Non-audit services and safeguards - Safeguards and documenta...

Learning Outcomes

By the end of this article, you will be able to identify threats to auditor independence arising from non-audit services, describe suitable safeguards to manage those risks, and explain documentation requirements for these safeguards under professional standards. You will also be able to apply these principles to exam scenarios and understand the importance of thorough documentation for both legal and professional reasons.

ACCA Audit and Assurance (AA) Syllabus

For ACCA Audit and Assurance (AA), you are required to understand non-audit services and the related safeguards and documentation. This article addresses:

• The types of non-audit services and how they can create threats to independence.
• The range of threats (self-interest, self-review, advocacy, familiarity, intimidation) associated with non-audit services.
• How to propose and implement suitable safeguards to reduce threats to an acceptable level.
• The need for comprehensive and transparent documentation of threats, safeguards, and rationale for decisions.
• Professional and legal requirements concerning non-audit services, including ACCA's Code of Ethics and relevant ISAs.

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

1. Which type of ethical threat is most likely created when an audit firm also prepares financial statements for its audit client?
2. State two examples of safeguards that can reduce threats arising from the provision of non-audit services.
3. True or false? Documentation of threats and safeguards is only required if a significant threat is actually present.
4. What must an auditor document when deciding to provide non-audit services to an audit client? List two required elements.

Introduction

Non-audit services—such as tax advice, internal audit, or IT consulting—can create threats to auditor independence and objectivity. To comply with ethical standards, auditors must identify potential threats, apply effective safeguards, and properly document all decisions and actions taken. Failing to manage threats or keep adequate records exposes the firm to regulatory action and undermines trust in the assurance process.

Key Term: non-audit services
Any professional service provided to an audit client by the audit firm that is not an audit of the financial statements, such as tax, consultancy, or advisory work.

Key Term: ethical threats
Circumstances or relationships that could compromise or appear to compromise an auditor's independence and objectivity, including self-interest, self-review, advocacy, familiarity, and intimidation threats.

Key Term: safeguards
Actions or measures taken by the auditor or firm designed to eliminate ethical threats or reduce them to an acceptable level to preserve independence.

Key Term: documentation
The process of recording all relevant facts, decisions, threats identified, safeguards implemented, and rationale for choices in sufficient detail to support the auditor's report and defend professional judgements.

Types of Non-audit Services and Related Threats

When providing services beyond the statutory audit, auditors may face:

• Self-review threat (e.g., preparing financial statements later audited by the same firm).
• Self-interest threat (e.g., significant fees from other services or contingent fee arrangements).
• Advocacy threat (e.g., representing a client in disputes or negotiations).
• Familiarity threat (e.g., long associations or close relationships developed during advisory work).
• Intimidation threat (e.g., pressure from management when non-audit fees outweigh audit fees).

These threats can be more pronounced where key audit partners, or team members, participate in both non-audit and audit engagements for the same client.

Worked Example 1.1

A firm is preparing a client's tax computations and also auditing the same client's annual financial statements. What primary threat arises, and what is one suitable safeguard?

Answer:
The main threat is self-review, as the firm's own tax work may be subject to audit. A safeguard is to ensure the tax service is performed by staff completely separate from the audit team, and an independent partner reviews the audit area relating to tax.

Safeguards to Manage Threats

To reduce threats to an acceptable level, auditors may apply these safeguards:

• Use staff who are not members of the audit team for non-audit work.
• Have an independent partner or external party review relevant areas of the audit.
• Disclose the nature of non-audit services and related fees to those charged with governance (e.g., the audit committee), and, where required, seek approval.
• Rotate key audit personnel or restrict their involvement in non-audit activities.
• Decline or withdraw from the non-audit assignment where threats cannot be sufficiently mitigated.

Not all safeguards are permitted for all clients. For listed or public interest clients, some services are prohibited outright due to the high risk of independence impairment.

Key Term: audit committee
A sub-committee of the board of directors, composed mainly of independent non-executive directors, which oversees financial reporting and audit matters, including approval of non-audit services.

Documentation Requirements

Comprehensive documentation is critical. The auditor must record:

• The nature of non-audit services proposed.
• Threats identified and their significance.
• Safeguards applied and their effectiveness.
• The rationale for concluding that threats have been reduced to an acceptable level, or the decision to decline or withdraw from non-audit services.
• Consents or approvals obtained, especially from the audit committee.

Good records ensure transparency, support ethical compliance, and provide evidence in regulatory reviews.

Worked Example 1.2

A firm decides to assist with drafting a client's accounting policies note for the annual report, which is also subject to their audit. What must the auditor document?

Answer:
The auditor should document the nature and extent of work, the self-review threat, all safeguards (e.g., separate engagement teams, review of the notes by an external partner), the assessment of effectiveness, discussion with those charged with governance, and final approval or rejection of the service.

Exam Warning

Failure to document the assessment of threats and safeguards—even where you believe threats have been reduced to an acceptable level—can result in regulatory breaches. Documentation is required even if the client or audit area is considered low risk.

Communicating with Those Charged with Governance

For many services, particularly for listed entities, the auditor must communicate with the audit committee about:

• The nature and extent of non-audit services performed or proposed.
• Fees for non-audit services relative to audit fees.
• Evaluation of independence and effectiveness of safeguards.

Written communication enhances transparency and enables the audit committee to make informed decisions about auditor independence.

Revision Tip

Use checklists to make sure you document all relevant steps: threats, safeguards, effectiveness, and communication. Concise notes are acceptable if all required information is included.

Summary

Non-audit services create potential threats to independence. ACCA’s Code of Ethics and Conduct, as well as relevant auditing standards, require that these threats are identified, suitable safeguards are applied, and all decisions are thoroughly documented. Documentation covers the assessment of threats, the effectiveness of safeguards, communications with those charged with governance, and final conclusions on service provision.

Key Point Checklist

This article has covered the following key knowledge points:

• Define non-audit services and ethical threats, and explain the main threat types.
• Recognise the importance of identifying and evaluating threats to independence.
• Summarise safeguards that should be put in place for various non-audit services.
• Explain documentation requirements for threats, safeguards, and communications.
• Describe the need for clear records and transparency with those charged with governance.
• Apply these principles to scenario-based questions, supporting conclusions with evidence.

Key Terms and Concepts

• non-audit services
• ethical threats
• safeguards
• documentation
• audit committee