Peer reviewers continue to hammer independence and related documentation. So it is vitally important that we not only be independent but that we also properly document its presence. My prior independence post pointed out that peer review checklists require reviewers to examine your independence documentation. This short video provides tips regarding independence and staying out of the dog house.
Are you a CPA looking for answers to independence or other ethical questions? Below, you’ll see two handy AICPA resources:
- AICPA Code of Professional Conduct
- Plain English Guide to Independence
AICPA Code of Professional Conduct
Online access is free, and users are able to save searches and bookmark content.
The Code is organized into three parts:
- Public practice
- Members in Business
- All other members (including those who are in between jobs or retired)
The Code includes a threats and safeguards framework. CPAs should identify threats and then consider safeguards to mitigate those threats. The CPAs can proceed with the engagement if threats–after considering safeguards–are at an acceptance level.
Plain English Guide to Independence
As the Quality Control partner for our firm, I receive quite a few questions about ethical issues (mainly about independence). Nine out of ten times I find the answers to those questions in the AICPA’s Plain English Guide to Independence. I download this guide and keep it handy. When I need to research an issue, I open the document and perform word searches. If you aren’t already using this resource, I highly recommend it.
When I was a kid living in Donalsonville, Georgia, my mother would drive into our open garage, leave the keys in the ignition (where they remained for the evening), and then would walk into our home (which had not been locked all day).
Over time, I noticed that she left the keys in the car less and less, and we began to lock the doors of our home. At one point we even bought deadlocks.
It seems our neighbors were, from time to time, having small thefts, and one even had a burglar in the home as they returned one afternoon.
My parents were responding to risks. The greater the thefts and burglaries, the greater the safeguards.
Safeguards Required by Yellow Book
Whenever an external auditor performs nonattest services (e.g., preparation of financial statements), then the auditor should consider whether the nonattest service adversely affects his independence.
The Government Auditing Standards (known as the Yellow Book) requires that safeguards be applied whenever independence threats are significant – but only if they are significant – in order to eliminate or reduce such threats to an acceptable level.
Yellow Book Independence Safeguards
Examples of safeguards that may eliminate or reduce significant threats to an acceptable level include the following:
- Discussing independence issues with those charged with governance of the entity
- Assigning separate engagement personnel for the audit and nonaudit service
- Obtaining secondary reviews of the nonaudit services by professional personnel who were not members of the audit engagement team (e.g., second partner review of financial statements prepared by the external audit firm)
- Discussing the significance of the threats to management participation or self-review with the engagement team and emphasizing the risks associated with such threats
- Educating management on the nonaudit services performed by reviewing and explaining the reason and basis for all significant transactions, as well as authoritative standards, so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the nonaudit services
- When financial statement preparation is the nonaudit service being performed, determining that there has been review of the financial statements and successful completion of a disclosure checklist by the audited entity
Not all safeguards listed would be appropriate for all significant threats identified and, often, may require combinations of more than one safeguard. When determining the type and number of safeguards to be applied, the auditor should consider the significance of the threats, both individually and in the aggregate.
Some safeguards have a higher level of mitigation of threats than others. Also safeguards that involve personnel who are independent of the audit process are generally more effective than those who are not independent.
Determining which safeguards to apply involves professional judgment and is dependent on the facts and circumstances of each specific situation.
Finally remember that safeguards cannot be used to ameliorate risk related to prohibited services (e.g., the external audit firm signs checks for the client); if the external auditor performs prohibited services, then safeguards cannot remedy the lack of independence. Examples of prohibited services follow:
- Setting policies and the strategic direction for the audited entity
- Directing and accepting responsibility for the actions of the audited entity’s employees in the performance of their routine, recurring activities
- Having custody of an audited entity’s assets
- Accepting responsibility for designing, implementing, or maintaining internal control
Preparing Financial Statements
Most accounting firms do a fine job of thinking about and documenting the initial client acceptance. But after the first year, the continuance decision and related documentation are sometimes forgotten or ignored. Why?
The CPA may think the continuance decision is one those “management by exception” things–only to be thought about when apparent issues arise.
However, independence threats sometimes arise subtly. For example, what if a partners’ spouse invests in an audit client? Or maybe a staff member becomes a board member of a nonprofit audit client and he doesn’t tell anyone.
Also, problems can also arise on the client-side. Have they paid last year’s audit fees? Has the client engaged in any unethical activities? Some actions may cause you to question their integrity.
The time to discover changing engagement dynamics is before the engagement letter is signed. We certainly don’t want to near the end of an audit and realize we are not independent.
Need another reason to document the continuance decision? Think about peer review.
AICPA peer review checklists focus on independence documentation–whether an acceptance or continuance decision is made. So, if for no other reason, we need to consider and document the continuance decision to be safe in peer review.
While you are documenting continuance, summarize the nonattest services being performed and the client personnel that will oversee and assume responsibility for those services. Potential independence issues can arise from changes in client personnel. If a key accounting person leaves the employ of your attest client, is there a replacement with sufficient skill, knowledge, and experience to assume responsibility for the financial statements (if you create them)?
Check Your Files
Now would be a good time to sample a few of your files to see if they contain requisite acceptance or continuance documentation. Such documentation is necessary for the following types of engagements:
- Compilations (when the report is not disclosing a lack of independence)
- Attestation engagements including agreed-upon-procedures
I just received the June 2016 AICPA Reviewer Alert (a monthly newsletter for peer reviewers). It provides the following Yellow Book independence documentation guidance:
Yellow Book contains specific requirements for documentation related to independence which may be in addition to the documentation that auditors have previously maintained. The 2011 Yellow Book Chapter 3 emphasizes that documentation is required for the evaluation of each of the elements of independence, which consists of:
- Management’s ability to oversee the nonaudit services, including whether management has skills, knowledge, and experience
- Significant threats that require the application of safeguards along with the safeguards applied
- Understanding established with the audited entity regarding the nonaudit services to be performed
Failure to document one or more of these elements is considered a departure from professional standards that causes the engagement to be deemed nonconforming. The reviewed firm and reviewer should be aware that verbal explanation and vague completion of a checklist does not provide for a thoughtful evaluation and documentation of management’s abilities related to each nonaudit service and will be unlikely sufficient to comply with the standards.
Yellow Book Independence Forms
All firms that perform Yellow Book engagements need to make sure their system of quality control provides guidance for documentation of the three items listed above. Consider using the AICPA’s 2011 Yellow Book Independence form. The electronically fill-able version is $28 for AICPA members and can be found here. The free PDF version can be found here.
For information about determining if your client’s skill, knowledge, and experience are sufficient, click here.
Is a CPA independent when prior year client fees have not been paid?
Answer: It depends. If a covered member has unpaid fees from an attest client for any previously rendered professional service provided more than one year before the date of the current-year report, he is not independent.
Section 1.230.010 (Unpaid Fees) of the Code of Professional Code states:
Threats to the covered member’s compliance with the “Independence Rule” would not be at an acceptable level and could not be reduced to an acceptable level by the application of safeguards if a covered member has unpaid fees from an attest client for any previously rendered professional service provided more than one year prior to the date of the current-year report (my bold). Accordingly, independence would be impaired. Unpaid fees include fees that are unbilled or a note receivable arising from such fees.
Applies to All Fees
Note that the rule states that independence is impaired if a covered member has unpaid fees from an attest client for any previously rendered professional service. Impairment exists when any prior year fee has not been paid, including tax or consulting work.
Billed or Unbilled Services
Also, the CPA should look back one year from the report date to see if billed or unbilled amounts exist. Here’s an example:
- The CPA provided tax services to ABC Company on April 25, 2015.
- The CPA billed for the tax services on June 1, 2015.
- ABC Company needs an audit report with a May 15, 2016, date.
- ABC Company has not paid the June 1, 2015, bill.
Is the CPA independent? If the audit report is dated May 15, 2016, the CPA is not independent.
Why? If we look back one year from the report date of May 15, 2016, we see that unbilled work from April 25, 2015, has not been paid. So an unpaid service for more than one year before the report date exists. The CPA, in this example, would be in violation of the Code of Conduct.
An Odd Collection Procedure
Oddly, the potential impairment of independence may assist you in collecting past-due accounts. If the client needs the current year attest work and the CPA can’t provide it to him without payment for the prior-year work, then collection may occur.
Here’s a list of online resources that I commonly use:
- AICPA Technical Hotline
- AICPA Plain English Guide to Independence
- AICPA Developing a System of Quality Contol
- AICPA Code of Ethics
- AICPA Yellow Book Independence Aid
- AICPA Illustrative Yellow Book Reports
- AICPA Illustrative Single Audit Reports
- AICPA Journal of Accountancy
- AICPA SASs and SSARS
- LinkedIn Governmental Not-For-Profit Group
- LinkedIn Sole Practitioners and CPA Small Firms Group
- The CPA Scribo Podcast
- Nonprofit Update Blog
- FASB Codification
- GASB Pronouncements
- 2014 Report to the Nations (Fraud Resource)
- COSO Internal Control (Executive Summary)
- 2015 OMB Compliance Supplement
- OMB Uniform Guidance
- 2011 Version of Yellow Book
Your Online References
What other online resources do you use as a CPA? Leave a comment.
The AICPA Code of Conduct requires that clients accept responsibility for nonattest services if attest services are also provided. Why? If the client has no one to assume responsibility (for the nonattest work), then the auditor may be performing management responsibilities and may possibly impair his independence.
The client should appoint someone with appropriate skill, knowledge, and experience (sometimes referred to as SKE) to oversee nonattest services provided by the public accounting firm. The CPA firm should document their consideration of independence — usually done in the enagagement letter. Document the nonattest services to be provided and the client personnel that will oversee the work.
Future peer reviews will have an increased focus upon nonattest services provided to attest clients. How do we know? Well, see the new peer review checklist questions below (for an attest engagement).
The big “no-no” is to assume management responsibilities and then perform an attest service. Here are additional questions from the peer review checklists. Notice the first item below: Accepting responsibility for the preparation and fair presentation of the client’s financial statements. The client must assume responsibility for the financial statements, even if we (as the CPA) prepare them.
If we prepare financial statements and perform an audit, review, or compilation, we have performed a nonattest service (preparation of financial statements) and an attest service (audit, review, compilation). Why is this important? Because if we perform a nonattest service and an attest service for the same client, we must assess our independence. And if we are not independent, then we can’t perform an audit or review engagement.
The peer review checklists also ask for:
- The name and title of the client personnel overseeing the nonattest service and
- A description of the accountant’s “assessment and factors leading to your satisfaction that the client personnel overseeing the service had sufficient skills, knowledge and experience”
Interestingly, later on in the peer review checklist (the one I’m presently referring to is the Not-for-Profit checklist), the following appears:
Does the auditor’s assessment of the skills, knowledge, and experience of client personnel overseeing non-attest services appear reasonable given indications within the engagement? Consider whether the auditor performed significant reconciliations and took into consideration the extent and significance of adjustments and journal entries, the control deficiencies, and so on.
Translation: If the auditor made several significant journal entries to clean up the records, does the client possess sufficient skill, knowledge, and experience?
Documentation of Nonattest Services
So do we need a new form to document our independence?
It certainly would not hurt to add a new form to document our independence. PPC offers such a form (and I am sure other work paper providers do the same). What I like about such forms (at least the one I have seen) is they provide us with a place to document all nonattest services and then to assess and document our client’s ability to assume responsibility for the nonattest services provided.
If the client can’t–or is unwilling to–assume responsibility for the financial statements, then we are not independent, and we cannot perform an audit or a review. This assumption of responsibility does not mean the client has the ability to create the financial statements, but it does mean that:
- that the client will oversee the nonattest service,
- that the client will evaluate the adequacy and results of the nonattest service, and
- that the client will accept responsibility for the nonattest service
Documentation of the above in our engagement letters is sufficient to meet standards (even though I like the idea of adding a separate independence form to the file). We should–in the engagement letter–specify the nonattest services and the responsibilities of management.
We have, for some time now, included the client responsibility language (about overseeing, evaluating, and accepting) in our engagement letters. But the language referring to nonattest services usually addressed tax preparation, depreciation schedule preparation, bookkeeping and the like. Now preparation of financial statements should be included as another nonattest service (assuming the accounting firm prepares the financials, which we usually do).
The requirement to treat financial statement preparation as a nonattest service is effective for engagements covering periods beginning on or after December 15, 2014.