This week, the Government Accountability Office (GAO) published a revised version of the Generally Accepted Government Auditing Standards (GAGAS, also known as the Yellow Book), which among other things has been restructured to distinguish requirements from application guidance.
How have the independence standards changed?
Added to the Yellow Book independence standards for clarification is a statement (par. 3.88) that preparation of a client's financial statements in their entirety (from a client's trial balance or underlying accounting records) creates significant threats to independence requiring the application of safeguards that reduce the threat(s) to an acceptable level. "Acceptable level," means that a reasonable and informed third party would conclude that the firm could perform the audit without compromising its professional judgement. Auditors who are able to do so are required to document the evaluation, including the safeguards applied. Auditors who are unable to apply sufficient safeguards should not perform both the nonaudit and audit services, as independence would be considered impaired.
In addition, par. 3.89 states that the following bookkeeping and financial statement preparation activities create threats to independence that the firm should evaluate to determine whether they are significant:
a. recording transactions for which management has determined or approved the appropriate account classification, or posting coded transactions to an audited entity’s general ledger;
b. preparing certain line items or sections of the financial statements based on information in the trial balance;
c. posting entries that an audited entity’s management has approved to the entity’s trial balance; and
d. preparing account reconciliations that identify reconciling items for the audited entity management’s evaluation.
Firms should document their analyses of whether threats created by these services are significant. If the firm concludes that threats were not significant, the firm should indicate its rationale for the conclusion. If the firm concludes that threats were significant, the firm should document which safeguards the firm applied to eliminate or mitigate those threats to an acceptable level. Again, if the threats cannot be sufficiently mitigated, the firm should not perform both the nonaudit and the audit services, since independence is impaired.
Both changes depart from the AICPA Code of Professional Conduct. Apart from the activities outlined in par. 3.87, the AICPA Code neither prohibits nor dictates that such services automatically create threats or significant threats to independence requiring analysis and documentation. In fact, the services described in 3.88 - .89 as creating threats to independence appear as permissible services in 1.295.120.02 of the Code (assuming the firm complies with section 1.295, including the general requirements in 1.295.040). Otherwise, the Code requires firms to apply professional judgment in determining the need to analyze whether financial statement preparation or bookkeeping services not addressed in the Code create threats to independence.
What does this mean for firms?
The new Yellow Book clearly informs firms which services create threats and may require application of safeguards and which create significant threats to independence. When threats are significant, firms must apply safeguards to be considered independent, for example, by using separate audit and nonaudit teams or performing an independent second review of nonaudit work, which may present significant challenges for the smaller firms that typically service the smaller clients. In some cases, performing these services for audit clients under the new Yellow Book may no longer be possible.
Firms will also need to factor in additional time and consideration in applying these new provisions and preparing documentation to support the application in their work papers.
Other changes to the Yellow Book include:
- Clarified peer review requirements
- Auditor responsibilities when waste or abuse is identified
When is the new Yellow Book effective?
The 2018 revision of the Yellow Book is effective for financial audits, attestation engagements, and reviews of financial statements for periods ending on or after June 30, 2020, and for performance audits beginning on or after July 1, 2019. Early implementation is not permitted.