Independence

3.17

GAGAS’s practical consideration of independence consists of four interrelated sections, providing

1. general requirements and application guidance;

2. requirements for and guidance on a conceptual framework for making independence determinations based on facts and circumstances that are often unique to specific environments;

3. requirements for and guidance on independence for auditors providing nonaudit services, including identification of specific nonaudit services that always impair independence and others that would not normally impair independence; and

4. requirements for and guidance on documentation necessary to support adequate consideration of auditor independence.

Requirements: General

3.18

In all matters relating to the GAGAS engagement, auditors and audit organizations must be independent from an audited entity.

3.19

Auditors and audit organizations should avoid situations that could lead reasonable and informed third parties to conclude that the auditors and audit organizations are not independent and thus are not capable of exercising objective and impartial judgment on all issues associated with conducting the engagement and reporting on the work.

3.20

Except under the limited circumstances discussed in paragraphs 3.66 and 3.67, auditors and audit organizations should be independent from an audited entity during

1. any period of time that falls within the period covered by the financial statements or subject matter of the engagement and

2. the period of professional engagement.

Application Guidance: General

3.21

Independence comprises the following:

3.21a

1. Independence of mind: The state of mind that permits the conduct of an engagement without being affected by influences that compromise professional judgment, thereby allowing an individual to act with integrity and exercise objectivity and professional skepticism.

3.21b

2. Independence in appearance: The absence of circumstances that would cause a reasonable and informed third party to reasonably conclude that the integrity, objectivity, or professional skepticism of an audit organization or member of the engagement team had been compromised.

3.22

Auditors and audit organizations maintain their independence so that their opinions, findings, conclusions, judgments, and recommendations will be impartial and will be viewed as impartial by reasonable and informed third parties.

3.23

The period of professional engagement begins when the auditors either sign an initial engagement letter or other agreement to conduct an engagement or begin to conduct an engagement, whichever is earlier. The period lasts for the duration of the professional relationship—which, for recurring engagements, could cover many periods—and ends with the formal or informal notification, either by the auditors or the audited entity, of the termination of the professional relationship or with the issuance of a report, whichever is later. Accordingly, the period of professional engagement does not necessarily end with the issuance of a report and recommence with the beginning of the following year’s engagement or a subsequent engagement with a similar objective.

3.24

Under some conditions, the party requesting or requiring an engagement, referred to as the engaging party, will differ from the party responsible for the engagement’s subject matter, referred to as the responsible party. Under such conditions, the GAGAS independence requirements apply to the relationship between the auditors and the responsible party, not the relationship between the auditors and the engaging party. The following are examples of conditions under which the party requesting an engagement may differ from the party responsible for the engagement’s subject matter.

1. A legislative body requires that auditors conduct, on the legislative body’s behalf, a performance audit of program operations that are the responsibility of an executive agency. GAGAS requires that the auditors be independent of the executive agency.

2. A state agency engages an independent public accountant to conduct an examination-level attestation engagement to assess the validity of certain information that a local government provided to the state agency. GAGAS requires that the independent public accountant be independent of the local government.

3. A government department works with a government agency that conducts examination-level attestation engagements of contractor compliance with the terms and conditions of agreements between the department and the contractor. GAGAS requires that the auditors be independent of the contractors.

3.25

Auditors in government sometimes work under conditions that impair independence in accordance with this section. An example of such a circumstance is a threat created by a statutory requirement for auditors to serve in official roles that conflict with the independence requirements of this section, such as a law that requires an auditor to serve as a voting member of an entity’s management committee or board of directors, for which there are no safeguards to eliminate or reduce the threats to an acceptable level. Paragraph 2.17b provides standard language for modified GAGAS compliance statements for auditors who experience such impairments. Determining how to modify the GAGAS compliance statement in these circumstances is a matter of professional judgment.

GAGAS Conceptual Framework Approach to Independence

3.26

Many different circumstances, or combinations of circumstances, are relevant in evaluating threats to independence. Therefore, GAGAS establishes a conceptual framework that auditors use to identify, evaluate, and apply safeguards to address threats to independence. The conceptual framework assists auditors in maintaining both independence of mind and independence in appearance. It can be applied to many variations in circumstances that create threats to independence and allows auditors to address threats to independence that result from activities that are not specifically prohibited by GAGAS.

Requirements: GAGAS Conceptual Framework Approach to Independence

3.27

Auditors should apply the conceptual framework²¹ at the audit organization, engagement team, and individual auditor levels to

1. identify threats to independence;

2. evaluate the significance of the threats identified, both individually and in the aggregate; and

3. apply safeguards as necessary to eliminate the threats or reduce them to an acceptable level.

3.28

Auditors should reevaluate threats to independence, including any safeguards applied, whenever the audit organization or the auditors become aware of new information or changes in facts and circumstances that could affect whether a threat has been eliminated or reduced to an acceptable level.

3.29

Auditors should use professional judgment when applying the conceptual framework.

3.30

Auditors should evaluate the following broad categories of threats to independence when applying the GAGAS conceptual framework:

3.30a

1. Self-interest threat: The threat that a financial or other interest will inappropriately influence an auditor’s judgment or behavior.

3.30b

2. Self-review threat: The threat that an auditor or audit organization that has provided nonaudit services will not appropriately evaluate the results of previous judgments made or services provided as part of the nonaudit services when forming a judgment significant to a GAGAS engagement.

3.30c

3. Bias threat: The threat that an auditor will, as a result of political, ideological, social, or other convictions, take a position that is not objective.

3.30d

4. Familiarity threat: The threat that aspects of a relationship with management or personnel of an audited entity, such as a close or long relationship, or that of an immediate or close family member, will lead an auditor to take a position that is not objective.

3.30e

5. Undue influence threat: The threat that influences or pressures from sources external to the audit organization will affect an auditor’s ability to make objective judgments.

3.30f

6. Management participation threat: The threat that results from an auditor’s taking on the role of management or otherwise performing management functions on behalf of the audited entity, which will lead an auditor to take a position that is not objective.

3.30g

7. Structural threat: The threat that an audit organization’s placement within a government entity, in combination with the structure of the government entity being audited, will affect the audit organization’s ability to perform work and report results objectively.

3.31

Auditors should determine whether identified threats to independence are at an acceptable level or have been eliminated or reduced to an acceptable level, considering both qualitative and quantitative factors to determine the significance of a threat.

3.32

When auditors determine that threats to independence are not at an acceptable level, the auditors should determine whether appropriate safeguards can be applied to eliminate the threats or reduce them to an acceptable level.

3.33

In cases where auditors determine that threats to independence require the application of safeguards, auditors should document the threats identified and the safeguards applied to eliminate or reduce the threats to an acceptable level.

3.34

If auditors initially identify a threat to independence after the audit report is issued, auditors should evaluate the threat’s effect on the engagement and on GAGAS compliance. If the auditors determine that the newly identified threat’s effect on the engagement would have resulted in the audit report being different from the report issued had the auditors been aware of it, they should communicate in the same manner as that used to originally distribute the report to those charged with governance, the appropriate officials of the audited entity, the appropriate officials of the audit organization requiring or arranging for the engagements, and other known users, so that they do not continue to rely on findings or conclusions that were affected by the threat to independence. If auditors previously posted the report to their publicly accessible website, they should remove the report and post a public notification that the report was removed. The auditors should then determine whether to perform the additional engagement work necessary to reissue the report, including any revised findings or conclusions, or to repost the original report if the additional engagement work does not result in a change in findings or conclusions.

Application Guidance: GAGAS Conceptual Framework Approach to Independence

3.35

For consideration of auditor independence, offices or units of an audit organization, or related or affiliated entities under common control, are not differentiated from one another. Consequently, for the purposes of evaluating independence using the conceptual framework, an audit organization that includes multiple offices or units, or includes multiple entities related or affiliated through common control, is considered to be one audit organization. Common ownership may also affect independence in appearance regardless of the level of control.

Identifying Threats

3.36

Facts and circumstances that create threats to independence can result from events such as the start of a new engagement, assignment of new personnel to an ongoing engagement, and acceptance of a nonaudit service for an audited entity.

3.37

Threats to independence may be created by a wide range of relationships and circumstances. Circumstances that result in a threat to independence in one of the categories may result in other threats as well.

3.38

Examples of circumstances that create self-interest threats for an auditor follow:

1. An audit organization having undue dependence on income from a particular audited entity.

2. A member of the audit team entering into employment negotiations with an audited entity.

3. An audit organization discovering a significant error when evaluating the results of a previous professional service provided by the audit organization.

4. A member of the audit team having a direct financial interest in the audited entity. However, this would not preclude auditors from auditing pension plans that they participate in if (1) the auditors have no control over the investment strategy, benefits, or other management issues associated with the pension plan and (2) the auditors belong to such pension plan as part of their employment with the audit organization or prior employment with the audited entity, provided that the plan is normally offered to all employees in equivalent employment positions.

3.39

Examples of circumstances that create self-review threats for an auditor follow:

1. An audit organization issuing a report on the effectiveness of the operation of financial or performance management systems after designing or implementing the systems.

2. An audit organization having prepared the original data used to generate records that are the subject matter of the engagement.

3. An audit organization providing a service for an audited entity that directly affects the subject matter information of the engagement.

4. A member of the engagement team being, or having recently been, employed by the audited entity in a position to exert significant influence over the subject matter of the engagement.

3.40

Examples of circumstances that create bias threats for an auditor follow:

1. A member of the engagement team having preconceptions about the objectives of a program under audit that are strong enough to affect the auditor’s objectivity.

2. A member of the engagement team having biases associated with political, ideological, or social convictions that result from membership or employment in, or loyalty to, a particular type of policy, group, entity, or level of government that could affect the auditor’s objectivity.

3.41

Examples of circumstances that create familiarity threats for an auditor follow:

1. A member of the engagement team having a close or immediate family member who is a principal or senior manager of the audited entity.

2. A member of the engagement team having a close or immediate family member who is an employee of the audited entity and is in a position to exert significant influence over the subject matter of the engagement.

3. A principal or employee of the audited entity having recently served on the engagement team in a position to exert significant influence over the subject matter of the engagement.

4. An auditor accepting gifts or preferential treatment from an audited entity, unless the value is trivial or inconsequential.

5. Senior engagement personnel having a long association with the audited entity.

3.42

Examples of circumstances that create undue influence threats for an auditor or audit organization include existence of the following:

1. External interference or influence that could improperly limit or modify the scope of an engagement or threaten to do so, including exerting pressure to inappropriately reduce the extent of work performed in order to reduce costs or fees.

2. External interference with the selection or application of engagement procedures or in the selection of transactions to be examined.

3. Unreasonable restrictions on the time allowed to complete an engagement or issue the report.

4. External interference over assignment, appointment, compensation, and promotion.

5. Restrictions on funds or other resources provided to the audit organization that adversely affect the audit organization’s ability to carry out its responsibilities.

6. Authority to overrule or to inappropriately influence the auditors’ judgment as to the appropriate content of the report.

7. Threat of replacing the auditor or the audit organization based on a disagreement with the contents of an audit report, the auditors’ conclusions, or the application of an accounting principle or other criteria.

8. Influences that jeopardize the auditors’ continued employment for reasons other than incompetence, misconduct, or the audited entity’s need for GAGAS engagements.

3.43

Examples of circumstances that create management participation threats for an auditor follow:

1. A member of the engagement team being, or having recently been, a principal or senior manager of the audited entity.

2. An auditor serving as a voting member of an entity’s management committee or board of directors, making policy decisions that affect future direction and operation of an entity’s programs, supervising entity employees, developing or approving programmatic policy, authorizing an entity’s transactions, or maintaining custody of an entity’s assets.

3. An auditor or audit organization recommending a single individual for a specific position that is key to the audited entity or program under audit, or otherwise ranking or influencing management’s selection of the candidate.

4. An auditor preparing management’s corrective action plan to deal with deficiencies detected in the engagement.

3.44

Examples of circumstances that create structural threats for an auditor follow:

1. For both external and internal audit organizations, structural placement of the audit function within the reporting line of the areas under audit.

2. For internal audit organizations, administrative direction from the audited entity’s management.

Evaluating Threats

3.45

Threats to independence are evaluated both individually and in the aggregate, as threats can have a cumulative effect on auditors’ independence.

3.46

When evaluating threats to independence, an acceptable level is a level at which a reasonable and informed third party would likely conclude that the audit organization or auditor is independent. The concept of a reasonable and informed third party is a test that involves an evaluation by a hypothetical person. Such a person possesses skills, knowledge, and experience to objectively evaluate the appropriateness of the auditor’s judgments and conclusions. This evaluation entails weighing all the relevant facts and circumstances, including any safeguards applied, that the auditor knows, or could reasonably be expected to know, at the time that the evaluation is made.

3.47

A threat to independence is not at an acceptable level if it either

1. could affect the auditors’ ability to conduct an engagement without being affected by influences that compromise professional judgment or

2. could expose the auditors or audit organization to circumstances that would cause a reasonable and informed third party to conclude that the integrity, objectivity, or professional skepticism of the audit organization, or an auditor, had been compromised.

3.48

The GAGAS section on nonaudit services in paragraphs 3.64 through 3.106 provides requirements and guidance on evaluating threats to independence related to nonaudit services that auditors provide to audited entities. That section also enumerates specific nonaudit services that always impair auditor independence with respect to audited entities and that auditors are prohibited from providing to audited entities.

Applying Safeguards

3.49

Safeguards are actions or other measures, individually or in combination, that auditors and audit organizations take that effectively eliminate threats to independence or reduce them to an acceptable level. Safeguards vary depending on the facts and circumstances.

3.50

Examples of safeguards include

1. consulting an independent third party, such as a professional organization, a professional regulatory body, or another auditor to discuss engagement issues or assess issues that are highly technical or that require significant judgment;

2. involving another audit organization to perform or re-perform part of the engagement;

3. having an auditor who was not a member of the engagement team review the work performed; and

4. removing an auditor from an engagement team when that auditor’s financial or other interests or relationships pose a threat to independence.

3.51

The lists of safeguards in 3.50 and 3.69 cannot provide safeguards for all circumstances. They may, however, provide a starting point for auditors who have identified threats to independence and are considering what safeguards could eliminate those threats or reduce them to an acceptable level. In some cases, multiple safeguards may be necessary to address a threat.

Audit Organizations in Government Entities

3.52

The ability of an audit organization structurally located in a government entity to perform work and report the results objectively can be affected by its placement within the government entity and the structure of the government entity being audited. The independence standard applies to auditors in both external audit organizations (reporting to third parties externally or to both internal and external parties) and internal audit organizations (reporting only to senior management within the audited entity). Such audit organizations are often subject to constitutional or statutory safeguards that mitigate the effects of structural threats to independence.

3.53

For external audit organizations, constitutional or statutory safeguards that mitigate the effects of structural threats to independence may include governmental structures under which a government audit organization is

1. at a level of government other than the one of which the audited entity is part (federal, state, or local)—for example, federal auditors auditing a state government program—or

2. placed within a different branch of government from that of the audited entity—for example, legislative auditors auditing an executive branch program.

3.54

Safeguards other than those described in paragraph 3.53 may mitigate threats resulting from governmental structures. For external audit organizations, structural threats may be mitigated if the head of the audit organization meets any of the following criteria in accordance with constitutional or statutory requirements:

1. directly elected by voters of the jurisdiction being audited;

2. elected or appointed by a legislative body, subject to removal by a legislative body, and reporting the results of engagements to and accountable to a legislative body;

3. appointed by someone other than a legislative body, so long as the appointment is confirmed by a legislative body and removal from the position is subject to oversight or approval by a legislative body, and reports the results of engagements to and is accountable to a legislative body; or

4. appointed by, accountable to, reports to, and can only be removed by a statutorily created governing body, the majority of whose members are independently elected or appointed and are outside the organization being audited.

3.55

In addition to the criteria in paragraphs 3.53 and 3.54, GAGAS recognizes that there may be other organizational structures under which external audit organizations in government entities could be considered independent. If appropriately designed and implemented, these structures provide safeguards that prevent the audited entity from interfering with the audit organization’s ability to perform the work and report the results impartially. An external audit organization may be structurally independent under a structure different from the ones listed in paragraphs 3.53 and 3.54 if the government audit organization is subject to all of the following constitutional or statutory provisions. The following constitutional or statutory provisions may also be used as safeguards to augment those listed in paragraphs 3.53 and 3.54:

1. protections that prevent the audited entity from abolishing the audit organization;

2. protections requiring that if the head of the audit organization is removed from office, the head of the agency reports this fact and the reasons for the removal to the legislative body;

3. protections that prevent the audited entity from interfering with the initiation, scope, timing, and completion of any engagement;

4. protections that prevent the audited entity from interfering with audit reporting, including the findings and conclusions or the manner, means, or timing of the audit organization’s reports;

5. protections that require the audit organization to report to a legislative body or other independent governing body on a recurring basis;

6. protections that give the audit organization sole authority over the selection, retention, advancement, and dismissal of its personnel; and

7. access to records and documents related to the agency, program, or function being audited and access to government officials or other individuals as needed to conduct the engagement.

3.56

Government internal auditors who work under the direction of the audited entity’s management are considered structurally independent for the purposes of reporting internally, if the head of the audit organization meets all of the following criteria:

1. is accountable to the head or deputy head of the government entity or to those charged with governance;

2. reports the engagement results both to the head or deputy head of the government entity and to those charged with governance;

3. is located organizationally outside the staff or line management function of the unit under audit;

4. has access to those charged with governance; and

5. is sufficiently removed from pressures to conduct engagements and report findings, opinions, and conclusions objectively without fear of reprisal.

Internal Auditors

3.57

Certain entities employ auditors to work for entity management. These auditors may be subject to administrative direction from persons involved in the entity management process. Such audit organizations are internal audit functions and are encouraged to use the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing, in conjunction with GAGAS.

3.58

When an internal audit organization conducts engagements pertaining to external parties, such as contractors or entities subject to other outside agreements, and no impairments to independence exist, the audit organization can be considered independent as an external audit organization of those external parties.

Requirements: Independence Impairments

3.59

Auditors should conclude that independence is impaired if no safeguards have been effectively applied to eliminate an unacceptable threat or reduce it to an acceptable level.

3.60

When auditors conclude that independence of the engagement team or the audit organization is impaired under paragraph 3.59, auditors should decline to accept an engagement or should terminate an engagement in progress (except in circumstances discussed in paragraphs 3.25 or 3.84).

Application Guidance: Independence Impairments

3.61

Whether independence is impaired depends on the nature of the threat, whether the threat is of such significance that it would compromise an auditor’s professional judgment or create the appearance that the auditor’s integrity, objectivity, or professional skepticism may be compromised, and the specific safeguards applied to eliminate the threat or reduce it to an acceptable level.

3.62

If auditors conclude that an individual auditor’s independence is impaired under paragraph 3.59, it may be necessary to terminate the engagement or it may be possible to take action that satisfactorily addresses the effect of the individual auditor’s independence impairment.

3.63

Factors that are relevant in evaluating whether the independence of the engagement team or the audit organization is impaired by an individual auditor’s independence impairment include

1. the nature and duration of the individual auditor’s impairment;

2. the number and nature of any previous impairments with respect to the current engagement;

3. whether a member of the engagement team had knowledge of the interest or relationship that caused the individual auditor’s impairment;

4. whether the individual auditor whose independence is impaired is (1) a member of the engagement team or (2) another individual for whom there are independence requirements;

5. the role of the individual auditor on the engagement team whose independence is impaired;

6. the effect of the service, if any, on the accounting records or audited entity’s financial statements if the individual auditor’s impairment was caused by the provision of a nonaudit service;

7. whether a partner or director of the audit organization had knowledge of the individual auditor’s impairment and failed to ensure that the individual auditor’s impairment was promptly communicated to an appropriate individual within the audit organization; and

8. the extent of the self-interest, undue influence, or other threats created by the individual auditor’s impairment.

Provision of Nonaudit Services to Audited Entities

Requirement: Nonaudit Services

3.64

Before auditors agree to provide a nonaudit service to an audited entity, they should determine whether providing such a service would create a threat to independence, either by itself or in aggregate with other nonaudit services provided, with respect to any GAGAS engagement they conduct.

Application Guidance: Nonaudit Services

3.65

Auditors have traditionally provided a range of nonaudit services that are consistent with their skills and expertise. Providing nonaudit services to audited entities may create threats to the independence of auditors or audit organizations.

3.66

For performance audits and agreed-upon procedures engagements, nonaudit services that are otherwise prohibited by GAGAS may be provided when such services do not relate to the specific subject matter of the engagement.

3.67

For financial audits, examination or review engagements, and reviews of financial statements, a nonaudit service otherwise prohibited by GAGAS and provided during the period covered by the financial statements may not threaten independence with respect to those financial statements provided that the following conditions exist:

1. the nonaudit service was provided prior to the period of professional engagement;

2. the nonaudit service related only to periods prior to the period covered by the financial statements; and

3. the financial statements for the period to which the nonaudit service did relate were audited by other auditors (or in the case of an examination, review, or review of financial statements, examined, reviewed, or audited by other auditors as appropriate).

3.68

Nonaudit services that auditors provide can affect independence of mind and in appearance in periods after the nonaudit services were provided. For example, if auditors have designed and implemented an accounting and financial reporting system that is expected to be in place for many years, a threat to independence in appearance may exist in subsequent periods for future engagements that those auditors conduct. For recurring engagements, having another independent audit organization conduct an engagement over the areas affected by the nonaudit service may provide a safeguard that allows the audit organization that provided the nonaudit service to mitigate the threat to its independence.

3.69

The following are examples of actions that in certain circumstances could be safeguards in addressing threats to independence related to nonaudit services:

1. not including individuals who provided the nonaudit service as engagement team members;

2. having another auditor, not associated with the engagement, review the engagement and nonaudit work as appropriate;

3. engaging another audit organization to evaluate the results of the nonaudit service; or

4. having another audit organization re-perform the nonaudit service to the extent necessary to enable that other audit organization to take responsibility for the service.

Routine Activities

3.70

Routine activities that auditors perform related directly to conducting an engagement, such as providing advice and responding to questions as part of an engagement, are not considered nonaudit services under GAGAS. Such routine activities generally involve providing advice or assistance to the audited entity on an informal basis as part of an engagement. Routine activities typically are insignificant in terms of time incurred or resources expended and generally do not result in a specific project or engagement or in the auditors producing a formal report or other formal work product. However, activities such as financial statement preparation, cash-to-accrual conversions, and reconciliations are considered nonaudit services under GAGAS, not routine activities related to the performance of an engagement, and are evaluated using the conceptual framework as discussed in paragraphs 3.87 through 3.95.

3.71

Routine activities directly related to an engagement may include the following:

1. providing advice to the audited entity on an accounting matter as an ancillary part of the overall financial audit;

2. providing advice to the audited entity on routine business matters;

3. educating the audited entity about matters within the technical expertise of the auditors; and

4. providing information to the audited entity that is readily available to the auditors, such as best practices and benchmarking studies.

Other Services Provided by Government Audit Organizations

3.72

Audit organizations in government entities frequently provide services that differ from the traditional professional services that an accounting or consulting firm provides to or for an audited entity. These types of services are often provided in response to a statutory requirement, at the discretion of the authority of the audit organization, or to an engaging party (such as a legislative oversight body or an independent external organization) rather than a responsible party, and would generally not create a threat to independence. Examples of these types of services include the following:

1. providing information or data to a requesting party without auditor evaluation or verification of the information or data;

2. developing standards, methodologies, audit guides, audit programs, or criteria for use throughout the government or for use in certain specified situations;

3. collaborating with other professional organizations to advance auditing of government entities and programs;

4. developing question and answer documents to promote understanding of technical issues or standards;

5. providing assistance and technical expertise to legislative bodies or independent external organizations;

6. assisting legislative bodies by developing questions for use at hearings;

7. providing training, speeches, and technical presentations;

8. providing assistance in reviewing budget submissions;

9. contracting for audit services on behalf of an audited entity and overseeing the audit contract, as long as the overarching principles are not violated and the auditor under contract reports to the audit organization and not to management; and

10. providing audit, investigative, and oversight-related services that do not involve a GAGAS engagement, such as

    1. investigations of alleged fraud, violation of contract provisions or grant agreements, or abuse;
    2. periodic audit recommendation follow-up engagements and reports; and
    3. identifying best practices or leading practices for use in advancing the practices of government organizations.

Requirements: Management Responsibilities

3.73

Before auditors agree to provide nonaudit services to an audited entity that the audited entity’s management requested and that could create a threat to independence, either by themselves or in aggregate with other nonaudit services provided, with respect to any GAGAS engagement they conduct, auditors should determine that the audited entity has designated an individual who possesses suitable skill, knowledge, or experience and that the individual understands the services to be provided sufficiently to oversee them.

3.74

Auditors should document consideration of management’s ability to effectively oversee nonaudit services to be provided.

3.75

In cases where the audited entity is unable or unwilling to assume these responsibilities (for example, the audited entity does not have an individual with suitable skill, knowledge, or experience to oversee the nonaudit services provided, or is unwilling to perform such functions because of lack of time or desire), auditors should conclude that the provision of these services is an impairment to independence.

3.76

Auditors providing nonaudit services to audited entities should obtain agreement from audited entity management that audited entity management performs the following functions in connection with the nonaudit services:

1. assumes all management responsibilities;

2. oversees the services, by designating an individual, preferably within senior management, who possesses suitable skill, knowledge, or experience;

3. evaluates the adequacy and results of the services provided; and

4. accepts responsibility for the results of the services.

3.77

In connection with nonaudit services, auditors should establish and document their understanding with the audited entity’s management or those charged with governance, as appropriate, regarding the following:

1. objectives of the nonaudit service,

2. services to be provided,

3. audited entity’s acceptance of its responsibilities as discussed in paragraph 3.76,

4. the auditors’ responsibilities, and

5. any limitations on the provision of nonaudit services.

3.78

Auditors should conclude that management responsibilities that the auditors perform for an audited entity are impairments to independence. If the auditors were to assume management responsibilities for an audited entity, the management participation threats created would be so significant that no safeguards could reduce them to an acceptable level.

Application Guidance: Management Responsibilities

3.79

A critical component of determining whether a threat to independence exists is consideration of management’s ability to effectively oversee the nonaudit service to be provided. Although the responsible individual in management is required to have sufficient expertise to oversee the nonaudit services, management is not required to possess the expertise to perform or re-perform the services. However, indicators of management’s ability to effectively oversee the nonaudit service include management’s ability to determine the reasonableness of the results of the nonaudit services provided and to recognize a material error, omission, or misstatement in the results of the nonaudit services provided.

3.80

Management responsibilities involve leading and directing an entity, including making decisions regarding the acquisition, deployment, and control of human, financial, physical, and intangible resources.

3.81

The following are considered management responsibilities:

1. setting policies and strategic direction for the audited entity;

2. directing and accepting responsibility for the actions of the audited entity’s employees in the performance of their routine, recurring activities;

3. having custody of an audited entity’s assets;

4. reporting to those charged with governance on behalf of management;

5. deciding which of the audit organization’s or outside third party’s recommendations to implement;

6. accepting responsibility for the management of an audited entity’s project;

7. accepting responsibility for designing, implementing, or maintaining internal control;

8. providing services that are intended to be used as management’s primary basis for making decisions that are significant to the subject matter of the engagement;

9. developing an audited entity’s performance measurement system when that system is material or significant to the subject matter of the engagement; and

10. serving as a voting member of an audited entity’s management committee or board of directors.

3.82

Whether a specific activity is a management responsibility as identified in paragraph 3.81 or otherwise depends on the facts and circumstances.

Requirements: Providing Nonaudit Services

3.83

Auditors who previously provided nonaudit services for an entity that is a prospective subject of an engagement should evaluate the effect of those nonaudit services on independence before agreeing to conduct a GAGAS engagement. If auditors provided a nonaudit service in the period to be covered by the engagement, they should (1) determine if GAGAS expressly prohibits the nonaudit service; (2) if audited entity management requested the nonaudit service, determine whether the skill, knowledge, or experience of the individual responsible for overseeing the nonaudit service was sufficient; and (3) determine whether a threat to independence exists and address any threats noted in accordance with the conceptual framework.

3.84

Auditors in a government entity may be required to provide a nonaudit service that impairs the auditors’ independence with respect to a required engagement. If, because of constitutional or statutory requirements over which they have no control, the auditors can neither implement safeguards to reduce the resulting threat to an acceptable level nor decline to provide or terminate a nonaudit service that is incompatible with engagement responsibilities, auditors should disclose the nature of the threat that could not be eliminated or reduced to an acceptable level and modify the GAGAS compliance statement as discussed in paragraph 2.17b accordingly. Determining how to modify the GAGAS compliance statement in these circumstances is a matter of professional judgment.

Consideration of Specific Nonaudit Services

3.85

By their nature, certain nonaudit services directly support an entity’s operations and, if provided to an audited entity, create a threat to the auditors’ ability to maintain independence in mind and appearance. Some aspects of these services will impair auditors’ ability to conduct GAGAS engagements for the entities to which the services are provided.

3.86

Auditors may be able to provide nonaudit services in the broad areas indicated in paragraphs 3.87 through 3.106 without impairing independence if (1) the nonaudit services are not expressly prohibited by GAGAS requirements, (2) the auditors have determined that the requirements for providing nonaudit services in paragraphs 3.73 through 3.78 and paragraph 3.83 have been met, and (3) any significant threats to independence have been eliminated or reduced to an acceptable level through the application of safeguards. The conceptual framework enables auditors to evaluate independence given the facts and circumstances of individual services that are not specifically prohibited.

Requirements: Preparing Accounting Records and Financial Statements

3.87

Auditors should conclude that the following services involving preparation of accounting records impair independence with respect to an audited entity:

1. determining or changing journal entries, account codes or classifications for transactions, or other accounting records for the entity without obtaining management’s approval;

2. authorizing or approving the entity’s transactions; and

3. preparing or making changes to source documents without management approval.

3.88

Auditors should conclude that preparing financial statements in their entirety from a client-provided trial balance or underlying accounting records creates significant threats to auditors’ independence, and should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level in accordance with paragraph 3.33 or decline to provide the services.²²

3.89

Auditors should identify as threats to independence any services related to preparing accounting records and financial statements, other than those defined as impairments to independence in paragraph 3.87 and significant threats in paragraph 3.88. These services include

1. recording transactions for which management has determined or approved the appropriate account classification, or posting coded transactions to an audited entity’s general ledger;

2. preparing certain line items or sections of the financial statements based on information in the trial balance;

3. posting entries that an audited entity’s management has approved to the entity’s trial balance; and

4. preparing account reconciliations that identify reconciling items for the audited entity management’s evaluation.

3.90

Auditors should evaluate the significance of threats to independence created by providing any services discussed in paragraph 3.89 and should document the evaluation of the significance of such threats.²³

Application Guidance: Preparing Accounting Records and Financial Statements

3.91

Management is responsible for the preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework, even if the auditor assisted in drafting those financial statements. Consequently, an auditor accepting responsibility for the preparation and fair presentation of financial statements that the auditor will subsequently audit or that will otherwise be the subject matter of an engagement would impair the auditor’s independence.

3.92

Source documents include those providing evidence that transactions have occurred (for example, purchase orders, payroll time records, customer orders, and contracts). Such records also include an audited entity’s general ledger and subsidiary records or equivalent.

3.93

Determining whether services, as discussed in paragraph 3.89, are significant threats and require safeguards is a matter of professional judgment.

3.94

Factors that are relevant in evaluating the significance of any threats created by providing services as discussed in paragraph 3.89 include

1. the extent to which the outcome of the service could have a material effect on the financial statements,

2. the degree of subjectivity involved in determining the appropriate amounts or treatment for those matters reflected in the financial statements, and

3. the extent of the audited entity’s involvement in determining significant matters of judgment.

3.95

Providing clerical assistance, such as typing, formatting, printing, and binding financial statements, is unlikely to be a significant threat.

Requirement: Internal Audit Assistance Services Provided by External Auditors

3.96

Internal audit assistance services involve assisting an entity in performing its internal audit activities. Auditors should conclude that the following internal audit assistance activities impair an external auditor’s independence with respect to an audited entity:

1. setting internal audit policies or the strategic direction of internal audit activities;

2. performing procedures that form part of the internal control, such as reviewing and approving changes to employee data access privileges; and

3. determining the scope of the internal audit function and resulting work.

Requirements: Internal Control Evaluation as a Nonaudit Service

3.97

Auditors should conclude that providing or supervising ongoing monitoring procedures over an entity’s system of internal control impairs independence because the management participation threat created is so significant that no safeguards could reduce the threat to an acceptable level.

3.98

Separate evaluations are sometimes provided as a nonaudit service. When providing separate evaluations as nonaudit services, auditors should evaluate the significance of the threat created by performing separate evaluations and apply safeguards when necessary to eliminate the threat or reduce it to an acceptable level.

Application Guidance: Internal Control Evaluation as a Nonaudit Service

3.99

Accepting responsibility for designing, implementing, or maintaining internal control includes accepting responsibility for designing, implementing, or maintaining monitoring procedures. Monitoring involves the use of either ongoing monitoring procedures or separate evaluations to gather and analyze persuasive information supporting conclusions about the effectiveness of the internal control system. Ongoing monitoring procedures performed on behalf of management are built into the routine, recurring operating activities of an entity.

3.100

Factors relevant to evaluating the significance of any threats created by providing separate evaluations as a nonaudit service include

1. the frequency of the separate evaluations and

2. the scope or extent of the controls (in relation to the scope of the engagement conducted) being evaluated.

3.101

A separate evaluation provided as a nonaudit service is not a substitute for engagement procedures in a GAGAS engagement.

Requirement: Information Technology Services

3.102

Auditors should conclude that providing information technology (IT) services to an audited entity that relate to the period under audit impairs independence if those services include

1. designing or developing an audited entity’s financial information system or other IT system that will play a significant role in the management of an area of operations that is or will be the subject matter of an engagement;

2. making other than insignificant modifications to source code underlying an audited entity’s existing financial information system or other IT system that will play a significant role in the management of an area of operations that is or will be the subject matter of an engagement;

3. supervising audited entity personnel in the daily operation of an audited entity’s information system; or

4. operating an audited entity’s network, financial information system, or other IT system that will play a significant role in the management of an area of operations that is or will be the subject matter of an engagement.

Application Guidance: Information Technology Services

3.103

Services related to IT systems include the design or implementation of hardware or software systems. The systems may aggregate source data, form part of the internal control over the subject matter of the engagement, or generate information that affects the subject matter of the engagement.

Requirement: Appraisal, Valuation, and Actuarial Services

3.104

Auditors should conclude that independence is impaired if an audit organization provides appraisal, valuation, or actuarial services to an audited entity when (1) the services involve a significant degree of subjectivity and (2) the results of the service, individually or when combined with other valuation, appraisal, or actuarial services, are material to the audited entity’s financial statements or other information on which the audit organization is reporting.

Application Guidance: Appraisal, Valuation, and Actuarial Services

3.105

A valuation comprises the making of assumptions with regard to future developments; the application of appropriate methodologies and techniques; and the combination of both to compute a certain value, or range of values, for an asset, a liability, or an entity as a whole.

Requirement: Other Nonaudit Services

3.106

Auditors should conclude that providing certain other nonaudit services impairs an external auditor’s independence with respect to an audited entity. These activities include the following:

1. Advisory service

   1. Assuming any management responsibilities

2. Benefit plan administration

   1. Making policy decisions on behalf of management
   2. Interpreting the provisions in a plan document for a plan participant on behalf of management without first obtaining management’s concurrence
   3. Making disbursements on behalf of the plan
   4. Having custody of the plan’s assets
   5. Serving in a fiduciary capacity, as defined under the Employee Retirement Income Security Act of 1974²⁴

3. Business risk consulting

   1. Making or approving business risk decisions
   2. Presenting business risk considerations to those charged with governance on behalf of management

4. Executive or employee recruiting

   1. Committing the audited entity to employee compensation or benefit arrangements
   2. Hiring or terminating the audited entity’s employees

5. Investment advisory or management

   1. Making investment decisions on behalf of management or otherwise having discretionary authority over an audited entity’s investments
   2. Executing a transaction to buy or sell an audited entity’s investments
   3. Having custody of an audited entity’s assets, such as taking temporary possession of securities

Documentation

Requirement: Documentation

3.107

While insufficient documentation of an auditor’s compliance with the independence standard does not impair independence, auditors should prepare appropriate documentation under the GAGAS quality control and assurance requirements.²⁵ The independence standard includes the following documentation requirements, where applicable:

1. document threats to independence that require the application of safeguards, along with safeguards applied, in accordance with the conceptual framework for independence as required by paragraph 3.33;

2. document the safeguards in paragraphs 3.52 through 3.56 if an audit organization is structurally located within a government entity and is considered structurally independent based on those safeguards;

3. document consideration of audited entity management’s ability to effectively oversee a nonaudit service to be provided by the auditor as indicated in paragraph 3.74;

4. document the auditor’s understanding with an audited entity for which the auditor will provide a nonaudit service as indicated in paragraph 3.77; and

5. document the evaluation of the significance of the threats created by providing any of the services discussed in paragraph 3.89.

Application Guidance: Documentation

3.108

Documentation of independence considerations provides evidence of the auditor’s judgments in forming conclusions regarding compliance with independence requirements.

---

21. See fig. 1 at the end of ch. 3 for a flowchart on applying the conceptual framework in accordance with GAGAS.↩︎

22. See fig. 2 at the end of ch. 3 for a flowchart on independence considerations for preparing accounting records and financial statements.↩︎

23. See para. 3.33 for additional requirements related to documenting threats identified and safeguards applied to eliminate or reduce threats to an acceptable level.↩︎

24. See Section 2510.3-21 of Title 29, Code of Federal Regulations.↩︎

25. See para. 5.04 for additional discussion of documenting compliance with quality control policies and procedures and paras. 5.08 through 5.11 for additional discussion of policies and procedures on independence, legal, and ethical requirements.↩︎