Posted by Maria T. Hurd, CPA, RPA
What Auditors Don’t Do
In our previous blog, Testing the work of a specialist in a retirement plan audit: how much expertise does the financial statement auditor need?, I explained that auditors cannot be expected to perform or completely re-perform the duties of other professionals, like the actuary, ERISA attorney, third-party administrator, and investment advisor as part of the audit. To keep the theme going, this blog will discuss the auditor’s inability to perform management functions for the entities they audit. When auditors assume management responsibilities, their independence is impaired. To be objective, auditors must be independent of their clients.
How Much Can the Auditors Do for the Client and Remain Independent?
Nonattest services are tasks performed by an auditor for its client outside the scope of an attest engagement, meaning an audit. Financial statement preparation and cash-to-accrual conversions performed by an auditor for a client are considered nonattest services, regardless of whether the services are performed as part of the audit. Other common examples of nonattest services we perform for qualified plans that we audit include preparation of reconciliations (trust statements to payroll and/or recordkeeper statements), preparation of Form 5500, 990s, or other tax returns, valuation and disclosure of investments including methodology and leveling, and proposing journal entries affecting the financial statements, among others.
Auditors are permitted to assist qualified plan clients through nonattest services, such as financial statement preparation, if certain requirements of the AICPA Ethics rules are satisfied, as follows:
- Before performing nonattest services, the auditor should determine that the client has agreed to:
- assume all management responsibilities
- oversee the service, by designating an individual, preferably within senior management, who possesses suitable skill, knowledge, and/or experience. The auditor should assess and be satisfied that such individual understands the services to be performed sufficiently to oversee them. However, the individual is not required to possess the expertise to perform or re-perform the services.
- evaluate the adequacy and results of the services performed.
- accept responsibility for the results of the services.
- The auditor does not assume management responsibilities when providing nonattest services and the auditor is satisfied that the client and its management will:
- be able to meet all of the criteria delineated in item a;
- make an informed judgment on the results of the auditor’s nonattest services; and
- accept responsibility for making the significant judgments and decisions that are the proper responsibility of management
If the client is unable or unwilling to assume these responsibilities (for example, the client cannot oversee the nonattest services provided or is unwilling to carry out such responsibilities due to lack of time or desire), the auditor’s performance of nonattest services would impair independence.
- Before performing nonattest services the auditor establishes and documents in writing his or her understanding with the client (board of directors, audit committee, or management, as appropriate in the circumstances) regarding
- objectives of the engagement,
- services to be performed,
- client’s acceptance of its responsibilities,
- auditor’s responsibilities, and
- any limitations of the engagement
Auditors performing nonattest services for employee benefit plan audit clients should document their assessment of whether the nonattest services impair their independence and establish a written understanding with the client through the engagement letter and again through the management representation letter.
If management refuses to take responsibility for the financial statements, independence is impaired. We cannot take responsibility for the creation of a product that we are engaged to audit, because we would be auditing ourselves. That’s why the list of prohibited nonattest services includes accepting responsibility for the preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework.
In the end, auditors cannot be expected to perform in the capacity of actuaries, ERISA attorneys, third-party administrators, investment advisors, or management, because we can only be expected to be auditors, testing on a sample basis, whether the financial statements appear to be free of material misstatement. Although it sounds too easy, the sophistication of the complex rules and regulations for plan sponsors often results in the plan sponsor making small mistakes that must be corrected. Auditors often assist clients with computations needed to take corrective action when mistakes occur, as a nonattest service for which the client takes responsibility. In fact, it is through nonattest services that auditors add value for our clients and collaborate with other service providers to make strides in creating a path for retirement success through compliance with such intricate rules.
Like the most recognized of all the draft horses, the Budweiser Clydesdales, when service providers and the clients understand their roles and responsibilities, they can collaborate to move forward while staying in their own track, in unison but independently, each one taking responsibility for its own job, creating an impressive and magnificent smooth ride that paves the way to compliance and ultimately, retirement readiness for all.