Examples of Matters in Peer Reviews 

    Examples of Matters in Peer Reviews

    Engagements with Year-Ends between 12/31/13 and 3/31/15[1]


    The AICPA is using data collected during peer reviews to learn about trouble spots and is developing resources within the AICPA that will allow firms to have a more focused remedy for their findings.  Our ultimate goal is to assist firms with the hurdles they’ve faced in the past, provide them with tools to drive up their quality and overall “up the game on quality” in the profession. 


    See below for examples of matters related to the following areas:
    Professional Standards

    Clarified Auditing Standards

    Accounting and Review Services

    Attestation Standards

    Code of Professional Conduct

    Statements on Quality Control

    FASB Accounting Standards Codification

    Practice Areas

    Governmental, A-133, and HUD



    Service Organization Control Reports

    Banking, including FDICIA

    Not for profit


    Professional Standards

    Clarified Auditing Standards

    ·         Failure to conform the auditor’s report to the clarified auditing standards requirements

    ·         Failure to date the auditor’s report appropriately, such as dating the report significantly earlier than the date of the review of the workpapers and the release date

    ·         Failure to appropriately document planning procedures, including:

    o   Risk assessment (and linkage of risks to procedures performed)

    o   Planning analytics

    o   Understanding of IT environment

    o   Internal control testing

    ·         Failure to appropriately address fraud considerations

    ·         Failure to obtain appropriate management representation letters.  Matters included failure to:

    o   Update the letter in conformity with the clarified auditing standards requirements

    o   Date the letter appropriately

    o   Include appropriate financial statement periods

    o   Include required representations

    ·         Failure to communicate and/or document required communications with those charged with governance

    ·         Failure to include audit documentation that contains sufficient competent evidence to support the firm's opinion on the financial statements

    ·         Failure to address the reason(s) accounts receivable were not confirmed

    ·         Failure to adequately document sampling methodology

    ·         Failure to document consideration of the group audit standard when a component unit was audited by another auditor


    Accounting and Review Services


    ·         Failure to prepare reports in accordance with professional standards.  The following matters were noted:

    o   Not updated for SSARS 19

    o   No headings on the report

    o   Inappropriate titles or lack of a title

    o   No explanation of the degree of responsibility the accountant is taking with respect to supplementary information

    o   Failure to mention that substantially all disclosures are omitted

    ·         Failure to obtain an engagement letter or failure to contain all elements (e.g. objectives of the engagements) required by SSARS 19

    o   Other miscellaneous matters were noted relative to the engagement letter including failure to note the lack of independence or the letter referred to GAAP on an engagement performed in accordance with a special purpose framework.

    ·         Failure to appropriately label select disclosures as “Selected Information – Substantially All Disclosures Required by [Applicable Financial Reporting Framework] Are Not Included”



    ·         Failure to obtain appropriate management representation letters.  Matters included failure to:

    o   Update the letter in conformity with the clarified auditing standards requirements

    o   Date the letter appropriately

    o   Include appropriate financial statement periods

    ·         Failure to update reports in conformity with SSARS 19 or to include inappropriate titles

    ·         Failure to obtain an engagement letter or revise the letter for SSARS 19

    ·         Failure to report the degree of responsibility taken with respect to supplementary information presented in the financial statements

    ·         Failure to document expectations or the comparison of expectations to recorded amounts for analytical procedures


    General SSARS

    ·         Failure to cover all of the periods or the correct periods presented in the financial statements in the accountant’s report


    Attestation Standards

    (Note:  Most MFCs in this area are related to AUPs or SOCs.  SOC related MFCs are included in the practice area section below.) 

    ·         Failure to include the following in an AUP report:

    o   A title

    o   The word “Independent” in the title

    o   Reference of the AICPA attestation standards

    o   A statement that the sufficiency of the procedures is solely the responsibility of the specified parties and a disclaimer of responsibility for the sufficiency of those procedures

    o   Identification of the subject matter or the engagement or written assertion or the character of the engagement.

    ·         Failure to include all elements required by attestation standards in the engagement letter

    ·         Failure to provide sufficient documentation to understand the nature, timing, extent and results of the attest procedures performed as well as who performed and reviewed the work


    Code of Professional Conduct

    ·         Failure to establish and document in writing the understanding with the client with regard to non-attest services provided

    ·         Failure to address management’s responsibilities to oversee and evaluate the results of the services performed

    ·         Failure to collect fees for professional services provided more than one year prior to the date of the current report


    Statements on Quality Control

    ·         Leadership Responsibilities for Quality within the Firm

    o   Failure to have a written quality control document in accordance with SQCS 8

    o   Failure to communicate quality control policies and procedures with staff

    o   Failure to devote sufficient resources for the support of its quality control policies and procedures

    ·         Relevant Ethical Requirements

    o   Failure to obtain written confirmation on independence for all personnel

    ·         Acceptance & Continuance

    o   Failure to obtain a license in all states where engagements were accepted

    o   Failure to evaluate the risk of performing an engagement in a specialized industry and/or to obtain the necessary knowledge of current standards in specialized areas prior to performance of the audit.

    ·         Human Resources

    o   Failure to design policies that ensure partners and staff obtain appropriate CPE to meet state board requirements, membership requirements, etc.

    o   Failure to design polices to require relevant CPE for levels of service and industries of engagements performed

    o   Failure to maintain current licenses within all jurisdictions the firm practices

    ·         Engagement Performance

    o   Failure to establish appropriate criteria for Engagement Quality Control Review (EQCR)

    o   Failure to perform EQCR on engagements that meet the firm’s criteria

    o   Failure to maintain current quality control materials for the performance of engagements

    o   Failure to establish a policy for the retention of engagement documentation

    ·         Monitoring

    o   Failure to design appropriate policies and procedures for the completion of monitoring

    o   Failure to include all elements of quality control in monitoring procedures

    o   Failure to document the results of monitoring and inspections


    FASB Accounting Standards Codification

    ·         Failure to disclose tax years that remain subject to examination by major tax jurisdictions and disclosure of uncertain tax positions

    ·         Failure to disclose the date through which subsequent events were evaluated

    ·         Failure to correctly classify cash flows, present gross amounts instead of net, and identify non-cash transactions on the cash flow statements

    ·         Failure to appropriately disclose related-party transactions, debt maturation schedules and significant estimates

    ·         Failure to appropriately disclose fair value hierarchy of investments, description of the levels, description of the assumption methods used and tabular presentation of amounts

    ·         Failure to perform sufficient procedures or sufficiently document the procedures to obtain assurance of the fair value measurements


    Practice Areas

    Issues noted above related to professional standards and FASB Accounting Standards Codification were prevalent in each of these practice areas.  Matters included in this section are those trends identified for each specific practice area.


    Governmental, A-133, and HUD


    ·         Failure to include all of the required elements of professional standards in the Independent Auditor’s Report including the following omissions: reference to the engagement being performed in accordance with Government Auditing Standards, identification of the governmental entity’s major funds and opinion units presented, and addressing supplemental information and required supplemental information, reference to prior year financial statements when comparative years are presented, reference to the Yellow Book Internal Control report

    ·         Failure to include all of the required elements of professional standards in the Auditor’s Report on Internal Control over Financial Reporting and on Compliance and Other Matters including: omitted “Independent” from report title, omitted or incorrect reference to material weaknesses or significant deficiencies included in the Schedule of Findings and Questioned Costs, indication that there were no significant deficiencies identified, omitted a clause stating that the entity's responses were not audited and that the auditor expresses no opinion on those responses, and omitted purpose alert

    ·         Failure to follow the Uniform Reporting Standards and current reporting format for HUD financial statements in accordance with the HUD Consolidated Audit Guide

    ·         Failure to prepare an engagement letter or issue an agreed upon procedures report related to REAC submissions


    Disclosure and Presentation

    ·         Failure to present the financial statements in  accordance with professional standards including Equity and Net Asset presentation and reconciliations, presentation of funds, missing significant policy footnotes, missing disclosures related to fair value, debt, impairment of fixed assets and improper financial statement titles

    ·         Failure to properly implement GASB 65, properly present deferred inflows and outflows, or modify accountant’s report for failure to write off unamortized bond issuance cost

    ·         Failure to use proper terminology required by GASB standards including net position, classifications of fund balance and net position, deferred inflows/outflows

    ·         Failure to include the REAC financial data templates as supplemental information as required by HUD


    Documentation and Performance

    ·         Failure to properly document independence considerations required by Yellow Book including the evaluation of management’s skills, knowledge, and experience to effectively oversee nonaudit services performed by the auditor, evaluation of threats, and safeguards applied to reduce threats to an acceptable level

    ·         Failure to meet the Yellow Book CPE requirements including 80 hours of A&A and 24 hours of Yellow Book specific courses

    ·         Failure to document required communications with those charged with governance, including proper communication of internal control findings

    ·         Failure to ensure that the written representations from the audited entity contained all applicable elements including the following: representations tailored to the entity and governmental audit regarding federal awards, and representations covering both years when comparative financial statements are presented. Also improper consideration of the date of the representations in relation to the audit report

    ·         SINGLE AUDIT:  Failure to identify and test sufficient and appropriate major programs. These errors were the result of using preliminary expenditures when the final expenditures resulted in a high risk Type A program, failure to cluster, failure to properly perform Type A and Type B program risk assessments, failure to group programs with the same CFDA number, and incorrect determination of the auditee as low-risk resulting in insufficient coverage

    ·         SINGLE AUDIT: Failure to document an understanding of internal control over compliance of federal awards sufficient to plan the audit to support low assessed level of control risk for major programs, including consideration of risk of material noncompliance (materiality) related to each compliance requirement and major program

    ·         SINGLE AUDIT: Failure to document the adequacy of the planned sample size for test of controls over compliance to achieve a low level of control risk

    ·         SINGLE AUDIT: Failure to document the testing of controls and compliance for the relevant assertions related to each compliance requirement with a direct and material effect for the major program



    ·         Failure to sufficiently document allocation of investment income to participant accounts

    ·         Failure to sufficiently perform participant testing related to demographic data and payroll

    ·         Failure to sufficiently perform and document reliance on SOC 1 reports

    ·         Failure to reconcile the sum of participant accounts with total net assets available for benefits for defined contribution plans

    ·         Failure to sufficiently perform procedures related to benefit payment testing including evaluating participant’s eligibility, examining approvals and recalculation of benefit amounts

    ·         Failure to disclose significant plan information, such as identification of investments that represent 5 percent or more of total net assets, reported related party (party in interest) transactions and prohibited transactions between a plan and a party in interest

    ·         Failure to present the Statements of Net Assets Available for Benefits in comparative form




    ·         Failure to comply with SEC Independence Rules, including not preparing financial statements for clients

    ·         Failure appropriately report on internal controls, including using the non-carrying format for a carrying firm, outdated definitions of internal control and restrictions of the report to management and regulations

    ·         Failure to use a broker-dealer specific financial statement checklist thus missing required disclosures

    ·         Failure to take a haircut for receivables due more than 30 days in the calculation of net capital

    ·         Failure to provide required supplemental schedule regarding reserves for custody and possession or to disclose exemption from the schedules

    ·         Failure to lock down working papers after 45 days as required by the SEC

    ·         Failure to expand revenue testing in a control environment that did not maintain a control record of trade date

    ·         Failure to obtain sufficient CPE for current knowledge of broker-dealer audits

    ·         Failure to perform sufficient revenue testing by placing too much reliance on a SOC 1 report


    Specific for Audits under PCAOB Standards

    ·         Failure to comply with PCAOB requirements for an Engagement Quality Control Review

    ·         Failure to eliminate a report on internal control that is not applicable to broker-dealer audits for periods ending June 1, 2014 or later

    ·         Failure to provide or document the required communications with the audit committee (or board)


    Service Organization Control (SOC) Reports

    ·         Failure to obtain the experience and training required under SSAE 16 to properly complete a Service Organization Control Report

    ·         Failure to include required elements in the report such as:

    o   Management assertions

    o   Complementary user entity controls

    o   Carve outs

    o   Criteria for the principles being opined on

    ·         Failure to have sufficient working paper support for information included in the report, such as lack of or poor documentation of:

    o   Procedures to assess the nature, timing, and extent of the procedures (specifically sampling methodology)

    o   Procedures to test carve outs

    o   Procedures to support the Other Information included in the report

    o   Procedures to assess the suitability criteria to evaluate whether management’s description of the service organization’s system is fairly presented

    ·         Failure to sufficient test controls, including:

    o   Failure to address the elements of the control, all IT general controls and change management controls

    o   Failure to document which controls at the service organization were necessary to achieve the control objectives stated in management's description of the service organization's system and assess whether those controls were suitably designed to achieve the control objectives


    Banking, including FDICIA

    ·         Failure to include all elements required by professional standards in the accountant’s report on internal controls

    ·         Failure to understand and comply with the independence rules applicable to these engagements, i.e. SEC independence rules do not allow the auditor to also prepare the client’s financial statements

    ·         Failure to properly disclose:

    o   Impaired loans and the policy for recognizing interest income on the impaired loans, including how cash receipts are recorded

    o   Valuation allowances or changes in allowances, and related segmentation information of the loan portfolio

    o   Consolidated capital ratios and requirements

    o   that the entity was subject to expanded regulatory supervision and why

    o   OREO's and goodwill in the fair value footnote as a non-recurring measurement item

    o   Credit quality disclosures related to loans receivable  

    o   Loan servicing fees including the amount of contractual fees and assumptions used to estimate the fair value of the fees

    ·         Failure to perform sufficient audit testing of real estate lending including inadequate quantitative information such as aging, past due status, or historical charge-offs.  Similarly, insufficient audit testing of foreclosed property data, including inadequate testing of current year additions, analysis of fair value/carrying value

    ·         Failure to perform sufficient audit testing of certain subjective, qualitative components of the allowance for loan loss, and retrospective review of the allowance for loan loss for bias

    ·         Failure to obtain a management representation letter with representations specific to financial institutions

    ·         Failure to adequately document testing of member shares and loans receivable, including confirmations and compliance with FASB ASC 310-20 



    ·         Failure to also perform and report under U.S. GAAS when an audit is performed under PCAOB standards for a non-SEC issuer not under the PCAOB’s jurisdiction


    Not for profit

    ·         Failure to disclose open tax years because the firm believed the disclosure was not required for tax-exempt entities

    ·         Failure to properly classify net assets as unrestricted, temporarily restricted and permanently restricted

    ·         Failure to adequately disclose the nature, amounts and types of net asset restrictions

    ·         Failure to disclose policies regarding donated goods and services

    ·         Failure to refer to the Statement of Functional Expenses in the report

    ·         Failure to properly expense classifications on the Statement of Functional Expenses.

    [1] Due to the timing of when peer reviews are performed, there is a lag between the year-end of the engagement and when a matter is included in this report.  Peer reviews are due 6 months after a firm’s peer review year end.  A firm’s peer review would cover engagements with year ends during the peer review year (report dates for projections and AUPs).  As an example, if a firm’s peer review year is January 1, 2014 to December 31, 2014 its peer review is not due until June 30, 2015.  Therefore a January 31, 2014 year end audit would not be included in the MFC data until approximately June 30, 2015.  However, a December 31, 2014 year end audit in the same scenario would be included in the MFC data around June 30, 2015 as well.  Refer to www.aicpa.org/prsummary for more information about peer review.


    We prepare our analysis on MFCs for engagements with year ends (report dates for projections and AUPs) from the most recently accepted peer reviews, generally within the last 15 months.  By using a 15 month period, we can ensure we are providing information based on the most recent engagements, including a calendar year end. 


    A A A

    Copyright © 2006-2015 American Institute of CPAs.