7 minute read
Are you ready for your next peer review?
By Laura Hay, CPA, CAE, OSCPA executive vice president
Peer review update 2023
The profession’s peer review program, which leads the charge in audit quality, has faced new challenges in a pandemic environment, changing work methods, how technology is applied, standard-setting areas of focus and engagement risk profiles.
As part of the AICPA’s Enhancing Audit Quality Initiative (EAQ), AICPA technical committee leads identify annual areas of emphasis for the AICPA Peer Review Program. When monitoring your firm’s quality control system and preparing for your next peer review, 2023 areas of focus include the following.
Risk assessment
Continued from prior years, noncompliance with SAS No. 145 and its changes to AU-C 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, remains a priority, particularly due to increasing fraud risks in the current environment.
SAS No. 145 introduced inherent risk factors and new requirements to consider those factors that affect an assertion's susceptibility to material misstatement. A common misconception is that sufficient procedures can be performed to support the audit opinion, particularly for a smaller entity, without a consideration of risks or how audit procedures are linked to those risks.
Frequent peer review issues seen in this area include:
• Risk assessment is limited or non-existent
• No linkage between assessed risks and responsive audit procedures
• Improper use of third-party practice aids
• Setting control risk at less than high without testing the effectiveness of controls
• Performing risk assessment at the audit level rather than at the relevant assertion level
• Not properly identifying or documenting risks and controls associated with the role of IT
• Not documenting fraud risk assessment procedures regarding inquiries with those in charge of governance and responses to management override of controls
For peer reviews starting on or after Sept. 30, 2021, pervasive risk assessment non-conformity will not necessarily be limited to a peer review finding, as it was during the standard’s initial implementation phase. The reviewer would need to assess if any pervasive nonconformity related to risk assessment should be a deficiency or a significant deficiency.
For more information, see AICPA’s Risk Assessment Toolkit at: https://www.aicpa-cima.com/topic/auditassurance/riskassessment.
Quality management
Statement on Quality Control Standards (SQCS) No. 8, A Firm’s System of Quality Control (Redrafted) (AICPA, Professional Standards, QC sec. 10), requires every CPA firm with an accounting and auditing practice, regardless of its size, to have a system of quality control. The objectives of the firm’s system of quality control are to ensure that (1) the firm and its personnel comply with professional standards, legal and regulatory requirements, and (2) reports issued by the firm are appropriate in the circumstances. Firms accomplish these objectives by establishing and maintaining policies and procedures related to several elements of quality control.
On May 12, 2022, the AICPA Auditing Standards Board voted to issue Statement on Quality Management Standard (SQMS) No. 1, A Firm’s System of Quality Management, SQMS No. 2, Engagement Quality Reviews, and Statement on Auditing Standards (SAS) No. 146, Quality Management for Engagements Conducted in Accordance with Generally Accepted Auditing Standards (conforming changes are also being adopted to SSARS.)
The new quality management standards (QM) adopt a riskbased approach requiring firms to customize the design, implementation and operation of their system of quality management, tailored to the firm and its engagements. The QM standards include a new risk assessment process for the firm, enhanced monitoring and remediation requirements, and an explicit responsibility of firm leadership to proactively manage quality.
SQMS No. 1 is required to be implemented by Dec. 15, 2025. The firm is required to evaluate its system by Dec. 15, 2026, and annually thereafter. SQMS No. 2, SAS No. 146 and SSARS No. 26 will be effective for audits and engagements for periods beginning on or after Dec. 15, 2025.
The transition process should be started now as implementing the new QM standards will take time. Initial steps include developing a comprehensive understanding of the standards and conducting the firm’s initial risk assessment. Peer reviewers can be a great resource in helping firms develop an understanding of how the standards should be applied.
Resources, including an executive summary of the QM standards and a crosswalk from the quality control standards, are available at: https://www.aicpa-cima.com/ topic/audit-assurance/quality-management.
Single Audit
Single Audits remain a focus area for 2023 as significant federal relief funding in response to the pandemic will continue to be expended by recipients. Many first-time auditees are expected to require Single Audits, and the profession is focused on both supporting auditors with the resources they need to perform high-quality work, as well as raising awareness with auditees about the importance of selecting a qualified auditor in this area.
Single Audits are complex, highly specialized audits focused on compliance with federal laws or regulations (and internal controls to ensure compliance) that apply to specific federal funds and require the financial statement audit to be performed under Government Auditing Standards (GAS) and additional requirements issued by the U.S. Government Accountability Office (GAO). If the firm performs a Single Audit engagement, it will be required to have a System Review, which includes a review of at least one Single Audit engagement.
More information is available at: https://us.aicpa.org/ interestareas/governmentalauditquality.
ESG attestation
In response to user demands and emerging regulatory requirements, entities are increasingly reporting on their environmental, social and governance performance indicators in addition to financial reporting measures. In the interest of quality, comparability and consistency in reporting such information, there is a need for assurance services over this information and the systems and processes used to generate it. As a newer area for attestation in the U.S., these attestations present new risks and opportunities for the profession.
For more information, see: https://www.aicpa-cima.com/ topic/sustainability-esg/sustainability-esg-greater-thansustainability-assurance.
Technology-enabled auditing
Auditing techniques enabled by technology, including data analytics, remote auditing and the use of computerassisted auditing, introduce new approaches and risks. New applications of audit evidence, including gathering evidence remotely, put additional focus on gathering sufficient appropriate information to support the auditor’s report.
Several continuing education courses are currently available addressing remote auditing and audit evidence.
Additional areas of focus
In addition to the EAQ areas of emphasis for 2023, the following deserve attention in your preparation.
• Digital assets – knowing the appropriate accounting and audit risks in evolving and complex circumstances. The AICPA’s Digital Assets Working Group continues to develop nonauthoritative accounting and auditing guidance including a Practice Aid.
• Documentation – still the most common peer review issue. Per AU-C 230, Audit Documentation, documentation should be sufficiently detailed to give experienced auditors who were not previously involved in the audit a clear understanding of the work performed, the evidence obtained, and the conclusions reached.
• Revenue recognition – the evaluation of risks, controls and procedures related to estimates must be documented even if adopting the new standard did not materially affect accounting recognition.
• Code of professional conduct – certain understandings need to be documented, including a written understanding regarding nonattest services and management’s responsibilities for the services provided.
• Accounting and reporting – additional frequent issues include:
- Disclosing the date through which subsequent events were evaluated
- Correctly classifying long-term debt and cash flows, presenting gross amounts instead of net, and identifying non-cash transactions on the cash flow statement
- Performing sufficient procedures and sufficiently documenting procedures to obtain assurance on fair value measurements
- Following the financial reporting model for not-for-profit financial statements in accordance with recent professional standards
- Following the reporting requirements of recent auditor reporting standards.
Interested in becoming a peer reviewer?
If you have been thinking about adding peer review to your practice, or if you are interested in becoming a peer review Team Captain or committee member, please reach out to your reviewer or the OSCPA staff team for further information. Benefits include positioning your firm as a leader in technical expertise, adding another type of service for your firm, gaining leadership experience and learning and sharing best practice information with clients.
Laura Hay, CPA, CAE, is the executive vice president of The Ohio Society of CPAs and the staff liaison to the Accounting, Auditing, Professional Ethics Committee and Peer Review Committee. She can be reached at Lhay@ohiocpa.com or 614.321.2231
