Make sure you tell your peer reviewer about all the audits you do or things could get ugly – peer review update part 1
There are apparently several hundred peer review reports in the process of being withdrawn. This means those firms did not actually have a peer review.
This is the first in a series of 5 posts talking about this issue, two of which will consider the cascading consequence of not having a peer review.
By the way, I will try to write this series of posts without using all the technicalities that exist in the peer review program. I’ll leave out some of the terminology, skip some details, and simplify some stuff. Goal is to help CPAs who don’t live in the peer review world. For those who do understand the nuances, please keep in mind I’m simplifying.
How did this get started?
Apparently the Department of Labor pulled a sample of hundreds (maybe thousands) of pension audits from their files. They looked at the peer review reports for the auditors of those plans.
They found hundreds of situations where the firm auditing a pension plan did not have a peer review report which said a pension plan audit was included in the scope of the review.
Why is this an issue? Must-selects must be reviewed
Pension audits are a ‘must-select’ engagement. That means if a CPA firm performs pension plan audits then the peer reviewer must include at least one of those audits in the scope of the review. The report for the review must also mention the pension plan was included.
What that means is several hundred firms didn’t have a proper review. Quick research by the AICPA confirmed that was the case.
There are several other categories of must-select engagements. If a firm provides any of the following audits, the reviewer must include at least one in the review:
- pension plans
- audits under government auditing standards (yellow book, A-133, HUD)
- audits of banks under FDICIA (if you do one of those, you know about it; if not never mind)
- carrying broker dealer
- SOC 1, SOC 2
What happened next?
I don’t know the intermediate steps, but the AICPA Peer Review Board passed this information to the appropriate administering entities (those would be the various state societies who run the peer review programs at the state level).
The peer review committees of all the states are in the process of verifying information with the reviewers and firms. After verification, the peer review letters are withdrawn by the administering entity.
This leaves the firm without a peer review.
The next step is for the affected firms to get a replacement peer review. Consider the extra time and extra cost.
How did this happen?
The conclusion from the Peer Review Board is that a lot of firms did not tell their reviewer about their pension plan audits.
This could be unintentional, because the audits were not yet complete at the time of the peer review field work and therefore the firm thought they did not need to be included in a list of engagements. Or it could have been intentional to keep the pension audits outside the scope of the review.
Whether it was intentional or unintentional does not matter in terms of immediate impact – the firm will be going through another peer review. The intent of the firm will have an impact on the severity of the consequences.
Next post: Impact of a withdrawn report
Posts in this series
- Part 1 – Make sure you tell your peer reviewer about all the audits you do or things could get ugly
- Part 2 – Impact on replacement report
- Part 3 – Cascading consequences of your peer review report going away
- Part 4 – Cascading consequences of your peer review report going away
- Part 5 – time to clean up our act