Welcome

Professional ethics and conduct - Confidentiality and whistl...

ResourcesProfessional ethics and conduct - Confidentiality and whistl...

Learning Outcomes

After reading this article, you will be able to explain and apply the principle of confidentiality in audit and assurance engagements, including when disclosure is permitted or required by law or regulation. You will also be able to assess whistleblowing responsibilities, identify auditor duties related to client information, and deal with exam scenarios involving unlawful or unethical client conduct and requests for information from third parties.

ACCA Audit and Assurance (AA) Syllabus

For ACCA Audit and Assurance (AA), you are required to understand the ethical responsibilities of external auditors concerning confidentiality and whistleblowing, including when information can or must be disclosed, and how to respond to legal or regulatory requests. Focus your revision on:

  • The fundamental principle of confidentiality as set out in the ACCA Code of Ethics and Conduct.
  • Circumstances when disclosure of client information is required or permitted by law or regulation.
  • Auditor's legal and professional responsibilities in cases of fraud, crime, or regulatory breach.
  • Procedures for responding to requests for information from authorities and other parties.
  • Responsibilities and process for whistleblowing in the public interest or as required by law.

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

  1. List three circumstances in which an external auditor may legally disclose confidential information about a client without their consent.
  2. True or false? An auditor should always inform their client before responding to a police request for information about suspected tax evasion.
  3. What steps should an auditor take if they become aware of illegal acts by management that may significantly affect the financial statements?
  4. Define whistleblowing in the context of audit and assurance and state one scenario when it may be a professional duty.

Introduction

Confidentiality is a core requirement for all professional accountants, including external auditors. However, the duty to keep client information private is not absolute. There are defined situations where disclosure is required or permitted by legal, regulatory, or professional obligations. Auditors must understand both their ethical responsibilities and the sanctions for breaching confidentiality—either by wrongly revealing information or by failing to report certain matters.

At times, auditors must act in the public interest by whistleblowing—revealing information about wrongdoing even if this goes against client instructions or wishes. The pressure to maintain confidentiality must therefore be balanced with legal, regulatory, and ethical duties to report.

Key Term: Confidentiality
The fundamental ethical requirement to refrain from disclosing client information to third parties without proper and specific authority, unless there is a legal or professional right or duty to disclose.

The Principle of Confidentiality

The ACCA Code of Ethics and Conduct requires auditors to respect the confidentiality of information acquired in the course of professional work. Confidential details obtained from a client must not be shared with anyone outside the engagement team without explicit authority, except where required by law or permitted by professional duty.

Key Term: Professional Duty to Disclose
The obligation to reveal confidential client information to an authorised third party when required by legal provisions, professional regulations, or in accordance with public interest.

Common examples of confidential information include financial records, business plans, employment matters, and details about alleged wrongdoing.

When Is Disclosure Permitted or Required?

There are strict limits on when an auditor may or must disclose information to others. Disclosure without client authorisation is allowed only in specific cases, including:

Disclosure Required by Law

Auditors must provide information when compelled by a statutory requirement, for instance:

  • Court orders, search warrants, or subpoenas in legal proceedings.
  • Requests from regulatory authorities investigating breaches (e.g., money laundering, terrorism, fraud).
  • Laws requiring notification of certain crimes or public interest matters.

Disclosure Permitted by Law

Auditors may disclose information if:

  • The client authorises the disclosure.
  • Permitted by data protection or privacy laws and with appropriate consent, for instance when assisting with due diligence.

Disclosure Due to Professional Duty

Professional rules and the ACCA Code require disclosure for:

  • Quality reviews by the ACCA or other recognised supervisory bodies.
  • Adherence to technical and ethical standards during investigations by professional or regulatory authorities.
  • Protecting the auditor’s interests in legal proceedings (e.g., defending against a negligence claim).

Before disclosing confidential information, the auditor should assess:

  • The legal or regulatory basis for the disclosure.
  • Whether all relevant facts are substantiated.
  • Who will receive the information and whether they have appropriate authority.
  • Possible harm caused by the disclosure to the client or others.

Key Term: Whistleblowing
Reporting actual or suspected illegal or unethical acts to those able to take appropriate action, either within or outside the entity, contrary to the wishes of those involved.

Whistleblowing and Auditors’ Responsibilities

Whistleblowing refers to reporting unlawful or unethical acts to a party who can act on them—often authorities or regulators. Auditors may face whistleblowing obligations in situations involving:

  • Fraud, theft, or financial irregularities.
  • Failure to comply with laws and regulations, such as money laundering or health and safety breaches.
  • Actions that could cause financial harm or endanger the public.

Auditors must respond to knowledge of illegal acts by considering whether to report:

  • Internally to management or those charged with governance.
  • Externally to regulatory bodies, law enforcement, or other authorities as dictated by law.

In some circumstances, the professional duty to maintain confidentiality may be overridden by the need to report wrongdoing in the public interest or as required by law.

Worked Example 1.1

A firm's audit team discovers through reviewing payments that a client company’s finance director has authorised bribes to win contracts overseas, a criminal offence under anti-bribery legislation.

Question: What should the audit firm do about this information, given confidentiality?

Answer:
The audit firm must report the suspected criminal offence to the appropriate authorities, as required by law. The duty of confidentiality does not prevent disclosure in this case because statutory reporting requirements override it.

Dealing with Requests for Information from Third Parties

Auditors may be approached by various parties requesting access to client information, including:

  • Tax authorities.
  • The police.
  • Regulatory authorities (e.g., environmental or financial service regulators).
  • Trade unions or creditor groups.

The auditor’s response depends on the authority making the request and the legal powers under which information is sought.

If disclosure is not required or permitted by law, and the client does not consent, auditors must refuse the request. If there is any uncertainty, legal advice should be obtained.

Worked Example 1.2

The police contact an audit partner and ask for details of a client’s previous tax returns, suspecting tax fraud.

Question: Should the auditor provide the information requested, and should they inform their client?

Answer:
The auditor may only provide information if the police secure a court order or have other statutory powers. Unless prevented from doing so by law, the auditor should inform the client of the request and seek their consent. Legal advice should be taken if any doubt remains.

Risks and Consequences of Improper Disclosure

Breaching confidentiality—by revealing client information without right or duty—can result in:

  • Disciplinary action by ACCA or other professional bodies.
  • Legal claims from clients for damages.
  • Criminal penalties if prohibited by data protection laws.

Failing to make a required disclosure (e.g., failure to report money laundering) can result in sanctions, such as fines, prosecution, and loss of practising licence.

Revision Tip

Always check whether a statutory or professional duty overrides the duty of confidentiality before making or refusing disclosure. Unjustified disclosure, or failure to report when required, are both disciplinary matters.

Reporting Procedures and Documentation

When disclosure is required or a whistleblowing matter arises, auditors should:

  • Document relevant facts and steps taken.
  • Notify management or those charged with governance as needed.
  • Obtain legal advice where laws prohibit informing the client.
  • Retain evidence of the legal or professional requirement for disclosure.

Auditors should limit information disclosed to what is strictly necessary to comply with the requirement.

Exam Warning

Exam questions often test the exceptions to the confidentiality principle. Do not assume auditors can freely provide information because authorities request it—always consider statutory rights, and specific duties to report.

Summary

Confidentiality is a core ethical duty for auditors but is subject to legal and professional exceptions. Disclosure is permitted or required only when supported by statute, regulation, or professional standards. Auditors must be able to justify every disclosure or refusal, and act appropriately in whistleblowing situations. Breaches or failures may lead to serious professional and legal consequences.

Key Point Checklist

This article has covered the following key knowledge points:

  • Define the principle of confidentiality and when it applies for auditors.
  • Identify legal, regulatory, and professional exceptions for disclosing client information.
  • Explain when and how whistleblowing duties overrule confidentiality.
  • Outline how to respond to legal and regulatory requests for client information.
  • State the documentation and procedural steps required for lawful or professional disclosure.
  • Recognise risks and consequences of improper disclosure or failure to report.

Key Terms and Concepts

  • Confidentiality
  • Professional Duty to Disclose
  • Whistleblowing

Assistant

How can I help you?
Expliquer en français
Explicar en español
Объяснить на русском
شرح بالعربية
用中文解释
हिंदी में समझाएं
Give me a quick summary
Break this down step by step
What are the key points?
Study companion mode
Homework helper mode
Loyal friend mode
Academic mentor mode
Expliquer en français
Explicar en español
Объяснить на русском
شرح بالعربية
用中文解释
हिंदी में समझाएं
Give me a quick summary
Break this down step by step
What are the key points?
Study companion mode
Homework helper mode
Loyal friend mode
Academic mentor mode

Responses can be incorrect. Please double check.