Skip to main content

Ethical Quandary? The Conceptual Framework Can Help

November 01, 2025

The item(s) you are attempting to remove has already been removed from your cart.

The AICPA offers a tool that can help CPAs put the Code of Professional Conduct into practice.

The CPA license implies objectivity, integrity and sound professional judgment. The public has the expectation this is what they will receive when working with CPAs. Along with that expectation come laws, codes, rules, regulations and policies enacted to motivate proper behavior and punish improper behavior.

Every year, CPAs are reminded of their ethical obligations when they take the ethics CPE course required for licensure by the Virginia Board of Accountancy (VBOA). But in daily life, situations may arise in which those laws, codes, rules, regulations and policies cannot adequately help. Luckily, there are tools available to aid CPAs in navigating tricky ethical situations.

While there can’t possibly be a one-size-fits-all solution for every situation, a proper toolkit can help CPAs be better equipped to move beyond black-and-white compliance and navigate the gray area that so often exists when it comes to ethical decision-making.

The AICPA provides conceptual frameworks for CPAs in public practice and corporate finance to apply when assessing their compliance with the Code of Professional Conduct in a particular situation. The conceptual framework approach recognizes the Code cannot possibly address every conceivable situation and provides a formalized process to apply professional judgment that may be required. The framework provides guidance on identifying, evaluating and addressing threats to compliance with the rules that results from a relationship or circumstance not otherwise addressed in the Code.

Conceptual framework steps

  • Step 1: Identify threats to compliance with the rules. If no threats, then proceed with service. If threats are identified, proceed to Step 2.
    • Ask yourself, “Does this relationship or circumstance create a threat to complying with the rules?” If yes, the significance of the threat needs to be evaluated in the second step.
  • Step 2: Evaluate the significance of the threats to determine whether the threats are at an acceptable level. If threats are at an acceptable level, then proceed with service. If threats are not at an acceptable level, proceed to Step 3.
    • Ask yourself if the threat is at an acceptable level. A threat is at an acceptable level when a reasonable, informed third party who is aware of the relevant information would be expected to conclude that the threat would not compromise compliance with the rules. Consider both qualitative and quantitative factors when evaluating the significance of a threat. If you conclude that a reasonable, informed third party who is aware of the relevant information would be expected to conclude that the threat would not compromise compliance with the rules, then the threat is at an acceptable level and no further evaluation is required. If you conclude that the threat is not at an acceptable level, then you need to proceed to the third step.
  • Step 3: Identify safeguards that can be applied. Safeguards can be existing safeguards or new safeguards.
    • Ask yourself what safeguards are in place or could be put in place. When identifying safeguards, remember that one safeguard might eliminate or reduce several threats. However, it might also be necessary to identify several safeguards to eliminate or reduce just one threat. After you have identified new and existing safeguards, proceed to the fourth step.
  • Step 4: Evaluate the safeguards to determine if they eliminate or reduce threats to an acceptable level. Where you conclude that threats are at an acceptable level after applying safeguards, proceed with service. In some cases, an identified threat may be so significant that no safeguards will eliminate it or reduce it to an acceptable level or you may be unable to implement effective safeguards. Under such circumstances, providing the specific professional services would compromise your compliance with the rules and you would need to determine whether to decline or discontinue the professional services or resign from the engagement.
    • Ask yourself if the safeguards eliminate or reduce the threat to an acceptable level. If they do, no further action is required. If they do not, providing the specific professional services would compromise your compliance with the rules and you would need to determine whether to decline or discontinue the professional services or resign from the engagement.

It is important to note that the conceptual framework only applies when no guidance in the Code exists. Failure to use the conceptual framework under those circumstances would constitute a violation of the Code. However, the conceptual framework cannot be used to override existing requirements or prohibitions specifically addressed in the Code.

When the CPA applies safeguards to eliminate or reduce significant threats to an acceptable level, they should document the identified threats and safeguards applied. Failure to prepare this documentation would be considered a violation of the “Compliance With Standards Rule.”

Looking for more help with ethics rules? Check out all the VSCPA’s ethics course options. All are approved for CPE credit by the VBOA.