GAO-03-673G Government Auditing Standards > Chapter 3 General Standards > Independence
In all matters relating to the audit work, the audit organization and the individual auditor, whether government or public, should be free both in fact and appearance from personal, external, and organizational impairments to independence.
3.04 Auditors and audit organizations have a responsibility to maintain independence so that opinions, conclusions, judgments, and recommendations will be impartial and will be viewed as impartial by knowledgeable third parties. Auditors should avoid situations that could lead reasonable third parties with knowledge of the relevant facts and circumstances to conclude that the auditors are not able to maintain independence and, thus, are not capable of exercising objective and impartial judgment on all issues associated with conducting and reporting on the work.
3.05 Auditors need to consider three general classes of impairments to independence--personal, external, and organizational. 1 If one or more of these impairments affects an individual auditor’s capability to perform the work and report results impartially, that auditor should either decline to perform the work, or in those situations in which the government auditor, because of a legislative requirement or for other reasons, cannot decline to perform the work, the impairment or impairments should be reported in the scope section of the audit report.
3.06 In using the work of a specialist,2 auditors need to consider the specialist as a member of the audit team and, accordingly, assess the specialist’s ability to perform the work and report results impartially. In conducting this assessment, auditors should provide the specialist with the GAGAS independence requirements and obtain representations from the specialist regarding the specialist’s independence from the activity or program under audit. If the specialist has an impairment to independence, auditors should not use the work of that specialist.
3.07 The audit organization should have an internal quality control system to help determine whether auditors have any personal impairments to independence that could affect their impartiality or the appearance of impartiality. The audit organization needs to be alert for personal impairments to independence of its staff members. Personal impairments of staff members result from relationships and beliefs that might cause auditors to limit the extent of the inquiry, limit disclosure, or weaken or slant audit findings in any way. Auditors are responsible for notifying the appropriate officials within their audit organizations if they have any personal impairments to independence. Examples of personal impairments of individual auditors include, but are not limited to, the following:
a. immediate family or close family member3 who is a director or officer of the audited entity, or as an employee of the audited entity, is in a position to exert direct and significant influence over the entity or the program under audit;
b. financial interest that is direct, or is significant/material though indirect, in the audited entity or program; 4
c. responsibility for managing an entity or decision making that could affect operations of the entity or program being audited; for example as a director, officer, or other senior position of the entity, activity, or program being audited, or as a member of management in any decision making, supervisory, or ongoing monitoring function for the entity, activity, or program under audit; 5 , 6
d. concurrent or subsequent performance of an audit by the same individual who maintained the official accounting records when such services involved preparing source documents or originating data, in electronic or other form; posting transactions (whether coded by management or not coded); authorizing, executing, or consummating transactions (for example, approving invoices, payrolls, claims, or other payments of the entity or program being audited); maintaining an entity’s bank account or otherwise having custody of the audited entity’s funds; or otherwise exercising authority on behalf of the entity, or having authority to do so; 7
f. biases, including those induced by political, ideological, or social convictions, that result from employment in, or loyalty to, a particular type of policy, group, organization, or level of government; and
3.08 Audit organizations and auditors may encounter many different circumstances or combination of circumstances that could create a personal impairment. Therefore, it is impossible to identify every situation that could result in a personal impairment. Accordingly, audit organizations should include as part of their internal quality control system requirements to identify personal impairments and assure compliance with GAGAS independence requirements. At a minimum, audit organizations should
a. establish policies and procedures that will enable the identification of personal impairments to independence, including whether performing nonaudit services affects the subject matter of audits and applying safeguards to appropriately reduce that risk (See paragraphs 3.10 through 3.18.);
b. communicate the audit organization’s policies and procedures to all auditors in the organization and assure understanding of requirements through training or other means such as auditors periodically acknowledging their understanding;
3.09 When the audit organization identifies a personal impairment to independence, the impairment needs to be resolved in a timely manner. In situations in which the personal impairment is applicable only to an individual auditor on a particular assignment, the audit organization may be able to mitigate the personal impairment by requiring the auditor to eliminate the personal impairment. For example, the auditor could sell a financial interest that created the personal impairment, or the audit organization could remove that auditor from any work on that audit assignment. 8 If the personal impairment cannot be mitigated through these means, the audit organization should withdraw from the audit. In situations in which government auditors cannot withdraw from the audit, they should follow the requirement in paragraph 3.05.
3.10 Audit organizations that provide other professional services (nonaudit services) should consider whether providing these services creates a personal impairment either in fact or appearance that adversely affects their independence for conducting audits. 9
3.11 Nonaudit services generally differ from financial audits, attestation engagements, and performance audits described in chapter 2 in that auditors may (1) perform tasks requested by management that directly support the entity’s operations, such as developing or implementing accounting systems; determining account balances;10 developing internal control systems; establishing capitalization criteria; processing payroll; posting transactions; evaluating assets; designing or implementing information technology or other systems; or performing actuarial studies, or (2) provide information or data to a requesting party without providing verification, analysis, or evaluation of the information or data, circumstances in which the work does not usually provide a basis for conclusions, recommendations, or opinions on the information or data. These other services may or may not result in a report. In the case of nongovernment auditors who perform audits of government entities under GAGAS, the term “nonaudit services” is synonymous with consulting services.
3.12 Audit organizations have the capability of performing a range of services for their clients. However, in certain circumstances, it is not appropriate for the audit organization to perform both audit and certain nonaudit services for the same client. In these circumstances, auditors and/or the audited entity will have to make a choice as to which of these services the audit organization will provide. GAGAS recognize that nonaudit services are provided by audit organizations and that care needs to be taken to avoid situations that can impair auditor independence, either in fact or appearance, when performing financial audits, attestation engagements, or performance audits in accordance with GAGAS.
3.13 Before an audit organization agrees to perform nonaudit services, it should carefully consider the requirements of paragraph 3.04 that auditors should avoid situations that could lead reasonable third parties with knowledge of the relevant facts and circumstances to conclude that auditors are not able to maintain independence in conducting audits. In conducting the assessment, the audit organization should apply two overarching principles: (1) audit organizations should not provide nonaudit services that involve performing management functions or making management decisions and (2) audit organizations should not audit their own work or provide nonaudit services in situations where the nonaudit services are significant/material to the subject matter of audits. If the audit organization makes the determination that the nonaudit service does not violate these principles, it should comply with all the safeguards stated in paragraph 3.17.
3.14 Audit organizations should not perform management functions or make management decisions. Performing management functions or making management decisions creates a situation that impairs the audit organization’s independence, both in fact and in appearance, to perform audits of that subject matter and may affect the audit organization’s independence to conduct audits of related subject matter. For example, auditors should not serve as members of an entity’s management committee or board of directors, make policy decisions that affect future direction and operation of an entity’s programs, supervise entity
employees, develop programmatic policy, authorize an entity’s transactions, or maintain custody of an entity’s assets. 11
3.15 Auditors may participate on committees or task forces in a purely advisory capacity to advise entity management on issues related to the knowledge and skills of the auditors without impairing their independence. However, auditors should not make management decisions or perform management functions. For example, auditors can provide routine advice to the audited entity and management to assist them in activities such as establishing internal controls or implementing audit recommendations and can answer technical questions and/or provide training. The decision to follow the auditors’ advice remains with management of the audited entity. These types of interactions are normal between auditors and officials of the audited entity given the auditors’ technical expertise and the knowledge auditors gain of the audited entity’s operations. Auditors may also provide tools and methodologies, such as best practice guides, benchmarking studies, and internal control assessment methodologies that can be used by management. By their very nature, these are routine activities that would not require the audit organization to apply the safeguards described in paragraph 3.17.
3.16 Audit organizations should not audit their own work or provide nonaudit services if the services are significant/material to the subject matter of the audits. In considering whether the nonaudit service can have a significant or material affect on the subject matter of the audits, audit organizations should consider (1) ongoing audits; (2) planned audits; (3) requirements and commitments for providing audits, which includes laws, regulations, rules, contracts, and other agreements; and (4) policies placing responsibilities on the audit organization for providing audit services. Government auditors generally have broad audit responsibilities that may extend to a level of government or a particular entity within a level of government. Given their broad area of audit responsibility, government auditors need to be especially careful in providing nonaudit services to the entity so that their independence is not impaired for fulfilling their full range of audit responsibilities. Nongovernment audit organizations may provide audit and nonaudit services (commonly referred to as consulting) under contractual commitments to an entity and need to consider whether nonaudit services they have provided or are committed to provide have a significant or material effect on the subject matter of the audits.
3.17 Audit organizations may perform nonaudit services that do not violate the principles stated in paragraph 3.13 only if the audit organization and the audited entity comply with the following safeguards. These safeguards would not apply in connection with the type of routine activities described in paragraph 3.15. The intent in this paragraph is not for the audit organization to apply these safeguards to every interaction it has with management.
a. The audit organization should document its consideration of the nonaudit services as discussed in paragraph 3.13, including documentation for its rationale that providing the nonaudit services does not violate the two overarching principles.
b. Before performing nonaudit services, the audit organization should establish and document an understanding with the audited entity regarding the objectives, scope of work, and product or deliverables of the nonaudit service. The audit organization should also establish and document an understanding with management that (1) management is responsible for the substantive outcomes of the work and, therefore, has a responsibility to be in a position in fact and appearance to make an informed judgment on the results of the nonaudit service and (2) the audited entity complies with the following:
c. The audit organization should preclude personnel who provided the nonaudit services from planning, conducting, or reviewing audit work of subject matter involving the nonaudit service under the overarching principle that auditors cannot audit their own work. 12
e. The audit organization’s quality control systems for compliance with independence requirements should include: (1) policies and procedures to assure consideration of the effect on the ongoing, planned, and future audits when deciding whether to provide nonaudit services, and (2) a requirement to have the understanding with management of the audited entity documented. The understanding should be communicated to management in writing and can be included in the engagement letter. In addition, the documentation should specifically identify management’s compliance with the elements discussed in paragraph 3.17b, including evidence of the management-level individual responsible for overseeing the nonaudit service’s qualifications to conduct the required oversight and that the tasks required of management were performed.
f. By their nature, certain nonaudit services impair the audit organization’s ability to meet either or both of the overarching principles in paragraph 3.13 for certain types of audit work. In these cases, the audit organization should communicate to management of the audited entity that the audit organization will not be able to perform subsequent audit work related to the subject matter of the nonaudit service. It should be clear to management up front that the audit organization would be in violation of the independence standard if it were to perform such audit work and that another audit organization that meets the independence standard will have to be engaged to perform the audit. For example, if the audit organization has been responsible for designing, developing, and/or installing the entity’s accounting system or is operating the system and then performs a financial statement audit of the entity, the audit organization would clearly be in violation of the two overarching principles of the GAGAS independence standard discussed in paragraph 3.13. Likewise, if the audit organization developed an entity’s performance measurement system, the audit organization would not be deemed independent in conducting a performance audit to evaluate whether the system was adequate. In both of these examples, the audit organization could decide to perform the nonaudit service but would then not be independent under GAGAS with regard to the subsequent audit because it would be in violation of one or both of the two overarching principles. It becomes a matter of choice for the audit organization and the audited entity. But the audit organization cannot maintain independence under GAGAS while providing both the nonaudit service and performing the audit if either of the two overarching principles would be violated.
g. For individual audits selected for inspection during a peer review, all related nonaudit services should be disclosed to the audit organization’s peer reviewer, and the audit documentation required by paragraphs 3.17a through 3.17e should be made available for inclusion in the audit organization’s peer review.
3.18 Audit organizations and auditors may encounter many different circumstances or combinations of circumstances; therefore, it is impossible to define every situation that could result in an impairment, as discussed in paragraph 3.12. The following are examples of nonaudit services performed by an audit organization that typically would not create an impairment to the audit organization’s independence as long as
(1) auditors avoid situations that would conflict with the two overarching principles listed in paragraph 3.13 and (2) the audit organization complies with the safeguards in paragraph 3.17:
a. Providing basic accounting assistance limited to services such as preparing draft financial statements that are based on management’s chart of accounts and trial balance and any adjusting, correcting, and closing entries that have been approved by management; preparing draft notes to the financial statements based on information determined and approved by management; preparing a trial balance based on management’s chart of accounts; maintaining depreciation schedules for which management has determined the method of depreciation, rate of depreciation, and salvage value of the asset. 13 The audit organization, however, cannot maintain or prepare the audited entity’s basic accounting records or maintain or take responsibility for basic financial or other records that the audit organization will audit. 14 As part of this prohibition, auditors should not post transactions (whether coded or not coded) to the entity’s financial records or to other records that subsequently provide data to the entity’s financial records.
b. Providing payroll services limited to services such as computing pay amounts for the entity’s employees based on entity-maintained and approved time records, salaries or pay rates, and deductions from pay; generating unsigned payroll checks; transmitting client-approved payroll data to a financial institution provided management has approved the transmission and limited the financial institution to making payments only to previously approved individuals. In cases in which the audit organization was processing the entity’s entire payroll and payroll was a material amount to the subject matter of the audit, this would be a violation of one of the overarching principles in paragraph 3.13, and auditors would not be deemed independent under GAGAS.
c. Providing appraisal or valuation services limited to services such as reviewing the work of the entity or a specialist employed by the entity where the entity or specialist provides the primary evidence for the balances recorded in financial statements or other information that will be audited; valuing an entity’s pension, other post-employment benefit, or similar liabilities provided management has determined and taken responsibility for all significant assumptions and data.
d. Preparing an entity’s indirect cost proposal 15 or cost allocation plan provided management assumes responsibility for all significant assumptions and data.
e. Providing advisory services on information technology limited to services such as advising on system design, system installation, and system security if management, in addition to the safeguards in paragraph 3.17, acknowledges responsibility for the design, installation, and internal control over the entity’s system and does not rely on the auditors’ work as the primary basis for determining (1) whether to implement a new system, (2) the adequacy of the new system design, (3) the adequacy of major design changes to an existing system, and (4) the adequacy of the system to comply with regulatory or other requirements. However, the audit organization should not operate or supervise the operation of the entity’s information technology system.
f. Providing human resource services to assist management in its evaluation of potential candidates when the services are limited to activities such as serving on an evaluation panel to review applications or interviewing candidates to provide input to management in arriving at a listing of best qualified applicants to be provided to management. The auditors should not recommend a single individual for a specific position, nor should the auditors conduct an executive search or a recruiting program for the audited entity.
3.19 Factors external to the audit organization may restrict the work or interfere with auditors’ ability to form independent and objective opinions and conclusions. External impairments to independence occur when auditors are deterred from acting objectively and exercising professional skepticism by pressures, actual or perceived, from management and employees of the audited entity or oversight organizations. For example, under the following conditions, auditors may not have complete freedom to make an independent and objective judgment and an audit may be adversely affected:
a. external interference or influence that could improperly or imprudently limit or modify the scope of an audit or threaten to do so, including pressure to reduce inappropriately the extent of work performed in order to reduce costs or fees;
3.20 An audit organization’s internal quality control system for compliance with GAGAS independence requirements, as stated in paragraph 3.08, should include internal policies and procedures for reporting and resolving external impairments.
3.21 In addition to the preceding paragraphs that address personal and external impairments, a government audit organization’s ability to perform the work and report the results impartially can be affected by its place within government and the structure of the government entity that the audit organization is assigned to audit. Whether performing work to report externally to third parties outside the audited entity or internally to top management within the audited entity, audit organizations need to be free from organizational impairments to independence.
3.22 Government auditors can be presumed to be free from organizational impairments to independence when reporting externally to third parties if their audit organization is organizationally independent from the audited entity. Government audit organizations can meet the requirement for organizational independence in a number of ways.
3.24 Second, a government audit organization may also be presumed to be free from organizational impairments for external reporting if the audit organization’s head meets any of the following criteria:
c. appointed by someone other than a legislative body, so long as the appointment is confirmed by a legislative body and removal from the position is subject to oversight or approval by a legislative body, 16 and reports the results of audits to and is accountable to a legislative body; or
d. appointed by, accountable to, reports to, and can only be removed by a statutorily created governing body, the majority of whose members are independently elected or appointed and come from outside the organization being audited.
3.25 In addition to the presumptive criteria in paragraphs 3.23 and 3.24, GAGAS recognize that there may be other organizational structures under which a government audit organization could be considered to be free from organizational impairments and thereby be considered organizationally independent for reporting externally. These other structures should provide sufficient safeguards to prevent the audited entity from interfering with the audit organization’s ability to perform the work and report the results impartially. For an audit organization to be considered free from organizational impairments for reporting externally under a structure different from the ones listed in paragraphs 3.23 and 3.24, the audit organization should have all of the following safeguards:
b. statutory protections that require that if the head of the audit organization is removed from office, the head of the agency should report this fact and the reasons for the removal to the legislative body;
d. statutory protections that prevent the audited entity from interfering with the reporting on any audit, including the findings, conclusions, and recommendations, or the manner, means, or timing of the audit organization’s reports;
g. statutory access to records and documents that relate to the agency, program, or function being audited. 17
3.26 If the head of the audit organization concludes that the organization meets all the safeguards listed in paragraph 3.25, the audit organization should be considered free from organizational impairments to independence when reporting the results of its audits externally to third parties. The audit organization should document the statutory provisions in place that allow it to meet these safeguards. Those provisions should be reviewed during an external peer review to ensure that all the necessary safeguards have been met.
3.27 Certain federal, state, or local government audit organizations or audit organizations within other government entities, such as public colleges, universities, and hospitals, employ auditors to work for management of the audited entities. These auditors may be subject to administrative direction from persons involved in the government management process. Such audit organizations are internal audit organizations. A government internal audit organization can be presumed to be free from organizational impairments to independence when reporting internally to management if the head of the audit organization meets all of the following criteria:
3.28 If the conditions of paragraph 3.27 are met, the audit organization should be considered free of organizational impairments to independence to audit internally and report objectively to the entity’s management. Further distribution of reports outside the organization should only be made in accordance with applicable law, rule, regulation, or policy. In these situations, the fact that the auditors are auditing in their employing organizations should be clearly reflected in the auditors’ reports.
3.29 Auditors need to be sufficiently removed from political pressures to ensure that they can conduct their audits objectively and report their findings, opinions, and conclusions objectively without fear of political repercussions. Whenever feasible, auditors within internal audit organizations should be under a personnel system in which compensation, training, job tenure, and advancement are based on merit.
3.31 When internal audit organizations that are free of organizational impairments to independence, under the criteria in paragraph 3.27, perform audits external to the government entities to which they are directly assigned, such as auditing contractors or outside party agreements, and no personal or external impairments exist, they may be considered independent of the audited entities and free to report objectively to the heads or deputy heads of the government entities to which they are assigned and to parties outside the organizations in accordance with applicable law, rule, regulation, or policy.
3.32 The audit organization should document the conditions that allow it to be considered free of organizational impairments to independence to report internally. Those conditions should be reviewed during the peer review to ensure that all the necessary safeguards have been met.
1Nongovernment auditors should also follow the AICPA code of professional conduct and the code of professional conduct of the state board with jurisdiction over the practice of the public accountant and the audit organization. All auditors should also be aware of and comply with any applicable government ethics laws and regulations and any other ethics requirements (such as those of the state boards of accountancy) associated with their activities.
2Specialists to whom this section applies include, but are not limited to, actuaries, appraisers, attorneys, engineers, environmental consultants, medical professionals, statisticians, and geologists. This section applies to external consultants and firms performing work for the audit organization.
3Immediate family member is a spouse, spouse equivalent, or dependent (whether or not related). A close family member is a parent, sibling, or nondependent child.
4Auditors are not precluded from auditing pension plans that they participate in if (1) the auditor has no control over the investment strategy, benefits, or other management issues associated with the pension plan and (2) the auditor belongs to such pension plan as part of his/her employment with the audit organization, provided that the plan is normally offered to all employees in equivalent employment positions.
5If the auditor has performed nonaudit services for a client that affect information that is the subject of the audit, and management is unable or unwilling to take responsibility for this information, the risk that the auditor may be perceived to have a personal impairment to independence is increased. See paragraphs 3.10 through 3.18 for additional guidance on impairments to independence associated with the scope of services that may be provided by audit organizations to entities they audit.
6The auditor needs to be free from this personal impairment for the period covered by the activity under audit, including any financial statements being audited, and for the period in which the audit is being performed and reported.
7See footnote 21.
8Auditors participating in the audit assignment need to be free from personal impairments. This includes those who review the work or the report, and all others within the audit organization who can directly influence the outcome of the audit.
9GAO has issued further guidance in the form of questions and answers to assist in implementation of the standards associated with nonaudit services. This guidance, Answers to Independence Standard Questions, can be found on GAO’s Government Auditing Standards Web page (/govaud/ybk01.htm).
10The determination of account balances is used by management to prepare financial statements, such as determining for management the balance of accounts receivable or accounts payable or the value of inventory as of a specific date.
11Entity assets are intended to include all of the entity’s property including bank accounts, investment accounts, inventories, equipment or other assets owned, leased, or otherwise in the entity’s possession, and financial records, both paper and electronic.
12Personnel who provided the nonaudit service are permitted to convey to the audit assignment team the knowledge gained about the audited entity and its operations.
13If the audit organization has prepared draft financial statements and notes and performed the financial statement audit, management should acknowledge the audit organization’s role in preparing the financial statements and related notes and management’s review, approval, and responsibility for the financial statements and related notes in the management representation letter. Likewise, if the audit organization converts cash-based financial statements to accrual-based financial statements, management should also acknowledge the audit organization’s role in reflecting accruals and management’s review, approval, and responsibility for the accrual adjustments in the management representation letter. A management representation letter is required by generally accepted auditing standards (GAAS) and GAGAS.
14Proposing adjusting and correcting entries that are identified during the audit is a routine byproduct of audit services that is always permissible so long as management makes the decision to accept the entries.
15The Office of Management and Budget prohibits an auditor who prepared the entity’s indirect cost proposal from conducting the required audit when indirect costs recovered by the entity during the prior year exceeded $1 million under OMB Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations, Subpart C.305(b), revised June 24, 1997.
16Legislative bodies may exercise their confirmation powers through a variety of means as long as they are involved in the approval of the individual to head the audit organization. This involvement can be demonstrated by approving the individual after the appointment or by initially selecting or nominating an individual or individuals for appointment by the appropriate authority.
17Statutory authority to issue a subpoena to obtain the needed records is one way to meet the requirement for statutory access to records.