A CPA’s independence can be impaired by performing nonattest services.
Cause of Independence Impairment
The AICPA Code of Conduct requires that clients accept responsibility for nonattest services if attest services are also provided. Why? If the client has no one to assume responsibility (for the nonattest work), then the auditor could be performing management responsibilities that impair independence.
The client should appoint someone with appropriate skill, knowledge, and experience (sometimes referred to as SKE) to oversee nonattest services provided by the public accounting firm. The CPA firm should document their consideration of independence — usually in the enagagement letter and/or a memorandum. Document the nonattest services to be provided and the client personnel overseeing the work. It is helpful to also document the skill, knowledge, and experience of the designated person. What is their educational background? How long have they served in their role? Do they have any certifications (e.g., CPA, CISA)? What qualifies the designated (client) person to oversee the nonattest service performed by the attest firm?
Future peer reviews will have an increased focus upon nonattest services provided to attest clients. How do we know? Well, see the new peer review checklist questions below (for an attest engagement).
The big “no-no” is to assume management responsibilities and then perform an attest service. Here are additional questions from the peer review checklists. Notice the first item below: Accepting responsibility for the preparation and fair presentation of the client’s financial statements. The client must assume responsibility for the financial statements, even if we (as the CPA) prepare them.
If we prepare financial statements and perform an audit, review, or compilation, we have performed a nonattest service (preparation of financial statements) and an attest service (audit, review, compilation). Why is this important? Because if we perform a nonattest service and an attest service for the same client, we must assess our independence. And if we are not independent, then we can’t perform an audit or review engagement.
The peer review checklists also ask for:
The name and title of the client personnel overseeing the nonattest service and
A description of the accountant’s “assessment and factors leading to your satisfaction that the client personnel overseeing the service had sufficient skills, knowledge and experience”
Interestingly, later on in the peer review checklist (the one I’m presently referring to is the Not-for-Profit checklist), the following appears:
Does the auditor’s assessment of the skills, knowledge, and experience of client personnel overseeing non-attest services appear reasonable given indications within the engagement? Consider whether the auditor performed significant reconciliations and took into consideration the extent and significance of adjustments and journal entries, the control deficiencies, and so on.
Translation: If the auditor made several significant journal entries to clean up the records, does the client possess sufficient skill, knowledge, and experience?
Documentation of Nonattest Services
So do we need a new form to document our independence?
It certainly would not hurt to add a new form to document our independence. PPC offers such a form (and I am sure other work paper providers do the same). What I like about such forms (at least the one I have seen) is they provide us with a place to document all nonattest services and then to assess and document our client’s ability to assume responsibility for the nonattest services provided.
If the client can’t–or is unwilling to–assume responsibility for the financial statements, then we are not independent, and we cannot perform an audit or a review. This assumption of responsibility does not mean the client has the ability to create the financial statements, but it does mean that:
that the client will oversee the nonattest service,
that the client will evaluate the adequacy and results of the nonattest service, and
that the client will accept responsibility for the nonattest service
Documentation of the above in our engagement letters is sufficient to meet standards (even though I like the idea of adding a separate independence form to the file). We should–in the engagement letter–specify the nonattest services and the responsibilities of management.
We have, for some time now, included the client responsibility language (about overseeing, evaluating, and accepting) in our engagement letters. But the language referring to nonattest services usually addressed tax preparation, depreciation schedule preparation, bookkeeping and the like. Now preparation of financial statements should be included as another nonattest service(assuming the accounting firm prepares the financials, which we usually do).
The requirement to treat financial statement preparation as a nonattest service is effective for engagements covering periods beginning on or after December 15, 2014.
For many years, preparation of financial statements was considered a part of an attest engagement (audits, reviews compilations). No longer.
The Professional Executive Ethics Committee (PEEC) recently added guidance to the “Nonattest Services” interpretation as follows:
…activities such as preparation of financial statements…are considered outside the scope of the attest engagement, and, therefore, are considered a nonattest service
Consequently, if an accountant prepares financial statements (a nonattest service) and performs an attest service (e.g., audit, review, compilation), then consideration should be given as to whether:
the client makes all management decisions,
the client properly oversees the service,
the client evaluates the adequacy and results of the service, and
the client accepts responsibility for the service
We have, for some time now, included the aforementioned language in engagement letters when we have performed both attest services and nonattest services. But the language referring to nonattest services usually addressed tax preparation, depreciation schedule preparation, bookkeeping and the like. Now preparation of financial statements should be listed as another nonattest service and the requisite language concerning client responsibilities (in the previous paragraph) applies to the preparation-of-financial-statements engagement.
The requirement to treat financial statement preparation as a nonattest service is effective for engagements covering periods beginning on or after December 15, 2014. If you, for example, perform a compilation engagement for January 2015 (i.e., a monthly financial statement), the new guidance is applicable. Of course, with regard to compilations, you can lack independence if it is noted in the compilation report. Not true for reviews and audits. CPAs are precluded from performing reviews and audits if their independence is impaired.
Here is the sample relevant paragraph from Illustration 1 of the compilation engagement letters in Section 80 of SSARS 21:
You are also responsible for all management decisions and responsibilities and for designating an individual with suitable skills, knowledge, and experience to oversee our preparation of your financial statements. You are responsible for evaluating the adequacy and results of the services performed and accepting responsibility for such services.
If other nonattest services are to be provided (e.g., tax return), they are to be listed alongside preparation of financial statements.
The client must accept responsibility for financial statements prepared as a part of an audit or a review for periods beginning after December 15, 2014. So, for example, if a client desires for you to perform a review engagement for the first quarter of 2015, the client must be able to oversee your preparation and accept responsibility for the financial statements. If the client is unable to accept that responsibility, then the accountant is not independent and would be precluded from performing the review engagement.
Simply including the standard language in the engagement letter (that management assumes responsibility) is not the same as management actually accepting responsibility.
Obviously, the determination of whether the client can (or has the ability to) accept responsibility is a subjective one. I anticipate additional guidance to be forthcoming from the AICPA to assist CPAs in making this decision.
The AICPA’s new Code of Professional Conduct is now effective.
On January 28, 2014, the AICPA Professional Ethics Executive Committee (PEEC) approved the new Code of Ethics Codification. The prior code of ethics evolved over many years without a great deal of structure, making it difficult to find answers to CPA’s ethical and independence questions. The purpose of the new codification is to enhance the clarity and organization of the Code.
You will find the new codification delivers as promised: easy-to-follow and well designed. The AICPA did a fine job with this project.
AICPA Code of Professional Conduct Table of Contents
Table of Contents
The Code is organized into three parts:
Members in Business
All other members (including those who are in between jobs or retired)
The revised Code is effective as of December 15, 2014.The new conceptual frameworks, however, are not effective until December 15, 2015.
The Code includes a threats and safeguards framework (not effective until December 15, 2015–this delay is provided to give CPAs time to consider and understand the new framework). CPAs will identify threats and then consider safeguards to mitigate those threats. The CPA will be able to proceed with the engagement if threats–after considering safeguards–are at an acceptable level. The conceptual frameworks (there are two–one for members in practice and one for members in business) are to be used only in situations for which the revised code does not contain a specific rule or requirement.
Access to New Code of Conduct
Access to the revised code is free (you may be thinking, finally something free), and users will be able to save searches and bookmark content.
For CPAs in public practice, the independence standards are located at 1.200.
Merging of AICPA and Yellow Book Independence Rules
If the threats and safeguards framework sounds familiar, it should. You will recall the GAO issued the revised 2011 version of the Yellow Book which includes similar independence language and approaches.
For many years the AICPA and the GAO went in different directions. The result was independence standards that were quite different. Now, thankfully, they are similar.
The art of life is a constant readjustment to our surroundings. –Kakuzo Okakaura
Significant change has occurred in the compilation world.
The Accounting and Review Services Committee recently added a new twist to the standards that govern the preparation of financial statements. Now CPAs can issue financial statements without a compilation report. To do so, you need to follow the guidance in Section 70 (Preparation of Financial Statements) of SSARS 21. So let’s unwrap this package and see what’s inside.
First, when is the Preparation standard applicable?
Section 70 states it is not applicable when the accountant prepares financial statements:
and is engaged to perform an audit, review, or compilation of financial statements
solely for submission to taxing authorities
for inclusion in written personal financial plans
in conjunction with litigation services that involve pending or potential legal or regulatory proceedings, or
in conjunction with business valuation services
In other words, the standard applies when you create financial statements that are not for any of the above purposes.
If you create financial statements that will, for example, be used for litigation purposes, then Section 70 does not apply. If you create a balance sheet that is a part of a tax return, Section 70 is not applicable. If you are engaged to create financial statements as a part of a compilation, then, again, Section 70 doesn’t apply. (You will only issue a compilation report when you are engaged to do so. Under Section 70, no compilation report is issued. See my prior SSARS 21 post for more information.)
Difference in Preparation and Merely Assisting
The Preparation standard also makes a distinction between preparing financial statements and merely assisting in the preparation of financial statements.
Preparing refers to the creation of financial statements.
Merely assisting refers to bookkeeping services. Here are examples of accounting services that are not covered by Section 70:
Preparing or proposing certain adjustments, such as those applicable to deferred income taxes, depreciation, or leases
Drafting financial statement notes
Entering general ledger transactions or processing payments in accounting software
Independence Not Required
Bear in mind that the preparation of financial statements and related bookkeeping services (e.g., entering transactions into a general ledger) are both considered nonattest services. So you can do either without considering whether you are independent.
What does this mean? Well, I can process payments for a client (even sign checks or have custody of a client’s assets) and prepare financial statements. Am I independent? No. Does it matter? No, not if I am just preparing financial statements under the guidance of Section 70 (and not issuing a compilation report). Do I need to disclose my lack of independence? No. (If you do issue a compilation report, you need to disclose your lack of independence–as you have in the past.)
Must the accountant verify the accuracy or completeness of the information? No. Remember, however, that AICPA ethics rules prohibit a CPA from issuing financial statements that are intentionally misleading.
Required Wording or Disclaimer?
Each page of the financial statements should include, at a minimum, the words “no assurance is provided” or issue a disclaimer that makes clear that no assurance is provided.
The example disclaimer provided in .A12 of Section 70 reads as follows:
The accompanying financial statements of XYZ Company as of and for the year ended December 31, 20XX, were not subjected to an audit, review, or compilation engagement by me (us) and, accordingly, I (we) do not express an opinion, a conclusion, nor provide any assurance on them.
[Signature of accounting firm or accountant, as appropriate]
[Accountant’s city and state]
Can the financial statements omit disclosures?
The disclosure of the omission of substantially all disclosures may be made on the face of the financial statements or in a selected note to the financial statements. (Selected disclosure is permissible under Section 70.)
If disclosures are omitted and a special purpose framework is used, then the accountant should include a description of the financial reporting framework on the face of the financial statements.
Engagement Letter Required
An engagement letter is required by Section 70. Both the accountant and the client must sign the letter.
The accountant should retain:
A copy of the financial statements
The signed engagement letter
That’s it: Nothing else is required.
The documentation may also include any significant consultations or professional judgments.
Subject to Peer Review?
My February 2015 AICPA Peer Review Update (newsletter) states the following:
On November 18, 2014, the Peer Review Board (PRB) issued an exposure draft, which proposed that firms that only perform preparation engagements under AR-C Section 70 – Preparation of Financial Statements (issued as part of Statement on Standards for Accounting and Review Services (SSARS) No. 21, Statement on Standards for Accounting and Review Services: Clarification and Recodification) would not be required to enroll in the AICPA peer review program (Program). However, it also proposed that a firm’s preparation engagements would be included in the scope of a peer review when the firm either elects to enroll in the program (e.g. to comply with licensing or other requirements) or is already enrolled due to other engagements it performs. This proposal was issued in order to address the effect of these engagements on the scope of the Program.
The PRB considered comments raised by the peer review community about the proposal and elected to adopt the proposed guidance changes. The changes are effective for peer reviews commencing on or after February 1, 2015.
The key points of this communication are:
Firms that only perform the Preparation of Financial Statement service under section 70 of SSARS 21 are not required to enroll in the AICPA peer review program.
Firms that are enrolled in the peer review program will have the Preparation of Financial Statements service included in the scope of their peer reviews.
Note that these are the AICPA rules. Peer review requirements may be more stringent in your state, possibly requiring a peer review–even if you only perform Preparation of Financial Statement engagements. Check with your state board of accountancy.