1. Page 1 | Proprietary and Copyrighted Information Safeguards Gary Hannaford, Task Force Chair IESBA Meeting June 27–28, 2016

2. Page 2 | Proprietary and Copyrighted Information Feedback on proposals – NSS, CAG, SMPC Summary of Responses to Safeguards ED-1 –Enhancements to the Conceptual Framework –Description of reasonable and informed third party (RIPT) –Description of acceptable level –Description of safeguards and conditions, policies and procedures –Matters pertaining to Section 300 Proposals for non-assurance services (NAS) Outline

3. Page 3 | Proprietary and Copyrighted Information Enhanced guidance for applying the CF –More robust provisions to identify, evaluate and address threats –New requirement that emphasize the need for PAs to re-evaluate threats –New requirement for PAs to perform an overall assessment (step-back) Improved descriptions of key terms and concepts –Reasonable and informed third party –Acceptable level –Safeguards Streamlined examples of safeguards that are linked to threats Recap of Safeguards ED-1 Proposals

4. Page 4 | Proprietary and Copyrighted Information Comment period closed March 21, 2016 53 comment letters received across a range of stakeholder categories, including from the CAG Task Force meeting May 9-10, 2016 to consider responses –IOSCO and IFIAR letters after meeting Input received from June 2016 NSS, CAG teleconference and SMPC Task Force meeting in July 2016 to further refine proposals based on input from this IESBA meeting Background and Recent Activities

5. Page 5 | Proprietary and Copyrighted Information Complimentary of progress to-date, general support for revisions to ED-1 –Replace “…compliance with…” with “…achieving a stated ethical outcome…” to avoid language that is associated with adhering to rules –Term “acceptable level” is too low a level –Clarify whether threats to “objectivity” are the same as threats to “independence of mind” –Questions remain about description of RITP test (who should perform test?) –More guidance needed for safeguards (e.g., designing, documentation) –One participant (South Africa) is of a strong view that stages are still unclear and reemphasize the need for a requirement to “design and implement” a safeguard Feedback from NSS – Phase 1

6. Page 6 | Proprietary and Copyrighted Information Complimentary of progress made to-date and thankful for opportunity to provide early input Concerns about the description of RITP test similar to NSS Because similar concepts are routed in legal frameworks, it is possible that there might be various interpretations of this test Question about whether “new information” also means “contradictory information” (R120.7) Feedback from CAG

7. Page 7 | Proprietary and Copyrighted Information Summary of Responses to Safeguards ED-1 Agenda Items 3-A and 3-B

8. Page 8 | Proprietary and Copyrighted Information Strong support for project objectives, but also some reservations about making extensive changes to the CF Comments received about: –Need to refer to threats to independence in S120 –Proposals go beyond safeguards project scope –Confusion about the link between S120 and S300 –Appropriateness of the examples of safeguards in S300 –Timing of the project: Desire to see how proposals fit within whole restructure Code General Comments

9. Page 9 | Proprietary and Copyrighted Information Structure Task Force considering revisions to address concerns about independence More work to be done to address concerns about S300, but –Revisions made in S300 to align with revisions in S120 –New application material in S120 to refer to provisions in S300 –Some editorial suggestions taken on to improve the examples of safeguards IESBA to consider how to address concerns about timing at June meeting Response to General Comments

10. Page 10 | Proprietary and Copyrighted Information Strong support for proposals – The CF is described as being more “streamlined” and “clearer” Confusion about number of stages in the conceptual framework (three? or five?) –What is the difference between the requirements for “re-evaluating threats” and the “overall assessment”? –When to perform the overall assessment? Does it apply to firms? –Is there are need for an additional stage to “design and implement a safeguard”? Identifying, Evaluating and Addressing Threats Enhanced Description of the Conceptual Framework

11. Page 11 | Proprietary and Copyrighted Information New placement of requirements and revised introduction to clarify the timing for re-evaluating threats and performing the overall assessment New title headings –“Consideration of New Information or Changes in Facts and Circumstances” replaces “Re-evaluating Threats” –“Consideration of Significant Judgments Made and Overall Conclusions Reached” replaces “Overall Assessment” Other refinements to clarify proposals based on some respondents’ suggestions Task Force Response Enhanced Description of the Conceptual Framework

12. Page 12 | Proprietary and Copyrighted Information Strong support for establishing a description of reasonable and informed third party, but requests for further clarification –Confusion by the use of the word “hypothetical” –Varying views about who should be doing the test –Need to emphasize that the evaluation needs to be objective –Need to align with how the concept is used elsewhere in the Code (e.g., NOCLAR) –Consider how to accommodate existing descriptions of similar terms (e.g., in the EU and South Africa) Reasonable and Informed Third Party

13. Page 13 | Proprietary and Copyrighted Information Revised wording to clarify that the concept is a test, which: –Involves a consideration by the PA about whether an objective person who possesses skills, knowledge and experience to evaluate the appropriateness of the PA’s judgments and conclusions would likely reach the same conclusions –Entails that objective person weighing all the relevant facts and circumstances that the PA knows, or could reasonably be expected to know, at the time that the PA’s judgments and conclusions were made Task Force Response Reasonable and Informed Third Party

14. Page 14 | Proprietary and Copyrighted Information Retain proposals to withdraw certain activities (e.g., firm-specific safeguards) which were formerly safeguards, but reinstate some extant wording to clarify its importance in the identification and evaluation of threats More explicit statement in S120 to indicate that there are situations when safeguards will not be capable of reducing threats to an acceptable level Several structural and editorials changes to improve flow of CF Other Significant Revisions

15. Page 15 | Proprietary and Copyrighted Information Proposed Revisions to NAS Agenda Items 3-C and 3-D

16. Page 16 | Proprietary and Copyrighted Information April 2015 NAS revisions – already effective Integrated Code means that enhancements in Safeguards ED-1 and Structure ED-1 critical Safeguards Phase 1 is focused on developing clearer and more robust conceptual framework –Improved descriptions of key terms, such as RITP and safeguards Task Force’s current proposals Future need to review permissibility of certain NAS?? Journey to Enhancing NAS Section of the Code

17. Page 17 | Proprietary and Copyrighted Information Proposed revisions in Agenda Item 3-D are to: –Restructure material to meet the objective of the Structure of the Code project (i.e., clarify, adopt new convention, but not change meaning) –Align to Safeguards ED-1 by way of a conforming amendment –Address certain concerns from stakeholders, including the CAG based on IESBA outreach and outstanding matters from NAS project –Revise safeguards in NAS section of the Code Nature of Revisions in Section 600

18. Page 18 | Proprietary and Copyrighted Information Enhanced guidance for identifying, evaluating and address threats created from NAS Interaction between the general provisions and the more specific provisions is clarified Prohibitions prominently positioned as first in each subsection New application material to address materiality Consistent wording to describe examples of safeguards –Task Force is still exploring appropriateness of certain safeguards Highlights of Significant Revisions to NAS

19. Page 19 | Proprietary and Copyrighted Information NAS section of the Code provides specific provisions for providing certain types of NAS to audit clients Task Force believes that it is important for the Code to have general provisions for situations when a firm might provide a type of NAS that is not explicitly addressed in the Code Examples of factors that are important to the evaluation of the level of threats in 600.4 A4 is adapted from material in extant Code NAS – Identifying, Evaluating and Addressing Threats

20. Page 20 | Proprietary and Copyrighted Information Developed jointly with the Structure Task Force, new introductory material to explain in 600.1 and 600.2 that: –Reference to threats in the context of the NAS section of the code means “threats to independence” and “threats to compliance with the fundamental principles” –Emphasize that the provisions in Sections 120, 300 and 400 also apply even when they are not referenced or repeated in Section 600 –Remind readers that subsections 601–611 contain more detailed provisions Clarification of Link Between General Provisions and More Specific Provisions

21. Page 21 | Proprietary and Copyrighted Information In response to certain stakeholders’ feedback, including the CAG, throughout Section 600, provisions are positioned: –First, prohibitions with respect to audits of PIEs –Second, prohibitions with respect to audits of non-PIEs –Third, requirements and application material for applying the CF when accepting and providing a NAS to an audit client If this approach is adopted, consistent presentation will need to be made throughout the rest of the Code Prominent Positioning of Prohibitions

22. Page 22 | Proprietary and Copyrighted Information New application material to provide guidance about materiality in relation to an audit’s client’s f/s –Draws from material in 2012 IESBA Staff Q&A –Includes a pointer to ISA 320 Questions already raised from NSS and SMPC about the –Placement of new guidance and whether it should only be for NAS –Usefulness: Can something more specific be said in the context of the Code? Materiality

23. Page 23 | Proprietary and Copyrighted Information Examples of Safeguards Generally, the examples of safeguards to address threats are: –Have a professional who is not a member of the audit team perform the NAS –Have a professional who is not involved in providing the NAS review the NAS work –Hire a professional external to the firm to review the NAS Revised examples of safeguards are described in a more consistent manner across the subsections and the type of threat is identified More work to be done with respect to the appropriateness of safeguards, in light of IOSCO feedback on examples of Safeguards in Safeguards ED-1

24. Page 24 | Proprietary and Copyrighted Information Cautionary remarks about the impact of changing the phrase “significance of a threat” to “level of a threat” SMPC do not support extending prohibition of providing recruiting services to an audit client w.r.t. director, officer of the entity or senior management to non-PIEs Stronger linkage needed between guidance for evaluating threats and the types of threats Calls for more guidance about materiality and what it means in the context of the Code (Australian Code has done this and IAASB liaison needed) Reservations about the management services section absent a mark-up to show changes from April 2015 NAS revisions Feedback from NSS and SMPC – Phase 2

25. Page 25 | Proprietary and Copyrighted Information Coordination and liaison with Structure of the Code Task Force and other Task Forces continue to be critical September 2016 IESBA CAG and IESBA meetings –3-day Task Force meeting in July 2016 to further refine proposals in light of feedback from IESBA on Safeguards ED-1 and NAS –Agreeing to a near-final draft of Section 120 at the September 2016 IESBA meeting is critical to timely finalization of both Safeguards and Structure of the Code projects Next Steps

26. The Ethics Board www.ethicsboard.org