DECEMBER 2019 AND JUNE 2020

SUPPLEMENT

Qualification Programme

Module C
Business Assurance
 Published by BPP Learning Media Ltd.
The copyright in this publication is jointly owned by
BPP Learning Media Ltd and HKICPA.

All rights reserved. No part of this publication may be

reproduced or transmitted in any form or by any means
or stored in any retrieval system, electronic, mechanical,
photocopying, recording or otherwise without the prior
permission of the copyright owners.

©
HKICPA and BPP Learning Media Ltd
2019

ii
 Business Assurance

Changes at a glance

Amended on Learning Pack and Flashcards Supplement

Chapter Name Page

Part A: Identified Errata

Learning Pack
10 Fraud and irregularities 1

Part B: Technical Updates

Learning Pack
1 Scope of corporate governance 1
2 Corporate governance reports and practice 1
4 Code of ethics 3
5 Framework for assurance engagements 39
7 Changes in auditor appointment 40
10 Fraud and irregularities 41
13 Specific audit procedures 44
15 Accounting estimates, opening balances and
comparatives 44
16 Overall audit review and finalisation 54
17 Audit reporting 54
19 Audit-related services and other assurance
engagements 55
Answers to exam practice questions 56
Question bank – questions 56
Question bank – answers 56
Index 58
Flashcards
2 Corporate governance reports and practice 59
4 Code of ethics 60
10 Fraud and irregularities 62
19 Audit-related services and other assurance
engagements 63

iii
 Business Assurance

Introduction

This Supplement is to be used in conjunction with the sixth edition of the Learning Pack, and it will
bring you fully up to date for developments that have occurred in the period since publication of the
Learning Pack and up to 31 May 2019, the cut-off date for examinable standards and legislation for
the December 2019 and June 2020 examinations. You will find a list of the standards that are
examinable in your examination session by logging onto the HKICPA online QP Learning Centre.
The Supplement comprises a technical update on developments that will be examinable in
December 2019 and June 2020 examination sessions that are not currently covered in the
Learning Pack. The topics covered are listed on the contents page and are covered in chapter
order.
In each case the text in the Supplement explains how the Learning Pack is affected by the change,
for example whether the new material should be read in addition to the current material in the
Learning Pack, or whether the new material should be regarded as a replacement.
Good luck with your studies!

iv
 Business Assurance

Identified Errata – Learning Pack

Chapter 10 Fraud and irregularities

Section 1.9 The first paragraph of this section contained a typo, which is corrected as
follows (the correction is underlined):
Page 297
HKSA 240 requires the auditor, when forming the overall conclusion, to evaluate
whether analytical procedures that are performed near the end of the audit
indicate a previously unrecognised risk of material misstatement due to fraud.

Technical Updates – Learning Pack

Chapter 1 Scope of corporate governance

Section 1.2 In the first paragraph under 1.2, the word 'Codes' is changed to 'codes'.
Pages 6–7 Under the heading 'In Hong Kong', all references to 'the Code on Corporate
Governance Practices' are changed to 'the Corporate Governance Code',
and all references to 'the HK Code' are changed to 'the Code'.
The last sentence of the final paragraph under 'In Hong Kong' is changed
as follows:
Hong Kong companies may also devise their own Corporate Governance Code
on such terms as they may consider appropriate.

Section 1.4 In the last paragraph on page 7, the square brackets around the word 'is'
are removed.
Page 7

Section 1.6 The last sentence of the second paragraph beneath the table is corrected
as follows:
Page 14
It should help listed companies to understand and fulfil the requirements on
internal controls contained in the Corporate Governance Code and disclosures
in the Corporate Governance Report (Main Board and the GEM Listing Rules,
respectively).

Answers to Under the heading 'Answer 2', all references to 'the Code on Corporate
self-test Governance Practices' are changed to 'the Corporate Governance Code',
questions – and all references to 'the HK Code' are changed to 'the Code'.
Answer 2
Page 29

Chapter 2 Corporate governance reports and practice

Section 2.1 Reference to 'the Code on Corporate Governance Practices' is changed to

'the Corporate Governance Code', and all references to 'the HK Code' are
Topic
changed to 'the Code'.
highlights
Page 36

Section 2.1.1 Throughout section 2.1.1, all references to 'the HK Code' are changed to
'the Code', and all references to the 'Code on Corporate Governance
Pages 36–39
Practices' are changed to the 'Corporate Governance Code'.

1
 Business Assurance

Section 2.1.2 The title of section 2.1.2 changes to 'Principles of the Code and the UK
Corporate Governance Code'.
Pages 39–42
In the bullet list at the bottom of page 39, a second bracket is added to the
end of the second bullet as follows:
 More specific provisions (Code provisions (CP))
Throughout section 2.1.2, all references to 'the HK Code' are changed to
'the Code'.

Section 2.1.4 All references to the 'HK Code' are changed to the 'Code'.
Page 43

Section 2.1.5 All references to the 'HK Code' are changed to the 'Code'.
Page 44

Section 3 Reference to the 'HK Code' changes to the 'Code'.

Topic
highlights
Page 44

Section 3.1 All references to the 'HK Code' are changed to the 'Code'.
Page 44 The first sentence of the second paragraph is amended as follows:
In contrast to other corporate governance reporting regimes, the Code is
broader in coverage but less onerous in terms of required management
action and attestation.

Section 3.5 All references to the 'HK Code' are changed to the 'Code'.
Page 47 The last sentence of the second paragraph is amended as follows:
Issuers may also devise their own Corporate Governance Code on such terms
as they may consider appropriate.

Section 3.6 Under 'Self-test question 2', the first sentence changes as follows:
Page 54 There are several provisions in Section C of the Corporate Governance Code
('the Code') about the annual review of the risk management and internal control
system of listed companies.

Section 4.1 All references to the 'HK Code' in 'Topic highlights' are changed to the
'Code'.
Page 57

Section 4.3.1 All references to the 'HK Code' are changed to the 'Code'.
Page 60

Answers to All references to the 'HK Code' are changed to the 'Code'.
self-test
questions –
Answer 1
Page 63

2
 Business Assurance

Chapter 4 Code of ethics

Topic list New section is inserted as section 8. Existing section 8 becomes section 9.
8 Specific guidance: Anti-money laundering and counter-terrorist
financing for professional accountants
8.1 The nature of money laundering
8.2 AML/CFT policies, procedures and controls
9 Other issues
9.1 Client acceptance
9.2 Engagement acceptance
9.3 Changes in professional appointment
9.4 Marketing professional services
9.5 Custody of entity's assets
9.6 Integrity, objectivity and independence in insolvency

Chapter The text from the start of page 101 down to before the heading 'SECTION A:
introduction General application of the Code', is replaced with the following:
Page 101 It is important that you understand the topic well. Auditors are subject to ethical
requirements imposed by the accountancy bodies; in Hong Kong, it is the
HKICPA.
Code of Ethics for Professional Accountants Revised June 2010; February
2012; November 2013; March 2014; January 2015; December 2016;
February 2018; and November 2018.
This Code of Ethics for Professional Accountants (the Code) was originally
effective from 1 January 2011, although the several subsequent amendments to
bring it into line with the IESBA Code of Ethics are effective from different dates
indicated within each amendment. All subsequent amendments to the Code (up
until the cut-off date for your exam) have been incorporated into this Learning
Pack.
All Professional Accountants are required to comply with the Code.
Section A – REQUIREMENTS AND APPLICATION MATERIAL FOR
PROFESSIONAL ACCOUNTANTS
Section B – [NOT USED]
Section C – ADDITIONAL ETHICAL REQUIREMENTS
Section D – COMPARISON WITH THE IESBA CODE OF ETHICS FOR
PROFESSIONAL ACCOUNTANTS
Section E – SPECIALIZED AREAS OF PRACTICE
Section F – GUIDELINES ON ANTI-MONEY LAUNDERING AND COUNTER-
TERRORIST FINANCING FOR PROFESSIONAL ACCOUNTANTS

Professional Accountant Professional Accountant

in Public Practice in Business
Definition: Professional accountant Professional accountant
in a firm that provides employed or engaged in
professional services an executive or
non-executive capacity
i.e. commerce, industry,
service etc.
Adoption of which Parts of A,D,E,F of the Code A,C D,E,F of the Code
the Code:

3
 Business Assurance

Section 1.1 Within the grey box, the material quoted from the Code is deleted and
replaced with:
Page 102
'A distinguishing mark of the accountancy profession is its acceptance of the
responsibility to act in the public interest. A professional accountant's
responsibility is not exclusively to satisfy the needs of an individual client or
employing organization. Therefore, the Code contains requirements and
application material to enable professional accountants to meet their
responsibility to act in the public interest.'
(HKICPA Code of Ethics: para. 100.1 A1)
Section 1.2 The material in section 1.2 The fundamental principles is removed and
replaced with the following.
Page 102

1.2 The fundamental principles

HKICPA Code of Ethics

Integrity. A professional accountant shall comply with the principle of

integrity, which requires an accountant to be straightforward and honest in
all professional and business relationships (HKICPA Code of Ethics: para.
R111.1).
Integrity also implies fair dealing and truthfulness (HKICPA Code of
Ethics: para. 111.1 A1).
A professional accountant shall not knowingly be associated with reports,
returns, communications or other information where the accountant believes
that the information:
(a) Contains a materially false or misleading statement;
(b) Contains statements or information provided recklessly; or
(c) Omits or obscures required information where such omission or
obscurity would be misleading.
(HKICPA Code of Ethics: para. R111.2)
Objectivity. A professional accountant shall comply with the principle of
objectivity, which requires an accountant not to compromise professional or
business judgment because of bias, conflict of interest or undue
influence of others (HKICPA Code of Ethics: para. R112.1).
A professional accountant shall not undertake a professional activity if a
circumstance or relationship unduly influences the accountant's professional
judgment regarding that activity (HKICPA Code of Ethics: para. R112.2).
Professional competence and due care. A professional accountant shall
comply with the principle of professional competence and due care, which
requires an accountant to:
(a) Attain and maintain professional knowledge and skill at the level
required to ensure that a client or employing organization receives
competent professional service, based on current technical and
professional standards and relevant legislation; and
(b) Act diligently and in accordance with applicable technical and
professional standards.
(HKICPA Code of Ethics: para. R113.1)
Professional competence requires both attainment and maintenance of
professional competence, which requires continuing awareness and
understanding of relevant technical, professional and business
developments (HKICPA Code of Ethics: para. 113.1 A2).
4
 Business Assurance

Diligence encompasses the responsibility to act in accordance with the

requirements of an assignment, carefully, thoroughly and on a timely basis
(HKICPA Code of Ethics: para. 113.1 A3).
In complying with the principle of professional competence and due care, a
professional accountant shall take reasonable steps to ensure that those
working in a professional capacity under the accountant's authority have
appropriate training and supervision (HKICPA Code of Ethics: para.
R113.2).
Where appropriate, a professional accountant shall make clients, the
employing organization, or other users of the accountant's professional
services or activities, aware of the limitations inherent in the services or
activities (HKICPA Code of Ethics: para. R113.3).
Confidentiality. A professional accountant shall comply with the principle of
confidentiality, which requires an accountant to respect the confidentiality of
information acquired as a result of professional and business relationships.
An accountant shall:
(a) Be alert to the possibility of inadvertent disclosure, including in a
social environment, and particularly to a close business associate or
an immediate or a close family member;
(b) Maintain confidentiality of information within the firm or employing
organization;
(c) Maintain confidentiality of information disclosed by a prospective
client or employing organization;
(d) Not disclose confidential information acquired as a result of
professional and business relationships outside the firm or employing
organization without proper and specific authority, unless there is
a legal or professional duty or right to disclose;
(e) Not use confidential information acquired as a result of professional
and business relationships for the personal advantage of the
accountant or for the advantage of a third party;
(f) Not use or disclose any confidential information, either acquired or
received as a result of a professional or business relationship, after
that relationship has ended; and
(g) Take reasonable steps to ensure that personnel under the
accountant's control, and individuals from whom advice and
assistance are obtained, respect the accountant's duty of
confidentiality.
(HKICPA Code of Ethics: para. R114.1)
The following are circumstances where professional accountants are or
might be required to disclose confidential information or when such
disclosure might be appropriate:
 Disclosure is required by law
 Disclosure is permitted by law and is authorized by the client or the
employing organization
 There is a professional duty or right to disclose, when not prohibited
by law:
– To comply with the quality review of a professional body
– To respond to an inquiry or investigation by a professional
or regulatory body

5
 Business Assurance

– To protect the professional interests of a professional

accountant in legal proceedings; or
– To comply with technical and professional standards, including
ethics requirements.
(HKICPA Code of Ethics: para. 114.1 A1)
In deciding whether to disclose confidential information, factors to
consider, depending on the circumstances, include:
 Whether the interests of any parties, including third parties
whose interests might be affected, could be harmed if the client
or employing organization consents to the disclosure of
information by the professional accountant.
 Whether all the relevant information is known and
substantiated, to the extent practicable. Factors affecting the
decision to disclose include:
– Unsubstantiated facts.
– Incomplete information.
– Unsubstantiated conclusions.
 The proposed type of communication, and to whom it is
addressed.
 Whether the parties to whom the communication is addressed
are appropriate recipients.
(HKICPA Code of Ethics: para. 114.1 A2)
Additional requirements are set out in Section 400 'Unlawful Acts or Defaults
by Clients of Members' and Section 500 'Unlawful Acts or Defaults by or on
Behalf of a Member's Employer' under Chapter C of the Code.
Professional behaviour. A professional accountant shall comply with the
principle of professional behavior, which requires an accountant to comply
with relevant laws and regulations and avoid any conduct that the
accountant knows or should know might discredit the profession.
A professional accountant shall not knowingly engage in any business,
occupation or activity that impairs or might impair the integrity, objectivity or
good reputation of the profession, and as a result would be incompatible with
the fundamental principles (HKICPA Code of Ethics: para. R115.1).
When undertaking marketing or promotional activities, a professional
accountant shall not bring the profession into disrepute. A professional
accountant shall be honest and truthful and shall not make:
(a) Exaggerated claims for the services offered by, or the qualifications or
experience of, the accountant; or
(b) Disparaging references or unsubstantiated comparisons to the work of
others.
(HKICPA Code of Ethics: para. R115.2)

6
 Business Assurance

Section 1.3 The material in section 1.3 The conceptual framework is removed and
replaced with the following.
Page 103
The conceptual framework specifies an approach for a professional accountant
to:
(a) Identify threats to compliance with the fundamental principles;
(b) Evaluate the threats identified; and
(c) Address the threats by eliminating or reducing them to an acceptable
level.
(HKICPA Code of Ethics: para. 120.2)
This approach is discussed in greater detail in section 2 of this chapter.
When applying the conceptual framework, the professional accountant shall:
(a) Exercise professional judgment;
(b) Remain alert for new information and to changes in facts and
circumstances; and
(c) Use the reasonable and informed third party test (see below).
(HKICPA Code of Ethics: para. R120.5)
It is fundamental to the conceptual framework approach taken by the HKICPA
Code of Ethics that ethical compliance is not as simple as merely conforming to
rules. Rather, the professional accountant is required to act from within, in
accordance with the fundamental principles; doing this requires the accountant
to use their professional judgment in determining the best course of action in a
given situation.
The reasonable and informed third party test is a consideration by the
professional accountant about whether the same conclusions would likely be
reached by another party. Such consideration is made from the perspective of a
reasonable and informed third party, who weighs all the relevant facts and
circumstances that the accountant knows, or could reasonably be expected to
know, at the time the conclusions are made (HKICPA Code of Ethics: para.
120.5 A4).
Use professional judgment in applying this conceptual framework.
Section 1.4 The material in section 1.4 Threats to compliance with the fundamental
principles is removed and replaced with the following.
Page 104
Threats to compliance with the fundamental principles fall into one or more of the
following categories:
Self-interest threat – the threat that a financial or other interest will
inappropriately influence a professional accountant's judgment or behaviour.
Self-review threat – the threat that a professional accountant will not
appropriately evaluate the results of a previous judgment made; or an
activity performed by the accountant, or by another individual within the
accountant's firm or employing organization, on which the accountant will rely
when forming a judgment as part of performing a current activity.
Advocacy threat – the threat that a professional accountant will promote a
client's or employing organization's position to the point that the
accountant's objectivity is compromised.
Familiarity threat – the threat that due to a long or close relationship with a
client, or employing organization, a professional accountant will be too
sympathetic to their interests or too accepting of their work.

7
 Business Assurance

Intimidation threat – the threat that a professional accountant will be deterred

from acting objectively because of actual or perceived pressures, including
attempts to exercise undue influence over the accountant.
(HKICPA Code of Ethics: para. 120.6 A3)
Section 1.5 Section 1.5 is deleted and replaced with the following.
Page 104
1.5 Evaluating threats
When the professional accountant identifies a threat to compliance with the
fundamental principles, the accountant shall evaluate whether such a threat is at
an acceptable level (HKICPA Code of Ethics: para. R120.7).
An acceptable level is determined using the reasonable and informed third
party test (HKICPA Code of Ethics: para. 120.7 A1).
The consideration of qualitative as well as quantitative factors is relevant in the
professional accountant's evaluation of threats, as is the combined effect of
multiple threats, if applicable (HKICPA Code of Ethics: para. 120.8 A1).
If the professional accountant becomes aware of new information or changes
in facts and circumstances that might impact whether a threat has been
eliminated or reduced to an acceptable level, the accountant shall re-evaluate
and address that threat accordingly (HKICPA Code of Ethics: para. R120.9).
If the threats are not at an acceptable level, the accountant shall address the
threats by eliminating them or reducing them to an acceptable level. The
accountant shall do so by:
(a) Eliminating the circumstances, including interests or relationships, that
are creating the threats;
(b) Applying safeguards, where available and capable of being applied, to
reduce the threats to an acceptable level; or
(c) Declining or ending the specific professional activity
(HKICPA Code of Ethics: para. R120.10)
Section 2.1 After the diagram, the material from 'The guidance states its purpose', until
the end of section 2.1, is removed.
Page 106
Section 2.2 Within the key terms box, the definition of 'independence in appearance' is
changed to the following:
Page 107

Key term
Independence in appearance: The avoidance of facts and circumstances that
are so significant that a reasonable and informed third party would be likely to
conclude that a firm's or an audit or assurance team member's integrity,
objectivity or professional scepticism has been compromised.
(HKICPA Code of Ethics: para. 120.12 A1)

8
 Business Assurance

Section 2.2 The material from the heading 'Section 290 Independence – Audit and
review engagements' to just before the 'Topic highlights', is removed and
Page 107
replaced with the following:
Professional scepticism
Professional accountants in public practice are required to exercise professional
scepticism when planning and performing audits, reviews and other assurance
engagements. Professional scepticism and the fundamental principles are
inter-related concepts (HKICPA Code of Ethics: para. 120.13 A1).
The Code gives examples of the connection between professional scepticism
and the fundamental principles. For example:
Integrity requires the professional accountant to be straightforward and honest.
For example, the accountant complies with the principle of integrity by:
(a) Being straightforward and honest when raising concerns about a position
taken by a client; and
(b) Pursuing inquiries about inconsistent information and seeking further audit
evidence to address concerns about statements that might be materially
false or misleading in order to make informed decisions about the
appropriate course of action in the circumstances.
In doing so, the accountant demonstrates the critical assessment of audit
evidence that contributes to the exercise of professional scepticism (HKICPA
Code of Ethics: para. 120.13 A2).

Section 2.2 At the end of this section (at the bottom of p107), the following material is
added:
Page 107
The HKICPA Code of Ethics makes a distinction between listed companies,
(or public interest companies), and private companies. The Code frequently
contains additional considerations for auditors of listed or public interest entities
– the requirements in this area are usually more stringent. These terms should
be understood as follows.

Key terms
Listed entity An entity whose shares, stock or debt are quoted or listed on a
recognised stock exchange, or are marketed under the regulations of a
recognised stock exchange (such as the Hong Kong Stock Exchange) or other
equivalent body.
Public interest entity
(a) A listed entity; or
(b) An entity:
(i) Defined by regulation or legislation as a public interest entity; or
(ii) For which the audit is required by regulation or legislation to be
conducted in compliance with the same independence
requirements that apply to the audit of listed entities. Such
regulation might be promulgated by any relevant regulator,
including an audit regulator.
(HKICPA Code of Ethics: Glossary)

9
 Business Assurance

Section 2.3 The diagram at the start of the section is replaced with the following:
Page 108
Business relationships Serving as a director or officer of an audit client

Financial interest Compensation and evaluation policies

Recruitment SELF-INTEREST THREAT Gifts and hospitality

Lowballing % or contingent fees Loans and guarantees

Fees – relative size Overdue fees

All of the material within section 2.3 – i.e. from 2.3.1 down to the end of
2.3.14 – is replaced with the following.

2.3.1 Financial interests

A financial interest exists where an audit firm has a financial interest in a
client's affairs – for example, the audit firm owns shares in the client, or is a
trustee of a trust that holds shares in the client.
A financial interest in a client constitutes a substantial self-interest threat.
According to the HKICPA Code, the parties listed below are not allowed to
own a direct financial interest or an indirect material financial interest in a
client.
 The assurance firm
 A member of the assurance team or of the engagement partner's
immediate family
 Any other partner in the same office (or their immediate family)
 Other partners/managers who provide non-audit services to the audit client
(HKICPA Code of Ethics: para. R510.4)
If these hold a direct financial interest, then no safeguards would be
sufficient.
For members of the audit team, if the interest is not direct (e.g. is held by an
employee's pension scheme) or is not material (so the client cannot exercise
significant influence over the auditor), then the following safeguards may be
relevant:
 Disposing of the interest
 Removing the individual from the team if required
 Using an independent partner to review work carried out if necessary
Such matters will involve judgment on the part of the partners making decisions
about such matters. For example, what constitutes a material interest? A small
percentage stake in a company might be material to its owner. How does the
firm judge the closeness of a relationship between staff and their families? In
other words, what does 'immediate' mean in this context?
Audit firms should have quality control procedures requiring staff to disclose
relevant financial interests for themselves and close family members. They
should also foster a culture of voluntary disclosure on an ongoing basis so that
any potential problems are identified on a timely basis.
(HKICPA Code of Ethics: para. 510.10)

10
 Business Assurance

2.3.2 Loans and guarantees

The advice on loans and guarantees falls into two categories:
 The client is a bank or other similar institution
 Other situations
If a lending institution client lends an immaterial amount to an audit firm or
member of the audit team on normal commercial terms, there is no threat to
independence. If the loan were material, it would be necessary to apply
safeguards to bring the self-interest threat to an acceptable level. A suitable
safeguard is likely to be an independent review (by a partner from another office
in the firm) (HKICPA Code of Ethics: para 511.5 A3).
Loans to members of the audit team from a bank or other lending institution
client are likely to be material to the individual but, provided that they are on
normal commercial terms, these do not constitute a threat to independence.
An audit firm or individual on the audit team should not enter into any loan or
guarantee arrangement with a client that is not a bank or similar institution
(HKICPA Code of Ethics: para. R511.5).
The firm or audit team member must not make a material loan to a client
(HKICPA Code of Ethics: para. R511.4). This rule is important because overdue
fees from a previous audit could be construed to be a loan, and must therefore
be settled before an audit begins.
2.3.3 Business relationships
Examples of when an audit firm and an audit client have an inappropriately close
business relationship include:
 Having a material financial interest in a joint venture with the assurance
client
 Arrangements to combine one or more services or products of the firm
with one or more services or products of the assurance client and to
market the package with reference to both parties

 Distribution or marketing arrangements under which the firm acts as

distributor or marketer of the assurance client's products or services or
vice versa
(HKICPA Code of Ethics: para. 520.3 A2)
Again, it will be necessary for the partners to judge the materiality of the interest
and therefore its significance. However, unless the interest is clearly
insignificant, an assurance provider should not participate in such a
venture with an assurance client. Appropriate safeguards are therefore to end
the assurance provision or to terminate the (other) business relationship.
If an individual member of an audit team has such an interest, they should be
removed from the audit team.
Generally speaking, purchasing goods and services from an assurance
client on an arm's length basis does not constitute a threat to
independence. However, such transactions might be of such a nature and
magnitude that they create a self-interest threat and safeguards may be
necessary (HKICPA Code of Ethics: para. 520.6 A1).

11
 Business Assurance

Self-test question 1
With 25 branches in the New Territories, Bank of New Territories ('BNT') is a top
tier retail bank in Hong Kong specialised in home loans. SMP & Co. ('SMP') has
been the external auditor of BNT for five years.
BNT operates a staff mortgage scheme offering all members of staff
concessionary mortgage rate deals. The staff rate is currently at one-month
HIBOR plus 0.5% while the market rate is plus 1.5%.
Before the upcoming Annual General Meeting, Charles Chow, BNT's Head of
Consumer Credit, suggests to Peter Chan, the SMP audit engagement partner,
that BNT would like to extend the concessionary staff mortgage scheme to all
SMP members of staff, in recognition of SMP's services. Charles and Peter have
been golf teammates in the Annual Golf Team Tournament organised by the
HKICPA for the last three years.
Required
Assess and explain the professional and ethical issues in each of the situations
above. State the possible safeguards to address the professional and ethical
issues.
(10 marks)
HKICPA December 2013
(The answer is at the end of the chapter)

2.3.4 Serving as a director or officer of an audit client

A partner or employee of an assurance firm should not serve as a director
or officer of an assurance client (HKICPA Code of Ethics: para. R523.3).
It may be acceptable for a partner or an employee of an assurance firm to
perform the role of company secretary for an assurance client, if:
 The role is essentially administrative, with no managerial decision making;
and
 This practice is specifically permitted under local law and professional
rules.
(HKICPA Code of Ethics: para. R523.4).
Although a partner or employee cannot serve on a client's board, it is possible
for them to attend board meetings. This is common practice, and moreover, may
be necessary if there are issues that need to be raised with management.

2.3.5 Compensation and evaluation policies

There is a self-interest threat when a member of the audit team is evaluated on
selling non-assurance services to the client. The significance of the threat
depends on:
 The proportion of the individual's compensation or performance evaluation
that is based on the sale of such services
 The role of the individual on the audit team
 Whether promotion decisions are influenced by the sale of such services
(HKICPA Code of Ethics: para. 411.3 A1)

12
 Business Assurance

The firm should either revise the compensation plan or evaluation process, or
put in place appropriate safeguards. Safeguards include:
 Revising the compensation plan or evaluation process for that individual;
 Reviewing their work by an appropriate reviewer; or
 Removing the member from the audit team.
(HKICPA Code of Ethics: para. 411.3 A2–3)
A key audit partner shall not be evaluated based on their success in selling
non-assurance services to their audit client (HKICPA Code of Ethics: para.
R411.4).

Key term
The key audit partner is the:
 Engagement partner
 Individual responsible for the engagement quality control review
 Other audit partners on the engagement team, if any, who make key
decisions or judgments on significant matters with respect to the
audit of the financial statements on which the firm will express an opinion.
Depending upon the circumstances and the role of the individuals on the
audit, 'other audit partners' may include, for example, audit partners
responsible for significant subsidiaries or divisions.
(HKICPA Code of Ethics: Glossary)

2.3.6 Gifts and hospitality

Unless the value of the gift/hospitality is trivial and inconsequential, a firm or a
member of an assurance team should not accept it (HKICPA Code of Ethics:
para. R420.3).

2.3.7 Overdue fees

In a situation where there are overdue fees, the auditor runs the risk of, in effect,
making a loan to a client, whereupon the guidance above becomes relevant. If
the previous year's fees remain unpaid when the current year's auditor's report is
to be signed, then safeguards should be applied such as having an appropriate
reviewer, who did not take part in the audit engagement, review the work
performed or obtaining partial payment of overdue fees (HKICPA Code of Ethics:
para. 410.7 A2).
Audit firms should guard against fees building up and being significant by
discussing the issues with those charged with governance, and, if necessary, the
possibility of resigning if overdue fees are not paid.

2.3.8 Contingent fees

Key term
Contingent fee: A fee calculated on a predetermined basis relating to the
outcome of a transaction or the result of the services performed. A fee that is
established by a court or other public authority is not a contingent fee. (HKICPA
Code of Ethics: para. 410.9 A1)

A firm shall not enter into a contingent fee arrangement in respect of an

audit. For any assurance engagements provided to audit clients, unless
immaterial or unconnected to the audit, a contingent fee would still carry a threat
so great that no safeguards could reduce it to an acceptable level (HKICPA
Code of Ethics: para. R410.10).
13
 Business Assurance

For non-assurance engagements (e.g. tax services), where the client is an

audit client, the significance of the threat depends on:
 The range of possible fee amounts
 Whether an appropriate authority determines the outcome of the matter on
which the contingent fee will be determined
 Disclosure of the work and the nature of the fees charged to intended
users
 The nature of the service
 The effect of the event or transaction on the subject matter information
(HKICPA Code of Ethics: para. 410.12 A2)
Possible safeguards include:

 Having an appropriate reviewer, who was not included in performing the

non-assurance service, review the work performed by the firm; or

 Obtaining advance written agreement with the client on the basis of

remuneration.
(HKICPA Code of Ethics: para. 410.12 A3)

2.3.9 Fees – relative size

When a firm receives a high proportion of its fee income from just one audit
client, there is a self-interest or intimidation threat, as the firm will be
concerned about losing the client. A high percentage fee income does not by
itself create an insurmountable threat. This depends on the following:
 The operating structure of the firm
 Whether the firm is well-established or new
 The significance of the client qualitatively and/or quantitatively to the firm
(HKICPA Code of Ethics: para. 410.3 A2)
Possible safeguards include reducing the dependence on the client (e.g. by
increasing the client base) (HKICPA Code of Ethics: para. 410.3 A3).
It is not just a matter of the audit firm actually being independent in terms of
fees, but also of it being seen to be independent by the public. It is as much
about public perception as reality.
The Code also states that a threat may be created where an individual partner or
office's percentage fees from one client is high. The safeguards include reducing
dependence on the client and, in addition, having an internal quality control
review (HKICPA Code of Ethics: para. 410.3 A4-A6).
For audit clients that are public interest entities, the Code states that where
total fees from the client (for the audit and any non-audit services) represent
more than 15% of the firm's total fees for two consecutive years, the firm
shall:
 Disclose this to those charged with governance of the audit client
 Conduct a review, either by an external professional accountant or by a
regulatory body. This review can be either before the audit opinion on the
second year's financial statements is issued (a 'pre-issuance review'), or
after it is issued (a 'post-issuance review').
If total fees significantly exceed 15%, then a post-issuance review may not be
sufficient, and a pre-issuance review will be required (HKICPA Code of Ethics:
para. R410.4–6).

14
 Business Assurance

2.3.10 Lowballing
When a firm quotes a significantly lower fee level for an assurance service than
would have been charged by the predecessor firm, there is a significant self-
interest threat. If the firm's tender is successful, the firm must apply safeguards
such as:
 Maintaining records such that the firm is able to demonstrate that
appropriate staff and time are spent on the engagement
 Complying with all applicable assurance standards, guidelines and quality
control procedures
This issue is discussed in more detail in Chapter 5.

2.3.11 Recruitment services

Providing recruitment services in relation to the senior management of an audit
client, particularly those able to affect the financial statements, might create a
self-interest, familiarity or intimidation threat (HKICPA Code of Ethics: para.
609.1).
Assurance providers must not make management decisions for the client. Their
involvement could be limited to:
 Professional qualifications of a number of applicants and providing advice
on their suitability for the position
 Interviewing candidates and advising on a candidate's competence for
financial accounting, administrative or control positions
(HKICPA Code of Ethics: para. 609.3 A2)
The client must make all management decisions with respect to hiring, selecting
candidates and determining employment terms (such as salary) (HKICPA Code
of Ethics: para. R609.4).
Prohibited recruitment services include:
 Searching for or seeking out candidates; or
 Checking references for prospective directors or senior management
(whose role relates to the financial statements)
(HKICPA Code of Ethics: para. R609.7)

Self-test question 2
Kwok & Co have been the auditors of Kowloon Bank for a number of years.
Kowloon Bank operates a staff scheme offering all members of staff low rate
mortgage deals. The staff rate is currently set at 3.5% below the bank prime
rate. The Head of Lending of Kowloon Bank tells the audit engagement partner
at Kwok & Co, with whom he has dealt for a number of years, that Kowloon Bank
would like to extend the staff scheme in respect of low rate mortgages to all
members of staff at Kwok & Co, as a token of their appreciation of Kwok & Co's
services.
The audit engagement partner for Kowloon Bank has just become aware of this
situation.
Required
Explain any professional and ethical issues in each of the above situations.
(11 marks)
HKICPA February 2006
(The answer is at the end of the chapter)

15
 Business Assurance

Section 2.4 The diagram at the start of the section is replaced with the following:
Page 115 General other
services
Temporary personnel Preparing accounting records
assignments and financial statements

Corporate
finance SELF-REVIEW THREAT Valuation services

Internal audit
Tax services
services

The text below the diagram, down to heading 2.4.1 on p116, is deleted and
replaced with the following:
Self-review threats arise when a professional accountant, or a firm of
professional accountants, have previously been involved in performing a service
which they are then called upon to review. This may include setting up financial
systems they are then asked to review, or preparing financial records or
valuations for the financial statements they are then asked to audit. The risk is
greater when the service was performed very recently. As market competition
has encouraged firms of professional accountants to expand the range of
services they may offer entities, so the risk of self-review has increased.
The HKICPA Code of Ethics gives firms guidance on the matters to consider
where a self-review threat exists in relation to the various circumstances
specified in the diagram at the start of this section. We now turn to discuss the
detail of the Code guidance in these areas.
All of the material within section 2.4 – i.e. from 2.4.1 down to the end of
2.4.10 – is replaced with the following.

2.4.1 Preparing accounting records and financial statements

There is clearly a significant risk of a self-review threat if a firm prepares
accounting records and financial statements and then audits them.
On the other hand, auditors routinely assist management with the preparation of
financial statements and give advice about accounting treatments and journal
entries.
Therefore, assurance firms must analyse the risks arising and put safeguards in
place to ensure that the risk is at an acceptable level. If this can be done, then
these services may be provided.
Examples of the kinds of 'routine or mechanical' services which may be
provided include:
 Preparing payroll calculations or reports for approval and payment by the
client
 Recording recurring transactions for which amounts are easily
determinable from source documents or originating data
 Calculating depreciation on fixed (non-current) assets (property, plant and
equipment) when the client determines the accounting policy and
estimates of useful life and residual values

16
 Business Assurance

 Posting transactions coded by the client to the general ledger or client-

approved entries to the trial balance
 Preparing the financial statements based on information in the client-
approved trial balance and preparing the related notes based on client-
approved records
(HKICPA Code of Ethics: para. 601.4 A1)
For audit clients that are not public interest entities, assurance firms are only
allowed to provide services of a routine or mechanical nature, and must
consider any threats arising from these services, applying safeguards such as
using staff members other than audit team members to carry out the work and
an independent review. (HKICPA Code of Ethics: para. R601.5, 601.5 A1)
The rules are more stringent when the client is listed/public interest. Firms
should not prepare accounts or financial statements for listed or public
interest clients. There is a minor exception to this: the auditor can provide
accounting and bookkeeping services to a division of a public interest entity,
provided that the matters that the services relate to are immaterial to both the
division and the overall entity, and the work is not carried out by audit team
members (HKICPA Code of Ethics: para. R601.6–7).

2.4.2 Valuation services

If an audit firm performs a valuation which will be included in financial statements
audited by the firm, a self-review threat arises.
Audit firms should not carry out valuations for public interest entities on
matters which will be material to the financial statements (HKICPA Code of
Ethics: para. R603.5).
If the client is not a public interest entity, then the firm cannot provide a valuation
service if the valuation would have a material effect on the financial statements
and it involves a significant degree of subjectivity (HKICPA Code of Ethics:
para. R603.4).
If the valuation is for an immaterial matter which is not subjective in nature, the
audit firm should apply safeguards to ensure that the risk is reduced to an
acceptable level. Safeguards include:
 Second partner review
 Using separate personnel for the valuation and for the audit
(HKICPA Code of Ethics: para. 603.3 A4)
Self-test question 3
You are the audit manager of a CPA firm, Yu & Yu. You are responsible for the
audit of the financial statements of a manufacturing and trading group, La'Monsa
Limited ('La'Monsa'), for the year ended 31 December 20X6. The group's
principal product is clothing. In the last financial year, La'Monsa set up a
subsidiary to manufacture footwear products. They acquired a brand and set up
a production line.
When planning the audit work for the year ended 31 December 20X6, you learnt
that the footwear business had not been successful and production had been
suspended.
In a meeting with Mr. Jun, the Chief Executive ('CE') of La'Monsa, you raised
your concerns regarding valuation of the brand and production facilities in the
footwear business. The CE believed that the brand was acquired last year and
was still quite popular, and the machinery and equipment were still workable. He
also advised you that a merger of La'Monsa with another footwear company was
under negotiation. As valuation services were provided by your firm, he

17
 Business Assurance

suggested your firm, Yu & Yu, prepare a valuation report on the brand and the
machinery and equipment. Mr. Jun also suggested your firm use the valuation
report in the audit of the financial statements for the year ended 31 December
20X6.
Required:
(a) Discuss the general independence consideration for Yu & Yu in accepting
non-assurance engagements by its existing audit client.
(b) Discuss the independence consideration in the specific circumstances of
La'Monsa's suggestion that Yu & Yu be appointed to provide valuation
services.
(Total = 15 marks)
HKICPA May 2007
(The answer is at the end of the chapter)

2.4.3 Taxation services

The Code divides taxation services into five categories.

Taxation services comprise a broad

range of services, including:

Tax return Tax calculations for Tax planning and Assistance in Tax services
preparation the purpose of other tax advisory the resolution involved in
preparing the services of tax disputes valuations
accounting entries

(a) Tax return preparation

(b) Tax calculations for the purpose of preparing the accounting entries
(c) Tax planning and other tax advisory services
(d) Tax services involved in valuations
(e) Assistance in the resolution of tax disputes
(HKICPA Code of Ethics: subsection 604)
Guidance in respect of each of these categories is:
(a) Tax return preparation does not generally threaten independence, as
long as management takes responsibility for the returns (HKICPA Code of
Ethics: para. 604.4 A1).
(b) Tax calculations for the purpose of preparing material accounting
entries may not be prepared for public interest entities. For non-public
interest entities, it is acceptable to do so, provided that safeguards such
as independent reviews and the use of separate teams are applied
(HKICPA Code of Ethics: paras. 604.5 A1–A3; 604.6).
(c) Tax planning may be acceptable in certain circumstances, e.g. where
the advice is clearly supported by tax authority or other precedent.
However, if the effectiveness of the tax advice depends on a particular
accounting treatment or presentation in the financial statements, the audit
team has reasonable doubt about the accounting treatment, and the
consequences of the tax advice would be material, then the service
should not be provided.
(HKICPA Code of Ethics: paras. 604.7 A1–A3; R604.8)

18
 Business Assurance

(d) Tax services involving valuations may be acceptable if the effect on the
financial statements is neither direct nor material, but can still provide
self-review threats that might not be managed by safeguards. Where
appropriate, such engagements can be carried out for all clients with
safeguards such as independent review, separate teams and obtaining
pre-clearance from the local tax authority.
(HKICPA Code of Ethics: paras. 604.9 A1–4)
(e) Assistance in the resolution of tax disputes may be provided,
depending on whether the firm itself provided the service which is the
subject of the dispute, and whether the effect is material to the financial
statements. Safeguards include using professionals who are not members
of the audit team to perform the service, and obtaining advice on the
service from an external tax professional.
(HKICPA Code of Ethics: paras. 604.10 A1–A4)

Self-test question 4
Situations
(a) The Chief Financial Officer ('CFO') of one of your audit clients offers you
two VIP tickets to the Lady Lolita Concert. Each ticket costs HK$8,000
and you will have the chance to shake hands and take photos with Lady
Lolita.
(b) The financial controller of another of your audit clients invites you and your
team to a dinner.
(c) The Chairman of a client company commits to offer your audit firm an
additional 40% bonus on top of the audit fee if his company is able to get
listed successfully.
(d) The tax team of your firm maintains a very close relationship with one of
your non-listed audit clients. They give advice to your non-listed audit
client on different tax issues from tax planning to tax compliance. They
also perform the review of the tax provision computation prepared by this
client to support the audit team's work requirement.
Required
Discuss any ethical and professional issues as an external auditor in each of the
above situations and suggest the possible safeguards, if any.
(10 marks)
HKICPA December 2014
(The answer is at the end of the chapter)

2.4.4 Internal audit services

A firm may provide internal audit services to an audit client. However, it should
ensure that the client acknowledges its responsibility for establishing,
maintaining and monitoring the system of internal controls. The key risk is of
assuming a management responsibility. The following services would involve
assuming a management responsibility, and must not be provided:
 Setting strategic policies for the internal audit function
 Directing and taking responsibility for employees' work
 Deciding how to implement recommendations
 Reporting the results of internal audit to the audit committee
19
 Business Assurance

 Performing internal controls

 Designing, implementing, monitoring, and maintaining internal controls
 Performing outsourced internal audit with some management
responsibility
(HKICPA Code of Ethics: para. 605.4 A2)
It may be appropriate to use safeguards, such as ensuring that an employee of
the client is designated as responsible for internal audit activities and that the
client approves all the work that internal audit does.
If the client is a public interest entity, then internal audit services must not be
provided if they relate to:
(a) A significant part of the internal controls over financial reporting;
(b) Financial accounting systems generating information which is significant
to the financial statements; or
(c) Amounts or disclosures which are material to the financial statements.
(HKICPA Code of Ethics: para. R605.5)

2.4.5 Corporate finance

Certain aspects of corporate finance will create self-review threats that cannot
be reduced to an acceptable level by safeguards. Therefore, assurance firms
are not allowed to promote, deal in or underwrite an assurance client's
shares (HKICPA Code of Ethics: para. R610.4).
Firms must also refrain from providing advice that interacts with the financial
statements – both when the advice depends on an accounting treatment, and
when the advice may have a material effect on the financial statements (HKICPA
Code of Ethics: para. R610.5).
Other corporate finance services, such as assisting a client in defining corporate
strategies, assisting in identifying possible sources of capital and providing
structuring advice, may be acceptable, providing that safeguards are put in
place, such as using different teams of staff and reviewing the work undertaken
to ensure no management decisions are taken on behalf of the client (HKICPA
Code of Ethics: paras. R610.3 A1–3).

2.4.6 Temporary personnel assignments

Personnel may be loaned to an audit client, but only for a short period of
time. Personnel must not assume management responsibilities, or
undertake any non-assurance work that is prohibited elsewhere in the Code
(HKICPA Code of Ethics: para. R525.4).
The audit client must be responsible for directing and supervising the activities of
the loaned personnel.
Possible safeguards include:
 Conducting an additional review of the work performed by the loaned
personnel;
 Not giving the loaned personnel audit responsibility for any function or
activity on the audit, that they performed during the temporary staff
assignment; or
 Not including the loaned personnel in the audit team.
(HKICPA Code of Ethics: para. 525.3 A1)

20
 Business Assurance

2.4.7 General other services

The audit firm might sell a variety of other services to audit clients, such as:
 IT systems services
 Litigation support services
 Legal services
The assurance firm should consider whether there are any threats to
independence, such as if the firm were asked to design internal control IT
systems, which it would then review as part of its audit. The firm should consider
whether the threat to independence could be reduced by appropriate
safeguards.
In each case, the firm should consider whether there are any barriers to
independence and whether these can be reduced by appropriate safeguards.
Among the scenarios which might fall into this category are where a firm is
asked to design internal control IT systems, which it would later review as part of
its audit, or a professional accountant from the firm was seconded to cover the
finance director's maternity leave. Before you read on, what would you consider
to be appropriate ethical behaviour in those two circumstances?
IT systems services
Providing systems services may create a self-review threat depending on the
nature of the services and the IT systems (HKICPA Code of Ethics: para. 606.1).
Providing certain services to an audit client that is not a public interest entity is
acceptable, and in some situations may create no threat at all. The following
factors are relevant in evaluating the level of a self-review threat:
 The nature of the service.
 The nature of IT systems and the extent to which they impact or interact
with the client's accounting records or financial statements.
 The degree of reliance that will be placed on the particular IT systems as
part of the audit. (HKICPA Code of Ethics: para. 606.4 A1)
An example of a safeguard here might be using a professional who was not an
audit team member to perform the service (HKICPA Code of Ethics: para. 606.4
A2).
In the case of an audit client that is a public interest entity, a firm shall not
provide services involving the design or implementation of IT systems that:
(a) Form a significant part of the internal control over financial reporting; or
(b) Generate information that is significant to the client's accounting records
or financial statements on which the firm will express an opinion.
(HKICPA Code of Ethics: para. R606.5)
Litigation support services
Providing legal services to an entity that is an audit client may create both
self-review and advocacy threats (HKICPA Code of Ethics: para. 607.1).
The level of the self-review and advocacy threats created here may depend on
factors such as:
 The legal and regulatory environment in which the service is provided e.g.,
whether an expert witness is chosen and appointed by a court.
 The nature and characteristics of the service.
 The extent to which the outcome of the litigation support service will have
a material effect on the financial statements.
(HKICPA Code of Ethics: para. 607.3 A2)
21
 Business Assurance

An example of a safeguard here might be using a professional who was not an

audit team member to perform the service (HKICPA Code of Ethics: para. 607.3
A3).

Legal services
Providing legal services to an audit client might create a self-review or advocacy
Threat (HKICPA Code of Ethics: para. 608.1).
The Code distinguishes three types of legal service.
 Acting in an Advisory Role
 Acting as General Counsel
 Acting in an Advocacy Role
Acting in an Advisory Role
This may be acceptable depending on the circumstances, e.g. the materiality of
the matter in relation to the financial statements (HKICPA Code of Ethics: paras.
608.4 A2). Safeguards may be applied here, such as using professionals who
are not audit team members to perform the service, or external review of the
service provided (HKICPA Code of Ethics: para. 608.4 A3).
Acting as General Counsel
This is prohibited (HKICPA Code of Ethics: para. 608.5).
Acting in an Advocacy Role
This is prohibited where it relates to a material issue (HKICPA Code of Ethics:
para. 608.6). Where the issue is not material, this is acceptable provided that
safeguards are applied to reduce the threat to an acceptable level.

2.4.8 Management responsibility

In general, firms cannot accept any management responsibilities for an
audit client (HKICPA Code of Ethics: para. R600.7) and must always actively
consider risk factors such as the nature of the engagement, the nature of the
client and the perception of a reasonable and informed third party in determining
the extent of any ethical threats. The Code also prohibits a firm from assuming
any management responsibility for an audit client as it creates self-interest,
self-review, advocacy and familiarity threats (HKICPA Code of Ethics: para.
600.7.A2).
Examples of activities that would be viewed as a management responsibility
include:
 Hiring or dismissing employees
 Setting policies or strategic direction
 Deciding which recommendations of the firm or other third parties to
implement
 Authorising transactions
(HKICPA Code of Ethics: para. 600.7 A3)
To avoid the risk of assuming a management responsibility, a firm shall be
satisfied that the client management makes all judgments and decisions that are
the responsibility of management. The firm must ensure there is a suitable
individual at the client responsible for making decisions. Providing advice and
recommendations to assist management in discharging its responsibilities is not
assuming a management responsibility (HKICPA Code of Ethics: para. R600.8).

22
 Business Assurance

Section 2.6 The whole of section 2.6 is deleted and replaced with the following:
Page 124
2.6 Familiarity threat
A familiarity threat arises where independence is jeopardised by the audit firm
and its staff becoming over familiar with the client and its staff. There is a
substantial risk of loss of professional scepticism in such circumstances.
We have already discussed some examples of when this risk arises, because
very often, a familiarity threat arises in conjunction with a self-interest threat.

Where there are family and personal

relationships between client/firm

Long association with Employment with

FAMILIARITY THREAT
assurance clients assurance client

Recent service with assurance client

2.6.1 Long association of personnel with an audit client

Having an audit client for a long period of time may create a familiarity threat
to independence. The severity of the threat depends on such factors as:
 The length of the relationship between the individual and the client
(especially if this extends over employment at more than one firm);
 How long the individual has been on the audit team and the nature of the
roles performed;
 The extent of any supervision and review of the individual by senior
personnel;
 The extent of the individual's influence over the outcome of the audit;
 The closeness of any personal relationship between the individual and
anyone in a responsible position at the client; and
 The nature, frequency and extent of interaction between the individual and
anyone in a responsible position at the client.
Other factors can be relevant here, such as the client's accounting and reporting
framework or its senior management personnel, including any recent changes.
(HKICPA Code of Ethics: para. 540.3 A3)
Possible safeguards include:
 Rotating the individual off the audit team or changing the nature of
their role or tasks;
 Having an appropriate reviewer who was not an audit team member
review the work of the individual; or
 Regular independent internal or external quality reviews of the
engagement.
(HKICPA Code of Ethics: para. 540.3 A6)
The rules for public interest entities are stricter. If an individual is a key audit
partner for seven years, they must be rotated off the audit and serve a 'cooling
off' period, dependent on the roles vacated: for engagement partners, this is
five consecutive years; for engagement quality control reviewers, three

23
 Business Assurance

years and for other key audit partners, this is two years (HKICPA Code of
Ethics: para. R540.11-13). During this time, they cannot be on the audit team,
and cannot consult with the audit team or the client on any issues that may affect
the engagement (including giving general industry advice) (HKICPA Code of
Ethics: para. R540.20).
The Codes do allow some flexibility here: if key partner continuity is particularly
beneficial to audit quality, and there is some unforeseen circumstance (such
as the intended engagement partner becoming seriously ill), then the key audit
partner can remain on the audit for an additional year, making eight years in
total (HKICPA Code of Ethics: para. R540.7).
If a client that was not a public interest entity becomes one, then the seven year
limit still applies, starting from the date when the key audit partner originally
became the key partner for that audit client (HKICPA Code of Ethics: para.
R540.8).
Finally, it is possible for an independent regulator to give permission for an audit
partner to remain a key audit partner indefinitely, provided alternative safeguards
are applied (e.g. external review) (HKICPA Code of Ethics: para. R540.9).

2.6.2 Recent service with an audit client

An individual may have recently worked for an audit client. If they worked for the
client during the period audited (both current and prior year) then they cannot
be on the audit team if they:
 Had served as a director or officer of the audit client; or
 Were an employee in a position to exert significant influence over the
accounting records (or financial statements).
(HKICPA Code of Ethics: para. R522.3).
If one of the above individuals did not work for the client during the period being
audited (i.e. they left the client before that), then a threat is created. The firm
should consider the threat and apply appropriate safeguards, e.g. obtaining a
quality control review of the individual's work on the audit (HKICPA Code of
Ethics: paras. 522.4 A1-3).

2.6.3 Employment with an audit client

It is possible that staff might transfer between an assurance firm and a client, or
that negotiations or interviews to facilitate such movement might take place.
Both situations are a threat to independence:
 An audit staff member might be motivated by a desire to impress a future
possible employer (objectivity is therefore affected – self-interest threat).
 A former partner turned finance director may have too much knowledge of
the audit firm's systems and procedures (familiarity threat).
In general, there may be self-interest, familiarity and intimidation threats
when a member of the audit team joins an audit client.
A 'significant connection' still remains between the audit firm and the former
employee/partner where:
 The individual is entitled to benefits from the audit firm (unless fixed and
predetermined, and not material to the firm)
 Any amount owed to the individual is material to the firm
 The individual continues to participate in the audit firm's business or
professional activities
(HKICPA Code of Ethics: para. R524.4)
24
 Business Assurance

Any familiarity or intimidation threat depends on the following:

 The position the individual has taken at the client
 Any involvement the individual will have with the audit team
 The length of time since the individual was a member of the audit team
or partner of the firm
 The former position of the individual within the audit team or firm; for
example, whether the individual was responsible for maintaining regular
contact with the client's management or those charged with governance
(HKICPA Code of Ethics: para. 524.4 A3)
Safeguards could include:
 Modifying the audit plan;
 Assigning individuals to the audit team who have sufficient
experience in relation to the individual who has joined the client; or
 Having an independent professional accountant review the work of the
former member of the audit team.
(HKICPA Code of Ethics: para. 524.4 A4)
Should an audit team member be pursuing employment with an audit client, they
need to inform the firm of this as soon as possible. Safeguards to address the
self-interest threat presented here are to remove the individual from the audit
team, and to review their work for any indication of bias
(HKICPA Code of Ethics: para. R524.5).
If the audit client is a public interest entity, then 'cooling off' periods are
required. The HKICPA Code of Ethics states that when a key audit partner
joins such a client, either as a director or as an employee with significant
influence on the financial statements, the client must have issued audited
financial statements covering at least 12 months before the employment can
begin. The partner in question must also not have been a member of the audit
team in relation to those audited financial statements (HKICPA Code of Ethics:
para. R524.6).
In the case of a senior or managing partner joining an audit client, 12
months must have passed (i.e. there is no requirement for audited financial
statements to have been issued)
(HKICPA Code of Ethics: para. R524.7).

2.6.4 Family and personal relationships

Key terms
Immediate family: A spouse (or equivalent) or dependent.
Close family: A parent, child or sibling who is not an immediate family member.
(HKICPA Code of Ethics: Glossary)

Family or close personal relationships between assurance firm staff and client
staff could seriously threaten independence. Each situation has to be evaluated
individually.
When an immediate family member of someone on the audit team is a
director, an officer, or an employee who is in a position to exert direct and
significant influence over the financial statements, or was in such position during
any period covered by the engagement or the financial statements then the
25
 Business Assurance

individual should be removed from the audit team (HKICPA Code of Ethics:
para. R521.5). Otherwise, safeguards should be applied, such as either removal
from the audit team or restructuring someone's role in the firm so they are not
dealing with matters under the family member's responsibility (HKICPA Code of
Ethics: paras. 521.4 A3–4).
If the person is only a 'close' family member (but not an 'immediate' family
member), then the threat is evaluated and the same safeguards can be applied
(HKICPA Code of Ethics: paras. 521.6 A3–4).
If the relationship is not a family relationship but is still close (e.g. friendship),
then the threat is evaluated and safeguards applied (HKICPA Code of Ethics:
para. R521.7).
A firm should have quality control policies and procedures under which staff
should disclose whether a close family member employed by the client is
promoted within the client. If a firm inadvertently violates the rules concerning
family and personal relationships, then they should apply additional safeguards,
such as: undertaking a quality control review of the audit, or discussing the
matter with the audit committee of the client, if there is one.

Section 2.7 The whole of section 2.7 is deleted and replaced with the following:
Page 125
2.7 Intimidation threat
An intimidation threat arises when members of the assurance team have reason
to be intimidated by client staff.

Close business relationships

Family and personal

Litigation INTIMIDATION THREAT relationships

Assurance staff members move to

Second opinions
employment with client

These are also examples of self-interest threats, largely because intimidation

may only arise significantly when the assurance firm has something to lose. Only
the threats arising from litigation and second opinions are covered in this
section, as the other threats have already been discussed, above.

2.7.1 Actual and threatened litigation

There may be an intimidation threat when the client threatens to sue, or indeed
sues, the audit firm for work that has been done previously. The firm is then
faced with the risk of losing the client, bad publicity and the possibility that they
will be found to have been negligent, which will lead to further problems. This
could lead to the firm being under pressure to produce an unmodified auditor's
report when they have been modified in the past, for example.
Generally, audit firms should seek to avoid such situations arising. If they do
arise, factors to consider are:
 The materiality of the litigation
 Whether the litigation relates to a prior audit engagement
(HKICPA Code of Ethics: para. 430.3 A2)

26
 Business Assurance

The following safeguards could be considered:

 Removing the individual from the audit team
 Having a professional review the work performed
(HKICPA Code of Ethics: paras. 430.3 A3–4)

2.7.2 Second opinions

Another way that auditors can suffer an intimidation threat is when the audit
client is unhappy with a proposed audit opinion, and seeks a second opinion
from a different firm of auditors.
In such a circumstance, the second audit firm will not be able to give a formal
audit opinion on the financial statements – only an appointed auditor can do
that. However, the problem is that if a different firm of auditors indicates to
someone else's audit client that a different audit opinion might be acceptable, the
appointed auditor may feel under pressure to change the audit opinion. In effect,
a self-interest threat arises, as the existing auditor may feel that they will lose
next year's audit if they do not change this year's opinion.
There is nothing to stop a company director talking to a second firm of auditors
about treatments of matters in the financial statements. However, the firm being
asked for a second opinion should be very careful, because it is possible that
the opinion they form could be incorrect anyway, if the director has not given
them all the relevant information. For that reason, firms giving a second opinion
should ensure that they seek permission to communicate with the existing
auditor and they are appraised of all the facts (HKICPA Code of Ethics: para.
321.3 A3). If permission is not given, the second auditors should consider
whether they can reasonably act in such circumstances (HKICPA Code of
Ethics: para. R321.4).
Given that second opinions can cause independence issues for the existing
auditors, audit firms should generally take great care if asked to provide one
anyway. Increasingly, new accounting standards do not give a choice of
accounting treatments, meaning that second opinions might be less sought after.

Section 2.8 The whole of section 2.8 is deleted and replaced with the following:
Page 126
2.8 Other assurance engagements
2.8.1 Independence – Other assurance engagements
Part 4B of the HKICPA Code of ethics addresses independence requirements
for assurance engagements that are not audit or review engagements. The basic
principles are the same as those set out in Part 4A, on audit engagements.
However, the following additional points should be noted.

2.8.2 Employment with an audit client

The basic principles are the same as those set out in in Part 4A although Part 4B
does not include specific 'cooling off' provisions.

2.8.3 Contingent fees

The basic principle is the same as that described in Part 4A, i.e. a contingent fee
should not be charged in respect of an assurance engagement. In addition, a
contingent fee should not be charged in respect of a non-assurance service
provided to an assurance client if the outcome of the non-assurance service
(and therefore the amount of the fee) is dependent on a judgment related to the
subject matter of the assurance engagement. For other contingent fee
arrangements charged by a firm for a non-assurance service to an assurance
client the significance of any threat will have to be evaluated and safeguards
applied.

27
 Business Assurance

2.8.4 Multiple responsible parties

In some assurance engagements, whether assertion-based or direct
reporting, there might be several responsible parties. In determining whether it
is necessary to apply the provisions in this section to each responsible party in
such engagements, the firm may take into account whether an interest or
relationship between the firm, or a member of the assurance team, and a
particular responsible party would create a threat to independence that is not
trivial and inconsequential in the context of the subject matter information.

Section 3 The whole of section 3 is deleted and replaced with the following:
Page 129
3 Specific guidance: Responding to
Non-Compliance with Laws and
Regulations

Topic highlights
Professional accountants in public practice or in business may encounter
non-compliance or suspected non-compliance with laws and regulations during
the course of their work. Guidance on an appropriate response was finalised in
the February 2018 revision of the HKICPA Code of Ethics.

Key term
Non-compliance with laws and regulations (non-compliance) comprises acts
of omission or commission, intentional or unintentional which are contrary to the
prevailing laws or regulations.
(HKICPA Code of Ethics: Glossary)

Examples of laws and regulations where non-compliance could occur include,

but are not limited to, fraud, money laundering, terrorist financing, data
protection, environmental laws, tax laws and public health and safety.
Laws and regulations can have a direct impact on amounts and disclosures in
the financial statements, for example where non-compliance with a law or
regulation will result in a fine. Alternatively, laws and regulations may not
directly affect the amounts or disclosures in the financial statements, but
non-compliance with them could result in the business no longer being able to
operate, for example removal of a trading licence where health and safety laws
are breached.

3.1 Professional accountants in public practice

Management is responsible for ensuring that the business complies with laws
and regulations, and to address any non-compliance (HKICPA Code of Ethics:
para. 360.8 A1).
If the auditor discovers non-compliance, they first obtain an understanding of
the matter (HKICPA Code of Ethics: para. R360.10). The issue should be
discussed with management/those charged with governance (TCWG)
(HKICPA Code of Ethics: para. R360.11).
The accountant should advise management/TCWG to:
 Rectify the situation
 Deter further non-compliance

28
 Business Assurance

 Disclose the non-compliance to the appropriate authority

(HKICPA Code of Ethics: para. R360.13)
Then the accountant must assess whether management's response is
appropriate, taking into account whether:

 The response is timely

 The non-compliance has already been investigated
 Action has been taken to remedy it
 Action has been taken to deter it
 Steps have been taken to prevent re-occurrence
 The non-compliance has been disclosed
(HKICPA Code of Ethics: para. 360.19 A1)
The accountant then decides whether further action is needed in the public
interest. This essentially depends on the urgency and seriousness of the matter,
and how likely it is to re-occur. The accountant should also consider whether this
affects their assessment of management's integrity (HKICPA Code of Ethics:
para. R360.20).
Further action might include:
 Disclosing the matter to the relevant authorities
 Withdrawing from the engagement
(HKICPA Code of Ethics: para. R360.21 A1)
Disclosure would be made if the matter is serious; examples include: if the entity
is engaged in bribery; if this would threaten any licences to operate; or if
products sold by the entity could be harmful to the public (HKICPA Code of
Ethics: para. 360.25 A2).
The auditor must also keep documentation of this process.

3.2 Professional accountants in business

Senior professional accountants in business (senior professional
accountants) are directors, officers or senior employees able to exert significant
influence over, and make decisions regarding, the acquisition, deployment and
control of the employing organisation's human, financial, technological, physical
and intangible resources. If a senior professional accountant becomes aware
of information concerning an instance of non-compliance or suspected
non-compliance, the professional accountant shall obtain an understanding
of the matter, including:
(a) The nature of the act and the circumstances in which it has occurred or
may occur;
(b) The application of the relevant laws and regulations to the circumstances;
and
(c) The potential consequences to the employing organisation, investors,
creditors, employees or the wider public.
(HKICPA Code of Ethics: para. R260.12)
If a senior professional accountant identifies or suspects non-compliance, it must
be discussed with their immediate superior to determine how it should be
addressed, unless the their immediate superior appears to be involved in the
non-compliance. In this situation, the actual or suspected non-compliance must
be discussed with the next higher level of authority within the employing
organisation. The senior professional accountant shall also take appropriate
steps to:
(a) Have the matter communicated to those charged with governance;

29
 Business Assurance

(b) Comply with applicable laws and regulations, including legal or regulatory
provisions governing the reporting of non-compliance or suspected
non-compliance to an appropriate authority;
(c) Have the consequences of the non-compliance or suspected non-
compliance rectified, remediated or mitigated;
(d) Reduce the risk of re-occurrence; and
(e) Seek to deter the commission of the non-compliance if it has not yet
occurred.
(HKICPA Code of Ethics: para. R260.14)
The senior professional accountant must also determine if disclosure of the
matter to the employing organisation's external auditor is needed.
The senior professional accountant shall assess the appropriateness of the
response of the professional accountant's superiors, if any, and those charged
with governance. In the light of this response, the professional accountant shall
determine if further action is needed in the public interest. Further action by
the professional accountant may include:
 Informing the management of the parent entity of the matter if the
employing organisation is a member of a group.
 Disclosing the matter to an appropriate authority even when there is no
legal or regulatory requirement to do so.
 Resigning from the employing organisation.
(HKICPA Code of Ethics: para. 260.18 A1)
The senior professional accountant may consider consulting internally, obtaining
legal advice to understand the professional accountant's options and the
professional or legal implications of taking any particular course of action, or
consulting on a confidential basis with a regulator or professional body (HKICPA
Code of Ethics: para. 260.19 A1).
The determination of whether to make a disclosure to an appropriate
authority depends on the nature and extent of the actual or potential harm that
is or may be caused by the matter to investors, creditors, employees or the
general public. If the senior professional accountant determines that disclosure
of the matter to an appropriate authority is an appropriate course of action in the
circumstances, this will not be considered a breach of the duty of confidentiality
under Section 140 of the Code (HKICPA Code of Ethics: paras. R114.1; 260.20
A1–A3; R260.21).

Professional accountants in business who are not senior accountants are

expected to obtain an understanding of any actual or suspected non-compliance
and inform an immediate superior to enable that superior to take appropriate
action. If the immediate superior is suspected to be involved in the
non-compliance they must instead inform the next higher level of authority in
the employing organisation (HKICPA Code of Ethics: paras. R260.24–26).

Section 5.1 The reference before the second set of bullet points is updated to refer to
the latest Code of Ethics, replacing the sentence there with:
Page 134
Examples of situations in which conflicts of interest may arise include the
following (HKICPA Code of Ethics: para. 310.4 A1):
The material at the very end of this section is updated to refer to the latest
Code of Ethics, replacing the sentence there with:
More comprehensive guidance is also provided for the professional accountant
in business (HKICPA Code of Ethics: s.210).

30
 Business Assurance

Section 5.2 The references (in the left column) to the HKICPA Code of Ethics are
updated to refer to the latest version as follows.
Page 136
431.14 becomes 700.14
431.10 becomes 700.10
431.13 becomes 700.13
431.21 becomes 700.21
431.43 becomes 700.43
Section 7 The reference in the first sentence of this section is deleted and replaced
with the following:
Page 137
Part 2 (within Chapter A) of the Code applies to professional accountants in
business.
Section 8 The following new material for section 8 is inserted as follows:
Page 142
8 Specific guidance: Anti-money
laundering and counter-terrorist
financing for professional accountants

Topic highlights
The HKICPA Code of Ethics (Revised 2018) gives guidance on anti-money
laundering for professional accountants.

The Anti-Money Laundering and Counter-Terrorist Financing (Financial

Institutions) (Amendment) Ordinance 2018 extended the scope of the
Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions)
Ordinance to cover accountants (its name become the Anti-Money Laundering
and Counter-Terrorist Financing Ordinance).
In response to this, the HKICPA introduced a new Chapter into its Code of ethics
(Revised 2018): Chapter F – Guidelines on Anti-Money Laundering and Counter-
Terrorist Financing for Professional Accountants. This encompasses sections 600
to 670 of the Code of Ethics.
The Guidelines apply primarily to practices and members working in practices.
The Guidelines do not carry the force of legal requirements, but they would be
admissible as evidence in any court proceedings under the Anti-Money
Laundering and Counter-Terrorist Financing Ordinance.

The AML/CTF CDD, RK and Suspicious Staff hiring

Guidelines policies, ongoing transaction and
apply to procedures monitoring reporting and training
practices and controls (sections 620, financial sanctions (section
(section 610 630, 660 of the (sections 640, 650 670 of the
of the Code) Code) of the Code) Code)
When providing Mandatory Mandatory Mandatory Mandatory
specified
services (see
below)
When Good practice Good practice Mandatory Good
providing other practice
services

31
 Business Assurance

For practices providing the services specified, the Guidelines are mandatory.
These services include the following (the full list is given in the Code of Ethics:
Chapter F, paras. 600.2.1–2):
 When practices, by way of business, prepare for or carry out for a client a
transaction concerning: buying and selling of real estate; managing of
client money, securities or other assets; or management of bank, savings
or securities accounts.
 When practices provide trust or company services and, by way of
business, prepare for or carry out for a client a transaction concerning:
forming corporations or other legal persons; and acting as, or arranging
for another person to act as, a director or secretary of a company, a
partner of a partnership, or a similar position in relation to other legal
persons.

8.1 The nature of money laundering

The Guidelines quote the following definitions, given in the Anti-Money
Laundering and Counter-Terrorist Financing Ordinance.

Key terms
Money laundering is an act intended to have the effect of making any property:
(a) that is the proceeds obtained from the commission of an indictable offence
under the laws of Hong Kong, or of any conduct which if it had occurred
in Hong Kong would constitute an indictable offence under the laws of
Hong Kong; or
(b) that in whole or in part, directly or indirectly, represents such proceeds,
not to appear to be or so represent such proceeds.
Terrorist financing is:
(a) the provision or collection, by any means, directly or indirectly, of any
property:
(i) with the intention that the property will be used; or
(ii) knowing that the property will be used, in whole or in part, to
commit one or more terrorist acts (whether or not the property is
actually so used); or
(b) the making available of any property or financial (or related) services, by
any means, directly or indirectly, to or for the benefit of a person knowing
that, or being reckless as to whether, the person is a terrorist or terrorist
associate; or
(c) the collection of property or solicitation of financial (or related) services, by
any means, directly or indirectly, for the benefit of a person knowing that,
or being reckless as to whether, the person is a terrorist or terrorist
associate.
(HKICPA, Code of Ethics: Chapter F, paras. 600.3.1–2)
A beneficial owner is an individual (or individuals) who ultimately owns or
controls the client, or on whose behalf a service is being provided. A beneficial
owner in relation to a corporation is an individual who owns or controls, directly
or indirectly, more than 25% of the issued share capital or voting rights, or who
exercises ultimate control over the management, of the corporation.
(HKICPA, Code of Ethics: Chapter F, paras. 620.2.6.1)

32
 Business Assurance

8.2 AML/CFT policies, procedures and controls

The Guidelines make use of the following acronyms; you may benefit from
familiarising yourselves with them.
AML – Anti-Money Laundering
CDD – Customer Due Diligence
CFT – Counter-Financing of Terrorism
CO – Compliance Officer
ML – Money Laundering
MLRO – Money Laundering Reporting Officer
PEP – Politically Exposed Person
RBA – Risk-Based Approach
STR – Suspicious Transaction Report
TF – Terrorist Financing
Practices must have internal policies, procedures and other controls in place to
address ML/TF concerns, and to comply with the existing legal requirements on
AML/CFT.
Practices should communicate these policies and procedures clearly to
employees.

8.2.1 Adopting a risk-based approach (Section 610)

No system can be expected to detect and prevent all ML/TF activities, so the
Guidelines advocate a risk-based approach. Controls must be put in place,
taking into account factors such as the following (HKICPA, Code of Ethics:
Chapter F, paras. 610.2.1–2):
 Types of client involved and their geographical locations
 Services/products offered
 Mode of delivery of the service/product
 Size of the practice
An effective RBA involves identifying and categorising ML/TF overall risks at the
client level and establishing reasonable measures based on risks identified
(HKICPA, Code of Ethics: Chapter F, para. 610.2.3). This will enable practices to
subject clients to proportionate controls and oversight by determining:
(a) the extent of CDD to be performed on the client; the extent of the
measures to be undertaken to verify the identity of any beneficial owner
and any person purporting to act on behalf of the client (see Section 620);
(b) the level of ongoing monitoring to be applied to the relationship (see
Section 630); and
(c) measures to mitigate any risks identified.
(HKICPA, Code of Ethics: Chapter F, para. 610.2.5)
Practices may therefore have to adjust their risk assessment of a particular client
from time to time, based upon information obtained, and also review the extent
and frequency of the CDD and ongoing monitoring to be applied to the client
(HKICPA, Code of Ethics: Chapter F, para. 610.2.7).

33
 Business Assurance

Management oversight
The senior management is responsible for managing compliance in relation to
AML/CFT.
They must appoint a partner, director or equivalent as a CO. They must also
appoint an MLRO, who may be the same person as the CO (HKICPA, Code of
Ethics: Chapter F, para. 610.3.1).
The CO would generally act as the focal point within a practice for the oversight
of all activities relating to the prevention and detection of ML/TF. Broadly
speaking, the CO is a higher-level role, providing support and guidance to senior
management; the MLRO deals with the actual identification and reporting of
suspicious transactions.
The CO's role includes:
 Reviewing the practice's AML/CFT systems
 Oversight of the practice's AML/CFT controls
(HKICPA, Code of Ethics: Chapter F, para. 610.3.3)
The MLRO's role includes:
 Reviewing internal disclosures and exception reports and, in light of
available relevant information, determining whether or not it is necessary
to make an STR to the Joint Financial Intelligence Unit (JFIU)
 Maintaining records related to such internal reviews
 Providing guidance on how to avoid 'tipping off'
 Acting as the main point of contact with the JFIU, law enforcement and
other authorities
(HKICPA, Code of Ethics: Chapter F, para. 610.3.5)
Where practicable, practices should establish an independent compliance
function, which reviews the implementation of the AML/CFT controls (HKICPA,
Code of Ethics: Chapter F, para. 610.3.6–7).
Practices should establish, maintain and operate appropriate procedures in
order to be satisfied of the integrity of any new employees (HKICPA, Code of
Ethics: Chapter F, para. 610.3.8).

8.2.2 Customer Due Diligence (CDD) (Section 620)

Customer Due Diligence (CDD) is intended to enable practices to know (with
reasonable assurance) the true identity of each client, the type of business and
transactions the client is likely to be undertaking, and the source and intended
use of funds (HKICPA, Code of Ethics: Chapter F, para. 620.2.1–2).
The accent in the Guidelines is not on the impossibility of totally eliminating the
risk of a client not being who they appear to be, but on the necessity of adopting
reasonable measures – CDD procedures – to reduce this risk and find out who
the client is.
Enhanced CDD (EDD) must be applied to high-risk individuals, but Simplified
CDD (SDD) may be applied to particularly low-risk individuals.
Practices must perform the CDD measures set out in these Guidelines in respect
of pre-existing clients (HKICPA, Code of Ethics: Chapter F, para. 620.2.3).

34
 Business Assurance

The Guidelines stipulate that practices must perform the following CDD measures:
(a) identify the client and verify the client's identity (using documents, data or
information provided by a government body or other reliable, independent
source);
(b) identify the beneficial owner (where there is one) and take reasonable
steps to verify their identity (Legal and ownership structures may be
complex and practices should seek to understand them.);
(c) understand and, as appropriate, obtain information on the purpose and
intended nature of the business relationship (if any) to be established with
the practice, unless the purpose and intended nature are obvious; and
(d) if a person purports to act on behalf of the client:
(i) identify the person and take reasonable measures to verify their
identity; and
(ii) verify the person's authority to act on behalf of the client.
Practices must adopt enhanced CDD in relation to high-risk clients (including
foreign PEPs), and may adopt simplified due diligence measures in certain
specified circumstances.
(HKICPA, Code of Ethics: Chapter F, para. 620.1)
The Guidelines distinguish three risk factors in relation to CDD: client risk,
country/geographic risk, and service risk.
Factors that may indicate a higher level of client risk include:
(a) Indications that the client is attempting to obscure understanding of its
business, ownership or the nature of its transactions
(b) Indications of certain transactions, structures, geographical locations,
international activities, or other factors, that are not in keeping with the
practice's understanding of the client's business or economic situation
(c) Client industries, sectors or categories where opportunities for ML/TF are
particularly prevalent
(HKICPA, Code of Ethics: Chapter F, para. 620.4.3–4)
Not all clients falling into such risk categories are necessarily high-risk clients –
the practice must apply judgment in making this determination (HKICPA, Code
of Ethics: Chapter F, para. 620.4.5).
Factors indicating higher geographic risk include clients being located in or
sending funds to a country that is subject to sanctions, or identified by the FATF
as lacking an appropriate AML/CFT regime, or identified by credible sources as
having a significant level of corruption or providing support to terrorists or
terrorist activities (HKICPA, Code of Ethics: Chapter F, para. 620.4.6).
The Guidelines contain an extensive Appendix B which gives further examples
of risk factors.
Practices should identify all beneficial owners of a client (HKICPA, Code of Ethics:
Chapter F, para. 620.6.4).
Where an individual purports to act on behalf of the client, practices should also
obtain written authority that they are authorised to do so (HKICPA, Code of
Ethics: Chapter F, para. 620.7.3).

35
 Business Assurance

Unless the purpose and intended nature are obvious, practices must obtain
information from all new clients to satisfy themselves as to the intended purpose
and reason for establishing the relationship, and document the information
(HKICPA, Code of Ethics: Chapter F, para. 620.9.1).
Generally, the CDD process must be completed before establishing any client
relationship (HKICPA, Code of Ethics: Chapter F, para. 620.10.1). Once the
identity of a client has been satisfactorily verified, there is no obligation to
reverify identity, but steps should be taken from time to time to ensure that the
client information obtained for the purposes of CDD is up to date and relevant
(HKICPA, Code of Ethics: Chapter F, para. 620.10.7).
Simplified Due Diligence (SDD)
Where Simplified Due Diligence (SDD) is adopted, the simplified measures
should be commensurate with the lower risk factors. For example, the beneficial
owner may be identified after the client relationship has been established
(HKICPA, Code of Ethics: Chapter F, para. 620.11.1).
SDD measures may be adopted where (for example):
(a) Reliable information on the client is publicly available
(b) The practice is familiar with the client's AML/CFT controls due to previous
dealings with the client
(c) The client is a listed company that is subject to regulatory disclosure
requirements
(HKICPA, Code of Ethics: Chapter F, para. 620.11.4)
Enhanced Due Diligence (EDD)
Enhanced Due Diligence (EDD) must include:
(a) obtaining the approval of the senior management to commence or
continue the relationship; and
(b) taking reasonable measures to establish the relevant client's or beneficial
owner's source of wealth, or other additional mitigation measures, e.g.:
(i) obtaining additional information on the intended nature of the
business relationship (e.g. anticipated account activity);
(ii) obtaining additional information on the client and updating the client
profile more regularly; and
(iii) conducting enhanced monitoring of the business relationship, by
increasing the number and timing of the controls applied and
selecting patterns of transactions that need further examination.
(HKICPA, Code of Ethics: Chapter F, para. 620.12.1)
Providing services to PEPs may be risky as these individuals are considered
vulnerable to corruption. Practices should seek to determine whether a beneficial
owner is a PEP.
Foreign PEPs are considered riskier than domestic PEPs (HKICPA, Code of
Ethics: Chapter F, para. 620.12.6–7). EDD may help to reduce this risk.
Specific risk factors with a PEP include:
(a) concerns about the PEP's country of origin;
(b) unexplained sources of wealth or income;
(c) receipts of large sums from governmental bodies;
(d) commission earned on government contracts;
(e) requests for any form of secrecy with a transaction; and
(f) use of government accounts as the source of funds in a transaction.
(HKICPA, Code of Ethics: Chapter F, para. 620.12.13)

36
 Business Assurance

In contrast to foreign PEPs, domestic PEPs are not automatically high risk;
however, if they do turn out to be high-risk then EDD should be applied
(HKICPA, Code of Ethics: Chapter F, para. 620.12.17).
CDD performed by intermediaries
It is acceptable for a practice to rely on CDD performed by an intermediary, but
the practice themselves will be considered ultimately responsible for it (HKICPA,
Code of Ethics: Chapter F, para. 620.13.1).
Practices may only rely on overseas intermediaries in certain circumstances,
e.g. if the intermediary falls into specified categories of professions (e.g. lawyer,
auditor) (HKICPA, Code of Ethics: Chapter F, para. 620.13.8).

8.2.3 Ongoing monitoring (Section 630)

Practices are required to monitor their business relationships with clients. They
do this by:
(a) reviewing (from time to time) documents, data and information to ensure
that they are up to date and relevant;
(b) paying attention to transactions carried out for the client to ensure that
they are consistent with the practice's knowledge of the client; and
(c) identifying complex, large or unusual transactions (which have no
apparent purpose), examining the background and purposes of those
transactions and recording their findings.
(HKICPA, Code of Ethics: Chapter F, para. 630.1.1)
The extent of monitoring should be linked to the risk profile of the client
(HKICPA, Code of Ethics: Chapter F, para. 630.2.1).

8.2.4 Making suspicious transaction reports (Section 640)

Where there are indications of possible money laundering, an STR must be
made. The STR is made to an authorised officer (the JFIU), and must be made
as soon as is reasonably practical (although this may be either before or after
the suspicious transaction takes place). Practices must put in place a system
of internal controls to prevent 'tipping off' (HKICPA, Code of Ethics: Chapter F,
paras. 640.1.1–2.1).
The obligation to make an STR overrides any duty of confidentiality (HKICPA,
Code of Ethics: Chapter F, para. 640.3.20).
It is an imprisonable offence for a person (the MLRO) to fail to make an STR
once they have knowledge or a suspicion of ML taking place.
Once an employee has reported to the MLRO, then their obligation ends
(HKICPA, Code of Ethics: Chapter F, paras. 640.2.3–4). The key is for the
employee to have enough knowledge of the client's business – from CDD and
from monitoring – for them to recognise when a transaction is suspicious. They
do not need to know what the criminal activity itself was (HKICPA, Code of
Ethics: Chapter F, paras. 640.2.7, 9).
There is an offence of 'tipping off' the client, and practices should take care that
their line of enquiry with the client is such that tipping off cannot be construed to
have taken place (HKICPA, Code of Ethics: Chapter F, paras. 640.1.1–2).
Tipping off carries a maximum of three months' imprisonment, with a fine of up to
$500,000 (HKICPA, Code of Ethics: Chapter F, para. 640.2.16).
One protection for employees is that a person cannot be found guilty of tipping
off if they did not know or suspect that ML was taking place (or that law
enforcement was conducting an investigation) (HKICPA, Code of Ethics:
Chapter F, para. 640.2.19).

37
 Business Assurance

Internal reporting
Staff must be aware of the identity of the MLRO, and would usually make their
internal reports directly to the MLRO (although it is possible to consult with
managers or supervisors before doing so) (HKICPA, Code of Ethics: Chapter F,
paras. 640.3.7–8).
Reports to the MLRO should be documented, and the MLRO must acknowledge
receipt and provide a reminder about avoiding tipping off (HKICPA, Code of
Ethics: Chapter F, paras. 640.3.9–10).
The MLRO then evaluates the internal report, considering all relevant
information (including the CDD). If the MLRO concludes that there are grounds
for suspicion, they report to the JFIU; if there are no such grounds then no
report is made. Not making a report is an acceptable outcome, but the MLRO
would need to keep proper records of their deliberations (HKICPA, Code of
Ethics: Chapter F, para. 640.3.14).

8.2.5 Financial sanctions and terrorist financing (Section 650)

Practices must also be alert to the existence of targeted financial sanctions
(and the financing of terrorism/proliferation of weapons of mass destruction).
These sanctions may be made by the United Nations and then implemented in
Hong Kong.
It is an offence to make funds or financial assets available to individuals or
entities who are the subject of sanctions. Offenders are subject to a maximum
sentence of seven years' imprisonment and a fine for an unlimited amount
(HKICPA, Code of Ethics: Chapter F, para. 650.1.3).

The Institute may inform members of the targets of these sanctions using the
Government Gazette. Practices then conduct name checks of their clients and
their beneficial owners against the latest lists of the designated individuals and
entities (HKICPA, Code of Ethics: Chapter F, paras. 650.1.4–5).
Regarding terrorist financing (TF), the Secretary for Security of the Hong Kong
Special Administrative Region (SAR) may freeze suspected terrorist property.
Practices should not make property or financial services available to
persons/entities affected by such a freeze, and should not collect property on
their behalf (HKICPA, Code of Ethics: Chapter F, para. 650.1.11).

8.2.6 Record-keeping (Section 660)

The general documentation systems used by the practice may be sufficient to
meet the requirements of the Guidelines (HKICPA, Code of Ethics: Chapter F,
para. 660.2.3).
Practices must prepare, maintain and retain records of their relationships and
transactions with clients. These must be sufficient to ensure that:
(a) any client/beneficial owner can be properly identified;
(b) the audit trail for particular transactions is clear and complete;
(c) the original or suitable copies of all relevant records are available on a
timely basis; and
(d) practices are able to show evidence of compliance with any relevant
requirements specified in other sections of these Guidelines.
(HKICPA, Code of Ethics: Chapter F, para. 660.1).
Records must be retained for at least five years after the end of the business
relationship or transaction (HKICPA, Code of Ethics: Chapter F, para. 660.2.2).

38
 Business Assurance

8.2.7 Staff hiring and training (Section 670)

Practices' AML/CTF policies, procedures and controls must cover employee
hiring and training (HKICPA, Code of Ethics: Chapter F, para. 670.1).
Staff training is an important element of an effective system to prevent and
detect ML/TF activities (HKICPA, Code of Ethics: Chapter F, para. 670.1.2).
Practices must provide appropriate AML/CFT training to their staff (HKICPA,
Code of Ethics: Chapter F, para. 670.1.3).
MLROs may require more specific training on their responsibilities for assessing
reports submitted to them, for making STRs, and to keep abreast of AML/CFT
developments generally (HKICPA, Code of Ethics: Chapter F, para. 670.1.8).
Practices must maintain records of staff training, and should monitor its
effectiveness (HKICPA, Code of Ethics: Chapter F, paras. 670.1.10–11).

Finally, the current section 8 is renumbered so that it becomes section 9.

The headings become the following.
9 Other issues
9.1 Client acceptance
9.2 Engagement acceptance
9.3 Changes in professional appointment
9.4 Marketing professional services
9.5 Custody of entity's assets
9.6 Integrity, objectivity and independence in insolvency

Answers to Within answer 2, the letter (a) is removed.

self-test
questions
Page 145
Answers to Within answer 2, part (b) is deleted.
self-test
questions
Page 146
Answers to Within answer 3, the reference is updated to refer to the latest HKICPA
self-test Code of Ethics. The first sentence is replaced with:
questions Part 4A of the Code of Ethics provides specific guidance on independence
Page 147 requirements for audit and review engagements.

Chapter 5 Framework for assurance engagements

Section 1 The reference to HKSA 250 is updated to:

Page 157 HKSA 250 (Revised)
Section 1 The reference to HKSA 540 is amended to the following, in order to add
'(Revised)' and to update the name of the Standard:
Page 158
HKSA 540 (Revised) Auditing Accounting Estimates and Related Disclosures

Section 1 The name of HKSIR 500 is updated to:

Page 159 HKSIR 500 (Revised) Reporting on Profit Forecasts, Statements of Sufficiency
of Working Capital and Statements of Indebtedness

39
 Business Assurance

Chapter 7 Changes in auditor appointment

Section 2.5 The reference to the HKICPA Code of Ethics is updated to:
Page 204 Section 200 of the Code of Ethics (Revised) – Changes in a professional
appointment

Then the term 'existing auditor' is substituted for 'last appointed auditor',
so that this section reads as follows:
With the permission of the prospective client, the proposed nominee should write
to the existing auditor and ask if there are any unusual circumstances of which
the proposed nominee should be aware before accepting the nomination. The
proposed nominee should not accept the engagement if the prospective client
fails to deal with the change of auditor in accordance with Hong Kong
Companies Ordinance or fails to give permission for communication with the
existing auditor.
The existing auditor should advise the proposed nominee immediately if there is
any professional or other reason of which the proposed nominee should be
aware and in addition, the circumstances surrounding the proposed change and
disclose fully all information needed by the proposed nominee to enable him to
make a decision in respect of accepting the nomination.
If the existing auditors have suspicions of unlawful acts by directors which have
not yet been proved, they should inform the nominee auditor of any matters that
ought to be investigated.
If the replacement of the existing auditor is prompted by disagreement over
matters such as the truth and fairness of the entity's financial statements or the
selection of accounting policies or methods used in auditing, the proposed
nominee should obtain the full views of the last appointed auditors. In addition,
the proposed nominee should discuss with the entity the areas of disagreement.
The proposed nominee should be prepared to accept nomination only if he is
satisfied it is ethically appropriate to do so.
This is an example of an initial communication, as provided by the Appendix of
the HKICPA Code of Ethics: s.200.

Section 2.5.1 The reference to the HKICPA Code of Ethics is updated to:
Page 205 Section 300 of the Code of Ethics (Revised) – Change of Auditors of a
Listed Issuer of the Stock Exchange of Hong Kong

Section 3.3 The reference to the HKICPA Code of Ethics is updated to:
Page 207 Section 200 of the Code of Ethics – Changes in a professional appointment

Section 5.8.1 This subsection is updated for the new Code of Ethics, and is replaced
with the following:
Page 216
5.8.1 Section 200 Code of Ethics (Revised)
Section 200 of the Code of Ethics (Revised) states the following with regard to
the transfer of books and documents following a change of appointment:

The existing auditor should act promptly upon receipt of such written request
from the nominated auditor. Where it is the wish of a client to change auditor, the
existing auditor should not cause undue hindrance to such a change, and should
co-operate with the client and the nominated auditor to facilitate the flow of
information and an effective change over.
(HKICPA Code of Ethics: Chapter C, s.200, para. 2)

40
 Business Assurance

The working papers belong to the existing auditor who is under no legal
obligation to pass his working papers to the newly-appointed auditors for review.
However, the existing auditor has an ethical obligation to respond to the
newly-appointed auditor's specific inquiries and shall pass the working papers
relating to matters of continuing accounting significance in respect of those
specific areas.

Answers to In the answer to question 1, the two references to the HKICPA Code of
self-test Ethics are updated from s.441 to:
questions
Section 300
Page 218
In the answer to question 3 (c), the reference to the HKICPA Code of Ethics is
updated from s.290 to:
Part 4A
Chapter 10 Fraud and irregularities

Topic list Item (3.3) on the topic list is amended to:

3.3 HKSA 250 (Revised)
Page 287
Section 2.1 The following text replaces the second paragraph of this section:
Page 299 HKSA 250 (Revised) Consideration of Laws and Regulations in an Audit of
Financial Statements provides guidance on the auditor's responsibility to
consider laws and regulations in an audit of financial statements.

Section 2.1 The key term definition is replaced with the following.
Page 300 Non-compliance refers to acts of omission or commission, intentional or
unintentional, committed by the entity, or by those charged with governance, by
management or by other individuals working for or under the direction of the entity,
which are contrary to the prevailing laws or regulations. Non-compliance does not
include personal misconduct unrelated to the business activities of the entity.
In the next paragraph, the HKSA reference is updated to:
HKSA 250.A9–10
The paragraph itself is then replaced with the following.
Non-compliance includes all acts entered into in the entity's name by
management (or other individuals working on its behalf), as well as personal
misconduct related to the business activities of the entity.
This is an important change from previous iterations of HKSA 250 – personal
misconduct by an entity's management now falls within the definition of
non-compliance to be considered by the auditor. An example of this might be
where an individual in a key management position, in a personal capacity, has
accepted a bribe from a supplier of the entity and in return secures the
appointment of the supplier to provide services or contracts to the entity.
Section 2.3 The HKSA reference at the start of this section is updated to:
Page 300 HKSA 250.4–9, 11
The following sentence is added at the end of section 2.3 (before 2.3.1).
The auditor may have additional responsibilities under law, regulation or relevant
ethical requirements, and complying with these may provide further evidence
that is relevant to the auditor's work in line with HKSA 250.

41
 Business Assurance

Section 2.3.1 The following material is added at the end of section 2.3.1 (before 2.3.2).
Page 300 Examples of laws and regulations which may have a direct or material effect on
the financial statements are those relating to:
 Fraud, corruption and bribery
 Money laundering, terrorist financing and proceeds of crime
 Securities markets and trading
 Banking and other financial products and services
 Data protection
 Tax and pension liabilities and payments
 Environmental protection
 Public health and safety
(HKSA 250: para. A6)
Section 2.3.2 The text at the beginning of this subsection, before the lettered points, is
changed to:
Page 301
HKSA 250 (Revised) requires the auditor to obtain a general understanding of:

Section 2.3.4 The text at the beginning of this subsection, before the lettered points, is
changed to:
Page 301
Under HKSA 250 (Revised), the objectives of the auditor are to:
Section 2.5 The HKSA reference at the start of this section is updated to:
Page 303 HKSA 250.19–22
The following sentence is added at the end of section 2.5 (before 2.5.1).
If the auditor suspects there may be non-compliance, then they should discuss it
with the appropriate level of management, unless they are prohibited from doing
so by law or regulation – for example, the auditor will want to avoid committing
the offence of 'tipping off' under anti-money laundering legislation (covered in
Chapter 4).
Section 2.6 The HKSA reference at the start of this section is updated to:
Page 303 HKSA 250.23–29
The following material is added at the end of the final paragraph.
The HKICPA Code of Ethics notes that, if it has been determined that non-
compliance must be disclosed to an appropriate authority, then it would not be
considered a breach of the duty of confidentiality.
Section 2.6 A new sub-section 2.7 is inserted as follows.
Page 304
2.7 Documentation
HKSA The auditor documents identified or suspected non-compliance, together with
250.30 the audit procedures performed (including significant judgments and
conclusions), and any discussions of matters related to the non-compliance with
management or those charged with governance (including how management
responded).
Section 3.1 The paragraph in this section is replaced with the following:
Page 304 The HKICPA Code of Ethics contains ethical requirements that must be adhered
to by a professional accountant in public practice or business when responding
to non-compliance with laws and regulations (known as NOCLAR). NOCLAR
was covered in detail in Chapter 4 of this Learning Pack.

42
 Business Assurance

Section 3.3 The section heading is updated to:

Page 305
3.3 HKSA 250 (Revised)
The HKSA reference at the start of this section is updated to:
HKSA 250.19–29
Section 3.4 A new paragraph is inserted at the end of this section:
Page 305 The HKICPA Code of Ethics was revised in 2018 to include requirements related
to money laundering (covered in Chapter 4).
The Key term definition is changed to the following:
Money laundering is an act intended to have the effect of making any property:
(a) that is the proceeds obtained from the commission of an indictable offence
under the laws of Hong Kong, or of any conduct which if it had occurred
in Hong Kong would constitute an indictable offence under the laws of
Hong Kong; or
(b) that in whole or in part, directly or indirectly, represents such proceeds,
not to appear to be or so represent such proceeds.
(HKICPA, Code of Ethics: para. 600.3.1)
Section 3.4.4 A new paragraph is inserted at the end of this section:
Page 307 In February 2018, the HKICPA Code of ethics was revised to include a new
section dealing with anti-money laundering (covered in Chapter 4).
Section 3.4.5 The material in this section is replaced with the following:
Page 307 The Anti-Money Laundering and Counter-Terrorist Financing (Financial
Institutions) (Amendment) Ordinance 2018 ('the Ordinance') came into effect on
1 March 2018. The Ordinance provides for the imposition of requirements
relating to customer due diligence and record-keeping on specified financial
institutions, and provides for the powers of the relevant authorities.
The Ordinance aligns Hong Kong's anti-money laundering regime with prevailing
international standards.
The Ordinance provides for the statutory requirements relating to customer due
diligence and record-keeping for specified financial institutions, as well as the
powers of the relevant authorities to supervise financial institutions' compliance
with the requirements. The 2018 amendment of the Ordinance extended the
statutory CDD and record-keeping requirements to cover some designated
non-financial businesses and professions (e.g. accounting professionals).
The Ordinance also provides a licensing regime for money service operators.
Under the AMLO, the designated relevant authorities (e.g. the HKICPA)
published guidelines for their respective sectors.
The Ordinance provides for criminal sanctions (in addition to merely supervisory
sanctions), which will ensure that Hong Kong has an effective AML regime.
Many jurisdictions, including the UK, the US, Singapore, Italy and Norway, have
provided for criminal offences under their AML legislation in dealing with
breaches of CDD and record-keeping requirements.

43
 Business Assurance

Chapter 13 Specific audit procedures

Section 4.7 The name of HKSA 540 is updated to read:

Page 391
HKSA 540 Auditing Accounting Estimates and Related Disclosures

Section 15.3.3 Within part (c), the bullet points are updated for the HKSA 540 (Revised) –
Page 416 both the bullet points and the text immediately preceding them are
therefore replaced with the following:
In testing how management values the financial instrument and in responding to
the assessed risks of material misstatement in accordance with HKSA 540
(Revised), the auditor should:
 Obtain audit evidence from events occurring up to the date of the auditor's
report
 Test how management made the accounting estimate
 Develop an auditor's point estimate or range
 Perform tests to obtain sufficient appropriate evidence regarding the
operating effectiveness of controls, if:
– The auditor's risk assessment includes an expectation that controls
are operating effectively
– Substantive procedures alone cannot provide sufficient appropriate
audit evidence at the assertion level.
(HKSA 540 (Revised): paras. 18–20)

Section 15.4 The paragraph under the heading 'HKSA 580 Written representations' is
Page 417 replaced with the following:
HKSA 540 requires the auditor to obtain written representations from
management and, where appropriate, those charged with governance whether
the methods, significant assumptions and the data used in making accounting
estimates are appropriate to achieve recognition, measurement or disclosure
(HKSA 540 (Revised): para. 37).

Chapter 15 Accounting estimates, opening balances and comparatives

Topic list Section 1 of the topic list is amended as follows:

Page 445 1 Accounting estimates
1.1 The nature of accounting estimates
1.2 Key concepts of HKSA 540
1.3 Understanding the entity and its internal control
1.4 Identifying and assessing the risks of material misstatement
1.5 Responses to the assessed risks of material misstatement
1.6 Disclosures
1.7 Indicators of possible management bias
1.8 Overall evaluation based on audit procedures performed
1.9 Written representations
1.10 Audit documentation

44
 Business Assurance

Section 1 All of the material in section 1, from the beginning down to the end of
Page 447 section 1.7.3 just before the self-test question, is deleted and replaced with
the following:

1 Accounting estimates

Topic highlights
When auditing accounting estimates auditors should:
 Test the management process
 Make an independent estimate
 Review subsequent events
in order to assess whether the estimates are reasonable.

1.1 The nature of accounting estimates

HKSA 540.11 HKSA (Revised) 540 Auditing Accounting Estimates and Related Disclosures
provides guidance on the audit of accounting estimates contained in financial
statements. The HKSA was revised in 2018 (mirroring the revision of the
IAASB's ISA 540) after a project to update the guidance in this area, which is
one that has seen both changes in financial reporting standards in recent years
(on financial instruments, revenue recognition and leases) and persistent reports
of low audit quality.
The auditor's objective is to obtain sufficient appropriate audit evidence about
whether accounting estimates and related disclosures are reasonable in the
context of the applicable financial reporting framework, i.e. HKFRSs.
Fundamentally it is the responsibility of management to prepare the financial
statements, and this may include making accounting estimates. The
responsibility of the auditor is to obtain sufficient appropriate audit evidence
regarding the truth and fairness of these accounting estimates. The approach
adopted by HKSA 540 is, in common with HKSAs in general, risk-based. The
auditor considers the risks of material misstatement, which includes both the
inherent risk of the amount being estimated and the entity's internal controls in
relation to those risks, i.e. how reliable is the entity's process for arriving at the
estimated financial information.

Key terms
An accounting estimate is a monetary amount for which the measurement is
HKSA 540.12 subject to estimation uncertainty.
Estimation uncertainty is susceptibility to an inherent lack of precision in
measurement.

Before getting into the detail of HKSA 540, it may be helpful to have an idea of
the kinds of accounting estimates the Standard is concerned with.
HKSA 540.A1  Inventory obsolescence
 Depreciation of property and equipment
 Valuation of infrastructure assets
 Valuation of financial instruments
 Outcome of pending litigation

45
 Business Assurance

 Provision for expected credit losses

 Valuation of insurance contract liabilities
 Warranty obligations
 Employee retirement benefits liabilities
 Share-based payments
 Fair value of assets or liabilities acquired in a business combination,
including the determination of goodwill and intangible assets
 Impairment of long-lived assets or property or equipment held for disposal
 Non-monetary exchanges of assets or liabilities between independent
parties
 Revenue recognized for long-term contracts
(HKSA (Revised) 540: para. A1)
1.2 Key concepts of HKSA 540
HKSA 540.9
Many amounts in the financial statements are based on estimates that are made
by management, but making these estimates is often not an exact science – it
can be subject to what the HKSA calls significant estimation uncertainty. This
is a result of the inherent limitations of the preparer's knowledge (one cannot
know everything), and the need to draw upon their judgment and their
subjectivity in making estimates. The key concept here is therefore not
misstatement, but the underlying reasonableness of the estimate. 'Reasonable'
HKSA 540.4
means that the financial reporting requirements have been applied appropriately,
in line not just with specific rules or requirements but with their objective as well
– having regard for their spirit as well as the letter.

HKSA It should be borne in mind that not all accounting estimates involve a high
540.A16 degree of estimation uncertainty, for example; it may be possible to estimate the
fair value of an investment by simply looking up its price as listed on the stock
exchange.

HKSA 540 thinks about accounting estimates in terms of inherent risk and
control risk. The starting point is the auditor's consideration of the risk that is
inherent in the estimate; where the risk is higher then more stringent controls will
be needed. By contrast, some estimates will carry low inherent risks, need less
stringent controls and can therefore be audited more easily. HKSA 540's
requirements are therefore scalable according to the level of inherent risk for
the accounting estimate in question.

HKSA 540 The 2018 revision of HKSA 540 introduced the idea that there is a spectrum of
Appendix 1 inherent risk, and that the auditor's assessment of inherent risk – which must
be conducted separately from the assessment of control risk – should focus on
the following inherent risk factors:
 Estimation Uncertainty
 Complexity
 Subjectivity
HKSA 540.6-
7 In addition to assessing inherent risk, the auditor must assess control risk, and
can only rely on controls if procedures are then performed to test those controls.
Procedures are responsive to the sum total of inherent risk and control risk, and
should address specific assertions.
HKSA 540.8 The need to apply professional scepticism increases with inherent risk. Given
that this is an area that will often entail the use of subjectivity and judgment by
management, there is an heightened need for the auditor to apply their
professional scepticism.
46
 Business Assurance

HKSA HKSA 540 distinguishes the data used in making an estimate from any
540.A3-A6 assumptions made. Data is factual and verifiable – defined as 'information that
can be obtained through direct observation or from a party external to the entity'.
Assumptions are not like this because they can be changed – they 'may be
selected by management from a range of appropriate alternatives'. This
distinction may sound self-evident in practice the two can be harder to
distinguish.
Examples of data include:
 Prices agreed in market transactions;
 Operating quantities of output from a production machine;
 Historical prices in contracts, e.g. a contracted interest rate;

 Forward-looking information such as economic forecasts; or

 A future interest rate determined using interpolation techniques from
forward interest rates (derived data).
Data can be:
 Generated within the organisation or externally;
 Obtained from a system that is either within or outside the general or
subsidiary ledgers;
 Observable in contracts; or
 Observable in legislative or regulatory pronouncements.

1.3 Understanding the entity and its internal control

The auditor first obtains an understanding of matters related to accounting
estimates, and then assesses the risks of material misstatement (inherent and
control risks).

HKSA 540.13 Obtaining an understanding divides itself into:

 Understanding the entity and its environment
 Understanding the entity's internal control
Understanding the entity and its environment is connected to inherent risk,
whereas understanding the entity's internal control connected to control risk.

Understanding the entity here should include understanding:

 The need for accounting estimates, based on transactions and events
 HKFRS requirements as they apply to the entity
 Regulatory factors and the need for prudence
 The auditor's understanding of the need for accounting estimates
Understanding the entity's internal control here should include
understanding:

HKSA
 The entity's oversight of financial reporting.
540.A28-30
The auditor should consider whether:
– Management has created a culture of honesty;
– Those charged with governance are independent of management,
and are able to oversee and evaluate management's process for
making accounting estimates.

47
 Business Assurance

This is particularly important where accounting estimates involve

significant judgment and subjectivity, have high estimation uncertainty, or
are complex.
 Management's experts and the use of specialised skills.
HKSA The auditor should consider whether there is a need for management to
540.A31
engage an expert, depending on:
– How specialised the matter is
– The complexity of the models applied
– How unusual or infrequent is the issue requiring estimation

 The entity's own risk assessment process

HKSA The auditor should understand the entity's risk assessment process; this
540.A32-33 may help the auditor to understand the issues involved, e.g. the
requirements of HKFRSs in the area, or the availability of data to make
the required estimate.
Understanding the entity's risk assessment can also help the auditor to
assess whether management is biased, i.e. based on whether the risk
assessment is objective.
 The entity's information system, i.e. how management and the entity have
arrived at estimates, including:
– The classes of transactions for which estimates are needed
– How management makes estimates, i.e. how methods, data and
assumptions are identified and applied.
– How management understands and addresses estimation
uncertainty
 How management reviews the outcome of past estimates
There is a particular need for the auditor to review the outcome of past
HKSA estimates, as this may reveal new risks that need to be taken into account in the
540.14-15
current period.
There may also be a need to engage an auditor's expert in this area, or to plan
for an engagement team that includes the required specialised skills. Matters
affecting the assessment of whether this is necessary include:

HKSA
 The nature of the estimates (e.g. mineral deposits, agricultural assets,
540.A61 insurance liabilities)
 The degree of estimation uncertainty
 The complexity of the method or model used
 The complexity of the HKFRS requirements
 The procedures the auditor intends to undertake in responding to
assessed risks of material misstatement
 The need for judgment about matters not specified by the applicable
financial reporting framework
 The degree of judgment needed to select data and assumptions
 The complexity and extent of the entity’s use of information technology in
making accounting estimates

48
 Business Assurance

1.4 Identifying and assessing the risks of material

misstatement
HKSA 540.16 The auditor's risk assessment focuses on the inherent risk factors, i.e.:
 The degree of estimation uncertainty
 Subjectivity and complexity

The HKSA gives the following examples. Accounting estimates of expected

HKSA
540.A64-71
credit losses are likely to be complex because the expected credit losses cannot
be directly observed and may require the use of a complex model. Accounting
estimates for expected credit losses are also likely to be subject to high
estimation uncertainty and significant subjectivity in making judgments about
future events or conditions.

By contrast, an accounting estimate for an obsolescence provision for an entity

with a wide range of different inventory types may require complex systems and
processes, but may involve little subjectivity and the degree of estimation
uncertainty may be low, depending on the nature of the inventory.

HKSA In relation to estimation uncertainty, the degree of estimation uncertainty

540.A72-78 depends on:
 Whether the HKFRS requires a method, or the use of assumptions, that
carry a high degree of estimation uncertainty
 The business environment – a tumultuous environment might give rise
to uncertainty
 Whether it is possible to obtain sufficiently precise or reliable information
regarding a future event (e.g. in relation to a contingent liability), or
regarding present conditions.

Regarding complexity and subjectivity, the HKSA requires consideration of

the degree to which complexity affects the selection and application of the
method, assumptions and data.

HKSA 540.17 The auditor must consider whether any of the risks counts as a significant risk
in line with HKSA 315, and whether they must therefore obtain an understanding
of the entity's controls in relation to that risk.

1.5 Responses to the assessed risks of material

misstatement

Key terms
An auditor's point estimate or auditor's range is the amount, or range of
amounts respectively, developed by the auditor in evaluating management's
HKSA 540.12
point estimate.
A management's point estimate is the amount selected by management for
recognition or disclosure in the financial statements as an accounting estimate.

This is arguably the core of HKSA 540. The auditor must either:
HKSA 540.18  Obtain evidence from subsequent events (up to the date of the auditor's
report);
 Test how management made its estimate; or
 Develop an auditor's estimate ('auditor's point estimate').

These are covered in turn below.

49
 Business Assurance

1.5.1 Evidence from events occurring up to the date of the

HKSA 540.21
auditor's report
One approach is for the auditor to consider whether subsequent events can
shed any light on whether an estimate made for the end of the reporting period
was reasonable. An example of this might be inventory selling prices, which may
provide evidence for the valuation of inventory at the year end.
In this case, the auditor considers whether this evidence is directly relevant to
the accounting estimate in question.

1.5.2 Testing how management made the accounting estimate

This may be appropriate where, for example:
HKSA  The auditor's review of similar accounting estimates made in the prior
540.A94
period financial statements suggests that management's current period
process is appropriate.
 The accounting estimate is based on a large population of items of a
similar nature that individually are not significant.
 The HKFRS specifies how management is expected to make the
accounting estimate. For example, this may be the case for an expected
credit loss provision.
 The accounting estimate is derived from the routine processing of data.

HKSA
When testing management's estimate, the auditor considers:
540.22-27 (a) The method chosen by management
(b) Any significant assumptions made by management
(c) The data used in the estimate
(d) How management has selected a point estimate and has approached
the existence of estimation uncertainty
The HKSA then takes each of these points, making similar considerations in
relation to each of them. Regarding management's method, the auditor
considers:
 The method's appropriateness for HKFRSs
 Any management bias in choosing methods
 The mathematical accuracy of calculations
 Whether any models are adequately designed
 Whether the method maintains the integrity of assumptions
In relation to significant assumptions, the auditor considers:
 The assumptions' appropriateness for HKFRSs
 Any management bias in choosing assumptions
 The consistency of assumptions with other estimates
 Whether management intends to carry out relevant courses of action
Regarding the data used in the estimate, the auditor considers:
 The data's appropriateness for HKFRSs
 Any management bias in choosing data
 Whether data is relevant and reliable in the circumstances
 Whether management has appropriately understood the data.
Management's selection of a point estimate is connected to how it has
approached the existence of estimation uncertainty. The auditor performs
procedures to address whether management has understood estimation
50
 Business Assurance

uncertainty, and has chosen a point estimate that addresses it. If

management's point estimate does not properly address estimation uncertainty,
then the auditor should ask management to do so. If management still does not
take estimation uncertainty into account then the auditor should develop an
auditor's point estimate, i.e. the auditor should do it themselves. In this case it
is possible that there is an internal control deficiency that should be reported in
line with HKSA 265 (Clarified).

1.5.3 Developing an auditor's point estimate or range

This is the last of the three basic approaches to auditing accounting estimates
(along with evidence from subsequent events, and testing how management
made the estimate). The HKSA makes it clear that, broadly speaking, this
approach should only be adopted where the auditor cannot rely on
management's estimate.
The HKSA suggests the following examples of when this approach may be
appropriate:
 The auditor's review of similar accounting estimates made in the prior
HKSA
540.A118 period financial statements suggests that management's current period
process is not expected to be effective.
 The entity's controls within and over management's process for making
accounting estimates are not well designed or properly implemented.
 Events or transactions between the period end and the date of the
auditor's report have not been properly taken into account, when it is
appropriate for management to do so, and such events or transactions
appear to contradict management's point estimate.
 There are appropriate alternative assumptions or sources of relevant
data that can be used in developing an auditor's point estimate or a range.
 Management has not taken appropriate steps to understand or address
the estimation uncertainty.
HKSA 540.28 The auditor may choose this as the main approach to auditing accounting
estimates, but in this case they would still need to comply with the requirements
of the ISA to obtain an understanding of the entity and its internal controls
relating to accounting estimates, and in particular to understand how
management made its estimates (method, data, and assumptions).
The auditor should ensure that their own estimate is based only on information
that is supported by audit evidence. The auditor must also not neglect the
disclosures that the entity should have made regarding estimation
uncertainty.
HKSA The auditor may develop a point estimate or a range in a number of ways, for
540.A121 example by:
 Using a different model than the one used by management, e.g. one
that is commercially available for use in a particular sector or industry, or a
proprietary or auditor-developed model.
 Using management's model but developing alternative assumptions or
data sources to those used by management.
 Using the auditor's own method but developing alternative assumptions
to those used by management.
 Employing or engaging a person with specialised expertise to develop
or execute a model, or to provide relevant assumptions.
 Consideration of other comparable conditions, transactions or events,
or, where relevant, markets for comparable assets or liabilities.
51
 Business Assurance

1.6 Disclosures
HKSA 540.31 HKFRSs may require significant disclosures to be made in respect of accounting
estimates; the auditor must obtain sufficient appropriate audit evidence in
relation to these disclosures.

1.7 Indicators of possible management bias

Topic highlights
Indicators of possible management bias do not necessarily conclude that there
are misstatements of the accounting estimates as there may be no intention by
management to mislead users of financial statements.

Key term
Management bias is a lack of neutrality by management in the preparation and
HKSA 540.12 presentation of information.

Accounting estimates may require management to apply judgment to mitigate

HKSA 540.32
the effects of subjectivity and complexity. The kinds of judgments made by
management may help to reveal any bias that management might have.

Examples of indicators of possible management bias

 Changes in an accounting estimate when management has made a
HKSA
540.A134 subjective assessment that there has been a change in circumstances
(i.e. an arbitrary change of an estimate)
 Selection or development of significant assumptions or the data that yield
a point estimate favourable for management objectives
 Selection of a point estimate that may indicate a pattern of optimism or
pessimism

If management bias is discovered, the auditor should consider the effect on the
audit. It should be noted that an intention to mislead is fraudulent in nature.

1.8 Overall evaluation based on audit procedures

performed
HKSA 540 requires auditors to 'stand back', and perform an overall evaluation
of the audit procedures.
This evaluation should consider whether:

HKSA (a) The assessments of the risks at the assertion level remain
540.33-36 appropriate, including when indicators of possible management bias
have been identified;
(b) Management's decisions are in accordance with HKFRSs; and
(c) Sufficient appropriate audit evidence has been obtained.
The auditor should be sure to include contradictory evidence in their
assessment. If insufficient evidence is obtained then this may have an
implication for the auditor's opinion, determined in line with HKSA 705
(Revised).

52
 Business Assurance

The auditor must make a final assessment of the reasonableness of the

accounting estimates based on the audit evidence in order to conclude whether
the accounting estimates are reasonable or are misstated.

If there are any differences in between management's point estimates and the
auditors' point estimates supported by audit evidence, the auditors should
consider whether the difference is a misstatement which indicates that
management's point estimate lies outside the auditor's range. The concept of the
auditor's range is thus crucial in telling the difference between an acceptable
difference of opinion regarding the accounting estimate, and a misstatement.
Any misstatement would then be assessed separately for material in line with
HKSA 450 – i.e. the assessment of materiality is conceptually distinct from the
question of whether the misstatement lies outside the auditor's range.

1.9 Written representations

HKSA 540.37
Written representations are required in relation to the appropriateness of any
methods, data and significant assumptions.

1.10 Audit documentation

The auditor's documentation should include:
HKSA 540.39  Key elements of the auditor's understanding of the entity and its
environment
 The linkage of the auditor's further audit procedures with the assessed
risks at the assertion level
 The auditor's response when management has not taken appropriate
steps to understand and address estimation uncertainty
 Indicators of possible management bias
 Significant judgments relating to the auditor's determination of whether
the accounting estimates and related disclosures are reasonable

Answers to Within Answer 1, the first paragraph is deleted and replaced with:
self-test
questions HKSA 540 Auditing Accounting Estimates and Related Disclosures establishes
Page 466 standards and provides guidance on auditing accounting estimates and
disclosures contained in financial statements, which would include the fair values
at the Metropolitan Group.

Then a new paragraph is inserted immediately after the two bullet points:

Law should assess the risk of material misstatement arising from the accounting
estimates, which includes making a separate assessment of inherent risk and
control risk.

Then at the start of Answer 2, the reference to HKSA 540 is updated so that
its name is as follows:

HKSA 540 Auditing Accounting Estimates and Related Disclosures

53
 Business Assurance

Chapter 16 Overall audit review and finalisation

Topic list The following item in the topic list is changed to:
Page 473 9.2 HKSA 250 (Revised)

Section 3.2 In the table, the name of HKSA 250 (Clarified) is amended to:
Page 489 HKSA 250 (Revised) Consideration of Laws and Regulations in an Audit of
Financial Statements
The name of HKSA 540 is amended to:
HKSA 540 Auditing Accounting Estimates and Related Disclosures

Section 9.2 The heading for this section is changed to:

Page 514 9.2 HKSA 250 (Revised)
The HKSA reference at the start of this section is updated to:
HKSA 250.19–29
The underlined words are added to the following paragraph.
The auditor may discuss the findings with those charged with governance where
they may be able to provide additional audit evidence, provided they are not
prohibited from doing so by law or regulation (such as anti-money laundering
regulations).
The following paragraph is removed.
The auditor may consider withdrawal from the engagement, where withdrawal is
possible under applicable law or regulation.
That paragraph is then replaced with the following.
If the auditor has identified or suspects non-compliance with laws and
regulations, the auditor shall determine whether law, regulation or relevant
ethical requirements:
(a) Require the auditor to report to an appropriate authority outside the entity
(b) Establish responsibilities under which reporting to an appropriate authority
outside the entity may be appropriate in the circumstances
The following, final paragraph is removed:
In some jurisdictions, the auditor of a financial institution has a statutory duty to
report the occurrence, or suspected occurrence, of non-compliance with laws
and regulations to supervisory authorities.

Chapter 17 Audit reporting

Section 1.1.3 The paragraph in this section is changed to:
Page 525 In addition to the reporting requirements of HKSAs, the auditor is required to
report on other matters under sections 407(2)(b) and (3) of the Companies
Ordinance. A modified auditor's opinion expressed in line with HKSAs would
thus have implications for this reporting. For instance, an inability to obtain
sufficient appropriate evidence regarding the fair presentation of the financial
statements would imply that the auditor was also unable to determine whether
adequate accounting records had been kept, and that the auditor had not
obtained all the information or explanations that are necessary and material for
the purpose of the audit. The auditor must not commit any of the offences in
relation to these statements, as set out in the next section.

54
 Business Assurance

Chapter 19 Audit-related services and other assurance engagements

Section 2.1.5 The word 'Companies' is removed from the example.
Page 615
Section 5.1 The first paragraph is removed.
Page 624 The full name of HKSIR 200 is then inserted in the second paragraph,
which reads as follows:
The key objective of HKSIR 200 Accountants' Reports on Historical Financial
Information in Investment Circulars is to establish specific standards and provide
guidance for reporting accountants engaged to issue an accountant's report on
historical financial information for inclusion in an investment circular. Including an
accountant's report in a prospectus is required by the Companies Ordinance and
the Listing Rules and GEM Rules also list circumstances where an accountant's
report is a requirement.

Section 7 The second paragraph of this section is removed – from 'The new
requirements' to 'December 2015)'.
Page 632
Section 7 The following sentence is added at the end of the final paragraph of this
section:
Page 633
The new CO was modified by the 2018 Companies (Amendment) No.2
Ordinance, which became effective on 1 February 2019.
Section 7.1 The following material is inserted at the very end of this section:
Page 633 As a consequence of the 2018 Companies (Amendment) No. 2 Ordinance, the
SME-FRF and SME-FRS was updated to reflect the following:
(a) Mixed groups (i.e. groups comprising a mix of small private companies,
eligible private companies and small guarantee companies) and groups
which include non-Hong Kong body corporates are eligible for the
reporting exemption.
(b) For groups of eligible private companies, the adoption of reporting
exemption will now require a resolution by members of the holding
company only. It is no longer necessary for the holding company to also
obtain approval from the shareholders of any of its subsidiaries.
(c) A partially-owned subsidiary of an entity, can now be exempted from
preparing consolidated financial statements if all members agree in
writing before the end of the financial year.

Section 8.1 The first paragraph is replaced with the following:

Page 634 PN 810.2 (Revised) The Duties of the Auditor of an Insurer Authorised Under the
Insurance Ordinance gives guidance to auditors appointed to audit an authorised
insurer. PN 810.2 also provides guidance to members reporting on levies paid to
the insolvency schemes for Motor and Employee Compensation, the Terrorism
scheme for Employee Compensations and the annual remittance report on the
levy to the Insurance Authority(IA). These reports are made to the IA in
accordance with the requirements in the Hong Kong Insurance Ordinance
(Cap. 41).
PN 810.2 is not intended to provide guidance on the general audit procedures to
be adopted in respect of audit companies and brokers. An auditor should refer to
the guidance in paragraph 52 of PN 620.2 Communication between the Auditor
and the Insurance Authority on sending a written request to the IA to confirm
whether it has any matter to report to the auditor.

55
 Business Assurance

Answers to exam practice questions

Chapter 7 The reference to s.440 of the HKICPA Code of Ethics is updated so that the
answer reads as follows:
Page 684
Under the Code of Ethics for Professional Accountants (the Code) Section 200
'Changes in a Professional Appointment', Gold and Silver should find out
whether the change of auditor has been properly dealt with in accordance with
the Companies Ordinance or other legislation/regulations.
If the change of auditor has not been properly dealt with, Gold and Silver should
not accept the invitation.
Gold and Silver should also request ZZZ's permission to communicate with Red
and Blue.
Gold and Silver should not accept the invitation without first communicating in
writing with Red and Blue to inquire whether there is any reason for or
circumstance behind the proposed change of which they should be aware when
deciding whether or not to accept nomination.
Section 200 of the Code requires Gold and Silver, with ZZZ's permission, to write
to Red and Blue asking if there are any unusual circumstances surrounding the
proposed change which Gold and Silver should be aware of, so that Gold and
Silver may determine whether or not to accept the nomination.
Since ZZZ is a listed company, the change in auditor is also governed by
Section 300 of the Code 'Change of Auditors of a Listed Issuer of The Stock
Exchange of Hong Kong'.
In accordance with section 300 of the Code, Gold and Silver should request a
copy of the letter of resignation and any correspondence referred to in the letter
directly from ZZZ for consideration, in addition to the professional clearance from
Red and Blue, before accepting the appointment.
If ZZZ refuses to provide Gold and Silver with a copy of the letter of resignation
and any correspondence referred in the letter of resignation, Gold and Silver
should decline the appointment.

Question bank – questions

Question 3 The paragraph under Required is amended as follows:

Page 714 As a listed company in Hong Kong, what are the requirements as set out in the
Corporate Governance Code for Angel to determine the remuneration payable to
this director and the related disclosures in the annual report?

Question bank – answers

Answer 3 The first sentence of point (b) is amended as follows:

Page 770 As set out in the Corporate Governance Code (the 'Code') published by the
Hong Kong Stock Exchange, detailed disclosure is required for directors'
remunerations such as performance-related pay and non-performance related
pay.

Answer 1 The reference to the Code of Ethics is updated, so that 'Section 290' is
replaced with:
Page 776
Part 4A
Answer 4 The name of HKSA 540 is amended to:
Page 778 HKSA 540 (Revised) Auditing Accounting Estimates and Related Disclosures

56
 Business Assurance

Answer 1 The references to the Code of Ethics are updated, so that the final two
paragraphs are replaced with:
Page 795
In addition, Code of Ethics Ch C, s.200.3 (a) suggests that ABC & Co should find
out whether the change of auditor has been properly dealt with in accordance
with the Companies Ordinance or other legislation.
Since Happy Toy is a listed company, Code of Ethics Ch C s.300 also suggests
that ABC & Co should request a copy of the letter of resignation/ termination and
any correspondence from Happy Toy.
Answer 1 The reference to the Code of Ethics is updated, so that 'Section 290' is
replaced with:
Page 811
Part 4A
Answer 1 The references to the Code of Ethics are updated, so that the first four
paragraphs are replaced with:
Page 815
Under the Code of Ethics for Professional Accountants ('the Code') s.320
'Professional Appointment', D&N should consider whether acceptance of ADL's
audit nomination would create any threats to compliance with the fundamental
principles.
For example, the violation of intellectual property rights by ADL may threaten
D&N's compliance with the fundamental principles, such as possible attempts to
hide damages to the business through dishonesty and/or accounting
irregularities.
Also, Mr. Chan's requests to D&N of charging the audit fee based on ADL's
profits may threaten D&N's compliance with the fundamental principles by
creating a self-interest threat.
Under the Code Ch3 s.200 'Changes in a Professional Appointment', D&N
should:
Answer 4 The name of HKSA 540 is amended to:
Page 825 HKSA 540 (Revised) Auditing Accounting Estimates and Related Disclosures
The lettered points are deleted and replaced with the following:
(a) Review subsequent events which provide audit evidence of the
reasonableness of the estimate made;
(b) Test how HKM's management made the estimate
(c) Make an auditor's point estimate for comparison with that prepared by
HKM's management.
The first subheading ('Testing the controls…') and the paragraph beneath
it are then removed.
The next subheading is then replaced with the following:
Testing how management made the estimate
The following paragraph is then inserted immediately below this new
subheading:
XYZ and Co should test the controls operating over how HKM's management
made their estimate of the provision required.

57
 Business Assurance

Answer 1 In part (c), the references to the Code of Ethics are updated, so that the
answer is replaced with the following:
Page 828
Under the Code of Ethics for Professional Accountants ('the Code') Ch C s.200
'Changes in a Professional Appointment', Gold and Silver should find out
whether the change of auditor has been properly dealt with in accordance with
the Companies Ordinance or other legislations/regulations.
If the change of auditor has not been properly dealt with, Gold and Silver should
not accept the invitation.
Gold and Silver should also request ZZZ's permission to communicate with Red
and Blue.
Gold and Silver should not accept the invitation without first communicating in
writing with Red and Blue to inquire whether there is any reason for or
circumstance behind the proposed change of which they should be aware when
deciding whether or not to accept nomination.
Ch C s.200 of the Code requires Gold and Silver, with ZZZ's permission, to write
to Red and Blue asking if there are any unusual circumstances surrounding the
proposed change which Gold and Silver should be aware of, so that Gold and
Silver may determine whether or not to accept the nomination.
Since ZZZ is a listed company, the change in auditor is also governed by Ch C
s.300 of the Code 'Change of Auditors of a Listed Issuer of The Stock Exchange
of Hong Kong'.
In accordance with Ch C s.300 of the Code, Gold and Silver should request a
copy of the letter of resignation and any correspondence referred to in the letter
directly from ZZZ for consideration in addition to the professional clearance from
Red and Blue before accepting the appointment.
If ZZZ refuses to provide Gold and Silver with a copy of the letter of resignation
and any correspondence referred to in the letter of resignation, Gold and Silver
should decline the appointment.
Answer 1 In part (a), the references to the Code of Ethics are updated, so that the
first two paragraphs are replaced with the following:
Page 836
XYZ & Co's ethical obligations in relation to the change in auditors of EMM are
governed by the Code of Ethics for Professional Accountants ('the Code'). In
particular, XYZ & Co should comply with the requirements of Ch C s.300
'Change of Auditors of a Listed Issuer of the Stock Exchange of Hong Kong'
since EMM is listed on the Hong Kong Stock Exchange.
According to Ch C s.300 of the Code, XYZ & Co should prepare a Letter of
Resignation addressed to the audit committee and the board of directors of
EMM.
Index

C The entry for 'Code on Corporate Governance Practices' is changed to

'Corporate Governance Code'.
Page 858
The entries for the Code of Ethics s.440 and 441 are replaced with the
following respective entries:
Code of Ethics – Ch C s.200 Changes in a Professional Appointment
Code of Ethics – Ch C s.300 Change of Auditors of a Listed Issuer of the Stock
Exchange of Hong Kong
H The entry for 'HK Code' is removed.

Page 860 The entry for HKSA 540 is changed to:

HKSA 540 (Revised) Auditing Accounting Estimates and Related Disclosures

58
 Business Assurance

Technical Updates – Flashcards

Chapter 2 Corporate governance reports and practice

Page 13 The material in the box headed 'Key principles of the Code' is removed. The
following points are inserted in its place, spread over several pages:
Board leadership and company purpose
 Must promote long-term success of company
 Board establishes culture and strategy, acting with integrity
 Must ensure necessary resources in place to meet objectives
 Establish framework of prudent and effective controls
 Workforce policies consistent with values
Division of responsibilities
 The Chair leads the Board and has overall responsibility
 Appropriate combination of executive and non-executive directors
(NEDs)
 Clear division between board leadership and executive leadership of
the business
 Chair is independent on appointment
 Chair and Chief Executive must be different individuals
 At least half the board should be independent NEDs
 NEDs may be independent or not; the annual report must identify which
are independent
Composition, succession and evaluation
 Must be a formal, rigorous and transparent procedures for
appointment, promoting diversity of: gender, social and ethnic background,
cognitive and personal strengths
 Board membership should be regularly refreshed, with annual evaluation
of board composition
 Nomination committee (majority NEDs) leads appointments process
 Annual re-election of all directors
 Chair in post for maximum nine years
 Formal evaluation of board – external evaluation every three years for
FTSE 350 companies
Audit, risk and internal control
 Must establish formal and transparent policies and procedures for
independent and effective internal and external audit, and the integrity
of the financial statements
 Board should present a fair, balanced and understandable assessment
in the annual report
 Establish procedures to manage risk and oversee the internal control
framework
 Should establish an audit committee of at least three independent
NEDs (two for smaller companies)

59
 Business Assurance

 At least one member of audit committee must have recent financial

experience
 Board considers going concern in annual and interim financial statements
– for 12 months from date of approval of financial statements
 Audit committee's role includes:
– Monitor integrity of accounts
– Give advice on whether annual report is fair
– Review internal control and risk management systems
– Monitor and review internal audit function
– Conducting tender for external auditor (appointment,
reappointment, removal, remuneration and terms)
– Reviewing external auditor's independence at least annually
– Developing and implementing policy on using external auditor for
non-audit services
Remuneration
 Remuneration should support long-term sustainable success, and
should be clearly linked to success of long-term strategy
 Formal and transparent policy, with no director deciding their own
remuneration
 Independent judgement should be exercised in determining remuneration
 Remuneration committee should be established:
– Min. three independent NEDs (two for smaller companies)
– Sets remuneration for execs, chair and senior management
– Reviews workforce remuneration.
 Remuneration schemes must promote long-term shareholdings by exec
directors, and long-term shareholder interests
Anti-money laundering

Chapter 4 Code of Ethics

Page 25 A new entry is added to the Topic List, immediately after 'Confidentiality':
Anti-Money Laundering
Page 26 A new tab is inserted at the top of each page in this chapter, immediately
after 'Confidentiality':
Anti-Money Laundering
Page 26 The definitions of the fundamental principles, given in the three boxes at
the bottom of the page, are changed to:
Integrity – to be straightforward and honest in all professional and business
relationships
Objectivity – not to compromise professional or business judgments because of
bias, conflict of interest or undue influence of others

60
 Business Assurance

Professional Competence and Due Care – to:

(a) Attain and maintain professional knowledge and skill at the level required
to ensure that a client or employing organization receives competent
professional service, based on current technical and professional
standards and relevant legislation; and
(b) Act diligently and in accordance with applicable technical and professional
standards.

Page 27 The paragraph in the bottom right corner of the page is updated to:
The HKICPA Code of Ethics for Professional Accountants was revised in
June 2010, February 2012, November 2013, March 2014, January 2015,
December 2016, February 2018 and November 2018.
Page 27 The definitions of the fundamental principles are changed to:
Confidentiality – to respect the confidentiality of information acquired as a result
of professional and business relationships
Professional Behaviour – to comply with relevant laws and regulations and
avoid any conduct that the professional accountant knows or should know might
discredit the profession
Page 30 The text at the top is amended to read:
Independence: Part 4A – Independence for Audit and Review Engagements
Part 4B – Independence for Assurance Engagements Other
Than Audit and Review Engagements
Page 32 A new page is inserted, after 'Confidentiality' and before 'Conflicts of
interest'/'Other issues':
The HKICPA Code of Ethics revised in 2018 to include:
Part F Guidelines on Anti-Money Laundering and Counter-Terrorist Financing for
Professional Accountants
The Guidelines are mandatory for practices providing certain services
(e.g. managing client money), and good practice only if other services are
provided (e.g. audit).

61
 Business Assurance

Section 610 Section 620

A Risk-Based Approach (RBA) must Customer Due Diligence (CDD) to

be adopted. identify the client/beneficial owner.
A Compliance Officer (CO) and a Enhanced Due Diligence (EDD) for
Money Laundering Reporting Officer high-risk clients, Simplified Due
(MLRO) are appointed – may be the Diligence (SDD) for lower-risk clients.
same person.
Politically Exposed Persons (PEPs)
carry risk.

Section 630 Section 640

Practices must monitor client Staff report suspicions to MLRO.

relationships on an ongoing basis.
The MLRO determines whether to
make a Suspicious Transaction
Report (STR) to the JFIU.
Must avoid 'tipping off' where there
is reasonable suspicion.

Section 650 Section 660

Practices must not have clients who Practices must keep records for
are subject to targeted sanctions. five years.
Normal systems may be sufficient.

Section 670

Staff must be trained in AML

requirements.

Chapter 10 Fraud and irregularities

Page 82 In the first sentence, in the top left corner of the page, the HKSA name is
changed to:
HKSA 250 (Revised) Consideration of Laws and Regulations in an Audit of
Financial Statements

62
 Business Assurance

Page 83 The text in the grey box at the top of the page is replaced with the
following.
Money laundering is an act intended to have the effect of making any property:
(a) That is the proceeds obtained from the commission of an indictable
offence under the laws of Hong Kong, or of any conduct which if it had
occurred in Hong Kong would constitute an indictable offence under the
laws of Hong Kong; or
(b) That in whole or in part, directly or indirectly, represents such proceeds,
not to appear to be or so represent such proceeds.

The text in the grey box at the bottom of the page is replaced with the
following.
Governed in HK by the Anti-Money Laundering and Counter-Terrorist Financing
Ordinance, which imposes both criminal and supervisory sanctions. The HKICPA
members are also bound by Part F of the HKICPA Code of Ethics, which
contains the Guidelines on Anti-Money Laundering and Counter-Terrorist
Financing for Professional Accountants.

Chapter 19 Audit-related services and other assurance engagements

Page 169 In the final bullet point, the name of the PN is changed to:
(PN 810.2 (Revised 2018))

63
 Business Assurance

64