Attest services rendered to not-for-profit (NFP) entities provide assurance to stakeholders as to the quality of the financial condition, results of operations, and internal controls of the NFP. These assurances are important to the public interest for numerous reasons, including the fact that NFPs often receive contributions from the general public, as well as grants and contracts from other NFPs and government entities. NFPs also represent an important market segment for public accounting firms; many NFPs traditionally have a fiscal year-end that falls outside the profession’s traditional busy season. This results in CPA firms being able to schedule the audit work for NFPs in less busy periods, save on overtime costs, and fill their staff schedules with productive work in otherwise slower periods. Notwithstanding this helpful intersection of supply and demand, audits of NFPs can often present some unique—and frequently opaque—independence issues. This article discusses the authoritative guidance on independence, as well as many of the independence issues that may be encountered by CPAs who audit NFPs. It makes a number of observations that may be helpful to CPAs in addressing a potential independence issue before it develops into a problem.
The AICPA Code of Professional Conduct sets forth the “Independence Rule,” which requires CPAs and their firms to be independent in the performance of audit engagements (section 1.200.001). The code provides CPAs with guidance when concerns over independence arise. Independence issues come in two categories: independence in fact and independence in appearance.
Independence-in-fact issues arise when auditors have a direct financial relationship with the auditee. Auditors of NFP entities could have independence-in-fact issues arising over unpaid invoices for previously rendered services or, more remotely, loans made to the audit client. These types of relationships, by definition, violate the independence rules and leave the auditor unable to serve the NFP entity in an audit capacity.
Independence-in-appearance issues are more difficult to identify, measure, and resolve. They are seemingly more common in the audits of NFP entities due, in part, to the nature of some of the business practices of NFPs in comparison to those of for-profit entities. Examples of circumstances that may create the appearance of insufficient independence, with respect to an NFP organization, include the following:
- Donations: The CPA firm or its members make contributions in support of the organization’s mission.
- Memberships: The CPA firm or its members belong to the organization and pay a membership fee.
- Sponsorships: The CPA firm supports the mission by being a sponsor at a fund-raising event.
- Volunteerism: Members of the CPA firm help the organization by donating their time and rendering uncompen-sated services.
- Reduced-fee, below-market-rate-fee, or no-fee audit: The CPA firm provides the attest services for either a reduced fee, a below-market-rate fee, or no fee at all.
- Marketing: The CPA firm places advertisements in the organization’s newsletters, magazines, and programs.
- Purchases: Members of the CPA firm support the organization’s fund-raising efforts by purchasing products or services.
- Relationships with members of the board of directors: Members of the CPA firm have other business relationships with members of the NFP organization’s board.
- Relationships with employees of the NFP: Spouses, significant others, and other close relatives or friends of members of the CPA firm may be employed at the NFP.
- Working at or attending fund-raisers: Members of the CPA firm work or attend special events and other fund-raising activities, to show support for the organization’s mission.
Some of these circumstances appear to be insignificant individually (e.g., raffle tickets, contributions of a small dollar amount, insubstantial volunteerism, low-profile work at a fund-raiser), but could collectively become problematic. Other items (e.g., material contributions, voting memberships, expensive lead sponsorships, below-market or no-fee audits) concerning relationships with board members or employees are problematic on their own merit.
Addressing Independence Concerns
When an auditor identifies a potential independence risk, the code provides a process for how the threat should be addressed and possibly mitigated. Specific interpretations of the Independence Rule are provided in the AICPA Code of Professional Conduct in sections 1.220 through 1.298, giving examples of issues and threats, and their possible impact on the determination of independence. Examples include the following:
- Section 1.275.010, Honorary Director of a Not-for-Profit Organization: If the auditor’s position is clearly honorary, the position is in name only, and the individual cannot vote, the threat is deemed to be at an acceptable level.
- Section 1.280.010, Member of a Social Club: This threat is deemed to be at an acceptable level if the membership is essentially of a social nature (regardless of the presence of pro rata “equity” or debt securities, as these are not seen as a direct financial interest).
- Section 1.280.020, Member of a Trade Association: If the auditor is a member of a trade association, the management participation threat and self-review threat may exist, and corresponding safeguards must be documented.
- Section 1.285.010, Offering or Accepting Gifts or Entertain ment: This section addresses the issue of an NFP auditor considering performing an audit engagement for a materially reduced fee or no fee at all. Paragraph .04 states that by offering gifts that are not reasonable in the circumstances, the threat to the auditor’s compliance with the “Independence Rule” would not be at an acceptable level and could not be reduced to an acceptable level by the application of safeguards. Accordingly, independence would be impaired.
Absent a specific independence interpretation that addresses a particular circumstance or relationship, auditors must apply the Conceptual Framework for Independence and Ethical Conflicts presented in the Code of Professional Conduct (section 1.210.010.01-.02), taking the following steps (section 1.210.010.07-.22):
- Identify threats: The conceptual framework provides seven broad categories summarizing the types of potential threats to independence.
- Evaluate the significance of a threat: An auditor should determine whether the threat to independence is at an acceptable level. An acceptable level means that a reasonable and informed third party who is aware of the relevant information would be expected to conclude that the threat would not impair the auditor’s independence and thus compromise the auditor’s ability to perform the audit.
- Identify and apply safeguards: If, after evaluating the significance of an identified threat, an auditor concludes that the threat is not at an acceptable level, the auditor should apply safeguards to either eliminate the threat or reduce the threat to an acceptable level. In some cases, the auditor may need to apply multiple safeguards to eliminate or reduce the threat. In some circumstances, the identified threat may be so significant that no safeguards will be able to eliminate the risk or reduce the risk to an acceptable level. In this case, the auditor would be forced to decline, discontinue, or withdraw from the audit engagement.
- Document safeguards: Safeguards are actions or other measures that an auditor applies to either eliminate threats or reduce identified threats to an acceptable level. When safeguards are applied in an NFP audit, they must be documented. Failure to prepare the required documentation would be considered a violation of the “Compliance with Standards Rule” (section 1.310.001), rather than the “Independence Rule” (section 1.200.001). Safeguards can be created by the profession, legislation, or regulation (continuing education requirements, threat of discipline, peer review, licensure requirements), by the client (capable management, quality control environment, codes of ethical conduct, the presence of an audit committee), or by the firm (quality control environment, quality monitoring system, commitment to identify threats, partner rotation, commitment to quality continuing professional education, annual independence representations, conversations with audit committees on independence issues, external consultations, client acceptance and continuation policies).
Common Threats to Independence in an NFP Audit
Although NFP accounting standards differ from those applicable to for-profit entities, the general foundation for a quality audit is the same. Avoiding issues that may possibly impair independence starts with an objective and comprehensive client acceptance process. Most proposals emanate from referrals or existing relationships. An auditor who is proposing attest services to an NFP should objectively consider the impact of existing relationships and determine the extent to which stakeholders have expectations that might produce a future threat to auditor independence. This might also be a good time to briefly educate the NFP organization on the Code of Professional Conduct. Auditors also have a regular and recurring opportunity to revisit the assessment of their independence as part of the annual audit planning and preparation process. Before any fieldwork is performed, an auditor should evaluate any threats that could jeopardize auditor independence.
In addition to the nuances in the list of special circumstances previously discussed, the Code of Professional Conduct identifies seven broad types of threats to the auditor independence:
Adverse interest threat.
The crux of this threat is that the auditor will not act objectively because the auditor’s interests are opposed to the client’s interest (i.e., threatened litigation by the client against the auditor). Whether the client is a for-profit entity or an NFP, the impact of an adverse interest threat may not be able to be mitigated.
The concern behind the advocacy threat is that the auditor will promote an attest client’s interest to the point where the auditor’s objectivity is compromised. It is not hard to conceive of a situation where an auditor with a chronically or critically ill family member becomes highly involved in a medical research advocacy or services NFP organization whose mission is to aid individuals afflicted with the same disease. In the case of the well-being of family members, human nature would suggest that objectivity can be impaired. Depending on the circumstances, an auditor who is considering accepting an engagement to perform attest services for such an NFP would need to carefully consider the Independence Rule. The Code of Professional Conduct provides an example of an advocacy threat (section 1.000.010.11e). In addition, certain circumstances or activities appear to assert a belief, support, or commitment to an NFP’s mission or product—donations, memberships, sponsorships, volunteer activities, and below-market or no-fee audits.
This threat targets the concern that a long-standing or close relationship with an attest client can make an auditor too sympathetic to a client’s interest, including the acceptance of work product. It is very common for NFP entities to maintain continuity with their auditor. Because frequent auditor rotation is costly to both the auditor and client, small-to-mediumsized NFPs and audit firms are naturally hesitant to incur these costs. This mutual disadvantage may nurture the possibility of the familiarity threat.
Management participation threat.
In many small NFP audit engagements, it is common for an auditor to provide nonat-test services. For example, material assistance in preparing both the financial statements and Form 990, Return of Organization Exempt from Income Tax, is not uncommon.
This threat identifies the concern that an auditor could benefit financially or otherwise from an interest in or relationship with an NFP attest client. The Code of Professional Conduct gives an example of excessive revenue from a single client being a self-interest threat (section 1.000.010.14d), which may be a particular issue for smaller CPA firms.
This threat highlights the situation where an audit firm has performed prior work or supervised work performed by the NFP, and then relies on that work as part of the attest engagement. Similar to the management participation threat, the performance of bookkeeping services by the auditor of a small NFP audit client is provided as an example of self-review threat in the Code of Professional Conduct (section 1.000.010.15b). In cases where the auditor has prepared source documents used to create the attest client’s financial statements, the code asserts that there is no safeguard that can reduce the threat to an acceptable level.
Undue influence threat.
The Code of Professional Conduct prominently identifies an auditor being threatened with dismissal as an undue influence threat (section 1.000.010.16a). NFP entities commonly expect all vendors to participate in support of their mission via reduced costs. Banks may offer below-market interest rates on loans or lines of credit; other professionals (legal, investment management, actuarial) may offer services at no cost or for a significantly reduced fee. The culture in some NFPs (especially at the board of directors level) often encompasses an expectation of reduced costs. Accordingly, it is not uncommon for an auditor to be treated as any other vendor (especially other professional service providers) and extended a request for reduced fees—or no fees at all—in support of the organization’s mission. It seems fair to say that although many NFPs have finance and audit committees, NFP management and boards are not always well versed on the Code of Professional Conduct and the rules surrounding auditor independence. It can come as a surprise to NFP management and boards that their requests and solicitations could potentially impair auditor independence.
A summary of these threat categories is presented in Exhibit 1.
Common Threats to Auditor Independence for Not-for-Profit Audits
Public Interest Entities and Other High-Level Safeguards in NFP Audits
As discussed above, mitigating safeguards that address auditor independence can be created by the client, regulation, legislation, profession, or audit firm. Examples of safeguards in each of these categories are found in Exhibit 2.
Safeguards to Address Auditor Independence for Not-for-Profit Audits
In addition to structural safeguards, the NFP sector has a builtin safeguard: it is composed of “public interest entities.” The alternative to a public interest entity is one where the ownership interest is closely held. Specifically listed in the Code of Professional Conduct as a safeguard that will enhance effectiveness (section 1.000.010.19i) is the fact that a public interest entity is supported by a wide range of stakeholders in the community. With many interested users of a NFP’s financial information, the implied safeguard is that more parties are capable of recognizing potential concerns with the auditor’s independence. It is also noted that the public interest safeguard is a high-level safeguard that works most effectively when the board of directors of the NFP is competent and engaged.
A final alternative safeguard that could be implemented by the audit firm is the separation of an auditor who has an expressed desire to support the mission of the NFP from the auditor who leads the firm’s audit of the NFP. This safeguard could be weakened, however, if the auditor whose independence is in question is a senior leader of the firm, while the auditor conducting the audit is a younger hire still attempting to establish himself or herself within the firm. Implementing this safeguard is obviously not available in an audit firm with a single owner.
While there is a low probability of independence being impaired as a result of direct financial interest, NFP audit clients present a number of independence risks in appearance, due to the nature of NFP operations and business practices, as well as the auditor’s potential belief in or support of their mission. CPA firms performing attest services need to take special note of these risks, evaluate the risk level, and identify and document compensating safeguards. Given the expansion in the number and size of NFPs and the growth of the sector, the public, government, and regulators expect nothing less of the profession.