Frequently Asked
Questions:
Nonattest services
As of October 6, 2021
AICPA Professional Ethics Division
2
Introduction
The answers to these frequently asked questions (FAQs) are based on guidance the AICPA
Professional Ethics Division staff provided in response to members’ inquiries concerning the
interpretations of the “Nonattest Services” subtopic (ET sec. 1.295) of the “Independence Rule
”
(ET sec. 1.200.001) of the AICPA Code of Professional Conduct (code). The FAQs are not rules
or interpretations of the Professional Ethics Executive Committee and, therefore, are not
considered authoritative guidance. Further, the answers do not address the requirements of other
standard-setters or regulatory bodies, such as the state boards of accountancy, the SEC, and the
U.S. Government Accountability Office, whose positions may differ from those of the AICPA.
In applying the following FAQs, members
should comply with all applicable interpretations of the
“Nonattest Services” subtopic including, but not limited to, the "General Requirements for
Performing Nonattest Services” interpretation (ET sec. 1.295.040), as well as, where applicable,
the “
Conceptual Framework for Independence” interpretation (ET sec. 1.210.010).
Terms that are defined in the code appear in italic. The first time a defined term or citation to the
code appears in an FAQ, it will be hyperlinked.
The date the FAQ was added to this document or revised appears in brackets at the end of the
answer. The statement “Added prior to June 2005” means that the FAQ was added between May
2004 and May 2005. For conforming edits (for example, revised citations for the Ethics
Codification Project), the dates when those edits were made to the FAQ are not identified.
Copyright © 2021
American Institute of Certified Public Accountants, Inc.
New York, NY 10036-8775
All rights reserved. For information about the procedure for requesting permission to make
Otherwise, requests should be written and mailed to Permissions Department, 220 Leigh Farm
Road, Durham, NC 27707-8110 USA.
3
Table of contents
Routine activities ........................................................................................................................ 4
Period of impairment .................................................................................................................. 4
Suitable skill, knowledge, and/or experience .............................................................................. 5
Documentation requirement ....................................................................................................... 9
Bookkeeping services ...............................................................................................................12
Controllership services ..............................................................................................................15
Tax services ..............................................................................................................................15
Information technology services ................................................................................................17
Appraisal, valuation, and actuarial services ...............................................................................17
Training services .......................................................................................................................18
Project management services ...................................................................................................18
Cybersecurity services ..............................................................................................................19
Hosting services ........................................................................................................................20
4
Routine activities
1. A member is not required to apply the safeguards
in paragraph .01 of the “General
Requirements for Performing Nonattest Services” interpretation (ET sec. 1.295.040) or
comply with the “Documentation Requirements When Providing Nonattest Services”
interpretation (ET sec. 1.295.050) when performing certain routine activities. Which
activities are considered to be routine for purposes of these interpretations?
Whether an activity is routine or not should be determined by considering all facts and
circumstances related to the activity. Routine activities generally involve providing advice or
assistance to the client
on an informal basis as part of the client-member relationship. Routine
activities are typically insignificant in terms of time incurred or resources expended and
generally do not result in a specific project or engagement or in the member producing a
formal report, deliverable, or other formal work product.
Examples of routine activities include the following:
• Responding to an attest client’s
questions on tax matters
• Providing advice to the attest client on routine business matters
• Educating the attest client on matters within the technical expertise of the member
• Providing information to the attest client that is readily available to the member, such
as generally available best practices
[Added prior to June 2005]
Period of impairment
1. What would be an example of how to apply the exception found in paragraph .03 of the
“Scope and Applicability of Nonattest Services
” interpretation (ET sec. 1.295.010)?
Consider the following facts and circumstances:
• In January 20X5, a member is engaged by a nonattest client to close the client’s
December 31, 20X4 books and records. In providing the services, the member
performs certain bookkeeping activities, such as coding journal entries that are
considered management responsibilities.
• The entity’s 20X4 financial statements were audited by another firm
, which issued
an unqualified audit opinion in March 20X5.
• In September 20X5, the nonattest client asks the member to perform the audit of
its financial statements as of and for the year ended December 31, 20X5.
Although the nonattest services provided by the member would impair independence
,
because (a) the nonattest services were provided prior to the entity becoming an attest
client (i.e., prior to the
period of the professional engagement); (b) the nonattest services
were related to the 20X4 financial statements (i.e., prior to the period covered by the 20X5
financial statements); and (c) the 20X4 financial statements were audited by another firm,
all the criteria would be met. Therefore, independence would not be impaired for purposes
of performing the 20X5 audit of the entity’s financial statements. [Added November 2015]
5
Suitable skill, knowledge, and/or experience
1. What does “suitable skill, knowledge, and/or experience” mean in the context of the
interpretations of the “Nonattest Services” subtopic (ET sec. 1.295)?
“Suitable skill, knowledge, and/or experience” means that the individual designated by the
attest client to oversee the nonattest service has the ability to understand the nature, objective,
and scope of the nonattest service. Overseeing the service does not require that the individual
designated by the attest client must supervise the member in the day-to-day rendering of the
services. The requirement for an individual designated by the attest client to possess suitable
skill, knowledge, and/or experience does not, however, require that the individual possess the
expertise to perform or re-perform the services.
Rather, the individual should agree on the nature, objective, and scope of the services; receive
periodic progress reports when appropriate; make all significant judgments; evaluate the
adequacy and results of the service; accept responsibility for the service results; and ensure
that the resulting work product meets the agreed-upon specifications. The skill, knowledge,
and/or experience needed will vary depending on the nature of the nonattest service. For
example, the skill, knowledge, and/or experience needed to oversee a payroll service may
significantly differ than the skill, knowledge, and/or experience needed to oversee a complex
tax service. [Added prior to June 2005]
2. Is the requirement that the individual designated by the attest client possess suitable
skill, knowledge, and/or experience to oversee the nonattest services provided by the
member new to the AICPA code?
No. The code has historically required that attest client management or a management
designee undertake certain responsibilities in connection with the member’s delivery of
nonattest services. For example, at various times, the code has called for the attest client to
“be sufficiently knowledgeable,” “sufficiently informed,” and “have an informed judgment on
the results of the nonattest service.” These requirements necessitate oversight by an
individual with suitable skill, knowledge, and/or experience. [Added prior to June 2005]
3. Why do the interpretations of the “Nonattest Services” subtopic require an individual
who possesses suitable skill, knowledge, and/or experience to oversee the nonattest
services provided by the member?
If the individual designated by the attest client does not possess suitable skill, knowledge,
and/or experience to oversee the nonattest service, there would be no one (other than the
member) to make the significant judgments that become necessary during the delivery of the
service or discharge the other responsibilities required to be performed by client management
(or a designee) as required by the “Management Responsibilities
” interpretation (ET sec.
1.295.030) of the “Nonattest Services” subtopic. Accordingly, the management participation
and self-review threats would be so significant if the member performs those activities that
independence would be impaired. [Added prior to June 2005]
6
4. Which factors should a member consider in determining whether the individual
designated by the attest client to oversee the nonattest service possesses suitable
skill, knowledge, and/or experience?
In assessing whether the individual designated by the attest client has suitable skills,
knowledge, and/or experience to oversee a nonattest service, the member might consider the
following factors as they pertain to the individual:
• Understanding of the nature of the service
• Knowledge of the attest client’s operations
• Knowledge of the attest client’s industry
• General business knowledge
• Level of education
• Position at the attest client
Some factors may be given more weight than others, depending on the nature of the service.
For example, although the level of education attained by the individual can be one indicator
of his or her skills and/or knowledge, it is not necessarily true that the more formal education
the individual possesses, the more able he or she would be to oversee the nonattest service.
If the individual understands the nature of the service and possesses a sufficient knowledge
of the attest client’s business and industry, he or she may have the skills, knowledge, and/or
experience to oversee the service, regardless of the level of education that he or she
possesses. For example, most small business owners know their company’s operations and
financial position better than anyone, and they understand the services they need from the
member and what those services are intended to accomplish. Because they are the owners
of the business, they regularly make important decisions about all matters affecting their
business. Accordingly, members might conclude that those individuals would possess the
necessary skills, knowledge, and/or experience to understand the services being performed;
make any management decisions; and determine whether the results of the services meet the
agreed-upon specifications. [Added prior to June 2005]
5. The "General Requirements for Performing Nonattest Services” interpretation requires
that an individual designated by the attest client possess suitable skill, knowledge,
and/or experience (preferably within senior management) to oversee the nonattest
services. Which individual or individuals at the attest client can serve in this capacity
(for example, the owner, controller, or bookkeeper)?
The individual(s) designated by the attest client will likely depend on the nature of the attest
client’s organization and the nature of the nonattest engagement. In an owner-managed
business, it will often be the owner, but, depending on the nature of the nonattest services
and the qualifications (that is, skill, knowledge, and/or experience) of other attest client
employees or individuals, it also could be the controller, bookkeeper, or another employee. In
larger organizations or for more complex services, the attest client is more likely to designate
a senior officer to oversee the services. The employee or individual responsible for overseeing
the nonattest services needs to understand the services sufficiently to oversee them but does
not need to possess the technical qualifications to perform or re-perform the services. As
7
discussed in FAQ 6, the attest client may also designate an independent consultant or outside
legal counsel with the requisite qualifications to oversee the services.
For example, consider a nonattest engagement in which the member has been asked to
provide investment advisory services that include recommendations on the allocation of funds
that the attest client should invest in various asset classes based on the attest client’s desired
rate of return and risk tolerance. The owner of the company has knowledge of the company’s
investment objectives and therefore serves as the attest client designee. The owner makes
all investment decisions concerning the allocation of funds and investment selections and
accepts responsibility for the resulting investment plan. For purposes of this nonattest
engagement, the member may conclude that the owner of the company possesses the skill,
knowledge, and/or experience to oversee the service. On the other hand, consider an
engagement for the member to install an off-the-shelf accounting package and set up the
chart of accounts and financial statement format for a small business client. The owner of the
company is traveling on business and designates the office manager to oversee the
installation. The office manager primarily performs routine clerical and receptionist functions
for the business and has limited understanding of the company’s operations. He or she has
never used accounting or financial software, such as the application being installed by the
practitioner. In addition, because the company hires a part-time bookkeeper to maintain its
general ledger and subsidiary records, the office manager has no understanding of the
company’s books or records and financial statements. For purposes of this nonattest
engagement, it appears unlikely that the office manager would be in a position to sufficiently
understand the services being performed to oversee them and accept responsibility for the
resulting accounting system. [Added prior to June 2005]
6. Would a member be considered to meet the safeguards
in paragraph .01 of the "General
Requirements for Performing Nonattest Services” interpretation if the attest client
contracts with a third party who is not an employee of the attest client to oversee or
advise on the member’s performance of the nonattest service?
Yes. However, in order for the member to meet the safeguards in paragraph .01(a) of the
“General Requirements for Performing Nonattest Services” interpretation, management of the
attest client would have to contract with the third party to advise management regarding the
nature of the nonattest services and the evaluation of the adequacy and results of the services
in order to enable management to (1) effectively oversee the services, (2) assume all
management responsibilities, and (3) accept responsibility for the results of the services.
If the attest client outsources the nonattest services oversight functions to a third party, and
the third party serves as the individual designated by the attest client to oversee the nonattest
services, the member would be considered to meet the safeguards in paragraph .01(a) of the
“General Requirements for Performing Nonattest Services” interpretation provided that the
individual designated by the attest client possesses the necessary skill, knowledge, and/or
experience; functions in a capacity equivalent to that of an attest client employee; has the
authority to make decisions on behalf of the attest client, and performs the other client
responsibilities delineated in paragraph .01(a). [Added prior to June 2005]
8
7. How can a member be satisfied that the attest client designee understands the
nonattest services performed and the resulting work product?
Members are expected to use their professional judgment and experience to recognize which
individuals designated by the attest client are able to fulfill the client responsibilities that are
set forth in the interpretation. Through interaction with the owners or employees of the attest
client, experienced practitioners should be able to assess whether the individual designated
by the attest client possesses the skill, knowledge, and/or experience necessary to effectively
oversee the nonattest service. See also FAQ No. 4 in this section. [Added prior to June 2005]
8. What level of technical expertise must the individual designated by the attest client
have in order to accept responsibility for the deferred tax asset and liability calculations
prepared by the member?
The intent of the “General Requirements for Performing Nonattest Services” interpretation is
not for the individual designated by the attest client to possess a level of technical expertise
commensurate with that of the member. In the case of deferred taxes, the individual
designated by the attest client should understand the basis for the deferred tax assets or
liabilities and the impact of the deferred taxes on the attest client’s financial statements.
[Added prior to June 2005.]
9. What are some examples of nonattest services and the level of understanding that the
individual designated by the attest client to oversee the nonattest services should
possess in order to comply with the “General Requirements for Performing Nonattest
Services” interpretation?
Bookkeeping — When the member performs routine bookkeeping services for an attest client,
the member should be satisfied that the individual designated by the attest client understands
the basis for the proposed journal entries and how the posting of the journal entries will affect
the financial statements. For recurring or standard journal entries (for example, depreciation),
the individual designated by the attest client may require no explanation regarding the reason
for the entry (for example, when the member has previously discussed these entries with the
attest client), whereas for more complex journal entries (for example, deferred taxes), the
member may need to have further discussions with the individual designated by the attest
client discussing the underlying requirements and the basis for the entry and how the entry
will affect the financial statements. For such services, the individual designated by the attest
client must have the skills, knowledge, and experience to approve the proposed journal entries
and accept responsibility for the company’s individual designated by the attest client.
Tax compliance services — For tax return preparation engagements, the individual
designated by the attest client need not have an in-depth understanding of the applicable tax
laws. However, the individual designated by the attest client should review the tax return,
understand and approve key tax positions taken or disclosed in the return, and approve the
filing of the return. The member also should be satisfied that the individual understands the
9
company’s tax situation, has a general understanding of how the amounts on the tax return
were determined, and make all decisions regarding significant tax positions taken in the return.
Valuation services — For more complex engagements, such as permitted valuation services,
the member may need to explain to the individual designated by the attest client the valuation
methodologies used as well as all significant assumptions. The individual then should be in a
position to approve all significant assumptions and accept responsibility for the resulting
valuation. [Added prior to June 2005]
Documentation requirement
Requirement c. of paragraph .01 of the “General Requirements for Performing Nonattest
Services” interpretation requires that, before performing nonattest services for an attest client the
member should establish and document in writing
his or her understanding with the attest client
regarding the (i) objectives of the engagement, (ii) services to be performed, (iii) attest client’s
acceptance of its responsibilities, (iv) member’s responsibilities, and (v) any limitations of the
engagement.
1. May a member comply with the documentation requirement by including the
requirements in paragraph .01(c) in an engagement letter, the audit planning memo, or
in a memorandum of understanding maintained in the member’s billing files, rather
than a separate document?
Yes. Requirement c. of paragraph .01 of the “General Requirements for Performing Nonattest
Services” interpretation only requires a member to document in writing his or her
understanding with the attest client and does not prescribe any specific form of documentation
provided that the level of documentation meets the requirement. Refer to FAQ No. 2 on this
topic for further details, including illustrative sample documentation. [Added prior to June
2005]
2. What form of documentation does requirement c. of paragraph .01 of the “General
Requirements for Performing Nonattest Services” interpretation require?
Although the interpretation requires that the member’s understanding with the attest client in
writing, before performing nonattest services the member may determine the form of that
documentation. The form of documentation is not as important as the content and the timing
of the documentation. From a timing perspective, see paragraph .01(c) of the “General
Requirements for Performing Nonattest Services” interpretation and paragraph .01 of the
“Documentation Requirements When Providing Nonattest Services” interpretation, which
address when the required documentation has to occur.
From a content perspective, if the member is engaged, for example, to assist an attest client
by providing bookkeeping services, the member may document his or her understanding with
the attest client regarding the matters identified in requirement c. for these bookkeeping
services in the attest engagement
letter. However, the matters identified in requirement c.
10
may also be documented in a separate engagement letter specific to the nonattest services
engagement, a memo to the attest files, the auditing steps, or a checklist that the member
prepares as part of the audit or review engagement.
Similarly, if an attest client engages the member to perform tax compliance services, the
understanding could be documented in a tax organizer or a memo contained in the tax working
papers. Other methods of documentation, such as a memo of understanding maintained in
the member’s billing or correspondence files (that is, separate from the client working paper
files), also would satisfy this requirement.
The following is illustrative sample language that can be incorporated into an attest
engagement letter; a “stand-alone” nonattest services engagement letter; a tax organizer
letter; or other documentation method preferred by the member:
[Sample language to document understanding with the attest client for the provision of
bookkeeping and tax services]
Objectives of the Engagement and Services to Be Performed
1. We will provide the bookkeeping and tax services outlined as follows:
• At the end of each month, CPA Firm agrees to perform the following:
— Post client coded transactions to ABC Company’s general ledger.
Propose adjusting or correcting journal entries to be reviewed and
approved by ABC Company management. Prepare a trial balance based
on the adjusted general ledger.
— Prepare monthly sales and payroll tax returns [insert applicable tax
jurisdictions] for ABC Company management’s review and approval.
Upon receipt of approval, we file the electronic returns on the Company’s
behalf.
• At the end of the year, CPA Firm agrees to perform the following:
— Propose adjusting or correcting journal entries to be reviewed and
approved by ABC Company management.
— Prepare federal and state income tax returns [insert applicable tax
jurisdictions].
— Prepare year-end sales and payroll tax returns [insert applicable tax
jurisdictions].
— Answer inquiries on specific tax matters.
• CPA Firm will not assume management responsibilities on behalf of ABC
Company. However, we will provide advice and recommendations to assist
management of ABC Company in performing its responsibilities.
2. ABC Company’s responsibilities are as follows:
• ABC Company agrees to perform the following responsibilities in connection
with CPA Firm’s provision of the bookkeeping and tax services:
11
[Added prior to June 2005]
3. Does the documentation requirement apply to all client engagements?
The documentation requirement applies to any nonattest services (for example, financial
statement preparation, bookkeeping, tax, or consulting services) performed by the member
for an attest client. If a member performs a compilation in which he or she discloses a lack of
independence, the documentation requirement would not apply.
Other regulators may have more restrictive rules regarding independence when performing
nonattest services for an attest client. Accordingly, the member should be aware of and
comply with all rules and regulations applicable to specific clients. [Added prior to June 2005]
4. Are any activities excluded from the documentation requirement?
According to paragraph .04 of the “General Requirements for Performing Nonattest Services”
interpretation, the documentation requirement does not apply in those circumstances in which
the member performs routine activities, such as providing advice and responding to the attest
client’s technical questions as part of the normal client-member relationship. In addition, the
documentation requirement does not apply when a member performs the types of activities
related to attest services identified in paragraph .04 of the “Scope and Applicability of
Nonattest Services” interpretation (ET sec. 1.295.010). Also refer to FAQ No. 1 under the
heading “Routine Activities.” [Added prior to June 2005]
— Assume all management responsibilities, including determining account
codings and approving all proposed journal entries.
— Assign [name of competent client employee] to oversee the bookkeeping
and tax services and evaluate the adequacy and results of the services.
— Accept responsibility for the results of the bookkeeping and tax services,
including the journal entries, general ledger, trial balance, and tax
returns.
3. CPA Firm’s responsibilities and limitations of the engagement are as follows:
• CPA Firm will perform the services in accordance with applicable
professional standards, including the Statements on Standards for Tax
Services issued by the AICPA.
• This engagement is limited to the bookkeeping and tax services previously
outlined. CPA Firm, in its sole professional judgment, reserves the right to
refuse to do any procedure or take any action that could be construed as
making management decisions or assuming management responsibilities,
including determining account codings and approving journal entries. CPA
Firm will advise ABC Company with regard to tax positions taken in the
preparation of the tax return, but ABC Company must make all decisions
with regard to those matters.
12
5. Would independence be impaired when a member fails to document the understanding
with the client?
No. A failure to prepare the required documentation would not impair the member’s
independence provided the understanding with the attest client had been established.
However, the failure to document the understanding with the attest client would be considered
a violation of the “Compliance with Standards Rule
” (ET sec. 1.310.001). [Added prior to June
2005]
6. Does the "General Requirements for Performing Nonattest Services” interpretation
require a member to document the attest client’s review and approval of journal entries
proposed by the member?
The "General Requirements for Performing Nonattest Services” interpretation does not
require that the member document the attest client’s review and approval of the journal
entries. However, the member may wish to document the name of the individual designated
by the attest client who reviewed and approved the journal entries and the date of his or her
review to provide evidence that such review and approval took place. [Added prior to June
2005]
7. A member’s firm does not require its clients to sign engagement letters for tax return
preparation services. How does the documentation requirement under requirement c.
of paragraph .01 of the "General Requirements for Performing Nonattest Services”
interpretation apply with respect to these clients?
Tax compliance services performed for an attest client are nonattest services subject to the
requirements of the “General Requirements for Performing Nonattest Services” interpretation.
Therefore, the documentation requirement applies when the member provides tax compliance
services to an attest client. However, the form of documentation is left to the member’s
discretion, and, provided that the documentation contains all of the required elements, the
member may document his or her understanding with the attest client of the matters identified
in requirement c. in a tax organizer or disclosure statement provided to the attest client, a
memo in the tax or attest service working papers, or through other means. [Added prior to
June 2005]
Bookkeeping services
1. A member records journal entries while performing monthly bookkeeping services
without obtaining attest client approval. Would independence be impaired?
Yes. In order for the member to maintain his or her independence, an individual designated
by the attest client, preferably within senior management, must review and approve the
proposed journal entries. In addition, the member should be satisfied that the individual
designated by the attest client understands the nature of the proposed entries and the impact
the entries have on the financial statements. [Added prior to June 2005]
13
2. During the course of providing monthly bookkeeping services, the member receives
invoices from the attest client indicating approval for payment and identifying the
appropriate general ledger accounts to record the transaction. The member prepares
the attest client’s checks for payment of those invoices, records the transactions in the
attest client’s general ledger system, and returns the checks to the attest client for
approval and signature. The member does not have signature authority over the attest
client’s checking account. Would independence be impaired?
No. Management determined and approved the appropriate account classifications, approved
the invoices for payment, and reviewed and signed the prepared checks. [Added prior to June
2005]
3. During the course of providing monthly bookkeeping services, the member discusses
with client management the need to record recurring journal entries (for example,
depreciation expense) each month in the general ledger. The attest client approves the
recurring journal entries and makes any necessary decisions (for example, useful lives
of the assets). The member then records these entries in the attest client’s general
ledger each month. Would independence be impaired?
No. The attest client understands the general nature of the journal entries and the impact they
have on its financial statements. [Added prior to June 2005]
4. An attest client records all disbursements in its checkbook and identifies the type of
expense (for example, telephone, rent, etc.) on the checkbook stubs. During the course
of providing monthly bookkeeping services, the member assigns the general ledger
account number based on the type of expense indicated by the attest client and records
these payments in the attest client’s accounting system. Would independence be
impaired?
No. The member would not be considered coding transactions. [Added prior to June 2005]
5. During the course of performing an attest engagement, the member proposes
adjustments to the financial statement to the client management. For example, the
member might propose adjusting entries to correct the client’s tax provision, deferred
tax account, or depreciation and amortization account. Client management reviews the
proposed entries and related supporting documentation, understands the impact on
its financial statements, and records the adjustments identified by the member. Would
the proposal of such entries constitute a nonattest bookkeeping service subject to the
interpretations of the “Nonattest Services” subtopic?
No. According to paragraph .04 of the “Scope and Applicability of Nonattest Services”
interpretation, proposing entries as a result of the member’s attest engagement is a normal
part of those engagements and would not constitute performing a nonattest bookkeeping
14
service subject to the interpretations of the “Nonattest Services” subtopic. [Added prior to June
2005]
6. A member is engaged to perform an audit for a client that records all transactions on a
cash basis in its general ledger. During the audit process, the member identifies all
appropriate journal entries required to convert the audit client’s general ledger to an
accrual basis and prepares the financial statements, including footnotes, on the
accrual basis in order to conform to U.S. generally accepted accounting principles
(GAAP). The audit client reviews the entries and financial statements, including all
footnote disclosures, and understands the impact these entries have on the financial
statements. As part of the management representation letter, the audit client
acknowledges responsibility for the financial statements and footnotes. Would these
services be considered nonattest bookkeeping services subject to the interpretations
of the “Nonattest Services” subtopic?
If the engagement covers periods beginning on or after December 15, 2014, then providing
these services will be considered nonattest services subject to the interpretations of the
“Nonattest Services” subtopic including the "General Requirements for Performing Nonattest
Services” interpretation. [Revised March 2015]
7. The member prepares a bank reconciliation of a client’s bank account in connection
with monthly bookkeeping services. The client reviews and approves the bank
reconciliation. Would independence be impaired?
No. According to paragraph .06 of the “Scope and Applicability of Nonattest Services”
interpretation (ET sec. 1.295.010), preparing reconciliations is a nonattest service, so as long
as the safeguards from the "General Requirements for Performing Nonattest Services”
interpretation are met, independence will not be impaired.
8. A member performing bookkeeping services records adjusting and reclassification
journal entries and compiles preliminary financial statements. The member delivers the
financial statements and compilation report to the attest client and provides the attest
client copies of the general ledger, journals, and journal entries, which contain a
description of the nature of each entry. The member asks the attest client to review the
journal entries and then asks whether the attest client has any questions about any of
the entries. Would the requirements of the "General Requirements for Performing
Nonattest Services” interpretation be met?
Yes. Provided the member is satisfied that the attest client understands the nature and impact
of the journal entries, the requirements of the “General Requirements for Performing
Nonattest Services” interpretation would be met. [Added prior to June 2005]
9. Must the member review the proposed journal entries and explain their impact on the
financial statements to the attest client in person or can this review take place by
phone, fax, mail, or email?
15
The review process can take place in person; by phone, fax, mail, or email; or a combination
thereof. Regardless of the method used, the member must be satisfied that the individual
designated by the attest client has the skills, knowledge, and experience to understand the
nature and impact of the journal entries on the attest client’s financial statements. [Added prior
to June 2005]
10. As part of performing bookkeeping services, a member records adjusting journal and
reclassification entries and prepares the attest client’s preliminary financial
statements. The member does not review each and every journal entry with the attest
client, but, rather, the member describes the nature of the journal entries and their
impact on the preliminary financial statements. The attest client approves the
preliminary financial statements and provides them to its bank. Would the
requirements of the "General Requirements for Performing Nonattest Services”
interpretation be met?
Yes. Provided all of the other requirements of the "General Requirements for Performing
Nonattest Services” interpretation are met. [Added prior to June 2005]
Controllership services
1. A member provides temporary controllership and other accounting services for attest
clients during client maternity leaves, illnesses, and sudden departures. Do these
activities impair independence under the "General Requirements for Performing
Nonattest Services” interpretation?
These services would be subject to the “General Requirements for Performing Nonattest
Services” interpretation. If a member performs controller-type activities, independence would
be impaired because such activities typically involve the performance of management
responsibilities or the supervision of client employees. However, if the member performs
temporary accounting and other services in compliance with the requirements of the “General
Requirements for Performing Nonattest Services” interpretation, independence would not be
impaired. In such circumstances, the member also should consider whether the duration or
regularity of the services might nevertheless impair independence. Having the title of
controller would impair independence regardless of the actual services performed. [Added
prior to June 2005]
Tax services
1. The member performs year-end tax planning and prepares the tax returns for an attest
client. Would these services be considered nonattest services and therefore subject to
the requirements of the “Nonattest Services” subtopic?
Yes. Tax services are considered nonattest services and are therefore subject to the
requirements of the “Nonattest Services” subtopic, including the “General Requirements for
16
Performing Nonattest Services” interpretation, which requires among other things that the
member’s understanding with the client with respect to the tax services be documented in
writing.
2. Do the interpretations of the “Nonattest Services” subtopic apply when the member
prepares the personal tax returns of the owners and officers of an attest client? Does
it matter whether the owners or officers pay for the services themselves or whether the
attest client pays for the services?
If the personal tax returns are prepared without having to rely on representations of the attest
client, then the interpretations of the “Nonattest Services” subtopic would not apply. The mere
fact that the client pays for the services also would not cause the interpretations of the
“Nonattest Services” subtopic to apply. [Added prior to June 2005]
3. Would providing nonattest services to an attest client in the client’s application of
FASB Accounting Standards Codification (ASC) 740-10-50, Income Taxes, such as
identifying potential uncertain tax positions, advising the attest client whether those
tax positions meet the more-likely-than-not (MLTN) threshold, and calculating the
related unrecognized tax benefits, impair independence?
The provision of such nonattest services would not impair independence provided the
individual designated by the attest client can make an informed judgment on the results of the
member’s services and the other requirements of the "General Requirements for Performing
Nonattest Services” interpretation are met. In meeting the requirements of this interpretation,
the member may assist the attest client in understanding why the tax positions do or do not
meet the MLTN threshold and the basis for any unrecognized tax benefit so that the attest
client can accept responsibility for the amounts reported and disclosed in the financial
statements. [Added July 2007 and reference to FASB ASC updated September 2009]
4. The “Tax Services
” interpretation (ET sec. 1.295.160) under the “Independence Rule”
(ET sec. 1.200.001) provides that a “court encompasses a tax, district, or federal court
of claims and the equivalent state, local, or foreign forums.” Are there any criteria that
members could use that would indicate a forum is equivalent to a court?
To determine what other forums may be equivalent to a court, members may consider criteria
such as the following:
• The forum is presided over by a trier of fact who is independent of the taxing authority
and is empowered to render a determination that is binding (absent appeal).
• The forum conducts formal proceedings governed by a set of procedural rules dealing
with matters such as evidence and testimony.
• The forum is the last opportunity for the parties to present new factual evidence so that
any appeal of the forum’s decisions would involve only a review of the forum’s records,
including its factual or legal findings, and not an evidentiary hearing. [Added July
2017].
17
Information technology services
1
1. What criteria should a member
use to determine whether an attest client’s information
system is unrelated to its financial statements or accounting records?
Information systems that produce information that is reflected in the amounts and disclosures
in the attest client’s financial statements, used in determining such amounts and disclosures,
or used in effecting internal control over financial reporting are considered to be related to the
financial statements and accounting records. However, information systems that are used
only in connection with controlling the efficiency and effectiveness of operations are
considered to be unrelated to the financial statements and accounting records. [Added prior
to June 2005]
Appraisal, valuation, and actuarial services
1. Would assisting an attest client in applying FASB ASC 805, Business Combinations, or
FASB ASC 350, Intangibles—Goodwill and Other, impair independence (for example,
providing advice on the various valuation methodologies available and assumptions
needed and providing valuation templates, software, or other tools so that the attest
client can determine an appropriate value for acquired assets, goodwill, contingent
consideration, and so on)?
When the attest client requests that the member perform valuation services or when the
member is in essence performing the valuation for the attest client (such as when the member
provides the attest client with a firm
-developed template or software product or inserts
amounts into a template or software product), the member should refer to the guidance in the
“
Appraisal, Valuation, and Actuarial Services” interpretation. Specifically, paragraph .02
states that services that involve a significant degree of subjectivity and whose results,
individually or when combined with other valuations, appraisals, or actuarial services, are
material to the attest client’s
financial statements will impair independence.
Valuations performed in connection with business combinations or appraisals of assets or
liabilities normally have a material effect on financial statements and involve a significant
degree of subjectivity.
Providing advice on the various valuation methodologies available and assumptions to be
made in performing the valuation would not impair independence provided the requirements
of the “General Requirements for Performing Nonattest Services” interpretation are met.
These requirements include the attest client determining or approving all significant
assumptions and matters of judgment and making an informed judgment on, and accepting
responsibility for, the results of the service. In meeting the requirements of this interpretation,
1
FAQS 1 through 6 and 8 deleted in July 2019 once the revised Information System Services interpretation
was added to the online Code.
18
the member also may assist the attest client in understanding the accounting standards and
the nature of the necessary accounting adjustments.
In addition, the member may provide the attest client with generic or standardized templates
or software products not developed by the firm to assist the attest client with performing the
valuation. Generic or standardized products are those in which formulas are well established
and subject to only minor judgments or interpretations. Accordingly, it is reasonable to expect
that the result produced by such products will be similar to the result that would be produced
by other vendors’ products. [Added August 2008 and references to FASB ASC updated
September 2009].
Training services
1. An attest client is implementing changes to its financial reporting system or process
(for example, implementing International Financial Reporting Standards [IFRS] or
eXtensible Business Reporting Language [XBRL]). Would a member’s independence
be impaired if he or she provided training to the attest client related to such system or
process?
A member’s independence would not be impaired if he or she provides attest client personnel
with a general understanding of the financial reporting system or process (FRP). If attest client
personnel already have a general understanding of the FRP, the member may provide more
specific training to attest client personnel on how the system or process applies to the attest
client’s specific circumstances. In providing training services, however, the member should
ensure that such nonattest services do not involve supervising attest client personnel in either
the implementation or daily operation of the FRP, or in performing other management
responsibilities such as making FRP operational decisions or implementing the internal
controls necessary for the FRP to run effectively. [Added February 2010]
Project management services
1. Will a member’s independence be impaired if the member manages a project for an
attest client (such as implementing an attest client’s cybersecurity program, converting
the attest client’s FRP from U.S. GAAP to IFRS, or implementing XBRL)?
Yes. Taking responsibility for the management of an attest client’s project will impair a
member’s independence. This would be true even if the project did not impact the financial
statements.
Independence, however, will not be impaired if management makes all decisions related to
the project and the member’s involvement is limited to providing assistance, advice,
suggestions, and recommendations regarding matters that are within the member’s areas of
knowledge or experience. Such activities might include (a) providing advice about how to
improve the attest client’s infrastructure security, (b) providing advice about either the tagging
of XBRL-formatted or the preparation of IFRS-based financial statements, (c) providing
19
feedback on management’s plans, including how management will prioritize its activities, and
(d) assisting the attest client with its understanding of the general considerations for the
project. [Issued February 2010 and updated April 2017]
2. Would a member’s independence be impaired if he or she assisted attest client
management with its determination of whether or not to proceed with a project (for
example, converting its FRP from U.S. GAAP to IFRS or implementing XBRL for its
financial statements)?
Provided the member only assists the attest client by providing guidance on the conversion
or implementation issues and does not make the decision of whether or not to proceed with
the project, the member’s independence would not be impaired. For example, such assistance
may include (a) helping gather information that management will use to conduct its analysis
or (b) providing advice and making recommendations on the assumptions management plans
to use in its analysis. [Added February 2010]
Cybersecurity services
1. May a member provide general training or informational sessions on cybersecurity
issues to an attest client without impairing independence?
Yes. A member may provide these services as long as the member’s services are only
advisory in nature and the member complies with the applicable interpretations under the
“Nonattest Services” subtopic, including the “General Requirements for Performing Nonattest
Services” interpretation and the “Advisory Services
” interpretation (ET sec. 1.295.105). For
example, the member may provide informational training sessions related to guidance issued
by the National Institute of Standards and Technology (NIST).
[Added April 2017]
2. May a member conduct a best practice review of an attest client’s cybersecurity
practices that would include benchmarking the attest client’s current cybersecurity
infrastructure and procedures against the NIST Cybersecurity Framework (CSF) or
other established framework without impairing independence?
Yes. A member may conduct such a review provided the member’s services are only advisory
in nature (that is, result only in recommendations to the attest client) and the member complies
with the applicable interpretations under the “Nonattest” Services subtopic including the
“General Requirements for Performing Nonattest Services” interpretation and the “Advisory
Services” interpretation. [Added April 2017]
3. Will a member’s independence be impaired if the member accepts responsibility for the
design, development, or implementation of an attest client’s policies and procedures
for cybersecurity threats and practices?
20
Yes. A member’s independence will be impaired because the member will have assumed a
management responsibility. [Added April 2017]
4. Will a member’s independence be impaired if the member evaluates an attest client’s
cybersecurity program and provides advice and recommendations to the attest client
on improving the company’s policies, procedures, and internal control relating to
cybersecurity threats and practices?
No. A member’s independence will not be impaired, provided the member’s services are only
advisory in nature and the member complies with the applicable interpretations under the
“Nonattest Services” subtopic including the “General Requirements for Performing Nonattest
Services” interpretation and the “Advisory Services” interpretation. [Added April 2017]
5. Will a member’s independence be impaired if the member provides an attest client with
“attack and penetration” testing relating to its cybersecurity?
It depends. A member’s independence will be impaired if the “attack and penetration” testing
is done by performing ongoing evaluations of the attest client’s controls as part of the attest
client’s monitoring activities. Ongoing evaluations monitor the presence and functioning of
controls in the ordinary course of managing the attest client’s business. These activities would
result in the member accepting responsibility for maintaining the attest client’s internal control,
which would be assuming a management responsibility.
However, the member may be able to provide “attack and penetration” testing without
impairing independence if the testing is done by performing separate evaluations of the
controls. The scope and frequency of such separate evaluations are a matter of judgment.
They may be conducted periodically but, unlike ongoing evaluations, are not routine
operations built into the attest client’s business processes. As with the provision of any
nonattest service, the member needs to comply with the applicable interpretations under the
“Nonattest Services” subtopic including the “General Requirements for Performing Nonattest
Services” interpretation (ET sec. 1.295.040) and the “Advisory Services” interpretation.
[Added April 2017]
Hosting services
1. A member uses a third-party subscription clearinghouse to issue attest reports. Is the
subscription clearinghouse considered a member’s portal under item e. in paragraph
.04 of the “Hosting Services
” interpretation (ET sec. 1.295.143) under the
“Independence Rule”?
No, the subscription clearinghouse would not be considered a member’s portal if all of the
following criteria are met:
a. The platform is a document repository designed to facilitate document exchange
between users.
21
b. The platform is hosted, run, and controlled entirely by a third-party vendor that is not
the member.
c. The member, attest client, and other subscription clearinghouse members have their
own user agreements with the third-party vendor.
[Added February 2019]
2. Must a member terminate a client’s access to data or records covered by the “Hosting
Services” interpretation and relate to an engagement completed prior to July 1, 2019?
The member is not required to terminate such access prior to July 1, 2019 in order to be in
compliance with the “Hosting Services” interpretation. However, upon the effective date, the
member should terminate access to such records within a reasonable period of time (see FAQ
3 in the Hosting Services section of this document). [Added February 2019]
3. Item (e) in paragraph .04 of the “Hosting Services” interpretation indicates that to avoid
providing hosting services, members should terminate an attest client’s access to the
data or records in the portal within a reasonable period after the conclusion of the
engagement. What is a reasonable period?
Members should use professional judgment when determining what a reasonable period of
time would be for the specific data or records. The period of time should be practical in that it
provides the client sufficient time to retrieve the information from within the portal and not
cause the member undue hardship. The period of time should also be limited in duration and
should not be extensive. A period of time that is consistent with the member’s documentation
retention policy or a statute of limitations that continues for multiple years would likely be
considered extensive and therefore not limited in duration. For some situations, the member
may conclude that no undue hardship would occur within a relatively brief period of time, such
as 60 days, and therefore this would be a reasonable period of time for the client to retrieve
data or records before access is terminated. In other circumstances, a reasonable period of
time may be closer to a year in order to avoid undue hardship for the member. [Added
February 2019]
4. A member prepares and transmits an attest client’s income tax return and related
schedules (return) in accordance with the “Tax Services” interpretation under the
“Independence Rule” and sends the filed return to the attest client using the member’s
portal. Must the member terminate the attest client’s access to that return within a
reasonable period after preparing and transmitting the return to avoid providing
hosting services?
Yes. Item (e) in paragraph .04 of the “Hosting Services” interpretation indicates that to avoid
providing hosting services, members should terminate an attest client’s access to the data or
records in the portal within a reasonable period after the conclusion of the engagement.
[Added February 2019]
22
5. An attest client hires a member to do permitted bookkeeping services. If the member
uses a general ledger software program that is only on the member’s server or a server
leased by the member (that is, the attest client does not have a separate instance of the
general ledger software) to support the member with providing such services, would
the member be providing hosting services to the attest client?
It depends on the specific facts and circumstances. If the member (a) is not keeping the attest
client’s data or records on the attest client’s behalf and (b) has provided information to the
attest client through electronic or other means such that the attest client’s data and records
are in sufficient detail to be considered complete and enable the attest client to accept
responsibility for the permitted bookkeeping services (as currently required by the “General
Requirements for Performing Nonattest Services” interpretation), the member would not be
providing hosting services. Under these circumstances, even though the attest client would
not have a separate instance of the general ledger software, the member would still not be
viewed as providing hosting services because the member has not accepted responsibility to
act as the sole host of a financial or nonfinancial information system of the attest client; rather
the member is using the software to support the services the member is providing. [Added
February 2019 and updated January 2020]
6. A member provides an attest client access to sales tax computation software on the
member’s server. The attest client inputs its original data, and the software calculates
the sales tax and generates a tax return, which the attest client downloads and files.
Which actions could the member take to avoid providing hosting services?
To avoid performing hosting services, the member may wish to consider the following:
a. In obtaining an understanding with the attest client about the scope of the service in
accordance with paragraph .01 of the “Documentation Requirements When Providing
Nonattest Services,” specify that it is the attest client’s responsibility to maintain its
original data and records as well as the information produced by the system
(information) and that the member has no responsibility to safeguard or maintain any
of these data, records, or information.
b. The client’s access to the data, records, and information in the system is terminated
after a reasonable period.
[Added February 2019]
7. A member returned an attest client’s data or records used to perform a professional
service but retained a copy as documentation in support of the member’s service.
Would the member be providing hosting services if the member complied with the
attest client’s subsequent request for a copy of its data or records?
No. Item a. in paragraph .04 of the “Hosting Services” interpretation allows a member to retain
copies of an attest client’s original data or records as documentation that supports the
member’s professional service. An occasional request by the attest client for copies of original
data or records would not, in and of itself, mean that the member was providing hosting
services. However, the member should be alert to a situation in which the attest client
23
repeatedly requests copies of data or records, which may signify that the member has begun
providing hosting services as a de facto repository for the attest client’s data or records. If
such situation exists, the member should evaluate whether in fact a de facto repository
relationship exists and weigh its future impact on independence. [Added February 2019]
8. An attest client provides a member with data and records for the member to prepare
the attest client’s tax return. The member prepares the attest client’s tax return and
provides the completed tax return to the attest client. Must the member provide the
attest client with any other information to avoid providing hosting services under items
(b) or (c) in paragraph .01 of the “Hosting Services” interpretation?
As currently required by the “General Requirements for Performing Nonattest Services”
interpretation, in addition to the tax return, the member must provide the attest client with
information needed for the attest client to be able to accept responsibility for the return. [Added
January 2020]
9. An attest client requests information previously provided by the member. Does that
mean that the member is providing hosting services?
It depends. Members should evaluate the specific facts and circumstances to determine
whether the request indicates that the attest client is relying on the member to maintain the
attest client’s data or records. If the member determines the attest client is relying on the
member, the member would be providing hosting services if the member continues to provide
the client with such records. For example, if an attest client makes repeated requests for a
copy of a tax return, one could conclude the attest client is relying on the member to maintain
its records, and the member would be providing a de facto nonattest hosting service by
providing the requested tax return repeatedly. On the other hand, if the attest client asks the
member to provide a copy of a document (such as a tax return) to a lending institution to
expedite a loan approval, accommodating the attest client’s request may not indicate the attest
client is relying on the member to maintain its records. [Added January 2020]
10. In order to avoid impairing independence, when should a member provide an attest
client with accounting or other records that the member prepared (but was not
specifically engaged to prepare) and that are not in the attest client’s books and
records or are not otherwise available to the attest client?
The member should provide the attest client with this information at the time the nonattest
services are completed (as opposed to when the attest client makes the request) if such
information is necessary for the attest client to accept responsibility for the permissible
nonattest service as required by the “General Requirements for Performing Nonattest
Services” interpretation.
As a reminder, when the client is not an attest client, members do not need to apply the
“Independence Rule” and related interpretations. Rather, in order to avoid a violation of the
“Acts Discreditable Rule” (ET sec. 1.400.001), members should refer to the “Records
24
Request” interpretation (ET sec. 1.400.200) to understand when this information needs to be
provided. [Added January 2020]
11. I
s there any language that could be added to engagement letters (attest or nonattest)
to clarify that a member’s firm cannot accept responsibility for maintaining an attest
client’s data and records?
Yes. Your firm could consider adding the following sample language to attest client
engagement letters for either attest or nonattest services:
A
s an attest client [or affiliate of an attest client
2
], [firm name] cannot store your
documents, data, or records on your behalf because doing so will impair [firm name]’s
independence. This is in accordance with the “Hosting Services” interpretation (see ET
sec. 1.295.143) of the AICPA Code of Professional Conduct. [Client name] is solely
responsible for maintaining its own data and records.
[Added October 2021]
12. If the firm uses a portal to provide attest clients with member-prepared records or
member work products, is there language that could be added to engagement letters
(attest or nonattest) to explain what action the firm is taking to avoid inadvertently
providing hosting services?
Y
es. Your firm could consider adding the following sample language to attest client
engagement letters for either attest or nonattest services:
[Fi
rm name] does not host any [client name]’s information. [Name of portal or method of
data transfer] is used solely to transfer data and is not intended for the storage of [client
name]’s information. [Client name] is solely responsible for downloading any deliverables
and other records from the [name of portal or method of data transfer] that [client name]
wishes to retain for its own records at the completion of the engagement. If this
engagement occurs over multiple years, [client name] should download such information
at least annually.
The dat
a and deliverables and other records will either be removed from the [name of
portal or method of data transfer] or otherwise become unavailable to [client name]
[specify what that time frame is]. If the engagement is multi-year, the completion of the
engagement occurs each year when the deliverables for that year are delivered to [client
name].
[Added October 2021]
2
Your firm may consider adding the client affiliates if it is determined that the exception found in
paragraph .02b of the “Client Affiliates” interpretation (ET sec. 1.224.010) does not apply.
25
13. If the firm uses a portal to exchange information with attest clients, is there language
that could be added to engagement letters (attest or nonattest) to explain what action
the member’s firm is taking to avoid inadvertently providing hosting services?
Yes
. Your firm could consider adding the following sample language to engagement letters
for either attest or nonattest services:
[Firm name] does not host any [client name]’s information. [Name of portal or method of
data transfer] is used solely as a method of transferring data and is not intended for the
storage of [client name]’s information. Upon conclusion of the engagement, [firm name]
will provide [client name] with a copy of the deliverables and relevant data from the
[name of portal or method of data transfer] relating to the engagement in a mutually
agreed-upon format. If the engagement occurs over multiple years, this exchange will
occur at least annually.
The dat
a and other content will either be removed from the [name of portal or method of
data transfer] or become unavailable to [client name] within a reasonable period of time
[could specify what that time frame is]. If the engagement is multi-year, the completion of
the engagement occurs each year when the deliverables are completed for that year.
[Added October 2021]
