental principles might be created where:

1. The immediate or close family member offers or accepts the inducement contrary to the advice of the assurance practitioner pursuant to paragraph R340.13; or

2. The assurance practitioner does not have reason to believe an actual or perceived intent to improperly influence the behaviour of the assurance practitioner or of the existing or prospective client exists.

340.14 A2 The application material in paragraphs 340.11 A1 to 340.11 A6 is relevant for the purposes of identifying, evaluating and addressing such threats. Factors that are relevant in evaluating the level of threats in these circumstances also include the nature or closeness of the relationships set out in paragraph 340.13 A1.

340.15 A1 If an assurance practitioner encounters or is made aware of inducements that might result in non-compliance or suspected non-compliance with laws and regulations by a client or individuals working for or under the direction of the client, the requirements and application material in Section 360 apply.

340.15 A2 If a firm, network firm or an audit or review team member is being offered gifts or hospitality from an audit or review client, the requirement and application material set out in Section 420 apply.

340.15 A3 If a firm or an assurance team member is being offered gifts or hospitality from an assurance client, the requirement and application material set out in Section 906 apply.

350.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

350.2 Holding client assets creates a self-interest or other threat to compliance with the principles of professional behaviour and objectivity. This section sets out specific requirements and application material relevant to applying the conceptual framework in such circumstances.

R350.3 An assurance practitioner shall not assume custody of client money or other assets unless permitted to do so by law and in accordance with any conditions under which such custody may be taken.

R350.4 As part of client and engagement acceptance procedures related to assuming custody of client money or assets, an assurance practitioner shall:

1. Make enquiries about the source of the assets; and

2. Consider related legal and regulatory obligations.

350.4 A1 Enquiries about the source of client assets might reveal, for example, that the assets were derived from illegal activities, such as money laundering. In such circumstances, a threat would be created and the provisions of Section 360 would apply.

R350.5 An assurance practitioner entrusted with money or other assets belonging to others shall:

1. Comply with the laws and regulations relevant to holding and accounting for the assets;

2. Keep the assets separately from personal or firm assets;

3. Use the assets only for the purpose for which they are intended; and

4. Be ready at all times to account for the assets and any income, dividends, or gains generated, to any individuals entitled to that accounting.

360.1 Assurance practitioners are required to comply with the fundamental principles and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats.

360.2 A self-interest or intimidation threat to compliance with the principles of integrity and professional behaviour is created when an assurance practitioner becomes aware of non-compliance or suspected non-compliance with laws and regulations.

360.3 An assurance practitioner might encounter or be made aware of non-compliance or suspected non-compliance in the course of providing a professional service to a client. This section guides the assurance practitioner in assessing the implications of the matter and the possible courses of action when responding to non-compliance or suspected non-compliance with:

1. Laws and regulations generally recognised to have a direct effect on the determination of material amounts and disclosures in the client’s financial statements; and

2. Other laws and regulations that do not have a direct effect on the determination of the amounts and disclosures in the client’s financial statements, but compliance with which might be fundamental to the operating aspects of the client’s business, to its ability to continue its business, or to avoid material penalties.

360.4 A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in the public interest. When responding to non-compliance or suspected non-compliance, the objectives of the assurance practitioner are:

1. To comply with the principles of integrity and professional behaviour;

2. By alerting management or, where appropriate, those charged with governance of the client, to seek to:

   1. Enable them to rectify, remediate or mitigate the consequences of the identified or suspected non-compliance; or

   2. Deter the commission of the non-compliance where it has not yet occurred; and

3. To take such further action as appropriate in the public interest.

360.5 A1 Non-compliance with laws and regulations (“non-compliance”) comprises acts of omission or commission, intentional or unintentional, which are contrary to the prevailing laws or regulations committed by the following parties:

1. A client;

2. Those charged with governance of a client;

3. Management of a client; or

4. Other individuals working for or under the direction of a client.

360.5 A2 Examples of laws and regulations which this section addresses include those that deal with:

360.5 A3 Non-compliance might result in fines, litigation or other consequences for the client, potentially materially affecting its financial statements. Importantly, such non- compliance might have wider public interest implications in terms of potentially substantial harm to investors, creditors, employees or the general public. For the purposes of this section, an act that causes substantial harm is one that results in serious adverse consequences to any of these parties in financial or non-financial terms. Examples include the perpetration of a fraud resulting in significant financial losses to investors, and breaches of environmental laws and regulations endangering the health or safety of employees or the public.

R360.6 In some cases, there are legal or regulatory provisions governing how assurance practitioners should address non-compliance or suspected non-compliance. These legal or regulatory provisions might differ from or go beyond the provisions in this section. When encountering such non-compliance or suspected non- compliance, the assurance practitioner shall obtain an understanding of those legal or regulatory provisions and comply with them, including:

1. Any requirement to report the matter to an appropriate authority; and

2. Any prohibition on alerting the client.

360.6 A1 A prohibition on alerting the client might arise, for example, pursuant to anti-money laundering legislation.

360.7 A1 This section applies regardless of the nature of the client, including whether or not it is a public interest entity.

360.7 A2 An assurance practitioner who encounters or is made aware of matters that are clearly inconsequential is not required to comply with this section. Whether a matter is clearly inconsequential is to be judged with respect to its nature and its impact, financial or otherwise, on the client, its stakeholders and the general public.

360.7 A3 This section does not address:

1. Personal misconduct unrelated to the business activities of the client; and

2. Non-compliance by parties other than those specified in paragraph 360.5 A1. This includes, for example, circumstances where an assurance practitioner has been engaged by a client to perform a due diligence assignment on a third party entity and the identified or suspected non-compliance has been committed by that third-party.

The assurance practitioner might nevertheless find the guidance in this section helpful in considering how to respond in these situations.

360.8 A1 Management, with the oversight of those charged with governance, is responsible for ensuring that the client’s business activities are conducted in accordance with laws and regulations. Management and those charged with governance are also responsible for identifying and addressing any non-compliance by:

1. The client;

2. An individual charged with governance of the entity;

3. A member of management; or

4. Other individuals working for or under the direction of the client.

R360.9 Where an assurance practitioner becomes aware of a matter to which this section applies, the steps that the assurance practitioner takes to comply with this section shall be taken on a timely basis. In taking timely steps, the assurance practitioner shall have regard to the nature of the matter and the potential harm to the interests of the entity, investors, creditors, employees or the general public.

R360.10 [Amended by the NZAuASB]

NZR360.10.1 If an assurance practitioner engaged to perform an audit or review of financial statements becomes aware of information concerning non-compliance or suspected non-compliance, the assurance practitioner shall obtain an understanding of the matter. This understanding shall include the nature of the non- compliance or suspected non-compliance and the circumstances in which it has occurred or might occur.

360.10 A1 The assurance practitioner might become aware of the non-compliance or suspected non-compliance in the course of performing the engagement or through information provided by other parties.

360.10 A2 The assurance practitioner is expected to apply knowledge and expertise, and exercise professional judgement. However, the assurance practitioner is not expected to have a level of knowledge of laws and regulations greater than that which is required to undertake the engagement. Whether an act constitutes non-compliance is ultimately a matter to be determined by a court or other appropriate adjudicative body.

360.10 A3 Depending on the nature and significance of the matter, the assurance practitioner might consult on a confidential basis with others within the firm, a network firm or a professional body, or with legal counsel.

R360.11 If the assurance practitioner identifies or suspects that non-compliance has occurred or might occur, the assurance practitioner shall discuss the matter with the appropriate level of management and, where appropriate, those charged with governance.

360.11 A1 The purpose of the discussion is to clarify the assurance practitioner’s understanding of the facts and circumstances relevant to the matter and its potential consequences. The discussion also might prompt management or those charged with governance to investigate the matter.

360.11 A2 The appropriate level of management with whom to discuss the matter is a question of professional judgement. Relevant factors to consider include:

360.11 A3 The appropriate level of management is usually at least one level above the individual or individuals involved or potentially involved in the matter. In the context of a group, the appropriate level might be management at an entity that controls the client.

360.11 A4 The assurance practitioner might also consider discussing the matter with internal auditors, where applicable.

R360.12 If the assurance practitioner believes that management is involved in the non- compliance or suspected non-compliance, the assurance practitioner shall discuss the matter with those charged with governance.

R360.13 In discussing the non-compliance or suspected non-compliance with management and, where appropriate, those charged with governance, the assurance practitioner shall advise them to take appropriate and timely actions, if they have not already done so, to:

1. Rectify, remediate or mitigate the consequences of the non-compliance;

2. Deter the commission of the non-compliance where it has not yet occurred; or

3. Disclose the matter to an appropriate authority where required by law or regulation or where considered necessary in the public interest.

R360.14 The assurance practitioner shall consider whether management and those charged with governance understand their legal or regulatory responsibilities with respect to the non-compliance or suspected non-compliance.

360.14 A1 If management and those charged with governance do not understand their legal or regulatory responsibilities with respect to the matter, the assurance practitioner might suggest appropriate sources of information or recommend that they obtain legal advice.

R360.15 [Amended by the NZAuASB]

NZR360.15.1 The assurance practitioner shall comply with applicable:

1. Laws and regulations, including legal or regulatory provisions governing the reporting of non-compliance or suspected non-compliance to an appropriate authority; and

2. Requirements under auditing and review engagement standards, including those relating to:

360.15 A1 Some laws and regulations might stipulate a period within which reports of non- compliance or suspected non-compliance are to be made to an appropriate authority.

R360.16 [Amended by the NZAuASB]

NZR360.16.1 Where an assurance practitioner becomes aware of non-compliance or suspected non-compliance in either of the following two situations in the context of a group, the assurance practitioner shall communicate the matter to the group engagement partner unless prohibited from doing so by law or regulation:

1. The assurance practitioner performs audit or review work related to a component for purposes of the group audit or review; or

2. The assurance practitioner is engaged to perform an audit or review of the financial statements of a legal entity or business unit that is part of a group for purposes other than the group audit or review, for example, a statutory audit.

The communication to the group engagement partner shall be in addition to responding to the matter in accordance with the provisions of this section.

360.16 A1 [Amended by the NZAuASB]

NZ360.16A1 The purpose of the communication is to enable the group engagement partner to be informed about the matter and to determine, in the context of the group audit or review, whether and, if so, how to address it in accordance with the provisions in this section. The communication requirement in paragraph NZ R360.16.1 applies regardless of whether the group engagement partner’s firm or network is the same as or different from the assurance practitioner’s firm or network.

R360.17 [Amended by the NZAuASB]

NZR360.17.1

Where the group engagement partner becomes aware of non-compliance or suspected non-compliance in the course of a group audit or review, the group engagement partner shall consider whether the matter might be relevant to:

1. One or more components subject to audit or review work for purposes of the group audit or review; or

2. One or more legal entities or business units that are part of the group and whose financial statements are subject to audit or review for purposes other than the group audit, for example, a statutory audit.

This consideration shall be in addition to responding to the matter in the context of the group audit in accordance with the provisions of this section.

R360.18 [Amended by the NZAuASB]

NZR360.18.1

If the non-compliance or suspected non-compliance might be relevant to one or more of the components specified in paragraph NZ R360.17.1(a) and legal entities or business units specified in paragraph NZ R360.17.1(b), the group engagement partner shall take steps to have the matter communicated to those performing audit or review work at the components, legal entities or business units, unless prohibited from doing so by law or regulation. If necessary, the group engagement partner shall arrange for appropriate enquiries to be made (either of management or from publicly available information) as to whether the relevant legal entities or business units specified in paragraph NZ R360.17.1(b) are subject to audit or review and, if so, to ascertain to the extent practicable the identity of the auditors.

360.18 A1 The purpose of the communication is to enable those responsible for audit or review work at the components, legal entities or business units to be informed about the matter and to determine whether and, if so, how to address it in accordance with the provisions in this section. The communication requirement applies regardless of whether the group engagement partner’s firm or network is the same as or different from the firms or networks of those performing audit or review work at the components, legal entities or business units.

R360.19 The assurance practitioner shall assess the appropriateness of the response of management and, where applicable, those charged with governance.

360.19 A1 Relevant factors to consider in assessing the appropriateness of the response of management and, where applicable, those charged with governance include whether:

R360.20 In light of the response of management and, where applicable, those charged with governance, the assurance practitioner shall determine if further action is needed in the public interest.

360.20 A1 The determination of whether further action is needed, and the nature and extent of it, will depend on various factors, including:

360.20 A2 Examples of circumstances that might cause the assurance practitioner no longer to have confidence in the integrity of management and, where applicable, those charged with governance include situations where:

R360.21 The assurance practitioner shall exercise professional judgement in determining the need for, and nature and extent of, further action. In making this determination, the assurance practitioner shall take into account whether a reasonable and informed third party would be likely to conclude that the assurance practitioner has acted appropriately in the public interest.

360.21 A1 Further action that the assurance practitioner might take includes:

360.21 A2 Withdrawing from the engagement and the professional relationship is not a substitute for taking other actions that might be needed to achieve the assurance practitioner’s objectives under this section. In some jurisdictions, however, there might be limitations as to the further actions available to the assurance practitioner. In such circumstances, withdrawal might be the only available course of action.

R360.22 Where the assurance practitioner has withdrawn from the professional relationship pursuant to paragraphs R360.20 and 360.21 A1, the assurance practitioner shall, on request by the proposed assurance practitioner pursuant to paragraph R320.8, provide all relevant facts and other information concerning the identified or suspected non-compliance to the proposed assurance practitioner. The predecessor assurance practitioner shall do so, even in the circumstances addressed in paragraph R320.8(b) where the client fails or refuses to grant the predecessor assurance practitioner permission to discuss the client’s affairs with the proposed assurance practitioner, unless prohibited by law or regulation.

360.22 A1 The facts and other information to be provided are those that, in the predecessor assurance practitioner’s opinion, the proposed assurance practitioner needs to be aware of before deciding whether to accept the audit or review appointment. Section 320 addresses communications from proposed assurance practitioners.

R360.23 If the proposed assurance practitioner is unable to communicate with the predecessor assurance practitioner, the proposed assurance practitioner shall take reasonable steps to obtain information about the circumstances of the change of appointment by other means.

360.23 A1 Other means to obtain information about the circumstances of the change of appointment include enquiries of third parties or background investigations of management or those charged with governance.

360.24 A1 As assessment of the matter might involve complex analysis and judgements, the assurance practitioner might consider:

360.25 A1 Disclosure of the matter to an appropriate authority would be precluded if doing so would be contrary to law or regulation. Otherwise, the purpose of making disclosure is to enable an appropriate authority to cause the matter to be investigated and action to be taken in the public interest.

360.25 A2 The determination of whether to make such a disclosure depends in particular on the nature and extent of the actual or potential harm that is or might be caused by the matter to investors, creditors, employees or the general public. For example, the assurance practitioner might determine that disclosure of the matter to an appropriate authority is an appropriate course of action if:

360.25 A3 The determination of whether to make such a disclosure will also depend on external factors such as:

R360.26 If the assurance practitioner determines that disclosure of the non-compliance or suspected non-compliance to an appropriate authority is an appropriate course of action in the circumstances, that disclosure is permitted pursuant to paragraph R114.1(d) of the Code. When making such disclosure, the assurance practitioner shall act in good faith and exercise caution when making statements and assertions. The assurance practitioner shall also consider whether it is appropriate to inform the client of the assurance practitioner’s intentions before disclosing the matter.

R360.27 In exceptional circumstances, the assurance practitioner might become aware of actual or intended conduct that the assurance practitioner has reason to believe would constitute an imminent breach of a law or regulation that would cause substantial harm to investors, creditors, employees or the general public. Having first considered whether it would be appropriate to discuss the matter with management or those charged with governance of the entity, the assurance practitioner shall exercise professional judgement and determine whether to disclose the matter immediately to an appropriate authority in order to prevent or mitigate the consequences of such imminent breach. If disclosure is made, that disclosure is permitted pursuant to paragraph R114.1(d) of the Code.

R360.28 In relation to non-compliance or suspected non-compliance that falls within the scope of this section, the assurance practitioner shall document:

360.28 A1 [Amended by the NZAuASB]

NZ360.28A1.1 This documentation is in addition to complying with the documentation requirements under applicable auditing or review engagement standards. International Standards on Auditing (New Zealand) (ISAs (NZ)), for example, require an assurance practitioner performing an audit of financial statements to:

R360.29 [Amended by the NZAuASB]

NZR360.29.1 If an assurance practitioner engaged to provide an assurance service other than an audit or review of financial statements becomes aware of information concerning non-compliance or suspected non-compliance, the assurance practitioner shall seek to obtain an understanding of the matter. This understanding shall include the nature of the non-compliance or suspected non- compliance and the circumstances in which it has occurred or might be about to occur.

360.29 A1 The assurance practitioner is expected to apply knowledge and expertise, and exercise professional judgement. However, the assurance practitioner is not expected to have a level of understanding of laws and regulations beyond that which is required for the professional service for which the assurance practitioner was engaged. Whether an act constitutes actual non-compliance is ultimately a matter to be determined by a court or other appropriate adjudicative body.

360.29 A2 Depending on the nature and significance of the matter, the assurance practitioner might consult on a confidential basis with others within the firm, a network firm or a professional body, or with legal counsel.

R360.30 If the assurance practitioner identifies or suspects that non-compliance has occurred or might occur, the assurance practitioner shall discuss the matter with the appropriate level of management. If the assurance practitioner has access to those charged with governance, the assurance practitioner shall also discuss the matter with them where appropriate.

360.30 A1 The purpose of the discussion is to clarify the assurance practitioner’s understanding of the facts and circumstances relevant to the matter and its potential consequences. The discussion also might prompt management or those charged with governance to investigate the matter.

360.30 A2 The appropriate level of management with whom to discuss the matter is a question of professional judgement. Relevant factors to consider include:

R360.31 [Amended by the NZAuASB]

NZR360.31.1 If the assurance practitioner is performing an assurance service other than an audit or review for:

1. An audit or review client of the firm; or

2. A component of an audit or review client of the firm,

the assurance practitioner shall communicate the non-compliance or suspected non-compliance within the firm, unless prohibited from doing so by law or regulation. The communication shall be made in accordance with the firm’s protocols or procedures. In the absence of such protocols and procedures, it shall be made directly to the audit or review engagement partner.

R360.32 [Amended by the NZAuASB]

NZR360.32.1 If the assurance practitioner is performing an assurance service other than an audit or review for:

1. An audit or review client of a network firm; or

2. A component of an audit or review client of a network firm,

the assurance practitioner shall consider whether to communicate the non- compliance or suspected non-compliance to the network firm. Where the communication is made, it shall be made in accordance with the network's protocols or procedures. In the absence of such protocols and procedures, it shall be made directly to the audit or review engagement partner.

R360.33 [Amended by the NZAuASB]

NZR360.33.1 If the assurance practitioner is performing an assurance service other than an audit or review for a client that is not:

1. An audit or review client of the firm or a network firm; or

2. A component of an audit or review client of the firm or a network firm,

the assurance practitioner shall consider whether to communicate the non- compliance or suspected non-compliance to the firm that is the client’s external assurance practitioner, if any.

360.34 A1 Factors relevant to considering the communication in accordance with paragraphs R360.31 to R360.33 include:

360.35 A1 In the circumstances addressed in paragraphs R360.31 to R360.33, the purpose of the communication is to enable the audit engagement partner to be informed about the non- compliance or suspected non-compliance and to determine whether and, if so, how to address it in accordance with the provisions of this section.

R360.36 The assurance practitioner shall also consider whether further action is needed in the public interest.

360.36 A1 Whether further action is needed, and the nature and extent of it, will depend on factors such as:

360.36 A2 Further action by the assurance practitioner might include:

360.36 A3 In considering whether to disclose to an appropriate authority, relevant factors to take into account include:

R360.37 If the assurance practitioner determines that disclosure of the non-compliance or suspected non-compliance to an appropriate authority is an appropriate course of action in the circumstances, that disclosure is permitted pursuant to paragraph R114.1(d) of the Code. When making such disclosure, the assurance practitioner shall act in good faith and exercise caution when making statements and assertions. The assurance practitioner shall also consider whether it is appropriate to inform the client of the assurance practitioner’s intentions before disclosing the matter.

R360.38 In exceptional circumstances, the assurance practitioner might become aware of actual or intended conduct that the assurance practitioner has reason to believe would constitute an imminent breach of a law or regulation that would cause substantial harm to investors, creditors, employees or the general public. Having first considered whether it would be appropriate to discuss the matter with management or those charged with governance of the entity, the assurance practitioner shall exercise professional judgement and determine whether to disclose the matter immediately to an appropriate authority in order to prevent or mitigate the consequences of such imminent breach of law or regulation. If disclosure is made, that disclosure is permitted pursuant to paragraph R114.1(d) of the Code.

360.39 A1 The assurance practitioner might consider:

360.40 A1 In relation to non-compliance or suspected non-compliance that falls within the scope of this section, the assurance practitioner is encouraged to document:

400.1 It is in the public interest and required by the Code that assurance practitioners be independent when performing audit or review engagements.

400.2 This Part applies to both audit and review engagements unless otherwise stated. The terms “audit,” “audit team,” “audit engagement,” “audit client,” and “audit report” apply equally to review, review team, review engagement, review client, and review engagement report.

NZ400.2.1 This Part also applies to engagements where assurance is provided in relation to an offer document of a FMC reporting entity considered to have a higher level of public accountability in respect of historical financial information, prospective or pro-forma financial information, or a combination of these.

400.3 In this Part, the term “assurance practitioner” refers to individual assurance practitioners and their firms.

400.4 Professional and Ethical Standard 3⁵ requires a firm to design, implement and operate a system of quality management for audits or reviews of financial statements performed by the firm. As part of this system of quality management, Professional and Ethical Standard 3 requires the firm to establish quality objectives that address the fulfilment of responsibilities in accordance with relevant ethical requirements including those related to independence. Under Professional and Ethical Standard 3, relevant ethical requirements are those related to the firm, its personnel and, when applicable, others subject to independence the requirements to which the firm and the firm’s engagements are subject. International Standards on Auditing (New Zealand), International Standards on Review Engagements (New Zealand) and New Zealand Standards on Review Engagements establish responsibilities for engagement partners and engagement teams at the level of the engagement for audits and reviews, respectively. The allocation of responsibilities within a firm will depend on its size, structure and organisation. Many of the provisions of this Part do not prescribe the specific responsibility of individuals within the firm for actions related to independence, instead referring to “firm” for ease of reference. A firm assigns operational responsibility for compliance with independence requirements to an individual(s) in accordance with Professional and Ethical Standard 3. In addition, an individual assurance practitioner remains responsible for compliance with any provisions that apply to that assurance practitioner’s activities, interests or relationships.

400.5 Independence is linked to the principles of objectivity and integrity. It comprises:

1. Independence of mind – the state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgement, thereby allowing an individual to act with integrity, and exercise objectivity and professional scepticism.

2. Independence in appearance – the avoidance of facts and circumstances that are so significant that a reasonable and informed third party would be likely to conclude that a firm’s, or an audit team member’s, integrity, objectivity or professional scepticism has been compromised.

In this Part, references to an individual or firm being “independent” mean that the individual or firm has complied with the provisions of this Part.

400.6 When performing audit engagements, the Code requires firms to comply with the fundamental principles and be independent. This Part sets out specific requirements and application material on how to apply the conceptual framework to maintain independence when performing such engagements. The conceptual framework set out in Section 120 applies to independence as it does to the fundamental principles set out in Section 110. Section 405 sets out specific requirements and application material applicable in a group audit.

400.7 This Part describes:

1. Facts and circumstances, including professional activities, interests and relationships, that create or might create threats to independence;

2. Potential actions, including safeguards, that might be appropriate to address any such threats; and

3. Some situations where the threats cannot be eliminated or there can be no safeguards to reduce them to an acceptable level.

400.8 This Part applies to all audit team members, including engagement team members.

400.9 An engagement team for an audit engagement includes all partners and staff in the firm who perform audit work on the engagement, and any other individuals who perform audit procedures who are from:

1. A network firm; or

2. A firm that is not a network firm, or another service provider.

For example, an individual from a component auditor firm who performs audit procedures on the financial information of a component for purposes of a group audit is a member of the engagement team for the group audit.

400.10 In PES 3, a service provider includes an individual or organisation external to the firm that provides a resource that is used in the performance of engagements. Service providers exclude the firm, a network firm or other structures or organisations in the network.

400.11 An audit engagement might involve experts within, or engaged by, the firm, a network firm, or a component auditor firm outside a group auditor firm’s network, who assist in the engagement. Depending on the role of the individuals, they might be engagement team or audit team members. For example:

• Individuals with expertise in a specialised area of accounting or auditing who perform audit procedures are engagement team members. These include, for example, individuals with expertise in accounting for income taxes or in analysing complex information produced by automated tools and techniques for the purpose of identifying unusual or unexpected relationships.

• Individuals within, or engaged by, the firm who have direct influence over the outcome of the audit engagement through consultation regarding technical or industry-specific issues, transactions or events for the engagement are audit team members but not engagement team members.

However, individuals who are external experts are neither engagement team nor audit team members.

400.12 If the audit engagement is subject to an engagement quality review, the engagement quality reviewer and any other individuals performing the engagement quality review are audit team members but not engagement team members.

400.13 Some of the requirements and application material set out in this Part reflect the extent of public interest in certain entities which are defined to be public interest entities. Firms are encouraged to determine whether to treat additional entities, or certain categories of entities, as public interest entities because they have a large number and wide range of stakeholders. Factors to be considered include:

400.14 An audit report might include a restriction on use and distribution. If it does and the conditions set out in Section 800 are met, then the independence requirements in this Part may be modified as provided in Section 800.

400.15 Independence standards for assurance engagements that are not audit or review engagements are set out in Part 4B – Independence for Assurance Engagements Other than Audit and Review Engagements.

R400.16 A firm performing an audit engagement shall be independent.

R400.17 A firm shall apply the conceptual framework set out in Section 120 to identify, evaluate and address threats to independence in relation to an audit engagement.

NZR400.17.1 Where an assurance practitioner identifies multiple threats to independence, which individually may not be significant, the assurance practitioner shall evaluate the significance of those threats in aggregate and apply safeguards to eliminate or reduce them to an acceptable level in aggregate.

R400.18 A firm or a network firm shall not assume a management responsibility for an audit client.

400.18 A1 Management responsibilities involve controlling, leading and directing an entity, including making decisions regarding the acquisition, deployment and control of human, financial, technological, physical and intangible resources.

400.18 A2 When a firm or a network firm assumes a management responsibility for an audit client, self-review, self-interest and familiarity threats are created. Assuming a management responsibility might also create an advocacy threat because the firm or network firm becomes too closely aligned with the views and interests of management.

400.18 A3 Determining whether an activity is a management responsibility depends on the circumstances and requires the exercise of professional judgement. Examples of activities that would be considered a management responsibility include:

400.18 A4 Subject to compliance with paragraph R400.19, providing advice and recommendations to assist the management of an audit client in discharging its responsibilities is not assuming a management responsibility. The provision of advice and recommendations to an audit client might create a self-review threat and is addressed in Section 600.

R400.19 When performing a professional activity for an audit client, the firm shall be satisfied that client management makes all judgements and decisions that are the proper responsibility of management. This includes ensuring that the client’s management:

1. Designates an individual who possesses suitable skill, knowledge and experience to be responsible at all times for the client’s decisions and to oversee the activities. Such an individual, preferably within senior management, would understand:

   1. The objectives, nature and results of the activities; and

   2. The respective client and firm or network firm responsibilities.However, the individual is not required to possess the expertise to perform or re-perform the activities.

2. Provides oversight of the activities and evaluates the adequacy of the results of the activities performed for the client’s purpose.

3. Accepts responsibility for the actions, if any, to be taken arising from the results of the activities.

R400.20 As defined, an audit client that is a FMC reporting entity considered to have a higher level of public accountability includes all of its related entities. For all other entities, references to an audit client in this Part include related entities over which the client has direct or indirect control. When the audit team knows, or has reason to believe, that a relationship or circumstance involving any other related entity of the client is relevant to the evaluation of the firm’s independence from the client, the audit team shall include that related entity when identifying, evaluating and addressing threats to independence.

[Paragraphs 400.21 to 400.29 are intentionally left blank]

R400.30 Independence, as required by this Part, shall be maintained during both:

1. The engagement period; and

2. The period covered by the financial statements.

400.30 A1 The engagement period starts when the engagement team begins to perform the audit. The engagement period ends when the audit report is issued. When the engagement is of a recurring nature, it ends at the later of the notification by either party that the professional relationship has ended or the issuance of the final audit report.

R400.31 If an entity becomes an audit client during or after the period covered by the financial statements on which the firm will express an opinion, the firm shall determine whether any threats to independence are created by:

1. Financial or business relationships with the audit client during or after the period covered by the financial statements but before accepting the audit engagement; or

2. Previous services provided to the audit client by the firm or a network firm.

400.31 A1 Threats to independence are created if a non-assurance service was provided to an audit client during, or after the period covered by the financial statements, but before the engagement team begins to perform the audit, and the service would not be permitted during the engagement period.

400.31 A2 A factor to be considered in such circumstances is whether the results of the service provided might form part of or affect the accounting records, the internal controls over financial reporting, or the financial statements on which the firm will express an opinion.

400.31 A3 Examples of actions that might be safeguards to address such threats include:

400.31 A4 A threat to independence created by the provision of a non-assurance service by a firm or a network firm prior to the audit engagement period or prior to the period covered by the financial statements on which the firm will express an opinion is eliminated or reduced to an acceptable level if the results of such service have been used or implemented in a period audited or reviewed by another firm.

R400.32 A firm shall not accept appointment as auditor of a public interest entity to which the firm or the network firm has provided a non-assurance service prior to such appointment that might create a self-review threat in relation to the financial statements on which the firm will express an opinion unless:

1. The provision of such service ceases before the commencement of the audit engagement period;

2. The firm takes action to address any threats to its independence; and

3. The firm determines that, in the view of a reasonable and informed third party, any threats to the firm’s independence have been or will be eliminated or reduced to an acceptable level.

400.32 A1 Actions that might be regarded by a reasonable and informed third party as eliminating or reducing to an acceptable level any threats to independence created by the provision of non-assurance services to a public interest entity prior to appointment as auditor of that entity include:

• The results of the service had been subject to auditing procedures in the course of the audit of the prior year’s financial statements by a predecessor firm.

• The firm engages an assurance practitioner, who is not a member of the firm expressing the opinion on the financial statements, to perform a review of the first audit engagement affected by the self-review threat consistent with the objective of an engagement quality review.

• The public interest entity engages another firm outside of the network to:

1. Evaluate the results of the non-assurance service; or

2. Re-perform the service, to the extent necessary to enable the other firm to take responsibility for the result of the service.

400.40 A1 Paragraphs R300.9 and R300.10 set out requirements with respect to communicating with those charged with governance.

400.40 A2 Even when not required by the Code, applicable professional standards, laws or regulations, regular communication is encouraged between a firm and those charged with governance of the client regarding relationships and other matters that might, in the firm’s opinion, reasonably bear on independence. Such communication enables those charged with governance to:

1. Consider the firm’s judgements in identifying and evaluating threats;

2. Consider how threats have been addressed including the appropriateness of safeguards when they are available and capable of being applied; and

3. Take appropriate action.

Such an approach can be particularly helpful with respect to intimidation and familiarity threats.

[Paragraphs 400.41 to 400.49 are intentionally left blank]

400.50 A1 Firms frequently form larger structures with other firms and entities to enhance their ability to provide assurance services. Whether these larger structures create a network depends on the particular facts and circumstances. It does not depend on whether the firms and entities are legally separate and distinct.

R400.51 A network firm shall be independent of the audit clients of the other firms within the network as required by this Part.

400.51 A1 The independence requirements in this Part that apply to a network firm apply to any entity that meets the definition of a network firm. It is not necessary for the entity also to meet the definition of a firm. For example, a consulting practice or professional law practice might be a network firm but not a firm.

R400.52 When associated with a larger structure of other firms and entities, a firm shall:

1. Exercise professional judgement to determine whether a network is created by such a larger structure;

2. Consider whether a reasonable and informed third party would be likely to conclude that the other firms and entities in the larger structure are associated in such a way that a network exists; and

3. Apply such judgement consistently throughout such a larger structure.

R400.53 When determining whether a network is created by a larger structure of firms and other entities, a firm shall conclude that a network exists when such a larger structure is aimed at co-operation and:

1. It is clearly aimed at profit or cost sharing among the entities within the structure. (Ref: Para. 400.53 A2);

2. The entities within the structure share common ownership, control or management. (Ref: Para. 400.53 A3);

3. The entities within the structure share common quality management policies and procedures. (Ref: Para. 400.53 A4);

4. The entities within the structure share a common business strategy. (Ref: Para. 400.53 A5);

5. The entities within the structure share the use of a common brand name. (Ref: Para. 400.53 A6, 400.53 A7); or

6. The entities within the structure share a significant part of professional resources. (Ref: Para 400.53 A8, 400.53 A9).

400.53 A1 There might be other arrangements between firms and entities within a larger structure that constitute a network, in addition to those arrangements described in paragraph R400.53. However, a larger structure might be aimed only at facilitating the referral of work, which in itself does not meet the criteria necessary to constitute a network.

400.53 A2 The sharing of immaterial costs does not in itself create a network. In addition, if the sharing of costs is limited only to those costs related to the development of audit methodologies, manuals or training courses, this would not in itself create a network. Further, an association between a firm and an otherwise unrelated entity jointly to provide a service or develop a product does not in itself create a network. (Ref: Para. R400.53(a)).

400.53 A3 Common ownership, control or management might be achieved by contract or other means. (Ref: Para. R400.53(b)).

400.53 A4 Common quality management policies and procedures are those designed, implemented and operated across the larger structure. (Ref: Para. R400.53(c)).

400.53 A5 Sharing a common business strategy involves an agreement by the entities to achieve common strategic objectives. An entity is not a network firm merely because it co- operates with another entity solely to respond jointly to a request for a proposal for the provision of an assurance service. (Ref: Para. R400.53(d)).

400.53 A6 A common brand name includes common initials or a common name. A firm is using a common brand name if it includes, for example, the common brand name as part of, or along with, its firm name when a partner of the firm signs an audit report. (Ref: Para. R400.53(e)).

400.53 A7 Even if a firm does not belong to a network and does not use a common brand name as part of its firm name, it might appear to belong to a network if its stationery or promotional materials refer to the firm being a member of an association of firms. Accordingly, if care is not taken in how a firm describes such membership, a perception might be created that the firm belongs to a network. (Ref: Para. R400.53(e)).

400.53 A8 Professional resources include:

400.53 A9 Whether the shared professional resources are significant depends on the circumstances. For example:

R400.54 If a firm or a network sells a component of its practice, and the component continues to use all or part of the firm’s or network’s name for a limited time, the relevant entities shall determine how to disclose that they are not network firms when presenting themselves to outside parties.

400.54 A1 The agreement for the sale of a component of a practice might provide that, for a limited period of time, the sold component can continue to use all or part of the name of the firm or the network, even though it is no longer connected to the firm or the network. In such circumstances, while the two entities might be practicing under a common name, the facts are such that they do not belong to a larger structure aimed at cooperation. The two entities are therefore not network firms.

[Paragraphs 400.55 to 400.59 are intentionally left blank]

R400.60 A firm shall document conclusions regarding compliance with this Part, and the substance of any relevant discussions that support those conclusions. In particular:

1. When safeguards are applied to address a threat, the firm shall document the nature of the threat and the safeguards in place or applied; and

2. When a threat required significant analysis and the firm concluded that the threat was already at an acceptable level, the firm shall document the nature of the threat and the rationale for the conclusion.

400.60 A1 Documentation provides evidence of the firm’s judgements in forming conclusions regarding compliance with this Part. However, a lack of documentation does not determine whether a firm considered a particular matter or whether the firm is independent.

[Paragraphs 400.61 to 400.69 are intentionally left blank] Mergers and Acquisitions

400.70 A1 An entity might become a related entity of an audit client because of a merger or acquisition. A threat to independence and, therefore, to the ability of a firm to continue an audit engagement might be created by previous or current interests or relationships between a firm or network firm and such a related entity.

R400.71 In the circumstances set out in paragraph 400.70 A1,

1. The firm shall identify and evaluate previous and current interests and relationships with the related entity that, taking into account any actions taken to address the threat, might affect its independence and therefore its ability to continue the audit engagement after the effective date of the merger or acquisition; and

2. Subject to paragraph R400.72, the firm shall take steps to end any interests or relationships that are not permitted by the Code by the effective date of the merger or acquisition.

R400.72 As an exception to paragraph R400.71(b), if the interest or relationship cannot reasonably be ended by the effective date of the merger or acquisition, the firm shall:

1. Evaluate the threat that is created by the interest or relationship; and

2. Discuss with those charged with governance the reasons why the interest or relationship cannot reasonably be ended by the effective date and the evaluation of the level of the threat.

400.72 A1 In some circumstances, it might not be reasonably possible to end an interest or relationship creating a threat by the effective date of the merger or acquisition. This might be because the firm provides a non-assurance service to the related entity, which the entity is not able to transition in an orderly manner to another provider by that date.

400.72 A2 Factors that are relevant in evaluating the level of a threat created by mergers and acquisitions when there are interests and relationships that cannot reasonably be ended include:

R400.73 If, following the discussion set out in paragraph R400.72(b), those charged with governance request the firm to continue as the assurance practitioner, the firm shall do so only if:

1. The interest or relationship will be ended as soon as reasonably possible but no later than six months after the effective date of the merger or acquisition;

2. Any individual who has such an interest or relationship, including one that has arisen through performing a non-assurance service that would not be permitted by Section 600 and its subsections, will not be a member of the engagement team for the audit or the individual responsible for the engagement quality review; and

3. Transitional measures will be applied, as necessary, and discussed with those charged with governance.

400.73 A1 Examples of such transitional measures include:

R400.74 The firm might have completed a significant amount of work on the audit prior to the effective date of the merger or acquisition and might be able to complete the remaining audit procedures within a short period of time. In such circumstances, if those charged with governance request the firm to complete the audit while continuing with an interest or relationship identified in paragraph 400.70 A1, the firm shall only do so if it:

1. Has evaluated the level of the threat and discussed the results with those charged with governance;

2. Complies with the requirements of paragraph R400.73(a) to (c); and

3. Ceases to be the assurance practitioner no later than the date that the audit report is issued.

R400.75 Even if all the requirements of paragraphs R400.71 to R400.74 could be met, the firm shall determine whether the circumstances identified in paragraph 400.70 A1 create a threat that cannot be addressed such that objectivity would be compromised. If so, the firm shall cease to be the assurance practitioner.

R400.76 The firm shall document:

1. Any interests or relationships identified in paragraph 400.70 A1 that will not be ended by the effective date of the merger or acquisition and the reasons why they will not be ended;

2. The transitional measures applied;

3. The results of the discussion with those charged with governance; and

4. The reasons why the previous and current interests and relationships do not create a threat such that objectivity would be compromised.

[Paragraphs 400.77 to 400.79 are intentionally left blank.]

R400.80 If a firm concludes that a breach of a requirement in this Part has occurred, the firm shall:

1. End, suspend or eliminate the interest or relationship that created the breach and address the consequences of the breach;

2. Consider whether any legal or regulatory requirements apply to the breach and, if so:

   1. Comply with those requirements; and

   2. Consider reporting the breach to a professional or regulatory body or oversight authority if such reporting is common practice or expected in the relevant jurisdiction;

3. Promptly communicate the breach in accordance with its policies and procedures to:

   1. The engagement partner;

   2. The individual with operational responsibility for compliance with independence requirements;

   3. Other relevant personnel in the firm and, where appropriate, the network; and

   4. Those subject to the independence requirements in Part 4A who need to take appropriate action;

4. Evaluate the significance of the breach and its impact on the firm’s objectivity and ability to issue an audit report; and

5. Depending on the significance of the breach, determine:

   1. Whether to end the audit engagement; or

   2. Whether it is possible to take action that satisfactorily addresses the consequences of the breach and whether such action can be taken and is appropriate in the circumstances.

In making this determination, the firm shall exercise professional judgement and take into account whether a reasonable and informed third party would be likely to conclude that the firm's objectivity would be compromised, and therefore, the firm would be unable to issue an audit report.

400.80 A1 A breach of a provision of this Part might occur despite the firm having a system of quality management designed to address independence requirements. It might be necessary to end the audit engagement because of the breach.

400.80 A2 The significance and impact of a breach on the firm’s objectivity and ability to issue an audit report will depend on factors such as:

400.80 A3 Depending upon the significance of the breach, examples of actions that the firm might consider to address the breach satisfactorily include:

R400.81 If the firm determines that action cannot be taken to address the consequences of the breach satisfactorily, the firm shall inform those charged with governance as soon as possible and take the steps necessary to end the audit engagement in compliance with any applicable legal or regulatory requirements. Where ending the engagement is not permitted by laws or regulations, the firm shall comply with any reporting or disclosure requirements.

R400.82 If the firm determines that action can be taken to address the consequences of the breach satisfactorily, the firm shall discuss with those charged with governance:

1. The significance of the breach, including its nature and duration;

2. How the breach occurred and how it was identified;

3. The action proposed or taken and why the action will satisfactorily address the consequences of the breach and enable the firm to issue an audit report;

4. The conclusion that, in the firm’s professional judgement, objectivity has not been compromised and the rationale for that conclusion; and

5. Any steps proposed or taken by the firm to reduce or avoid the risk of further breaches occurring.

Such discussion shall take place as soon as possible unless an alternative timing is specified by those charged with governance for reporting less significant breaches.

400.83 A1 Paragraphs R300.9 and R300.10 set out requirements with respect to communicating with those charged with governance.

R400.84 With respect to breaches, the firm shall communicate in writing to those charged with governance:

1. All matters discussed in accordance with paragraph R400.82 and obtain the concurrence of those charged with governance that action can be, or has been, taken to satisfactorily address the consequences of the breach; and

2. A description of:

   1. The firm’s policies and procedures relevant to the breach designed to provide it with reasonable assurance that independence is maintained; and

   2. Any steps that the firm has taken, or proposes to take, to reduce or avoid the risk of further breaches occurring.

R400.85 If those charged with governance do not concur that the action proposed by the firm in accordance with paragraph R400.80(e)(ii) satisfactorily addresses the consequences of the breach, the firm shall take the steps necessary to end the audit engagement in accordance with paragraph R400.81.

R400.86 If the breach occurred prior to the issuance of the previous audit report, the firm shall comply with the provisions of Part 4A in evaluating the significance of the breach and its impact on the firm’s objectivity and its ability to issue an audit report in the current period.

R400.87 The firm shall also:

1. Consider the impact of the breach, if any, on the firm’s objectivity in relation to any previously issued audit reports, and the possibility of withdrawing such audit reports; and

2. Discuss the matter with those charged with governance.

R400.88 In complying with the requirements in paragraphs R400.80 to R400.87, the firm shall document:

1. The breach;

2. The actions taken;

3. The key decisions made;

4. All the matters discussed with those charged with governance; and

5. Any discussions with a professional or regulatory body or oversight authority.

R400.89 If the firm continues with the audit engagement, it shall document:

1. The conclusion that, in the firm’s professional judgement, objectivity has not been compromised; and

2. The rationale for why the action taken satisfactorily addressed the consequences of the breach so that the firm could issue an audit report.

405.1 Section 400 requires a firm to be independent when performing an audit engagement, and to apply the conceptual framework set out in Section 120 to identify, evaluate and address threats to independence. This section sets out specific requirements and application material relevant to applying the conceptual framework when performing a group audit engagement.

405.2 A1 ISAs (NZ) apply to an audit of group financial statements. ISA (NZ) 600 (Revised) deals with special considerations that apply to an audit of group financial statements, including when component auditors are involved. ISA (NZ) 600 (Revised) requires the group engagement partner to take responsibility for confirming whether the component auditors understand and will comply with the relevant ethical requirements, including those related to independence, that apply to the group audit. The independence requirements referred to in ISA (NZ) 600 (Revised), or other relevant auditing standards applicable to group audits that are equivalent to ISA 600 (NZ) (Revised), are those specified in this section.

405.2 A2 A component auditor firm that participates in a group audit engagement might separately issue an audit opinion on the financial statements of the component audit client. Depending on the circumstances, the component auditor firm might need to comply with different independence requirements when performing audit work for a group audit and separately issuing an audit opinion on the financial statements of the component audit client for statutory, regulatory or other reasons.

R405.3 ISA (NZ) 600 (Revised) requires the group engagement partner to take responsibility to make a component auditor aware of the relevant ethical requirements that are applicable given the nature and the circumstances of the group audit engagement. When making the component auditor firm aware of the relevant ethical requirements, the group auditor firm shall communicate at appropriate times the necessary information to enable the component auditor firm to meet its responsibilities under this section.

405.3 A1 Examples of matters the group auditor firm might communicate include:

R405.4 ISA (NZ) 600 (Revised) also requires the group engagement partner to request the component auditor to communicate whether the component auditor has complied with the relevant ethical requirements, including those related to independence, that apply to the group audit engagement. For the purposes of this section, such a request shall include the communication of:

1. Any independence matters that require significant judgement; and

2. In relation to those matters, the component auditor firm’s conclusion whether the threats to its independence are at an acceptable level, and the rationale for that conclusion.

405.4 A1 If a matter comes to the attention of the group engagement partner that indicates that a threat to independence exists, ISA (NZ) 220 (Revised) requires the group engagement partner to evaluate the threat and take appropriate action.

R405.5 Members of the group audit team within, or engaged by, the group auditor firm and its network firms shall be independent of the group audit client in accordance with the requirements of this Part that are applicable to the audit team.

R405.6 Members of the group audit team within, or engaged by, a component auditor firm outside the group auditor firm’s network shall be independent of:

1. The component audit client;

2. The entity on whose group financial statements the group auditor firm expresses an opinion; and

3. Any entity over which the entity in subparagraph (b) has direct or indirect control, provided that such entity has direct or indirect control over the component audit client,

in accordance with the requirements of this Part that are applicable to the audit team.

R405.7 In relation to related entities or components within the group audit client other than those covered in paragraph R405.6, a member of the group audit team within, orengaged by, a component auditor firm outside the group auditor firm’s network shall notify the component auditor firm about any relationship or circumstance the individual knows, or has reason to believe, might create a threat to the individual’s independence in the context of the group audit.

405.7 A1 Examples of relationships or circumstances involving the individual or any of the individual’s immediate family members, as applicable, that are relevant to the individual’s consideration when complying with paragraph R405.7 include: