(YELLOW BOOK) Requirements for Performing Nonaudit Services:

 

3.34. Before an auditor agrees to provide a nonaudit service to an

audited entity, the auditor should determine whether providing such a

service would create a threat to independence, either by itself or in

aggregate with other nonaudit services provided, with respect to any

GAGAS audit it performs. A critical component of this determination is

consideration of management's ability to effectively oversee the

nonaudit service to be performed. The auditor should determine that

the audited entity has designated an individual who possesses suitable

Skill, knowledge, or experience, and that the individual understands

the services to be performed sufficiently to oversee them. The

individual is not required to possess the expertise to perform or

reperform the services. The auditor should document consideration of

management's ability to effectively oversee nonaudit services to be

performed.

 

3.35. If an auditor were to assume management responsibilities for an

audited entity, the management participation threats created would be

so significant that no safeguards could reduce them to an acceptable

level. Management responsibilities involve leading and directing an

entity, including making decisions regarding the acquisition,

deployment and control of human, financial, physical, and intangible

resources.

 

3.36. Whether an activity is a management responsibility depends on

the facts and circumstances and auditors exercise professional

judgment in identifying these activities. Examples of activities that

are considered management responsibilities and would therefore impair

independence if performed for an audited entity include:

 

a. setting policies and strategic direction for the audited entity;

 

b. directing and accepting responsibility for the actions of the

audited entity's employees in the performance of their routine,

recurring activities;

 

c. having custody of an audited entity's assets;

 

d. reporting to those charged with governance on behalf of management;

 

e. deciding which of the auditor's or outside third party's

recommendations to implement;

 

f. accepting responsibility for the management of an audited entity's

project;

 

g. accepting responsibility for designing, implementing, or

maintaining internal control;

 

h. providing services that are intended to be used as management's

primary basis for making decisions that are significant to the subject

matter of the audit;

 

i. developing an audited entity's performance measurement system when

that system is material or significant to the subject matter of the

audit; and:

 

j. serving as a voting member of an audited entity's management

committee or board of directors.

 

3.37. Auditors performing nonaudit services for entities for which

they perform audits should obtain assurance that audited entity

management performs the following functions in connection with the

nonaudit services:

 

a. assumes all management responsibilities;

 

b. oversees the services, by designating an individual, preferably

within senior management, who possess suitable skill, knowledge, or

experience;[Footnote 32]

 

c. evaluates the adequacy and results of the services performed; and:

 

d. accepts responsibility for the results of the services.

 

3.38. In cases where the audited entity is unable or unwilling to

assume these responsibilities (for example, the audited entity does

not have an individual with suitable skill, knowledge, or experience

to oversee the nonaudit services provided, or is unwilling to perform

such functions due to lack of time or desire), the auditor's provision

of these services would impair independence.

 

3.39. In connection with nonaudit services, auditors should establish

and document their understanding with the audited entity's management

or those charged with governance, as appropriate, regarding the

following:

 

a. objectives of the nonaudit service;

 

b. services to be performed;

 

c. audited entity's acceptance of its responsibilities;

 

d. the auditor's responsibilities; and:

 

e. any limitations of the nonaudit service.