Peer Review Summary

Appendix A

Summary of the Nature, Objectives, Scope, Limitations of, and Procedures Performed in System and Engagement Reviews and Quality Control Materials Reviews (as Referred to in a Peer Review Report)

(Effective for Peer Reviews Commencing on or After January 1, 2009)

      1. Firms (and individuals) enrolled in the AICPA Peer Review Program are required to have a peer review, once every three years, of their accounting and auditing practice. An accounting and auditing practice for the purposes of these standards is defined as all engagements performed under Statements on Auditing Standards (SASs); Statements on Standards for Accounting and Review Services (SSARSs); Statements on Standards for Attestation Engagements (SSAEs); Government Auditing Standards (the Yellow Book) issued by the U.S. Government Accountability Office; and engagements performed under Public Company Accounting Oversight Board (PCAOB) standards. Engagements covered in the scope of the program are those included in the firm’s accounting and auditing practice that are not subject to PCAOB permanent inspection. A firm is not required to enroll in the AICPA Peer Review Program if its only level of service is performing preparation engagements under SSARSs, however, if it elects to enroll due to licensing or other requirements, it is required to have a peer review under these Standards. The peer review is conducted by an independent evaluator, known as a peer reviewer. The AICPA oversees the program, and the review is administered by an entity approved by the AICPA to perform that role.

      2. The peer review helps to monitor a CPA firm’s accounting and auditing practice (practice monitoring). The goal of the practice monitoring, and the program itself, is to promote and enhance quality in the accounting and auditing services provided by the CPA firms subject to these standards. This goal serves the public interest and enhances the significance of AICPA membership and accounting and audit quality.

      3. There are two types of peer reviews: System Reviews and Engagement Reviews. System Reviews focus on a firm’s system of quality control and Engagement Reviews focus on work performed on particular selected engagements. Quality Control Materials (QCM) Reviews focus on the system of quality control of a provider of QCM to CPA firms. A further description of System, Engagement, and QCM Reviews, as well as a summary of the nature, objectives, scope, limitations of, and procedures performed on them, is provided in the following sections.

System Reviews

      4. A System Review is a type of peer review that is a study and appraisal by an independent evaluator(s), known as a peer reviewer, of a CPA firm’s system of quality control to perform accounting and auditing work. The system represents the policies and procedures that the CPA firm has designed, and is expected to follow, when performing its work. The peer reviewer’s objective is to determine whether the system is designed to ensure conformity with professional standards and whether the firm is complying with its system appropriately.

      5. Professional standards are literature, issued by various organizations, that contain the framework and rules that a CPA firm is expected to comply with when designing its system and when performing its work. Professional standards for design of a system of quality control include but are not limited to the Statements on Quality Control Standards (SQCSs) issued by the AICPA that pertain to leadership responsibilities for quality within the firm (the “tone at the top”); relevant ethical requirements (such as independence, integrity and objectivity); acceptance and continuance of client relationships and specific engagements; human resources; engagement performance; and monitoring.

      6. To plan a System Review, a peer reviewer obtains an understanding of (1) the firm’s accounting and auditing practice, such as the industries of its clients, and (2) the design of the firm’s system, including its policies and procedures and how the firm checks itself that it is complying with them. The reviewer assesses the risk levels implicit within different aspects of the firm’s practice and its system. The reviewer obtains this understanding through inquiry of firm personnel and review of documentation on the system, such as firm manuals.

      7. Based on the types of engagements firms perform, they may also have their practices reviewed or inspected on a periodic basis by regulatory or governmental entities, including but not limited to the Department of Health and Human Service, the Department of Labor, and the PCAOB. The team captain obtains an understanding of those reviews or inspections, and he or she considers their impact on the nature and extent of the peer review procedures performed.

      8. Based on the peer reviewer’s planning procedures, the reviewer looks at a sample of the CPA firm’s work, individually called engagements. The reviewer selects engagements for the period covered by the review from a cross section of the firm’s practice with emphasis on higher risk engagements. The engagements selected must include those performed under Government Auditing Standards, audits of employee benefit plans, audits of depository institutions (with assets of $500 million or greater), audits of carrying broker-dealers, and examinations of service organizations (SOC 1® and SOC 2® engagements) when applicable (these are known as must select engagements). The scope of a peer review only covers accounting and auditing engagements performed under SASs, SSARSs, SSAEs, Government Auditing Standards, and PCAOB standards and does not include the firm’s engagements subject to PCAOB permanent inspection, nor does it include tax or consulting services. The reviewer will also look at administrative elements of the firm’s practice to test the elements listed previously from the SQCSs.

      9. The reviewer examines engagement working paper files and reports, interviews selected firm personnel, reviews representations from the firm, and examines selected administrative and personnel files. The objectives of obtaining an understanding of the system and then testing the system forms the basis for the reviewer’s conclusions in the peer review report.

      10. When a CPA firm receives a report from the peer reviewer with a peer review rating of pass, the report means that the system is appropriately designed and being complied with by the CPA firm in all material respects. If a CPA firm receives a report with a peer review rating of pass with deficiencies, this means the system is designed and being complied with appropriately by the CPA firm in all material respects, except in certain situations that are explained in detail in the peer review report. When a firm receives a report with a peer review rating of fail, the peer reviewer has determined that the firm’s system is not suitably designed or being complied with, and the reasons why are explained in detail in the report.

      11. If a deficiency or significant deficiency included in the peer review report is associated with an engagement that was not performed and reported on in conformity with applicable professional standards in all material respects (“nonconforming”) in a must select industry or practice area or is industry specific, the report will identify the industry or practice area. However, because the purpose of a System Review is to report on the firm’s system of quality control, the peer review report might not describe every engagement that was deemed nonconforming.

      12. The firm is responsible for evaluating actions to promptly remediate engagements deemed as not performed or reported in conformity with professional standards, when appropriate, and for remediating weaknesses in its system of quality control, if any. The firm’s response is evaluated to determine if it is appropriate, whether lack of response is indicative of other weaknesses in the firm’s system of quality control, or whether monitoring procedures are necessary to verify if the deficiencies and nonconforming engagements were remediated.

      13. There are inherent limitations in the effectiveness of any system and, therefore, noncompliance with the system may occur and not be detected. A peer review is based on selective tests. It is directed at assessing whether the design of and compliance with the firm’s system provides the firm with reasonable, not absolute, assurance of conforming to applicable professional standards. Consequently, it would not necessarily detect all weaknesses in the system or all instances of noncompliance with it. It does not provide assurance with respect to any individual engagement conducted by the firm or that none of the financial statements audited by the firm should be restated. Projection of any evaluation of a system to future periods is subject to the risk that the system may become inadequate because of changes in conditions or because the degree of compliance with the policies or procedures may deteriorate.

Engagement Reviews

      14. An Engagement Review is a type of peer review that is a study and appraisal by an independent evaluator(s), known as a peer reviewer, of a sample of a CPA firm’s actual accounting work, including accounting reports issued and documentation prepared by the CPA firm, as well as other procedures that the firm performed.

      15. By definition, CPA firms undergoing Engagement Reviews do not perform audits or other similar engagements but do perform other accounting work including reviews and compilations, which are a lower level of service than audits. The peer reviewer’s objective is to evaluate whether the CPA firm’s reports are issued and procedures performed appropriately in accordance with applicable professional standards. Therefore, the objective of an Engagement Review is different from the objectives of a System Review, which is more system oriented and involves determining whether the system is designed in conformity with applicable professional standards and whether the firm is complying with its system appropriately.

      16. Professional standards represent literature, issued by various organizations, that contain the framework and rules that a CPA firm is expected to follow when performing accounting work.

      17. The reviewer looks at a sample of the CPA firm’s work, individually called engagements. The scope of an Engagement Review only covers accounting engagements; it does not include tax or consulting services. An Engagement Review consists of reading the financial statements or information submitted by the reviewed firm and the accountant’s report thereon, together with certain background information and representations from the firm and, except for certain compilation engagements, the documentation required by applicable professional standards.

      18. When the CPA firm receives a report with a peer review rating of pass, the peer reviewer has concluded that nothing came to his or her attention that the CPA firm’s work was not performed and reported on in conformity with applicable professional standards in all material respects. A report with a peer review rating of pass with deficiencies is issued when the reviewer concludes that nothing came to his or her attention that the work was not performed and reported on in conformity with applicable professional standards in all material respects, except in certain situations that are explained in detail in the report. A report with a peer review rating of fail is issued when the reviewer concludes that as a result of the situations described in the report, the work was not performed or reported on in conformity with applicable professional standards in all material respects.

      19. If a deficiency or significant deficiency is industry specific, the report will identify the industry.

      20. The firm is responsible for evaluating actions to promptly remediate engagements deemed as not performed or reported in conformity with professional standards, when appropriate, and for remediating weaknesses in its system of quality control, if any.

      21. An Engagement Review does not provide the reviewer with a basis for expressing any assurance as to the firm’s system of quality control for its accounting practice, and no opinion or any form of assurance is expressed on that system.

Quality Control Materials Reviews

      22. An organization (hereinafter referred to as provider) may sell or otherwise distribute quality control materials (QCM or materials) that it has developed to CPA firms (hereinafter referred to as user firms). QCM may be all or part of a user firm’s documentation of its system of quality control, and it may include manuals, guides, programs, checklists, practice aids (forms and questionnaires) and similar materials intended for use in conjunction with a user firm’s accounting and auditing practice. User firms rely on QCM to assist them in performing and reporting in conformity with the professional standards covered by the materials (as described in the preceding paragraphs).

      23. A QCM review is a study and appraisal by an independent evaluator (known as a QCM reviewer) of a provider’s materials, as well as the provider’s system of quality control to develop and maintain the materials (hereinafter referred to as provider’s system). The QCM reviewer’s objective is to determine whether the provider’s system is designed and complied with and whether the materials produced by the provider are appropriate so that user firms can rely on the materials. The scope of a QCM review only covers materials related to accounting and auditing engagements under U.S. professional standards. The scope does not include SEC or PCAOB guidance, nor does it cover materials for tax or consulting services.

      24. To plan a QCM review, a QCM reviewer obtains an understanding of (1) the provider’s QCM, including the industries and professional standards that they cover, and (2) the design of the provider’s system, including the provider’s policies and procedures and how it ensures that they are being complied with. The QCM reviewer assesses the risk levels implicit within different aspects of the provider’s system and materials. The QCM reviewer obtains this understanding through inquiry of provider personnel, review of documentation on the provider’s system, and review of the materials.

      25. Based on the planning procedures, the QCM reviewer looks at the provider’s QCM, including the instructions, guidance, and methodology therein. The scope of a QCM review encompasses those materials which the provider elects to include in the QCM review report; QCM designed to aid user firms with tax or other non-attest services are outside of the scope of this type of review. The QCM reviewer will also look at the provider’s system and will test elements including, but not limited to, requirements regarding the qualifications of authors and developers, procedures for ensuring that the QCM are current, procedures for reviewing the technical accuracy of the materials, and procedures for soliciting feedback from users. The extent of a provider’s policies and procedures and the manner in which they are implemented will depend upon a variety of factors, such as the size and organizational structure of the provider and the nature of the materials provided to users. Variance in individual performance and professional interpretation affects the degree of compliance with prescribed quality control policies and procedures. Therefore, adherence to all policies and procedures in every case may not be possible. The objectives of obtaining an understanding of the provider’s system and the materials forms the basis for the QCM reviewer’s conclusions in the QCM review report.

      26. When a provider receives a QCM review report from an approved QCM reviewer with a review rating of pass, this means the provider’s system is designed and being complied with and the materials produced by the provider are appropriate so that user firms can rely on the QCM to assist them in performing and reporting in conformity with the professional standards covered by the materials. If a provider receives a QCM review report with a review rating of pass with deficiencies, this means the provider’s system is designed and being complied with and the materials produced by the provider are appropriate so that user firms can rely on the QCM to assist them in performing and reporting in conformity with the professional standards covered by the materials, except in certain situations that are explained in detail in the review report. When a provider receives a report with a review rating of fail, the QCM reviewer has determined that the provider’s system is not suitably designed or being complied and the materials produced by the provider are not appropriate, and the reasons why are explained in detail in the report.

      27. The provider is responsible for evaluating actions to promptly remediate materials not deemed as reliable aids, when appropriate, and for remediating weaknesses in its system of quality control, if any. The provider’s response is evaluated to determine if it is appropriate and whether lack of response is indicative of other weaknesses in the provider’s system of quality control.

      28. There are inherent limitations in the effectiveness of any system and, therefore, noncompliance with the system may occur and not be detected. A QCM review is based on the review of the provider’s system and its materials. It is directed at assessing whether the provider’s system is designed and complied with and whether the QCM produced by the provider are appropriate so that user firms have reasonable, not absolute, assurance that they can rely on the materials to assist them in performing and reporting in conformity with the professional standards covered by the materials. Consequently, a QCM review would not necessarily detect all weaknesses in the provider’s system, all instances of noncompliance with it, or all aspects of the materials that should not be relied upon. Projection of any evaluation of a system or the materials to future periods is subject to the risk that the system or materials may become inadequate because of changes in conditions or because the degree of compliance with the policies or procedures may deteriorate.