Yellow Book independence is a big deal. And if you prepare financial statements in a Yellow Book audit, you need to be aware of the independence rules. Below I tell you how to maintain your independence—and stay out of hot water,
Suppose that--during your peer review--it is determined your firm lacks independence in regard to a Yellow Book engagement.
What could happen? Well, I can't say for sure, but I think it would be nasty. At a minimum, you would probably receive a finding for further consideration. The engagement is definitely nonconforming (not conforming to professional standards).
Then, you'd need to provide a response--explaining what you intend to do about the lack of independence. And this could get very interesting. Not where you want to be.
If you prepare financial statements (a nonattest service) for your audit client, you have a significant threat. Why? You are auditing something (the financial statements) that you created. There is a self-review threat.
When there is a significant threat, you must use a safeguard (to lessen the threat). Such as? A second partner review. So, for example, you might have a second audit partner (someone not involved in the audit) review the financial statements. Since the second partner did not create the financial statement, the self-review threat is mitigated.
Notice the safeguard (the second partner review) is something the audit firm does--and not an action of the audit client. Therefore, it qualifies as a safeguard.
The 2018 Yellow Book states the following in paragraph 3.88:
Auditors should conclude that preparing financial statements in their entirety from a client-provided trial balance or underlying accounting records creates significant threats to auditors' independence, and should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level...or decline to provide the services.
You've heard your audit client must have sufficient skill, knowledge and experience (SKE) and that they must oversee and assume responsibility for nonattest services. This is true and is always required when nonattest services are provided to an audit client.
Even so, the client's SKE does not address the self-review threat.
Think of the SKE issue as a minimum requirement. Do not pass "go" if the client does not assign someone (with SKE) to oversee the nonattest service. You are not independent. End of discussion. (If the client does not have sufficient SKE, see section below titled Inadequate Skill, Knowledge, and Experience.)
The January AICPA Reviewer Alert distinguishes the SKE requirement from safeguards saying, "Client SKE should not be viewed as a safeguard, but rather a mandatory condition before performing any nonaudit services."
Once the client SKE issue is dealt with, consider if auditor safeguards are necessary. Why? A self-review threat may be present.
The AICPA (in its AICPA Yellow Book Practice aid) provides examples of safeguards (again, these are actions of the audit firm) including:
See Appendix E of the AICPA Yellow Book Practice Aid for additional examples of safeguards and how to apply them.
The Yellow Book requires that your independence be documented. If it is not, a violation of professional standards exists.
So, document the SKE of the client and the safeguards used to address significant threats. Also, document which nonattest services are signficiant threats. Peer reviewers focus on Independence documentation.
The January 2019 Reviewer Alert (an AICPA newsletter provided to peer reviewers) provides a scenario where an audit firm performs a Yellow Book audit and prepares financial statements. Then the firm has an engagement quality control review (EQCR) performed, but it does not identify the preparation of financial statements as a significant threat. The newsletter states "the engagement would ordinarily be deemed nonconforming for failure to document identification of a significant threat." So, even if a safeguard (e.g., a second partner review) is in use, the lack of documentation makes the engagement nonconforming.
As you can see, the Yellow Book independence assessment will sometimes be black and white, but other times, not so. Regardless, the audit client has to have someone with sufficient skill, knowledge and experience to oversee the financial statements preparation. Why? The auditor can't assume responsibility for the statements. This is a management responsibility.
The 2018 Yellow Book (paragraph 3.75) says the following about management responsibilities:
In cases where the audited entity is unable or unwilling to assume these responsibilities (for example, the audited entity does not have an individual with suitable skill, knowledge, or experience to oversee the nonaudit services provided, or is unwilling to perform such functions because of lack of time or desire), auditors should concluded that the provisions of these services is an impairment to independence.
Additionally, paragraph 3.73 of the Yellow Book states:
Auditors should determine that the audited entity has designated an individual who possesses suitable skill, knowledge, or experience and that the individual understands the services to be provided sufficiently to oversee them.
If the government has no one with sufficient SKE, then the external auditor is not independent and can't perform the audit.
So, is there another option when the client does not have sufficient SKE?
If the auditor can't get comfortable with the client's SKE (e.g., the client's ability to review the financial statements and assume responsibility), what can be done? The audited entity can hire someone with sufficient SKE. For example, the entity could contract with a CPA not affiliated with the external audit firm to review the financial statements on their behalf.
Many smaller governments need to contract with an outside person in order to have sufficient SKE. The problem, however, is they may not have the funds to do so. If you as the auditor make this suggestion, be prepared for this question: "Isn't this why I hired you?" Regardless, the client has to have sufficient SKE before the auditor can issue an opinion.
Here's the lowdown to protect your firm:
Looking for a tool to document Yellow Book independence? Consider the AICPA's practice aid. Here is the free PDF version. You can also purchase the fillable version here. (Cost is $39 for AICPA members.) This is the 2011 Yellow Book aid. I am thinking the AICPA will create a 2018 Yellow Book version as well.
Get my free accounting and auditing digest with the latest content.
Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles is the quality control partner for McNair, McLemore, Middlebrooks & Co. where he provides daily audit and accounting assistance to over 65 CPAs. In addition, he consults with other CPA firms, assisting them with auditing and accounting issues.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.