This conceptual framework describes the risk-based approach to analyzing independence matters that is used by the Professional Ethics Executive Committee (PEEC) of the AICPA when it develops independence standards. Under that approach, a member’s relationship with a client is evaluated to determine whether it poses an unacceptable risk to the member’s independence. Risk is unacceptable if the relationship would compromise (or would be perceived as compromising by an informed third party having knowledge of all relevant information) the member’s professional judgment when rendering an attest service to the client. Key to that evaluation is identifying and assessing the extent to which a threat to the member’s independence exists and, if it does, whether it would be reasonable to expect that the threat would compromise the member’s professional judgment and, if so, whether it can be effectively mitigated or eliminated. Under the risk-based approach, steps are taken to prevent circumstances that threaten independence from compromising the professional judgments required in the performance of an attest engagement.

Professional standards of the AICPA require independence for all attest engagements. The PEEC bases its independence interpretations and rulings under ET section 100 of the AICPA’s Code of Professional Conduct on the concepts in this framework. However, in certain circumstances the PEEC has determined that it is appropriate to prohibit or restrict certain relationships notwithstanding the fact that the risk may be at an acceptable level. For example, the PEEC has determined that a covered member should not own even an immaterial direct financial interest in an attest client.

Because this conceptual framework describes the concepts upon which the AICPA’s independence interpretations and rulings are based, it may assist AICPA members and others in understanding those interpretations and rulings. In addition, this conceptual framework should be used by members when making decisions on independence matters that are not explicitly addressed by the Code of Professional Conduct. Under no circumstances, however, may the framework be used to overcome prohibitions or requirements contained in the independence interpretations and rulings.

The risk-based approach entails evaluating the risk that the member would not be independent or would be perceived by a reasonable and informed third party having knowledge of all relevant information as not being independent. That risk must be reduced to an acceptable level to conclude that a member is independent under the concepts in this framework. Risk is at an acceptable level when threats are at an acceptable level, either because of the types of threats and their potential effect, or because safeguards have sufficiently mitigated or eliminated the threats. Threats are at an acceptable level when it is not reasonable to expect that the threat would compromise professional judgment.

The risk-based approach involves the following steps.

a.    Identifying and evaluating threats to independence—Identify and evaluate threats, both individually and in the aggregate, because threats can have a cumulative effect on a member’s independence. Where threats are identified but, due to the types of threats and their potential effects, such threats are considered to be at an acceptable level (that is, it is not reasonable to expect that the threats would compromise professional judgment), the consideration of safeguards is not required. If identified threats are not considered to be at an acceptable level, safeguards should be considered as described in paragraph .05b.

b.    Determining whether safeguards already eliminate or sufficiently mitigate identified threats and whether threats that have not yet been mitigated can be eliminated or sufficiently mitigated by safeguards—Different safeguards can mitigate or eliminate different types of threats, and one safeguard can mitigate or eliminate several types of threats simultaneously. When threats are sufficiently mitigated by safeguards, the threats’ potential to compromise professional judgment is reduced to an acceptable level. A threat has been sufficiently mitigated by safeguards if, after application of the safeguards, it is not reasonable to expect that the threat would compromise professional judgment. ^{fn 1}

c.    If no safeguards are available to eliminate an unacceptable threat or reduce it to an acceptable level, independence would be considered impaired.

Independence is defined as:

a.    Independence of mind—The state of mind that permits the performance of an attest service without being affected by influences that compromise professional judgment, thereby allowing an individual to act with integrity and exercise objectivity and professional skepticism.

b.    Independence in appearance—The avoidance of circumstances that would cause a reasonable and informed third party, having knowledge of all relevant information, including safeguards ^{fn 2} applied, to reasonably conclude that the integrity, objectivity, or professional skepticism of a firm or a member of the attest engagement team had been compromised.

This definition reflects the longstanding professional requirement that members who provide services to entities for which independence is required be independent both in fact and in appearance. ^{fn 3} The state of mind of a member who is independent “in fact” assists the member in performing an attest engagement in an objective manner. Accordingly, independence of mind reflects the longstanding requirement that members be independent in fact.

This definition is used as part of the risk-based approach to analyze independence. Because the risk-based approach requires judgment, the definition should not be interpreted as an absolute. For example, the phrase “without being affected by influences that compromise professional judgment” is not intended to convey that the member must be free of any and all influences that might compromise objective judgment. Instead, a determination must be made about whether such influences, if present, create an unacceptable risk that a member would not act with integrity and exercise objectivity and professional skepticism in the conduct of a particular engagement, or would be perceived as not being able to do so by a reasonable and informed third party that has knowledge of all relevant information.

Impair—For purposes of this framework, impair means to effectively extinguish (independence). When a member’s independence is impaired, the member is not independent.

Threats—Threats to independence are circumstances that could impair independence. Whether independence is impaired depends on the nature of the threat, whether it would be reasonable to expect that the threat would compromise the member’s professional judgment and, if so, the specific safeguards applied to reduce or eliminate the threat, and the effectiveness of those safeguards as described in paragraph .21.

Threats might not involve violations of existing interpretations or rulings. For example, the circumstance described in paragraph .18b of this framework is permissible in limited instances under current AICPA independence interpretations and rulings.

Many different circumstances (or combinations of circumstances) can create threats to independence. It is impossible to identify every situation that creates a threat. However, seven broad categories of threats should always be evaluated when threats to independence are being identified and assessed. They are self-review, advocacy, adverse interest, familiarity, undue influence, financial self-interest, and management participation threats The following paragraphs define and provide examples, which are not all-inclusive, of each of these threat categories. Some of these examples are the subject of independence interpretations and rulings contained in the Code of Professional Conduct.

Self-review threat—Members reviewing as part of an attest engagement evidence that results from their own, or their firm’s, nonattest work such as, preparing source documents used to generate the client’s financial statements

Advocacy threat—Actions promoting an attest client’s interests or position. ^{fn 4}

a.    Promoting the client’s securities as part of an initial public offering

b.    Representing a client in U.S. tax court

Adverse interest threat—Actions or interests between the member and the client that are in opposition, such as, commencing, or the expressed intention to commence, litigation by either the client or the member against the other.

Familiarity threat—Members having a close or longstanding relationship with an attest client or knowing individuals or entities (including by reputation) who performed nonattest services for the client.

a.    A member of the attest engagement team whose spouse is in a key position at the client, such as the client’s chief executive officer

b.    A partner of the firm who has provided the client with attest services for a prolonged period

c.    A member who performs insufficient audit procedures when reviewing the results of a nonattest service because the service was performed by the member’s firm

d.    A member of the firm having recently been a director or officer of the client

e.    A member of the attest engagement team whose close friend is in a key position at the client

Undue influence threat—Attempts by an attest client’s management or other interested parties to coerce the member or exercise excessive influence over the member.

a.    A threat to replace the member or the member’s firm over a disagreement with client management on the application of an accounting principle

b.    Pressure from the client to reduce necessary audit procedures for the purpose of reducing audit fees

c.    A gift from the client to the member that is other than clearly insignificant to the member

Financial self-interest threat—Potential benefit to a member from a financial interest in, or from some other financial relationship with, an attest client.

a.    Having a direct financial interest or material indirect financial interest in the client

b.    Having a loan from the client, from an officer or director of the client, or from an individual who owns 10 percent or more of the client’s outstanding equity securities

c.    Excessive reliance on revenue from a single attest client

d.    Having a material joint venture or other material joint business arrangement with the client

Management participation threat—Taking on the role of client management or otherwise performing management functions on behalf of an attest client.

a.    Serving as an officer or director of the client

b.    Establishing and maintaining internal controls for the client

c.    Hiring, supervising, or terminating the client’s employees

Safeguards—Controls that mitigate or eliminate threats to independence. Safeguards range from partial to complete prohibitions of the threatening circumstance to procedures that counteract the potential influence of a threat. The nature and extent of the safeguards to be applied depend on many factors, including the size of the firm and whether the client is a public interest entity. ^{fn 5} To be effective, safeguards should eliminate the threat or reduce to an acceptable level the threat’s potential to impair independence.

The effectiveness of a safeguard depends on many factors, including those listed here:

a.    The facts and circumstances specific to a particular situation

b.    The proper identification of threats

c.    Whether the safeguard is suitably designed to meet its objectives

d.    The party or parties that will be subject to the safeguard

e.    How the safeguard is applied

f.    The consistency with which the safeguard is applied

g.    Who applies the safeguard

There are three broad categories of safeguards. The relative importance of a safeguard depends on its appropriateness in light of the facts and circumstances.

a.    Safeguards created by the profession, legislation, or regulation

b.    Safeguards implemented by the attest client

c.    Safeguards implemented by the firm, including policies and procedures to implement professional and regulatory requirements

Examples of various safeguards within each category are presented in the following paragraphs. The examples are not intended to be all-inclusive and, conversely, the examples of safeguards implemented by the attest client and within the firm’s own systems and procedures may not all be present in each instance. In addition, threats may be sufficiently mitigated through the application of other safeguards not specifically identified herein.

Examples of safeguards created by the profession, legislation, or regulation

a.    Education and training requirements on independence and ethics rules for new professionals

b.    Continuing education requirements on independence and ethics

c.    Professional standards and monitoring and disciplinary processes

d.    External review of a firm’s quality control system

e.    Legislation governing the independence requirements of the firm

f.    Competency and experience requirements for professional licensure

Examples of safeguards implemented by the attest client that would operate in combination with other safeguards

a.    The attest client has personnel with suitable skill, knowledge, and/or experience who make managerial decisions with respect to the delivery of nonattest services by the member to the attest client

b.    A tone at the top that emphasizes the attest client’s commitment to fair financial reporting

c.    Policies and procedures that are designed to achieve fair financial reporting

d.    A governance structure, such as an active audit committee, that is designed to ensure appropriate decision making, oversight, and communications regarding a firm’s services

e.    Policies that dictate the types of services that the entity can hire the audit firm to provide without causing the firm’s independence to be considered impaired

Examples of safeguards implemented by the firm

a.    Firm leadership that stresses the importance of independence and the expectation that members of attest engagement teams will act in the public interest

b.    Policies and procedures that are designed to implement and monitor quality control in attest engagements

c.    Documented independence policies regarding the identification of threats to independence, the evaluation of the significance of those threats, and the identification and application of safeguards that can eliminate the threats or reduce them to an acceptable level

d.    Internal policies and procedures that are designed to monitor compliance with the firm’s independence policies and procedures

e.    Policies and procedures that are designed to identify interests or relationships between the firm or its partners and professional staff and attest clients

f.    The use of different partners and engagement teams that have separate reporting lines in the delivery of permitted nonattest services to an attest client, particularly when the separation between reporting lines is significant

g.    Training on and timely communication of a firm’s policies and procedures, and any changes to them, for all partners and professional staff

h.    Policies and procedures that are designed to monitor the firm or partner’s reliance on revenue from a single client and, if necessary, cause action to be taken to address excessive reliance

i.    Designating someone from senior management as the person who is responsible for overseeing the adequate functioning of the firm’s quality control system

j.    A means of informing partners and professional staff of attest clients and related entities from which they must be independent

k.    A disciplinary mechanism that is designed to promote compliance with policies and procedures

l.    Policies and procedures that are designed to empower staff to communicate to senior members of the firm any engagement issues that concern them without fear of retribution

m.    Policies and procedures relating to independence communications with audit committees or others charged with client governance

n.    Discussing independence issues with the audit committee or others responsible for the client’s governance

o. Disclosures to the audit committee (or others responsible for the client’s governance) regarding the nature of the services that are or will be provided and the extent of the fees charged or to be charged

p.    The involvement of another professional accountant who (1) reviews the work that is done for an attest client or (2) otherwise advises the attest engagement team (This individual could be someone from outside the firm or someone from within the firm who is not otherwise associated with the attest engagement.)

q.    Consultation on engagement issues with an interested third party, such as a committee of independent directors, a professional regulatory body, or another professional accountant

r.    Rotation of senior personnel who are part of the attest engagement team

s.    Policies and procedures that are designed to ensure that members of the attest engagement team do not make or assume responsibility for management decisions for the attest client

t.    The involvement of another firm to perform part of the attest engagement

u.    The involvement of another firm to reperform a nonattest service to the extent necessary to enable it to take responsibility for that service

v.    The removal of an individual from an attest engagement team when that individual’s financial interests or relationships pose a threat to independence

w.    A consultation function that is staffed with experts in accounting, auditing, independence, and reporting matters who can help attest engagement teams (1) assess issues when guidance is unclear, or when the issues are highly technical or require a great deal of judgment and (2) resist undue pressure from a client when the engagement team disagrees with the client about such issues

x.    Client acceptance and continuation policies that are designed to prevent association with clients that pose an unacceptable threat to the member’s independence

y.    Policies that preclude audit partners from being directly compensated for selling nonattest services to the audit client

[Issued April 2006, effective April 30, 2007, with earlier application encouraged, by the Professional Ethics Executive Committee.]