AA syllabus
Confidentiality Notes 21 / 23
Disclosure of Client Information (ACCA AA Exam Focus)
General Rule of Confidentiality
Auditors must not disclose client information unless:
- Legal/professional duty requires it (e.g., statutory reporting).
- Client authorises disclosure (e.g., for third-party due diligence).
Key Principle: All unpublished client information (e.g., financial data, internal controls) is confidential.
Exceptions Permitting Disclosure
1. Obligatory Disclosure (Legal Requirements)
Auditors must disclose when:
- Law/regulation compels it (e.g., court orders, anti-money laundering laws).
- Non-compliance with laws is identified (e.g., fraud, tax evasion).
Examples:
- Reporting suspected money laundering to authorities.
- Responding to statutory requests from tax authorities.
2. Voluntary Disclosure (Professional/Public Interest)
Auditors may disclose without client consent if:
- Public interest is at risk (e.g., health/safety hazards, systemic fraud).
- Protecting the auditor’s interests (e.g., defending against legal claims).
Limitations:
- Requires legal advice to avoid liability.
- Document rationale for public interest disclosures.
Key Exam Scenarios
| Situation | Permitted Disclosure? | Reason |
|---|---|---|
| Client involved in money laundering | Yes | Statutory obligation under AML laws. |
| Police request audit files without a court order | No | Confidentiality applies unless legally compelled. |
| Client underpaying staff wages | No | Not severe enough for public interest exemption. |
| Auditor sued for negligence | Yes | Disclosure allowed to defend professional interests. |
Safeguards & Documentation
- Client consent: Obtain written approval before sharing data.
- Documentation: Record decisions, legal advice, and disclosures.
- Secure handling: Restrict access to confidential data.
Common Exam Pitfalls
- Confusing public interest with minor issues (e.g., wage underpayment ≠ public harm).
- Assuming disclosure to non-governmental bodies (e.g., industry regulators) is always allowed.
Key Takeaways for Exams
- Prioritise legal duties: Statutory requirements override confidentiality.
- Apply public interest test: Only severe risks (e.g., terrorism, systemic fraud) justify voluntary disclosure.
- Document everything: Rationale for disclosures must be clear and defensible.