IESBA Meeting Nashville, TN USA June 17-19, 2019 Technology Patricia Mulvaney, Working Group Chair Brian Friedrich, Working Group Member IESBA Meeting Nashville, TN USA June 17-19, 2019

Objectives of the Session To provide an update on TWG analysis and observations to date To walk through the application the CF using two scenarios that illustrate ethical considerations of the impact of technology in a PAs work environment To receive input from IESBA to inform TWG activities for Q3 and Q4 2019

Outreach Activities since March 2019 In-person meetings with stakeholders: U of Waterloo Centre for Accounting Ethics – 4th Ethics Symposium (Toronto) CPA Canada – Foresight meeting (Toronto) IESBA-NSS meeting (Paris) OECD (Paris) Cercle d’Ethique des Affaires (Paris) Meeting with French accounting firms (Paris) Accountancy Europe (Belgium) European Commission (Belgium) Plans for Q3/Q4 2019 Meeting with regulatory bodies and PAOs in US Consider value and feasibility of outreach meetings in other jurisdictions

Recent Poll – Less Complex Entities Event Live polling results – IAASB Less Complex Entities Event – Paris, May 2019

Other Undertakings since March 2019 Conducted an initial analysis of Part 1 of the Code, focusing on FPs and CF: Goal = to articulate the specific, discrete impacts to FPs of AI and Data based on realistic “use case” scenarios and applying the CF to evaluate threats Deeper dive analysis still ongoing Based on initial analysis, recommended technology related language to the Role and Mindset TF for inclusion in its draft proposals (Agenda Item 2A) Agreed with IAASB to have a correspondent member for each other’s Tech WG Coordinated with SMPC and IFAC PAIB to provide update on TWG activities and solicit views

Observations from Initial Analysis Impact of technology on FPs is pervasive Technology impacts ethical behavior across all Fundamental Principles (FPs) in an inter-related manner Example: Identifying risks/threats related to machine bias Integrity Objectivity Professional Competence and Due Care Confidentiality Professional Behavior Technology cuts across all FPs and CP

Observations from Initial Analysis Addressing the pervasive impact of technology: Option A Develop overarching AM in Part 1 of the Code Might give undue emphasis on technology over other key ethics considerations Option B Develop AM (including examples) under one or more FPs Might inadvertently create perception that technology does not affect the other FPs Option C Develop guidance material outside the Code Consistent with stakeholder comments; more timely and greater latitude for language

Observations from Initial Analysis Self-interest Self-review Advocacy Familiarity Intimidation Existing Threats to FPs QUESTION: Are the threats set out in the Code sufficient to address the pervasive and complex risks associated with technology advancements?

Observations from Initial Analysis Criticality of Professional Judgment As the value generated from machine prediction increases, the value of human judgment also increases Judgment is needed to address bias

Observations from Initial Analysis Principles Used for Ethical AI Microsoft Fairness, Transparency, Inclusiveness, Reliability, Safety, Privacy and Security, Accountability IBM Accountability, Value alignment, Explainability, Fairness, User Data Rights European Comm Respect for human autonomy, Prevention of harm, Fairness and Explicability OECD Inclusive growth, Sustainable development and Well-being, Human-centred values and Fairness, Transparency and Explainability, Robustness, Security and safety, Accountability Australia Gov’t Paper Do not Harm, Regulatory and Legal Compliance, Privacy Protection, Fairness, Transparency and Explainability, Contestability, Accountability, Generates net benefit

Observations from Initial Analysis The Right Mindset “Growth mindset” Willingness to adapt to and adopt new technology Evolve from compliance mindset (only) to advisory mindset Ethical Leadership Key to building and maintaining public confidence especially in times of change = Ethics Wider role in society as ethical leaders and champions?

Observations from Initial Analysis AI Ethics FPs Fairness Transparency Accountability Explainability Privacy/Security Growth Mindset Ethical Leadership Integrity Objectivity Prof. Comp. & Due Care Confidentiality Professional Behavior

Observations from Initial Analysis The TWG will be addressing the following at its next in-person meeting FP of Confidentiality FP of PC & DC Ethical Leadership Currency of the language Relationship with “privacy” Tension with concept of transparency Knowledge and skills beyond tech & prof standards and legal requirements Alignment with IES Additional AM in Part 1 or elsewhere in the Code related to ethical leadership expectations/responsibilities

Matters for IESBA Consideration Are the commonly used AI ethical principles (e.g., fairness, transparency, privacy, accountability) sufficiently represented in the Code? Should the WG consider the concept of ethical leadership in Part 1 of the Code?

Testing the Conceptual Framework The TWG has begun to test the application of the CF to “real world” scenarios that incorporate the impact of technology on the professional activities of PAs Goal = to determine whether there are any unique issues/gaps that need to be addressed Seeking Board input from a high level walkthrough of one scenario for PAIBs and one for PAPPs

Testing the Conceptual Framework Applying the Conceptual Framework requires: 1. Identify Threats to Compliance with the FPs 2. Evaluate the Threats identified 3. Address any Threats that are not at an acceptable level

Scenario 1 - PAIB …continued You are the CFO of a financial institution. You’ve been championing the introduction of an AI system that assists in the loan application review and approval processes by improving the prediction of loan default. The AI system was trained using all historic data available on loan applications, approvals, and defaults. It was tested against a sample of the historic data and shown to have high accuracy in predicting default. A review of a sample of applications and decisions was also conducted by an underwriter before sign-off for live use. …continued

Scenario 1 – PAIB (continued) Several months into the process, you are starting to see a pattern emerge. Single women are significantly over-represented among those whose loan applications are being rejected by the system. You investigate further using a manual process and find a number of applications that you believe should have been approved. You wonder if the underlying algorithm is biased against single female applicants because it was trained on several decades of historic data that had a lower proportion of sole applicant females, resulting in the model being biased to reject more loan applications from this group. You don’t know how to definitively prove or disprove your suspicion, due to the complexity of the model.

Applying the Conceptual Framework 1. Identify Threats to Compliance with the FPs Applying the Conceptual Framework Self interest Self review Threats Objectivity Integrity FPs

Applying the Conceptual Framework 1. Identify Threats to Compliance with the FPs Applying the Conceptual Framework Self interest Self review Threats Objectivity Integrity Professional competence & Due care FPs

Applying the Conceptual Framework 1. Identify Threats to Compliance with the FPs Applying the Conceptual Framework Complexity, exponential change, uncertainty Self interest Self review Threats Objectivity Integrity Professional competence & Due care FPs

Applying the Conceptual Framework 2. Evaluate the threats identified Apply the RITP Test Threats are not at an acceptable level.

Applying the Conceptual Framework 3. Address any threats that are not at an acceptable level Devise safeguards Request AI developer to re-examine algorithm. Add a human review until comfort over model is achieved. Insert new results from manual review into data pool to help with algorithm training.

Applying the Conceptual Framework 1. Identify Threats to Compliance with the FPs Applying the Conceptual Framework Complexity, exponential change, uncertainty Self interest Self review Threats Objectivity Integrity Professional competence & Due care FPs

Scenario 2 - PAPP Your audit client is a large engineering equipment development company that holds a significant number of patents. The company has begun using an AI system to estimate the fair value of the patents to support impairment testing, using a system developed by a reputable AI solutions firm. Although the system is not particularly transparent, and the client has difficulty explaining how fair value determinations are made, client staff provide a comparison of the “traditional” FV calculation and the AI system’s determinations for the first year. You are comfortable the difference is immaterial. …continued

Scenario 2, continued It is now the end of year 2, and the AI result shows fair value estimates that are significantly higher than you would expect under the traditional approach. The client explains that the AI developer has assured them that the system has learned and that its estimates are more accurate than traditional approach calculations. You’ve been working with this client for a number of years and believe that management is conservative and focused on ensuring sufficient controls in their systems.

Applying the Conceptual Framework 1. Identify Threats to Compliance with the FPs Applying the Conceptual Framework Familiarity Self interest Threats Objectivity Independence FPs

Applying the Conceptual Framework 1. Identify Threats to Compliance with the FPs Applying the Conceptual Framework Familiarity Self interest Threats Objectivity Independence Professional competence & Due care FPs

Applying the Conceptual Framework 1. Identify Threats to Compliance with the FPs Applying the Conceptual Framework Complexity, exponential change, uncertainty Familiarity Self interest Threats Objectivity Independence Professional competence & Due care FPs

Applying the Conceptual Framework 2. Evaluate the threats identified Apply the RITP Test Threats are not at an acceptable level.

Applying the Conceptual Framework 3. Address any threats that are not at an acceptable level Devise safeguards Bring in more expertise from the firm Ask client to: Obtain more detailed explanation from AI developer Run off-line until accuracy can be established

Applying the Conceptual Framework 1. Identify Threats to Compliance with the FPs Applying the Conceptual Framework Complexity, exponential change, uncertainty Familiarity Self interest Threats Objectivity Independence Professional competence & Due care FPs

Matters for IESBA Consideration Does the Board have any directional insight on: Using these kinds scenarios with walkthroughs of the Conceptual Framework as non-authoritative guidance for users of the Code? Challenges seen with respect to the finite limitation to five categories of threats (in para 120.6 A3) and whether they sufficiently capture the technology-related risks to compliance with the FPs?

Next Steps Dec 2019 Board meeting Sept 2019 Board and CAG meeting Jun – Sept 2019 Information gathering/ analysis Sept 2019 Board and CAG meeting Preliminary Recommendations Dec 2019 Board meeting Final Phase 1 Report