Money laundering
(i) Policies and procedures for anti-money laundering programme
Thomasson & Co should have established an anti-money laundering programme within the firm. As part of this programme, the firm should have appointed a money laundering reporting officer (MLRO) with an appropriate level of experience and seniority. The audit firm should also have established internal reporting lines which should be followed to report any suspicions. Thomasson & Co will probably have a standard form which should be used to report suspicions of money laundering to the MLRO. Staff should receive appropriate training on compliance with the anti-money laundering requirements and how to report issues to the MLRO.
The typical content of an internal report on suspected money laundering may include the name of the suspect, the amounts potentially involved, and the reasons for the suspicions with supporting evidence if possible, and the whereabouts of the laundered cash. The firm’s internal policies should have been set up to ensure that all pertinent information is captured in this standardised report.
Any individual in the audit firm who has suspicions of money laundering activities is then required to disclose these suspicions to the MLRO. The report must be done as soon as possible as any non-disclosure or failure to report such suspicions will constitute an offence under the money laundering regulations.
On receipt of the internal report, the MLRO must consider all of the circumstances surrounding the suspicions of money laundering activities, document this process and decide whether to report the suspicions to the appropriate external authorities. The audit firm has a legal duty to report even though this may conflict with the auditor’s duty of confidentiality.
Tutorial note: Credit will be awarded for other relevant answer points in relation to a firm’s anti-money laundering programme such as client due diligence, further staff training and maintaining adequate records.
(ii) Evaluation of possible indicators of money laundering activities
Money laundering is the process by which criminals attempt to conceal the true origin and ownership of the proceeds of criminal activity, allowing them to maintain control over the proceeds, and ultimately providing a legitimate cover for their sources of income.
In the case of Clean Co, the circumstances which may be indicative of money laundering activities include the following:
Cash-intensive business​​​​​​​
Clean Co has a high level of cash-based sales (75%) and a high volume of individual sales reports. The nature of its business therefore creates a significant risk that illicit cash funds are being passed off as legitimate sales. More specifically Mr Blackers’ sale to a business associate for $33,000 may be an example of the placement of illegal funds in order to legitimise them as genuine sales. The size of the transaction in a business selling cleaning products and the round sum amount may be additional grounds for suspicion in relation to this transaction.
International property transactions​​​​​​​
The performance of Mr Blackers’ personal taxation computation has identified a significant number of transactions involving the purchase and sale of properties in international locations. These transactions may be examples of real estate laundering by Mr Blackers in his personal affairs. It is possible that he may be purchasing these properties with illegal funds (‘placement’) and then selling them in order to make funds appear legitimate (‘integration’). A high volume of such transactions may also be indicative of the ‘layering’ of transactions in an attempt to make the original source of the funds more difficult to trace.​​​​​​​

Ethical and professional issues
Taxation services
Company tax computation
The performance of the company tax computation creates a self-review threat. A self-review threat arises when an auditor reviews work which they themselves have previously performed – for example, if the external auditor is involved in the process of preparing the financial statements and then audits them. As a result, there is a risk that the auditor will not be sufficiently objective in performing the audit and may fail to identify any shortcomings in their own work. In this case therefore, a self-review threat to auditor independence arises because the tax calculation forms the basis of the tax payable and the tax charge in the financial statements and as such the audit team may be more likely to accept the tax calculations without adequate testing. There is also a potential advocacy threat. An advocacy threat arises when the auditor is asked to promote or represent their client in some way. In this situation, there is a risk of the auditor being seen to promote the interests of Clean Co with a third party such as the tax authorities and therefore that the auditor will be biased in favour of the client and cannot be fully objective.
According to the IESBA Code of Ethics for Professional Accountants (the Code), however, completing tax returns does not generally create a threat to independence provided management takes responsibility for the returns including any judgements which have been made. Where tax calculations have been prepared by the auditor for the purpose of preparing accounting entries, the Code states that this may be acceptable for an unlisted audit client and that the firm should consider implementing safeguards in order to reduce the self-review threat to an acceptable level. In this case, these safeguards might have included, for example, using professionals who are not members of the audit team to prepare the tax computations together with independent senior or partner review of the work. Therefore, given that Clean Co is an unlisted client, Thomasson & Co should ascertain which members of staff performed the taxation services and should review whether the threat to independence has been adequately assessed before the taxation services were performed and whether adequate safeguards have been applied.
Mr Blackers’ personal tax computation
From an ethical perspective, there is no prohibition in the Code on the preparation of personal tax returns for the directors of an audit client such as Clean Co. However, in this case the auditor should consider whether the preparation of Mr Blackers’ personal tax return may result in the auditor being associated with criminal activities if the suspicions of money laundering activities noted above prove to be well founded.
The auditor should also consider the appropriateness of personal taxation services being billed to the company. Indeed, the preparation of Mr Blackers’ personal tax return may be a taxable benefit which should be included in his tax return and the fee for this service may need to be reflected in his director’s loan account with the company.
Website and online sales system
According to the Code, providing services to an audit client involving the design or implementation of IT systems which form a significant part of the internal control over financial reporting or generate information which is significant to the accounting records or financial statements on which the firm will express an opinion constitutes a self-review threat. A self-review threat arises when an auditor reviews work which they themselves have previously performed – for example, if the external auditor is involved in the process of preparing the financial statements and then audits them. As a result, there is a risk that the auditor will not be sufficiently objective in performing the audit and may fail to identify any shortcomings in their own work. In this case, the self-review threat arises as the new systems will produce data which will be used directly in the preparation of the financial statements. The audit process will therefore include reviewing and testing of financial data and systems which Thomasson & Co has helped to design and implement. As a result, there is a clear risk that the audit team may too readily place reliance on these systems.
With reference to Clean Co therefore, it is clear that providing assistance with the design and implementation of the website and online sales system will constitute a self-review threat as the auditor will audit sales figures which are generated by the system and there is also a risk that the firm may assume a management responsibility if they become involved in making management decisions. In the case of revenue, this self-review threat may be heightened further by the auditor’s reliance on controls testing and on analytical review of the data summaries generated by the new system. It also seems clear that the new online sales system will be significant to the client’s financial statements and records. The Code states that such a self-review threat may be too significant even for an unlisted client such as Clean Co unless appropriate safeguards are put in place. Examples of possible safeguards which might assist in managing the self-review threat include the following:
– The client should acknowledge its responsibility for establishing and monitoring the system of internal controls and for the operating system and data it generates;
– The respective responsibilities of the audit firm and the client should be clearly defined in a separate engagement letter in order to ensure that the client makes all management decisions in relation to the design and implementation process;
– Thomasson & Co should use a separate team made up of non-audit staff to perform the systems design and implementation assignment and the work performed by this team should be subject to independent professional review.
If the self-review threat cannot be reduced to an acceptable level, or the engagement will result in the firm assuming a management responsibility, the service should not be provided.
Office party​​​​​​​
The Code states that client hospitality (in this case the attendance at the office party by the audit team) may create a familiarity threat. A familiarity threat occurs when the auditor is too sympathetic or trusting of the client because of a close relationship with them. There is a risk therefore that as a result of attending the client office party, the audit staff may be getting too close to the client staff especially given that according to the audit senior, this practice has occurred every year. This close relationship may result in the audit team becoming less objective and less able to challenge explanations provided by the client.
The Code also states that gifts from a client to a member of the audit team may create a self-interest threat. A self-interest threat arises when the auditor derives a potential personal benefit from an audit client which may motivate them to behave in a manner which aims to protect that benefit. With reference to the office party therefore, the audit staff are receiving a direct financial benefit from the client (in this case in the form of vouchers). Unless the value of such gifts is trivial and inconsequential, the self-interest threat would be too significant to mitigate with safeguards and the gifts should not be accepted. The audit firm should consider introducing internal authorisation procedures in order to ensure transparency and to establish whether the value is trivial and inconsequential. In this case, the value of $30 per head does appear to be trivial but the auditor might still consider declining the gifts in order to maintain a visible professional distance from a client which may be involved in criminal activities.​​​​​​​