If you get a peer review of your attestation practice, I heard a few ideas in the AICPA’s Peer Review Conference you might want to know about. I attended this year’s conference via webcast. First time I’ve gone through a 16 hour class online. The technology worked acceptably well. Saving the travel time was wonderful.
Annual update to Peer Review Information form
Starting next year, May 2020 specifically, every firm enrolled in the peer review program will need to update the Peer Review Information (PRI) form annually. Each firm will have to log into PRIMA and update the list of the type of engagements performed.
Not sure the reasons this change is going into effect. One component is so AICPA can monitor for changes the nature of a firm’s client base to see if a higher level of service is needed.
Focus areas in system reviews
The AICPA surveyed CPAs who provide a large number of reviews asking them what portion of their peer review clients had significant struggles with complying with the risk assessment standards.
The discouraging answer is 64%. Somewhere around two-thirds of their clients had substantive problems complying with the risk standards.
I will make a wild guess that for very small firms, the portion of firms struggling with risk assessment is even higher than 64%.
Several speakers said the AICPA’s impression is that low levels of compliance with risk standards is systemic across the profession. The issues exist at all sizes of firms in all areas. Pretty much across the profession, in other words.
To nudge more firms towards higher levels of quality, the AICPA has added ‘focus areas’ to the peer review checklists. That means that peer reviewers will be putting more emphasis on certain items during each review.
Each focus area will be in place for three years, so that every firm will get that extra attention on each focus area.
Two focus areas were added for reviews in 2018. Three more have been added for 2019 reviews, which makes five for firms going through a review in 2019. There will be two more focus areas added in 2020, making seven focus areas for reviews in that year.
If I understand the concept correctly, the areas of focus added in 2019 will be dropped in 2021. Three focus areas added in 2019 will be dropped in 2022. That means that over a few years time, every firm will get extra attention focused on each of the focus areas.
Here is a quick recap of the areas of focus:
2018 additions:
- Risk assessment – as mentioned earlier, there is a widespread need to improve compliance. Risks need to be assessed at the assertion level and financial statement level. Internal controls for significant areas need to be understood and an assessment made whether the controls are in place. Controls relied upon need to be tested. Assertions need to be linked to the further audit procedures.
- Documentation – A whole bunch of issues need to be addressed. System reviews will be focusing on that.
2019 additions:
- Estimates – Significant estimates need to be tested. Those estimates need to be assessed for reasonableness.
- Internal control – As just mentioned, internal controls for significant areas need to be understood and an assessment made whether the controls are in place. Controls relied upon need to be tested.
- SOC Reporting – This is auditing service organization, not using SOC reports to reduce control risk.
Focus areas to be added in 2020:
- Engagement acceptance & continuance – Specific procedures need to be performed before accepting or continuing an engagement. Those procedures will get special emphasis.
- Independence – Rules are getting tighter for independence. Auditors need to consider threats against independence, implement safeguards when needed, and document. The hosting services issue will be a big deal next year. I will make a not-so-wild guess that a lot of CPAs will miss that issue.
A wise auditor will start looking extra carefully at those issues to double-check compliance with standards. It would be wise to hit those areas during inspections well before your peer review. If any changes are needed, make them across the board before your peer review year starts.