Introduction

General (900.1 to 900.6)
  • Bookmark
900.1

This Part applies to assurance engagements other than audit and review engagements (referred to as "assurance engagements" in this Part). Examples of such engagements include:

  • An audit of specific elements, accounts or items of a financial statement.

  • Performance assurance on a company's key performance indicators.

  • Bookmark
900.2

In this Part, the term "professional accountant" refers to individual professional accountants in public practice and their firms.

  • Bookmark
900.3

ISQC 1 requires a firm to establish policies and procedures designed to provide it with reasonable assurance that the firm, its personnel and, where applicable, others subject to independence requirements maintain independence where required by relevant ethics standards. ISAEs establish responsibilities for engagement partners and engagement teams at the level of the engagement. The allocation of responsibilities within a firm will depend on its size, structure and organization. Many of the provisions of Part 4B do not prescribe the specific responsibility of individuals within the firm for actions related to independence, instead referring to "firm" for ease of reference. Firms assign responsibility for a particular action to an individual or a group of individuals (such as an assurance team) in accordance with ISQC 1. In addition, an individual professional accountant remains responsible for compliance with any provisions that apply to that accountant's activities, interests or relationships.

  • Bookmark
900.4

Independence is linked to the principles of objectivity and integrity. It comprises:

  • Independence of mind - the state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgment, thereby allowing an individual to act with integrity, and exercise objectivity and professional skepticism.

  • Independence in appearance - the avoidance of facts and circumstances that are so significant that a reasonable and informed third party would be likely to conclude that a firm's or an assurance team member's integrity, objectivity or professional skepticism has been compromised.

In this Part, references to an individual or firm being "independent" mean that the individual or firm has complied with the provisions of this Part.

  • Bookmark
900.5

When performing assurance engagements, the Code requires firms to comply with the fundamental principles and be independent. This Part sets out specific requirements and application material on how to apply the conceptual framework to maintain independence when performing such engagements. The conceptual framework set out in Section 120 applies to independence as it does to the fundamental principles set out in Section 110.

  • Bookmark
900.6

This Part describes:

  • Facts and circumstances, including professional activities, interests and relationships, that create or might create threats to independence;

  • Potential actions, including safeguards, that might be appropriate to address any such threats; and

  • Some situations where the threats cannot be eliminated or there can be no safeguards to reduce the threats to an acceptable level.

Description of Other Assurance Engagements (900.7 to 900.11)
  • Bookmark
900.7

Assurance engagements are designed to enhance intended users' degree of confidence about the outcome of the evaluation or measurement of a subject matter against criteria. In an assurance engagement, the firm expresses a conclusion designed to enhance the degree of confidence of the intended users (other than the responsible party) about the outcome of the evaluation or measurement of a subject matter against criteria. The Assurance Framework describes the elements and objectives of an assurance engagement and identifies engagements to which ISAEs apply. For a description of the elements and objectives of an assurance engagement, refer to the Assurance Framework.

  • Bookmark
900.8

The outcome of the evaluation or measurement of a subject matter is the information that results from applying the criteria to the subject matter. The term "subject matter information" is used to mean the outcome of the evaluation or measurement of a subject matter. For example, the Assurance Framework states that an assertion about the effectiveness of internal control (subject matter information) results from applying a framework for evaluating the effectiveness of internal control, such as COSO or CoCo (criteria), to internal control, a process (subject matter).

  • Bookmark
900.9

Assurance engagements might be assertion-based or direct reporting. In either case, they involve three separate parties: a firm, a responsible party and intended users.

  • Bookmark
900.10

In an assertion-based assurance engagement, the evaluation or measurement of the subject matter is performed by the responsible party. The subject matter information is in the form of an assertion by the responsible party that is made available to the intended users.

  • Bookmark
900.11

In a direct reporting assurance engagement, the firm:

  • Directly performs the evaluation or measurement of the subject matter; or

  • Obtains a representation from the responsible party that has performed the evaluation or measurement that is not available to the intended users. The subject matter information is provided to the intended users in the assurance report.

Reports that Include a Restriction on Use and Distribution (900.12)
  • Bookmark
900.12

An assurance report might include a restriction on use and distribution. If it does and the conditions set out in Section 990 are met, then the independence requirements in this Part may be modified as provided in Section 990.

Audit and Review Engagements (900.13)
  • Bookmark
900.13

Independence standards for audit and review engagements are set out in Part 4A - Independence for Audit and Review Engagements. If a firm performs both an assurance engagement and an audit or review engagement for the same client, the requirements in Part 4A continue to apply to the firm, a network firm and the audit or review team members.

Requirements and Application Material

General (R900.14 to R900.15)
  • Bookmark
R900.14

A firm performing an assurance engagement shall be independent.

  • Non-Authoritative Guidance
  • Bookmark
R900.15

A firm shall apply the conceptual framework set out in Section 120 to identify, evaluate and address threats to independence in relation to an assurance engagement.

Network firms (R900.16 to 900.16 A1)
  • Bookmark
R900.16

When a firm has reason to believe that interests and relationships of a network firm create a threat to the firm's independence, the firm shall evaluate and address any such threat.

  • Bookmark
900.16 A1

Network firms are discussed in paragraphs 400.50 A1 to 400.54 A1.

Related Entities (R900.17)
  • Bookmark
R900.17

When the assurance team knows or has reason to believe that a relationship or circumstance involving a related entity of the assurance client is relevant to the evaluation of the firm's independence from the client, the assurance team shall include that related entity when identifying, evaluating and addressing threats to independence.

Types of Assurance Engagements (R900.18 to 900.21 A1)
  • Bookmark
R900.18

When performing an assertion-based assurance engagement:

  • The assurance team members and the firm shall be independent of the assurance client (the party responsible for the subject matter information, and which might be responsible for the subject matter) as set out in this Part. The independence requirements set out in this Part prohibit certain relationships between assurance team members and (i) directors or officers, and (ii) individuals at the client in a position to exert significant influence over the subject matter information;

  • The firm shall apply the conceptual framework set out in Section 120 to relationships with individuals at the client in a position to exert significant influence over the subject matter of the engagement; and

  • The firm shall evaluate and address any threats that the firm has reason to believe are created by network firm interests and relationships.

  • Bookmark
R900.19

When performing an assertion-based assurance engagement where the responsible party is responsible for the subject matter information but not the subject matter:

  • The assurance team members and the firm shall be independent of the party responsible for the subject matter information (the assurance client); and

  • The firm shall evaluate and address any threats the firm has reason to believe are created by interests and relationships between an assurance team member, the firm, a network firm and the party responsible for the subject matter.

  • Bookmark
900.19 A1

In the majority of assertion-based assurance engagements, the responsible party is responsible for both the subject matter information and the subject matter. However, in some engagements, the responsible party might not be responsible for the subject matter. An example might be when a firm is engaged to perform an assurance engagement regarding a report that an environmental consultant has prepared about a company's sustainability practices for distribution to intended users. In this case, the environmental consultant is the responsible party for the subject matter information but the company is responsible for the subject matter (the sustainability practices).

  • Bookmark
R900.20

When performing a direct reporting assurance engagement:

  • The assurance team members and the firm shall be independent of the assurance client (the party responsible for the subject matter); and

  • The firm shall evaluate and address any threats to independence the firm has reason to believe are created by network firm interests and relationships.

  • Bookmark
900.21 A1

In some assurance engagements, whether assertion-based or direct reporting, there might be several responsible parties. In determining whether it is necessary to apply the provisions in this Part to each responsible party in such engagements, the firm may take into account certain matters. These matters include whether an interest or relationship between the firm, or an assurance team member, and a particular responsible party would create a threat to independence that is not trivial and inconsequential in the context of the subject matter information. This determination will take into account factors such as:

  • The materiality of the subject matter information (or of the subject matter) for which the particular responsible party is responsible.

  • The degree of public interest associated with the engagement.

If the firm determines that the threat created by any such interest or relationship with a particular responsible party would be trivial and inconsequential, it might not be necessary to apply all of the provisions of this section to that responsible party.

[Paragraphs 900.22 to 900.29 are intentionally left blank]

Period During which Independence is Required (R900.30 to R900.33)
  • Bookmark
R900.30

Independence, as required by this Part, shall be maintained during both:

  • The engagement period; and

  • The period covered by the subject matter information.

  • Bookmark
900.30 A1

The engagement period starts when the assurance team begins to perform assurance services with respect to the particular engagement. The engagement period ends when the assurance report is issued. When the engagement is of a recurring nature, it ends at the later of the notification by either party that the professional relationship has ended or the issuance of the final assurance report.

  • Bookmark
R900.31

If an entity becomes an assurance client during or after the period covered by the subject matter information on which the firm will express a conclusion, the firm shall determine whether any threats to independence are created by:

  • Financial or business relationships with the assurance client during or after the period covered by the subject matter information but before accepting the assurance engagement; or

  • Previous services provided to the assurance client.

  • Bookmark
R900.32

Threats to independence are created if a non-assurance service was provided to the assurance client during, or after the period covered by the subject matter information, but before the assurance team begins to perform assurance services, and the service would not be permitted during the engagement period. In such circumstances, the firm shall evaluate and address any threat to independence created by the service. If the threats are not at an acceptable level, the firm shall only accept the assurance engagement if the threats are reduced to an acceptable level.

  • Bookmark
900.32 A1

Examples of actions that might be safeguards to address such threats include:

  • Using professionals who are not assurance team members to perform the service.

  • Having an appropriate reviewer review the assurance and non-assurance work as appropriate.

  • Bookmark
R900.33

If a non-assurance service that would not be permitted during the engagement period has not been completed and it is not practical to complete or end the service before the commencement of professional services in connection with the assurance engagement, the firm shall only accept the assurance engagement if:

  • The firm is satisfied that:

    • The non-assurance service will be completed within a short period of time; or

    • The client has arrangements in place to transition the service to another provider within a short period of time;

  • The firm applies safeguards when necessary during the service period; and

  • The firm discusses the matter with those charged with governance.

[Paragraphs 900.34 to 900.39 are intentionally left blank]

General Documentation of Independence for Assurance Engagements Other than Audit and Review Engagements (R900.40 to 900.40 A1)
  • Bookmark
R900.40

A firm shall document conclusions regarding compliance with this Part, and the substance of any relevant discussions that support those conclusions. In particular:

  • When safeguards are applied to address a threat, the firm shall document the nature of the threat and the safeguards in place or applied; and

  • When a threat required significant analysis and the firm concluded that the threat was already at an acceptable level, the firm shall document the nature of the threat and the rationale for the conclusion.

  • Bookmark
900.40 A1

Documentation provides evidence of the firm's judgments in forming conclusions regarding compliance with this Part. However, a lack of documentation does not determine whether a firm considered a particular matter or whether the firm is independent.

[Paragraphs 900.41 to 900.49 are intentionally left blank]

Breach of an Independence Provision for Assurance Engagements Other than Audit and Review Engagements (R900.50 to R900.55)
  • Bookmark
R900.50

If a firm concludes that a breach of a requirement in this Part has occurred, the firm shall:

  • End, suspend or eliminate the interest or relationship that created the breach;

  • Evaluate the significance of the breach and its impact on the firm's objectivity and ability to issue an assurance report; and

  • Determine whether action can be taken that satisfactorily addresses the consequences of the breach.

In making this determination, the firm shall exercise professional judgment and take into account whether a reasonable and informed third party would be likely to conclude that the firm's objectivity would be compromised, and therefore, the firm would be unable to issue an assurance report.

  • Bookmark
R900.51

If the firm determines that action cannot be taken to address the consequences of the breach satisfactorily, the firm shall, as soon as possible, inform the party that engaged the firm or those charged with governance, as appropriate. The firm shall also take the steps necessary to end the assurance engagement in compliance with any applicable legal or regulatory requirements relevant to ending the assurance engagement.

  • Bookmark
R900.52

If the firm determines that action can be taken to address the consequences of the breach satisfactorily, the firm shall discuss the breach and the action it has taken or proposes to take with the party that engaged the firm or those charged with governance, as appropriate. The firm shall discuss the breach and the proposed action on a timely basis, taking into account the circumstances of the engagement and the breach.

  • Bookmark
R900.53

If the party that engaged the firm does not, or those charged with governance do not concur that the action proposed by the firm in accordance with paragraph R900.50(c) satisfactorily addresses the consequences of the breach, the firm shall take the steps necessary to end the assurance engagement in compliance with any applicable legal or regulatory requirements relevant to ending the assurance engagement.

  • Bookmark
R900.54

In complying with the requirements in paragraphs R900.50 to R900.53, the firm shall document:

  • The breach;

  • The actions taken;

  • The key decisions made; and

  • All the matters discussed with the party that engaged the firm or those charged with governance.

  • Bookmark
R900.55

If the firm continues with the assurance engagement, it shall document:

  • The conclusion that, in the firm's professional judgment, objectivity has not been compromised; and

  • The rationale for why the action taken satisfactorily addressed the consequences of the breach so that the firm could issue an assurance report.