s part of the evolution of the peer review process, the AICPA reevaluated and revised its standards for performing and reporting on peer reviews for CPA firms that do not audit SEC registrants. Once firms begin to implement them next January, the revisions should result in significant efficiencies in the way peer reviews are conducted and administered; the changes also should improve the quality of financial reporting and protect members of the public who use and rely on those reports.
While at least some of the changes apply to all of the more than 30,000 firms enrolled in the AICPA peer review program, they most notably affect the nearly 18,000 small firms (mostly sole practitioners) that perform only review or compilation engagements and not audits. The revised standards also affect regulators (such as state boards of accountancy, which require peer review for licensure), CPAs who perform the peer reviews and state CPA societies, which administer the peer review program (see the box). This article focuses on how the key revisions will affect the peer reviews of small firms.
TYPES OF PEER REVIEWS
The most significant change is that there will be three types of peer reviews (system, engagement and report) instead of two (on-site and off-site). The engagements in a firm’s accounting and auditing practice currently covered under peer review still will be covered under the revised standards. For purposes of the standards, an accounting and auditing practice is defined as all of a CPA firm’s engagements (with few exceptions) that are covered by AICPA statements on auditing standards (SASs), statements on standards for accounting and review services (SSARSs) and statements on standards for attestation engagements (SSAEs) as well as by Government Auditing Standards (the yellow book), issued by the U.S. General Accounting Office.
System review. This type of review is for firms that perform engagements under the SASs, or the yellow book or examinations of prospective financial information under the SSAEs. Essentially it is the same as an on-site peer review with a name change. A system review is intended to provide the reviewer with a reasonable basis for expressing an opinion whether—for the year under review—the reviewed firm
On-site peer review was renamed system review to more accurately describe the type of peer review since the reviewer expresses an opinion on the firm’s system of quality control. Approximately 15,000 firms are likely to have a system review over the next three years.
Engagement review. This type of review is for firms that are not required to have system reviews (and are not eligible to have report reviews,which are discussed below). An engagement review’s objectives are to provide the peer reviewer with a reasonable basis for expressing limited assurance that
This type of review does not cover the firm’s system of quality control, so the reviewer cannot express an opinion on the firm’s compliance with its own quality control policies and procedures or with AICPA quality control standards. The reviewer can express only limited assurance on the firm’s conformity with the SSARSs and the SSAEs.
An engagement review does not require the reviewed firm to document any work other than that required by the SSARSs and the SSAEs, so the peer reviewer expresses limited assurance on whether the firm’s documentation conforms with those standards. Some examples of documentation include
The engagement review also encompasses documentation required under the SSAEs, such as might be the case on a WebTrust engagement. Currently, there are no documentation requirements for compilation engagements under the SSARSs. If a firm has an engagement review and performs only compilations under the SSARSs, the review will not include any of the firm’s documentation.
These changes should improve the quality of engagements—protecting the public that uses and relies on those reports—without imposing any additional burden on reviewed firms. The new procedures peer reviewers must perform are based on the minimal documentation requirements under the SSARSs and the SSAEs. More than 10,000 firms are likely to have an engagement review over the next three years.
Report review. Firms performing only compilations that omit substantially all disclosures will have report reviews. However, a firm must have an engagement review if it performs—as its highest level of service—compilations referred to in the SSARSs as “selected information—substantially all disclosures required are not included.” A report review retains the overall integrity of peer review through a streamlined process.
A report review’s objective is to help a firm that performs omit-disclosure compilation engagements as its highest level of service improve the overall quality of its practice. To accomplish this, the peer reviewer selects a sample of engagements and gives the firm a report listing comments and recommendations based on whether the financial statements and the related accountant’s reports appear to conform with the requirements of professional standards in all material respects.
A peer reviewer’s comments should be relevant and supportable by professional standards, giving the firm sound guidance for improving the overall quality of its omit-disclosure compilation engagements. Although materiality and relevance are sometimes subjective, peer reviewers should not establish their own professional standards or impose their own personal preferences on the firms they review. The comments and recommendations should be reasonably detailed so that a firm can determine what actions it should take.
An authorized member of the reviewed firm is required to sign the report—whether or not there are comments—acknowledging that there are no disagreements on significant matters and that the firm agrees to correct the matters commented on. The firm then must submit the signed copy of the report to the entity administering the peer review. There is no separate letter of comment or letter of response (as is the case with system and engagement reviews). However, a firm will not be prohibited from attaching a response to the copy of the peer review report it signed.
The administering entity must technically review all peer reviews. On report reviews, however, the entity’s peer review committee does not always need to be directly involved in accepting peer review documents. The technical reviewer, selected by the administering entity, normally helps the committee by reviewing the documents the peer reviewer submits. In a report review, however, the technical reviewer generally should have the authority to accept report reviews on the committee’s behalf when the technical reviewer determines there are no significant issues. This process is allowed only on report reviews.
By streamlining the process, including not requiring a formal response, the technical reviewer may be able to accept 85% or more of report reviews on the committee’s authority within 30 days of receiving the signed peer review report. Currently, the process often takes between three and six months. The AICPA peer review board is asking the 41 entities that administer the program to reevaluate the current scheduling, administrative and other related fees they charge firms based on this streamlined process.
If the technical reviewer finds significant deficiencies or issues with the peer review, that reviewer may not accept the report review. He or she should submit it for peer review committee consideration. Examples of such deficiencies include matters material to understanding the report, financial statements or other concerns such as significant repeat comments from the firm’s previous peer review or problems with the peer reviewer’s performance. Since a report review’s objective is to enable the firm to improve its omit-disclosure compilation engagements, the committee may need to ask the firm for evidence that it has taken corrective action to the committee’s satisfaction.
The technical reviewer alone may not impose corrective actions on the firm or peer reviewer; the committee must determine any corrective actions. The AICPA peer review board, state boards of accountancy and other interested parties responding to the revisions in the exposure draft stressed the importance of ensuring that firms with significant deficiencies have their corrective actions monitored by the committee. Since more than 7,000 firms are likely to have report reviews over the next three years, this is a significant improvement to the process.
STEP-UP IN PEER REVIEW
If a firm is required to have only a report review, it may elect to have an engagement or system review; a firm required to have an engagement review may elect to have a system review. A firm can make such an election to qualify its members to be peer reviewers or peer review committee members. Although nearly 18,000 firms are not required to have system reviews, every CPA firm must have a system of quality control in place. Some of those firms, therefore, may find it useful to have peer reviews covering that system.
AICPA BYLAW CHANGE
The AICPA amended its bylaws to require members practicing public accounting in organizations not eligible to enroll in an Institute-approved practice-monitoring program (a non-CPA-owned entity) to enroll individually if the services they perform and the reports they issue are subject to peer review. Currently, the only services covered by this situation are compilations performed and reported on under the SSARSs. Those individual members will be subject to engagement or report reviews.
The revised standards are effective for all peer reviews commencing on or after January 1, 2001. Early implementation is not allowed either in part or whole primarily because the entire AICPA peer review computer system, used to administer the program for more than 30,000 firms, is being rewritten.
The goal of the AICPA peer review program is quality in the performance of accounting and auditing engagements by program members. The revised peer review standards have not changed this goal. Creating new, efficient and less burdensome ways to conduct and administer peer reviews for the many small CPA firms required to have them benefits everyone—clients, practitioners, regulators and reviewers. In the end, everyone wins, particularly CPA firms that can spend more time serving their clients.