By Allison M. Henry, CPA, CGMA, vice president – professional and technical standards
Whether or not practitioners can assist their audit clients with financial statement presentation, or any nonattest services, and maintain their independence has been a long-running debate. In theory, if auditors assist their clients with too many nonattest services, especially those that relate to the information subject to the audit, the auditor could potentially be auditing his or her own work; thus, independence is lost. To ensure that auditors remain independent, the AICPA Professional Ethics Executive Committee (PEEC) and the U.S. Government Accountability Office (GAO) have created complex and detailed rules that include specific documentation requirements. To make compliance more challenging, the AICPA and Yellow Book standards are not identical and are constantly changing.
PICPA’s Peer Review Committee has spent hours analyzing matters identified by peer reviewers to determine whether the peer reviewed firm complied with the substance of the standards and whether specific missing documentation results in a nonconforming engagement. In general, failure to comply with the substantive requirements of the nonattest guidance could potentially result in an independence impairment. Additionally, failure to substantially comply with documentation requirements could result in a nonconforming engagement on a Yellow Book audit, but not necessarily on a non-Yellow Book engagement.
Under the AICPA guidance, practitioners are …
- Precluded from assuming management responsibilities (AICPA ET 1.295.030]
- Required to assess the cumulative effect on independence when providing multiple nonattest services [ET 1.295.020]
- Required to ensure that management agrees to assume all management responsibilities; oversee the service, by designating an appropriate individual (i.e., who possesses suitable skill, knowledge, and/or experience); and evaluate the adequacy and accept responsibility for the results of the services
- Required to determine if the nonattest service or services are a significant threat to independence, and, if so, employ a safeguard
The AICPA standards also require practitioners to document in writing their understanding with the client and that the requirements for performing nonattest services were met prior to performing those services. The understanding with the client should include the objectives of the engagement, services to be performed and any limitations, the member’s responsibilities, and the client’s acceptance of its responsibilities. However, under AICPA standards, failure to document the required understanding would not impair the auditor’s independence, provided the practitioner did establish the understanding with the client. [ET1.295.050]
The GAO requirements are similar to the AICPA requirements, but they require a more robust analysis of the auditor’s assessment of management’s ability to effectively oversee the nonaudit services, which are required to be documented. Additionally, both the AICPA and the GAO standards require the practitioner to evaluate threats to their independence. If those threats are significant, they are to employ safeguards to mitigate those threats. However, the GAO requires documentation of significant threats to independence along with the related safeguards employed. Plus, the GAO considers assistance with financial statement preparation to be a significant threat to independence that requires the employment of a safeguard; however, this is not spelled out in the 2011 Yellow Book. This significant threat is expected to be included in the upcoming changes to the Yellow Book standards, which are expected in July 2018. Therefore, if financial statement preparation is significant, practitioners need to identify and employ safeguards to mitigate the associated threats. The obvious safeguard to address the threat to independence posed by assistance with financial statement presentation is an independent engagement quality control review.
Third-party practice aids are not helping practitioners successfully navigate the nonattest services requirements. Specific language associated with nonattest services is relegated to small print in the footnotes to the engagement and management representation letter templates, and it is frequently overlooked. Additionally, during the course of the engagement, firms frequently perform additional nonattest work but are not prompted by their practice aids to go back to clearly communicate the changes with the client, document the nature of the additional nonattest services, obtain management’s agreement in writing to perform their responsibilities related to these services, or assess and document the adequacy of the client’s knowledge and expertise to oversee additional nonattest services resulting in potential practitioner noncompliance with the guidance.
Other nonattest services have been associated with the audit engagement for so long that practitioners forget that they are nonattest services, such as assistance with the REAC filing on a HUD engagement or with the data collection form with the Federal Audit Clearing House. Practitioners frequently overlook more recent changes -- such as the PEEC having redefined financial statement preparation to be a nonattest service -- and do not remember the need to consider the cumulative impact of all nonattest services on independence.
Ultimately, the value of all this effort must be questioned. Is it improving audit quality? The compliance bar is set so high that it is difficult for many practitioners to comply, resulting in well-intentioned practitioners missing the mark. Would it not be less costly and less complex if we simply drew a clearer line in the independence rules, and simply eliminated the ability of attest practitioners to assist with financial statement preparation? Of course, this is not a widely supported position among practitioners. There are too many client-specific situations that drive support for maintaining the status quo. This was the source of a discussion by Tim Rennie at our 2017 Government Accounting Conference, and in 2018 this discussion will continue when practitioners and government representatives take a deep dive into “Auditor Independence under Yellow Book and GAAS.”
One of the biggest practitioner difficulties has been the requirement to apply Yellow Book standards to smaller entities. These entities rely heavily on the CPA for nonattest services, and they are less able to afford multiple CPAs to prepare and audit the financial statements. For Pennsylvania practitioners, PICPA’s lobbying efforts have resulted in an increase in the audit thresholds for a number of smaller not-for-profit entities. See Peter Calcara’s Feb. 9, 2018, CPA Now blog post, "Revised Financial Reporting Requirements for Charitable Organizations Now Law," for further information. This should help reduce the number of entities affected by the nonattest rules. Practitioners should also consider working with their clients to eliminate the requirement to have the audit performed using Yellow Book standards where they truly are not needed.
For now, to avoid a nonconforming engagement, practitioners should be prepared to invest time to ensure that the requirements are met. The AICPA has a number of practice aids to help practitioners meet these requirements, including a 2011 Yellow Book Independence- Nonaudit Services Documentation Practice Aid. Given the importance of compliance with this guidance, it might be beneficial to have an engagement quality control reviewer look at all nonattest service documentation at the conclusion of the engagement to prevent an engagement from being nonconforming.
Consultation is also a valuable resource. Feel free to reach out to me at email@example.com or PICPA’s Peer Review Committee at firstname.lastname@example.org with additional comments or questions on this important topic.
Allison Henry will be a speaker at the 2018 Government Accounting Conference on July 9, 2018. Learn more about these and other topics at the conference.