Non-audit services and safeguards - Engagement acceptance co...

Learning Outcomes

After reading this article, you will be able to: identify what constitutes non-audit services, explain how offering such services poses threats to auditor independence, distinguish between prohibited and permitted services under professional rules, evaluate the effectiveness of safeguards, and outline key pre-acceptance procedures required for engagement acceptance. You will be able to apply these concepts to scenario-based ACCA AA questions and recommend appropriate safeguards or actions in practice.

ACCA Audit and Assurance (AA) Syllabus

For ACCA Audit and Assurance (AA), you are required to understand the impact of non-audit services on audit independence, relevant threats and safeguards, and acceptance procedures. Areas for focused revision are:

• The types of non-audit services and their impact on independence, including self-review, self-interest, and advocacy threats.
• The professional and ethical prohibitions and restrictions on providing non-audit services to audit clients.
• How to evaluate the significance of threats and implementation of safeguards, including when to decline or withdraw from engagements.
• Quality management requirements for engagement acceptance, including considering ethical requirements and threats from non-audit work.
• Client and engagement acceptance procedures in relation to proposed non-audit services.

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

1. Which of the following is a self-review threat?
   1. Setting audit fees based on client profit
   2. Performing bookkeeping for an audit client
   3. Accepting gifts from a client
   4. Employing a family member of a client director

2. State two examples of prohibited non-audit services for a listed audit client.

3. What safeguard(s) must be in place if an audit firm is to provide permitted tax services to a non-listed audit client? Briefly explain.

4. True or false? The provision of internal audit services by the statutory auditor to a listed client is always allowed if approved by the audit committee.

Introduction

Non-audit services are all professional services delivered by audit firms to audit clients that are not part of the external audit or statutory assurance engagement. These services include tax advice, internal audit, IT consulting, and accounting support, among others. Delivering non-audit services can create ethical threats to independence and objectivity, and is subject to stringent regulations and safeguards.

Key Term: Non-audit services
Services provided by auditors to an audit client, other than statutory audit or assurance, such as tax, internal audit, or consultancy services.

Why non-audit services create risks

When an audit firm delivers both audit and other services to the same client, threats can arise that undermine objectivity and perceived independence. Five principal threats are relevant: self-review, self-interest, advocacy, familiarity, and intimidation.

Key Term: Self-review threat
The risk that the auditor will not appropriately evaluate the results of previous work performed for the same audit client when forming audit judgements.

Key Term: Advocacy threat
The risk that the auditor promotes, or appears to advance, an audit client's interests or position, compromising objectivity.

Key Term: Safeguard
Action or measure that eliminates a threat to independence or reduces it to an acceptable level.

Types of non-audit services and common threats

The most commonly encountered non-audit services include:

• Accounting/Bookkeeping: Preparation of financial statements, internal records, or management accounts. Creates self-review threat if the audit firm later audits those figures.
• Taxation: Tax return preparation, advice or advocacy. Usually gives rise to self-review, advocacy or familiarity threats.
• Valuation: Performing valuations for material amounts appearing in financial statements creates self-review risk.
• Internal audit: Design or operation of internal controls, or acting as internal auditor for the same client, which impairs independence.
• IT services: Design, implementation, or customization of systems that form part of financial reporting controls create self-review risks.

Strict prohibitions apply for listed clients or public interest entities (PIEs), with some prohibitions for all audit clients regardless of their status. Even where permitted, acceptance depends on effective safeguards.

Worked Example 1.1

Scenario:
A firm is asked by a listed client to provide IT system implementation and also act as statutory auditor. Is this allowed, and what is the main ethical threat?

Answer:
This is not allowed. For listed clients, design or implementation of IT systems that form part of internal control over financial reporting is prohibited. The main threat would be self-review, as the auditor may later audit transactions processed in systems they implemented.

Prohibited services and the Code

For listed audit clients, the following non-audit services are strictly prohibited:

• Bookkeeping and accounting services related to financial statements;
• Internal audit related to financial reporting;
• IT system design or implementation for processes that impact financial reporting;
• Valuation services for material figures;
• Tax calculation of current or deferred tax;
• Legal services in connection with material amounts;
• Advocacy services in legal or tax proceedings.

For all audit clients, a service that results in assuming management responsibility is always prohibited.

Key Term: Management responsibility
The act of making decisions or carrying out duties that should properly be undertaken by client management, such as approving transactions or judgments.

Allowed services and safeguards

Some non-audit services may be permitted—especially for non-listed clients—provided threats are carefully assessed and reduced to an acceptable level. Examples of permitted services may include basic tax compliance or advisory work, routine payroll, or due diligence services, provided they do not involve judgements relating to amounts material to the financial statements.

Key Term: Acceptable level
The point at which any remaining threat to independence is so insignificant that it does not compromise the auditor’s objectivity. Permitted services must be subject to safeguards such as:

• Using separate staff for audit and non-audit work;
• independent review by a partner not involved in the audit or non-audit service;
• Clear documentation that management, not the firm, makes all key decisions.

If effective safeguards cannot be applied, the firm must decline the non-audit engagement or resign as auditor.

Worked Example 1.2

Scenario:
An SME audit client asks the auditor for assistance preparing its tax return, which is not material to the accounts. The audit team performing the statutory audit is different from the team preparing the tax return. Is this allowed?

Answer:
This is allowed, provided management reviews and approves the tax computations, the audit team is not involved in both functions, and the amounts are not material to the financial statements. An independent partner should review the work.

Impact on engagement acceptance

Before accepting either a new audit engagement or a new non-audit service for an existing audit client, the firm must assess:

• Whether offering the service creates any threats to independence;
• If the threats can be reduced by safeguards;
• Whether the engagement is prohibited (for example, providing internal audit for a listed client).

If threats are not at an acceptable level even after safeguards, the engagement should not be accepted. The firm should document the risks, proposed safeguards, and the decision rationale.

Key Term: Engagement acceptance
The formal evaluation and decision process to determine if a professional service engagement should be undertaken, considering independence, competence, ethical threats, and quality standards.

Worked Example 1.3

Scenario:
An audit firm has provided non-audit services to an audit client so that total fees from the client exceed 20% of the audit firm's total turnover for two years. What is the risk and appropriate safeguard, if available?

Answer:
There is a significant self-interest threat from over-dependence on this client. Fees above 15% for listed (PIE) clients over two years require the auditor to either resign or have the work quality reviewed by an independent non-firm reviewer, with disclosure as required. For non-listed clients, similar action is expected if fees are too high, but absolute prohibitions may not apply.

Safeguard effectiveness and limitations

Even with safeguards, certain threats cannot be entirely mitigated (for example, self-review from preparing financial statements for audit clients). Firms must regularly evaluate the effectiveness of implemented safeguards and update policies or decline engagements if necessary.

Exam Warning

Not all safeguards are sufficient for PIE clients or listed companies. Remember: For these entities, many services are always prohibited regardless of safeguards. Misclassifying a prohibited service as allowed with safeguards will lose marks.

Engagement letter and audit committee role

For all engagements where non-audit services are provided, terms must be clearly documented in writing—normally within an updated engagement letter. For listed companies, the audit committee must approve all permitted non-audit services, providing an independent check on audit firm activities.

Revision Tip

In scenario questions, always specify which threat(s) arise from a proposed non-audit service and whether it is outright prohibited, allowed with safeguards, or allowed only under certain circumstances.

Summary

Non-audit services can create significant threats to independence and objectivity. The stricter the client's public interest profile, the greater the restrictions. For listed and PIE clients, most significant non-audit services are prohibited. For others, thorough threat assessment and safeguards may permit limited additional work. The auditor must always evaluate threats to independence before accepting new work, decline if threats cannot be mitigated, and document all judgements and safeguards.

Key Point Checklist

This article has covered the following key knowledge points:

• Explain why non-audit services create threats to auditor independence.
• Identify the main types of non-audit services and the ethical threats they pose.
• List services strictly prohibited for listed clients, PIEs, and all audit clients.
• Understand the standards for acceptance of permitted non-audit services and required safeguards.
• Evaluate procedures for engagement acceptance and document decisions in line with professional obligations.
• Recognise the limitations of safeguards and when non-audit services must be declined.

Key Terms and Concepts

• Non-audit services
• Self-review threat
• Advocacy threat
• Safeguard
• Management responsibility
• Acceptable level
• Engagement acceptance