Understanding the AICPA’s Yellow Book Independence Practice Aid for Performing Nonaudit Services
0 likes | 125 Views
Understanding the AICPA’s Yellow Book Independence Practice Aid for Performing Nonaudit Services. A Governmental Audit Quality Center (GAQC) Web Event April 11, 2012. Administrative Notes. Troubleshooting Tips No Audio?
Understanding the AICPA’s Yellow Book Independence Practice Aid for Performing Nonaudit Services
An Image/Link below is provided (as is) to download presentationDownload Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.Content is provided to you AS IS for your information and personal use only. Download presentation by click this link.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.During download, if you can't get a presentation, the file might be deleted by the publisher.
E N D
Presentation Transcript
Understanding the AICPA’s Yellow Book Independence Practice Aid for Performing Nonaudit Services
A Governmental Audit Quality Center (GAQC) Web Event April 11, 2012
Administrative Notes Troubleshooting Tips No Audio? Ensure that your computer speakers are turned on and that the volume is turned up. Check to ensure that audio streaming is enabled on your computer If the presentation slides stop advancing during the presentation you should: Hit the red “Exit” button located to the right of the main screen; this will close out of the presentation and re-launch the webcast If you are still having audio or other technical difficulty Check with your IT personnel at your firm. Click on the “Support” tab on the lower right-hand side of your screen Finally, call the AICPA Service Center at 888.777.7077
Administrative Notes We encourage you to submit your technical questions – please limit your questions to the content of today’s program You can submit your questions at any time during this Web event by clicking on the “Q &A” tab on the lower right-hand side of your screen. You can also download slides in PDF or PowerPoint by clicking on “Handouts” tab This event is being recorded and will be posted in an archived format to the GAQC Web site This event will also be rebroadcast for CPE on May 2 from 1-3pm.
Continuing Professional Education To document your participation and obtain CPE, you must click “OK” on 75% of pop-up markers There will be a total of 8 participation pop-up markers during the event (i.e., about 1 every 15 minutes) At the end of today’s presentation we will provide steps for obtaining your CPE certificate Contact the Service Center for help with obtaining CPE at 888.777.7077 or service@aicpa.org If you are not receiving CPE for this event, ignore the pop-up markers if they appear.
Presenters Nancy Miller, CPAPartnerMiller Foley Group---Brian Schebler, CPA National Director of Public Sector ServicesMcGladrey & Pullen LLP ---Lisa Snyder, CPADirector of Professional EthicsAmerican Institute of CPAs
What we will cover Overview of Independence Requirements in 2011 Government Auditing Standards (Yellow Book or YB) Purpose and Background of Practice Aid titled, 2011 Yellow Book Independence - Nonaudit Services Documentation Practice Aid (Practice Aid) Using the Practice Aid – A Case Study Questions
Overview of Independence Requirements in 2011 Yellow Book
2011 Yellow Book Independence Requirements Today’s presentation focuses on the new GAQC YB Practice Aid Archived GAQC Web event, The New 2011 Yellow Book: What You Need to Know Now, provides a more in-depth discussion on 2011 Yellow Book 2011 Yellow Book is effective for financial audits and attestation engagements for periods ending on or after December 15, 2012; early implementation is not permitted However, new independence rules need to be considered before effective date when auditor performing a nonaudit service
Auditor Independence Rules a Key Emphasis Area Main area of change in 2011 Yellow Book relates to its independence rules Chapter 3 titled, General Standards, of the 2011 Yellow Book critical to understand Defines independence of mind and in appearance Emphasizes the importance of considering individual threats to independence both individually and in aggregate GAO will be retiring current Government Auditing Standards: Questions andAnswers to Independence Standard Questions guidance
Chapter 3 – General Standards: Independence Introduction of a Conceptual Framework Allows the auditor to assess unique circumstances Adaptable Consistent with AICPA and IFAC frameworks Significant differences from AICPA Interpretation 101-3 Entry point for use of the framework Emphasis on services “in aggregate” Documentation requirements Preparation of financial statements are nonaudit service
Applying the Framework New approach combines a conceptual framework with certain rules (prohibitions) Balances principle and rules based standards Serves as a hybrid framework Certain prohibitions remain Generally consistent with Rule 101 AICPA Beyond a prohibition Apply the conceptual framework Will be used more often than AICPA 11
Chapter 3 – General Standards: Independence Threatscould impair independence Do not necessarily result in an independence impairment Safeguards could mitigate threats Eliminate or reduce threats to an acceptable level
Documentation Requirements Threats to independence that require the application of safeguards, along with the safeguards applied Assessment of audited entity management’s ability to effectively oversee nonaudit services, including whether management possesses suitable skills, knowledge, or experience (SKE); The understanding established with the audited entity regarding the nonaudit services to be performed.
Purpose and Background of Practice Aid
Purpose of Practice Aid To assist auditors in: Applying the YB independence conceptual framework Identifying and evaluating threats to independence for nonaudit services Identifying safeguards where necessary Assessing management’s Skills, Knowledge, or Experience (SKE) Complying with YB documentation requirements Practice Aid highlights nonaudit services frequently performed for smaller entities: Preparing financial statements (F/S) Preparing journal entries other than proposed audit entries Preparing reconciliations
Background of Practice Aid Developed by the AICPA GAQC, Ethics, and Peer Review teams Audits performed under 2011 Yellow Book Federal agency representatives reviewed the Practice Aid and provided feedback (e.g., GAO, various agency Inspector General representatives) General reaction from federal agencies has been very positive
Using The Practice Aid Limited to considerations of potential threats to independence related to management participation and self-review Auditors must also consider other threats and determine whether the facts and circumstances warrant use of the YB Conceptual Framework Auditors are cautioned to reevaluate conclusions whenever circumstances change Keep in mind that YB requires evaluation of threats in the aggregate
How to Obtain the Practice Aid Flat PDF Version. Free to AICPA members, including GAQC members. Access the free pdf version of the Practice Aid on the GAQC Web site For Sale Version. Practice Aid Version Designed for Auditor Documentation Input (Supplement) available for a small fee to AICPA members, GAQC members, and non-members; order the for-sale Supplement Can be saved and included as part of auditor’s documentation
Using the Practice Aid – A Case Study
Case Study Approach Presentation will use a case study to assist participants in understanding how to use the Practice Aid and what is in the Practice Aid Next few slides explain facts and circumstances of case study; see also handouts for a summary of the case study facts and circumstances and instructions to Practice Aid that you can refer to Case study is illustrative to demonstrate how an auditor, using professional judgment, might reach conclusions about the situation described Not an authoritative example Subtle changes in facts and circumstances could lead an auditor to reach different conclusions
Case Study – Facts and Circumstances ABC Firm has audited Small Town USA for the last 3 years Small Town is governed by a 10-member town council 3 employees in Finance Department of Small Town Brandon, Town Manager, has worked for Small Town for 15 years Dave, Finance Director, has 5 years with Small Town and formerly held a similar role for another small town Shelly, Accounting Clerk, has worked for Small Town for 15 years
Case Study – Facts and Circumstances (continued) Small Town provides a trial balance to ABC Firm but does not make any year-end adjusting entries Small Town provides a listing of fixed asset additions and deletions and ABC Firm prepares the depreciation schedule ABC Firm prepares the town’s F/S, including the cash-to-accrual conversion and GASB 34 conversion entries ABC Firm prepares the town’s property tax roll reconciliation
Case Study – Facts and Circumstances (continued) Finance Director reviews and approves all adjusting entries Capital assets for the 12/31/2012 year-end are not material to the town’s F/S Town Manager and Town Council assume all management responsibilities related to nonaudit services
Preconditions to Performing Nonaudit Services Management should assume all management responsibilities and take responsibility for nonaudit services performed by the auditors Management should oversee the nonaudit services and evaluate the adequacy and results of the services Auditors should establish and document their understanding with management regarding the nonaudit service Auditors should assess (AICPA & YB) and document (YB) whether management possesses suitable SKE to oversee the nonaudit service IMPORTANT: Must document the suitability of management’s SKE and the understanding established with the audited entity for all nonaudit services performed, regardless of whether threats to independence are determined to be significant
Appendix A: Detailed Instructions
Completing Section I
Section I: Prohibited Nonaudit Services-Management Responsibilities Step 1 – List in Column 1 the nonaudit services to be performed and describe them in detail in Column 1a See Appendix B, Nonaudit Services, of the Practice Aid for guidance of determining which services are nonaudit services 2011 YB differentiates nonaudit services from routine audit services Routine activities are those services performed by auditors that relate directly to the performance of an audit Auditors should consider that any services that do not meet the definition of routine audit services (and are not audit or attestation services) may be nonaudit services
Routine Audit Services and Nonaudit Services Services that are considered nonaudit services include: F/S preparation Bookkeeping services Cash to accrual conversions (a form of bookkeeping) Other services not directly related to the audit Appendix B of the Practice Aid describes other services Unless specifically prohibited, nonaudit services MAY be permissible but should be evaluated In relation to the conceptual framework In relation to the auditor’s assessment of managements’ SKE
A Quick Note on Bookkeeping Services May be performed provided the auditor does not Determine or change journal entries, account codes or classifications for transactions, or other accounting records without obtaining client approval Authorize or approve transactions Prepare source documents Make changes to source documents without client approval Consistent with AICPA Interpretation 101-3
Section I: Continued What services does ABC firm plan to provide to Small Town USA? Preparing F/S Preparing journal entries Preparing property tax roll reconciliation Preparing depreciation schedule Are these nonaudit services under AICPA and YB? Yes….by reviewing Appendix B you will find that all are nonaudit services
Section I: Continued Step 2 – Determine whether the 2011 Yellow Book specifically prohibits the nonaudit services being considered. See Appendix C, Prohibited Nonaudit Services, of the Practice Aid for guidance If nonaudit services are prohibited, no safeguards are sufficient to mitigate the threats and independence would be impaired
Appendix C: Prohibited Nonaudit Services
Section I: Continued Step 3 – Determine if the nonaudit service will involve assuming management responsibilities Management responsibilities involve: Leading and directing an entity, including making decision regarding the acquisition, deployment, and control of human, physical, and intangible resources. If an auditor assumes management responsibilities for an audited entity, the management participation threats created would be so significant that no safeguards could eliminate or reduce such threats to an acceptable level. Assuming management responsibilities will impair independence
Section I: Example Documentation
Completing Section II
Section II: Nonaudit Services-Evaluation of Threats to Independence and the Application of Safeguards Step 4 – Evaluate threats, which are circumstances that could impair independence, and determine if they are significant See Appendix D, Threat Indicators, of the Practice Aid for assistance Practice Aid focuses on management participation and self-review threats. Remember that other threats may exist and will need to be evaluated if relationships exist beyond nonaudit services
Section II: Step 4 – Evaluating Threats and Identifying Significant Threats When evaluating threats, the following threat indicators may suggest an increase in the significance of threats: The cumulative effect of aggregate threats (e.g. performing multiple nonaudit services) The significance of nonaudit services to the subject matter of the audit The degree of assumptions and judgments by the auditor Increasing the degree of subjectivity related to nonaudit services The cumulative effects of the indicators Other threats to independence
Section II: Step 4 – Other Factors to Consider When Evaluating the Significance of Threats Auditors should evaluate threats both individually and in the aggregate because threats can have a cumulative effect on independence Whenever relevant new information about a threat comes to the attention of the auditor, the auditor should evaluate the significance of the threat
Need Help? Let’s Run Through Example 2 in Appendix D Auditor has been requested to prepare the F/S for an audited entity. The auditor considered the following in evaluating whether a significant threat to independence existed: The audited entity’s books and records are substantially complete and accurate. Few, if any correcting entries are expected to be proposed. The individual designated by the audited entity who oversees the preparation of the F/S possesses SKE sufficient to oversee the service but is not capable of reperformance. This is the only nonaudit service that the auditor has been requested to perform.
Need Help? Let’s Run Through Example 2 in Appendix D Conclusion: The auditor reached the conclusion that preparation of the F/S would result in a significant threat to independence; therefore It would be necessary to apply safeguards.
Need Help? Let’s Run Through Example 3 in Appendix D Auditor has been requested to prepare the F/S, cash-to-accrual conversion entries, bank reconciliations, and depreciation schedules. The auditor considered the following: A significant number of correcting journal entries are expected to be proposed to the F/S in order to make the books and records complete and accurate The individual designated by the audited entity who oversees the preparation of the F/S and the other nonaudit services possesses SKE sufficient to oversee the service but is not capable of reperformance
Need Help? Let’s Run Through Example 3 in Appendix D Conclusion The auditor concluded that the nonaudit services performed would result in a significant threat to independence It would be necessary to apply safeguards The auditor would likely determine that the safeguards to be applied in this situation would need to be inherently stronger, or more safeguards would need to be applied, than those in the preceding example 2 in order to sufficiently eliminate or reduce threats to an acceptable level
Section II: Step 4 (continued) Back to the Case Study Are threats identified for the nonaudit services to be performed by ABC Firm and are the threats significant? Preparing F/S? Yes Preparing journal entries? Yes Preparing property tax roll reconciliation? Yes Preparing depreciation schedule? No
Section II: Step 5 - Safeguards For the significant threats identified in step 4, in column 5 the auditor must evaluate potential safeguards and document those that will be applied As noted on previous slide, ABC Firm identified 3 nonaudit services with significant threats of management participation and self-review What safeguards can they apply that will eliminate or reduce the significant threat(s) to an acceptable level?
Section II: Safeguards The 2011 YB requires the application of safeguards whenever threats are significant See Appendix E, Application of Safeguards, of the Practice Aid for help Keep in mind: Some safeguards have a higher level of mitigation of threats than others Auditor may place limited reliance on safeguards the audited entity has implemented but may not rely solely on such safeguards When determining the type and number of safeguards to be applied, the auditor should consider the significance of the threat(s), both individually and in the aggregate
Section II: Application of Safeguards Keep in mind (continued): Safeguards that involve personnel who are independent of the audit process are generally more effective than those who are not independent. Determining which safeguards to apply involves professional judgment and is dependent on the facts and circumstances of each specific situation.
Example Safeguards in Appendix E Consulting another auditor Discussing independence issues with those charged with governance of the entity Assigning separate engagement personnel for the audit and nonaudit service Educating management on the nonaudit services performed so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the nonaudit services
Example Safeguards in Appendix E Obtaining secondary reviews of the nonaudit services by professional personnel who were not involved in planning or supervising the audit engagement Obtaining secondary reviews of the nonaudit services by professional personnel who were not members of the audit engagement team Discussing the significance of the threats to management participation or self-review with the engagement team and emphasizing the risks associated with such threats
Example Safeguards in Appendix E When F/S preparation is the nonaudit service being performed determining that there has been review of the F/S and successful completion of a disclosure checklist by the audited entity This is a safeguard within the audited entity’s systems and procedures so an auditor should not rely solely on such safeguards Including the audit engagement as a required engagement quality control review (EQCR) under the audit firm’s system of quality control
Need Help? Let’s Run Through Example 1 in Appendix E The auditor has been requested to prepare the F/S The auditor has determined that the preparation of F/S represents a significant threat. The auditor determined the following safeguard would be applied: Have someone not involved in planning or supervising the audit engagement review the F/S before releasing the statements
Need Help? Let’s Run Through Example 1 in Appendix E (continued) Other Alternative Safeguards: Educate management on the nonaudit services to be performed by reviewing and explaining the basis for preparing the F/S, so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the F/S Request that the audited entity complete a disclosure checklist as part of the overall review of the F/S
Need Help? Let’s Run Through Example 2 in Appendix E The auditor has been requested to prepare the F/S The auditor has determined that the preparation of the F/S represents a significant threat. The auditor has concluded that, although the audited entity did possess suitable SKE, due to the poor condition of the books and records the following safeguard would be applied: Have a manager or partner not involved with the audit engagement team review the F/S before releasing the statements.
Need Help? Let’s Run Through Example 2 in Appendix E (continued) In this case, the auditor increased the strength of the safeguard by requiring the review of the F/S by someone not involved in the audit engagement The audited entity must always accept responsibility for the F/S and must approve them The auditor may have considered the following alternative safeguard: Include the audit engagement as a required Engagement Quality Control Review (EQCR) under the audit firm’s system of quality control.
Section II: Application of Safeguards Back to the Case Study Potential safeguards for Preparation of F/S Review of the F/S by someone not involved in the audit engagement Discussing the nature and extent of entries and adjustments with the chair of the audit committee (Note that this safeguard must be used in combination with other safeguards) Finance director reviews the F/S and completes a disclosure checklist (Notethat this safeguard must be used in combination with other safeguards) Remember that regardless of safeguards applied, management must always accept responsibility for the F/S
Section II: Step 6 Once the safeguards to be applied are determined, the auditor needs to evaluate those safeguards and determine if the safeguards are sufficient to eliminate or reduce the significant threat to an acceptable level If the facts and circumstances change during the period of the engagement, the auditor should reevaluate the sufficiency of the safeguards If the safeguards don’t eliminate or reduce the significant threat to an acceptable level, independence is impaired
Section II – Step 6 (continued) Threats are not at acceptable level if they either: Could affect the auditor’s ability to perform an audit without being affected by influences that compromise professional judgment; or Could expose the audit organization to circumstances that would cause a reasonable and informed third party to conclude that the integrity, objectivity, or professional skepticism of the audit organization or member of the audit team had been compromised In making the determination that safeguards are both available and have been applied, the auditor should use professional judgment and should take into account whether both independence of mind and independence in appearance are maintained. Both qualitative and quantitative factors should be considered.
Section II: Example Documentation
Completing Section III
Section III: Documentation of SKE of the Individual(s) Designated by the Audited Entity Step 7: Identify the individual(s) designated to oversee the nonaudit service Step 8: Document SKE – See Appendix F, Evaluation of SKE, of the Practice Aid for guidance If no one at the audited entity is willing and able to oversee the nonaudit service, independence will be impaired and no safeguards would be sufficient to overcome the impairment. Documentation of SKE is required for all nonaudit services regardless of the significance of the threats
Need Help? Let’s Run Through Example 1 and 2 in Appendix F A small nonprofit executive director understands their organization’s operations and financial position; also understands services needed from the auditor and what those services intended to accomplish; and regularly carries out important decisions about all matters affecting their organization. The nonprofit also has a CPA on its board of directors who can assist the non-CPA executive director. Auditor might conclude that executive director possesses sufficient SKE alone Alternatively, auditor might conclude that the executive director, with the assistance of the board member, would possess the necessary SKE
Need Help? Let’s Run Through Example 4 in Appendix F Auditor is asked to install an off-the-shelf accounting package and set up the chart of accounts and F/S format for a small client Finance director who is out of town has designated the office manager to oversee the installation The office manager performs routine clerical duties, has a limited understanding of the finance department, and has never used accounting software. She has no understanding of the town’s books or records and F/S Conclusion: Unlikely that the office manager possesses sufficient SKE to oversee the installation and accept responsibility
Need Help? Let’s Run Through Example 7 in Appendix F Auditor preparation of F/S Audited entity need not have the understanding and ability to prepare the F/S and disclosures based on GAAP Auditor may assist the designated individual in obtaining the necessary understanding so that he or she is in position to review and accept responsibility For example, explain certain accounting principles and disclosure requirements that were applied in preparing the F/S so that the individual has the necessary SKE Bottom line – designated individual should be able to review the F/S, with an emphasis on significant issues and disclosures
Section III: Step 8 – SKE Documentation Documentation requirement can’t be met simply by obtaining management representations or other actions performed solely by the audited entity. SKE is not a safeguard but it may be a mitigating factor in determining the strength of the safeguards to be applied The nature of the nonaudit service will affect the weight and applicability of factors to consider when determining suitable SKE The designated individual must possess the SKE and be willing to oversee the nonaudit service
Section III: Step 8 – SKE Documentation Factors to consider when evaluating and documenting the SKE of an individual Understanding the nature of the service Knowledge of the audited entity’s business Knowledge of the audited entity’s industry General business knowledge Education, license, accreditations, and membership in professional organizations Position at the audited entity The individual responsible for overseeing the service needs to understand the service sufficiently to oversee it but does not need to possess the technical qualifications to perform or reperform the service.
Section III: Example Documentation
Completing Section IV
Section IV: Establish and Document the Understanding With the Audited Entity Regarding Nonaudit Services Step 9 – Management has to agree to each of the management responsibilities described below in connection with the nonaudit service(s) Assume all management responsibilities Evaluate the adequacy and results of the service(s) performed Accept responsibility for the results of the service(s) If management does not agree to assume all of the above functions, independence is impaired Remember the YB independence requirements must be met before nonaudit services are performed
Section IV: Establish and Document the Understanding With the Audited Entity Regarding Nonaudit Services Step 10 – Document the understanding established with the audited entity regarding the objectives of the nonaudit service(s) Step 11 – Document the understanding established with the audited entity regarding the auditor’s responsibilities Step 12 – Document the understanding established with the audited entity regarding the limitations, if any, on the nonaudit services to be provided Typically, this understanding may be documented through the use of an engagement letter
Section IV: Example Documentation
Completing Section V
Section V: Conclusion Document the date and signature of the preparer and supervisory reviewer If subsequent to reaching a conclusion, relevant new facts and circumstances come to the attention of the auditor regarding the threats to independence, the auditor should evaluate the significance of the threats, in accordance with the Yellow Book Conceptual Framework, and update the Practice Aid documentation and conclusion as necessary
Section V – Example Documentation
Where do you look for guidance? Become familiar with the Practice Aid and its Appendixes:
GAGAS Independence Decision Flowchart
Where do you look for more guidance? Encourage staff to listen to the May 2nd CPE rebroadcast of this Web event (from 1:00PM – 3:00PM Eastern Time) or the no-CPE archive to be posted to GAQC Web site Become familiar with 2011 Yellow Book http://www.gao.gov/yellowbook Listen to an archived member Web event titled, 2011 Yellow Book: What You Need to Know Now Check out the new Yellow Book Tools and Aids section of the GAQC Web site GAO technical hotline yellowbook@gao.gov
Questions ?????
How do I get my CPE certificate? Just follow these steps: Log on to CPA2Biz.com Click on “My Account” at the top of the page and enter your CPA2Biz/AICPA username and password Click on “My Web Events” tab Click on “AICPA Learning Center Transcripts and Certificates” link (a new window or tab will open) On the AICPA Learning Center, click on “My Transcript” in the left-hand menu Locate your completed course and click on “Go” to retrieve your certificate. If you need assistance with locating your certificate, please contact the AICPA Service Center at 888.777.7077 or service@aicpa.org.
Evaluations Please take a few minutes to let us know what you thought about today’s Web event Click on the link below to begin a short evaluation http://www.zoomerang.com/Survey/WEB22F3324CUJ6/