Yellow Book Independence: When Should You Apply Safeguards?

Safeguards are to be applied when significant independence threats are present

When I was a kid living in Donalsonville, Georgia, my mother would drive into our open garage, leave the keys in the ignition (where they remained for the evening), and then would walk into our home (which had not been locked all day).

Over time, I noticed that she left the keys in the car less and less, and we began to lock the doors of our home. At one point we even bought deadlocks.

Why?

It seems our neighbors were, from time to time, having small thefts, and one even had a burglar in the home as they returned one afternoon.

My parents were responding to risks. The greater the thefts and burglaries, the greater the safeguards.

Safeguards Required by Yellow Book

Whenever an external auditor performs nonattest services (e.g., preparation of financial statements), then the auditor should consider whether the nonattest service adversely affects his independence.

The Government Auditing Standards (known as the Yellow Book) requires that safeguards be applied whenever independence threats are significant – but only if they are significant – in order to eliminate or reduce such threats to an acceptable level.

Yellow Book Independence Safeguards

Yellow Book Independence Safeguards

Examples of safeguards that may eliminate or reduce significant threats to an acceptable level include the following:

  • Discussing independence issues with those charged with governance of the entity
  • Assigning separate engagement personnel for the audit and nonaudit service
  • Obtaining secondary reviews of the nonaudit services by professional personnel who were not members of the audit engagement team (e.g., second partner review of financial statements prepared by the external audit firm)
  • Discussing the significance of the threats to management participation or self-review with the engagement team and emphasizing the risks associated with such threats
  • Educating management on the nonaudit services performed by reviewing and explaining the reason and basis for all significant transactions, as well as authoritative standards, so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the nonaudit services
  • When financial statement preparation is the nonaudit service being performed, determining that there has been review of the financial statements and successful completion of a disclosure checklist by the audited entity

Not all safeguards listed would be appropriate for all significant threats identified and, often, may require combinations of more than one safeguard. When determining the type and number of safeguards to be applied, the auditor should consider the significance of the threats, both individually and in the aggregate.

Some safeguards have a higher level of mitigation of threats than others. Also safeguards that involve personnel who are independent of the audit process are generally more effective than those who are not independent.

Determining which safeguards to apply involves professional judgment and is dependent on the facts and circumstances of each specific situation.

Prohibited Services

Finally remember that safeguards cannot be used to ameliorate risk related to prohibited services (e.g., the external audit firm signs checks for the client); if the external auditor performs prohibited services, then safeguards cannot remedy the lack of independence. Examples of prohibited services follow:

  • Setting policies and the strategic direction for the audited entity
  • Directing and accepting responsibility for the actions of the audited entity’s employees in the performance of their routine, recurring activities
  • Having custody of an audited entity’s assets
  • Accepting responsibility for designing, implementing, or maintaining internal control

Preparing Financial Statements 

 If you are an external auditor that also prepares the client’s financial statements (a nonattest service), see my post concerning Yellow Book independence.

Learn from the CPA Scribo newsletter!

Get my free weekly accounting and auditing digest with the latest content.

Powered by ConvertKit

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 thoughts on “Yellow Book Independence: When Should You Apply Safeguards?

  1. This seems to be one of those areas where it is easy for the auditor to take the position that anything not explicitly forbidden must be permitted. In exercising professional judgment, what do you think the auditor is really trying to safeguard against? In general terms, what should the auditor be afraid of?

    • Eddie, The Yellow Book lists a few threats, but I think the one most common is the self-review threat. As you know, auditors of governments often create products (e.g., financial statements) that they often audit. So the framework is designed to make us think about how to mitigate the independence threat caused by this dynamic. I can remember many years ago when we created information that we audited and never gave it a second thought – probably not wise. Thanks for the comment.