Chapter 16 - Confidentiality

Question 1

Why is confidentiality important for accountants?

Answer 1

Confidentiality builds trust between the client and the accountant by ensuring that sensitive information is not disclosed externally or misused internally.

Question 2

What risks can lead to accidental disclosure of confidential information? (4)

Answer 2

Risks include:

Client staff overhearing audit discussions.
Documents left visible to unauthorised individuals.
Loss or theft of files.
Electronic breaches such as hacking.

Question 3

What are some safeguards to prevent accidental disclosure of information? (4)

Answer 3

Avoid discussing client matters in public or with unauthorised parties.
Do not leave audit files unattended.
Use secure systems for electronic working papers.
Avoid leaving files in cars or unsecured locations.

Question 4

When is disclosure of confidential information allowed? (3)

Answer 4

Disclosure is allowed when:

Consent has been obtained from the client.
There is a public or legal duty to disclose.
There is a professional obligation to disclose, such as reporting fraud or regulatory breaches.

PLC

PROFESSIONAL/PUBLIC INTEREST
LEGAL
CONSENT

Question 5

Scenarios where disclosures are required by law (4)

Answer 5

Fraud
Terrorist
Regulatory Breach
Money laundering

 Where the auditor has uncovered an employee fraud and the client is in agreement that the matter should be referred to the police.
 Reporting clients involved in terrorist activities to the police.
 Reporting directly to regulators such as the Financial Conduct Authority on regulatory breaches in respect of financial service and investment businesses or the Charity Commission in respect of charities.
 The reporting of suspected money laundering (for example tax evasion) to the National Crime
Agency.

Question 6

What is money laundering?

Answer 6

Money laundering is the process of disguising the origins of criminal proceeds to make them appear legitimate, including actions such as theft, tax evasion, and regulatory non-compliance.

Question 7

What are examples of suspicious activities that may indicate money laundering? (5)

Answer 7

Credits on the receivables ledger.
Unusual related party transactions.
Lack of expected costs in profit or loss.
High cash transactions without clear business purpose.
Complex group structures with no clear business reason.

Question 8

What are the criminal offences for accountants under money laundering laws? (2)

Answer 8

1. Failure to report a suspicion of money laundering.
2. Tipping off a suspected money launderer that a report has been made.

Question 9

What roles help prevent money laundering in firms? (2)

Answer 9

Money Laundering Nominated Officer (MLNO): Receives and reports suspicions to the National Crime Agency.

Money Laundering Compliance Principal (MLCP): Ensures compliance with money laundering regulations, including training and client due diligence.

Can be the same person

Question 10

What are safeguards to manage conflicts of interest? (5)

Answer 10

Disclosure of conflicts to clients.
Obtaining informed consent.
Using confidentiality agreements. - physical separation of teams
Establishing information barriers.
Regular reviews by independent senior individuals

Question 11

What are information barriers in conflict management? (3)

Answer 11

Ensuring no overlap between different teams.
Physical separation of teams.
Proper control over the dissemination of information.

Question 12

What should a firm do if a conflict cannot be managed?

Answer 12

If a conflict cannot be managed, the firm should not proceed with the engagement.

Question 13

During the course of an assurance engagement, Aleem, a member of the assurance team from Goose Brothers & Co discovers that Dave Milton, the owner of D Manufacturing Limited, has told certain customers to write cheque payments out in favour of DM, rather than the full company name. Mr Milton has then been amending the cheques to read D Milton, and paying them into his personal account rather than the company’s, reducing the company’s overall tax liability.

Which one of the following is the most appropriate action for Aleem to take in respect of this matter?
A Discuss the matter with the client and advise him of the legal position
B Report the matter to HM Revenue and Customs
C Obtain the client’s permission to report the matter to the MLNO within the firm
D Report the matter to the MLNO within the firm

Answer 13

D Report the matter to the MLNO within the firm

MLNO will determine whether a report should be made its their responsibility

Question 14

Which three of the following are situations where there is a legal duty to disclose confidential information?
A When a fraud has taken place, it should be reported to the police
B When terrorist activity has taken place, it should be reported to the police
C When regulatory breaches have taken place at a charity, it should be reported to the Charities Commission
D When money laundering is suspected, it should be reported to the National Crime Agency (NCA)

Answer 14

B When terrorist activity has taken place, it should be reported to the police
C When regulatory breaches have taken place at a charity, it should be reported to the Charities Commission
D When money laundering is suspected, it should be reported to the National Crime Agency (NCA)
Where a fraud has been identified, this is usually reported to the client unless the fraud has been carried out by senior management/directors, in which case, great care should be taken in the steps taken.

Question 15

6 For each of the following situations, select whether the assurance provider may disclose confidential
information or must disclose confidential information.
The assurance provider is being sued for negligence and is trying to establish a defence.
A May make disclosure
B Must make disclosure
The assurance provider has discovered a fraud at the client, which the client has agreed should be referred to the police.
C May make disclosure D Must make disclosure
The assurance provider believes that the client is saving money by breaching environmental clean-up requirements.
E May make disclosure
F Must make disclosure

Answer 15

Correct answer(s):
A May make disclosure
Correct answer(s):
C May make disclosure
Correct answer(s):
F Must make disclosure
In the first case the assurance provider may make disclosure. In case 2, they may make disclosure if the client does not. In the final case, the auditor has a duty to make disclosure as this constitutes money laundering.

Question 16

9 Which two of the following would be an appropriate use of confidential information?
A On a change of employment, using experience gained in a previous position
LO 4e
B Encouraging others to buy shares in a company on the basis of information obtained during the course of the audit
C Providing a prospective auditor with information required by him in order for him to decide whether or not to accept the appointment
D Using information obtained on the audit of one client to influence the audit opinion given in respect of another client

Answer 16

A On a change of employment, using experience gained in a previous position
C Providing a prospective auditor with information required by him in order for him to decide whether or not to accept the appointment
Encouraging others to buy shares in a company on the basis of information obtained during the course of the audit is known as insider dealing and is a criminal offence. Where audit evidence obtained in the audit of one client affects the audit of another client, procedures must be performed so that the same evidence is obtained from another source.

Question 17

10 In which one of the following situations may confidential information in respect of a client only be disclosed if the permission of the client has first been granted?
A As a defence in a negligence claim
B In order to avoid giving an incorrect auditor’s report to another client
C Where money laundering is suspected
D Where terrorism is suspected

Answer 17

B In order to avoid giving an incorrect auditor’s report to another client
In order to avoid giving an incorrect auditor’s report to another client is the only option where permission must first be granted (otherwise the assurance provider will be breaking their duty of confidentiality to that client). For the other options, client permission is not required (and indeed to seek this could be regarded as ‘tipping off’ the client) but disclosure is necessary by law or the auditor is protected by the court (eg, in a negligence claim).

Question 18

12 Lilac Ltd is currently in a dispute with the tax authorities, and ask Lilly LLP to represent it. Lilly LLP is concerned that doing so may breach its duty of confidentiality.
Which of the following statements best reflects the auditor’s duty of confidentiality?
A Auditors must never, under any circumstances, disclose any matters of which they become aware during the course of the audit to third parties, without the permission of the client.
B Auditors may disclose any matters in relation to criminal activities to the police or taxation authorities, if requested to do so by the police or a tax inspector.
C Auditors may disclose matters to third parties without their client’s consent if it is in the public interest, and they must do so if there is a statutory duty to do so.
D Auditors may only disclose matters to third parties without their client’s consent if the public interest or national security is involved.

Answer 18

C Auditors may disclose matters to third parties without their client’s consent if it is in the public interest, and they must do so if there is a statutory duty to do so.
There is no blanket prohibition on disclosure, nor is there any general right of the police or taxation authorities to demand information. Auditors have an implied contractual duty of confidentiality. There is no statutory duty of confidentiality. SAMPLE EXAM

Question 19

14 For each of the following statements about data protection, select whether the statement is true or false.
The UK GDPR obliges auditors to secure any data held on an audit client company A True
B False
Upon returning home from working at an audit client’s site, you discover that you have misplaced a memory stick that contained personal data on individuals working at the audit client. This is a breach of the UK GDPR.
C True D False
The auditor has the primary responsibility for reporting any breaches of the UK GDPR by audit clients to the Information Commissioner’s Office.
E True
F False

Answer 19

Correct answer(s): B False
The UK GDPR applies to any data held on individuals, not companies. It would, however, apply to data held on an audit client’s staff.
Correct answer(s): C True
Losing client staff personal information is a clear breach of the UK GDPR and should be reported to the Information Commissioner’s Office (ICO).
Correct answer(s): F False
If an audit client breaches the UK GDPR, then it is the client’s responsibility to report the breach to the ICO. The auditor owes the client a duty of confidentiality regarding breaches of laws and regulations (such as this), but should consider disclosure to the ICO if this is in the public interest. SAMPLE EXAM

Question 20

Key takeaways from QB

Client responsibility to report GDPR to ICO (Information Commissioner’s Office)

Answer 20

Key takeaways from QB

Client responsibility to report GDPR to ICO (Information Commissioner’s Office)