COVER: Tidying up the Yellow Book Independence Standards
April 18, 2019
By Leita Hart-Fanta, CPA, CGFM, CGAP
The 2018 version of the Yellow Book (Generally Accepted Government Auditing Standards) presents a fresh approach to the same old auditor independence standards. It is as if Marie Kondo, the star of her own home organizing show on Netflix, barged in on the Government Accountability Office (GAO) and helped them tidy up!
By tidying up the standards and moving statements around, the GAO has brought attention to existing standards, and by adding a few clarifying paragraphs, they have sparked a renewed interest in the topic of auditor independence.
Why does the GAO keep working on independence?
The GAO keeps trying to perfect the independence standards because if an auditor is not deemed objective and independent by the users of the audit results, what the auditor says in the audit report is questionable.
Yellow Book 2018 3.22 Auditors and audit organizations maintain their independence so that their opinions, findings, conclusions, judgments, and recommendations will be impartial and will be viewed as impartial by reasonable and informed third parties.
Some auditors say that true independence is not possible; that instead independence is an ideal to which auditors strive, but never truly reach.
The GAO understands that CPAs in public practice are not truly independent because they report to the client that pays their fees. But the GAO recognizes that while there is nothing to be done about that, there is something that needs to be done to prevent CPAs from further compromising their independence by taking on certain non-audit services.
CPA firms face five hurdles
The GAO specifically addresses one particular non-audit service, drafting the financial statements. The GAO is aware that CPA firms often create a client’s financial statements and then turn around and audit and opine on them.
Obviously, it would be best if the client handed the completed financial statements to the auditor so all the auditor had to do was audit them. But many clients mistakenly expect their auditor to both create and audit the financial statements. CPA firms oblige because they want to meet the client’s expectations – however misguided - and want to save the client the hassle of finding both a compiler of the financial statements and an auditor of the financial statements.
However, the GAO wants auditors who follow the Yellow Book standards to do the right thing regarding auditor independence and is not concerned with the comfort and convenience of the audit client. Compromises in auditor independence can add up to serious long-term problems.
And although the GAO never expressly prohibits auditors from doing both, they do, by requiring the auditor to jump five hurdles, nearly force the auditor to recognize that both creating and auditing the financial statements is a bad idea.
The auditor who both creates and audits financial statements for a client is asked to jump these five hurdles:
- Identify creating the financial statements as a threat to independence
- Deem the threat as significant
- Safeguard the auditors’ independence against the threat
- Document that the client has SKE
- Have the client accept responsibility for the financial statements
The Yellow Book overrides auditor judgment
For most threats to independence, the GAO gives the auditor the power to decide if the threat is significant and deserving of safeguards. However, in the 2018 Yellow Book, in new paragraph 3.88, the GAO overrides the auditor’s judgment and tells the auditor that preparing financial statements is a significant threat and calls on the auditor to apply safeguards.
Yellow Book 2018 3.88 Auditors should conclude that preparing financial statements in their entirety from a client-provided trial balance or underlying accounting records creates significant threats to auditors’ independence, and should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level in accordance with paragraph 3.33 or decline to provide the services.
The hurdles in more detail
Let’s take a closer look at each of the five hurdles:
- Hurdle 1: Identify threats - Auditors end up opining on their own work when they create and audit the financial statements. From 3.39, the self-review threat to independence includes this description, “An audit organization providing a service for an audited entity that directly affects the subject matter information of the engagement.”
- Hurdle 2: Identify whether the threat is significant - Normally, auditors use their judgment to decide if a threat impairs their independence, but in this case paragraph 3.88 takes away the auditor’s choice and dictates that the auditor should identify the creation of financial statements as a significant threat that deserves safeguards.
- Hurdle 3: Apply safeguards to mitigate the threat - Safeguards are controls that the auditor or client puts in place, or are choices the auditor makes, to make sure that the auditor maintains their independence. For instance, the auditor can choose to withdraw from the audit altogether as the ultimate safeguard. Or the auditor can add a layer of quality control to the engagement by asking another auditor to review the audit results.
- Hurdle 4: Document that the client has SKE - SKE stands for skills, knowledge, and experience. The client needs to have SKE so they can tell whether the auditor made a mistake when creating the financial statements.
Yellow Book 2018 3.73 … auditors should determine that the audited entity has designated an individual who possesses suitable skill, knowledge, or experience and that the individual understands the services to be provided sufficiently to oversee them.
Yellow Book 2018 3.79… indicators of management’s ability to effectively oversee the nonaudit service include management’s ability to determine the reasonableness of the results of the nonaudit services provided and to recognize a material error, omission, or misstatement in the results of the nonaudit services provided.
- Hurdle 5: Have the client accept responsibility for the subject matter - The client must confirm - in writing - that they are ultimately responsible for the content of the financial statements. The GAO says that if the client is unwilling to play along, the auditor’s independence has been impaired, which ultimately means that the auditor will not be able to perform both functions.
Yellow Book 2018 3.75 In cases where the audited entity is unable or unwilling to assume these responsibilities (for example, the audited entity does not have an individual with suitable skill, knowledge, or experience to oversee the nonaudit services provided, or is unwilling to perform such functions because of lack of time or desire), auditors should conclude that the provision of these services is an impairment to independence
Can you get over all of those hurdles?
It is a rare auditor who can document their way through all of those hurdles without concluding that both creating and auditing the financial statements is a bad idea.
One CPA approached me on a morning break during a day-long seminar on Yellow Book standards and quipped, “I really hate the GAO. They are forcing me to lie.”
He explained that if he tells his clients – which are mostly local governments and not-for-profits – that he will not create the financial statements as part of his audit, they are going to find someone who will. So he documents that the client has SKE even though he knows they don’t, and has the client sign a letter saying they are ultimately responsible for the financial statements even though they both know the client can’t even read the financial statements.
Paragraph 3.88 of the Yellow Book made him think again about his choice and at the end of the seminar, he told me that he and his partners had agreed to tell their clients they would either create the financial statements or do the audit, but not do both.
I doubt this CPA feels that the revisions to the Yellow Book independence standards have sparked joy in his life. But I am sure Marie Kondo would tell him that embracing the unpleasant, but right, thing now results in a variety of unforeseen long-term benefits that will allow him and his partners to dwell in peace.
About the author: Leita Hart-Fanta, CPA, CGFM, CGAP is the author of the self-study books “The Yellow Book Interpreted” and “The Green Book: Standards for Internal Control.” She has led over 1200 full day seminars and workshops for professionals in her 30-year career in government auditing. She can be reached at firstname.lastname@example.org.