General Independence Requirements
The Big Changes
Guidelines to Follow
Are Non-Audit Services Worth the Risk?

More restrictive than AICPA or SEC independence rules, the GAO’s independence standard resulted in controversy and confusion … leading to delayed implementation. But, there are no more delays.

After nearly three years since issuance, it’s finally time to implement the General Accounting Office (GAO, and recently renamed Government Accountability Office) independence standard. Although the principles were issued January 25, 2002, because of the controversy and confusion, implementation was delayed to take effect this year for all audits beginning with fiscal years ending after January 1, 2003.

These new principles are not merely guidelines, but standards that must be followed. They are part of Government Auditing Standards (the Yellow Book) and are considered to be Generally Accepted Government Auditing Standards (GAGAS).

The new changes affect both CPA firms and government auditors, including all auditors of federal, state, local governments, nonprofit and for-profit recipients of federal and state grant and loan funds. Examples include auditors of cities, counties, school districts, colleges, hospitals, charitable organizations and many more.

The new standard significantly tightens and adds to independence provisions. It is far broader and much more restrictive than AICPA or SEC independence rules. It has strong potential to drive up audit costs and knock out a great deal of government entity consulting work. The standard weakens self-regulation powers and even more regulation could be on the horizon. If your firm is not intimately familiar with the new standard, close examination is a must.

General Independence Requirements
The general independence standard is as follows:

In all matters relating to the audit work, the audit organization and the individual auditor, whether government or public should be free both in fact and appearance from personal, external and organizational impairments to independence.

Personal impairments involve the auditor having one or more of following relationships with an audit client: having family members involved in decision making, direct or indirect financial interests, influence on decision making, preparation of source documents, preconceived notions or biases, or the seeking of employment. Audit organizations must have policies to prevent these basic conflicts. The most dramatic changes relating to the new standard center around personal impairments and are discussed in detail in the following section.

External impairments are factors relating to pressure from management or employees of an audit organization that could interfere with the auditors’ ability to form independent and objective opinions. Examples include unreasonable time restriction to complete an audit report, restrictions on funds or resources necessary to perform audit work, and the threat of replacement over disagreements.

Organizational impairments have potential to occur if one is a government audit organization because of its place within the government structure. This area does not impact most private firms. Sections 3.21-3.32 details ways for governmental auditors to free themselves from these types of impairments.

The Big Changes
In its simplest form, the biggest impact of the new independence standard can be best summed up by its two overarching principles relating to personal impairments (paragraph 3.13):

• Audit organizations should not provide non-audit services that involve management decisions, AND
• Audit organizations should not audit their own work or provide non-audit services in situations where the non-audit services are significant/material to the subject matter of audits.

On the surface, these principles sound easy enough to follow, but a closer look yields confusion and complex decisions. First, the auditor must meet both of these principles. Second, questions arise as to the level of management decisions, what constitutes non-audit services, and how do auditors prove they acted properly.

It must be shown that management of the audit client is responsible for and possesses the necessary skills for virtually everything that is being audited. The client cannot influence the product that is being audited. These concepts can be complicated to prove.

In regard to non-audit services, a wide range of these services is now under the microscope:

• Bookkeeping and accounting services are severely limited to mundane work such as preparing draft notes to financial statements and some adjusting entries approved by management. Auditors cannot post any transactions that would eventually impact the financial statements.
• Payroll services are generally prohibited except for simple computations from records approved and maintained by management.
• Tax services are still permitted.
• Human resource services are disallowed except for simple assistance to management.
• Information technology services are disallowed for any operations or supervision. Advising is only permitted on minor issues such as adequacy of the system and only if management does not rely on the auditor’s work as a primary basis of the final decision.
• Appraisal or valuation services are limited to reviews or calculations which management has performed or taken responsibility for.
• Indirect cost proposals, internal controls and legislative body assistance are allowed if management has assumed the accountability.

The SEC and AICPA have extensive guidance in dealing with independence and non-audit services. However, the GAO’s standard is far more restrictive. For example, the GAO generally prohibits payroll services. SEC and AICPA rules do not consider most of this work as management functions. The GAO limits payroll functions to tasks such as computing pay amounts for the entity’s employees based on time records, pay rates and deduction schedules that the entity maintains and approves. The GAO expressly prohibits processing the entity’s payroll, if it is a material amount to the subject matter of an audit.

Another example involves bookkeeping services, which are severely limited by the GAO; and their rules even clearly disallow posting of transactions. The AICPA, on the other hand, specifies permitted items such as posting of transactions. Although the GAO does permit preparing draft financial statements based on management’s chart of accounts and trial balances, maintaining or preparing the audited entity’s basic accounting is not allowed.

A final example revolves around information technology. The AICPA and SEC rules are less restrictive than the GAO’s and generally permit information technology services if the client makes the final decisions. The GAO only allows advising if management takes responsibility and does not rely on the auditor’s work as a basis for determining the adequacy of the system or in making the decision on whether or not to implement the new system.

One area where practitioners can rest a bit easier is tax services. The SEC, and especially the AICPA, both support the premise that tax services do not impair auditor independence. Similarly, the GAO does not prohibit an auditor from providing tax services. Guidelines specifically state that preparing taxes in accordance with IRS, state and local government laws and rules is permitted.

Review more examples of permitted and prohibited services in an AICPA document, GAO Auditor Independence Standard Fact Sheet.

Guidelines to Follow
As one can see, there are a lot of grey areas and adherence to standard can be tricky business. The AICPA Fact Sheet also lists seven safeguards to help guide practitioners (Exhibit 1 provides an abbreviated version). Keep in mind, non-audit services may only be performed if ALL seven safeguards are met. Once again, this is a very difficult task to achieve. Paragraph 3.17 (a. through g.) of the standard provides useful help.

Despite best efforts to simplify, the subject matter of the new standard is so confusing that the GAO has issued a question and answer book to help clear matters up. A few key areas regarding the overarching principles and safeguards are as follows:

Q: If an audit organization has a completely separate consulting unit, could the work of the consulting unit affect the organization’s independence to perform audits?
A: Yes. Both units are still part of the same organization and the overarching safeguards would apply. Thus, a completely separate engagement team from top to bottom must be in place.

Q: Is independence impaired if the audit firm is affiliated with a team or another partnering firm?
A: It depends on the level of involvement. A close relationship may in fact impair your firm’s independence.

Q: Is there a safeguard for an auditor that performs minimal routine non-audit work for the audit client?
A: If a firm provides a total of 40 hours or fewer non-audit hours, the separate engagement team requirement is waived.

Q: Can an auditor still perform monthly bookkeeping functions?
A: Absolutely not. Either the bookkeeping or the audit must go!

Q: Can auditors still prepare financial statements for the client and audit those same statements?
A: Yes. There is nothing in the new standard that prohibits this as long as all the information and source documents used to prepare the financial statements are from the client and management understands and takes responsibility for that information.

On a more basic level, documentation is a key to staying out of trouble. Clearly detail your rationalization and prove why and how you are not making or influencing management decisions. Also, keep thorough records showing how you are not auditing your own work.

The engagement letter becomes increasingly important with the new standard. This will be your road map to maintaining independence and the proof you need to document that management clearly understands and accepts responsibility. Exhibit 2 provides basic tips for performance of non-audit services. Even with these guidelines, maintaining independence will be like walking a tightrope.

Are Non-Audit Services Worth the Risk?
Government auditors must seriously consider whether or not to stay in the consulting business or give up audits of entities they provide non-audit services for. Remember, it’s your firms’ reputation and your career at stake when you sign on the dotted line.

Much of this is uncharted waters and can be left to the subjective opinions of your peer reviewer, and quite likely, the media and public will be involved. Even if one carefully documents decisions and follows appropriate guidelines, it would be wise to get a second opinion prior to taking on an engagement. Back-up from auditors outside your firm or even your region may prove invaluable in the long run.

The new independence standard, revised Yellow Book and the Q&A guide can all be accessed and downloaded from the GAO’s web site. Other helpful web sites with information relating to the new standard are also listed in Exhibit 3.

About the Author
Dr. Craig Foltin, CPA, is mayor of the City of Lorain, Ohio, and part-time lecturer at Cleveland State University.

Top