Understanding the AICPA’s Yellow Book Independence Practice Aid for Performing Nonaudit Services A Governmental Audit Quality Center (GAQC) Web Event April

Understanding the AICPA’s Yellow Book Independence Practice Aid for Performing

Nonaudit Services

A Governmental Audit Quality Center (GAQC) Web EventApril 11, 2012

Governmental Audit Quality Center 2

Administrative Notes

Troubleshooting Tips No Audio?• Ensure that your computer speakers are turned on and that the

volume is turned up.• Check to ensure that audio streaming is enabled on your

computer

If the presentation slides stop advancing during the presentation you should:• Hit the red “Exit” button located to the right of the main screen;

this will close out of the presentation and re-launch the webcast

If you are still having audio or other technical difficulty• Check with your IT personnel at your firm.• Click on the “Support” tab on the lower right-hand side of your

screen• Finally, call the AICPA Service Center at 888.777.7077


Administrative Notes

We encourage you to submit your technical questions – please limit your questions to the content of today’s program

You can submit your questions at any time during this Web event by clicking on the “Q &A” tab on the lower right-hand side of your screen.

You can also download slides in PDF or PowerPoint by clicking on “Handouts” tab

This event is being recorded and will be posted in an archived format to the GAQC Web site

This event will also be rebroadcast for CPE on May 2 from 1-3pm.


Continuing Professional Education

To document your participation and obtain CPE, you must click “OK” on 75% of pop-up markersThere will be a total of 8 participation pop-up markers during the event (i.e., about 1 every 15 minutes)

At the end of today’s presentation we will provide steps for obtaining your CPE certificate

Contact the Service Center for help with obtaining CPE at 888.777.7077 or [email protected]

If you are not receiving CPE for this event, ignore the pop-up markers if they appear.

mailto:[email protected]


Presenters

Nancy Miller, CPAPartner

Miller Foley Group---

Brian Schebler, CPANational Director of Public Sector Services

McGladrey & Pullen LLP ---

Lisa Snyder, CPADirector of Professional Ethics

American Institute of CPAs


What we will cover

Overview of Independence Requirements in 2011 Government Auditing Standards (Yellow Book or YB)

Purpose and Background of Practice Aid titled, 2011 Yellow Book Independence - Nonaudit Services Documentation Practice Aid (Practice Aid)

Using the Practice Aid – A Case Study

Questions

Governmental Audit Quality Center 7Governmental Audit Quality Center

Overview of Independence

Requirements in 2011 Yellow Book


2011 Yellow Book Independence Requirements

Today’s presentation focuses on the new GAQC YB Practice Aid

Archived GAQC Web event, The New 2011 Yellow Book: What You Need to Know Now, provides a more in-depth discussion on 2011 Yellow Book

2011 Yellow Book is effective for financial audits and attestation engagements for periods ending on or after December 15, 2012; early implementation is not permitted

However, new independence rules need to be considered before effective date when auditor performing a nonaudit service

http://www.aicpa.org/InterestAreas/GovernmentalAuditQuality/Resources/AuditPracticeToolsAids/Pages/YellowBookAuditToolsandAids.aspx

http://www.aicpa.org/InterestAreas/GovernmentalAuditQuality/Resources/Pages/TheNew2011YellowBook.aspx

http://www.aicpa.org/InterestAreas/GovernmentalAuditQuality/Resources/Pages/TheNew2011YellowBook.aspx


Auditor Independence Rules a Key Emphasis Area

Main area of change in 2011 Yellow Book relates to its independence rules

Chapter 3 titled, General Standards, of the 2011 Yellow Book critical to understand• Defines independence of mind and in appearance• Emphasizes the importance of considering individual

threats to independence both individually and in aggregate

GAO will be retiring current Government Auditing Standards: Questions and Answers to Independence Standard Questions guidance

Governmental Audit Quality Center

Chapter 3 – General Standards: Independence

Introduction of a Conceptual Framework

Allows the auditor to assess unique circumstances

Adaptable

Consistent with AICPA and IFAC frameworks

Significant differences from AICPA Interpretation 101-3

Entry point for use of the framework

Emphasis on services “in aggregate”

Documentation requirements

Preparation of financial statements are nonaudit service

10


Applying the Framework

New approach combines a conceptual framework with certain rules (prohibitions)

• Balances principle and rules based standards• Serves as a hybrid framework

Certain prohibitions remain• Generally consistent with Rule 101 AICPA

Beyond a prohibition• Apply the conceptual framework• Will be used more often than AICPA

1111


Chapter 3 – General Standards: Independence

Threats could impair independence• Do not necessarily result in an independence

impairment

Safeguards could mitigate threats • Eliminate or reduce threats to an acceptable level

12


Independence Categories of Threats

1. Management participation threat

2. Self-review threat

3. Bias threat

4. Familiarity threat

5. Undue influence threat

6. Self-interest threat

7. Structural threat

13


Documentation Requirements

Threats to independence that require the application of safeguards, along with the safeguards applied

Assessment of audited entity management’s ability to effectively oversee nonaudit services, including whether management possesses suitable skills, knowledge, or experience (SKE);

The understanding established with the audited entity regarding the nonaudit services to be performed.

14


Purpose and Background of Practice Aid


Purpose of Practice Aid

To assist auditors in: • Applying the YB independence conceptual framework• Identifying and evaluating threats to independence for nonaudit

services• Identifying safeguards where necessary• Assessing management’s Skills, Knowledge, or Experience

(SKE)• Complying with YB documentation requirements

Practice Aid highlights nonaudit services frequently performed for smaller entities:• Preparing financial statements (F/S)• Preparing journal entries other than proposed audit entries• Preparing reconciliations


Background of Practice Aid

Developed by the AICPA GAQC, Ethics, and Peer Review teams

Audits performed under 2011 Yellow Book

Federal agency representatives reviewed the Practice Aid and provided feedback (e.g., GAO, various agency Inspector General representatives)• General reaction from federal agencies has been very positive


Using The Practice Aid

Limited to considerations of potential threats to independence related to management participation and self-review

Auditors must also consider other threats and determine whether the facts and circumstances warrant use of the YB Conceptual Framework

Auditors are cautioned to reevaluate conclusions whenever circumstances change

Keep in mind that YB requires evaluation of threats in the aggregate


How to Obtain the Practice Aid

Flat PDF Version. Free to AICPA members, including GAQC members. Access the free pdf version of the Practice Aid on the GAQC Web site

For Sale Version. Practice Aid Version Designed for Auditor Documentation Input (Supplement) available for a small fee to AICPA members, GAQC members, and non-members; order the for-sale Supplement• Can be saved and included as part of auditor’s documentation


http://www.cpa2biz.com/AST/Main/CPA2BIZ_Primary/AuditAttest/IndustryspecificGuidance/Government/PRDOVR~PC-APAYBI12D/PC-APAYBI12D.jsp


Using the Practice Aid – A Case Study


Case Study Approach

Presentation will use a case study to assist participants in understanding how to use the Practice Aid and what is in the Practice Aid

Next few slides explain facts and circumstances of case study; see also handouts for a summary of the case study facts and circumstances and instructions to Practice Aid that you can refer to

Case study is illustrative to demonstrate how an auditor, using professional judgment, might reach conclusions about the situation described • Not an authoritative example• Subtle changes in facts and circumstances could lead an

auditor to reach different conclusions


Case Study – Facts and Circumstances

ABC Firm has audited Small Town USA for the last 3 years

Small Town is governed by a 10-member town council

3 employees in Finance Department of Small Town• Brandon, Town Manager, has worked for Small Town for 15

years• Dave, Finance Director, has 5 years with Small Town and

formerly held a similar role for another small town• Shelly, Accounting Clerk, has worked for Small Town for 15

years


Case Study – Facts and Circumstances (continued)

Small Town provides a trial balance to ABC Firm but does not make any year-end adjusting entries

Small Town provides a listing of fixed asset additions and deletions and ABC Firm prepares the depreciation schedule

ABC Firm prepares the town’s F/S, including the cash-to-accrual conversion and GASB 34 conversion entries

ABC Firm prepares the town’s property tax roll reconciliation


Case Study – Facts and Circumstances (continued)

Finance Director reviews and approves all adjusting entries

Capital assets for the 12/31/2012 year-end are not material to the town’s F/S

Town Manager and Town Council assume all management responsibilities related to nonaudit services


Preconditions to Performing Nonaudit Services

Management should assume all management responsibilities and take responsibility for nonaudit services performed by the auditors

Management should oversee the nonaudit services and evaluate the adequacy and results of the services

Auditors should establish and document their understanding with management regarding the nonaudit service

Auditors should assess (AICPA & YB) and document (YB) whether management possesses suitable SKE to oversee the nonaudit service

25

IMPORTANT: Must document the suitability of management’s SKE and the understanding established with the audited entity for all nonaudit services performed, regardless of whether threats to independence are determined to be significant


Appendix A: Detailed Instructions


Completing Section I


Section I: Prohibited Nonaudit Services-Management Responsibilities

Step 1 – List in Column 1 the nonaudit services to be performed and describe them in detail in Column 1a• See Appendix B, Nonaudit Services, of the Practice Aid for

guidance of determining which services are nonaudit services• 2011 YB differentiates nonaudit services from routine audit

services• Routine activities are those services performed by auditors that

relate directly to the performance of an audit• Auditors should consider that any services that do not meet the

definition of routine audit services (and are not audit or attestation services) may be nonaudit services


Routine Audit Services and Nonaudit Services

Services that are considered nonaudit services include:• F/S preparation• Bookkeeping services• Cash to accrual conversions (a form of bookkeeping)• Other services not directly related to the audit• Appendix B of the Practice Aid describes other services

Unless specifically prohibited, nonaudit services MAY be permissible but should be evaluated

• In relation to the conceptual framework• In relation to the auditor’s assessment of managements’ SKE

29


A Quick Note on Bookkeeping Services

May be performed provided the auditor does not

Determine or change journal entries, account codes or classifications for transactions, or other accounting records without obtaining client approval

Authorize or approve transactions

Prepare source documents

Make changes to source documents without client approval

Consistent with AICPA Interpretation 101-3

30


Section I: Continued

What services does ABC firm plan to provide to Small Town USA?• Preparing F/S• Preparing journal entries• Preparing property tax roll reconciliation• Preparing depreciation schedule

Are these nonaudit services under AICPA and YB?

Yes….by reviewing Appendix B you will find that all are nonaudit services



Step 2 – Determine whether the 2011 Yellow Book specifically prohibits the nonaudit services being considered.

See Appendix C, Prohibited Nonaudit Services, of the Practice Aid for guidance

If nonaudit services are prohibited, no safeguards are sufficient to mitigate the threats and independence would be impaired


Appendix C: Prohibited Nonaudit Services



Step 3 – Determine if the nonaudit service will involve assuming management responsibilities

Management responsibilities involve:• Leading and directing an entity, including making decision

regarding the acquisition, deployment, and control of human, physical, and intangible resources.

If an auditor assumes management responsibilities for an audited entity, the management participation threats created would be so significant that no safeguards could eliminate or reduce such threats to an acceptable level.

Assuming management responsibilities will impair independence


Section I: Example Documentation


Completing Section II


Section II: Nonaudit Services-Evaluation of Threats to Independence and the Application of Safeguards

Step 4 – Evaluate threats, which are circumstances that could impair independence, and determine if they are significant

See Appendix D, Threat Indicators, of the Practice Aid for assistance

Practice Aid focuses on management participation and self-review threats. Remember that other threats may exist and will need to be evaluated if relationships exist beyond nonaudit services


Section II: Step 4 – Evaluating Threats and Identifying Significant Threats

When evaluating threats, the following threat indicators may suggest an increase in the significance of threats:• The cumulative effect of aggregate threats (e.g.

performing multiple nonaudit services)• The significance of nonaudit services to the subject matter

of the audit • The degree of assumptions and judgments by the auditor• Increasing the degree of subjectivity related to nonaudit

services• The cumulative effects of the indicators • Other threats to independence


Section II: Step 4 – Other Factors to Consider When Evaluating the Significance of Threats

Auditors should evaluate threats both individually and in the aggregate because threats can have a cumulative effect on independence

Whenever relevant new information about a threat comes to the attention of the auditor, the auditor should evaluate the significance of the threat


Need Help? Let’s Run Through Example 2 in Appendix DAuditor has been requested to prepare the F/S for an audited entity. The auditor considered the following in evaluating whether a significant threat to independence existed:

a) The audited entity’s books and records are substantially complete and accurate. Few, if any correcting entries are expected to be proposed.

b) The individual designated by the audited entity who oversees the preparation of the F/S possesses SKE sufficient to oversee the service but is not capable of reperformance.

c) This is the only nonaudit service that the auditor has been requested to perform.


Need Help? Let’s Run Through Example 2 in Appendix D

Conclusion: • The auditor reached the conclusion that preparation

of the F/S would result in a significant threat to independence; therefore

• It would be necessary to apply safeguards.



Auditor has been requested to prepare the F/S, cash-to-accrual conversion entries, bank reconciliations, and depreciation schedules. The auditor considered the following:

a) A significant number of correcting journal entries are expected to be proposed to the F/S in order to make the books and records complete and accurate

b) The individual designated by the audited entity who oversees the preparation of the F/S and the other nonaudit services possesses SKE sufficient to oversee the service but is not capable of reperformance



Conclusion• The auditor concluded that the nonaudit services

performed would result in a significant threat to independence

• It would be necessary to apply safeguards• The auditor would likely determine that the

safeguards to be applied in this situation would need to be inherently stronger, or more safeguards would need to be applied, than those in the preceding example 2 in order to sufficiently eliminate or reduce threats to an acceptable level


Section II: Step 4 (continued)

Back to the Case Study

Are threats identified for the nonaudit services to be performed by ABC Firm and are the threats significant?• Preparing F/S? Yes • Preparing journal entries? Yes • Preparing property tax roll reconciliation? Yes • Preparing depreciation schedule? No


Section II: Step 5 - Safeguards

For the significant threats identified in step 4, in column 5 the auditor must evaluate potential safeguards and document those that will be applied

As noted on previous slide, ABC Firm identified 3 nonaudit services with significant threats of management participation and self-review

What safeguards can they apply that will eliminate or reduce the significant threat(s) to an acceptable level?


Section II: Safeguards

The 2011 YB requires the application of safeguards whenever threats are significant

See Appendix E, Application of Safeguards, of the Practice Aid for help

Keep in mind:• Some safeguards have a higher level of mitigation of threats

than others• Auditor may place limited reliance on safeguards the audited

entity has implemented but may not rely solely on such safeguards

• When determining the type and number of safeguards to be applied, the auditor should consider the significance of the threat(s), both individually and in the aggregate


Section II: Application of Safeguards

Keep in mind (continued):• Safeguards that involve personnel who are independent of the

audit process are generally more effective than those who are not independent.

• Determining which safeguards to apply involves professional judgment and is dependent on the facts and circumstances of each specific situation.


Example Safeguards in Appendix E

Consulting another auditor

Discussing independence issues with those charged with governance of the entity

Assigning separate engagement personnel for the audit and nonaudit service

Educating management on the nonaudit services performed so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the nonaudit services



Obtaining secondary reviews of the nonaudit services by professional personnel who were not involved in planning or supervising the audit engagement

Obtaining secondary reviews of the nonaudit services by professional personnel who were not members of the audit engagement team

Discussing the significance of the threats to management participation or self-review with the engagement team and emphasizing the risks associated with such threats



When F/S preparation is the nonaudit service being performed determining that there has been review of the F/S and successful completion of a disclosure checklist by the audited entity• This is a safeguard within the audited entity’s systems

and procedures so an auditor should not rely solely on such safeguards

• Including the audit engagement as a required engagement quality control review (EQCR) under the audit firm’s system of quality control


Need Help? Let’s Run Through Example 1 in Appendix E

• The auditor has been requested to prepare the F/S• The auditor has determined that the preparation of

F/S represents a significant threat. • The auditor determined the following safeguard

would be applied:• Have someone not involved in planning or supervising the audit

engagement review the F/S before releasing the statements


Need Help? Let’s Run Through Example 1 in Appendix E (continued)

• Other Alternative Safeguards:• Educate management on the nonaudit services to be performed

by reviewing and explaining the basis for preparing the F/S, so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the F/S

• Request that the audited entity complete a disclosure checklist as part of the overall review of the F/S


Need Help? Let’s Run Through Example 2 in Appendix E

• The auditor has been requested to prepare the F/S• The auditor has determined that the preparation of

the F/S represents a significant threat. • The auditor has concluded that, although the

audited entity did possess suitable SKE, due to the poor condition of the books and records the following safeguard would be applied:• Have a manager or partner not involved with the audit

engagement team review the F/S before releasing the statements.


Need Help? Let’s Run Through Example 2 in Appendix E (continued)

In this case, the auditor increased the strength of the safeguard by requiring the review of the F/S by someone not involved in the audit engagement

The audited entity must always accept responsibility for the F/S and must approve them

The auditor may have considered the following alternative safeguard:• Include the audit engagement as a required Engagement

Quality Control Review (EQCR) under the audit firm’s system of quality control.


Section II: Application of Safeguards

Back to the Case Study

Potential safeguards for Preparation of F/S • Review of the F/S by someone not involved in the audit

engagement• Discussing the nature and extent of entries and adjustments

with the chair of the audit committee (Note that this safeguard must be used in combination with other safeguards)

• Finance director reviews the F/S and completes a disclosure checklist (Note that this safeguard must be used in combination with other safeguards)

Remember that regardless of safeguards applied, management must always accept responsibility for the F/S


Section II: Step 6

Once the safeguards to be applied are determined, the auditor needs to evaluate those safeguards and determine if the safeguards are sufficient to eliminate or reduce the significant threat to an acceptable level

If the facts and circumstances change during the period of the engagement, the auditor should reevaluate the sufficiency of the safeguards

If the safeguards don’t eliminate or reduce the significant threat to an acceptable level, independence is impaired


Section II – Step 6 (continued)

Threats are not at acceptable level if they either:• Could affect the auditor’s ability to perform an audit without

being affected by influences that compromise professional judgment; or

• Could expose the audit organization to circumstances that would cause a reasonable and informed third party to conclude that the integrity, objectivity, or professional skepticism of the audit organization or member of the audit team had been compromised

In making the determination that safeguards are both available and have been applied, the auditor should use professional judgment and should take into account whether both independence of mind and independence in appearance are maintained. Both qualitative and quantitative factors should be considered.


Section II: Example Documentation


Completing Section III


Section III: Documentation of SKE of the Individual(s) Designated by the Audited Entity

Step 7: Identify the individual(s) designated to oversee the nonaudit service

Step 8: Document SKE – See Appendix F, Evaluation of SKE, of the Practice Aid for guidance

If no one at the audited entity is willing and able to oversee the nonaudit service, independence will be impaired and no safeguards would be sufficient to overcome the impairment.

Documentation of SKE is required for all nonaudit services regardless of the significance of the threats


Need Help? Let’s Run Through Example 1 and 2 in Appendix F

A small nonprofit executive director understands their organization’s operations and financial position; also understands services needed from the auditor and what those services intended to accomplish; and regularly carries out important decisions about all matters affecting their organization. The nonprofit also has a CPA on its board of directors who can assist the non-CPA executive director. • Auditor might conclude that executive director possesses sufficient

SKE alone • Alternatively, auditor might conclude that the executive director, with

the assistance of the board member, would possess the necessary SKE


Need Help? Let’s Run Through Example 4 in Appendix F

• Auditor is asked to install an off-the-shelf accounting package and set up the chart of accounts and F/S format for a small client

• Finance director who is out of town has designated the office manager to oversee the installation

• The office manager performs routine clerical duties, has a limited understanding of the finance department, and has never used accounting software. She has no understanding of the town’s books or records and F/S

• Conclusion: Unlikely that the office manager possesses sufficient SKE to oversee the installation and accept responsibility


Need Help? Let’s Run Through Example 7 in Appendix F

Auditor preparation of F/S• Audited entity need not have the understanding and ability to

prepare the F/S and disclosures based on GAAP• Auditor may assist the designated individual in obtaining the

necessary understanding so that he or she is in position to review and accept responsibility - For example, explain certain accounting principles and

disclosure requirements that were applied in preparing the F/S so that the individual has the necessary SKE

• Bottom line – designated individual should be able to review the F/S, with an emphasis on significant issues and disclosures


Section III: Step 8 – SKE DocumentationDocumentation requirement can’t be met simply by obtaining management representations or other actions performed solely by the audited entity.

SKE is not a safeguard but it may be a mitigating factor in determining the strength of the safeguards to be applied

The nature of the nonaudit service will affect the weight and applicability of factors to consider when determining suitable SKE

The designated individual must possess the SKE and be willing to oversee the nonaudit service


Section III: Step 8 – SKE Documentation

Factors to consider when evaluating and documenting the SKE of an individual• Understanding the nature of the service• Knowledge of the audited entity’s business• Knowledge of the audited entity’s industry• General business knowledge• Education, license, accreditations, and membership in

professional organizations• Position at the audited entity

The individual responsible for overseeing the service needs to understand the service sufficiently to oversee it but does not need to possess the technical qualifications to perform or reperform the service.


Section III: Example Documentation


Completing Section IV


Section IV: Establish and Document the Understanding With the Audited Entity Regarding Nonaudit Services

Step 9 – Management has to agree to each of the management responsibilities described below in connection with the nonaudit service(s)• Assume all management responsibilities• Evaluate the adequacy and results of the service(s) performed• Accept responsibility for the results of the service(s)

If management does not agree to assume all of the above functions, independence is impaired

Remember the YB independence requirements must be met before nonaudit services are performed


Section IV: Establish and Document the Understanding With the Audited Entity Regarding Nonaudit Services

Step 10 – Document the understanding established with the audited entity regarding the objectives of the nonaudit service(s)

Step 11 – Document the understanding established with the audited entity regarding the auditor’s responsibilities

Step 12 – Document the understanding established with the audited entity regarding the limitations, if any, on the nonaudit services to be provided

Typically, this understanding may be documented through the use of an engagement letter


Section IV: Example Documentation


Completing Section V


Section V: Conclusion

Document the date and signature of the preparer and supervisory reviewer

If subsequent to reaching a conclusion, relevant new facts and circumstances come to the attention of the auditor regarding the threats to independence, the auditor should evaluate the significance of the threats, in accordance with the Yellow Book Conceptual Framework, and update the Practice Aid documentation and conclusion as necessary


Section V – Example Documentation


Where do you look for guidance?

Become familiar with the Practice Aid and its Appendixes:


GAGAS Independence Decision Flowchart

75


Where do you look for more guidance?

Encourage staff to listen to the May 2nd CPE rebroadcast of this Web event (from 1:00PM – 3:00PM Eastern Time) or the no-CPE archive to be posted to GAQC Web siteBecome familiar with 2011 Yellow Book http://www.gao.gov/yellowbook

Listen to an archived member Web event titled, 2011 Yellow Book: What You Need to Know Now

Check out the new Yellow Book Tools and Aids section of the GAQC Web site

GAO technical hotline [email protected]

http://www.gao.gov/yellowbook

http://www.aicpa.org/InterestAreas/GovernmentalAuditQuality/Resources/Pages/ArchivedMemberWebEvents-AuditingStandards.aspx

http://www.aicpa.org/InterestAreas/GovernmentalAuditQuality/Resources/Pages/ArchivedMemberWebEvents-AuditingStandards.aspx



Questions ?????


How do I get my CPE certificate?

Just follow these steps:1. Log on to CPA2Biz.com

2. Click on “My Account” at the top of the page and enter your CPA2Biz/AICPA username and password

3. Click on “My Web Events” tab

4. Click on “AICPA Learning Center Transcripts and Certificates” link (a new window or tab will open)

5. On the AICPA Learning Center, click on “My Transcript” in the left-hand menu

6. Locate your completed course and click on “Go” to retrieve your certificate.

If you need assistance with locating your certificate, please contact the AICPA Service Center at 888.777.7077 or [email protected].

http://www.cpa2biz.com/

mailto:[email protected]


Evaluations

Please take a few minutes to let us know what you thought about today’s Web event

Click on the link below to begin a short evaluation

http://www.zoomerang.com/Survey/WEB22F3324CUJ6/



Documents

Understanding the AICPA’s Yellow Book Independence Practice Aid for Performing Nonaudit Services A Governmental Audit Quality Center (GAQC) Web Event April