2 2 1 Non-Audit Services

Phawyer - Ovcharenkoo

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

10 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Informations

Publié par	Phawyer
Nombre de lectures	20
Langue	English

Extrait

2.2.1 Non-Audit Services 1
Office of the City Auditor
Policies and Procedures
Number: 2.2.1 Title: Non-Audit Services
Original Date: Revision Date: Approved by:
10/11/2010
04/19/2005 03/09/2011 [Kenneth Mory]
I. References:
See Government Auditing Standards (also referred to as the Generally
Accepted Government Auditing Standards, or GAGAS), July 2007 revision,
Chapters 1, 2 and 3, in particular, sections 1.33-1.34, 3.02, 3.20-3.30,
and A3.02-A3.03.
Related OCA policies include OCA Policy 3.8.1, Selecting Special Request
Projects; OCA Policy 3.8.2, Conducting Special Request Projects, and the
policies in Section 4 of the OCA Policy Manual which collectively address
projects of the City Auditor’s Integrity Unit (CAIU).
II. Policy
A. Prior to performing any non-audit service, OCA shall consider
whether the performing the non-audit service under consideration
would create a personal, external or organizational impairment, in
fact or appearance, and proceed accordingly. This will
include the application of two overarching principles as follows:
(GAGAS 3.22)
1. Audit organizations must not provide non-audit services that
involve performing management functions or making
management decisions, and
2. Audit organizations must not audit their own work or provide
non-audit services in situations where the non-audit services
are the type that would create an independence impairment and
are significant or material to the subject matter of audits.
B. If OCA makes the determination that the non-audit service violates
one or both of the overarching principles, then OCA shall decline to
perform the work.
C. If OCA determines that neither overarching principle is violated,
then OCA shall further evaluate the non-audit service under
consideration and shall document the results as appropriate.2 Section 2 Service Plan
D. As described in OCA Policy 1.3, Professional Standards, non-audit
projects undertaken by OCA shall be conducted in accordance with
the GAGAS general standards at a minimum.
III. Purpose
To establish independence guidelines and other requirements for non-
audit services in order to comply with the standards stated in the United
States Government Accountability Office’s Government Auditing
Standards.
IV. Definitions
A. Non-audit services – Professional services provided by auditors or
audit-investigators other than audit services. Examples include
special request projects from City Council members, integrity
investigations, fraud detection projects, control review projects, risk
assessments that do not fully comply with GAGAS, and management
assistance projects. Non-audit services generally fall into three
categories:
1. Services that do not impair independence – generally
referred to as technical advisory services – These are services
in which auditors provide technical advice based on their
technical knowledge and expertise. These services do not
impair auditor independence, unless the extent or nature of the
advice results in the auditors making management decisions or
performing management functions. These services may be
performed without implementing supplemental safeguards.
Examples include:
a. participating in committees or task forces as an expert in a
purely advisory, non-voting capacity;
b. providing tools and methodologies for use by management,
such as guidance on best practices, benchmarking studies,
and internal control assessment methodologies;
c. providing targeted and limited technical advice to assist
management in implementing audit recommendations or
internal controls;
d. providing assistance and technical expertise to legislative
bodies;
e. developing and administering surveys and reporting the
results as an independent third party;
f. providing audit, investigative, and oversight-related services
which could be performed as an audit of the audit
organization chose to do so, such as:
i. performing investigations of alleged fraud, contract
violations, or abuse;
ii. review-level work such as sales tax
reviews to determine whether all taxes due have been
received;
iii. performing follow-up on audit recommendations;
g. See GAGAS 3.26-3.27 and A3.02-A3.03 for other examples.2.2.1 Non-Audit Services 3
2. Services that do not impair independence if supplemental
safeguards are implemented – These are services that may
impair independence unless safeguards are taken to maintain
independence. Examples include
a. providing human resources services to assist management in
its evaluation of potential candidates; and
b. providing advisory services on information technology limited
to services such as advising on system design, system
installation, and system security.
c. See GAGAS 3.28 for other examples.
3. Services that impair independence – These are services that
directly support the entity’s operations and impair the audit
organization’s ability to meet either or both of the overarching
independence principles. Supplemental safeguards will not
overcome independence impairments, and these services shall
be avoided. Examples include
a. maintaining or preparing the audited entity’s basic
accounting records;
b. designing, developing, installing, or operating information
systems that are material or significant to the subject matter
of audits; or
c. developing an entity’s policies, procedures, and internal
controls.
d. See GAGAS 3.29 for other examples.
B. Supplemental safeguards – Steps which must be taken to protect
against impairment in fact or appearance when performing certain
non-audit services other than technical advisory services. Even for
technical advisory services, auditors may elect to apply the
supplemental safeguards, if there is a risk of the appearance of
independence impairment. See specific requirements under
Procedures step B.2.
C. Non-audit project checklist – Internally-generated form containing
selected compliance-related requirements to be completed for each
non-audit project to demonstrate compliance with OCA policies and
procedures, the OCA Quality Control System, and with GAGAS, as
appropriate.4 Section 2 Service Plan
V. Procedures
A. When the City Auditor is considering a non-audit service or project,
the City Auditor shall assign an Assistant City Auditor (ACA) to
evaluate and initiate the engagement.
B. The ACA, with input from the AIC, shall review GAGAS and
determine whether the non-audit service is one which can be
performed without compromising independence by violating either or
both of the overarching principles described above. The AIC shall
document the consideration of performing the non-audit service for
each non-audit service performed, using the Consideration of Non-
Audit Services form (Attachment A), and document the rationale for
the determinations made.
1. If the work would violate one or both of the overarching
principles, then OCA shall decline to perform the work.
2. If the work may impair independence unless safeguards are
taken to maintain independence, the ACA/AIC and OCA
management shall implement supplemental as
follows:
a. The AIC will establish and document an understanding
with management that includes the:
i. Objectives,
ii. Scope of work,
iii. Product or deliverable(s) of the service, and
iv. Management’s responsibility for the subject matter,
outcomes and decision-making associated with the
service. This understanding will be included with the
engagement letter (see the “Management Agreement”
form provided in Attachment B). Note that for advisory
services on information technology, management should
also specifically acknowledge responsibility for the
design, installation, and internal control over the
entity’s system and not rely on the auditors’ work as the
primary basis for determining (1) whether to implement
a new system, (2) the adequacy of the new system
design, (3) the adequacy of major design changes to an
existing system, and (4) the adequacy of the system to
comply with regulatory or other requirements.
b. OCA management will not reduce the scope and extent of
future audit work below the level that would be appropriate
if an unrelated party performed the non-audit work; and
c. OCA management will preclude staff who provide the non-
audit service from planning, conducting, or reviewing audit
work in the subject matter of the non-audit service for at
least two calendar years from the completion of the non-
audit service.2.2.1 Non-Audit Services 5
C. The AIC is responsible for developing a project plan containing the
objectives, applicable standards, description of the work that will be
done, the budgeted hours, and the estimated completion date.
D. The ACA, in consultation with the DCA, is responsible for approving
the project plan, for ensuring that the project and project
documentation meet relevant Government Auditing Standards and
internal OCA standards, and for making this documentation
available to any peer review.
E. The AIC is responsible for tracking the hours of the project to ensure
that it does not exceed the budgeted hours without proper
notification being made.
F. The AIC is responsible for documenting the engagement as required
by this policy and ensuring th