Firms are required to comply with the fundamental principles, be independent, and apply the conceptual framework set out in Section 120 to identify, evaluate and address threats to independence.
Firms might provide a range of non-assurance services to their assurance clients, consistent with their skills and expertise. Providing certain non-assurance services to assurance clients might create threats to compliance with the fundamental principles and threats to independence. This section sets out specific requirements and application material relevant to applying the conceptual framework in such circumstances.
Requirements and Application Material
Before a firm accepts an engagement to provide a non-assurance service to an assurance client, the firm shall determine whether providing such a service might create a threat to independence.
The requirements and application material in this section assist firms in analyzing certain types of non-assurance services and the related threats that might be created when a firm accepts or provides non-assurance services to an assurance client.
New business practices, the evolution of financial markets and changes in information technology are among the developments that make it impossible to draw up an all-inclusive list of non-assurance services that might be provided to an assurance client. As a result, the Code does not include an exhaustive listing of all non-assurance services that might be provided to an assurance client.
Factors that are relevant in evaluating the level of threats created by providing a non-assurance service to an assurance client include:
The nature, scope and purpose of the service.
The degree of reliance that will be placed on the outcome of the service as part of the assurance engagement.
The legal and regulatory environment in which the service is provided.
Whether the outcome of the service will affect the underlying subject matter and, in an attestation engagement, matters reflected in the subject matter or subject matter information of the assurance engagement, and, if so:
The extent to which the outcome of the service will have a material or significant effect on the underlying subject matter and, in an attestation engagement, the subject matter information of the assurance engagement.
The extent of the assurance client's involvement in determining significant matters of judgment.
The level of expertise of the client's management and employees with respect to the type of service provided.
Materiality in Relation to an Assurance Client’s Information
The concept of materiality in relation to an assurance client's subject matter information is addressed in International Standard on Assurance Engagements (ISAE) 3000 (Revised), Assurance Engagements other than Audits or Reviews of Historical Financial Information. The determination of materiality involves the exercise of professional judgment and is impacted by both quantitative and qualitative factors. It is also affected by perceptions of the financial or other information needs of users.
Multiple Non-assurance Services Provided to the Same Assurance Client
Paragraph 120.10 A2 includes a description of safeguards. In relation to providing non-assurance services to assurance clients, safeguards are actions, individually or in combination, that the firm takes that effectively reduce threats to independence to an acceptable level. In some situations, when a threat is created by providing a service to an assurance client, safeguards might not be available. In such situations, the application of the conceptual framework set out in Section 120 requires the firm to decline or end the non-assurance service or the assurance engagement.
A firm shall not assume a management responsibility related to the underlying subject matter and, in an attestation engagement, the subject matter information of an assurance engagement provided by the firm. If the firm assumes a management responsibility as part of any other service provided to the assurance client, the firm shall ensure that the responsibility is not related to the underlying subject matter and, in an attestation engagement, the subject matter information of the assurance engagement provided by the firm.
Management responsibilities involve controlling, leading and directing an entity, including making decisions regarding the acquisition, deployment and control of human, financial, technological, physical and intangible resources.
Providing a non-assurance service to an assurance client creates self-review and self-interest threats if the firm assumes a management responsibility when performing the service. In relation to providing a service related to the underlying subject matter and, in an attestation engagement, the subject matter information of an assurance engagement provided by the firm, assuming a management responsibility also creates a familiarity threat and might create an advocacy threat because the firm becomes too closely aligned with the views and interests of management.
Determining whether an activity is a management responsibility depends on the circumstances and requires the exercise of professional judgment. Examples of activities that would be considered a management responsibility include:
Setting policies and strategic direction.
Hiring or dismissing employees.
Directing and taking responsibility for the actions of employees in relation to the employees' work for the entity.
Controlling or managing bank accounts or investments.
Deciding which recommendations of the firm or other third parties to implement.
Reporting to those charged with governance on behalf of management.
Taking responsibility for designing, implementing, monitoring and maintaining internal control.
To avoid assuming a management responsibility when providing non-assurance services to an assurance client that are related to the underlying subject matter and, in an attestation engagement, the subject matter information of the assurance engagement, the firm shall be satisfied that client management makes all related judgments and decisions that are the proper responsibility of management. This includes ensuring that the client's management:
Designates an individual who possesses suitable skill, knowledge and experience to be responsible at all times for the client's decisions and to oversee the services. Such an individual, preferably within senior management, would understand:
The objectives, nature and results of the services; and
The respective client and firm responsibilities.
However, the individual is not required to possess the expertise to perform or re-perform the services.
Provides oversight of the services and evaluates the adequacy of the results of the service performed for the client's purpose; and
Accepts responsibility for the actions, if any, to be taken arising from the results of the services.
A self-review threat might be created if, in an attestation engagement, the firm is involved in the preparation of subject matter information which subsequently becomes the subject matter information of an assurance engagement. Examples of non-assurance services that might create such self-review threats when providing services related to the subject matter information of an assurance engagement include:
- Developing and preparing prospective information and subsequently issuing an assurance report on this information.
Performing a valuation that is related to or forms part of the subject matter information of an assurance engagement.