The Government Accountability Office (GAO) has recently updated the Government Auditing Standards this year. Some of you may wonder, “How is this update going to affect me?” Or, “What is my auditor going to be asking that I should be prepared for?” Among the seven chapters and over 200 pages of information that you and your auditor should be familiar with is a substantial change to the independence standards that will come into effect for periods ending on or after December 15, 2012 but will begin having implications as soon as January 1, 2012. These independence standards can be found in chapter 3 of the Yellow Book which can be found by going to the U.S. Government Accountability Office website or clicking on this link: http://www.gao.gov/yellowbook.
Starting as soon as January 1, 2012, the new independence rules may have implications and it may be based on whether or not your auditor performs what the GAO calls non-audit services. These can vary depending on each particular situation and relationship you may have with your auditor, but here are some examples of what may be considered a non-audit service are when your auditor is preparing:
- Financial statements or your Comprehensive Annual Financial Report (CAFR),
- Journal entries other than proposed audit entries,
- Maintaining your capital asset schedules or
- Bookkeeping services
If this is the case, your auditor will be required to perform and document an assessment of “threats” to the independence of the auditor, whether or not management of your organization possesses suitable Skills, Knowledge, or Experience (SKE) to properly and effectively oversee the non-audit services, and establish an understanding with your organizations management regarding the non-audit services to be performed. Most audit firms have already been doing some level of this type of assessment in the past, but what is new is the requirement to document each part of this requirement for each audit before the non-audit services are rendered. It is important to note that Yellow Book independence requirements must be met before non-audit services are performed in the year, or for the year, being audited. This means if your auditor is performing a non-audit service in October 2012, such as drafting your CAFR for the June 30, 2012 year end, and you will retain your auditor for the June 30, 2013 year end, then those non-audit services were rendered during your year ended June 30, 2013 and should have been assessed and documented before they were performed.
What does this mean for me? Well in short, you should expect to see your auditor ask specific questions regarding your SKE, if they have not already done so in the past. These questions may include:
- Your level of education
- Your years of experience performing your current duties
- The number of years you have been at your position with your organization
- Whether you have a clear understanding of the nature of the services being performed and knowledge of your organization’s mission and operations.
You should also expect to have a conversation with your auditor, or an addition to your engagement letter, establishing both the auditor’s and your (or management’s) understanding established for the non-audit services to be performed. Your auditor will also be required to establish and document certain safe guards to maintain their independence with your organization. This may include an independent review of the non-audit services performed by an individual in the audit firm that has the suitable experience and knowledge to review the services but was not involved with the non-audit services or the audit in question.
The GAO does not require you to possess the technical qualifications to perform or re-perform the non-audit service but they do require you to understand the services sufficiently to oversee those services. Your auditor may already have requested you to review certain disclosure checklists when reviewing your statements in the past; this can be another type of safe guard that your auditor will document in the assessment of their independence with your organization.
At a very minimum, you will be required to assume all management responsibilities, evaluate the adequacy and results of the services performed, and accept responsibility for the results of the services. So it is important to maintain very open levels of communication with your auditor so you are aware of what, when and where your non-audit services are being performed as well as maintain all management decisions in relation to those services.
We encourage all entities requiring a Yellow Book audit to go to the provided link in this blog and read chapter 3 of the new Yellow Book, as well as the remainder of the Yellow Book, to fully understand the implications of the standards that have been updated.
Brian Hemmerle, CPA