20 June 2022 Mr. Ken Siong Program and Senior Director

Tel: +32 2 778 01 30

Fax: +32 2 778 01 43

@: bdo@bdointernational.com

www.bdo.global

BDO International Limited

Contact address:

The Corporate Village, Brussels Airport

Elsinore Building, Leonardo Da Vincilaan 9 – 5/F

1930 Zaventem, Belgium

20 June 2022

Mr. Ken Siong

Program and Senior Director

International Ethics Standards Board for Accountants

International Federation of Accountants

529 5th Avenue

New York, New York 10017

USA

Re: Proposed Technology-related Revisions to the Code

Dear Mr. Siong,

BDO International Limited

(BDO) is pleased to have the opportunity to comment on the

International Ethics Standards Board for Accountants’ (IESBA or Board) Exposure Draft (ED) in

respect of Proposed Technology-related Revisions to the Code (the ED).

General comments

1. BDO agrees that the revisions are key in ensuring that the IESBA Code’s provisions

remain relevant and fit for purpose to respond to the transformative effects of major

trends and developments in technology in relation to the accounting profession.

2. BDO agrees that the public interest will be served with these technology-related

proposals, as the proposals more clearly delineate the boundaries of technology-related

services that are permissible for firms to provide to their audit clients. However, some

of the changes proposed do not seem to directly relate to technology, and as such BDO

failed to see the connection with the technology project. These areas have been

indicated in our detailed comments as set out below.

3. BDO welcomes and generally supports the clarification that the requirements of the

independence standards apply, regardless of the method used in delivering the services,

however BDO has suggested amendments to certain of the proposed technology-related

revisions, to avoid unintended consequences and to ensure consistent application of

the IESBA Code.

4. BDO encourages the IESBA to consider providing practical guidance on some of the

revisions (as indicated in the detailed comments below) in the form of application

material as well as IESBA Staff Guidance material.

BDO International Limited is a UK company limited by guarantee. It is the governing entity of the international BDO network of

independent member firms (‘the BDO network’). Service provision within the BDO network is coordinated by Brussels Worldwide Services

BV, a limited liability company incorporated in Belgium. Each of BDO International Limited, Brussels Worldwide Services BV and the

member firms is a separate legal entity and has no liability for another such entity’s acts or omissions. Nothing in the arrangements or

rules of the BDO network shall constitute or imply an agency relationship or a partnership between BDO International Limited, Brussels

Worldwide Services BV and/or the member firms of the BDO network.

BDO is the brand name for the BDO network and for each of the BDO member firms.

Responses to Specific Questions

A. Request for Specific Comments and Responses

Technology-related Considerations When Applying the Conceptual Framework

1. Do you support the proposals which set out the thought process to be undertaken

when considering whether the use of technology by a PA might create a threat to

compliance with the fundamental principles in proposed paragraphs 200.6 A2 and

300.6 A2? Are there other considerations that should be included?

5. BDO supports the need to set out the thought process to be undertaken when considering

whether the use of technology by a Professional Accountant (PA) might create a threat to

compliance with the fundamental principles. However, BDO is of the view that the process

as outlined in proposed paragraphs 200.6 A2 and 300.6 A2 does not clearly link the

considerations to the threats to compliance with the fundamental principles.

6. BDO suggests that the considerations listed in proposed paragraph 200.6 A2 and 300.6 A2

be aligned to the last bullet in concluding on the threat that might be created to clarify

how these translate into specific threats to compliance with the fundamental principles.

Determining Whether the Reliance on, or Use of, the Output of Technology is Reasonable or

Appropriate for the Intended Purpose

2. Do you support the proposed revisions, including the proposed factors to be

considered, in relation to determining whether to rely on, or use, the output of

technology in proposed paragraphs R220.7, 220.7 A2, R320.10 and 320.10 A2? Are

there other factors that should be considered?

7. BDO is generally supportive of the proposed revisions, including the proposed factors to

be considered, in relation to determining whether to rely on, or use, the output of

technology in proposed paragraphs R220.7, 220.7 A2, R320.10 and 320.10 A2.

8. Proposed paragraph 220.7 A2 and corresponding 320.10 A2 includes a consideration

relating to the reputation of the developer of the technology. BDO’s view is that

reputation is not necessarily a reliable measure of the quality of technology because the

evaluation of reputation is subjective and somewhat unreliable without the performance

of a due diligence. Indeed, focusing on the reputation of the developer may cause a PA

to underestimate the importance of other, more objective, factors in this analysis.

9. While we concur that a bad reputation may impact whether reliance on the output of

technology is reasonable, BDO suggests that the proposed revisions clarify how the

reputation of the software developer is assessed and how this factor impacts software

developers where it is not possible to assess their reputation.

10. Proposed paragraph 320.10 A2 includes a factor relating to the PA’s ability to understand

the output from the technology for the context in which it is to be used. BDO is of the

view that this factor should be expanded to clarify that either the PA has the ability to

understand or has access to knowledge, skills and experience required to obtain an

understanding.

11. With reference to proposed paragraph 220.7 A3, BDO believes that this proposed

application material should clarify that when the PA does not have the required expertise

to determine whether reliance can be placed, they have access to the knowledge, skills

and experience needed to assist to PA in making such a determination.

Consideration of “Complex Circumstances” When Applying the Conceptual Framework

3. Do you support the proposed application material relating to complex circumstances

in proposed paragraphs 120.13 A1 to A3?

12. BDO acknowledges and supports IESBA’s intention to provide more guidance to PAs on the

navigation of complex circumstances and we agree that this is not a new phenomenon

specific to technology, as indicated in paragraph 23 of the explanatory memorandum.

However, BDO’s view is that the proposed guidance provided on complex circumstances

in proposed paragraph 120.13 A1 – A3 states the obvious, is not useful and will have little

to no impact on the PA’s approach to these circumstances.

13. Furthermore, “complex circumstances” is not defined. The distinction between

“complex”, “difficult” and “complicated” is also not clear. This may result in inconsistent

application in practice.

14. “Complex” is a relative term and the interpretation of circumstances being complex will

vary depending on the individual PA’s background, skills, and training as well as

experience. Whilst BDO does not object to this inclusion, we do not consider these

proposed paragraphs to add value nor provide useful guidance in the management of said

“complex” circumstances.

15. In terms of practical application, proposed paragraphs 120.13 A1-A3 create difficult

reading in that it is not clear what the IESBA Code requires from PAs. While BDO supports

the inclusion of examples in the IESBA Code to aid in the management of complex

circumstances, BDO does not believe that the current proposed application material is

practical enough to guide a PA in managing these circumstances nor to facilitate

consistent application thereof and therefore does not view the inclusion of this paragraph

as valuable.

16. BDO suggests that “complex circumstances” be clearly defined in the IESBA Code,

including outlining elements, variables and assumptions that make a circumstance

complex. This clarity will aid in consistent application and make the mitigating factors

listed in proposed paragraph 120.13 A3 more practical to apply.

17. Furthermore, BDO recommends that the IESBA compliment the proposed revisions with

Staff Guidance that clearly shows the link between technology and complex

circumstances, including illustrative examples to demonstrate what is expected of the PA

in these circumstances.

4. Are you aware of any other considerations, including jurisdiction-specific translation

considerations (see paragraph 25 of the explanatory memorandum), that may impact

the proposed revisions?

18. The translation of “complex” raises concerns. As outlined in paragraph 13 above, the

difference between “complex”, “difficult” and “complicated” is not clear and these

terms could be used interchangeably in various languages. A clear definition of complex

circumstances will assist in addressing this challenge.

Professional Competence and Due Care

5. Do you support the proposed revisions to explain the skills that PAs need in the digital

age, and to enhance transparency in proposed paragraph 113.1 A1 and the proposed

revisions to paragraph R113.3, respectively?

19. BDO agrees that technology gives rise to potential threats to the fundamental principles

and supports the need to explain the skills that PAs need in the digital age, as well as the

need to enhance transparency.

20. For a PA to demonstrate professional competence as required by section 113 of the IESBA

Code, the PA is required to be competent in all skills contained in the International

Educational Standards (IES). BDO questions why the IESBA Code would then only highlight

three of these skills, namely interpersonal, communication and organisational skills in

113 A1 (b). BDO recommends that is it more appropriate for the IESBA Code to contain a

general reference to the three broad categories outlined by the IES, being the standards

that prescribes the competency framework for PA, namely:

a. Technical Competence

b. Professional Skills

c. Professional Values, Ethics and Attitudes.

21. BDO encourages the IESBA to develop implementation guidance to make it clear that the

proposed revisions contained in paragraph 113.A1 aim to highlight the professional

competencies needed to interpret and apply the results of tasks completed using

technology and that these proposed revisions build on the role and mindset revisions.

6. Do you agree with the IESBA not to include additional new application material (as

illustrated in paragraph 29 of the explanatory memorandum) that would make an

explicit reference to standards of professional competence such as the IESs (as

implemented through the competency requirements in jurisdictions) in the Code?

22. BDO notes the IESBA’s decision to not include reference to the IES. BDO agrees that it is

not appropriate to reference specific skills required, for example technical skills but we

are of the view that it is appropriate to include a general reference to the three broad

categories outlined by the IES, as indicated in paragraph 20 above.

23. BDO further suggests that IESBA Staff guidance will be a useful aid to identify specific

skills applicable to a PAs situation as well as assessing the competence level when

complying with proposed paragraph 113.1 A1.

Confidentiality and Confidential Information

7. Do you support (a) the proposed revisions relating to the description of the

fundamental principle of confidentiality in paragraphs 114.1 A1 and 114.1 A3; and

(b) the proposed Glossary definition of “confidential information?”

24. BDO supports the proposed revisions relating to the description of the fundamental

principle of confidentiality in paragraphs 114.1 A1 and 114.1 A3 as well as the proposed

Glossary definition of “confidential information”.

25. With reference to proposed paragraph 114.1 A1, which requires the PA to take appropriate

action to secure information, BDO's view is that the minimum acceptable action required

by the PA in terms of securing the information is not clearly stipulated and consistent

application of this provision would be challenging.

26. To this end, BDO suggests that the proposed revisions clarify the minimum acceptable

action required by the PA in terms of securing the information either through additional

application material or IESBA Staff Guidance material.

8. Do you agree that “privacy” should not be explicitly included as a requirement to be

observed by PAs in the proposed definition of “confidential information” in the

Glossary because it is addressed by national laws and regulations which PAs are

required to comply with under paragraphs R100.7 to 100.7 A1 of the Code (see sub-

paragraph 36(c) of the explanatory memorandum)?

27. BDO agrees that “privacy” should not be explicitly included as a requirement to be

observed by PAs in the proposed definition of “confidential information” in the Glossary

for the reasons outlined in paragraph 36 (c) of the explanatory memorandum.

Independence (Parts 4A and 4B)

9. Do you support the proposed revisions to the International Independence Standards,

including:

a) The proposed revisions in paragraphs 400.16 A1, 601.5 A2 and A3 relating to

“routine or mechanical” services.

b) The additional proposed examples to clarify the technology-related

arrangements that constitute a close business relationship in paragraph 520.3

A2. See also paragraphs 40 to 42 of the explanatory memorandum.

c) The proposed revisions to remind PAs providing, selling, reselling or licensing

technology to an audit client to apply the NAS provisions in Section 600, including

its subsections (see proposed paragraphs 520.7 A1 and 600.6).

a) Routine and Mechanical services

28. BDO supports the proposed revisions in paragraphs 601.5 A2 and A3 relating to “routine

and mechanical” services in clarifying that the principles contained in the IESBA Code

apply regardless of whether the services are provided by a person or technology employed

by the firm.

29. With respect to proposed paragraph 400.16 A1, BDO does not see the link to “routine or

mechanical”. This proposed addition rather addresses manual or automated services in

clarifying that even when non-assurance services provided by the PA are automated, the

prohibition relating to management responsibility applies. While we do not object to the

proposed addition, if this is not the intention, BDO encourages the IESBA to review the

wording.

30. BDO questions whether it is appropriate to include “how the technology functions”

contained in proposed paragraph 601.5 A2 as a consideration as this does not result in a

definitive answer as to whether the services would be routine or mechanical.

31. Furthermore, the factor "how technology functions” could be interpreted as a factor for

considering whether the services are manual or automated and not in determining

whether the service is routine or mechanical.

32. To this end, BDO suggests that proposed paragraph 601.5 A2 be deleted and the wording

of proposed paragraph 601.5 A1 be amended as follows:

Accounting and bookkeeping services, whether manual or automated that are routine or

mechanical:

33. BDO questions why similar revisions were not proposed to 602.3 A1. To this end, BDO

recommends that the wording of this paragraph be amended as follows:

Such services, whether manual or automated, require little to no professional judgment

and are clerical in nature.

b) Close business relationship

34. BDO supports the additional proposed examples to clarify the technology-related

arrangements that constitute a close business relationship in paragraph 520.3 A2.

35. Having said that, BDO believes that the existence of a business relationship between the

firm and the client purchasing the technology will depend on an agreement between the

firm and the said client relating to the transaction. In cases where the agreement is solely

between the third-party provider and the client, BDO believes this will not constitute a

business relationship. Application material to explain this will be useful.

36. As part of future amendments to the IESBA Code, BDO suggests that a definition of

“business relationship” be added to the IESBA Code to clarify what constitutes a business

relationship to support the consistent application of the IESBA Code.

c) Applicability of NAS provisions

37. BDO supports the proposed revisions to remind PAs providing, selling, reselling or licensing

technology to an audit client to apply the NAS provisions in Section 600, including its

subsections. Having said that, BDO recommends expanding the proposed provisions of the

IESBA Code specifically as it relates to reselling as explained in paragraphs 38 to 40 below.

Reselling

38. No definition was proposed for “reselling”. BDO believes that a definition of “reselling”

is important, especially in the light of paragraph 39 of the explanatory memorandum,

which indicates that the intent of IESBA is to include instances when reselling consist of

a “pass-through” of products developed by third parties to audit clients with no other

services attached or could also combine ancillary/ associated services provided by the

firm or a network firm with the product being resold.

39. For the definition of “reselling”, BDO also believes that it would be important to consider

any commission that might be received and how a lack of compensation would impact

whether the act constitute “reselling”.

40. More clarity is requested on how the self-interest threat will result from the reselling of

the technology, where the firm is not a party in the transaction between the third-party

technology provider and the client.

Advice and recommendations

41. BDO believes that additional guidance relating to circumstances when a firm only provides

advice and recommendations to an audit client regarding the purchasing of technology,

without being a party in the transaction will be useful.

Prohibition of services

10. Do you support the proposed revisions to subsection 606, including:

a) The prohibition on services in relation to hosting (directly or indirectly) of an

audit client’s data, and the operation of an audit client’s network security,

business continuity and disaster recovery function because they result in the

assumption of a management responsibility (see proposed paragraph 606.3 A1

and related paragraph 606.3 A2)?

b) The withdrawal of the presumption in extant subparagraph 606.4 A2(c) and the

addition of “Implementing accounting or financial information reporting

software, whether or not it was developed by the firm or a network firm” as an

example of an IT systems service that might create a self-review threat in

proposed paragraph 606.4 A3?

c) The other examples of IT systems services that might create a self-review threat

in proposed paragraph 606.4 A3?

a) Hosting an audit client’s data

Hosting

42. BDO supports the prohibition on services in relation to the operation of an audit client’s

network security, business continuity and disaster recovery function because these

services result in the assumption of a management responsibility.

43. With respect to services provided in relation to hosting an audit client’s data, BDO is not

supportive of an outright prohibition for the reasons outlined below.

44. Paragraph 8 of the explanatory memorandum states that the proposed technology-related

revisions to the extant IESBA Code have been developed in a principles-based manner in

order to preserve the relevance of the IESBA Code as technology evolves. BDO believes

that the outright prohibition of hosting of audit client’s data is not aligned to the

principles-based nature of the IESBA Code.

45. The concept “hosting of an audit client’s data” is undefined and therefore open to

interpretation. This will result in inconsistent application of the proposed requirements.

BDO’s view is that the IESBA Code should provide an enabler to understand where the

provision of hosting services starts and stops.

46. To this end, BDO recommends that the proposed revisions be expanded to include a

definition of “hosting of an audit client’s data”.

Data

47. The term “data” is undefined and broad in scope. Data can be easily copied, moved and

reorganised. Data may consist of financial and/or non-financial data and certain data is

more relevant to the audit and to management than other data. Data may be historic and

have no relevance to the current audit or operations of the business.

48. BDO recommends that the proposed revisions be expanded to include a definition of

“data”, where the distinction between physical data assets such as secretarial records

of the client and data in electronical format is considered, as well as clarify whether the

IESBA intends to include financial and non-financial data in the scope of providing hosting

services.

49. BDO questions whether the prohibition effectively addresses the threat that is created

from providing hosting services to the audit client and is concerned that the proposed

prohibition will give rise to unintended consequences, including inadvertent breaches of

the IESBA Code.

50. BDO’s view is that the IESBA Code should retain the principles-based approach and require

the PA to consider the specific type of data being hosted, the method of hosting and the

purpose of hosting the data in concluding whether management responsibility is assumed

in hosting data of an audit client. Application guidance relating to each aspect that the

PA is required to consider will be useful in achieving consistent application of the IESBA

Code.

b) Withdrawal of presumption

51. BDO agrees that off-the-shelf programmes do not necessarily eliminate threats created

by using technology, and therefore BDO supports the addition of “Implementing

accounting or financial information reporting software, whether or not it was developed

by the firm or a network firm” as an example of an IT systems service that might create

a self-review threat in proposed paragraph 606.4 A3.

52. BDO is of the view that the presumption contained in extant subparagraph 606.4 A2(a)

and (b) provides clear guidelines for PAs and allows for consistent application of the

requirements across jurisdictions. The IESBA Code provides clear guidance on when a self-

review threat arises. BDO’s view is that extant paragraphs 606.4 A2 (a) and (b) provide

useful guidance on when a self-review threat does not arise.

53. BDO suggests that the exemption would still be applicable to IT systems that have no

impact on the internal controls over financial reporting nor the generation of information

that forms part of the accounting records or financial statements.

54. To this end, BDO suggests that the presumption not be withdrawn, but rather be amended

to elaborate on what would be acceptable services in the light of the addition in proposed

paragraph 606.4 A3.

c) Examples of IT Services

55. BDO supports the other examples of IT systems services that might create a self-review

threat in proposed paragraph 606.4 A3.

56. To achieve consistency across the proposed revisions, BDO suggests that the IESBA

consider including "selling, reselling or licensing technology” to 606.2 A1 as an example

of an IT systems service as well as to 606.4 A3.

57. BDO believes that Cybersecurity assurance services may create a self-review threat and

suggests that the IESBA consider including "providing assurance services relating to

Cybersecurity” to 606.2 A1 as an example of an IT systems service as well as to 606.4 A3.

11. Do you support the proposed changes to Part 4B of the Code?

58. BDO supports the proposed changes to Part 4B of the Code.

59. Although we have no objection to, or further comment on the addition of non-financial

information, for example environmental, social and governance disclosures made to

paragraph 900.1, BDO questions the relevance of this amendment to the technology

project because the link to technology is not immediately evident.

***********

We appreciate the opportunity to comment on the ED, which has proven to be a substantial

publication by the IESBA. We hope that our comments and suggestions will be helpful to you in

your deliberations and development of future recommendations.

Please contact me should you wish to discuss any of these comments.

Yours sincerely,

BDO International Limited

Chris Smith

Global Head of Audit and Accounting