Whether independence is impaired in fact or in appearance would depend on several factors. Consulting advice on "governance" may involve issues that are very high-level in nature or may involve detailed analysis and advice related to internal control, management reporting systems and structure and responsibilities of Board committees, including audit committees.

Accordingly, there are several threats to independence that may arise from the provision of such advice:

• to the extent that such consulting arrangements could result in the auditor effectively "auditing his or her own work", there is a self-review threat;

• to the extent that the provision of such services might allow the auditor to develop too close a relationship with management, the Board or the Audit Committee, there is the possibility of a familiarity threat;

• in some cases, the firm may be in a situation where it risks assuming the role of advocate for the client. For example, where the firm provides governance consulting advice to a client and assists the client in supporting a submission based on that advice in order to satisfy the requirements set by a regulatory body, it may be seen to be advocating on behalf of the client; and

• to the extent that the consulting contract may be very lucrative for the firm, there exists the possibility of self-interest or intimidation threats.

Although the rules do not specifically contemplate the question of impairment of independence related to the provision of governance consulting services, there is some guidance in paragraphs 127 through 131 of the Council Interpretation (CI) to Rule 204. In paragraph 128, the CI provides some guidance as to what safeguards may be put in place to protect against possible impairment that may be caused by the provision of non-assurance services. These safeguards include:

• implementing policies to ensure that the firm is not making management decisions for the client;

• discussing possible impairment with the audit committee;

• ensuring the existence of and adherence to policies for proper client oversight of the provision of such services;

• obtaining acknowledgment of the client's responsibility for decisions taken as result of the work performed by the firm;

• segregating the staff on the consulting engagement from the staff on the assurance engagement team.

CI paragraph 131 also recognizes that engagements to assess and provide recommendations with respect to improvements in internal control procedures would not necessarily impair independence. However, paragraphs 154 through 160 deal more specifically with this type of consulting engagement. In particular, members should be aware that the magnitude of the auditor's involvement in internal control and related activities may present a threat to independence.

In short, members who are considering performing a "governance consulting" engagement for an audit client are not precluded from accepting such an engagement by a specific prohibition. Accordingly, those members must identify the threats to their independence, evaluate the availability and effectiveness of safeguards to protect against those threats, exercise professional judgment in assessing whether the acceptance of such an engagement impairs independence in fact or appearance and document that evaluation.

In the absence of a prohibition in a given situation, the member or firm must rely on the exercise of professional judgment in the circumstances. The Council Interpretations are offered as guidance to members to assist in the exercise of that professional judgment.

Rule 204.4(22)(a) says "A member shall not perform an assurance engagement for an entity if, during the engagement period, a member of the member's firm makes a management decision or performs a management function for the entity, including:
(i) authorizing, approving, executing or consummating a transaction; [Emphasis added]

Rule 204.4(23) says "A member shall not perform an audit or review engagement for an entity if, during either the period covered by the financial statements subject to audit or review or the engagement period, a member of the member's firm or a network firm:
(i) ….
(ii) prepares a source document or originating data, or makes a change to such a document or data. [Emphasis added]

The Council Interpretations to Rule 204 in paragraph 137 says, "A source document is an initial recording or original evidence of a transaction. Examples of source documents are purchase orders, payroll time cards, customer orders, invoices, disbursement approvals, signed cheques and written contracts." [Emphasis added]

As well as the Rules set out above, there would be a significant self review threat where a partner of the firm actually signed a cheque.

The consensus view is that it is a general prohibition and that adequate safeguards could not be applied to reduce the threat to an acceptable level in such circumstances, so the firm should not provide an assurance service to the client. If a compilation engagement could serve the client needs, the nature and extent of the apparent impairment of independence would need to be disclosed in an additional paragraph to the Notice to Reader.