Introduction

General (400.1 to 400.7)
  • Non-Authoritative Guidance
  • Bookmark
400.1

It is in the public interest and required by the Code that professional accountants in public practice be independent when performing audit or review engagements.

  • Bookmark
400.2

This Part applies to both audit and review engagements. The terms "audit," "audit team," "audit engagement," "audit client," and "audit report" apply equally to review, review team, review engagement, review client, and review engagement report.

  • Bookmark
400.3

In this Part, the term "professional accountant" refers to individual professional accountants in public practice and their firms.

  • Non-Authoritative Guidance
  • Bookmark
400.4

ISQC 1 requires a firm to establish policies and procedures designed to provide it with reasonable assurance that the firm, its personnel and, where applicable, others subject to independence requirements (including network firm personnel), maintain independence where required by relevant ethics requirements. ISAs and ISREs establish responsibilities for engagement partners and engagement teams at the level of the engagement for audits and reviews, respectively. The allocation of responsibilities within a firm will depend on its size, structure and organization. Many of the provisions of this Part do not prescribe the specific responsibility of individuals within the firm for actions related to independence, instead referring to "firm" for ease of reference. Firms assign responsibility for a particular action to an individual or a group of individuals (such as an audit team), in accordance with ISQC 1. In addition, an individual professional accountant remains responsible for compliance with any provisions that apply to that accountant's activities, interests or relationships.

  • Bookmark
400.5

Independence is linked to the principles of objectivity and integrity. It comprises:

  • Independence of mind - the state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgment, thereby allowing an individual to act with integrity, and exercise objectivity and professional skepticism.

  • Independence in appearance - the avoidance of facts and circumstances that are so significant that a reasonable and informed third party would be likely to conclude that a firm's, or an audit team member's, integrity, objectivity or professional skepticism has been compromised.

In this Part, references to an individual or firm being "independent" mean that the individual or firm has complied with the provisions of this Part.

  • Bookmark
400.6

When performing audit engagements, the Code requires firms to comply with the fundamental principles and be independent. This Part sets out specific requirements and application material on how to apply the conceptual framework to maintain independence when performing such engagements. The conceptual framework set out in Section 120 applies to independence as it does to the fundamental principles set out in Section 110.

  • Bookmark
400.7

This Part describes:

  • Facts and circumstances, including professional activities, interests and relationships, that create or might create threats to independence;

  • Potential actions, including safeguards, that might be appropriate to address any such threats; and

  • Some situations where the threats cannot be eliminated or there can be no safeguards to reduce them to an acceptable level.

Public Interest Entities (400.8)
  • Bookmark
400.8

Some of the requirements and application material set out in this Part reflect the extent of public interest in certain entities which are defined to be public interest entities. Firms are encouraged to determine whether to treat additional entities, or certain categories of entities, as public interest entities because they have a large number and wide range of stakeholders. Factors to be considered include:

  • The nature of the business, such as the holding of assets in a fiduciary capacity for a large number of stakeholders. Examples might include financial institutions, such as banks and insurance companies, and pension funds.

  • Size.

  • Number of employees.

Reports that Include a Restriction on Use and Distribution (400.9)
  • Bookmark
400.9

An audit report might include a restriction on use and distribution. If it does and the conditions set out in Section 800 are met, then the independence requirements in this Part may be modified as provided in Section 800.

Assurance Engagements other than Audit and Review Engagements (400.10)
  • Bookmark
400.10

Independence standards for assurance engagements that are not audit or review engagements are set out in Part 4B - Independence for Assurance Engagements Other than Audit and Review Engagements.

Requirements and Application Material

General (R400.11 to R400.12)
  • Bookmark
R400.11

A firm performing an audit engagement shall be independent.

  • Non-Authoritative Guidance
  • Bookmark
R400.12

A firm shall apply the conceptual framework set out in Section 120 to identify, evaluate and address threats to independence in relation to an audit engagement.

[Paragraphs 400.13 to 400.19 are intentionally left blank]

Related Entities (R400.20)
  • Bookmark
R400.20

As defined, an audit client that is a listed entity includes all of its related entities. For all other entities, references to an audit client in this Part include related entities over which the client has direct or indirect control. When the audit team knows, or has reason to believe, that a relationship or circumstance involving any other related entity of the client is relevant to the evaluation of the firm's independence from the client, the audit team shall include that related entity when identifying, evaluating and addressing threats to independence.

[Paragraphs 400.21 to 400.29 are intentionally left blank]

Period During which Independence is Required (R400.30 to 400.31 A2)
  • Bookmark
R400.30

Independence, as required by this Part, shall be maintained during both:

  • The engagement period; and

  • The period covered by the financial statements.

  • Bookmark
400.30 A1

The engagement period starts when the audit team begins to perform the audit. The engagement period ends when the audit report is issued. When the engagement is of a recurring nature, it ends at the later of the notification by either party that the professional relationship has ended or the issuance of the final audit report.

  • Bookmark
R400.31

If an entity becomes an audit client during or after the period covered by the financial statements on which the firm will express an opinion, the firm shall determine whether any threats to independence are created by:

  • Financial or business relationships with the audit client during or after the period covered by the financial statements but before accepting the audit engagement; or

  • Previous services provided to the audit client by the firm or a network firm.

  • Bookmark
400.31 A1

Threats to independence are created if a non-assurance service was provided to an audit client during, or after the period covered by the financial statements, but before the audit team begins to perform the audit, and the service would not be permitted during the engagement period.

  • Bookmark
400.31 A2

Examples of actions that might be safeguards to address such threats include:

  • Using professionals who are not audit team members to perform the service.

  • Having an appropriate reviewer review the audit and non-assurance work as appropriate.

  • Engaging another firm outside of the network to evaluate the results of the non-assurance service or having another firm outside of the network re-perform the non-assurance service to the extent necessary to enable the other firm to take responsibility for the service.

[Paragraphs 400.32 to 400.39 are intentionally left blank]

Communication with those Charged with Governance (400.40 A1 to 400.40 A2)
  • Bookmark
400.40 A1

Paragraphs R300.9 and R300.10 set out requirements with respect to communicating with those charged with governance.

  • Non-Authoritative Guidance
  • Bookmark
400.40 A2

Even when not required by the Code, applicable professional standards, laws or regulations, regular communication is encouraged between a firm and those charged with governance of the client regarding relationships and other matters that might, in the firm's opinion, reasonably bear on independence. Such communication enables those charged with governance to:

  • Consider the firm's judgments in identifying and evaluating threats;

  • Consider how threats have been addressed including the appropriateness of safeguards when they are available and capable of being applied; and

  • Take appropriate action.

Such an approach can be particularly helpful with respect to intimidation and familiarity threats.

[Paragraphs 400.41 to 400.49 are intentionally left blank]

Network Firms (400.50 A1 to 400.54 A1)
  • Bookmark
400.50 A1

Firms frequently form larger structures with other firms and entities to enhance their ability to provide professional services. Whether these larger structures create a network depends on the particular facts and circumstances. It does not depend on whether the firms and entities are legally separate and distinct.

  • Bookmark
R400.51

A network firm shall be independent of the audit clients of the other firms within the network as required by this Part.

  • Bookmark
400.51 A1

The independence requirements in this Part that apply to a network firm apply to any entity that meets the definition of a network firm. It is not necessary for the entity also to meet the definition of a firm. For example, a consulting practice or professional law practice might be a network firm but not a firm.

  • Bookmark
R400.52

When associated with a larger structure of other firms and entities, a firm shall:

  • Exercise professional judgment to determine whether a network is created by such a larger structure;

  • Consider whether a reasonable and informed third party would be likely to conclude that the other firms and entities in the larger structure are associated in such a way that a network exists; and

  • Apply such judgment consistently throughout such a larger structure.

  • Bookmark
R400.53

When determining whether a network is created by a larger structure of firms and other entities, a firm shall conclude that a network exists when such a larger structure is aimed at co-operation and:

  • It is clearly aimed at profit or cost sharing among the entities within the structure. (Ref: Para. 400.53 A2);

  • The entities within the structure share common ownership, control or management. (Ref: Para. 400.53 A3);

  • The entities within the structure share common quality control policies and procedures. (Ref: Para. 400.53 A4);

  • The entities within the structure share a common business strategy. (Ref: Para. 400.53 A5);

  • The entities within the structure share the use of a common brand name. (Ref: Para. 400.53 A6, 400.53 A7); or

  • The entities within the structure share a significant part of professional resources. (Ref: Para 400.53 A8, 400.53 A9).

  • Bookmark
400.53 A1

There might be other arrangements between firms and entities within a larger structure that constitute a network, in addition to those arrangements described in paragraph R400.53. However, a larger structure might be aimed only at facilitating the referral of work, which in itself does not meet the criteria necessary to constitute a network.

  • Bookmark
400.53 A2

The sharing of immaterial costs does not in itself create a network. In addition, if the sharing of costs is limited only to those costs related to the development of audit methodologies, manuals or training courses, this would not in itself create a network. Further, an association between a firm and an otherwise unrelated entity jointly to provide a service or develop a product does not in itself create a network. (Ref: Para. R400.53(a)).

  • Bookmark
400.53 A3

Common ownership, control or management might be achieved by contract or other means. (Ref: Para. R400.53(b)).

  • Bookmark
400.53 A4

Common quality control policies and procedures are those designed, implemented and monitored across the larger structure. (Ref: Para. R400.53(c)).

  • Bookmark
400.53 A5

Sharing a common business strategy involves an agreement by the entities to achieve common strategic objectives. An entity is not a network firm merely because it co-operates with another entity solely to respond jointly to a request for a proposal for the provision of a professional service. (Ref: Para. R400.53(d)).

  • Bookmark
400.53 A6

A common brand name includes common initials or a common name. A firm is using a common brand name if it includes, for example, the common brand name as part of, or along with, its firm name when a partner of the firm signs an audit report. (Ref: Para. R400.53(e)).

  • Bookmark
400.53 A7

Even if a firm does not belong to a network and does not use a common brand name as part of its firm name, it might appear to belong to a network if its stationery or promotional materials refer to the firm being a member of an association of firms. Accordingly, if care is not taken in how a firm describes such membership, a perception might be created that the firm belongs to a network. (Ref: Para. R400.53(e)).

  • Bookmark
400.53 A8

Professional resources include:

  • Common systems that enable firms to exchange information such as client data, billing and time records.

  • Partners and other personnel.

  • Technical departments that consult on technical or industry specific issues, transactions or events for assurance engagements.

  • Audit methodology or audit manuals.

  • Training courses and facilities. (Ref: Para. R400.53(f)).

  • Bookmark
400.53 A9

Whether the shared professional resources are significant depends on the circumstances. For example:

  • The shared resources might be limited to common audit methodology or audit manuals, with no exchange of personnel or client or market information. In such circumstances, it is unlikely that the shared resources would be significant. The same applies to a common training endeavor.

  • The shared resources might involve the exchange of personnel or information, such as where personnel are drawn from a shared pool, or where a common technical department is created within the larger structure to provide participating firms with technical advice that the firms are required to follow. In such circumstances, a reasonable and informed third party is more likely to conclude that the shared resources are significant. (Ref: Para. R400.53(f)).

  • Bookmark
R400.54

If a firm or a network sells a component of its practice, and the component continues to use all or part of the firm's or network's name for a limited time, the relevant entities shall determine how to disclose that they are not network firms when presenting themselves to outside parties.

  • Bookmark
400.54 A1

The agreement for the sale of a component of a practice might provide that, for a limited period of time, the sold component can continue to use all or part of the name of the firm or the network, even though it is no longer connected to the firm or the network. In such circumstances, while the two entities might be practicing under a common name, the facts are such that they do not belong to a larger structure aimed at cooperation. The two entities are therefore not network firms.

[Paragraphs 400.55 to 400.59 are intentionally left blank]

General Documentation of Independence for Audit and Review Engagements (R400.60 to 400.60 A1)
  • Bookmark
R400.60

A firm shall document conclusions regarding compliance with this Part, and the substance of any relevant discussions that support those conclusions. In particular:

  • When safeguards are applied to address a threat, the firm shall document the nature of the threat and the safeguards in place or applied; and

  • When a threat required significant analysis and the firm concluded that the threat was already at an acceptable level, the firm shall document the nature of the threat and the rationale for the conclusion.

  • Bookmark
400.60 A1

Documentation provides evidence of the firm's judgments in forming conclusions regarding compliance with this Part. However, a lack of documentation does not determine whether a firm considered a particular matter or whether the firm is independent.

[Paragraphs 400.61 to 400.69 are intentionally left blank]

Mergers and Acquisitions (400.70 A1 to R400.76)
  • Bookmark
400.70 A1

An entity might become a related entity of an audit client because of a merger or acquisition. A threat to independence and, therefore, to the ability of a firm to continue an audit engagement might be created by previous or current interests or relationships between a firm or network firm and such a related entity.

  • Bookmark
R400.71

In the circumstances set out in paragraph 400.70 A1,

  • The firm shall identify and evaluate previous and current interests and relationships with the related entity that, taking into account any actions taken to address the threat, might affect its independence and therefore its ability to continue the audit engagement after the effective date of the merger or acquisition; and

  • Subject to paragraph R400.72, the firm shall take steps to end any interests or relationships that are not permitted by the Code by the effective date of the merger or acquisition.

  • Bookmark
R400.72

As an exception to paragraph R400.71(b), if the interest or relationship cannot reasonably be ended by the effective date of the merger or acquisition, the firm shall:

  • Evaluate the threat that is created by the interest or relationship; and

  • Discuss with those charged with governance the reasons why the interest or relationship cannot reasonably be ended by the effective date and the evaluation of the level of the threat.

  • Bookmark
400.72 A1

In some circumstances, it might not be reasonably possible to end an interest or relationship creating a threat by the effective date of the merger or acquisition. This might be because the firm provides a non-assurance service to the related entity, which the entity is not able to transition in an orderly manner to another provider by that date.

  • Bookmark
400.72 A2

Factors that are relevant in evaluating the level of a threat created by mergers and acquisitions when there are interests and relationships that cannot reasonably be ended include:

  • The nature and significance of the interest or relationship.

  • The nature and significance of the related entity relationship (for example, whether the related entity is a subsidiary or parent).

  • The length of time until the interest or relationship can reasonably be ended.

  • Bookmark
R400.73

If, following the discussion set out in paragraph R400.72(b), those charged with governance request the firm to continue as the auditor, the firm shall do so only if:

  • The interest or relationship will be ended as soon as reasonably possible but no later than six months after the effective date of the merger or acquisition;

  • Any individual who has such an interest or relationship, including one that has arisen through performing a non-assurance service that would not be permitted by Section 600 and its subsections, will not be a member of the engagement team for the audit or the individual responsible for the engagement quality control review; and

  • Transitional measures will be applied, as necessary, and discussed with those charged with governance.

  • Bookmark
400.73 A1

Examples of such transitional measures include:

  • Having a professional accountant review the audit or non-assurance work as appropriate.

  • Having a professional accountant, who is not a member of the firm expressing the opinion on the financial statements, perform a review that is equivalent to an engagement quality control review.

  • Engaging another firm to evaluate the results of the non-assurance service or having another firm re-perform the non-assurance service to the extent necessary to enable the other firm to take responsibility for the service.

  • Bookmark
R400.74

The firm might have completed a significant amount of work on the audit prior to the effective date of the merger or acquisition and might be able to complete the remaining audit procedures within a short period of time. In such circumstances, if those charged with governance request the firm to complete the audit while continuing with an interest or relationship identified in paragraph 400.70 A1, the firm shall only do so if it:

  • Has evaluated the level of the threat and discussed the results with those charged with governance;

  • Complies with the requirements of paragraph R400.73(a) to (c); and

  • Ceases to be the auditor no later than the date that the audit report is issued.

  • Bookmark
R400.75

Even if all the requirements of paragraphs R400.71 to R400.74 could be met, the firm shall determine whether the circumstances identified in paragraph 400.70 A1 create a threat that cannot be addressed such that objectivity would be compromised. If so, the firm shall cease to be the auditor.

  • Bookmark
R400.76

The firm shall document:

  • Any interests or relationships identified in paragraph 400.70 A1 that will not be ended by the effective date of the merger or acquisition and the reasons why they will not be ended;

  • The transitional measures applied;

  • The results of the discussion with those charged with governance; and

  • The reasons why the previous and current interests and relationships do not create a threat such that objectivity would be compromised.

[Paragraphs 400.77 to 400.79 are intentionally left blank.]

Breach of an Independence Provision for Audit and Review Engagements (R400.80 to R400.89)
  • Bookmark
R400.80

If a firm concludes that a breach of a requirement in this Part has occurred, the firm shall:

  • End, suspend or eliminate the interest or relationship that created the breach and address the consequences of the breach;

  • Consider whether any legal or regulatory requirements apply to the breach and, if so:

    • Comply with those requirements; and

    • Consider reporting the breach to a professional or regulatory body or oversight authority if such reporting is common practice or expected in the relevant jurisdiction;

  • Promptly communicate the breach in accordance with its policies and procedures to:

    • The engagement partner;

    • Those with responsibility for the policies and procedures relating to independence;

    • Other relevant personnel in the firm and, where appropriate, the network; and

    • Those subject to the independence requirements in Part 4A who need to take appropriate action;

  • Evaluate the significance of the breach and its impact on the firm's objectivity and ability to issue an audit report; and

  • Depending on the significance of the breach, determine:

    • Whether to end the audit engagement; or

    • Whether it is possible to take action that satisfactorily addresses the consequences of the breach and whether such action can be taken and is appropriate in the circumstances.

In making this determination, the firm shall exercise professional judgment and take into account whether a reasonable and informed third party would be likely to conclude that the firm's objectivity would be compromised, and therefore, the firm would be unable to issue an audit report.

  • Bookmark
400.80 A1

A breach of a provision of this Part might occur despite the firm having policies and procedures designed to provide it with reasonable assurance that independence is maintained. It might be necessary to end the audit engagement because of the breach.

  • Bookmark
400.80 A2

The significance and impact of a breach on the firm's objectivity and ability to issue an audit report will depend on factors such as:

  • The nature and duration of the breach.

  • The number and nature of any previous breaches with respect to the current audit engagement.

  • Whether an audit team member had knowledge of the interest or relationship that created the breach.

  • Whether the individual who created the breach is an audit team member or another individual for whom there are independence requirements.

  • If the breach relates to an audit team member, the role of that individual.

  • If the breach was created by providing a professional service, the impact of that service, if any, on the accounting records or the amounts recorded in the financial statements on which the firm will express an opinion.

  • The extent of the self-interest, advocacy, intimidation or other threats created by the breach.

  • Bookmark
400.80 A3

Depending upon the significance of the breach, examples of actions that the firm might consider to address the breach satisfactorily include:

  • Removing the relevant individual from the audit team.

  • Using different individuals to conduct an additional review of the affected audit work or to re-perform that work to the extent necessary.

  • Recommending that the audit client engage another firm to review or re-perform the affected audit work to the extent necessary.

  • If the breach relates to a non-assurance service that affects the accounting records or an amount recorded in the financial statements, engaging another firm to evaluate the results of the non-assurance service or having another firm re-perform the non-assurance service to the extent necessary to enable the other firm to take responsibility for the service.

  • Bookmark
R400.81

If the firm determines that action cannot be taken to address the consequences of the breach satisfactorily, the firm shall inform those charged with governance as soon as possible and take the steps necessary to end the audit engagement in compliance with any applicable legal or regulatory requirements. Where ending the engagement is not permitted by laws or regulations, the firm shall comply with any reporting or disclosure requirements.

  • Bookmark
R400.82

If the firm determines that action can be taken to address the consequences of the breach satisfactorily, the firm shall discuss with those charged with governance:

  • The significance of the breach, including its nature and duration;

  • How the breach occurred and how it was identified;

  • The action proposed or taken and why the action will satisfactorily address the consequences of the breach and enable the firm to issue an audit report;

  • The conclusion that, in the firm's professional judgment, objectivity has not been compromised and the rationale for that conclusion; and

  • Any steps proposed or taken by the firm to reduce or avoid the risk of further breaches occurring.

Such discussion shall take place as soon as possible unless an alternative timing is specified by those charged with governance for reporting less significant breaches.

  • Bookmark
400.83 A1

Paragraphs R300.9 and R300.10 set out requirements with respect to communicating with those charged with governance.

  • Bookmark
R400.84

With respect to breaches, the firm shall communicate in writing to those charged with governance:

  • All matters discussed in accordance with paragraph R400.82 and obtain the concurrence of those charged with governance that action can be, or has been, taken to satisfactorily address the consequences of the breach; and

  • A description of:

    • The firm's policies and procedures relevant to the breach designed to provide it with reasonable assurance that independence is maintained; and

    • Any steps that the firm has taken, or proposes to take, to reduce or avoid the risk of further breaches occurring.

  • Bookmark
R400.85

If those charged with governance do not concur that the action proposed by the firm in accordance with paragraph R400.80(e)(ii) satisfactorily addresses the consequences of the breach, the firm shall take the steps necessary to end the audit engagement in accordance with paragraph R400.81.

  • Bookmark
R400.86

If the breach occurred prior to the issuance of the previous audit report, the firm shall comply with the provisions of Part 4A in evaluating the significance of the breach and its impact on the firm's objectivity and its ability to issue an audit report in the current period.

  • Bookmark
R400.87

The firm shall also:

  • Consider the impact of the breach, if any, on the firm's objectivity in relation to any previously issued audit reports, and the possibility of withdrawing such audit reports; and

  • Discuss the matter with those charged with governance.

  • Bookmark
R400.88

In complying with the requirements in paragraphs R400.80 to R400.87, the firm shall document:

  • The breach;

  • The actions taken;

  • The key decisions made;

  • All the matters discussed with those charged with governance; and

  • Any discussions with a professional or regulatory body or oversight authority.

  • Bookmark
R400.89

If the firm continues with the audit engagement, it shall document:

  • The conclusion that, in the firm's professional judgment, objectivity has not been compromised; and

  • The rationale for why the action taken satisfactorily addressed the consequences of the breach so that the firm could issue an audit report.