Yellow Book independence is a big deal. And if you prepare financial statements in a Yellow Book audit, you need to be aware of the independence rules. Below I tell you how to maintain your independence—and stay out of hot water,
Suppose that--during your peer review--it is determined your firm lacks independence in regard to a Yellow Book engagement.
What could happen? Well, I can't say for sure, but I think it would be nasty. At a minimum, you would probably receive a finding for further consideration--or worse, a negative peer review report. The engagement is definitely nonconforming (not conforming to professional standards).
Then, you'd need to provide a response--explaining what you intend to do about the lack of independence. And this could get very interesting. Not where you want to be.
If you prepare financial statements (a nonattest service) for your audit client, you have a significant threat. Why? You are auditing something (the financial statements) that you created. There is a self-review threat.
When there is a significant threat, you must use a safeguard (to lessen the threat). Such as? A second partner review. So, for example, you might have a second audit partner (someone not involved in the audit) review the financial statements. Since the second partner did not create the financial statement, the self-review threat is mitigated.
Notice the safeguard (the second partner review) is something the audit firm does--and not an action of the audit client. Therefore, it qualifies as a safeguard.
The 2018 Yellow Book states the following in paragraph 3.88:
Auditors should conclude that preparing financial statements in their entirety from a client-provided trial balance or underlying accounting records creates significant threats to auditors' independence, and should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level...or decline to provide the services. (CPAHallTalk bolded the preceding words in this section.)
You've heard your audit client must have sufficient skill, knowledge and experience (SKE) and that they must oversee and assume responsibility for nonattest services. This is true and is always required when nonattest services are provided to an audit client.
Even so, the client's SKE does not address the self-review threat.
Think of the SKE issue as a minimum requirement. Do not pass "go" if the client does not assign someone (with SKE) to oversee the nonattest service. You are not independent. End of discussion.
The January AICPA Reviewer Alert distinguishes the SKE requirement from safeguards saying, "Client SKE should not be viewed as a safeguard, but rather a mandatory condition before performing any nonaudit services."
Once the client SKE issue is dealt with, consider if safeguards are necessary. If you are asked to prepare the financial statements, a second issue arises--the self-review threat. And this threat has to be addressed. A second review--whether a second partner review or an EQCR--is a good way to do so.
The AICPA (in its AICPA Yellow Book Pratice aid) provides examples of safeguards including:
See Appendix E of the AICPA Yellow Book Practice Aid for additional examples of safeguards and how to apply them.
The Yellow Book requires that your independence be documented. If it is not, a violation of professional standards exists.
So, document the SKE of the client and the safeguards used to address significant threats. Also, document which nonattest services are signficiant threats.
The January 2019 Reviewer Alert (an AICPA newsletter provided to peer reviewers) provides a scenario where an audit firm performs a Yellow Book audit and prepares financial statements. Then the firm has an engagement quality control review (EQCR) performed, but it does not identify the preparation of financial statements as a significant threat. The newsletter states "the engagement would ordinarily be deemed nonconforming for failure to document identification of a significant threat." So, even if a safeguard (e.g., a second partner review) is in use, the lack of documentation makes the engagement nonconforming.
Here's the lowdown to protect your firm:
Looking for a tool to document Yellow Book independence? Consider the AICPA's practice aid. Here is the free PDF version. You can also purchase the fillable version here. (Cost is $39 for AICPA members.) This is the 2011 Yellow Book aid. I am thinking the AICPA will create a 2018 Yellow Book version as well.
Get my free weekly accounting and auditing digest with the latest content.
Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles is the quality control partner for McNair, McLemore, Middlebrooks & Co. where he provides daily audit and accounting assistance to over 65 CPAs. In addition, he consults with other CPA firms, assisting them with auditing and accounting issues.
Please log in again. The login page will open in a new window. After logging in you can close it and return to this page.