Concerned about your audit quality-control system?

Here are tips for making sure your system is solid.
By Cheryl Meyer

Public accounting firms love to land new audit clients and keep their current audit clients happy. After all, acquiring new business and retaining it is the key to growth.

But revenue growth can cause problems if a public accounting firm does not have a proper audit quality-control system in place to ensure it is taking on the right clients, carefully monitoring audits, and ensuring that employees are performing competently and ethically during the process.

“An audit quality-control system will help to vet whatever issues there are before they become crisis matters, and will protect the quality of the work and the quality and reputation of the firm,” said Lexy Kessler, CPA, lead partner of the Government Contract Services Group at Aronson LLC. “It is critical to the integrity of what we do.”

A system of quality control should include numerous policies and procedures that address everything from leadership responsibilities to relevant ethics, human resources, monitoring, audit performance, and acceptance and maintenance of client relationships, said Karen Kerber, CPA, a partner at KerberRose. Kerber is involved in the audit and accounting practice at her multioffice firm in Wisconsin, and conducts required peer reviews for other practices.

A good audit quality-control system is one of the best means to be able to hold your firm to the appropriate professional standards and abide by the various rules or expectations of the profession, she said.

So how can public accounting firms do a better job of implementing a solid audit quality-control system? Sources offer the following tips:

Focus on the tone at the top. The tone established by leadership is all-important, as it sets the bar for quality within the firm. Leaders need to send clear messages to their staff detailing what “quality” means in-house, and do this as early as possible within the audit process. Kerber said it is critical for leaders to “walk the walk” and demonstrate by their actions what quality means as well.

“It is really important to only accept ethical clients, but if you decide to accept a client that is known in your community as perhaps not the most upstanding business, you are contradicting what you are trying to tell your staff and you need to question the message you are sending to them,” she said.

In addition, said Ahava Goldman, senior technical manager—Audit & Attest Standards at the AICPA, leaders need to be steadfast about quality “and send a message to the whole firm that quality matters.”

Draft a strong quality-control document. Quality-control definitions should be detailed in a robust document, which can keep your firm centered and your employees on the same page. This document also can help your firm abide by both professional industry standards and policies established in-house, Kerber said.

Your firm should also require staff training on audit quality control, and then require employees to sign and acknowledge that they have read and understood the quality-control document, she said.

Outline your risks. Firms need to be able to accurately assess their risks and include them in the audit quality-control system. For instance, the time to perform an engagement could be greater than expected, or the engagement could require some technical knowledge that the firm does not have, Goldman said. “It can be hard to assess your risks, but we expect our clients to do it,” she added. “We expect our clients to have control over financial reporting and over their operations. In the same way, CPA firms have to have control over their operations—and that’s what a system of quality control is.”

Detail policies about client acceptance. “Your firm’s reputation is only as good as your least reputable client,” Goldman said. Thus it’s important to assess which clients to take on and which ones to avoid. You may get excited to take on new clients, but make sure the client is a good fit for your firm.

Your firm also should determine whether you have the expertise, the proper staff, and the time to accept an engagement—and these client acceptance policies and procedures should be outlined in your audit quality-control system. “There should be a policy to have a second partner approval on clients,” Kerber noted.

Look to external resources for guidance. Small firms in particular sometimes need some outside help before taking on certain clients—such as those outside their usual area of expertise—and in ensuring their audit quality-control system is strong. Firms can use several external resources, including valuation firms, required peer reviewers, AICPA Private Companies Practice Section toolkits, and even retiring Baby Boomers willing to perform audit quality control on a part-time basis.

Take time to reassess. “Firms have to recognize that public accounting serves the public trust, and they have to be committed to doing quality work,” Goldman said. Having a good audit quality-control system takes regular review. CPAs are busy people, and firms need to make profits, but it’s important for you to breathe, step back, and figure out what your firm is doing right, how you can improve, and how policies and procedures need to be tweaked to provide and maintain good quality control.

Cheryl Meyer

Cheryl Meyer is a freelance writer based in California.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.