Case Study 1

Threats and Safeguards - Self Review Threat

Intended audience: Professional Accountants in Public Practice

A sole proprietor public accountant called X is one of a few directors and sole shareholder of a tax and corporate advisory firm (TCA). They are considered to be network firms as defined in the Code of Professional Conduct and Ethics (the Code).

TCA provides book keeping services to approximately ten of X’s audit clients.

X says that the accounting records of the clients are prepared by TCA’s staff and sent directly to the clients for review and approval. There is no conclusive evidence to say whether X signed off the accounting / book keeping work. Therefore, the question is whether X is responsible for the sign off of both the independent auditor’s reports and the accounting / book keeping work together with the compilation of unaudited accounts, such that a “self review threat” is created as per paragraph 100.10(b) of the Code;

 X has responded that: 

  • Accounting assignments are managed by executive staff of TCA.
  • TCA accounting staff take instructions directly from the clients.
  • The client signs a letter of representation (LOR) when the accounts are compiled and completed. This requires the client’s financial officer to certify that he / she has reviewed all the transactions in the unaudited accounts to confirm they are in accordance with his / her instructions and that he / she has made available all documents for the accounting assignment.
  • The audit begins only after the accounts have been confirmed in the LOR. i.e. the accounting and audit work will not be undertaken at the same time. X was able to provide copies of the LORs and records showing who were the staff responsible for the accounting work and the audit work.


Although it was known who performed the work, it was unclear whether the staff were employees of the audit practice of X or TCA at the time where the work was performed.

  • There are no engagement letters for the TCA work. There are engagement letters for the audit work. It was unclear whether clients would have seen TCA and X’s audit practice as two separate entities or deemed these as one entity. There were however audit engagement letters and LORs.
  • It was unclear who was involved in final approval of TCA’s work prior to final deliveries to the clients.

Considerations / Recommendations:

In addressing self review threats, paragraph 100.11 says that safeguards created by the profession, legislation or regulation and safeguards in the work environment may eliminate or reduce such threats to an acceptable level. Paragraphs 100.12 to 100.15 elaborate on the nature of such safeguards.

X has also responded that there are safeguards in place against self review threat, including: 

  • the accounting function undertaken by independent book-keepers;
  • a director or manager of TCA to take charge of the accounting function from commencement of accounting/book-keeping work up to client sign-off;
  • the process / protocol initialed and filed separately in an accounting file; prior to releasing the file to the audit practice.

In addition to the above safeguards, TCA should also ensure that clients understand that the two practices are separate entities, through issuing separate engagement letters from TCA to all the audit clients of X’s audit practice for TCA’s accounting / non audit services.