A group of people are working on a financial success plan on a table.
A person is typing on a laptop computer with a graph on the screen.
August 18, 2022

The Time is Now

How to be Proactive with Your Next Peer Review

Unable to properly prepare for your next AICPA peer review during the two-off years can mean a lot more than just the loss of bragging rights: A CPA firm that receives anything less than pass with no findings (a “clean” report) may soon find that existing clients are questioning their relationship while potential prospects are avoiding them.


A clean report assures clients, prospects, regulators, standard-setters and competitors that your firm’s attest practice is performing at a high level and is not required to improve the quality of its services and processes. Simply put, your firm’s reputation is on the line every time you undergo a triennial peer review.


It’s important to get a jump start on preparing for your next peer review. Here are some steps to take to ensure you have a properly designed and effective quality control system in place that leads your firm to receive a pass — with no findings — on your next peer review report.

 

Establish a culture of quality from day one. A common mistake CPA firms make that can cause them to perform poorly on a peer review is not properly designing, implementing and maintaining a system of quality control. If your system is not properly maintained, the peer reviewers will more likely find reportable issues. In accordance with AICPA’s Statement on Quality Control Standard (SQCS) No. 8, A Firm's System of Quality Control (Redrafted), all CPA firms must establish and maintain appropriate quality control policies and procedures and comply with those policies and procedures to ensure the quality of the professional services they provide to the public.


To make sure you’re following all relevant policies and procedures, there are several publications available from the AICPA that provide guidance, such as Professional Standards, the AICPA Peer Review Program Manual, and the Practice Aids for Establishing and Maintaining a System of Quality Control for a Firm's Accounting and Auditing Practice.


Familiarize yourself with these standards and ensure the auditors/accountants at your firm have the research capabilities and tools to their jobs correctly and adhere to the highest standards.

 

Plan ahead & stick to deadlines. Your firm’s peer review should be finished by its due date. The firm’s due date is reflected on the letter acknowledging your firm’s original enrollment in the peer review program and in the committee acceptance letter related to your firm’s last peer review. The due date is the date by which peer review documents, including the report and if applicable, the letter of response, should be submitted to the reviewer.


To make sure your peer review is completed on time, you should start the review soon after your firm’s peer review year-end. You should plan ahead so that the review takes place at a convenient time for your firm and to allow your reviewer time to properly plan and schedule your review. For example, if you have a heavy tax practice and your review due date falls between January and April, you should plan to start the review in September or October to make sure the review is completed before your busy season begins.

 

Make sure that workpapers can stand on their own. It’s critical to ensure that your workpaper files are deemed to be in compliance with Professional Standards. As you assess your workpapers, give them the “5 Ws” test: Do they stand on their own without any verbal explanation, clearly explaining “who, what, were, when and why?” Don't leave a peer reviewer grappling for answers – make their job easier by making sure your workpapers are in order.

 

Keep up with your internal inspections. During the two off years when the peer reviewer is not up on your doorstep, make sure you're regularly conducting your annual internal inspections so that you can correct any mistakes your firm may be making before peer review time. At Collemi Consulting, we’ve created a “must-do” testing approach to assist CPA firms with an internal inspection process that includes drafting and reviewing your firm’s Quality Control Document to interviewing and evaluating your professional staff.

Here are some examples of the other areas we test during the inspection:

 

  • Review a cross section of attest engagements
  • Test professionals’ CPA licensing
  • Test professionals’ CPE requirements
  • Examine firm’s professional literature

 

Most attest practices we advise get some things right, but almost all of them miss some key points. Common pitfalls include lack of understanding of the auditor independence rules, particularly regarding unpaid prior years’ fees, and not meeting the General Requirements from the Code of Professional


Conduct prior to performing permissible non-attest services for an attest client.
Other missteps include a failure to appropriately modify a report for a scope limitation or a significant departure from GAAP, omissions of required critical reporting elements of applicable standards, and issuing an audit report when the auditor was in fact not independent.


Connect with your peer review team captain sooner rather than later. You should contact your peer review team captain and begin planning the review together early enough, at least six to nine months prior to the due date, to make sure all documents will be submitted to the Administrating Entity (AE) by your firm’s due date.


The peer review team captain will ask for the following items:

  • The firm’s Quality Control Document.
    A list of accounting and auditing engagements for all engagements with periods ending during the year under review (or report dates during the year under review for financial forecasts and/or projections and agreed upon procedures) regardless of whether the engagement reports are issued as well as a description of the approach taken to ensure a complete and accurate engagement listing.
  • A list of the firm’s professional personnel showing name, position and years of experience with the firm and in total.
  • A copy of the firm’s documentation maintained since its last peer review to demonstrate compliance with the monitoring element of quality control.


Based on this information, the team captain will make a preliminary selection of the offices and engagements he or she intends to review.

 

The initial selection of engagements to be reviewed will be provided no earlier than three weeks before the commencement of the peer review. This should provide ample time to enable the firm to assemble the required client information and engagement documentation before the review team commences the review. However, at least one engagement from the initial selection to be reviewed will be provided to the firm once the review commences and not provided to the firm in advance. This engagement should be the firm’s highest level of service and should not increase the scope of the review.


All engagements with years ending during the peer review year (or report dates during the year under review for financial forecasts and/or projections and agreed upon procedures) that are performed and issued by the firm should be available to the team captain at the start of fieldwork.

 

Finally, make it your goal to be timely and accommodating to the peer reviewer. Missing deadlines or seeming uncooperative will leave a bad taste in the peer reviewer’s mouth. Put your best foot forward and let the peer reviewer know that your firm takes quality control very seriously.

 

At Collemi Consulting, we offer a full spectrum of services to assist CPA firms get ready for their AICPA peer reviews, including conducting an engagement review and ensuring workpapers are in order. And there’s no need to undergo the peer review process alone: We can partner with you during every step of the process to help you gather required information and documents and ensure you hit all deadlines. To schedule an appointment, contact us at (732) 792-6101.



Learn More

It’s Time For Year-End Audits

December 20, 2024
Are you prepared?
A woman's hands holding a microphone

Shake It Off

December 9, 2024
Conquer your fear of public speaking and present like a pro
Man with hand by his ear straining to listen.

Hear, Hear!

December 4, 2024
Boost your business by becoming adept at active listening.
Open calendar book laying on desk next to open laptop with time on screen

There’s Only One Year Left to Implement the PCAOB’s New Quality Control Standards

November 18, 2024
ADDITIONAL GUIDANCE: Since this blog was first published, the PCAOB released two new guidance documents. The Nov. 26 updates can be found here: An additional overview of the requirements of QC 1000 and staff guidance for firms about how to comply with the standard. This document provides additional staff insights on scope and applicability, responding to engagement deficiencies, and documentation for AS 2901, Responding to Engagement Deficiencies After Issuance of the Auditor’s Report. The Public Company Accounting Oversight Board (PCAOB) recently announced a new set of quality control standards designed around a risk-based approach. And there’s only one year to design and implement them. The PCAOB’s new QC 1000 standard is more than two decades in the making, as it replaces the quality control standards it adopted on an interim basis back in 2003 from the American Institute of Certified Public Accountants (AICPA). The new standard is intended to make independent registered public accounting firms significantly improve their quality control (QC) systems. QC 1000 applies to all PCAOB-registered member firms, with more extensive requirements for those that audit more than 100 issuer clients annually. It has been approved by the U.S. Securities and Exchange Commission (SEC) and goes into effect on December 15, 2025. The new requirements and the work required to implement them will be extensive, and the larger public accounting firms require external oversight of the QC system. Therefore, it is strongly recommended that firms do not put it off until the last minute. At its core, the new standard is intended to enable firms to identify their specific risks and design a quality control system including policies and procedures to guard against those risks. The overall goal is to establish what the PCAOB calls “a continuous feedback-loop for improvement.” In this, the new standard differs from the International Auditing and Assurance Standards Board’s (IAASB) International Standard on Quality Management No. 1 (ISQM 1) and the AICPA Statement on Quality Management Standards No. 1 (SQMS 1). An extensive but not comprehensive comparison document of the three standards may be found here, but is presented only as a reference tool. New requirements QC 1000 has requirements that do not appear in other QC standards. They can be more prescriptive or more specifically tailored to the U.S. legal and regulatory environment. There are 10 main areas in which the QC 1000 standards go beyond other, existing standards. These are: Evaluation and Reporting: QC systems must be evaluated annually and reported to the PCAOB. They must be certified by specific individuals with responsibility and accountability for the firm’s QC system. Governance and Leadership: Firms must create and maintain clear lines of responsibility and supervision. Larger firms must have outside oversight and a confidential complaint system. Ethics and Independence: Quality objectives must be tailored to the U.S. regulatory environment. Larger firms must implement an automated system for identifying securities investments that could impair independence. Monitoring and Remediation: QC 1000 divides monitoring into engagement and QC system levels. Engagement and QC deficiencies are defined, including requirements for their determination. Larger firms must (and smaller ones should) monitor in-process engagements. Quality Objectives: The firm’s personnel must comply with its policies and procedures Information and Communication: Quality objectives for communication with external parties are established at the firm and engagement level. Communication of the firm’s QC system’s policies and procedures must be communicated in writing. Resources: The firm’s personnel must adhere to standards of conduct. Policies and procedures must address both enumerated and circumstance-specific competencies. Mandatory training, licensure and technological resource requirements are established Risk Assessment Processes: Quality risks must be identified and assessed annually. Roles and Responsibilities: A single person must be assigned responsibility for each role and responsibility in the QC 1000 standard. Documentation: With respect to the QC system’s operation, documentation that allows an experienced auditor to evaluate the operation of quality responses must be provided. Documentation must be retained for at least seven years. That’s not an exhaustive list, but it does give an indication of how much work will be involved. And it’s happening at the same time as the AICPA extensive new Statements on Quality Management Standards (SQMS) requirements are coming into effect . Collemi Consulting leverages nearly three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101.
More Posts
Share by: