quality control

Major revision to Quality Control Standards on the horizon.

Let’s dial up the quality of our A&A work. Image courtesy of Adobe Stock.

The AICPA’s Auditing Standards Board is proposing a massive overhaul of the Quality Control Standards.

Who will this affect? All CPA firms who provide any audit, review, compilation, preparation, or attestation engagements. In other words, anyone with any accounting & auditing work.

As a mere starting point, the new standards will be relabelled as Quality Management Standards.  Instead of QC system, we will now have a QM system.

As a reminder, QC or QM standards apply regardless of whether you go through a system review or engagement review during your tri-annual peer review. The QC/QM system is tested in a system review but you still must have a formal QC/QM system even if you only do comps and reviews.

This post will provide a quick mention of what I see as the three biggest changes followed by a lengthy summary.

Major changes

A massive change that will impact small firms is that the annual inspection (which is currently required and will continue to be required) may not be performed by anyone who worked on the engagement.

For one person firms, this will require us to get someone outside the firm to perform the annual inspection. Two or three partner firms where the partners do essentially all of the work will also have to get someone from outside to do the inspection.

Two of the other changes of note: new risk assessment process and annual evaluation of quality management system.

The risk assessment process will require establishing quality objectives, identifying risks to achieving those quality objectives, and implement responses to address the quality risks.

After a one year delay to allow running the new QM system for a while the new requirement of an annual assessment of the QM system will kick in.

Proposed effective dates

The first Statements on Quality Management Standards, referred to as SQMS #1, is proposed to require the new quality management system be designed and implemented by December 15, 2023. The first annual evaluation of the system of quality management is proposed to be required within one year following December 15, 2023.

Rephrasing the effective date, the new QM system has to be in place before the end of 2023 (by 12/15/23 to be exact). That is about 2½ years from now. The first annual evaluation will be required one year after that, by the end of 2024 (specific deadline 12/15/24).

Summary of exposure drafts

More disciplinary actions from California Board of Accountancy

Image courtesy of Adobe Stock.

The Update #87 newsletter from California Board of Accountancy for Summer/Fall 2018 lists 38 disciplinary actions, by my count.

You can read my previous posts on CBA actions by clicking on this tag.

Here is my tally of license revocations, surrendered licenses, and revocations with stay (there are no suspensions or stayed suspensions this time around):

Summary of disciplinary actions from California Board of Accountancy, Winter 2018

What you will be doing if you ignore professional standards and then get caught messing up your audits and reviews, although the amount won’t be quite as large. Image courtesy of Adobe Stock.

The new Update newsletter from the California Board of Accountancy goes back to providing details on disciplinary actions. The Winter 2018 edition (#86) takes 20 pages to describe the 24 actions. The previous Update provided far less detail, which generated lots of feedback to the board, so the newsletter will again give the ugly details for the causes for discipline.

Update 11/30/18:  Thanks to CBA for listing the messy details on what CPAs are doing to earn their consequences.

Three things jump out at me from the current list of discipline.

First, every action comes with a substantial financial penalty in the form of reimbursing the CBA for their investigative costs.

Second, just about every CPA that got in trouble for audit or review problems was given a ban from performing attestation work until some time in the future when the firm requests and receives permission from CBA to again perform such work.

Third, several CPAs received a suspension from their CPA practice. This means the individual may not perform any actions which would otherwise require a license. I think that means the firm halts all their attestation work and unless also holding an enrolled agent credential ceases their tax compliance work.

Here is my summary of the causes of discipline for the license surrenders and the stayed revocations:

New CPE requirement in California for CPAs who only perform preparation engagements

Image courtesy of dollarphotoclub before merger with Adobe Stock.

Big news from CBA if the highest level of service you provide clients is a preparation engagement.

First, if you don’t perform compilations, reviews, audits, or other services covered by peer review, you don’t need to get a peer review.

Second, there is a specific CPE requirement:  4 hours in fraud education and 8 hours in prep or A&A.

The following article from the California Board of Accountancy, quoted with permission, provides more detailed explanation.  Since it is quoted verbatim, I won’t put quotes around the entire article.



CPAs who perform preparation engagements as their highest level of service are subject to a new continuing education (CE) requirement.

How to stay away from the most popular ways to get in trouble with the California Board of Accountancy.

Don’t send one of these to CBA unnecessarily. Image courtesy of Adobe Stock.

These must be the preferred ways CPAs pick to get in trouble with the regulators because the board of accountancy says these are the three most common reasons they issue monetary penalties.

What are the three most popular ways to draw a fine from CBA?

  • Don’t get minimum of 20 hours each year of your license term or don’t get 12 of those hours in technical topics.
  • Ignore a formal inquiry from CBA.
  • Don’t submit that Peer Review Reporting Form with your license renewal.

For more detail, check out the following article, quoted with permission, from the California Board of Accountancy.  Since it is quoted verbatim, I won’t put quotes around the entire article.



To help increase awareness of CBA requirements and prevent licensees from receiving a citation, below are the top three violations that led to a citation in the previous fiscal year. Citations are posted on the CBA website and may include an administrative fine of $100 to $5,000.

Highlights of common deficiencies in compilation and review engagements

Image courtesy of Adobe Stock.

There is a six page listing of common deficiencies identified during peer reviews of complexion and review engagements described in the AICPA’s new risk alert Developments in Preparation, compilation, and Review Engagements – 2017/2018.

Here are a few paraphrased highlights of the deficiencies. I will list items that I perceive are more serious or more pervasive.

You might consider reading through the full list and mentally comparing it to how you perform review and compilation engagements to see if there’s something you are missing.

Here are some of the highlights:

Free resource you can copy and paste to develop a Quality Control document for a small CPA firm.

Cover of free resources from AICPA, used under fair use.

Did you know the AICPA has provided a tool you may use as a starting template to develop a Quality Control document?

If you perform compilations, reviews, or audits, you are required to have a written QC document. Even if you aren’t going through a system review. Even if you only do comps.

If you perform audits and will have to go through a system review, keep in mind you are obligated to have quality control program in place before the system review starts, even before the peer review year begins. That means you really really need to have a QC document in place. (Yes, I’m talking to you, my fellow sole practitioners.)

The AICPA’s template can give you an easy starting point, in case you want to step up your policy.

There are two documents, one tailored for a sole practitioner and the other for small firms. Here are links to the documents:

More good stuff for CPAs: fees increasing and level of change increasing

Image courtesy of DollarPhotoClub.com
Image courtesy of DollarPhotoClub.com

Two articles for your consideration:

  • We need to figure out how to ‘surf’ the massive waves of changes surrounding us.
  • Some CPAs are able to post fee increases. From my perception, that is a big change after seven years of economic hangover from the Great Recession.

3/24 – Tom Hood on LinkedIn – Why Accountants Must Learn How to Ride These Big Waves of Change – There are massive waves of change on the horizon. Risks of getting drowned are high for accountants and auditors.

We need to understand what those two comments mean and how to cope with the implications. Tom Hood’s article points toward those waves that are soon to crash down on our heads.

It’s a VUCA world

Major changes we are in can be summarized by that phrase: …

More good stuff for auditors – 3/3/16

Image courtesy of DollarPhotoClub.com
Image courtesy of DollarPhotoClub.com

A few articles for CPAs.

  • A ‘virus’ that can infect your quality control system.
  • How to quickly check if someone is licensed.
  • Risks of working for the Big 4.
  • Deep background on the Private Company Council.

2/10 – CPA-Scribo – How Internal Viruses Affect Accounting Firms – No, not the kind of viruses you were thinking. This is caused by staff doing a quick search on the ‘net to find a sample note and pull down an erroneous example, which spreads to most financial statements issued over the next year.

Charles Hall provides a frighteningly real illustration how such a virus could hit a firm.

Ulvog CPA passes Peer Review inspection

Image courtesy of DollarPhotoClub.com
Image courtesy of DollarPhotoClub.com

I am pleased to report my firm passed peer review in 2015.

Peer review is a process CPAs go through to inspect their audit and review work. Experienced CPAs from another firm look at your quality control procedures and read through workpapers for a selection of engagements.

(Cross-posted from my other blog, Nonprofit Update.)

In the current system there are three grades from a peer review inspection:

  • Pass
  • Pass with deficiency
  • Fail

I am pleased to report my firm received a pass report, the highest level currently available. I have gone through peer reviews in 2015, 2012, 2009, 2006, and 2003. Each time I received the highest grade possible.

Misbehavin’ CPAs #7. Sanctions by California Board of Accountancy, part 2

That may be how the vast majority of CPAs perform all the time, but some CPAs miss the target completely. Image courtesy of DollarPhotoClub.com
That may be how the vast majority of CPAs perform all the time, but some CPAs miss the target completely. Image courtesy of DollarPhotoClub.com

Previously mentioned that I looked disciplinary actions reported in the last four newsletters from the California Board of Accountancy (CBA). Want to better understand what happened with firms that got in trouble for audit quality or for not getting a peer review when one was required.

Will continue that discussion by looking at sanctions imposed on smaller firms and then self-imposed trouble generated by some larger firms.


Misbehavin’ CPAs #6. Sanctions by California Board of Accountancy, part 1.

That may be how the vast majority of CPAs perform all the time, but some CPAs miss the target completely. Image courtesy of DollarPhotoClub.com
That may be how the vast majority of CPAs perform every day, but some CPAs miss the target completely. Image courtesy of DollarPhotoClub.com

Three times a year the California Board of Accountancy issues a newsletter. It contains a variety of information useful for CPAs. If you are a CPA, you really ought to be reading the newsletter.

That newsletter is also where the board publicizes disciplinary actions against CPAs.

In the last few newsletters I’ve noticed a number of cases where firms are sanctioned for substandard audits. Have also noticed a number of firms sanctioned for not getting a peer review when it was required or fibbing to the board whether they had complied with the peer review standards.

I wanted to understand better what I’ve noticed in passing so decided to dive into the disciplinary reports to get a better picture of the extent of sanctions for audit quality and peer review issues. I looked at the Fall 2014, Winter 2015, Summer 2015, and Fall 2015 newsletters.

That covers 16 months of reporting for disciplinary actions by CBA.

I focused on sanctions for audit issues excluding anything that was a follow-up to PCOAB or SEC sanctions. That rules out quite a few cases.

Also ignored a long list of social misbehavior such as DUIs (several incidents), fabricating Form E (once – fabricating the experience report? – really??), embezzlements, disbarment (once), and other such human foibles. Also excluded a variety of contingency fee violations, breaches of client trust, and sundry tax fiascos.

For context, the Fall 2015 newsletter had 28 disciplinary actions of which 5 were of interest for this little bitty research project. Of those 5 cases, the public notices refer to 2 firms which had substandard audits, 1 had a substandard compilation, and 4 included failures to get a peer review when required of which 2 fibbed to CBA about compliance with the peer review requirement.

Scope and result of my analysis

Starting template to develop a Quality Control document for CPA firm. It’s even legit to copy & paste.

Image courtesy of Adobe Stock.
Image courtesy of Adobe Stock.

The AICPA has provided a number of new documents to help firms improve the quality control systems and to start looking at the enhancing audit quality initiative. I’ll list a few of them. It’s easy to copy & paste and at a great price.

Tools to develop a quality-control document

Every CPA firm performing assurance services is required to have a quality-control document. That applies even if you only do comps and reviews. Even if you aren’t going through a system review.

The AICPA has free practice tools to explain the QC standards along with a sample document based on the size of the firm.

You can find the documents on this page.

You can also find a document that is geared to the size of a firm: …

Auditors need to verify the addresses on confirmations. Oops.

Clarified section 505, which you can find here, discusses external confirmations.  One thing I missed previously is a new requirement to verify the address used on confirmations. I looked in the pre-clarity standards and couldn’t find that requirement there.

Put simply, we as auditors need to make sure confirmations are using good addresses.

For cash, there is a commercial service, Confirmation.com, that can be used to make sure your confirm gets to where you want it to go.

This issue also applies to:

  • Accounts receivable
  • Notes receivable
  • Investments
  • Accounts Payable
  • Notes Payable