New audit independence guidance becomes effective in January 2022 for U.S. audit firms that provide technology services. A few of the key issues related to this guidance are noted below. Of course, the detailed ACIPA Ethics Interpretation should be reviewed carefully. (Note: the original 2021 implementation date was extended by one year due to COVID-19.)
Hosting and Client Portals
Where the client data resides is a key consideration. Hosting services include keeping an attest clients depreciation records, historical tax returns, etc. In short, the auditor may not serve as the client’s record storage or disaster recovery provider. To maintain independence, complete records must be provided to and maintained by the client. Further, the client’s access to the data and in the auditor’s possession must be terminated after a reasonable period of time.
Commercial Off-the-Shelf Software (COTS)
An auditor may assist with COTS implementation by providing training, advice and other types of services. Creating new code or other steps that alter COTS functionality, writing a custom interface to a COTS, or custom data translation would impair independence. Use of third0party applications for interfaces and data translation allows the possibility of remaining independent.
Other Data Analysis Tools
Dashboards and data analysis applications should be analyzed to determine if they are a financial information system (FIS) or merely a tool. Designing, developing or utilizing a FIS on behalf of a client impairs independence; design, development or use of a tool does not. A tool performs only discrete calculations. A FIS aggregates or generates data that is significant to the financial statements or financial processes.
To maintain independence, it is critical to avoid performing any management functions. The auditor should ensure that the client 1) has the appropriate Skills, Knowledge and Experience, 2) evaluates and accepts responsibility for any inputs and assumptions, and 3) has sufficient information to understand the processes and results.
This ethics interpretation was developed to provide more clarity to independence requirements in response to evolving technology and practice needs. Firms providing auditing services must comply with this guidance in order to maintain independence while providing permissible services to clients. Additional information and clarification can be found in the Frequently Asked Questions: Nonattest Services produced by the AICPA’s Ethics Division.