AICPA Issues Nonattest Services Independence Rules

Guidance for members who provide nonattest services to attest clients.
BY CATHERINE R. ALLEN

It is important to remember that regardless of which nonattest services a member provides to any attest client, he or she must comply with ethics Interpretation 101-3’s broad-based provisions, including the requirements discussed in this article. Of equal significance are the nonattest services provisions contained in the independence rules of authoritative regulatory bodies, such as the SEC, the General Accounting Office and the Department of Labor. When the member is required to be independent of the client under the regulations of such bodies, Interpretation 101-3 states that failure to comply with those organizations’ nonattest services independence provisions—which, for certain services, are more restrictive than the interpretation—would violate the new rules.

n June 2003 the Institute’s professional ethics executive committee (PEEC) adopted independence rules for members who provide nonattest services to attest clients. Except for certain in-process engagements, these rules take effect December 31. The committee clarified certain existing rules, significantly tightened others and added two new provisions, one of which requires members to document their understanding of the nonattest services engagement prior to performing the services; the other requires members to comply with other regulatory bodies’ more restrictive independence rules (see Official Releases, JofA , Sep.03, page 101). This discussion addresses the more significant changes in the AICPA’s nonattest services independence rules.

The changes affected a number of interpretations and rulings under rule 101 of the Code of Professional Conduct. They are Interpretations 101-3 and 101-13 and ethics rulings 104 and 105 (AICPA, Professional Standards, ET sections 101.05, 101.15, 191.208-09 and 191.210-11). See “Scope of the AICPA Nonattest Services Rules,” page 82.

GENERAL REQUIREMENTS
TThe rules stipulate the following requirements for maintaining independence when a member performs nonattest services for an attest client:

  1. Members may not perform management functions or make management decisions on behalf of their attest clients.
  2. Members must be satisfied—prior to beginning the nonattest services engagement—the client is both willing and able to perform all management functions related to the engagement.
  3. The member must document certain aspects of the engagement, including the client’s agreement to oversee the services.
The first stipulation is the foundation of the AICPA nonattest services independence rule and underscores the PEEC’s long-standing prohibition on performing management functions or making management decisions.

A member who does so impairs independence “in appearance” because the public likely would think he or she is too close to the client’s business to perform attest services objectively and might also question a firm’s independence when the member (or another professional from his or her firm) subsequently audits the results of those decisions. Acting in the role of management also can affect a member’s independence “in fact” by diminishing his or her objectivity.

The second general requirement calls for the member to be satisfied that the client is able to—and intends to—fulfill every management role the engagement entails. Specifically, the client must do the following:

Scope of the AICPA Nonattest Services Rules
Interpretation 101-3 under Rule 101, Independence , of the AICPA Code of Professional Conduct provides authoritative guidance for members who are performing attest services. Such services—which require independence under the AICPA professional standards—include audits or reviews of financial statements, compilations of financial statements where a lack of independence is not disclosed and other attestation services as described in statements on auditing standards, statements on standards for accounting and review services and statements on standards for attestation engagements. The interpretation does not apply to members who are performing only nonattest services such as tax or consulting engagements, for which independence is unnecessary. Members providing only nonattest services should consider the guidance in Rule 102, Integrity and Objectivity.

Assign to a competent individual responsibility for overseeing the services.
Set the scope of the services.
Evaluate and accept responsibility for the services’ results.
Establish and maintain internal controls over the services.

The third requirement is new to the nonattest services independence rules. It requires the member to document his or her understanding with the client about the following: the client’s acceptance of its responsibilities, the services to be rendered, the engagement objectives (including any limitations) and the member’s responsibilities. Documentation may be in the form of either an engagement letter or another file to the workpapers. This requirement, like the second stipulation, must be satisfied before the member performs nonattest services.

It is difficult to overstate the importance of these requirements. Compliance with them allows the member to remain independent by ensuring the client is fully engaged—in terms of oversight and responsibility—in the performance of the nonattest services. A lack of client involvement and oversight would cause the member to act in the role of management, which violates the rules’ basic tenet.

COMPLIANCE WITH OTHER REGULATORS’ RULES
One of the new provisions of the nonattest services rules says that members must not only abide by AICPA requirements, but that they also must comply—where applicable—with more restrictive nonattest services independence rules of other authoritative regulatory bodies, such as state boards of accountancy, the Securities and Exchange Commission and the Department of Labor. For example, if a member—on a consulting engagement with a firm’s attest client—helped a government agency recruit executives, certain elements of the GAO standard, which are more stringent than their AICPA counterparts, would apply. The GAO standard prohibits certain services and for permitted services requires members to form separate engagement teams to perform the attest and nonattest engagements. Thus, when planning and performing the nonattest engagement, the member would have to comply with both the AICPA rules and GAO provisions.

SPECIFIC TYPES OF SERVICES ADDRESSED IN THE RULES
Once a member has satisfied the rules discussed above, he or she also should review the guidelines for specific types of nonattest services. The rules address a wide array of functions, including bookkeeping, payroll processing, providing investment advice, benefit plan administration, corporate finance, executive or employee search, business risk consulting, valuations, appraisals and actuarial services, information technology and internal audit assistance services.

In its review of the nonattest services rules, the committee considered and amended four of these service categories:

Bookkeeping.
Valuation, appraisal and actuarial services.
Information technology.
Internal audit assistance.

The committee clarified the bookkeeping and internal audit assistance services rules and moved the guidance on internal audit assistance from Interpretation 101-13 (AICPA, Professional Standards, ET section 101.13, volume 2) into Interpretation 101-3 of the Code of Professional Conduct (AICPA, Professional Standards, ET section 101.05, volume 2). By doing so, the committee made internal audit assistance engagements subject to the more stringent general requirements contained in revised Interpretation 101-3 and consolidated all of the AICPA nonattest services independence rules into one interpretation in the Code of Professional Conduct.

MORE RESTRICTIVE NONATTEST SERVICES RULES
For certain types of valuation, appraisal, actuarial and information-technology-related services, the committee’s review resulted in significantly tighter rules.

Under the new rules, members may not perform appraisal, valuation or actuarial services if they will have a material effect on the client’s financial statements and the service involves considerable subjectivity. There are two exceptions to this rule:

Valuation, appraisal and actuarial services are permitted if performed for non-financial-statement purposes—such as estate- and gift-tax-related valuations.

Actuarial valuations performed in connection with a client’s pension or postretirement benefit liabilities are permitted because they do not involve a significant amount of subjectivity (that is, the valuation results would be reasonably consistent regardless of who performs the valuation).

The rules also prohibit members from “designing” a client’s financial information system by creating or changing the computer source code underlying the system. If members make any such modifications, they cannot be “more than insignificant.” Nevertheless, members may install prepackaged software, such as Intuit’s QuickBooks, for clients and can help set up their charts of accounts and financial statement formatting. But members are not permitted to operate a local area network (LAN) for clients because the PEEC considers that service a management function.

EFFECTIVE DATE AND TRANSITION ISSUES
Although the rules take effect on December 31, 2003, members may apply them earlier. A transitional provision allows members to complete under the preexisting rules engagements that are subject to more restrictive AICPA requirements—for example, a financial reporting system design project. This exception applies only if the engagement’s starting date is December 31, 2003, or earlier; the member is in compliance with preexisting rules; and the engagement is completed by December 31, 2004.

The rules are available on the AICPA Web site at www.aicpa.org/download/ethics/interp_revisions_jun03.pdf . Members and other interested parties who need additional guidance on the new rules can call the AICPA Ethics Hotline at 888-777-7077 (menu option 5, followed by option 2) or contact the professional ethics division by e-mail at ethics@aicpa.org . A document titled Basis for Conclusions will be available at www.aicpa.org/members/div/ by December 31. It will explain the revisions and describe the rationale behind the committee’s proposal, the comments it drew and the deliberations that took place prior to the rules’ adoption.

FUTURE REVISIONS
The PEEC recently added three new projects to its agenda for the second phase of its reevaluation of the nonattest services independence rules. The committee will reconsider expert witness and other litigation support services, executive and employee recruiting and certain payroll-processing services. As part of this review, the committee will examine the rules in light of marketplace issues (such as regulatory changes and current practice) and will determine whether amendments are necessary.

CATHERINE R. ALLEN, CPA, is a director in the U.S. independence office of PricewaterhouseCoopers. Her e-mail address is catherine.r.allen@us.pwc.com .

SPONSORED REPORT

Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.

QUIZ

News quiz: IRS warning on cyberattacks and a change in pension rules

Once again, the IRS sounds the alarm about a threat from cyberthieves. See how much you know about this and other recent news with this short quiz.

CHECKLIST

Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.