Auditors performing engagements under generally accepted government auditing standards (GAGAS) are subject to new rules reinforcing the principles of transparency and accountability under revisions published by the U.S. Government Accountability Office (GAO) in July 2018.
The revised standards (also known as the “Yellow Book,” or GAS) were restructured by the GAO to separate the standard’s requirements from the application guidance (see the sidebar “Restructured Yellow Book”). Independence standards appear in Paragraphs 3.17–3.108 of the revised Yellow Book.
A clarified standard
Unless specifically prohibited under the Yellow Book (see the sidebar “Prohibited Bookkeeping Services”), a firm preparing accounting records and financial statements for an audit client creates threats to independence that either will or may require the firm to apply safeguards to maintain its independence.
While the 2011 rules required firms to consider these possibilities, the 2018 Yellow Book clarifies that preparing the financial statements in their entirety creates a significant threat to independence that should be reduced to an acceptable level by safeguards. A firm should also document the evaluation and how threats were effectively addressed.
For other permissible services involving preparation of accounting records and financial statements, firms should document the evaluation of the threat(s) to determine significance. If significant, the documentation should include a description of the safeguards applied to reduce any significant threat(s) to an acceptable level.
Clarifications appear in the following paragraphs of the new Yellow Book:
Paragraph 3.88 states that when preparing a client’s financial statements in their entirety from the client’s trial balance or underlying accounting records, firms should conclude that significant threats to independence exist. Under the Yellow Book’s conceptual framework approach (Paragraphs 3.26–3.63), when a firm encounters significant threats to independence, the firm should apply safeguards to eliminate or reduce the threats to an acceptable level.
Threats are at an acceptable level when a reasonable and informed third party would conclude that the firm could perform the audit without compromising its professional judgment. A firm that will apply effective safeguards should document the evaluation of threats to independence and describe the safeguards applied. Paragraph 3.69 provides examples of possible safeguards the firm could apply that could be effective for the potential threats that may exist:
- Separate personnel perform the audit and preparation of accounting records and financial statement services.
- An independent party (from inside or outside the firm) performs a second review of the preparation of accounting records and financial statement work.
A firm that cannot apply effective safeguards that reduce the threats to an acceptable level should not perform the preparation of accounting records and financial statement services during the period covered by the financial statements (or other subject matter of the engagement) and the period of professional engagement, as independence would be considered impaired.
Paragraph 3.89 states that a firm providing other preparation of accounting records and financial statement services should document its evaluation of threats to independence — even if the firm concludes that the threats are not significant — for the following activities:
- Recording transactions for which management has determined or approved the appropriate account classification or posting coded transactions to a client’s general ledger;
- Preparing certain line items or sections of the financial statements based on information in the client’s trial balance;
- Posting entries that management has approved to the client’s trial balance; and
- Preparing account reconciliations that identify reconciling items for management’s evaluation.
When threats to independence exist, firms should determine whether they are significant, because significant threats require the firm to apply safeguards to eliminate or reduce the threat(s) to an acceptable level. Auditors may consider the following factors in determining whether threats are significant, including:
- The extent to which the outcome of the service could have a material effect on the financial statements;
- The degree of subjectivity involved in determining the appropriate amounts or treatment for those matters reflected in the financial statements; and
- The extent of management’s involvement in determining significant matters of judgment.
Assume a firm performs services involving preparation of accounting records and/or financial statements that involve straightforward calculations (not subject to significant judgment) where the results of the work would not be material to the financial statements. Management is fully engaged in overseeing the services and has designated an individual with appropriate skills, knowledge, and experience to oversee the service.
If the firm concludes the self-review threat is not significant, it still should document its evaluation, including the rationale for its conclusion. If threats are significant, and safeguards will be applied that effectively reduce threats to an acceptable level, then the documentation should include a description of the safeguards applied. A firm that cannot apply effective safeguards that reduce the threats to an acceptable level should not perform services that involve the preparation of accounting records and financial statements during the period covered by its audit (or other attest services) and the period of engagement, as independence would be considered impaired.
Figure 2 of Chapter 3 provides a visual aid titled “Independence Considerations for Preparing Accounting Records and Financial Statements.” (See the graphic, “Independence Considerations for Preparing Accounting Records and Financial Statements.”)
The Yellow Book provides new application guidance on evaluating whether a client has sufficient skills, knowledge, or experience to oversee a nonaudit service. Paragraph 3.79 provides that an indicator of management’s ability to effectively oversee the service would include the ability to recognize a material error, omission, or misstatement in the results, or the reasonableness of the results, of the nonaudit service. If management lacks this ability, the firm should consider whether it can provide the nonaudit service and remain compliant with the Yellow Book independence standards.
Comparison to the AICPA Code of Professional Conduct
GAS Paragraphs 3.88–3.89 are more restrictive than the AICPA Code of Professional Conduct (the AICPA Code) nonattest service provisions in ET Section 1.295.020. Except for certain services that are considered to impair independence (ET §1.295.120.03), the AICPA does not conclude that preparation of accounting records and financial statement services create threats or significant threats to independence requiring analysis and documentation. The AICPA Code generally considers the services described in Paragraphs. 3.88–3.89 of the Yellow Book to be permissible without the application of additional safeguards provided the firm complies with ET Section 1.295 (including the general requirements in ET §1.295.040). If preparation of accounting records and financial statement services proposed by a firm are not addressed in the Code, the firm should evaluate threats to independence under the AICPA Conceptual Framework for Independence (ET §1.210.010).
When is the revised Yellow Book effective?
The new Yellow Book is effective for financial audits, attestation engagements, and reviews of financial statements for periods ending on or after June 30, 2020, and for performance audits beginning on or after July 1, 2019. Early implementation is not permitted.
How can firms prepare for these changes?
Firms need to evaluate independence with respect to the provision of nonaudit services during the period covered by the financial statements (or other subject matter of the engagement) and the period of professional engagement, which includes the period covered by the financial statements. Therefore, firms should evaluate whether they will be able to implement safeguards to eliminate or reduce significant threats to an acceptable level under the new standards. In some instances, nonaudit services provided by the auditor to the audited entity prior to June 30, 2020, may affect the auditor’s independence with respect to the subsequent financial audit conducted under the 2018 standards. In such cases, auditors should use professional judgment to comply with the applicable version of the standards.
Here’s an illustration of how a firm may comply with the requirements in the 2018 Yellow Book:
Nov. 1, 2019 – Oct. 15, 2020: Firm is engaged on Nov. 1, 2019, to provide services to the city of Medford (City) consisting of occasional account reconciliations (as requested by the client) that are significant to the financial statements and year-end help preparing the City’s financial statements, including all footnote disclosures (financial statements in their entirety). The firm performs no other nonaudit services for this client.
November 2020: Firm audits the City’s Sept. 30, 2020, fiscal year-end financial statements.
The 2018 Yellow Book applies to services involving preparation of accounting records and financial statements the firm performs after July 1, 2019. Based on the requirements in Paragraph 3.88 of the Yellow Book, prior to accepting the nonaudit services engagement, the firm should conclude that the financial statement preparation services create significant threats to independence and document the threats and safeguards applied to eliminate and reduce the threats to an acceptable level. Per Paragraph 3.89 of the Yellow Book, the firm should then document the firm’s evaluation of threats related to the monthly account reconciliations and, if significant, document the safeguards applied to eliminate or reduce threats to an acceptable level.
The firm considers threats to independence arising from these services in the aggregate and applies the following safeguards:
The firm assigns different personnel from different offices in the firm to the audit and nonaudit engagements. In addition, all audit engagements performed under the Yellow Book are subject to a second independent review by another partner in the firm. Finally, the firm documents management’s review and approval processes over the services provided to the client. The firm believes the combination of these safeguards will adequately reduce any self-review threats to an acceptable level.
What if the firm has only one shareholder and two staff and is unable to assign different personnel to the engagements or provide a second reviewer on the audit or preparation of accounting records and financial statement work? Assume the client is a small charitable organization and the cost to hire an outside CPA to perform an independent review of the services cannot be justified by the engagement fees.
In that case, the firm may need to relinquish or scale back the scope of its nonaudit services if it wishes to continue performing audit services for the client. Or the firm may resign from the audit engagement and perform only the preparation of accounting records and financial statement services. Independence would be impaired if the firm performed both the audit and nonaudit services described above without appropriate safeguards.
Preparing financial statements in their entirety
Paragraph 3.88 of the 2018 Yellow Book provides that “preparing financial statements in their entirety from a client-provided trial balance or underlying accounting records” creates significant threats to independence. Firms should consider whether, in substance, the firm’s financial statement preparation services reach the threshold of “in their entirety.”
Even if the firm concludes that the financial statement preparation services do not meet that threshold, providing preparation of accounting records and financial statement services still requires the firm to evaluate and then document the evaluation of threats to independence under Paragraph 3.89. That is, the firm should evaluate the significance of threats and, when threats are significant, apply safeguards to eliminate or reduce the threat to an acceptable level. The firm should consider the significance of the assistance provided to the subject matter of the audit and consider the following:
- Whether the services provided are material to the financial statements. For example, if the firm is providing or assisting with a single note disclosure on a new accounting standard that is material to the statements, that will likely create a significant threat.
- The comprehensiveness of the services provided. For example, if the firm helps with the statement of cash flows and most of the note disclosures, then threats will likely be significant.
- The cumulative effect of the services provided. For example, if the firm is assisting with cash to accrual or conversion entries in addition to financial statement preparation assistance, threats to independence will be more significant.
Paragraph 3.95 states that providing clerical assistance is unlikely to create a significant threat; however, Paragraph 3.89 requires documentation of the evaluation.
Reminders regarding documentation unchanged from the 2011 Yellow Book
Unchanged from the 2011 Yellow Book, the firm should also document the firm’s:
- Consideration of management’s ability to effectively oversee the preparation of accounting records and financial statement services (Paragraph 3.107, 2018).
- Understanding with the client’s management or those charged with governance regarding:
1. The objectives of the nonaudit service;
2. The services to be provided;
3. The client’s acceptance of its responsibilities;
4. The firm’s responsibilities; and
5. Any limitations on the provision of nonaudit services (Paragraph 3.77, 2018).
Impact of the new Yellow Book on firms
Smaller firms that typically audit smaller governmental and other entities subject to GAGAS are bound to be most impacted by clarifications in the 2018 Yellow Book. These firms may be unable to assign separate personnel or other effective safeguards when providing audit and preparation of accounting records.
As illustrated, if threats are significant and effective safeguards cannot be applied, firms may need to choose between the audit and preparation of accounting records and financial statement services. Firms should also factor in additional time pre-engagement to apply the new rules, determine whether they can continue to perform both audit and preparation of accounting records and financial statement services, and, if so, prepare the required documentation for their workpapers.
Clarifications to the Yellow Book independence standards make it clearer that firms should apply appropriate safeguards when preparing a client’s financial statements in their entirety. For other permissible services involving preparation of accounting records and financial statements, firms will need to evaluate threats to determine whether they are significant, and, if so, whether safeguards can effectively eliminate or reduce threats to an acceptable level so the firm is independent.
Documentation of the evaluation of these threats and, if applicable, safeguards applied to reduce any significant threats to an acceptable level will also be required whenever the firm is providing permissible services involving preparation of accounting records and financial statements. In some cases, especially in the smaller firm/client markets, a lack of effective safeguards may preclude firms from providing services involving the preparation of accounting records and financial statements to their audit clients. To maintain compliance with GAGAS, firms should proactively consider the impact of the 2018 Yellow Book independence standards on these client engagements.
Restructured Yellow Book
The GAO restructured the Yellow Book to separate the standard’s requirements from the application guidance. Requirements are included in a box that has a header indicating a requirement. Application guidance follows the related requirement boxes.
A glossary was added to the appendix to provide definitions for certain terms used. In addition, firms should look at terms defined in Paragraph 1.27.
Prohibited bookkeeping services
Paragraph 3.87, which is unchanged from the 2011 Yellow Book, outlines the types of bookkeeping services firms may not perform because they are management responsibilities that impair independence, that is:
- Determine or change journal entries, account codes or classifications for transactions, or other accounting records for the client without obtaining management’s approval;
- Authorize or approve the client’s transactions; and
- Prepare or make changes to source documents without management’s approval.
Independence considerations for preparing accounting records and financial statements
— Catherine R. Allen, CPA, provides ethics and independence consultation and training through her consulting firm, Audit Conduct LLC, in Rocky Point, N.Y. Nancy Miller, CPA, is a managing director in the Independence Group at KPMG U.S. To comment on this article or to suggest an idea for another article, contact Ken Tysiac, the JofA’s editorial director, at Kenneth.Tysiac@aicpa-cima.com.