The AICPA Professional Ethics Executive Committee proposed revisions to the Code of Professional Conduct independence rule that applies to members providing information-systems-related services to attest clients.
These "nonattest" services, which are addressed in the Code under Subtopic 1.295, Nonattest Services, raise possible self-review or management participation threats to a member's independence. The proposed interpretation, "Information System Services," significantly clarifies and expands upon the current interpretation, "Information Systems Design, Implementation, or Integration" (ET §1.295.145).
Given the absence of any self-review threat, designing, developing, or implementing a system that is not a financial information system (FIS) does not impair independence if the member satisfies the "General Requirements for Performing Nonattest Services" interpretation (ET §1.295.040). The proposal also describes the types of activities members may engage in with respect to a client's FIS.
Though the revised rules would mainly clarify and explain the existing rules, two substantive changes from the current interpretation are reflected in the proposal:
- Applying the definition of an FIS (i.e., considering whether the results of the services will have a significant impact on the financial statements or processes) could result in a less restrictive interpretation than the current standard, which is silent on what constitutes an FIS, and therefore bans all design or development services for an FIS regardless of magnitude.
- Greater clarity on the types of network maintenance activities members may perform, with a focus on performing one-off services versus continuing maintenance, will likely lead to more activities impairing independence than under the existing standard.
Comments on the proposed interpretation are due June 15 and can be emailed to Ethics-ExposureDraft@aicpa-cima.com.