Welcome to this year’s Engagement Independence course.
Independence is foundational to audit quality. Our regulators have continued to focus on the critical importance of independence, including consideration of the SEC General Standard of Independence.
We maintain a system of quality control to comply with our independence obligations, in both fact and in appearance. This training is an important element of that system of quality control, to help you understand your role in maintaining the firm’s independence on your engagements.
A significant update impacting our audits this year is the implementation of revised standards on group audits. While not covered in this course, training on the independence implications of these standards is an important part of the group audits curriculum.
Thank you for your time and attention to this training. Recognizing the importance of independence, and being diligent in performing necessary independence procedures, helps us in maintaining the integrity of our audits and the protection of the markets we serve.
" }, { "_comment": "page 3", "title": "Course objectives", "template": "blank", "pageData": "m00_p03", "pageContent": "m00_p03", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "faqPageLevelIDs": "-1", "PageNumber": "3 / 28", "pageTranscript": "" }, { "_comment": "page 4", "title": "Independence responsibilities", "template": "blank", "pageData": "m00_p04", "pageContent": "m00_p04", "assessment": "false", "audio": "m00_p04", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "faqPageLevelIDs": "-1", "PageNumber": "4 / 28", "pageTranscript": "As KPMG audit professionals, our commitment to objectivity and independence is crucial for maintaining the quality and credibility of our work and directly impacts our ability to issue independent auditors’ reports. While helping to drive quality growth, we all must comply with the applicable independence professional standards, laws and regulations, fulfilling our professional responsibilities to protect the public interest and the capital markets we serve. Additionally, we must continue to conduct thorough evaluations of independence, even in the context of existing audit relationships, to mitigate risks and uphold the integrity of our audits.
Understanding independence rules and procedures is essential to perform audits that are in compliance with AICPA, SEC, PCAOB and IESBA rules. Compliance with all applicable independence requirements, including the SEC’s general standard of independence, is essential. This includes our responsibility for determining that the services being provided to, and our relationships with, audit clients conform with the independence rules. This requires diligence in reviewing audit and non-audit service Sentinel requests for audit clients and their affiliates, making required communications with the Audit Committee, and obtaining their pre-approval and concurrence, when required. We must be diligent in performing all independence procedures with Excellence and reinforce with our teams and our audit clients the importance of maintaining independence. If we are unsure about an independence matter, it is important to promptly consult with the Independence Group.
" }, { "_comment": "Menu Page", "title": "Module 1: Delivering services beyond the audit", "template": "blank", "pageData": "menu", "pageContent": "menu", "assessment": "false", "audio": "false", "markvisit": "init", "showTitle": "true", "showInMenu": "false", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "5 / 28", "pageTranscript": "" } ] }, { "title": "Module 1: Delivering services beyond the audit", "faqTopicIDs": "-1", "faqModuleTopicTitle": "MODULE 0", "moduleID": "m00", "moduleFolder": "module0", "page": [ { "_comment": "page 5", "title": "Considerations when delivering non-audit services to audit clients", "template": "video_temp", "pageData": "m01_p01", "pageContent": "blank", "assessment": "false", "audio": "blank_1", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "6 / 28", "pageTranscript": "In today’s dynamic landscape and with Audit’s Growth strategy, teams such as the ESG Center of Excellence and Tech Assurance, are offering permissible non-audit services to audit clients. In addition, our audits are leveraging various tools and new capabilities, such as AI, to enhance the quality of our audits. These new capabilities can also provide valuable insights for our clients. But it’s important for us as the auditor to recognize when we are performing activities or providing information to our clients that extends beyond what is required for the performance of the audit. Such activities may be non-audit services, and additional independence considerations are required.
This may take the shape of the client requesting the results of insights at a frequency or level of detail that exceeds what is needed for purposes of conducting the audit. Therefore, it is essential for teams to determine if what they are delivering aligns with the scope of the audit by asking questions such as, Are we performing a procedure necessary to plan the audit or obtain audit evidence? Are we making a communication or providing information required by the auditing standards?
In many cases, providing additional insights or performing additional activities is permissible, but may be considered a non-audit service, so the engagement team would need to complete this evaluation. It would also require the team to submit a separate Sentinel request that includes the applicable non-audit Sentinel code and appropriate documentation that addresses independence considerations, including the SEC general standard and IESBA self-review threat test. The team should also attach a draft non-audit engagement letter and there are many non-audit engagement letter templates available for the audit practice to use for these services. The team will also need to obtain pre-approval from the Audit Committee or those charged with governance, if applicable.
Then, when it comes to delivering any non-audit services, such as ESG and our Tech Assurance non-audit assessment services, we must be mindful that we are not performing an audit or attestation service. Therefore, we cannot provide any assurance or make any conclusions around client data or systems, such as the completeness and accuracy of data or the effectiveness of controls, as may be done in an audit. Non-audit assessment services generally should be limited to high-level observations and recommendations and should not be seen as designing or concluding on controls, or developing the client’s action plan.
Remember to also utilize the “Focused Non-Audit Services for Audit Clients” guidance which provides tips when an activity may constitute a non-audit service. It also identifies the most common permissible non-audit services along with standard engagement letter templates available for our audit clients. If no letter is available, the “Non-audit Services Independence Permissions Matrix” includes detailed independence guidance on the permissibility of some of the most common types of activities performed during non-audit services. All documents can be found on the Independence Non-Audit Services Portal.
It is crucial to maintain a clear understanding of the boundaries between audit and non-audit services. By adhering to independence considerations, seeking guidance when needed, and following appropriate procedures, audit teams can effectively navigate the evolving landscape and deliver high-quality services to their audit clients.
" }, { "_comment": "page 22", "title": "Activity: Permissible non-audit services", "template": "blank", "pageData": "m01_p02_01", "pageContent": "m01_p02_01", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "7 / 28", "pageTranscript": "" }, { "_comment": "page 22", "title": "Activity: Permissible non-audit services (continued)", "template": "blank", "pageData": "m01_p02_02", "pageContent": "m01_p02_02", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "7a / 28", "pageTranscript": "" }, { "_comment": "page 6", "title": "Providing services beyond the audit", "template": "video_temp", "pageData": "m01_p02", "pageContent": "blank", "assessment": "false", "audio": "blank_1", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "8 / 28", "pageTranscript": "ESG and GenAI are everywhere, and the firm has been adapting quickly to seize opportunities.
Let’s check in with Paloma, the audit partner for SEC audit client, Estatewood and Kai, a Tech Assurance managing director, as they talk through two opportunities for Estatewood.
PALOMA: The planning workshop for Estatewood’s audit went really well! They were impressed with the new AI technology that we’ll be using on the audit this year.
KAI: Yeah, they were! I agree! Actually - Estatewood’s CFO just reached out to me about helping with their GenAI transformation.
I was thinking about an Ignition Experience at Lakehouse. We can share benchmarking and insights about their performance compared to their competitors, and brainstorm GenAI use cases.
PALOMA: That’s a great idea! But let’s make sure we’ve considered any independence implications.
If we plan to provide a benchmarking deliverable, we need to ensure that during that session, we aren’t providing services beyond the audit that haven’t been pre-approved.
KAI: I see what you mean…
PALOMA: The Independence Guidance on Ignition Experiences and AI services are helpful resources. The Ignition Experience you’ve described may be permissible, provided we don’t delve into developing their AI solutions. But it would be considered a separate non-audit service, regardless of whether we charge a fee.
Kai is now more aware of the ways in which activities we plan to offer to our audit clients can expand into providing non-audit services. Although these non-audit services may be permissible, they still require evaluation in Sentinel and Audit Committee pre-approval.
Paloma and Kai talk through what Estatewood would like to achieve with GenAI. They come up with an appropriate agenda to address the client’s needs that would also be permissible from an independence perspective.
Because they also have an ongoing ESG reporting assessment engagement with Estatewood, Kai continues the discussion with Paloma, talking through the draft deliverable they would like to share with the client.
KAI: Oh, I’ve been meaning to ask…Have you had a chance to review the draft deliverable for the ESG reporting assessment service? We had some valuable IT insights, and wanted to provide them as soon as possible!
PALOMA: I have reviewed it. The team did a great job.
KAI: Thanks, Paloma.
PALOMA: And it’s great you used the standard deliverable template, but in certain places we do need to adjust our level of recommendations to avoid going beyond the scope of work in the approved ESG engagement letter.
KAI: OK. Where were your concerns?
PALOMA: There were a few places where we made assurance type statements like “the report is complete and accurate” or “the control is designed effectively”.
We aren’t auditing here, so, our work can’t go beyond high-level observations and recommendations.
KAI: Ok, I see what you mean. We can’t conclude or provide inadvertent assurance, since this is a non-audit service done under consulting standards.
So - for our observations and recommendations, if we frame them as high-level feedback for the client’s consideration and categorize the feedback as high, medium, and low – would that be permissible?
PALOMA: Yes, that’s permissible. We should avoid making recommendations that are too specific and extensive, as it could in substance be seen as designing or concluding on the client’s controls, or developing their action plan, which would be impermissible.
KAI: That makes sense. I’ll make those changes to the ESG deliverable.
Paloma emphasized the importance of staying within the approved scope and that teams need to take off their “audit” hat when drafting deliverables for non-audit services.
She also reinforced the importance of providing objective recommendations and observations without conclusions, avoiding scope creep and maintaining independence.
As Audit and Tech Assurance offer more non-audit services to audit clients, it is important to keep these considerations in mind.
" }, { "_comment": "page 11", "title": "Knowledge check 1", "template": "mcss2", "pageData": "m01_p07", "pageContent": "blank", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "9 / 28", "pageTranscript": "" }, { "_comment": "Menu Page", "title": "Module 2: Independence controls and procedures", "template": "blank", "pageData": "menu", "pageContent": "menu", "assessment": "false", "audio": "false", "markvisit": "init", "showTitle": "true", "showInMenu": "false", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "10 / 28", "pageTranscript": "" } ] }, { "title": "Module 2: Independence controls and procedures", "faqTopicIDs": "-1", "faqModuleTopicTitle": "MODULE 0", "moduleID": "m00", "moduleFolder": "module0", "page": [ { "_comment": "page 16", "title": "System of Quality Control", "template": "video_temp", "pageData": "m02_p01", "pageContent": "blank", "assessment": "false", "audio": "blank_1", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "11 / 28", "pageTranscript": "KPMG’s independence systems, policies, and procedures are critical to as our System of Quality Control, also referred to our System of Quality Management.
Key independence systems include Sentinel, KICS – ‘KPMG’s Independence Compliance System’, and the REL - ‘Restricted Entity List’. These systems help us maintain independence by preventing and detecting independence violations.
Sentinel is the primary system used to determine if a proposed engagement or business relationship complies with applicable professional and regulatory standards. But its effectiveness is dependent upon entering complete and accurate data. Companies are constantly shifting, growing and restructuring, so we must stay ahead of transactions or activities that could result in new affiliates or affiliated persons. Audit engagement teams need to continually update the client’s Sentinel family tree in a timely manner to help ensure accurate placement of entities and affiliated persons on the tree, so all services and relationships can be evaluated appropriately, and the firm’s System of Quality Control can operate as intended. Teams also need to submit complete and accurate Sentinel requests so that Sentinel Lead Partners can appropriately evaluate the request. Getting tree maintenance, submittal and review right all are equally important in maintaining the system’s integrity, to avoid potential violations.
The REL and KICS are additional tools that are important to our System of Quality Control. Restricting an entity on the REL results in the entity identifying as restricted in KICS. All public audit clients and any of their public affiliates, including their debt and equity securities, need to be properly listed as restricted on the REL. Non-public affiliates that offer financial products must also be included. Engagement teams are required to regularly review and confirm that restrictions are appropriate and request necessary updates, assuring the REL’s accuracy, including evaluating if new affiliates meet the requirements for inclusion. If changes need to be made, teams must submit a REL Update Form, verifying all engagement details are accurate. It is crucial the REL is updated timely, as our professionals rely on this information to maintain their personal independence.
Our System of Quality Control also includes the procedures performed by audit engagement teams and documented in the KPMG Clara workflow, or KCw. It’s important that the engagement profile is set up within KCw accurately during the planning phase, to enable the delivery of applicable independence procedures within the Independence module. When the audit engagement team indicates that there are transactions resulting in new affiliates, the New Affiliates screen within the KCw Independence module is activated with procedures that must be completed to assess independence in relation to the new affiliate. Completing independence procedures is essential to a quality audit, so it’s critical to plan enough time to perform and document each step. There is execution guidance in the KPMG Audit Execution Guide (KAEG) that aligns with each step in the Independence module to assist teams in appropriately completing the procedures.
Lead audit engagement partners rely on the results of independence procedures and the firm’s System of Quality Control to support annual independence communications to the Audit Committee, as required by PCAOB Rule 3526. In situations where there’s been a violation (also known as a breach) during the audit or professional engagement period, these communications must be reviewed and approved by the Independence Group, a key control step, prior to communicating to the Audit Committee. Teams are encouraged to use the Audit Committee templates available on Alex to help with all required written communications.
The systems, policies and procedures that underpin our System of Quality Control work together to help us maintain our independence, communicate related matters, deliver quality audits to our clients, and ultimately build trust in the capital markets.
" }, { "_comment": "page 4", "title": "Sentinel requests for supplemental services to statutory audits", "template": "blank", "pageData": "m02_p02_01", "pageContent": "m02_p02_01", "assessment": "false", "audio": "m02_p02_01", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "faqPageLevelIDs": "-1", "PageNumber": "12 / 28", "pageTranscript": "In some jurisdictions, auditors often provide supplemental non-audit services such as financial statement preparation, word processing, translation or other services in conjunction with statutory audits. In such instances, it’s crucial to evaluate these non-audit services separately from the statutory audit, so they can be appropriately evaluated for permissibility under the applicable independence standards.
To facilitate this process, changes have been implemented in Sentinel. Two new Sentinel taxonomy codes have been created, one for financial statement preparation services, and the other for financial statement word processing and/or translation services. Sentinel requestors will be reminded of these typical supplemental services when submitting Sentinel requests for statutory audits. They will be asked whether additional services are being provided alongside the statutory audit, and if so, to select all relevant non-audit service taxonomy codes.
Sentinel Lead Partners can then approve Sentinel requests once all services have been reviewed for permissibility and we have received necessary pre-approvals from the Audit Committee or Those Charged with Governance. When approving a request in Sentinel, it is helpful for the SLP to include reminders to the requestor in their approval comments.
For financial statement preparation services to a subsidiary with the same year-end as the parent audit client, SLPs should include a reminder that services cannot start until the audit report for the parent company’s group financial statements has been issued. When a Sentinel request only identifies audit services, the SLP can indicate in their comments that approval is solely related to the submitted audit service. By adopting these practices within Sentinel, both requestors and reviewers can significantly reduce the risk of independence violations. This streamlined approval process also allows for quicker speed to market and improved client relationships.
" }, { "_comment": "page 25", "title": "Knowledge check 2", "template": "mcss2", "pageData": "m02_p03_02", "pageContent": "blank", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "13 / 28", "pageTranscript": "" }, { "_comment": "page 22", "title": "Activity: Sentinel family tree maintenance", "template": "blank", "pageData": "m02_p04_1", "pageContent": "m02_p04_1", "assessment": "false", "audio": "m02_p04_1", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "14 / 28", "pageTranscript": "Completeness and accuracy within Sentinel is important, whether you’re maintaining a Sentinel family tree, reviewing a service Sentinel request, or submitting one yourself, data must be complete and accurate for the system to work as intended.
" }, { "_comment": "page 22", "title": "Activity: Sentinel family tree maintenance (continued)", "template": "blank", "pageData": "m02_p04_01a", "pageContent": "m02_p04_01a", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "14a / 28", "pageTranscript": "" }, { "_comment": "page 22", "title": "Activity: Sentinel request submission and review", "template": "blank", "pageData": "m02_p05_1", "pageContent": "m02_p05_1", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "15 / 28", "pageTranscript": "" }, { "_comment": "page 22", "title": "Activity: Sentinel request submission and review (continued)", "template": "blank", "pageData": "m02_p05_2", "pageContent": "m02_p05_2", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "15a / 28", "pageTranscript": "" }, { "_comment": "page 22", "title": "Activity: Sentinel request submission and review (continued)", "template": "blank", "pageData": "m02_p05_3", "pageContent": "m02_p05_3", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "15b / 28", "pageTranscript": "" }, { "_comment": "page 21", "title": "From our Files", "template": "video_text_sync", "pageData": "m02_p05", "pageContent": "blank", "assessment": "false", "audio": "blank_1", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "16 / 28", "pageTranscript": "Since May of 2021, an advisory engagement team had been providing managed technology services to a healthcare company. The services primarily consisted of managing the entity’s enterprise resource planning system, which was permissible at the time as the entity was not an audit client or an affiliate of an audit client.
In April of 2023, our audit client, a private equity firm, announced it was acquiring a majority stake in the healthcare company. As a result, the healthcare company would become an affiliate of our audit client upon closing of the acquisition. At the time of the announcement, my team created a new entity in Sentinel and added it to our audit client’s Sentinel family tree. The acquisition closed in June of 2023 During our quarterly independence procedures, we discovered that there was a duplicate of the healthcare company within Sentinel and after performing a service history review, our team identified the ongoing managed technology services for the healthcare company that was no longer permissible now that they were an SEC restricted entity.
Initially, my team used the Sentinel Entity Management Tool, to add the healthcare company to our client’s Sentinel family tree. However, the team overlooked the potential matches provided by the tool, which would have alerted us to the existence of the entity already in the system. Instead of linking the existing entity into our audit client’s Sentinel family tree (and running a service history report which would have identified the managed services), my team inadvertently created a new entity, allowing the impermissible services to continue. Once my team identified the issue, KPMG immediately terminated the impermissible services. However, this oversight resulted in a prohibited management function violation that needed to be communicated to our client’s Audit Committee and I was assessed a Category 2 sanction under our firm policy.
This experience taught me that although we have systems in place that are designed to help teams get it right, we must still be diligent in performing procedures appropriately. Had we been more thorough during our review of potential matches in Sentinel, we could have exited the impermissible services ahead of the acquisition, avoided incurring a violation and needing to have a difficult conversation with our client’s Audit Committee, potentially damaging the valued relationship.
" }, { "_comment": "Menu Page", "title": "Module 3: Shared responsibility", "template": "blank", "pageData": "menu", "pageContent": "menu", "assessment": "false", "audio": "false", "markvisit": "init", "showTitle": "true", "showInMenu": "false", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageNumber": "17 / 28", "pageTranscript": "" } ] }, { "title": "Module 3: Shared responsibility", "faqTopicIDs": "-1", "faqModuleTopicTitle": "MODULE 0", "moduleID": "m00", "moduleFolder": "module0", "page": [ { "_comment": "page 4", "title": "Importance of shared responsibility", "template": "blank", "pageData": "m03_p01_01", "pageContent": "m03_p01_01", "assessment": "false", "audio": "m03_p01_01", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "faqPageLevelIDs": "-1", "PageNumber": "18 / 28", "pageTranscript": "Speeches from the SEC continue to underscore that compliance with auditor independence rules does not rest solely with the auditor, but rather is a shared responsibility. All parties, including the client’s management, the Audit Committee or Those Charged with Governance, audit teams, and non-audit services engagement teams, share in this responsibility. It may also involve collaboration between engagement teams and other firm professionals, such as the Independence Group, Engagement Management Coordinators, and others.
It is crucial to communicate this shared responsibility and promote the client’s understanding of their role. We encourage using the Audit Committee communication templates, specifically the slide on “Shared responsibilities: Independence” when delivering our audit plan to the Audit Committee to reinforce this important message.
" }, { "_comment": "page 4", "title": "Giving and receiving quality information", "template": "blank", "pageData": "m03_p02_01", "pageContent": "m03_p02_01", "assessment": "false", "audio": "m03_p02_01", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "faqPageLevelIDs": "-1", "PageNumber": "19 / 28", "pageTranscript": "The firm’s System of Quality Control works to prevent and detect independence violations, allowing us to provide reasonable assurance of compliance with independence requirements. To maintain its effectiveness, we rely on receiving quality data from the audit client. It’s important to have discussions with our clients about the importance of timely communicating planned mergers and acquisitions, materiality and ownership changes, or other corporate transactions. This allows teams to appropriately assess independence and make necessary updates in Sentinel. It also allows the firm to promptly exit any prohibited services or relationships with any new affiliates, in advance of the effective date of a transaction.
When activities occur that may result in new affiliates or affiliated persons, audit engagement teams can seek assistance by submitting an inquiry to Professional Practice Support via the Audit Operations Portal.
As important as it is to receive quality information from our audit clients, it is equally important for audit engagement teams to provide quality communications to the client’s Audit Committee to enable them to exercise their oversight role effectively. Prior to accepting a new SEC audit client and annually thereafter, PCAOB Rule 3526 requires our firm to report to the Audit Committee, in writing, all relationships that may be reasonably thought to bear on independence, and to discuss with them the potential effects those relationships may have on our independence. Documentation of the substance of the discussion with the Audit Committee is required to be included in KCw; only attaching the written communication will not satisfy this requirement and As part of our annual written communications, we are also required to affirm in writing that the firm is independent, in compliance with PCAOB Rule 3520.
Furthermore, the SEC requires all proposed audit and permitted non-audit services provided to the audit client and its subsidiaries to be pre-approved by the client’s Audit Committee. Additional PCAOB pre-approval requirements exist for tax services and non-audit services related to internal control over financial reporting. IESBA also requires concurrence from the Audit Committee of any public interest entity, including our SEC audit clients, prior to providing non-audit services to upstream entities that control the audit client, and downstream entities that the audit client controls, regardless of consolidation. To aid in the preparation of required independence communications with the Audit Committee, including communications necessary for obtaining pre-approval or concurrence, teams should refer to “The Audit Committee Communications User Guide” found on Alex.
In order for the Audit Committee to make an informed decision about a proposed service, we need to provide them with sufficient information about the service, to enable them to evaluate the potential effects on our independence.
" }, { "_comment": "page 34", "title": "Knowledge check 3", "template": "mcss2", "pageData": "m03_p09", "pageContent": "blank", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "20 / 28", "pageTranscript": "" }, { "_comment": "page 4", "title": "Certain relationships with audit clients", "template": "blank", "pageData": "m03_p04_01", "pageContent": "m03_p04_01", "assessment": "false", "audio": "m03_p04_01", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "faqPageLevelIDs": "-1", "PageNumber": "21 / 28", "pageTranscript": "Independence rules prohibit KPMG, including its Covered Persons, from having certain business and employment relationships with audit clients and their affiliates.
We require audit engagement teams to make written inquiries of their SEC audit client’s directors and officers about certain relationships that they, their spouse or spousal equivalent, and their dependents may have with KPMG, to confirm there are no prohibited relationships with KPMG. Teams can either send a questionnaire directly or include within a questionnaire sent by the client. When including in the client’s questionnaire, we should be sure that the question includes inquiring about relationships that the director or officer’s spouse or spousal equivalent and dependents may have, as this is sometimes overlooked. Responses to these questionnaires should be completed by client directors and officers after year-end to encompass the entirety of the audit period. If previously undisclosed relationships are reported, the audit engagement partner must consult with the Independence Group.
We rely on the client to provide us with accurate information, informing us about relationships that may require additional independence consideration. Equally important, is the responsibility of KPMG professionals to assess their relationships.
Did you know, certain activities that the firm partakes in outside of the professional services we deliver to clients could be considered a business relationship when a third party is involved? Whether it’s hosting or sponsoring an event, entering into a go-to-market relationship or using third party software, each activity requires consideration before proceeding. Different activities call for different action to verify permissibility. Therefore, it’s crucial to allocate sufficient time to assess these activities before entering into any business relationship.
We also need to be mindful of independence considerations even when we anticipate the termination of an audit relationship. The SEC has indicated that an audit firm could impair its independence under the SEC general standard if it were to propose on a prohibited business relationship or non-audit service before the end of the audit and professional engagement period, regardless of whether it would not be engaged until after the audit relationship has ended. An engagement team must consult with the Independence Group prior to proposing any impermissible business relationship or non-audit service before the issuance of the firm's final audit report.
KPMG has dedicated groups to assist you with evaluating these activities. You can find guidance in the Business Relationships Toolkit found on the Independence portal, which includes templates, questionnaires and helpful guidance documents.
Additionally, employment relationships must be taken into account for engagement teams to maintain compliance with independence rules.
When a former KPMG professional joins an audit client, teams are required to consider whether engagement procedures need to be modified to address the risk that the professional’s prior knowledge of the audit plan could reduce effectiveness. If a former professional joins an audit client within one year of leaving the firm and has significant interaction with the audit team, an appropriate professional designated by the Business Unit Professional Practice Partner must review the subsequent annual audit to help ensure the team maintained appropriate skepticism when evaluating the representations and work of the former KPMG professional.
Financial ties with the firm must also be severed prior to a former KPMG professional joining an audit client in an accounting role, financial reporting oversight role or key position. If the lead audit engagement partner becomes aware of the client’s intent to offer such a role to a former KPMG partner, they must consult with the Independence Group to determine that the former partner’s financial relationships are addressed. Additionally, members of the audit engagement team and those in chain of command for an audit client must serve a cooling-off period before joining an SEC issuer audit client in a financial reporting oversight role. The audit engagement partner must, also consult with the Independence Group if they become aware of the client’s intent to offer a financial reporting oversight role to a former member of the audit engagement team or chain of command within the cooling-off period. Provisions included in our audit engagement letter and management representation templates also require the audit client to inform us about such employment relationship situations so that they can be appropriately evaluated to protect our independence.
By implementing these measures and sharing in the responsibility with audit clients to provide accurate information, the firm is able to uphold the integrity of our audits and promote objectivity of all engagement professionals.
" }, { "_comment": "page 47", "title": "Activity: Audit client relationship considerations", "template": "blank", "pageData": "m04_p03_1", "pageContent": "m04_p03_1", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "22 / 28", "pageTranscript": "" }, { "_comment": "page 47", "title": "Activity: Audit client relationship considerations (continued)", "template": "blank", "pageData": "m04_p03_2", "pageContent": "m04_p03_2", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "22a / 28", "pageTranscript": "" }, { "_comment": "Choose your learning path", "title": "Choose your learning path", "template": "blank", "pageData": "branch_screen_1", "pageContent": "branch_screen_1", "assessment": "false", "audio": "blank_1", "markvisit": "custom", "showTitle": "true", "showInMenu": "true", "enableMenu": "true", "nextPageId": "31", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "23 / 28", "pageTranscript": "The following situations illustrate scenarios involving areas of shared responsibility. Audit and Tech Assurance professionals should choose to review the option applicable to their role.
" }, { "_comment": "page 9", "title": "Pre-approval communication rules roadmap", "template": "video_temp", "pageData": "m01_p05", "pageContent": "blank", "assessment": "false", "audio": "blank_1", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "28", "backPageId": "28", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "branch": "1", "PageNumber": "23.1a", "pageTranscript": "An audit engagement team has just received a Sentinel request to provide a tax service for their audit client, The Redstone Group. Let’s join them as they respond to this request.
Senior Manager: Did you see the Sentinel request for transfer pricing consulting services for Redstone?
Partner: Yes! Can you help me review this request for permissibility? The tax engagement team wants to start the work as soon as possible.
Senior Manager: Sure, I will review the details included in the Sentinel request and get back to you.
Senior Manager: I reviewed the draft engagement letter included in the Sentinel request and everything matched what was detailed in the Description of Services and the taxonomy codes selected. I reviewed the guidance on the Independence Non-Audit Services Portal and the transfer pricing service is permissible, so I think the tax team can proceed with the work.
Partner: Great, I checked Redstone’s Audit Committee Charter, and we will need to obtain specific pre-approval for this tax service before approving the Sentinel request since the committee’s policies and procedures only provide for pre-approval for audit and attestation services.
Senior Manager: Hmm, our next meeting with the Audit Committee isn’t until next month.
Partner: That’s okay because their Charter allows for pre-approval by an Audit Committee member delegate, so we can seek pre-approval from the Chair.
Senior Manager: Ok, I’ll use the Audit Committee communication templates to prepare the communications.
Partner: Those templates are a great resource; they also capture IESBA concurrence requirements. The “pre-approval examples for tax and non-audit services” slides linked in the templates are also helpful because they provide examples to meet PCAOB Rule 3524 and 3525 requirements for common non-audit services, including transfer pricing services.
Senior Manager: I’ll do that. I’ve also used the PCAOB Rule 3524 Practice Aid to make sure we’re complying with all aspects of the rule for this tax service.
Partner: Great, to satisfy parts a and b of Rule 3524, we need to be thorough in the written descriptions that we provide to the chair because those details will drive our required discussion.
Senior Manager: I’ll be mindful of that and will tailor the slides to describe the proposed transfer pricing service, the associated fee structure details, and independence considerations.
Partner: Thanks for preparing the Audit Committee communication templates for our communications with the chair! The Chair just confirmed pre-approval. Let’s document the substance of our discussion with the Chair and their pre-approval in the audit file. Now we can approve the Sentinel request for the transfer pricing service.
Senior Manager: No problem! I’ll approve the Sentinel request and will schedule a meeting with the tax engagement team to discuss service limitations and possible areas of scope creep.
Partner: Good idea. We also need to provide a written description of the service to the full Audit Committee at the next scheduled meeting and discuss the potential effects on our independence. Please add the transfer pricing service to the slide of services pre-approved by the Audit Committee delegate.
Senior Manager: Will do. I’ll incorporate the same information we presented to the Chair.
Partner: Thank you for your help with this service request. Now that we’ve presented the transfer pricing service to the full Audit Committee, all that’s left is to document everything in KCw to satisfy part c of Rule 3524. Could you prepare the documentation this week evidencing compliance with part c of PCAOB Rule 3524?
Senior Manager: I can do that. I’ll document the substance of both discussions with the chair and then the full Audit Committee.
Partner: Thanks for documenting everything in KCw. Everything looked great.
Senior Manager: My pleasure, I’m happy everything’s already documented in KCw.
Partner: Yes, it’s definitely helpful to get ahead of documentation where we can, so we don’t have to go back and address a lot of open items in KCw right before we issue our audit report.
Senior Manager: Agreed!
" }, { "_comment": "page 12", "title": "Additional client request after engagement kick-off ", "template": "video_temp", "pageData": "m01_p08", "pageContent": "blank", "assessment": "false", "audio": "blank_1", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "28", "backPageId": "28", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "branch": "2", "PageNumber": "23.2a", "pageTranscript": "After obtaining Audit Committee pre-approval, KPMG was engaged by Indy & Co., an SEC audit client, to provide ESG readiness services.
Midway through providing services, Indy & Co. approached Anita, a tech assurance manager on the engagement, requesting assistance in developing their ESG implementation plan. Anita meets with Jasmine, the managing director on the engagement, to discuss the request.
Anita: We submitted our draft gap analysis deliverables to Indy & Co., including recommendations and observations for consideration and they requested we develop our recommendations into their implementation plan. I was going to begin putting this together today.
Jasmine: Hmmm. Let’s check to make sure this is an approved service included in the engagement letter, and the Sentinel request. What’s included in our deliverable can’t go beyond that.
Anita: But isn’t developing an implementation plan a reasonable expansion on our observations and recommendations?
Jasmine: Not necessarily. I believe the scope of the engagement was limited to the gap analysis. Providing Indy & Co. with an implementation plan would go beyond the approved scope of work. Let me take a look and get back to you.
Jasmine reviews the engagement letter and confirms that an implementation plan is not included within the approved scope of work. After reaching out to the Sentinel Lead Partner to discuss the client’s incremental request, Jasmine meets with Anita again to discuss her findings.
Jasmine: Okay, so I confirmed that an implementation plan was not included in the approved engagement letter or Sentinel request.
Anita: Can we just amend the engagement letter and submit an additional Sentinel request?
Jasmine: Unfortunately, not in this case. I consulted with the Sentinel Lead Partner to see if the service would be permissible. She reminded me of the guidance within the Independence Guidance for ESG Services and the Non-audit Services Independence Permissions Matrix; and noted that designing or developing future state implementation plans are generally prohibited under SEC independence rules.
Anita: So in addition to the implementation plan not being in the approved scope of work, it would also be considered impermissible under SEC independence rules?
Jasmine: That’s right. We’re also planning to perform the ESG attestation engagement in the future. Given the SEC’s adoption of rules to enhance and standardize climate-related disclosures, our objectivity would be further impacted because we would be opining over this subject matter.
Anita: Indy may be upset when we tell them we can’t proceed.
Jasmine: They’ll be disappointed, but they’ll understand. Management and the Audit Committee expect us to adhere to the independence rules.
Jasmine worked with Anita to avoid potential independence violations. The team was able to explain to Indy & Co. why proceeding with their additional request would affect the firm’s independence- not only to their audit, but to the planned ESG attestation engagements KPMG was set to perform. As a result of the team acting with independence in mind, they were able to do the right thing for the firm and the client, being sure not to step over the lines of the initial engagement’s scope.
" }, { "_comment": "Menu Page", "title": "Module 4: Upcoming changes and course wrap-up", "template": "blank", "pageData": "menu", "pageContent": "menu", "assessment": "false", "audio": "false", "markvisit": "init", "showTitle": "true", "showInMenu": "false", "enableMenu": "true", "nextPageId": "#", "backPageId": "28", "enableBack": "true", "resource": "0", "gaapId": "0", "PageNumber": "24 / 28", "pageTranscript": "" } ] }, { "title": "Module 4: Upcoming changes and course wrap-up", "faqTopicIDs": "-1", "faqModuleTopicTitle": "MODULE 0", "moduleID": "m00", "moduleFolder": "module0", "page": [ { "_comment": "page 4", "title": "Upcoming change to the definition of a Public Interest Entity (PIE)", "template": "blank", "pageData": "m04_p01_01", "pageContent": "m04_p01_01", "assessment": "false", "audio": "m04_p01_01", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "faqPageLevelIDs": "-1", "PageNumber": "25 / 28", "pageTranscript": "The AICPA has revised its definition of a public interest entity, also referred to as a PIE in an effort to better align with IESBA’s expanded definition of a public interest entity. Being classified as a public interest entity is significant because it subjects the entity to heightened independence requirements, which may exceed SEC independence rules in certain cases, such as obtaining concurrence for non-audit services from those charged with governance and certain fee-related communications.
A public interest entity can fall into four categories, subject to size or other criteria: publicly traded entities; FDIC insured depository institutions with one billion dollars or more in total assets; insurers that are subject to the NAIC Annual Financial Reporting Model Regulation and have five-hundred million dollars or more in direct written and assumed premiums; and investment companies registered under the SEC Investment Company Act of 1940 and the Securities Act of 1933. The biggest impact for our US engagements will be for non-issuer insurance companies with premiums of $500 million or more. The other categories are already considered public interest entities under existing rules today.
For new public interest entities, the revised definition will be adopted for periods beginning on or after December 15, 2024.
For more details, refer to Risk Management Alert 24-03.
" }, { "_comment": "page 54", "title": "Helpful resources", "template": "blank", "pageData": "m05_p03", "pageContent": "m05_p03", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "faqPageLevelIDs": "-1", "PageNumber": "26 / 28", "pageTranscript": "" }, { "_comment": "page 12", "title": "Thank You", "template": "video_temp", "pageData": "m05_p05", "pageContent": "blank", "assessment": "false", "audio": "blank_1", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "27 / 28", "pageTranscript": "Thank you so much for completing this course and taking time to maintain the firm’s independence.
Please, take the time to perform all required independence procedures on your engagements.
Getting this right is foundational to our firm’s values.
Our regulators, our clients and the capital markets, they expect it from us.
If you have any questions along the way, please reach out to the Independence Group. We’re here to help you!
Thank you.
" }, { "_comment": "page 55", "title": "Congratulations", "template": "blank", "pageData": "m05_p04", "pageContent": "m05_p04", "assessment": "false", "audio": "false", "markvisit": "custom", "showTitle": "true", "enableMenu": "true", "nextPageId": "#", "backPageId": "#", "enableBack": "true", "resource": "0", "gaapId": "0", "PageTheme": "", "PageNumber": "28 / 28", "pageTranscript": "" } ] } ] } }