Maintaining independence with nonattest services

Safeguards can help prevent impairments to independence.
By Maria L. Murphy, CPA

Maintaining independence with nonattest services
Photo by LZF/iStock

Independence is a critical concern for CPAs and is the very foundation of attest services. Independence is a state of mind that permits CPAs to perform without being affected by influences that compromise professional judgment, allowing them to act with integrity and exercise objectivity and professional skepticism.

The trust the public places in CPAs makes it important for them to avoid circumstances that could create a conclusion that their objectivity or professional skepticism has been compromised in the work they perform. This essential virtue of independence is preserved for CPAs by requirements that differ, depending on the type of client and engagement. The AICPA Code of Professional Conduct (AICPA Code) includes rules on independence and ethics for "members" (CPAs and firms). The Nonattest Services subtopic (ET §1.295) of the Independence topic addresses the provision of nonattest services to attest clients. Attest engagements include any engagement that requires independence, such as audits and reviews (see the sidebar, "Examples of Nonattest Services").


When a member provides nonattest services for an attest client, threats to independence may exist. Whether the services can be provided depends on the nature of the services and whether the client is willing and able to meet certain responsibilities. In many cases, safeguards may be put in place so that threats are at an acceptable level and independence would not be impaired.

The "General Requirements for Performing Nonattest Standards" interpretation (ET §1.295.040) requires the attest client to agree to all of the following safeguards:

  • Assuming all management responsibilities.
  • Overseeing the service performed by designating an individual with suitable skills, knowledge, and/or experience (SKE).
  • Evaluating the adequacy and results of the services performed.
  • Accepting responsibility for results of the services.

The CPA cannot assume management's responsibilities and must be satisfied that the attest client and its management will meet their responsibilities in this area.

Another threat to independence is the self-review threat. The AICPA Code defines this as, "the threat that a member will not appropriately evaluate the results of a previous judgment made, or service performed or supervised by the member or an individual in the member's firm and that the member will rely on that service in forming a judgment as part of an attest engagement" (paragraph .17 of ET §1.210.010). The AICPA Code provides examples of various safeguards that can be implemented by member firms, such as the use of different partners and engagement teams that have separate reporting lines in the delivery of permitted nonattest services to an attest client.

Before performing nonattest services, the member is required to establish and document in writing his or her understanding with the client regarding:

  • The objectives of the engagement.
  • The services to be performed.
  • The attest client's acceptance of its responsibilities.
  • The member's responsibilities.
  • Any limitations of the engagement.

The member may determine the form that this documentation takes. The Code does not stipulate where to document but indicates that the form is not as important as the content and the timing. For example, this understanding with the client may be documented in engagement letters or in the engagement workpapers.


The approach to monitoring independence will likely be different based on the size of the accounting firm. But common to all is having processes to evaluate services before they are provided, to discuss independence within their firms, and to document the results of their evaluations. Here are some examples of how firms deal with independence issues:

Johnson, Feigley, Newton & Brand LLP

This local firm with fewer than 10 professionals uses tools such as practice aids and peer review checklists as a guide and for documentation requirements, which it has integrated into its system of quality control and updates on an ongoing basis.

The firm's process is informal, relying on face-to-face communications within the firm, but it is required to comply with the same rules as larger firms, said Mike Brand, CPA, CGMA, the partner primarily responsible for educating those in his firm about independence standards and the services that can be performed.

Mayer Hoffman McCann PC

Independence monitoring at Mayer Hoffman McCann PC, which has more than 250 shareholders in 32 offices throughout the United States, is integrated with client relationship management and time and billing systems, according to Bill Mann, CPA, J.D., the firm's general counsel and national director of independence.

"When any opportunity comes in, the client name is required to be input into the independence monitoring system to see if we are doing any work for that client and what type of work," he said. "If that client is already receiving attest services, the system shows a stop sign for a potential independence issue that must be discussed by the engagement partner and independence director and cleared. If a nonattest service is entered for an existing attest client or vice versa, the system sends a notification email to the existing engagement partner and independence director to make sure everyone is aware and communicates."

In addition, the billing system has controls in place that require that an engagement be entered into the independence monitoring system prior to a client number being assigned for any time to be billed.


A client assessment tool also is used to monitor nonattest services for attest clients at RSM US LLP, which has more than 9,000 people in 86 offices nationwide. "We have an annual client acceptance and evaluation process," said Shelly Van Dyne, CPA, the firm's national director of independence, who is responsible for independence compliance and monitoring.

"As part of this process, engagement teams answer a series of questions, including independence questions, and review the types of services provided. Depending on how they respond to questions, the tool may trigger required national office consultations and approvals from our independence team before engagement teams can proceed." They file the consultation conclusions for future reference.


Mann and Van Dyne emphasized the need to focus on affiliates during the assessment because the independence rules in the AICPA Code apply to attest clients and to their affiliates. All affiliates must be identified and documented in the workpapers and independence monitoring systems.

"The most significant challenge for providing services to affiliates and monitoring those is with private-equity relationships because of the potentially large number of entities and the lack of public information about them," Van Dyne said. "You can't search the SEC's EDGAR database, and there may not be any public information available about these entities and how they are related. Communication between clients and engagement teams across all lines of business is essential to know the direct client family tree and who the parent is."

RSM uses information in its time and billing system to indicate relationships in a private-equity family and monitors them through its client assessment tool. Many private-equity firms use initial public offerings as an exit strategy for their portfolio companies, and SEC independence rules will come into play and apply retroactively.

Firms may be part of a network of individual firms that do not have common control and ownership. Monitoring of network services can be challenging, to ensure that one member firm does not impair the independence of another. RSM's network is international, but Van Dyne suggested that domestic member firms could use a similar approach. RSM uses a centralized database, created and monitored by its international executive office. Engagement teams populate it with client service information and must search it during the client evaluation process and document the results.

Mayer Hoffman McCann is in an alternative practice structure with the consulting firm CBIZ. CBIZ performs all the nonattest services, and Mayer Hoffman McCann performs only attest services but must consider CBIZ's services as if Mayer Hoffman McCann provided them. As a result, Mann said, there is a heightened awareness of prohibited nonattest services to ensure that the firms do not run into independence issues.


Over the course of client relationships, there will be changes to services provided as well as changes to clients' organizations and clients' needs overall. For example, the attest client may request additional nonattest services, or there may be changes in the attest client's organization that result in new or increased threats to independence. These require an ongoing evaluation of independence. It is also important to evaluate services in the case of existing nonattest clients that seek attest services in later years. Safeguards that were previously in place and effective must be reevaluated so that they continue to be adequate.

"Determining independence at a point in time is a good detective control but not a preventive one," Van Dyne said. She suggested that there should be continuous talk about independence with clients and within the firm, as part of the firm's culture, to raise awareness and increase prevention.

"CPAs serve clients," she said. "In the heat of serving their needs, engagement teams do what is asked of them. But they must be trained to take a step back and assess whether doing something additional is beyond what they were engaged to do and can create an independence problem."

Van Dyne said she reminds engagement teams that they must give appropriate consideration to what she calls "the cumulative effect" of nonattest services, not only an individual nonattest service in isolation. A common example of this issue is in the area of financial statement preparation. "Bookkeeping, making journal entries, preparing financial statements, or preparing disclosures may be permitted individually, but problems can arise if you do them all," she said.

Brand deals with this issue in his firm by having face-to-face meetings at least annually with all clients that receive more than tax services. At those meetings, they discuss the clients' expectations of the firm and assess whether it can provide any new services. His staff also advises him on an ongoing basis of any new clients or any existing clients that are asking for additional services.

A practice that was not designed for scope creep but can help is one that RSM uses for SEC clients. Van Dyne suggested it could be applied to all clients in a smaller firm or a regional firm where offices are spread out. RSM requires that a client's engagement letter for nonattest services be co-signed by both the nonattest and attest engagement leaders.

"This practice makes the assurance partners aware of the services offered to their clients," she said. "It is not getting the assurance partner's approval or policing the services, but it forces more communications between engagement teams and results in better client service because everyone can work more collaboratively."


It is critical that CPAs, particularly more junior members of a firm, are aware of the requirements. Education about independence can be formal, through required continuing professional education courses and ethics updates. It can also be informal, through discussions and brainstorming sessions in the office, as part of weekly luncheon meetings, and during engagement planning.

Standard quality-control procedures should include reviewing that members have obtained CPE in required ethics and independence, and that those working on specialized areas such as governmental and benefit plan work or SEC engagements have met their more stringent independence requirements.

Mayer Hoffman McCann's staff is trained on how to use independence monitoring systems, Mann said. The firm's managers attend live training on independence, and all staff receive at least annual training through webinars and online self-study courses. Mann uses an independence grid, a multipage document that summarizes the independence requirements, lists the nonattest services the firm provides, and shows whether they may be allowed or prohibited under each category of independence rules (AICPA, U.S. Department of Labor, SEC, PCAOB, and U.S. Government Accountability Office). It is a quick guide to the rules that is used as part of training and is available on the firm's intranet.

"It will not necessarily say 'yes' or 'no' as to whether a nonattest service can be provided, but it will advise that there is a need to consult with me or designated subject-matter independence experts," Mann said. While it took some time for his firm to create the grid, it is a valuable resource that is easy and efficient for engagement teams to use. (See the sidebar, "Testing Your Independence," for information about a free AICPA tool that includes a checklist and flowchart for testing independence, and an online quiz to assess your knowledge of independence issues.)

Van Dyne suggested that training about nonattest service independence is most fitting at the in-charge staff level because they are the ones responsible for engagement planning and have more regular client interactions. RSM uses white papers to educate staff about challenging independence issues, such as private equity and affiliates, and creates related PowerPoint presentations that staff can use to educate clients.

Clients need to be educated about independence and how the standards affect the services that can be provided. If they understand the requirements, they can help identify potential independence threats. Mann suggested that many larger clients, including public companies and broker-dealers, are typically aware of independence issues and ask questions before the work begins.

The biggest challenge for a small firm is educating small business clients about the requirements, Brand said. "They hired us because we're accountants and they're not, and they want us to tell them how to do things," he said. "We tell them we will educate them as much as we can and hold their hands, but we have to let them make the decisions because we can't make the decisions for them. We sometimes need to tell them that we can either do their bookkeeping or their audit, but not both."


The standards require adequate documentation about the understanding reached with clients.

Brand uses updated engagement letters each year, after meetings with clients, which document their current understanding of services and responsibilities. "For every new attest service client with nonattest services, we require that a client information form is prepared covering their organization and related parties, which becomes part of the permanent file," he said. "We also use a standard nonattest service documentation form to document our evaluation of our clients and what we do for them over time, which is also included in the permanent file."

Mann recommended using separate engagement letters as a control over any new work that is being done for a client. Van Dyne implemented changes to engagement letters for nonattest clients to specifically name the individuals responsible for the required management oversight and responsibility for the services provided.

It can be challenging to evaluate a client's SKE, but this step is emphasized within Brand's firm by using the client profile section of the peer review checklist as a guide to evaluating SKE for review and audit engagements.

Van Dyne said she stresses SKE in training. "It has to be actively evaluated because a frequent trap for engagement teams is that they assume their client has the requisite SKE based on the person's title or position or because the client assigned that person to be responsible for the service," she said. She uses email to informally address questions from engagement teams on specific client service situations relating to SKE and to provide guidance.

"We emphasize that a culture of consultation is very important in this area, and we say the worst decision is one you make by yourself," Mann said. In addition to the nonattest independence rules themselves, which vary by regulator, members must look at individual nonattest services that may appear to be permitted by the rules and also consider the appearance of independence. He recommended that engagement teams use their firm's independence resources and consult upfront if there are any questions so there are no surprises, for the sake of both the firm and the client. "The worst situation is to pursue an engagement for a period of time and then not be able to do it," he said.

Examples of nonattest services

Nonattest services include services such as:

  • Advisory services.
  • Appraisal, valuation, and actuarial services.
  • Benefit plan administration.
  • Bookkeeping, payroll, and other disbursements.
  • Business risk consulting.
  • Corporate finance consulting.
  • Executive or employee recruiting.
  • Forensic accounting.
  • Information systems design, implementation, or integration.
  • Internal audit.
  • Investment advisory or management.
  • Tax services.

Testing your independence

The AICPA Professional Ethics Division has issued a nonauthoritative tool that is designed to help members understand the independence requirements related to providing nonattest services and with evaluating threats to independence when providing these services. The tool provides an overview of independence considerations when providing nonattest services to an attest client, a flowchart that illustrates the steps to evaluating independence when providing certain nonattest services, and a checklist to aid members with evaluating whether independence would be impaired under the interpretations of the Nonattest Services subtopic of the Independence topic. The tool is available for free at Also, test your knowledge of independence safeguards, documentation requirements, and other key aspects of nonattest services by taking a six-question "Nonattest Services Quiz."

About the author

Maria L. Murphy ( is a freelance writer based in Wilmington, N.C.

To comment on this article or to suggest an idea for another article, contact Ken Tysiac, editorial director, at or 919-402-2112.

AICPA resources



CPE self-study

  • Ethics: Nonattest Service, Integrity, and Objectivity (#159419, one-year online access)
  • Independence (#159185, one-year online access)
  • Professional Ethics: The AICPA's Comprehensive Course (#733940, text; #155702, one-year online access; #155902, one-year online access, for licensure)

For more information or to make a purchase, go to or call the Institute at 888-777-7077.

Where to find August’s flipbook issue

The Journal of Accountancy is now completely digital. 





Better decision-making with data analytics

Data analytics has become a hot topic, but many organizations have not yet managed to understand its potential, let alone put it to work. This report will take a deep-dive on how to best introduce or enhance the use of data in decision-making.