WEBVTT 00:00:03.950 --> 00:00:05.990 In today’s dynamic landscape and with 00:00:05.990 --> 00:00:09.510 Audit’s Growth strategy, teams such as the ESG Center of 00:00:09.510 --> 00:00:11.980 Excellence and Tech Assurance, are offering permissible 00:00:11.980 --> 00:00:15.990 non-audit services to audit clients. In addition, our 00:00:15.990 --> 00:00:18.990 audits are leveraging various tools and new capabilities, 00:00:18.990 --> 00:00:23.490 such as AI, to enhance the quality of our audits. These new 00:00:23.490 --> 00:00:26.310 capabilities can also provide valuable insights for our 00:00:26.310 --> 00:00:29.820 clients. But it’s important for us as the auditor to 00:00:29.820 --> 00:00:32.990 recognize when we are performing activities or providing 00:00:32.990 --> 00:00:36.270 information to our clients that extends beyond what is 00:00:36.270 --> 00:00:40.110 required for the performance of the audit. Such activities 00:00:40.110 --> 00:00:43.080 may be non-audit services, and additional independence 00:00:43.080 --> 00:00:44.610 considerations are required. 00:00:45.540 --> 00:00:47.990 This may take the shape of the client requesting the results 00:00:47.990 --> 00:00:51.990 of insights at a frequency or level of detail that 00:00:51.990 --> 00:00:54.720 exceeds what is needed for purposes of conducting the audit. 00:00:55.320 --> 00:00:57.990 Therefore, it is essential for teams to determine if what 00:00:57.990 --> 00:01:00.690 they are delivering aligns with the scope of the audit by 00:01:00.690 --> 00:01:03.990 asking questions such as, Are we performing a procedure 00:01:03.990 --> 00:01:07.770 necessary to plan the audit or obtain audit evidence? Are we 00:01:07.770 --> 00:01:10.990 making a communication or providing information required by 00:01:10.990 --> 00:01:12.210 the auditing standards? 00:01:13.050 --> 00:01:15.990 In many cases, providing additional insights or performing 00:01:15.990 --> 00:01:18.990 additional activities is permissible, but may be considered 00:01:18.990 --> 00:01:22.110 a non-audit service, so the engagement team would need to 00:01:22.110 --> 00:01:25.990 complete this evaluation. It would also require the team to 00:01:25.990 --> 00:01:28.950 submit a separate Sentinel request that includes the 00:01:28.950 --> 00:01:31.830 applicable non-audit Sentinel code and appropriate 00:01:31.830 --> 00:01:34.770 documentation that addresses independence considerations, 00:01:35.130 --> 00:01:39.030 including the SEC general standard and IESBA self-review 00:01:39.030 --> 00:01:43.620 threat test. The team should also attach a draft non-audit 00:01:43.650 --> 00:01:46.590 engagement letter and there are many non-audit engagement 00:01:46.590 --> 00:01:49.170 letter templates available for the audit practice to use for 00:01:49.170 --> 00:01:51.990 these services. The team will also need to obtain 00:01:51.990 --> 00:01:54.990 pre-approval from the Audit Committee or those charged with 00:01:54.990 --> 00:01:56.460 governance, if applicable. 00:01:57.540 --> 00:02:00.570 Then, when it comes to delivering any non-audit services, 00:02:00.600 --> 00:02:04.350 such as ESG and our Tech Assurance non-audit assessment 00:02:04.350 --> 00:02:07.440 services, we must be mindful that we are not performing an 00:02:07.440 --> 00:02:12.240 audit or attestation service. Therefore, we cannot provide 00:02:12.240 --> 00:02:15.360 any assurance or make any conclusions around client data or 00:02:15.360 --> 00:02:18.900 systems, such as the completeness and accuracy of data or 00:02:18.900 --> 00:02:22.140 the effectiveness of controls, as may be done in an audit. 00:02:24.360 --> 00:02:27.330 Non-audit assessment services generally should be limited to 00:02:27.330 --> 00:02:30.420 high-level observations and recommendations and should not 00:02:30.420 --> 00:02:33.360 be seen as designing or concluding on controls, or 00:02:33.360 --> 00:02:34.990 developing the client’s action plan. 00:02:34.990 --> 00:02:39.600 Remember to also utilize the “Focused Non-Audit Services 00:02:39.600 --> 00:02:42.540 for Audit Clients” guidance which provides tips when an 00:02:42.540 --> 00:02:46.260 activity may constitute a non-audit service. It also 00:02:46.260 --> 00:02:49.260 identifies the most common permissible non-audit services 00:02:49.470 --> 00:02:52.380 along with standard engagement letter templates available 00:02:52.380 --> 00:02:56.700 for our audit clients. If no letter is available, the 00:02:56.700 --> 00:02:59.280 “Non-audit Services Independence Permissions Matrix” 00:02:59.640 --> 00:03:02.070 includes detailed independence guidance on the 00:03:02.070 --> 00:03:04.260 permissibility of some of the most common types of 00:03:04.260 --> 00:03:07.500 activities performed during non-audit services. All 00:03:07.500 --> 00:03:09.990 documents can be found on the Independence Non-Audit 00:03:09.990 --> 00:03:10.920 Services Portal. 00:03:11.060 --> 00:03:14.580 It is crucial to maintain a clear understanding of the 00:03:14.580 --> 00:03:18.450 boundaries between audit and non-audit services. By adhering 00:03:18.450 --> 00:03:21.510 to independence considerations, seeking guidance when 00:03:21.510 --> 00:03:24.930 needed, and following appropriate procedures, audit teams 00:03:24.930 --> 00:03:27.990 can effectively navigate the evolving landscape and deliver 00:03:27.990 --> 00:03:30.450 high-quality services to their audit clients.