Examples of Matters in Peer Reviews 


    Examples of Matters in Peer Reviews

    Engagements with Year-Ends between 4/30/13 and 6/30/14[1]

     

    The AICPA is using data collected during peer reviews to learn about trouble spots and is developing resources within the AICPA that will allow firms to have a more focused remedy for their findings.  Our ultimate goal is to assist firms with the hurdles they’ve faced in the past, provide them with tools to drive up their quality and overall “up the game on quality” in the profession. 

     

    See below for examples of matters related to the following areas:

    Professional Standards

    Clarified Auditing Standards

    Accounting and Review Services

    Attestation Standards

    Code of Professional Conduct

    Statements on Quality Control

    FASB Accounting Standards Codification

    Practice Areas

    Governmental, A-133, and HUD

    ERISA

    Broker-Dealers

    Service Organization Control Reports

    Banking, including FDICIA

    Not for profit

     

    Professional Standards

    Clarified Auditing Standards

    ·         The auditor's report was dated significantly earlier than the date of the review of the workpapers and the release date.

    ·         Failure to appropriately document planning procedures, including risk assessment (and linkage of risks to procedures performed), planning analytics, and internal control testing

    ·         Representation letters that were dated incorrectly, did not cover the appropriate periods or were missing required representations.

    ·         Failure to communicate and/or document required communications with those charged with governance.

    ·         The audit documentation did not contain sufficient competent evidence to support the firm's opinion on the financial statements.

     

    Accounting and Review Services

    Compilations

    ·         Reports were not prepared in accordance with professional standards.  The following matters were noted:

    o   Not updated for SSARS 19

    o   No headings on the report

    o   Inappropriate titles

    o   No explanation of the degree of responsibility the accountant is taking with respect to supplementary information.

    o   Failure to mention that substantially all disclosures are omitted

    ·         Failure to obtain an engagement letter or revise the letter for SSARS 19.

    o   Other miscellaneous matters were noted relative to the engagement letter including failure to note the lack of independence or the letter referred to GAAP on an OCBOA engagement.

     

    Reviews

    ·         Representation letters that were dated incorrectly or did not cover the appropriate periods.

    ·         Reports were not updated for SSARS 19 or had inappropriate titles

    ·         Failure to obtain an engagement letter or revise the letter for SSARS 19

     

    Attestation Standards

    (Note:  Most MFCs in this area are related to AUPs or SOCs.  SOC related MFCs are included in the practice area section below.)

    ·         Various matters were identified related to AUP reports, most frequently failure to include the word “independent” in the report title. 

    ·         Other report matters included failure to include:

    o   A title

    o   Reference of the AICPA attestation standards

    o   A statement that the sufficiency of the procedures is solely the responsibility of the specified parties and a disclaimer of responsibility for the sufficiency of those procedures

    o   Identification of the subject matter or the engagement or written assertion or the character of the engagement.

    ·         Failure to include all elements required by attestation standards in the engagement letter.

     

    Code of Professional Conduct

    ·         Failure to establish and document in writing their understanding with the client with regard to non-attest services provided.

     

    Statements on Quality Control

    ·         Monitoring

    o   QC document did not include monitoring procedures

    o   Monitoring procedures did not include review of all elements of quality control

    o   Results of monitoring and inspections were not documented

    ·         Engagement Performance

    o   Criteria for Engagement Quality Control Review not established

    o   EQCR not performed on engagements that meet the firm’s criteria

    ·         Human Resources

    o   Policies not sufficient to ensure partners and staff obtain appropriate CPE

    o   Policies not set to require relevant CPE for levels of service and industries of engagements performed

    ·         Leadership Responsibilities for Quality Within the Firm

    o   Failure to have a written quality control document in accordance with SQCS 8

     

    FASB Accounting Standards Codification

    ·         No disclosure of tax years that remain subject to examination by major tax jurisdictions and disclosure of uncertain tax positions

    ·         No disclosure of the date through which subsequent events were evaluated

    ·         Incorrect classifications, net amounts instead of gross and non-cash transactions on the cash flow statement

    ·         Long-term debt was not segregated into current and long-term portions.

    ·         Missing or insufficient sinking funds disclosure, term, interest rate, maturity, covenants and collateral, if any, for a note payable.

    ·         Missing or insufficient fair value disclosures related to fair value hierarchy of investments, description of the levels, descriptions of the methods used and tabular presentation of amounts.  Also included insufficient procedures and documentation regarding the procedures to obtain assurance of the fair value measurements.

     

    Practice Areas

    Issues noted above related to professional standards and FASB Accounting Standards Codification were prevalent in each of these practice areas.  Matters included in this section are those trends identified for each specific practice area.

     

    Governmental, A-133, and HUD

    Reporting

    ·         Failure to include all of the required elements of professional standards in the Independent Auditor’s Report including the following omissions: reference to the engagement being performed in accordance with Government Auditing Standards, identification of the governmental entity’s major funds and opinion units presented, and addressing supplemental information and required supplemental information, reference to prior year financial statements when comparative years are presented, reference to the Yellow Book Internal Control report.

    ·         Failure to include all of the required elements of professional standards in the Auditor’s Report on Internal Control over Financial Reporting and on Compliance and Other Matters including: omitted “Independent” from report title, omitted reference to material weaknesses or significant deficiencies included in the Schedule of Findings and Questioned Costs, indication that there were no significant deficiencies identified, omitted a clause stating that the entity's responses were not audited and that the auditor expresses no opinion on those responses, and omitted purpose alert.

     

    Disclosure and Presentation

    ·         Failure to present the financial statements in  accordance with professional standards including Equity and Net Asset presentation and reconciliations, presentation of funds, missing significant policy footnotes, and financial statement titles.

     

    Documentation and Performance

    ·         Failure to properly document independence considerations required by Yellow Book including the evaluation of management’s skills, knowledge, and experience to effectively oversee nonaudit services performed by the auditor, evaluation of threats, and safeguards applied to reduce threats to an acceptable level.

    ·         Failure to meet the Yellow Book CPE requirements including 80 hours of A&A and 24 hours of Yellow Book specific courses.

    ·         Failure to document audit planning and procedures including consideration of IT systems, testing of significant accounts and transactions, fraud procedures, internal controls, and linkage of risk assessment to procedures performed.

    ·         Failure to document required communications with those charged with governance.

    ·         Failure to ensure that the written representations from the audited entity contained all applicable elements including the following: representations tailored to the entity and governmental audit regarding federal awards, and representations covering both years when comparative financial statements are presented.

    ·         SINGLE AUDIT:  Failure to identify and test sufficient and appropriate major programs. These errors were the result of using preliminary expenditures when the final expenditures resulted in a high risk Type A program, failure to cluster, and failure to group programs with the same CFDA number.

    ·         SINGLE AUDIT: Failure to document an understanding of internal control over compliance of federal awards sufficient to plan the audit to support low assessed level of control risk for major programs, including consideration of risk of material noncompliance (materiality) related to each compliance requirement and major program.

    ·         SINGLE AUDIT: Failure to document the adequacy of the planned sample size for test of controls over compliance to achieve a low level of control risk.

    ·         SINGLE AUDIT: Failure to document the testing of controls and compliance for the relevant assertions related to each compliance requirement with a direct and material effect for the major program.

     

    ERISA

    ·         Missing or insufficient documentation of allocation of investment income to participant accounts.

    ·         Insufficient participant testing related to demographic data and payroll.

    ·         Insufficient procedures and documentation for reliance on SOC 1 reports.

    ·         Supplemental schedules required by ERISA and DOL regulations are not presented in the prescribed format.

     

     

    Broker-Dealers

    ·         Failure to comply with SEC Independence Rules, including not preparing financial statements for clients

    ·         Audit reports inappropriately referenced use of the PCAOB standards to perform the audits (when SAS were followed)

    ·         Audit reports on internal controls were not appropriate, including using the non-carrying format for a carrying firm, outdated definitions of internal control and restrictions of the report to management and regulations

    ·         Failure to use a broker-dealer specific financial statement checklist thus missing required disclosures

     

    Service Organization Control (SOC) Reports

    SOC 1

    ·         The service auditor lacked the experience and training required under SSAE 16 to properly complete a Service Organization Control Report.

    ·         The client acceptance, the description of controls and the audit documentation omitted reference to the need for complimentary user controls if any exist, the risks that threaten the achievement of the control objectives and the linkage between the controls included in the control description, and the proper identification of subservice organizations and related services and ultimate use of the carve out method.

    ·         The information included in the report did not have sufficient support in the workpapers, such as

    o   No documentation to assess the nature, timing, and extent of the procedures (specifically sampling methodology)

    o   Control testing did not address the elements of the control, all IT general controls and change management controls

    o   No documentation of procedures to support the Other Information included in the report

    ·         Incorrect references included or incorrect language used in the report including user controls, carve outs, and other information.

     

    SOC 2

    ·         The report issued included non-standard wording regarding complementary user entity controls

     

    Banking, including FDICIA

    ·         Failure to include all elements required by professional standards in the accountant’s report on internal controls

    ·         Failure to understand and comply with the independence rules applicable to these engagements, i.e. SEC independence rules do not allow the auditor to also prepare the client’s financial statements

    ·         Failure to properly disclose:

    o   valuation allowances and related segmentation information of the loan portfolio

    o   consolidated capital ratios and requirements

    o   that the entity was subject to expanded regulatory supervision and why

    o   OREO's and goodwill in the fair value footnote as a non-recurring measurement item

    ·         Insufficient audit testing of real estate lending including inadequate quantitative information such as aging, past due status, or historical charge-offs.  Similarly, insufficient audit testing of foreclosed property data, including inadequate testing of current year additions, analysis of fair value/carrying value.

    ·         Insufficient audit testing of certain subjective, qualitative components of the allowance for loan loss, and retrospective review of the allowance for loan loss for bias.

    ·         Management representation letter did not contain representations specific to financial institutions.

     

    Not for profit

    ·         Open tax years were not disclosed because the firm believed the disclosure was not required for tax exempt entities

    ·         Net assets not properly classified as unrestricted, temporarily restricted and permanently restricted

    ·         Inadequate disclosure of the nature, amounts and types of net asset restrictions

    ·         Policies regarding donated goods and services not disclosed

    ·         Auditors’ report did not refer to the Statement of Functional Expenses

    ·         Improper expense classifications on the Statement of Functional Expenses



    [1] Due to the timing of when peer reviews are performed, there is a lag between the year-end of the engagement and when a matter is included in this report.  Peer Reviews are due 6 months after a firm’s peer review year end.  A firm’s peer review would cover engagements with year ends during the peer review year (report dates for projections and AUPs).  As an example, if a firm’s peer review year is January 1, 2013 to December 31, 2013 its peer review is not due until June 30, 2014.  Therefore a January 31, 2013 year end audit would not be included in the MFC data until approximately June 30, 2014.  However, a December 31, 2013 year end audit in the same scenario would be included in the MFC data around June 30, 2014 as well.  Refer to www.aicpa.org/prsummary for more information about peer review.

     

    We prepare our analysis on MFCs for engagements with year ends (report dates for projections and AUPs) from the previous 15 months.  By using a 15 month period, we can ensure we are providing information based on the most recent engagements, including a calendar year end.  Since this is a new process, we’ve combined the last two reports (15 month periods ending April 1 and July 1, 2015) and consolidated the information.

     




    A A A


     
    Copyright © 2006-2014 American Institute of CPAs.