The Professional Ethics Executive Committee recently revised the independence rules applicable to the AICPA members who provide nonattest services to attest clients.
The revised rules reinforce and clarify the general requirements that must be met for a member to maintain independence when the member (and his or her firm) also provides nonattest services to an attest client (i.e. the member cannot perform management functions or make management decisions for the client).
Two new general provisions were added to the rules: one requires a member to document his or her understanding of certain aspects of the engagement prior to performing nonattest services, and the other requires compliance with more restrictive nonattest services independence rules of other regulatory bodies to which the client is subject.
Prior to beginning the nonattest services engagement the member must be satisfied that the client is both willing and able to perform all management functions related to the engagement. Specifically, the client must:
Assign a competent individual to be responsible for overseeing the services.
- Set the scope of the services.
- Evaluate and accept responsibility for the results of the services.
- Establish and maintain internal controls over the services.
Once the client’s willingness and ability to perform these duties are assigned, the member must document his or her understanding with the client, a new requirement under the rules. The documentation must include a description of the services, the engagement objectives, any limitations of the engagement, the member’s responsibilities, and the client’s agreement to accept its responsibilities. In addition to the AICPA rules, members are now required to comply with more restrictive nonattest services independence rules of other authoritative regulatory bodies, where applicable (e.g. state boards of accountancy and the Securities and Exchange Commission).
More restrictive rules were adopted for certain valuation, appraisal and actuarial services in that members may not perform any such services if the results of the service will be material to the client’s financial statements and the service is subject to a significant amount of subjectivity. Actuarial services related to a client’s pension benefit (and similar) liabilities are permitted because they do not involve a significant amount of subjectivity and valuation.
The committee also tightened rules for some types of information technology-related services. For example, a member may not create or change the source code underlying a client’s financial reporting system (i.e. “design” the client’s system). While members may not design a client’s financial information system, they may install prepackages software for clients and help format it for their use. The new rules also prohibit a member from operating a client’s local area network system as this is considered to be a management function.
Should it be determined that a firm is not independent under Interpretation 101-3, the highest level of attest service that may be performed for that client is a compilation and the report must be modified to note lack of independence (refer to SSARS standards [ AR Section 80.21]).
The documentation requirement will apply to all nonattest services (e.g., bookkeeping, tax, consulting, internal audit services, etc.) performed for an attest client after December 31, 2004, (i.e., nonattest engagements in process at or commencing after December 31, 2004). All other requirements of Interpretation 101-3 were effective December 31, 2003 subject to the transition provisions as provided for in the Interpretation.