By Jim McFie, a Fellow of ICPAK
Could Providing Non-Assurance Services to Audit Clients Threaten Independence?
The International Ethics Standards Board for Accountants (IESBA) has published an updated Handbook of the International Code of Ethics for Professional Accountants including International Independence Standards: it is the 2022 edition of the handbook and was published on 8 September 2022. This edition incorporates some revisions that became effective in December 2022.In addition, it contains the IESBA approved revised definition of a public interest entity that will become effective in December 2024.
When the International Federation of Accountants refers to a “professional accountant” they mean, for Kenya, a member of the Institute Certified Public Accountants of Kenya. There is repetition of much previously published material but for completeness I shall include this material. The first revision relates to the provision of non-assurance services to an audit client. Firms are required to comply with the fundamental principles, be independent, and apply the conceptual framework (set out in Section 120 of
the Code) to identify, evaluate and address threats to independence.
Firms and network firms might provide a range of non-assurance services to their audit clients, consistent with their skills and expertise. Providing non-assurance services to audit clients might create threats to compliance with the fundamental principles and threats to independence. Section 600 of the Code sets out requirements and application material relevant to applying the conceptual framework to identify, evaluate and address threats to independence when providing nonassurance services to audit clients.
New business practices, the evolution of financial markets and changes in technology are some developments that make it impossible to draw up an all-inclusive list of non-assurance services that firms and network firms might provide to an audit client. The conceptual framework and the general provisions apply when a firm proposes to a client to provide a non-assurance service for which there are no specific
requirements and application material.
A professional accountant must comply with the Code. Upholding the fundamental principles and compliance with the specific requirements of the Code enables professional accountants to meet their responsibility to act in the public interest. Complying with the Code includes giving appropriate regard to the aim and intent of the specific requirements. Compliance with the requirements of the Code does not mean that professional accountants will have always met their responsibility to act in the public interest.
There might be unusual or exceptional circumstances in which an accountant believes that complying with a requirement or requirements of the Code might not be in the public interest or would lead to a disproportionate outcome. In those circumstances, the accountant is encouraged to consult with an appropriate body such as a professional or regulatory body. In acting in the public interest, a professional accountant considers not only the preferences or requirements of an individual client or employing
organization, but also the interests of other stakeholders when performing professional activities.
If there are circumstances where laws or regulations preclude a professional accountant from complying with certain parts of the Code, those laws and regulations prevail, but the accountant must comply with all other parts of the Code. The principle of professional behavior requires a professional accountant to comply with relevant laws and regulations. Some jurisdictions might have provisions that differ from or
go beyond those set out in the Code.
In the Kenya Companies Act 2015, section 774 states that a person may not act as statutory auditor of an audited company if the person is:
(a) an officer or employee of the audited company;
(b) a partner or employee of the audited company, or a partnership of which such a person is a partner; (c) an officer or employee of an associated undertaking of the audited company;
(d) a partner or employee of the audited company or a partnership of which such a person is a partner.
These situations occur if there exists between:
(a) the person or the person’s associate; and
(b) the audited company or an associated undertaking of the audited company, a connection of a description prescribed by the regulations for the purposes of this section.
An “associated undertaking”, in relation to an audited company, means:
(a) a parent undertaking or subsidiary undertaking of the audited company; or
(b) a subsidiary undertaking of a parent undertaking of the audited company.
These requirements mirror exactly the requirements of International Statements on Auditing. If there are laws and regulations in a jurisdiction relating to the provision of non-assurance services to audit clients that differ from or go beyond those set out in the Code, firms providing non-assurance services to which such provisions apply need to be aware of those differences and comply with the more stringent provisions.
When a firm or a network firm provides a non-assurance service to an audit client, there is a risk that the firm or network firm will assume a management responsibility. Hence, when performing a professional activity for an audit client, the firm must be satisfied that client management makes all judgments and decisions that are the proper responsibility of management. This includes ensuring that the client’s management:
(a) Designates an individual who possesses suitable skill, knowledge and experience to be responsible at all times for the client’s decisions and to oversee the activities. Such an individual, preferably within
senior management, would understand:
(i) The objectives, nature and results of the activities; and
(ii) The respective client and firm or network firm responsibilities. However, the individual is not required to possess the expertise to perform or re-perform the activities.
(b) Provides oversight of the activities and evaluates the adequacy of the results of the activities performed for the client’spurpose.
(c) Accepts responsibility for the actions , if any, to be taken arising from the results of the activities.
Before a firm or a network firm accepts an engagement to provide a nonassurance service to an audit client, the firm must apply the conceptual framework to identify, evaluate and address any threat to independence that might be created by providing that
There are many other factors that have to be taken into account when accepting non-assurance work from an audit client: a person or firm which provides non-assurance services to an audit client would need to go through the whole of Section 600, but the main changes are stated above.Paragraph R400.13 now states that a firm or a network firm is prohibited from assuming a management responsibility for an audit client.
The Code specifies that management responsibilities involve controlling, leading and directing an
entity, including making decisions regarding the acquisition, deployment and control of human, financial,
technological, physical and intangible resources: IESBA moved the prohibition from Section 600 to Section 400 so that it is clear that the prohibition on assuming management responsibilities applies to all aspects of the relationship between a firm or a network firm and an audit client, and not only in the case of the provision of a non-assurance service.
Firms and network firms should be especially alert when assisting and advising audit clients to avoid situations that involve assuming a management responsibility. To assist firms, the Code identifies general activities that would be considered a management responsibility and prohibited for all audit clients, specific types of non-assurance services that involve or might result in assuming a management responsibility, and specific types of non-assurance services that do not usually create a threat to
independence as long as individuals within the firm or network firm do not assume a management responsibility.
There are revisions to address the objectivity of an engagement quality reviewer (EQR) and other appropriate reviewers. The following are examples of circumstances where threats to the objectivity of a professional accountant appointed as an engagement quality reviewer might be created:
(a) Selfinterest threat: Two engagement partners each serving as an engagement quality reviewer for the other’s engagement;
(b) Self-review threat: An accountant serving as an engagement quality reviewer on an audit engagement after previously serving as the engagement partner;
(c) Familiarity threat: An accountant serving as an engagement quality reviewer has a close relationship
with or is an immediate family member of another individual who is involved in the engagement; and
(d) Intimidation threat: An accountant serving as an engagement quality reviewer for an engagement has a direct reporting line to the partner responsible for the engagement.
In addition, the 2022 edition of the Code contains the IESBA approved a revised definition of a public interest entity that will become effective in December 2024. The definition of a public interest entity is as follows: a firm shall treat an entity as a public interest entity when it falls within any of the following categories:
(a) A publicly traded entity (rather than a listed entity);
(b) An entity one of whose main functions is to take deposits from the public;
(c) An entity one of whose main functions is to provide insurance to the public; or
(d) An entity specified as such by law, regulation or professional standards where stakeholders have
heightened expectations regarding the independence of a firm performing an audit engagement for a public interest entity because of the significance of the public interest in the financial condition of the entity.
The purpose of the requirements and application material for public interest entities are applicable only to the audit of financial statements of public interest entities, reflecting significant public interest in the financial condition of these entities due to the potential impact of their financial well-being on stakeholders: the purpose is to meet these expectations, thereby enhancing stakeholders’ confidence in the entity’s financial statements that can be used when assessing the entity’s financial condition.