Does Your Auditor Host Your Data? It Might Impair Independence.
This fall, new rules will go into effect that impact the services auditing firms can provide to businesses. Taking a look at your company’s audit provider now will give you time to comply with these additions before next year’s audit begins.
What are the rules?
There are several organizations with rules on independence: the AICPA, the Securities and Exchange Commission, and even the U.S. Department of Labor have written guidance for their auditors.
Beyond being a legal requirement, investors and lenders rely on an audit firm’s independence. Without independence, auditors cannot be trusted for unbiased opinions on the presentation of a company’s financial results.
AICPA has specific guidelines on what auditing firms can and can’t do in order to maintain independence from the companies they audit. Auditors must differentiate themselves from management, and cannot do any tasks that would normally fall under the role of management to complete. Auditors can’t form any relationships with clients that might compromise objectivity, require them to audit their own work, or result in self-dealing, a conflict of interest, or advocacy.
Accountants take the independence rules very seriously as violating them risks ruining the credibility of a client’s financial statements.
It is becoming increasingly common for businesses to host their company’s data with their audit firm. This change has brought about additions to the AICPA’s independence rules. Starting September 1, 2018, auditors will be unable to perform any of the following services to their audit clients:
- Serve as the sole host of a client’s financial or nonfinancial records.
- Function as the primary custodian of a client’s data, meaning that a company must access the data in the CPA’s possession to possess a complete set of records.
- Provide business continuity and disaster recovery support services.
These new policies adopt a narrow application of the term hosting services. They state that hosting services consist of the audit firm accepting responsibility for maintaining internal control over data an audit client uses to run the business. This does not include all custody or control of the client’s records. Compromising auditor independence means accepting responsibility to perform a management function within the business.
We can help
If your audit firm is handling your companies data, you may want to make a change. If you would like help evaluating whether your business complies with independence rules, or help finding an alternate provider contact us at 949-860-9902 or click here and we will contact you.