Presentation on theme: "A Governmental Audit Quality Center (GAQC) Web Event April 11, 2012"— Presentation transcript:
1A Governmental Audit Quality Center (GAQC) Web Event April 11, 2012 Understanding the AICPA’s Yellow Book Independence Practice Aid for Performing Nonaudit ServicesA Governmental Audit Quality Center (GAQC) Web EventApril 11, 2012
2Administrative Notes Troubleshooting Tips No Audio? Ensure that your computer speakers are turned on and that the volume is turned up.Check to ensure that audio streaming is enabled on your computerIf the presentation slides stop advancing during the presentation you should:Hit the red “Exit” button located to the right of the main screen; this will close out of the presentation and re-launch the webcastIf you are still having audio or other technical difficultyCheck with your IT personnel at your firm.Click on the “Support” tab on the lower right-hand side of your screenFinally, call the AICPA Service Center at
3Administrative NotesWe encourage you to submit your technical questions – please limit your questions to the content of today’s programYou can submit your questions at any time during this Web event by clicking on the “Q &A” tab on the lower right-hand side of your screen.You can also download slides in PDF or PowerPoint by clicking on “Handouts” tabThis event is being recorded and will be posted in an archived format to the GAQC Web siteThis event will also be rebroadcast for CPE on May 2 from 1-3pm.
4Continuing Professional Education To document your participation and obtain CPE, you must click “OK” on 75% of pop-up markersThere will be a total of 8 participation pop-up markers during the event (i.e., about 1 every 15 minutes)At the end of today’s presentation we will provide steps for obtaining your CPE certificateContact the Service Center for help with obtaining CPE at orIf you are not receiving CPE for this event, ignore the pop-up markers if they appear.
5PresentersNancy Miller, CPA Partner Miller Foley Group --- Brian Schebler, CPANational Director of Public Sector Services McGladrey & Pullen LLP--- Lisa Snyder, CPA Director of Professional Ethics American Institute of CPAs
6What we will coverOverview of Independence Requirements in 2011 Government Auditing Standards (Yellow Book or YB)Purpose and Background of Practice Aid titled, 2011 Yellow Book Independence - Nonaudit Services Documentation Practice Aid (Practice Aid)Using the Practice Aid – A Case StudyQuestions
7Overview of Independence Requirements in 2011 Yellow Book
82011 Yellow Book Independence Requirements Today’s presentation focuses on the new GAQC YB Practice AidArchived GAQC Web event, The New 2011 Yellow Book: What You Need to Know Now, provides a more in-depth discussion on 2011 Yellow Book2011 Yellow Book is effective for financial audits and attestation engagements for periods ending on or after December 15, 2012; early implementation is not permittedHowever, new independence rules need to be considered before effective date when auditor performing a nonaudit service
9Auditor Independence Rules a Key Emphasis Area Main area of change in 2011 Yellow Book relates to its independence rulesChapter 3 titled, General Standards, of the 2011 Yellow Book critical to understandDefines independence of mind and in appearanceEmphasizes the importance of considering individual threats to independence both individually and in aggregateGAO will be retiring current Government Auditing Standards: Questions and Answers to Independence Standard Questions guidance
10Chapter 3 – General Standards: Independence Introduction of a Conceptual FrameworkAllows the auditor to assess unique circumstancesAdaptableConsistent with AICPA and IFAC frameworksSignificant differences from AICPA Interpretation 101-3Entry point for use of the frameworkEmphasis on services “in aggregate”Documentation requirementsPreparation of financial statements are nonaudit service
11Applying the Framework New approach combines a conceptual framework with certain rules (prohibitions)Balances principle and rules based standardsServes as a hybrid frameworkCertain prohibitions remainGenerally consistent with Rule 101 AICPABeyond a prohibitionApply the conceptual frameworkWill be used more often than AICPA11
12Chapter 3 – General Standards: Independence Threats could impair independenceDo not necessarily result in an independence impairmentSafeguards could mitigate threatsEliminate or reduce threats to an acceptable level
14Documentation Requirements Threats to independence that require the application of safeguards, along with the safeguards appliedAssessment of audited entity management’s ability to effectively oversee nonaudit services, including whether management possesses suitable skills, knowledge, or experience (SKE);The understanding established with the audited entity regarding the nonaudit services to be performed.
16Purpose of Practice Aid To assist auditors in:Applying the YB independence conceptual frameworkIdentifying and evaluating threats to independence for nonaudit servicesIdentifying safeguards where necessaryAssessing management’s Skills, Knowledge, or Experience (SKE)Complying with YB documentation requirementsPractice Aid highlights nonaudit services frequently performed for smaller entities:Preparing financial statements (F/S)Preparing journal entries other than proposed audit entriesPreparing reconciliations
17Background of Practice Aid Developed by the AICPA GAQC, Ethics, and Peer Review teamsAudits performed under 2011 Yellow BookFederal agency representatives reviewed the Practice Aid and provided feedback (e.g., GAO, various agency Inspector General representatives)General reaction from federal agencies has been very positive
18Using The Practice AidLimited to considerations of potential threats to independence related to management participation and self-reviewAuditors must also consider other threats and determine whether the facts and circumstances warrant use of the YB Conceptual FrameworkAuditors are cautioned to reevaluate conclusions whenever circumstances changeKeep in mind that YB requires evaluation of threats in the aggregate
19How to Obtain the Practice Aid Flat PDF Version. Free to AICPA members, including GAQC members. Access the free pdf version of the Practice Aid on the GAQC Web siteFor Sale Version. Practice Aid Version Designed for Auditor Documentation Input (Supplement) available for a small fee to AICPA members, GAQC members, and non-members; order the for-sale SupplementCan be saved and included as part of auditor’s documentation
21Case Study ApproachPresentation will use a case study to assist participants in understanding how to use the Practice Aid and what is in the Practice AidNext few slides explain facts and circumstances of case study; see also handouts for a summary of the case study facts and circumstances and instructions to Practice Aid that you can refer toCase study is illustrative to demonstrate how an auditor, using professional judgment, might reach conclusions about the situation describedNot an authoritative exampleSubtle changes in facts and circumstances could lead an auditor to reach different conclusions
22Case Study – Facts and Circumstances ABC Firm has audited Small Town USA for the last 3 yearsSmall Town is governed by a 10-member town council3 employees in Finance Department of Small TownBrandon, Town Manager, has worked for Small Town for 15 yearsDave, Finance Director, has 5 years with Small Town and formerly held a similar role for another small townShelly, Accounting Clerk, has worked for Small Town for 15 years
23Case Study – Facts and Circumstances (continued) Small Town provides a trial balance to ABC Firm but does not make any year-end adjusting entriesSmall Town provides a listing of fixed asset additions and deletions and ABC Firm prepares the depreciation scheduleABC Firm prepares the town’s F/S, including the cash-to-accrual conversion and GASB 34 conversion entriesABC Firm prepares the town’s property tax roll reconciliation
24Case Study – Facts and Circumstances (continued) Finance Director reviews and approves all adjusting entriesCapital assets for the 12/31/2012 year-end are not material to the town’s F/STown Manager and Town Council assume all management responsibilities related to nonaudit services
25Preconditions to Performing Nonaudit Services Management should assume all management responsibilities and take responsibility for nonaudit services performed by the auditorsManagement should oversee the nonaudit services and evaluate the adequacy and results of the servicesAuditors should establish and document their understanding with management regarding the nonaudit serviceAuditors should assess (AICPA & YB) and document (YB) whether management possesses suitable SKE to oversee the nonaudit serviceIMPORTANT: Must document the suitability of management’s SKE and the understanding established with the audited entity for all nonaudit services performed, regardless of whether threats to independence are determined to be significant
28Section I: Prohibited Nonaudit Services-Management Responsibilities Step 1 – List in Column 1 the nonaudit services to be performed and describe them in detail in Column 1aSee Appendix B, Nonaudit Services, of the Practice Aid for guidance of determining which services are nonaudit services2011 YB differentiates nonaudit services from routine audit servicesRoutine activities are those services performed by auditors that relate directly to the performance of an auditAuditors should consider that any services that do not meet the definition of routine audit services (and are not audit or attestation services) may be nonaudit services
29Routine Audit Services and Nonaudit Services Services that are considered nonaudit services include:F/S preparationBookkeeping servicesCash to accrual conversions (a form of bookkeeping)Other services not directly related to the auditAppendix B of the Practice Aid describes other servicesUnless specifically prohibited, nonaudit services MAY be permissible but should be evaluatedIn relation to the conceptual frameworkIn relation to the auditor’s assessment of managements’ SKE
30A Quick Note on Bookkeeping Services May be performed provided the auditor does notDetermine or change journal entries, account codes or classifications for transactions, or other accounting records without obtaining client approvalAuthorize or approve transactionsPrepare source documentsMake changes to source documents without client approvalConsistent with AICPA Interpretation 101-3
31Section I: ContinuedWhat services does ABC firm plan to provide to Small Town USA?Preparing F/SPreparing journal entriesPreparing property tax roll reconciliationPreparing depreciation scheduleAre these nonaudit services under AICPA and YB?Yes….by reviewing Appendix B you will find that all are nonaudit services
32Section I: ContinuedStep 2 – Determine whether the 2011 Yellow Book specifically prohibits the nonaudit services being considered.See Appendix C, Prohibited Nonaudit Services, of the Practice Aid for guidanceIf nonaudit services are prohibited, no safeguards are sufficient to mitigate the threats and independence would be impaired
34Section I: ContinuedStep 3 – Determine if the nonaudit service will involve assuming management responsibilitiesManagement responsibilities involve:Leading and directing an entity, including making decision regarding the acquisition, deployment, and control of human, physical, and intangible resources.If an auditor assumes management responsibilities for an audited entity, the management participation threats created would be so significant that no safeguards could eliminate or reduce such threats to an acceptable level.Assuming management responsibilities will impair independence
37Section II: Nonaudit Services-Evaluation of Threats to Independence and the Application of SafeguardsStep 4 – Evaluate threats, which are circumstances that could impair independence, and determine if they are significantSee Appendix D, Threat Indicators, of the Practice Aid for assistancePractice Aid focuses on management participation and self-review threats. Remember that other threats may exist and will need to be evaluated if relationships exist beyond nonaudit services
38Section II: Step 4 – Evaluating Threats and Identifying Significant Threats When evaluating threats, the following threat indicators may suggest an increase in the significance of threats:The cumulative effect of aggregate threats (e.g. performing multiple nonaudit services)The significance of nonaudit services to the subject matter of the auditThe degree of assumptions and judgments by the auditorIncreasing the degree of subjectivity related to nonaudit servicesThe cumulative effects of the indicatorsOther threats to independence
39Section II: Step 4 – Other Factors to Consider When Evaluating the Significance of Threats Auditors should evaluate threats both individually and in the aggregate because threats can have a cumulative effect on independenceWhenever relevant new information about a threat comes to the attention of the auditor, the auditor should evaluate the significance of the threat
40Need Help? Let’s Run Through Example 2 in Appendix D Auditor has been requested to prepare the F/S for an audited entity. The auditor considered the following in evaluating whether a significant threat to independence existed:The audited entity’s books and records are substantially complete and accurate. Few, if any correcting entries are expected to be proposed.The individual designated by the audited entity who oversees the preparation of the F/S possesses SKE sufficient to oversee the service but is not capable of reperformance.This is the only nonaudit service that the auditor has been requested to perform.
41Need Help? Let’s Run Through Example 2 in Appendix D Conclusion:The auditor reached the conclusion that preparation of the F/S would result in a significant threat to independence; thereforeIt would be necessary to apply safeguards.
42Need Help? Let’s Run Through Example 3 in Appendix D Auditor has been requested to prepare the F/S, cash-to-accrual conversion entries, bank reconciliations, and depreciation schedules. The auditor considered the following:A significant number of correcting journal entries are expected to be proposed to the F/S in order to make the books and records complete and accurateThe individual designated by the audited entity who oversees the preparation of the F/S and the other nonaudit services possesses SKE sufficient to oversee the service but is not capable of reperformance
43Need Help? Let’s Run Through Example 3 in Appendix D ConclusionThe auditor concluded that the nonaudit services performed would result in a significant threat to independenceIt would be necessary to apply safeguardsThe auditor would likely determine that the safeguards to be applied in this situation would need to be inherently stronger, or more safeguards would need to be applied, than those in the preceding example 2 in order to sufficiently eliminate or reduce threats to an acceptable level
44Section II: Step 4 (continued) Back to the Case StudyAre threats identified for the nonaudit services to be performed by ABC Firm and are the threats significant?Preparing F/S? YesPreparing journal entries? YesPreparing property tax roll reconciliation? YesPreparing depreciation schedule? No
45Section II: Step 5 - Safeguards For the significant threats identified in step 4, in column 5 the auditor must evaluate potential safeguards and document those that will be appliedAs noted on previous slide, ABC Firm identified 3 nonaudit services with significant threats of management participation and self-reviewWhat safeguards can they apply that will eliminate or reduce the significant threat(s) to an acceptable level?
46Section II: Safeguards The 2011 YB requires the application of safeguards whenever threats are significantSee Appendix E, Application of Safeguards, of the Practice Aid for helpKeep in mind:Some safeguards have a higher level of mitigation of threats than othersAuditor may place limited reliance on safeguards the audited entity has implemented but may not rely solely on such safeguardsWhen determining the type and number of safeguards to be applied, the auditor should consider the significance of the threat(s), both individually and in the aggregate
47Section II: Application of Safeguards Keep in mind (continued):Safeguards that involve personnel who are independent of the audit process are generally more effective than those who are not independent.Determining which safeguards to apply involves professional judgment and is dependent on the facts and circumstances of each specific situation.
48Example Safeguards in Appendix E Consulting another auditorDiscussing independence issues with those charged with governance of the entityAssigning separate engagement personnel for the audit and nonaudit serviceEducating management on the nonaudit services performed so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the nonaudit services
49Example Safeguards in Appendix E Obtaining secondary reviews of the nonaudit services by professional personnel who were not involved in planning or supervising the audit engagementObtaining secondary reviews of the nonaudit services by professional personnel who were not members of the audit engagement teamDiscussing the significance of the threats to management participation or self-review with the engagement team and emphasizing the risks associated with such threats
50Example Safeguards in Appendix E When F/S preparation is the nonaudit service being performed determining that there has been review of the F/S and successful completion of a disclosure checklist by the audited entityThis is a safeguard within the audited entity’s systems and procedures so an auditor should not rely solely on such safeguardsIncluding the audit engagement as a required engagement quality control review (EQCR) under the audit firm’s system of quality control
51Need Help? Let’s Run Through Example 1 in Appendix E The auditor has been requested to prepare the F/SThe auditor has determined that the preparation of F/S represents a significant threat.The auditor determined the following safeguard would be applied:Have someone not involved in planning or supervising the audit engagement review the F/S before releasing the statements
52Need Help? Let’s Run Through Example 1 in Appendix E (continued) Other Alternative Safeguards:Educate management on the nonaudit services to be performed by reviewing and explaining the basis for preparing the F/S, so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the F/SRequest that the audited entity complete a disclosure checklist as part of the overall review of the F/S
53Need Help? Let’s Run Through Example 2 in Appendix E The auditor has been requested to prepare the F/SThe auditor has determined that the preparation of the F/S represents a significant threat.The auditor has concluded that, although the audited entity did possess suitable SKE, due to the poor condition of the books and records the following safeguard would be applied:Have a manager or partner not involved with the audit engagement team review the F/S before releasing the statements.
54Need Help? Let’s Run Through Example 2 in Appendix E (continued) In this case, the auditor increased the strength of the safeguard by requiring the review of the F/S by someone not involved in the audit engagementThe audited entity must always accept responsibility for the F/S and must approve themThe auditor may have considered the following alternative safeguard:Include the audit engagement as a required Engagement Quality Control Review (EQCR) under the audit firm’s system of quality control.
55Section II: Application of Safeguards Back to the Case StudyPotential safeguards for Preparation of F/SReview of the F/S by someone not involved in the audit engagementDiscussing the nature and extent of entries and adjustments with the chair of the audit committee (Note that this safeguard must be used in combination with other safeguards)Finance director reviews the F/S and completes a disclosure checklist (Note that this safeguard must be used in combination with other safeguards)Remember that regardless of safeguards applied, management must always accept responsibility for the F/S
56Section II: Step 6Once the safeguards to be applied are determined, the auditor needs to evaluate those safeguards and determine if the safeguards are sufficient to eliminate or reduce the significant threat to an acceptable levelIf the facts and circumstances change during the period of the engagement, the auditor should reevaluate the sufficiency of the safeguardsIf the safeguards don’t eliminate or reduce the significant threat to an acceptable level, independence is impaired
57Section II – Step 6 (continued) Threats are not at acceptable level if they either:Could affect the auditor’s ability to perform an audit without being affected by influences that compromise professional judgment; orCould expose the audit organization to circumstances that would cause a reasonable and informed third party to conclude that the integrity, objectivity, or professional skepticism of the audit organization or member of the audit team had been compromisedIn making the determination that safeguards are both available and have been applied, the auditor should use professional judgment and should take into account whether both independence of mind and independence in appearance are maintained. Both qualitative and quantitative factors should be considered.
60Section III: Documentation of SKE of the Individual(s) Designated by the Audited Entity Step 7: Identify the individual(s) designated to oversee the nonaudit serviceStep 8: Document SKE – See Appendix F, Evaluation of SKE, of the Practice Aid for guidanceIf no one at the audited entity is willing and able to oversee the nonaudit service, independence will be impaired and no safeguards would be sufficient to overcome the impairment.Documentation of SKE is required for all nonaudit services regardless of the significance of the threats
61Need Help? Let’s Run Through Example 1 and 2 in Appendix F A small nonprofit executive director understands their organization’s operations and financial position; also understands services needed from the auditor and what those services intended to accomplish; and regularly carries out important decisions about all matters affecting their organization. The nonprofit also has a CPA on its board of directors who can assist the non-CPA executive director.Auditor might conclude that executive director possesses sufficient SKE aloneAlternatively, auditor might conclude that the executive director, with the assistance of the board member, would possess the necessary SKE
62Need Help? Let’s Run Through Example 4 in Appendix F Auditor is asked to install an off-the-shelf accounting package and set up the chart of accounts and F/S format for a small clientFinance director who is out of town has designated the office manager to oversee the installationThe office manager performs routine clerical duties, has a limited understanding of the finance department, and has never used accounting software. She has no understanding of the town’s books or records and F/SConclusion: Unlikely that the office manager possesses sufficient SKE to oversee the installation and accept responsibility
63Need Help? Let’s Run Through Example 7 in Appendix F Auditor preparation of F/SAudited entity need not have the understanding and ability to prepare the F/S and disclosures based on GAAPAuditor may assist the designated individual in obtaining the necessary understanding so that he or she is in position to review and accept responsibilityFor example, explain certain accounting principles and disclosure requirements that were applied in preparing the F/S so that the individual has the necessary SKEBottom line – designated individual should be able to review the F/S, with an emphasis on significant issues and disclosures
64Section III: Step 8 – SKE Documentation Documentation requirement can’t be met simply by obtaining management representations or other actions performed solely by the audited entity.SKE is not a safeguard but it may be a mitigating factor in determining the strength of the safeguards to be appliedThe nature of the nonaudit service will affect the weight and applicability of factors to consider when determining suitable SKEThe designated individual must possess the SKE and be willing to oversee the nonaudit service
65Section III: Step 8 – SKE Documentation Factors to consider when evaluating and documenting the SKE of an individualUnderstanding the nature of the serviceKnowledge of the audited entity’s businessKnowledge of the audited entity’s industryGeneral business knowledgeEducation, license, accreditations, and membership in professional organizationsPosition at the audited entityThe individual responsible for overseeing the service needs to understand the service sufficiently to oversee it but does not need to possess the technical qualifications to perform or reperform the service.
68Section IV: Establish and Document the Understanding With the Audited Entity Regarding Nonaudit ServicesStep 9 – Management has to agree to each of the management responsibilities described below in connection with the nonaudit service(s)Assume all management responsibilitiesEvaluate the adequacy and results of the service(s) performedAccept responsibility for the results of the service(s)If management does not agree to assume all of the above functions, independence is impairedRemember the YB independence requirements must be met before nonaudit services are performed
69Section IV: Establish and Document the Understanding With the Audited Entity Regarding Nonaudit ServicesStep 10 – Document the understanding established with the audited entity regarding the objectives of the nonaudit service(s)Step 11 – Document the understanding established with the audited entity regarding the auditor’s responsibilitiesStep 12 – Document the understanding established with the audited entity regarding the limitations, if any, on the nonaudit services to be providedTypically, this understanding may be documented through the use of an engagement letter
72Section V: ConclusionDocument the date and signature of the preparer and supervisory reviewerIf subsequent to reaching a conclusion, relevant new facts and circumstances come to the attention of the auditor regarding the threats to independence, the auditor should evaluate the significance of the threats, in accordance with the Yellow Book Conceptual Framework, and update the Practice Aid documentation and conclusion as necessary
76Where do you look for more guidance? Encourage staff to listen to the May 2nd CPE rebroadcast of this Web event (from 1:00PM – 3:00PM Eastern Time) or the no-CPE archive to be posted to GAQC Web siteBecome familiar with 2011 Yellow BookListen to an archived member Web event titled, 2011 Yellow Book: What You Need to Know NowCheck out the new Yellow Book Tools and Aids section of the GAQC Web siteGAO technical hotline
78How do I get my CPE certificate? Just follow these steps:Log on to CPA2Biz.comClick on “My Account” at the top of the page and enter your CPA2Biz/AICPA username and passwordClick on “My Web Events” tabClick on “AICPA Learning Center Transcripts and Certificates” link (a new window or tab will open)On the AICPA Learning Center, click on “My Transcript” in the left-hand menuLocate your completed course and click on “Go” to retrieve your certificate.If you need assistance with locating your certificate, please contact the AICPA Service Center at or
79Evaluations http://www.zoomerang.com/Survey/WEB22F3324CUJ6/ Please take a few minutes to let us know what you thought about today’s Web eventClick on the link below to begin a short evaluation