Hosting Service and Auditor Independence

AAFCPAs would like to make clients aware that the AICPA’s Professional Ethics Executive Committee (PEEC) has issued a new interpretation of AICPA’s independence rule, Hosting Service. The new interpretation, effective July 1, 2019, applies specifically to CPA firm attest clients and prohibits CPA firms from providing Hosting Services to these clients.

As you may know, attest services require independence. Attest services include: audits, reviews, compilations, and other engagements conducted in accordance with AICPA’s attestation standard, such as agreed-upon procedures, SOC 1 and SOC 2 reporting. Under the new rule, when an auditor provides Hosting Services, its independence will be impaired because the auditor is maintaining the attest client’s internal control over its data or records.

What are hosting services?

Hosting services are non-attest services and defined as a member in public practice accepting responsibility for the following:

  1. Acting as the sole host of a financial or non-financial information system of an attest client.
  2. Taking custody of or storing an attest client’s data or records whereby, that data or records are available only to the attest client from the member, such that the attest client’s data or records are otherwise incomplete.
  3. Providing electronic security or back-up services from an attest client’s data or records.

In an audit engagement, the following services are considered hosting services:

  • Depreciation, amortization, and supporting tax schedule that are “solely” maintained by the auditor.
  • Using CPA firm portal or third-party portal to store auditee’s documents, such as lease agreements or other legal documents.
  • Being the auditee’s business continuity or disaster recovery provider.

Examples of activities that are not considered hosting services are:

  • Retaining a copy of an attest client’s data or records as documentation to support a service provided by CPAs and firms in public practice.
  • Using a portal to exchange data and records with the attest client related to professional services provided by the auditor and to deliver the auditor’s work product to third parties at the attest client’s request. However, to avoid providing hosting services, auditor should terminate the attest client’s access to the data or records in the portal within a reasonable period of time after the conclusion of the engagement.
  • Having possession of a depreciation or amortization schedule prepared by the auditor, provided the schedule and calculation are given to the attest client so that the attest client’s books and records are complete.

What does this mean for you?

AAFCPAs reminds clients to review our document retention policy. Attest clients must maintain their own records and note that documents exchanged via our client portal are stored temporarily and should not be your only copy.

AAFCPAs ensures all professional team members are familiar with and adhere to relevant ethical standards and always act in the public interest.  We prohibit any transaction, event, circumstance, or action that would impair independence or violate the firm’s relevant ethical requirement policy on an attest engagement.  In addition, AAFCPAs has taken the following actions to ensure we are in compliance with the new independence rule related to hosting services:

  • If we prepare depreciation, amortization or supporting tax schedules, we give the attest client the underlying information so their records are complete.
  • To avoid storing attest client’s data or records, we remove all data and records from AAFCPAs’ portal within 120 days after upload.

If you have any questions, please contact Hui-Ting Grady, CPA, at 774.512.4106,; Matt Hutt, CPA, CGMA, at 774.512.4043,; or your AAFCPAs Partner.

About the Authors

Hui-Ting Grady
Hui-Ting has extensive experience providing assurance solutions to diverse nonprofit organizations, including: affordable housing development projects with HUD requirements, multi-service human & social services providers, and behavioral health agencies. She delivers audits in accordance with Uniform Guidance/Single Audit and Government Auditing Standards, as well as Uniform Financial Report (UFR) and other funding source regulations. Hui-Ting is a member of AAF’s Accounting and Assurance (A&A) Committee, and Revenue Recognition Task Force. She is dedicated to keeping the firm and clients apprised of regulatory changes and new pronouncements in a proactive and timely manner, as well as providing best practice recommendations for efficient and effective implementations of new accounting standards.
Matthew Hutt CPA
Matt leads AAFCPAs’ Healthcare Division, providing assurance, tax and advisory solutions for Federally Qualified Health Centers (FQHCs), behavioral health providers, home care agencies and hospices, nursing homes, and senior care living centers. Matt advises healthcare providers on consolidation and coordination of care, including the integration of behavioral health into the primary care delivery system. He also provides consulting solutions for providers transitioning to new value-based reimbursement models, and data driven patient care, including: developing business process and controls for collecting and advantaging data to provide analysis on: provider activity, delivery of care, and analysis of efficiency & cost effectiveness. Matt is also highly-sought after for his knowledge on issues related to affordable housing developers with requirements related to the US Department of Housing and Urban Development, MassHousing, Low Income Housing Tax Credits, Historical Tax Credits and New Markets Tax Credits.