Why Your Peer Reviewers Do What They Do!

Transcription

Why Your Peer Reviewers Do What They Do!
Why Your Peer Reviewers Do What They Do!
Connie M. Laster, CPA
NCACPA 2014 Employee Benefit Plans Conference
May 7, 2014
This presentation format will consist of a conversation between a Sole Practitioner and his Peer Reviewer, with the
audience encouraged to apply the issues discussed to issues they may encounter in their Employee Benefit Plan (ERISA)
audit practice and that practice’s effect on the firm’s Peer Review.
Scope of the peer review
Why does the peer reviewer look at certain engagements?
The Department of Labor has an ongoing enforcement initiative to monitor the quality of ERISA plan audits. On an
on-going basis, the AICPA considers regulatory and legislative developments, and incorporates recommendations of
the Practice Monitoring Task Force to enhance the peer review process related to audits of employee benefit plans.
These type audits are seen as a category of highly scrutinized audits, and are considered a “must- select” category in
peer review. What does that mean? If a firm performs one or more ERISA plan audits, at least one such audit must
be selected by the peer reviewer. In addition, enhanced peer review guidance was issued in 2013. Recognizing the
higher risks associated with ERISA plan audits, a peer reviewer must, in the engagement selection process, consider
the unique risks associated with each type of ERISA plan audit a firm performs, and must document how these risks
are addressed in the peer review. As a result, firms may have more than one ERISA plan audit selected for peer
review, if the firm performs audits of more than one type of ERISA plan.
What is an EBP audit anyway?
An employee benefit plan audit comes in many forms. Most common are defined contribution plans, but this
category of audit also includes defined benefit plans, health and welfare plans and ESOP plans. Audits can be fullscope or limited scope (based on certain criteria). All plan types can have risks associated with initial audits,
multiemployer plans, terminating plans, plan mergers, and a variety of other issues.
In late 2013, a joint DOL/AICPA initiative identified numerous CPA firms who were associated with an ERISA plan
audit but had omitted that practice area from their peer review. How could a firm do an ERISA plan audit and not
include that audit in their list of engagements, for their peer reviewer?!?! Apparently for a variety of reasons! Some
maybe intentional, but some maybe not. One apparent area of confusion is whether a limited scope audit is really an
audit………… (of course, it is).
The reviewed firm’s Quality Control Policies and Procedures
SQCS # 8 requires every CPA firm, regardless of size, to have a system of quality control for its accounting and
auditing practice. SQCS # 8 also requires that quality control policies and procedures be documented. A “System”
peer review – required if a firm performs any audits – must consider the reviewed firm’s system of quality control, the
documentation of the QC system, and the firm’s compliance with that QC system. A firm that has an ERISA audit
practice should consider that audit area in their quality control policies and procedures. A peer reviewer will consider
those policies in the risk assessment process. Consideration will include:






Adequate training/CPE – does the firm recognize that specialized training is needed in the ERISA audit area?
Does the firm participate in industry specific CPE?
Appropriate engagement acceptance considerations – does the firm have policies in place to evaluate
whether an ERISA engagement should be accepted? Does the firm recognize and consider the various risks
associated with the different types of ERISA plans, and the related audit requirements?
Adequate library – does the firm have ERISA specific tools in their library? Does the firm have ERISA specific
industry audit guides?
EQCR criteria – has the firm established criteria that consider the uniqueness of their ERISA practice? Does
the firm recognize that different types of ERISA plans may include issues that are covered by their EQCR
policies? Does the firm have adequate depth internally to manage any required EQCR? As needed, does the
firm utilize outside resources to perform any required EQCR?
Membership in AICPA’s EBP Audit Quality Center – is the firm a member of this Audit Quality Center? If so,
have they adhered to the membership requirements?
Audit checklists/practice aids used – what resources are utilized for the firm’s ERISA audit practice? Are the
resources appropriately industry specific?
Specific Testing Issues unique to Employee Benefit Plans
Depending on the type of ERISA plan audit, peer reviewers are charged with considering the unique risks, many of
which have been specifically identified as such in peer review literature. Some of the most prominent issues, and
those that have resulted in peer review findings, include issues related to:







Plan document – does one exist? Does the auditor have a copy?
Use of a Specialist – did the auditor evaluate qualifications and findings of the specialist? Did the auditor
document this evaluation?
Full Scope Audits – was there testing of the value of investments at end of plan year, including net changes?
Testing investment gains/losses at participant level –was this done, even in a limited scope audit?
Unusual assets – was there adequate evaluation and testing of methods used to determine value? Did the
auditor adequately document this evaluation and testing?
Benefit Payments – was eligibility to receive the benefits tested? Was there recalculation of benefit
amounts?
Fair Value Measurements – is there sufficient audit evidence that fair value measurements are correct?
Implications of a Nonconforming Employee Benefit Plan Audit Engagement
In 2013, the AICPA Peer Review Board approved guidance regarding engagements that are deemed as not performed
or reported on in conformity with applicable professional standards in all material respects - also known as
“nonconforming engagements”. The guidance can be found in the August 14, 2013 Board Open Session Agenda
Item 1.4 and has been incorporated into the 2014 AICPA Peer Review Manual. This guidance must be used by a peer
reviewer, should be considered by the reviewed firm, and will be followed by each administering entity’s Report
Acceptance Body. Do realize - this guidance covers any engagement in any industry. However, considering the
earlier mentioned highly scrutinized category of an employee benefit plan audit, firms should pay particular attention
to this guidance, in addition to overall peer review reporting standards and what the rules are concerning:
Possible effects on the Peer Review Report
In a system review the primary objective is the evaluation of a firm’s system of quality control. A peer reviewer is to
consider any engagement matters in the context of the reviewed firm’s system of quality control. The peer
reviewer’s first task is to determine the cause - to ask Why? When the underlying “Why” is identified, the reviewer
can then determine if the matter rises to the level of a finding, a deficiency, or a significant deficiency.
To assist peer reviewers of ERISA plan audits, the AICPA checklist used for the review of audits of employee benefit
plans was recently updated. Certain questions are in bold in the checklist. These questions have been identified as
related to ERISA audit areas noted as frequently not being performed in accordance with professional standards.
One important factor to consider is whether the matter is isolated or pervasive. Depending on the size of a reviewed
firm’s ERISA plan audit practice this consideration can sometimes be tricky, as it can be difficult to expand scope to
adequately evaluate if a matter is pervasive. Ultimately, a peer reviewer must evaluate the underlying cause(s) and
the resulting level of the matter.
Firm’s response to any findings/deficiencies is very important
If any engagement, including an ERISA plan audit, has been identified as a nonconforming engagement, AICPA Peer
Review Program standards include Supplemental Guidance in section 3100 (page 3123 in the 2014 AICPA Peer
Review Program Manual) that addresses a reviewed firm’s responsibilities. A reviewed firm is to consider applicable
professional standards and is to provide a genuine, comprehensive and feasible response. If this is not adequately
done, the peer reviewer is to evaluate whether this indicates a potential failure to comply with the leadership or
“tone at the top” element of the firm’s system of quality control.
Considerations of the Administering Entity
The Administering Entity’s Report Acceptance Body Handbook was revised by the 2013 guidance to state that a peer
review should not be accepted if the reviewed firm’s response is not deemed to be sufficient (genuine,
comprehensive, feasible) related to any nonconforming engagements. Further, the RAB is to consider if a monitoring
action is needed, to require review of the firm’s remediation of the nonconforming engagement.
A peer reviewer or RAB should not require a firm to take certain actions. However, the RAB can require the reviewed
firm make appropriate considerations regarding nonconforming engagements as a condition of acceptance of the
peer review. Non-acceptance could result in a firm being deemed non-cooperating, which could result in a referral to
the AICPA. The AICPA deems such circumstances to be important in any case, but of great importance in the highly
scrutinized area of employee benefit plan audits.