Under the new rules for a quality control system, CPA firms who have accounting and auditing work (that means any compilations or reviews), must have a policy addressing engagement quality control reviews.
First question – what is an engagement quality control review? It is essentially a pre-issuance review. Someone who is not a part of the engagement, for example one of the partners it did not work on the project, has to walk through the key issues and major decisions made to make sure the decisions make sense. The review has to be completed before the report is released.
Is one of those reviews required on every client? Absolutely not. The requirement is to have a firm policy, found in your quality control document, that spells out the criteria for when an engagement quality control review should be performed. When an engagement meets one of those criteria, then you do a review. For the engagements it did not meet the criteria, a review is not required.
Who determines the criteria? Each firm can establish the criteria that apply to their firm.
What should the criteria be? Structure criteria to what you believe is important. Since the goal is to check engagement quality, perhaps define the criteria to address where you know there is risk. For example, a firm that starts to perform reviews or audits but has not worked at that level before has a really good chance of missing something. That is called risk. A firm that offers services in a new industry that they’re not particularly familiar with is taking on risk. In those circumstances it might be wise to perform an engagement quality control review. If that is the case, then write the criteria accordingly. Other criterion might be when a partner provides services at a level that he or she has not provided recently.