AICPA Peer Review Program Compliance: l Responding to Latest - - PowerPoint PPT Presentation

l

Presenting a live 110‐minute teleconference with interactive Q&A

AICPA Peer Review Program Compliance: Responding to Latest Developments

B t P ti f O ti l R i Gi B k D l I Best Practices for Optimal Reviews Given Broker‐Dealer Issues, Single‐Audit Checklist and Representation Letter Requirements, Etc.

1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific THURS DAY, JULY 14, 2011

Today’s faculty features:

1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific

Gary Freundlich Technical Director Peer Review Program AICPA Durham N C Gary Freundlich, Technical Director, Peer Review Program, AICPA, Durham, N.C. David Moynihan, Partner-in-Charge, Audit Practice Group, Testone Marshall & Discenza, S yracuse, N.Y . Raymond Nowicki, Managing Partner, Nowicki and Company LLP, Buffalo, N.Y .

For this program, attendees must listen to the audio over the telephone.

Please refer to the instructions emailed to the registrant for the dial-in information. Attendees can still view the presentation slides online. If you have any questions, please contact Customer Service at1-800-926-7926 ext. 10.

Conference Materials

If you have not printed the conference materials for this program, please complete the following steps:

• Click on the + sign next to “ Conference Materials” in the middle of the left-

hand column on your screen hand column on your screen.

• Click on the tab labeled “ Handouts” that appears, and there you will see a

PDF of the slides for today's program.

• Double click on the PDF and a separate page will open.

Double click on the PDF and a separate page will open.

• Print the slides by clicking on the printer icon.

Continuing Education Credits

FOR LIVE EVENT ONLY

Attendees must listen to the audio over the telephone. Attendees can still view the presentation slides online but there is no online audio for this program. Please refer to the instructions emailed to the registrant for additional

• information. If you have any questions, please contact Customer Service

at 1-800-926-7926 ext. 10. at 1 800 926 7926 ext. 10.

Tips for Optimal Quality

S d Q lit S

• und Qualit y

For this program, you must listen via the telephone by dialing 1-866-873-1442 and entering your PIN when prompted. There will be no sound over the web connection. co ect o . If you dialed in and have any difficulties during the call, press *0 for assistance. Y

• u may also send us a chat or e-mail sound@straffordpub.com immediately so

we can address the problem. Viewing Qualit y To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again press the F11 key again.

AICPA Peer Review Program C li R di t L t t Compliance: Responding to Latest Developments Seminar

July 14, 2011 David Moynihan, Testone Marshall & Discenza dmoynihan@tmdcpas.com Gary Freundlich, AICP A gfreundlich@aicpa.org Raymond Nowicki, Nowicki and Company LLP ray@nowickico.com

Today’s Program

Peer Review Board Update [Gary Freundlich] Preparing For Peer Reviews/ Adding Value S lide 7 – S lide 8 S lide 9 – S lide 11 [Gary Freundlich] Examples Of Non-Compliance With Professional S tandards [Gary Freundlich] Continuing Issues With S QCS

• No. 7 Quality Control S

tandards S lide 16 – S lide 21 S lide 12 – S lide 15 [David Moynihan] Recent Peer Review Developments, Part I [David Moynihan] Recent Peer Review Developments, Part II S lide 22 – S lide 26 S lid 27 S lid 36 Recent Peer Review Developments, Part II [Gary Freundlich] Applying Risk Assessment In Peer Reviews [Raymond Nowicki] Correlating Peer Review Findings To Regulatory Actions S lide 37 – S lide 40 S lide 27 – S lide 36 Correlating Peer Review Findings To Regulatory Actions [Raymond Nowicki] S lide 41 – S lide 48

PEER REVIEW BOARD UPDATE

Gary Freundlich, AICPA

PEER REVIEW BOARD UPDATE

AICPA Peer Review Board C ee e e

• a d

20 volunteer members Overall responsibility for AICPA Peer Review Program Standards, education, oversight Approximately 30 000 enrolled firms Approximately 30,000 enrolled firms Administered by 41 state societies and AICPA http://www.aicpa.org/InterestAreas/PeerReview/Pages/PeerRevi ewHome.aspx

Peer Review Program

8

PREPARING FOR PEER

Gary Freundlich, AICPA

PREPARING FOR PEER REVIEWS/ADDING VALUE

Preparing For Peer Reviews epa g

• ee

e e s

You should perceive peer review as a service with added value You should perceive peer review as a service with added value – not as a necessary evil. Tips for selecting a peer reviewer p g p

• Utilize engagement acceptance process to obtain valuable

feedback

• Peer reviewer may be a resource for consultations

Peer re ie er ma also

• Peer reviewer may also:
• Point out instances where the firm may achieve audit

efficiencies

• Share opinion and experiences on software and other tools

Share opinion and experiences on software and other tools

• f the trade

Peer Review Program

10

Preparing For Peer Reviews (Cont.) epa g

• ee

e e s (Co t )

Tips for selecting a peer reviewer (Cont.)

• Should be a “peer”
• May use AICPA Web site search
• Contact state society for listing of reviewers

y g

• Use fellow CPAs’ recommendations
• Consider geographic location
• Members of quality centers (ERISA and governmental)
• Members of quality centers (ERISA and governmental)
• Ask for references
• Discuss what you hope to get out of a peer review

http://www.aicpa.org/InterestAreas/PeerReview/Community/Pa ges/maphandbook.aspx

Peer Review Program

11

EXAMPLES OF NON‐

Gary Freundlich, AICPA

COMPLIANCE WITH PROFESSIONAL STANDARDS PROFESSIONAL STANDARDS

Examples Of Non-Compliance With P f i l St d d Professional Standards

Issues with ET 101-3 performance of non-attest services: Lack

• f documentation of understanding with the client regarding non-
• f documentation of understanding with the client regarding non

attest services I d d i i ki Inadequate documentation in working papers

• Performance and expectations of analytical procedures
• Sampling
• Sign off of completion and/or review
• Sign-off of completion and/or review
• Inquiries

Peer Review Program

13

Examples Of Non-Compliance With P f i l St d d (C t ) Professional Standards (Cont.)

Issues with report language

• No indication that financial statements omitted substantially all
• No indication that financial statements omitted substantially all

disclosures

• Report does not cover all periods presented in the

accompanying financial statements

• Report does not explain the degree of responsibility firm is

taking with respect to supplementary information

• Report did not state that it was a comprehensive basis other

than GAAP than GAAP Various omitted disclosures

• Concentration of credit risk
• Notes payable do not disclose rates and maturity dates
• Policy for accounting for notes receivables and capital leases

Peer Review Program

14

Examples Of Non-Compliance With P f i l St d d (C t ) Professional Standards (Cont.)

Management representation letter issues Management representation letter issues

• Representations regarding fraud
• Letter did not cover prior period on comparative statements
• Letter was not appropriately modified when no attorney was

Letter was not appropriately modified when no attorney was consulted Issues with SAS 99 Consideration of Fraud in a Financial Statement A dit Statement Audit

• Discussion among engagement personnel
• Inquiries of management
• Specific risks identified
• Specific risks identified
• Consideration of non-standard journal entries

Peer Review Program

15

CONTINUING ISSUES WITH

David Moynihan, Testone Marshall & Discenza

SQCS NO. 7 QUALITY CONTROL STANDARDS CONTROL STANDARDS

Statement On Quality Control d d ( ) Standards No. 7 (SCQS 7)

• A firm’s system of quality control

A firm s system of quality control

• Imposes two categories of professional requirements

di i l

• Unconditional = Must
• Presumptively mandatory = Should, might, may, could
• These are not, in themselves, required; BUT, they are relevant

to the proper application of the requirement.

17 17

Engagement Quality Control Review ( ) (EQCR)

• Mandated by SCQS 7

All firms are required to establish criteria for engagement selection. f fi d h QC li i i i i l i f h If a firm does not have an EQCR policy, it is in violation of the standards.

18 18

EQCR (Cont.) EQCR (Cont.)

The standards do not mandate criteria but they do suggest:

• The nature of the engagement – does it involve public interest?

l i i k i l

• Unusual circumstances or risks in an engagement or class
• Mandated by law

19 19

EQCR (Cont.) EQCR (Cont.)

My suggested criteria (at a minimum)

• New industries

New industries

• Specialized complex industries
• First‐year audits

G i i

• Going concern issues
• Agreed‐upon‐procedure engagements
• Special purpose reports
• Possible entity sale

20 20

Statement On Quality Control d d Standards No. 8

• Effective date is Jan 1 2012

Effective date is Jan. 1, 2012

• Essentially a redraft of SCQS No. 7
• Significant change
• As a part of your quality control system, you must document how

you will handle consultation.

21 21

RECENT PEER REVIEW

David Moynihan, Testone Marshall & Discenza

DEVELOPMENTS, PART I

Recent Developments Recent Developments

SSAE 16 and SAS 70

• Out with old, in with the new!
• SAS 70: Been around since 1992

SAS 70: Been around since 1992

• SSAE 16
• Effective for years ending on or after June 15, 2011

f h ld d d i idl h i ld

• Refreshes an old standard in a rapidly changing world
• Designed to conform with international standards
• Differences?
• Attest standard
• System must be described, not just the controls
• Management must provide an assertion

23

Management must provide an assertion.

23

Statement On Standards For Accounting and Review Services, C il ti A d R i E t (SSARS 19) Compilation And Review Engagements (SSARS 19)

• Not really so new by now
• Effective for years ending on or after Dec., 15, 2010
• Replaces the previous 18 standards

Replaces the previous 18 standards

• Introduces the concepts of materiality and evidence

i li

• Materiality
• Not required to document, but it may be appropriate to do so
• Evidence
• A review is now defined as an evidentiary service.
• It is only required to the extent necessary to provide limited

assurance given in the report.

24

g p

24

SSARS 19 (Cont.) SSARS 19 (Cont.)

• Engagement letters are now required.
• Extent of knowledge is separately defined

Extent of knowledge is separately defined.

• Reviews: Need to be sufficient to assist in the determination of

the nature, timing and extent of review procedures

• Documentation standards expanded
• Reporting
• Compilation report
• You can explain the reason for lack of independence.

25

p p

25

A–133/Yellow Book A 133/Yellow Book

• These engagements are considered high‐risk by everyone

These engagements are considered high risk by everyone.

• Effective immediately

i i d b i i l di h kli d

• Peer reviewers are required to submit single audit checklists and

a major program determination worksheet to the peer review committee.

26 26

RECENT PEER REVIEW

Gary Freundlich, AICPA

DEVELOPMENTS, PART II

Broker-Dealers

• e

ea e s

PCAOB interim inspection program Carrying vs. non-carrying

• Carrying (must select; effective April 1, 2011)

y g ( p )

• Clear customer transactions
• Carry customer accounts
• Hold custody of customer cash or securities
• Hold custody of customer cash or securities
• Non-carrying
• Introducing BD: Introduces transactions and accounts of

customers to another BD that does the clearing carrying customers to another BD that does the clearing, carrying, and custodial functions Peer review administration – not necessarily NPRC

Peer Review Program

28

Employee Benefit Plans p oyee e e t a s

AICPA Peer Review Practice Monitoring Task Force was formed to focus specifically on enhancing the peer review quality of employee benefit plan audit engagements, since these are considered to be high risk engagements. AICPA staff meet with DOL representatives on a quarterly basis to maintain continuous knowledge-sharing. basis to maintain continuous knowledge sharing. Focus reviewers on unique risks associated with ERISA audits There will likely be changes to peer reviewing ERISA engagements analogous to the changes in A-133 engagements (performed under government auditing standards).

Peer Review Program

29

Employee Benefit Plans (Cont.) p oyee e e t a s (Co t )

Defined contribution plans – participant account and allocation testing and timely remittance of participant contributions Defined benefit plans – actuarial present value of accumulated plan benefits and changes in the actuarial present value of accumulated plan benefits Health and welfare plans – benefit obligations and changes in benefit

• bligations (for example, claims payable, claims incurred but not

reported, post-employment benefits, post-retirement health care benefits etc ) benefits, etc.) Employee stock ownership plans (ESOPs) – annual appraisal of securities and leveraged ESOPs Other areas – plans with a master trust arrangement, multi-employer plans, initial audits of plans, terminating plans, plan mergers, etc.

Peer Review Program

30

Employee Benefit Plans (Cont.) p oyee e e t a s (Co t )

What Is a 403(b) plan? I t l R C d (IRC) §403(b) l l k Internal Revenue Code (IRC) §403(b) plans – also known as “tax-sheltered annuity plans” (TSA plans) Retirement plans often offered by governments, schools, hospitals churches charities and certain other IRC §501(c)(3) hospitals, churches, charities and certain other IRC §501(c)(3) tax-exempt organizations Law and regulatory changes since 1986 have slowly been eliminating any differences between 403(b) plans and 401(k) g y ( ) p ( ) type plans; recent changes continue that trend. EBPAQC 403(b) Plan Audit Resource Center http://www.aicpa.org/InterestAreas/EmployeeBenefitPlanAuditQuali p p g p y ty/Resources/AccountingandAuditingResourceCenters/Pages/4 03(b)%20Plans.aspx

Peer Review Program

31

Employee Benefit Plans (Cont.) p oyee e e t a s (Co t )

Common areas of non-compliance - employee benefit plans

• Investments
• Contributions
• Benefit payments
• Participant data

Peer Review Program

32

Employee Benefit Plans (Cont.) p oyee e e t a s (Co t )

Investments Common areas of non-compliance

N dit k f d i l di dit d t ti

• No audit work performed, including no audit documentation
• Failure to test end-of-year market values
• Failure to obtain proper certification for limited-scope audit
• Inadequate or missing disclosures related to investments

Inadequate or missing disclosures related to investments

• Failure to document the evaluation of investment contracts for benefit

responsiveness

• Failure to evaluate the guaranteed investment contract for benefit

i responsiveness

Key issues

• Test valuations confirmed by trustee

Obt i i ll ti t t (CCT) f d ’ it l

• Obtaining common collective trust (CCT) funds’ unit values
• Understanding the nature of investments
• Assessing proper disclosure and supplemental schedules
• Following up on inconsistencies on the custodian reports and supplemental

Peer Review Program

Following up on inconsistencies on the custodian reports and supplemental schedules

33

Employee Benefit Plans (Cont.)

Contributions Common areas of non-compliance

• No audit work performed including no audit documentation

No audit work performed, including no audit documentation

• No audit program
• Insufficient testing on contributing employers for multi-employer plans
• Failure to test payroll internal controls or employee elective deferrals

Failure to test payroll internal controls or employee elective deferrals

• Inappropriate reliance on SAS 70 report(s)
• Timeliness of participant contributions not tested

Key issues Key issues

• Documentation of testing internal controls for payroll
• Establishing payroll register is reliable
• Testing authorization of elective deferrals

Testing authorization of elective deferrals

• Defining compensation
• No paper trail
• Obtaining confirmation responses

Peer Review Program

Obtaining confirmation responses

• Alternative procedures to confirmations

34

Employee Benefit Plans (Cont.) p y ( )

Benefit payments Common areas of non-compliance

• No audit work performed, including no audit documentation
• Failure to test participant eligibility to receive benefit payments
• Inappropriate reliance on SAS 70 report(s)
• Failure to test approval of benefit payments

Key issues Key issues

• Eligibility to receive benefit
• When are distributions permitted?

Obt i i fi ti

• Obtaining confirmation responses
• Viewing canceled checks or verification of proper receipt

Peer Review Program

35

Employee Benefit Plans (Cont.) p oyee e e t a s (Co t )

Participant data Common areas of non-compliance

• No audit work performed, including no audit documentation of testing

participant data

• Testing of payroll data insufficient

f f f

• No testing of participant eligibility or forfeitures
• No testing of investment income allocation to participants
• Inadequate or missing disclosures

Key issues

• GAAS requires testing allocation of total net assets to participate

accounts. Obtaining payroll data and confirmations from participants

• Obtaining payroll data and confirmations from participants
• Obtaining defining eligibility requirements
• Obtaining forfeiture information
• Testing allocation of investment income to participant accounts

Peer Review Program

• Testing allocation of investment income to participant accounts

36

APPLYING RISK ASSESSMENT

Raymond Nowicki, Nowicki and Company LLP

IN PEER REVIEWS

Risk Assessment In Peer Review Standards

• The consideration of risk in a peer review is described in

the peer review standards in paragraphs 1000.46-.52.

• Defining risk is similar to risk in an audit
• Failure to identify significant weaknesses in the QC

f h fi i l k f li system of the firm or its lack of compliance

• Issuing an inappropriate opinion on the firm’s QC

system or compliance with it y p

• Failure to reach an appropriate decision about

matters to be included/excluded from the report

38

C Of Ri k Components Of Risk

• “Inherent risk” and “control risk”: The risks that the firm’s

QC system will not prevent materially improper performance or reporting on an engagement in all material respects.

• Detection risk: A review team’s failure to detect /report on
• Detection risk: A review team s failure to detect /report on

design or compliance deficiencies (or significant deficiencies) in the firm’s QC system,

• Causes may be due to factors resident within the firm or

external to the firm.

39

Th Ri k F The Risk Factors

Inherent industry risk Monitoring policies Complex or specialized industries Owner involvement New industry standards Owner CPE Audit hours to total A & A hours Number of offices Engagement size Firm internal changes Initial engagements External restrictions on firm Diversity in practice Staff experience Prior peer review results Staff turnover Initial peer review Staff CPE I d i Industry concentration Practice aids Library quality & maintenance

40

CORRELATING PEER REVIEW

Raymond Nowicki, Nowicki and Company LLP

FINDINGS TO REGULATORY ACTIONS ACTIONS

Correlating Peer Review Findings To l Regulatory Actions

Purpose of this section: 1 To emphasize what peer reviewers are seeing and finding 1. To emphasize what peer reviewers are seeing and finding 2. To recognize what regulators see as failures 3. To benefit as a profession , by learning from the failures of

• ur colleagues

42

Compliance With Standards: The Walk Of Shame

“A Comparison of Published Disciplinary Hearings vs Reported and A Comparison of Published Disciplinary Hearings vs. Reported and Known Problem Areas reported in the Peer Review Program Annual Report on Oversight” (issued Oct. 7, 2010) Oversight report highlights:

• 7%
• f system reviews are “modified” (pass with deficiencies)

2% “ d ” (f il d)

• 2%

are “adverse” (failed)

• In engagement reviews: 8%

/1%

• From 2007-2009 report, modifications were caused by systemic

deficiencies in the following areas:

• Engagement performance

55%

• Monitoring

26% Monitoring 26%

• Leadership, ethics, client acceptance, HR

19%

43

Compliance With Standards: The Walk Of Shame (Cont.)

For 2009, the percentage of non-conforming audits (audit failures) compared to those reviewed by peer reviewers:

• Single audit (A-133)*

9% S gle aud t ( 33) 9%

• All other Yellow Book*

9%

• ERISA

7%

• FDICIA

6%

• All other audits

7%

• Regulators suggest the failure rate is higher.
• Regulatory actions deal with the engagement, not the

system.

44

Compliance With Standards: The Walk Of Shame (Cont.)

Case S tudy No. 1: Reporting Disciplinary Body: California S tate Board of Accountancy Date: May 5, 2010 Engagement type: A-133 (single audit) Deficiencies:

• Report failed to comply with professional standards **
• Omitted required disclosures concerning significant cash balances and property and

equipment* equipment

• Failure to document testing of internal control over compliance for two maj or

federal programs**

• Failure to conduct a materiality determination for compliance portion of audit *
• Failure to prepare written audit program for compliance portion of audit **
• Failure to prove that testing of 14 federal compliance requirements for two maj or

programs was performed ** ** S ifi ll id tifi d i 2010 i ht t ** Specifically identified in 2010 oversight report * Generally identified in 2010 oversight report

45

Compliance With Standards: The Walk Of Shame (Cont.)

Case S tudy No. 2: Reporting Disciplinary Body: AICP A JEEP Date: October 2010 Engagement type: Audit of a commercial entity Engagement type: Audit of a commercial entity Deficiencies:

• Failure to participate in initial planning meeting *
• Failure to review working papers of material inventory balances *

Failure to review working papers of material inventory balances

• Failure to review working paper involving a material cash balance , incorrectly

classified *

• Failure to adequately document inventory audit procedures and conclusions reached *
• Failure to document consideration of inventory obsolescence *

46

Compliance With Standards: The Walk Of Shame (Cont.)

Case S tudy #3: Reporting Disciplinary Body: S EC Date:

• Jan. 20, 2011

Engagement type: Audit of a commercial entity Engagement type: Audit of a commercial entity Deficiencies:

• Failure to issue audit confirmations for inventory and receivables, as called for in

the firm’s audit programs ** p g

• Neglecting to perform other audit procedures in an audit program. For instance ,

the audit program required the auditors to review and attend physical inventory count, but the step was marked “ NA,” indicating that it was not performed. ** F il t d t l t t d t bt i ffi i t id ti l tt **

• Failure to adequately test revenue and to obtain sufficient evidential matter**
• Failure to adequately plan and supervise an engagement **

47

C l i Conclusions

Peer review reports, FFCs and MFCs often provide insight into systemic issues within a firm. Although no formal analysis of regulatory findings to peer review findings has been done, informal anecdotal evidence suggests a correlation between findings of peer reviewers and regulators correlation between findings of peer reviewers and regulators . Conclusion: Peer review is achieving its original intended purpose and needs to be viewed seriously by all firms.

48