November 7, 2009
 
About the AICPA
Member Service Center
Membership Information
AICPA Mission
Corporate Governance
Understanding the Organization
Frequently Asked Questions
Media Center
People and Places
Jobs at the AICPA
Vision Project
Legal Briefs
Professional Resources
Accounting and Auditing
Accounting and Auditing Technical Help
Accounting Standards
Audit and Attest Standards
Audit Committee Effectiveness Center
Authoritative Standards
Business Reporting Assurance & Advisory Services
Enhanced Business Reporting
FASB Accounting Standards Codification
IFRS
Private Company Financial Reporting
Sarbanes-Oxley Resources
SEC Regulations Committee
XBRL
Tax
Business, Industry, and Government
Financial Management Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Public Accounting Firm Resources
Center for Audit Quality
Employee Benefit Plan Audit Quality Center
Governmental Audit Quality Center
PCPS Firm Practice Center
Small Firm Corner
Peer Review
AICPA Peer Review Program
Peer Review Public File
National Peer Review Committee
Peer Review Transparency
Professional Ethics/Code of Conduct
Code of Conduct
Disciplinary Actions
Professional Ethics
Personal Financial Planning
Forensic and Valuation Services
Information Technology
Antifraud Resource Center
Financial Literacy
Exposure Drafts
CPA Marketing Toolkit
Public Meeting Notices
Conferences, Publications, CPE & the AICPA Library
AICPA Conferences
CPE
Publications
AICPA Library
Magazines and Newsletters
The CPA Letter
Journal of Accountancy
Journal of Accountancy Classified Ads
Newsletters
The Tax Adviser
Weekly News Updates
Copyright Information
Becoming a CPA/Academic Resources
Accounting Education Center
Students and CPA Candidates
Minority Initiatives
Start Here. Go Places.
Career Development and Workplace Issues
What's New
Career Advice
Job Search Tools
Mentoring Guidelines
Women in the Profession
Work-Life Balance
Young CPA Network
Consumer Information
360 Degrees of Financial Literacy
Antifraud Resource Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Disciplinary Actions
Find a CPA
Peer Review Firm Terminations
Peer Review Public File
Web Trust
Media Center and Video Library
Media Center
Video Library
Legislative Activities and State Licensing Issues
Congressional and Federal Affairs
Mobility and State Licensing Issues
State News and Info
Home > Professional Resources > Business, Industry, and Government > Audit Committee Effectiveness Center > Not-for-Profit Organizations Toolkit >Peer Review of CPA Firms: An Overview
 
  Peer Review of CPA Firms: An Overview
 



From The AICPA Audit Committee Toolkit. Copyright © 2005 by the American Institute of Certified Public Accountants, Inc., New York, New York.

Purpose of This Tool. This tool is prepared to inform audit committee members about the practice-monitoring programs over the accounting and auditing practices of the substantial majority of CPA firms. This tool is intended to help audit committee members understand the obligations and oversight of CPA firms, and thereby gauge the suitability of the CPA firm for the not-for-profit entity.

Peer review requirements for CPA firms have changed considerably over the years. Currently, most CPA firms undergo a review of their accounting and auditing practice at least once every three years. However, the requirements vary, and not all firms have peer reviews. The audit committee should be aware of when peer reviews are required and what assurance is provided by having a peer review.

Peer Review of a CPA Firm

Peer reviews are required of all CPA firms that are members of the AICPA. However, some CPA firms are not members, thereby avoiding a peer review, which may be a consideration for the audit committee. Some state boards of accountancy require peer reviews for all licensed firms. For not-for-profit organizations subject to OMB Circular A-133 (Single Audit), that is, those expending $500,000 of federal awards, the auditing firm is required to have a peer review every three years and submit a copy of the peer review report letter to the not-for-profit organization (NPO).

A peer review of a CPA firm can be used by an audit committee as a tool to assess whether the CPA firm it hires or is considering hiring:

  1. Has a system of quality control for its accounting and auditing practice that has been designed to meet the requirements of the AICPA's Statements on Quality Control Standards (SQCSs).

    2.  
  2. Is complying with that system of quality control during the peer review year to provide the firm with reasonable assurance of complying with professional standards.

The AICPAs standards regarding quality control provide requirements in the areas of auditor independence, integrity, and objectivity; audit personnel management; acceptance and continuance of audit clients and engagements; audit engagement performance; and firm quality control monitoring. Professional standards include generally accepted auditing standards (GAAS), generally accepted accounting principles (GAAP), generally accepted government auditing standards (GAGAS), and the standards on auditor independence.

To conduct its peer review, a CPA firm will engage another CPA firm, a CPA firm group, or a state peer review committee to perform the review. However, in selecting its peer reviewer, the reviewing CPA firm must be independent of the CPA firm being reviewed and must be qualified to perform the review, including matching industry experience. The peer review committee (the body responsible for evaluating and accepting peer reviews) monitors firm independence and approves the peer review team before the peer review taking place.

Types of Peer Reviews

There are three different levels of peer reviews, under the AICPA Peer Review Program:

  1. A system peer review is an on-site review required for firms performing audits and/or examinations of prospective financial statements.

    2.  
  2. An engagement peer review is performed (off-site) when the CPA firm’s highest level of service is a review of financial statements or compilation of financial statements with disclosures.

    3.  
  3. A report peer review is performed for firms performing only compilations without disclosures.

Accordingly, for an audit engagement the audit committee should ascertain that the CPA or firm has had the appropriate system-level peer review.

Peer Review Reports

For system peer reviews, there are three types of peer review reports:

  1. An unmodified report means that the reviewed firm's system of quality control has been designed to meet the requirements of the quality control standards for an accounting and auditing practice and the system was being complied with during the peer review year to provide the firm with reasonable assurance of conforming with professional standards.

    2.  
  2. A modified report means that the design of the firm's system of quality control created a condition in which the firm did not have reasonable assurance of conforming with professional standards in certain instances, or that the firm's degree of compliance with its quality control policies and procedures did provide it with reasonable assurance of conforming with professional standards, except for certain instances.

    3.  
  3. An adverse report means that there are significant deficiencies in the design of the firm's system of quality control, pervasive instances of noncompliance with the system as a whole, or both, resulting in material failures to adhere to professional standards on engagements.

Modified reports, and usually unmodified reports, are accompanied by a letter of comments issued by the peer reviewer. A letter of comments describes matters that the peer reviewer believes resulted in conditions in which there was more than a remote possibility that the firm would not comply with professional standards and sets forth recommendations regarding those matters. A letter of comments is not prepared when an adverse report is issued because all deficiencies, comments, and recommendations are contained in the report itself.

Effective January 1, 2005, new peer review requirements specify that the peer review report must identify any specialized industriesfor example, SEC, Single Audit, or GASBand the peer review report must specify deficiencies, if any, by industry. In addition, the reviewed firm must submit a representation letter to the peer reviewer.

The reviewed firm is required to respond in writing (called the letter of response) to the peer reviewer's comments on matters in the peer review report and/or in the letter of comments. The response describes the actions taken or planned with respect to each matter in the report and/or the letter.

It is recommended that the NPO audit committee request a copy of the auditor's latest peer review report and letter of comments, if any, and letter of response thereto, and discuss them with the auditor. If a report is modified or adverse, the audit committee should consider the reasons as part of its assessment of whether it should engage or continue to engage the auditor.

Common Misconceptions of Peer Review

  1. Fiction: A peer review evaluates every engagement audited by a CPA firm. Fact: A peer review is performed using a risk-based approach. A peer reviewer must review a sufficient sample of a cross-section of engagements to obtain reasonable assurance that the reviewed firm is complying with its quality control policies and procedures. Therefore, it is possible that the review would not disclose all weaknesses in the system of quality control or all instances of lack of compliance with it.


    2.  
  2. Fiction: An unmodified report provides assurance with respect to every engagement conducted by the firm. Fact: Every engagement conducted by a firm is not included in the scope of a peer review, nor is every aspect of each engagement reviewed. The peer review includes reviewing all key areas of the engagements selected.

    3.  
  3. Fiction: If a firm receives a letter of comments, its system of quality control is inadequate. Fact: The criterion for including an item in the letter of comments is whether the item resulted in a condition being created in which there was more than a remote possibility that the firm would not comply with professional standards on accounting and auditing engagements. Because this is a very low threshold, most peer reviews result in the issuance of a letter of comments. Peer reviews are considered to be a constructive exercise toward improvement of professional practices.


Questions for the Auditor Regarding Peer Review

The following questions should be asked by the audit committee of its current or prospective auditors to gain a better understanding of the firm’s peer review experience.

Question

Yes

No

Comments

1. Is the CPA or firm subject to peer review? If not, please explain.

2. Has a peer review been performed in the last three years? If not, please explain.

 

3. Was a system type of peer review performed?

 

4. Did the peer review result in an unmodified report? If not, obtain an explanation of findings and inquire about the status of any follow-up action required by the peer review committee.

 

5. Has the firm corrected deficiencies noted in the peer review report and/or the letter of comments? If not, please explain.

 

6. Explain what the comments and recommendations in the letter of comments mean?

 

 

 

7. Did the peer review committee request any follow-up actions? If so, have these actions been carried out?

 

8. Was our organization selected for review during the peer review? (When the firm is the current auditor) If so, were any negative responses noted?

 

9. Was the engagement partner (or auditor in charge) selected for review during the peer review? If so, were any negative responses noted on audits performed by them?

 

10. Does the firm perform Single Audits? If so, were they included in the last review? If not, why not?

 

From The AICPA Audit Committee Toolkit. Copyright © 2005 by the American Institute of Certified Public Accountants, Inc., New York, New York.

  
 
To ensure that you can receive email messages from the AICPA, remember to update your member profile. Also, add the AICPA's email domains ("aicpa.org" and "email.aicpa.org") to your Sender Safe List, or contact your IT administrator to update your firm's email software.

©2006-2009 The American Institute of Certified Public Accountants, ISO 9001 Certified
AICPA Privacy Policy and Copyright Information | Jobs at the AICPA | Contact Us
AICPA, 1211 Avenue of the Americas, New York, NY 10036
Trusted Commerce