Here are some fun or interesting or useful tidbits from the October 2018 A&A and the June 2019 Not-for-profit conferences presented by California Society of CPAs.
Previous post had comments on accounting and auditing.
One speaker said there are several common issues for weaknesses in risk assessment:
- Limited assessment
- No linkage (relating the assessment of risks to further audit procedures)
- Poor use of third-party practice tools
- No assessment of IT risks
Not doing any risk assessment is now a major problem for you in a peer review if you missed the boat on the risk suite of standards.
For Yellow Book audit, the workpapers must document SKE (skills, knowledge, experience) of staff overseeing non-attest services. Although the professional standards do not exactly require documentation of SKE for non-attest service on a non-yellow book audit, the speaker said (if I heard correctly) that the California Peer Review Committee has a considered opinion that such documentation is required.
So, if you have non-attest services on a non-yellow book audit, say maybe drafting the financials or preparing a tax return, you had better document the SKEs.
The ol’ “fix it next year” way of disposing of problems in the audit workpapers during a peer review doesn’t fly anymore. Remediation plans (meaning what you are currently in the process of doing to fix the issue) need to be discussed in the report and letter of response.
Speaker also said there are fewer CPAs providing audit services and fewer CPAs providing peer reviews.
My little bity pea brain says that shrinking pool of auditors means audit fees ought to be going up. The shrinking pool of reviewers means peer review fees ought to be going up a lot, especially for the more rapidly shrinking pool of reviewers willing to look at yellow book audits.
A different speaker gave some stats on peer reviews. I did not write down the year of the data.
- 214,000 – number of CPA firms in US
- 25,000 – number of firms getting peer review (Not sure if this is annual or every 3 years. I think there are around 3,000 firms in California getting a peer review over a three-year cycle, so the 25K might be total firms, not the annual count.)
- 10,000 – number of firms getting system reviews, i.e. providing audits.
Failure rate of audits that go through review for ERISA engagements is distressing. He mentioned stats, which I think are from an AICPA review, which found roughly the same rate of issues as a DoL review:
- 39% – failure rate of ERISA audits overall
- 79% – failure rate for firms that perform under 10 ERISA audits.
In terms of workpaper documentation, his observation from the reviews he performs is that many auditors have a lot of information in their head that isn’t on paper.
That brings to mind a question for you to ponder during your next audit: What valuable information about this client do I know that isn’t written down anywhere in the workpapers?
I will repeat a comment he made, since it was in public: His minimum fee for a system review is $6,000 with more fees if there are issues that take more time.
Oh, another thought for you to ponder. If you get two consecutive peer review reports with grade less than passing, the AICPA will consider whether to drop you from the peer review program. That has serious ripple effects. For example, you can’t provide attestation services in California if you are not enrolled in the peer review program. It is quite important to get a “pass” report at least every other review.