Enhancing Audit Quality Initiative – Emerging Industries and Risk Areas 

The AICPA is committed to helping members maintain and enhance audit quality. The newly launched Enhancing Audit Quality initiative seeks to improve the consistency of quality across the profession by focusing firms and peer reviewers on new industries, industries with new or rising risks, audit areas of increased risk or areas that have shown to have increased inspection matters in the past. An AICPA-wide approach of communication, enhanced materials, targeted training and robust peer reviews is planned to enhance audit quality.

Further details regarding this initiative are included on the EAQ home page. The AICPA Peer Review Board has approved implementation of the Emerging Industries and Risk Areas Initiative.

The emerging industries and risk areas follow.

As it relates to nonattest services provided to audit clients, particularly with respect to evaluation of sufficiency of the client’s skills, knowledge and experience to oversee the services.

Practitioners must be independent and comply with the requirements of ET sec. 1.295 when providing nonattest services to their attest clients1ET sec. 1.295 Nonattest Services provides specific guidance to CPAs on the types of nonattest services that impair independence as well as specific safeguards that may be implemented to reduce threats to an acceptable level. Notable changes for engagements beginning on or after December 15, 2014 are that preparing financial statements, among other commonly performed functions, will constitute nonattest services and that multiple nonattest services provided to a client can increase the significance of threats.

One of the key safeguards to reduce the threat of management participation is that the client must designate an individual with suitable skill, knowledge, and/or experience (“SKE”) to assume the management responsibilities, oversee the nonattest service, evaluate the adequacy/results of the services performed, and accept responsibility for the results of the services. CPAs are expected to use their professional judgment and experience to determine whether the individual designated by the client can fulfill these responsibilities.

Access the free Nonattest Services Toolkit.

Find associated EAQ products and resources at the AICPA Store.

Sufficiency of Audit Evidence
In particular, risk assessment (including linkage to financial statement assertions), internal controls, and sampling.

Peer reviews as well as regulator inspections continue to note matters and issues in the area of sufficiency of audit evidence. These are most commonly noted among risk assessment and internal controls, where the documentation requirements are very specific, yet, involve professional judgment. Ultimately, however, the documentation should enable an experienced auditor, having no previous connection with the audit, to understand the nature, timing, extent, and results of procedures, including significant findings or issues.

In addition, sufficiency of audit evidence relates to the quality and quantity of audit evidence where an auditor uses sampling or other audit approaches that do not include testing of all transactions in an account balance or class. The documentation thereof should enable an experienced auditor, having no previous connection with the audit, to understand the nature, timing, extent, and results of procedures, including significant findings or issues.

Find associated EAQ products and resources at the AICPA Store for Internal Controls, Risk Assessment and Sampling.

To learn more about the Peer Review Focus Areas, listen to the archived webcast,
Surviving the Deep Dive - A Closer Look at the Peer Review Focus Areas. This webcast covers specifics on independence as it relates to nonattest services provided to attest clients and sufficiency of audit evidence, particularly: risk assessment, internal controls and sampling.

In addition, you can access the archived webcast, Sufficiency of Audit Evidence - a Peer Review Focus. 

Employee Benefit Plan Audits
Including audits of both ERISA and government pensions.

Regulatory and legislative developments have made it clear that there is a significant public interest in, and a higher risk associated with, audits of employee benefit plans. In addition, recent standards promulgated by GASB related to financial accounting and reporting of pensions both at the governmental plan and participating employer levels are extremely complex and will present challenges for auditors.

Find associated EAQ products and resources at the AICPA Store.

Issuers of Municipal Securities

The Securities and Exchange Commission (SEC) has brought numerous charges related to municipal securities issuers misleading investors and defrauding investors in the bond market. Many of the charges are based on materially misleading statements or improper accounting and/or disclosure for transactions in the financial statements that are included in offering documents. Accordingly, peer reviewers will be focusing on the financial statement audits of municipal issuers (such as states, local governments, and certain not-for-profit and for-profit conduit borrowers) to determine if the financial statements properly reflect GAAP and that the auditors followed professional standards.

Find associated EAQ products and resources at the AICPA Store.

Single Audit

Including A-133 and Uniform Guidance for Federal Awards.

In addition to the ongoing challenges in Yellow Book and OMB A-133 Single Audits, significant changes will be required by the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards at 2 CFR 200 (Uniform Guidance for Federal Awards). Auditors need to be aware of how the new Uniform Guidance for Federal Awards will affect current and future single audit engagements. This includes planning considerations for December 31, 2015 year-end single audits when the new audit requirements become effective, as well as other considerations for single audits of other fiscal periods ending in 2015. Most significantly, the new guidance includes changes to the major program determination, applicable compliance requirements, cost principles, and auditee administrative requirements.

Find associated EAQ products and resources at the AICPA Store.

Crowdfunding and Other Small Business Capital-Raising
(Regulation A+)

Practitioners need to be aware of final rules issued by the Securities and Exchange Commission (SEC) adopting Regulation Crowdfunding and the small business capital-raising rules known as Regulation A+. They offer issuers a simpler way to raise capital through exemption from SEC’s regular registration requirements.  These rules impose a number of requirements, including the content and reporting framework of financial statements to be provided to the SEC.


Crowdfunding allows capital raising at three different aggregate offering levels up to $1,000,000. Under Regulation Crowdfunding, financial statements filed with the SEC are required to be reviewed or audited depending on the offering level. Under these rules, a practitioner may not be aware that a client plans to use their report is in an SEC filing at the time of engagement, performance of services or when that report is issued. 


Regulation A+ rules became effective in 2015 and expand the exemption from registration for small business issuers based upon two tiers of offerings: Tier 1 is for offerings of up to $20M in a 12-month period and Tier 2 is for offerings of up to $50M in a 12-month period.  Financial statements for Tier 2 Regulation A+ issuers must be audited, and are subject to the more restrictive SEC independence requirements, which prohibit the auditor from preparing the financial statements.


The peer review board is currently considering changes to peer review standards and related guidance to address the risks associated with Regulation Crowdfunding and Regulation A+ requirements. Practitioners are encouraged to access available resources and continue to monitor this site for further developments.


For more information on Regulation Crowdfunding and Regulation A+, visit the AICPA’s new webpage.


1 This material focuses on the independence requirements of CPAs when providing nonattest services to clients under AICPA professional standards. Some regulatory bodies, such as the SEC, PCAOB and GAO, have established independence requirements that may be more restrictive with regard to the provision of nonattest services for an audit client.


© 2017 Association of International Certified Professional Accountants. All rights reserved.