Why Your Peer Reviewers Do What They Do!
Transcription
Why Your Peer Reviewers Do What They Do!
Why Your Peer Reviewers Do What They Do! Connie M. Laster, CPA NCACPA 2014 Employee Benefit Plans Conference May 7, 2014 This presentation format will consist of a conversation between a Sole Practitioner and his Peer Reviewer, with the audience encouraged to apply the issues discussed to issues they may encounter in their Employee Benefit Plan (ERISA) audit practice and that practice’s effect on the firm’s Peer Review. Scope of the peer review Why does the peer reviewer look at certain engagements? The Department of Labor has an ongoing enforcement initiative to monitor the quality of ERISA plan audits. On an on-going basis, the AICPA considers regulatory and legislative developments, and incorporates recommendations of the Practice Monitoring Task Force to enhance the peer review process related to audits of employee benefit plans. These type audits are seen as a category of highly scrutinized audits, and are considered a “must- select” category in peer review. What does that mean? If a firm performs one or more ERISA plan audits, at least one such audit must be selected by the peer reviewer. In addition, enhanced peer review guidance was issued in 2013. Recognizing the higher risks associated with ERISA plan audits, a peer reviewer must, in the engagement selection process, consider the unique risks associated with each type of ERISA plan audit a firm performs, and must document how these risks are addressed in the peer review. As a result, firms may have more than one ERISA plan audit selected for peer review, if the firm performs audits of more than one type of ERISA plan. What is an EBP audit anyway? An employee benefit plan audit comes in many forms. Most common are defined contribution plans, but this category of audit also includes defined benefit plans, health and welfare plans and ESOP plans. Audits can be fullscope or limited scope (based on certain criteria). All plan types can have risks associated with initial audits, multiemployer plans, terminating plans, plan mergers, and a variety of other issues. In late 2013, a joint DOL/AICPA initiative identified numerous CPA firms who were associated with an ERISA plan audit but had omitted that practice area from their peer review. How could a firm do an ERISA plan audit and not include that audit in their list of engagements, for their peer reviewer?!?! Apparently for a variety of reasons! Some maybe intentional, but some maybe not. One apparent area of confusion is whether a limited scope audit is really an audit………… (of course, it is). The reviewed firm’s Quality Control Policies and Procedures SQCS # 8 requires every CPA firm, regardless of size, to have a system of quality control for its accounting and auditing practice. SQCS # 8 also requires that quality control policies and procedures be documented. A “System” peer review – required if a firm performs any audits – must consider the reviewed firm’s system of quality control, the documentation of the QC system, and the firm’s compliance with that QC system. A firm that has an ERISA audit practice should consider that audit area in their quality control policies and procedures. A peer reviewer will consider those policies in the risk assessment process. Consideration will include: Adequate training/CPE – does the firm recognize that specialized training is needed in the ERISA audit area? Does the firm participate in industry specific CPE? Appropriate engagement acceptance considerations – does the firm have policies in place to evaluate whether an ERISA engagement should be accepted? Does the firm recognize and consider the various risks associated with the different types of ERISA plans, and the related audit requirements? Adequate library – does the firm have ERISA specific tools in their library? Does the firm have ERISA specific industry audit guides? EQCR criteria – has the firm established criteria that consider the uniqueness of their ERISA practice? Does the firm recognize that different types of ERISA plans may include issues that are covered by their EQCR policies? Does the firm have adequate depth internally to manage any required EQCR? As needed, does the firm utilize outside resources to perform any required EQCR? Membership in AICPA’s EBP Audit Quality Center – is the firm a member of this Audit Quality Center? If so, have they adhered to the membership requirements? Audit checklists/practice aids used – what resources are utilized for the firm’s ERISA audit practice? Are the resources appropriately industry specific? Specific Testing Issues unique to Employee Benefit Plans Depending on the type of ERISA plan audit, peer reviewers are charged with considering the unique risks, many of which have been specifically identified as such in peer review literature. Some of the most prominent issues, and those that have resulted in peer review findings, include issues related to: Plan document – does one exist? Does the auditor have a copy? Use of a Specialist – did the auditor evaluate qualifications and findings of the specialist? Did the auditor document this evaluation? Full Scope Audits – was there testing of the value of investments at end of plan year, including net changes? Testing investment gains/losses at participant level –was this done, even in a limited scope audit? Unusual assets – was there adequate evaluation and testing of methods used to determine value? Did the auditor adequately document this evaluation and testing? Benefit Payments – was eligibility to receive the benefits tested? Was there recalculation of benefit amounts? Fair Value Measurements – is there sufficient audit evidence that fair value measurements are correct? Implications of a Nonconforming Employee Benefit Plan Audit Engagement In 2013, the AICPA Peer Review Board approved guidance regarding engagements that are deemed as not performed or reported on in conformity with applicable professional standards in all material respects - also known as “nonconforming engagements”. The guidance can be found in the August 14, 2013 Board Open Session Agenda Item 1.4 and has been incorporated into the 2014 AICPA Peer Review Manual. This guidance must be used by a peer reviewer, should be considered by the reviewed firm, and will be followed by each administering entity’s Report Acceptance Body. Do realize - this guidance covers any engagement in any industry. However, considering the earlier mentioned highly scrutinized category of an employee benefit plan audit, firms should pay particular attention to this guidance, in addition to overall peer review reporting standards and what the rules are concerning: Possible effects on the Peer Review Report In a system review the primary objective is the evaluation of a firm’s system of quality control. A peer reviewer is to consider any engagement matters in the context of the reviewed firm’s system of quality control. The peer reviewer’s first task is to determine the cause - to ask Why? When the underlying “Why” is identified, the reviewer can then determine if the matter rises to the level of a finding, a deficiency, or a significant deficiency. To assist peer reviewers of ERISA plan audits, the AICPA checklist used for the review of audits of employee benefit plans was recently updated. Certain questions are in bold in the checklist. These questions have been identified as related to ERISA audit areas noted as frequently not being performed in accordance with professional standards. One important factor to consider is whether the matter is isolated or pervasive. Depending on the size of a reviewed firm’s ERISA plan audit practice this consideration can sometimes be tricky, as it can be difficult to expand scope to adequately evaluate if a matter is pervasive. Ultimately, a peer reviewer must evaluate the underlying cause(s) and the resulting level of the matter. Firm’s response to any findings/deficiencies is very important If any engagement, including an ERISA plan audit, has been identified as a nonconforming engagement, AICPA Peer Review Program standards include Supplemental Guidance in section 3100 (page 3123 in the 2014 AICPA Peer Review Program Manual) that addresses a reviewed firm’s responsibilities. A reviewed firm is to consider applicable professional standards and is to provide a genuine, comprehensive and feasible response. If this is not adequately done, the peer reviewer is to evaluate whether this indicates a potential failure to comply with the leadership or “tone at the top” element of the firm’s system of quality control. Considerations of the Administering Entity The Administering Entity’s Report Acceptance Body Handbook was revised by the 2013 guidance to state that a peer review should not be accepted if the reviewed firm’s response is not deemed to be sufficient (genuine, comprehensive, feasible) related to any nonconforming engagements. Further, the RAB is to consider if a monitoring action is needed, to require review of the firm’s remediation of the nonconforming engagement. A peer reviewer or RAB should not require a firm to take certain actions. However, the RAB can require the reviewed firm make appropriate considerations regarding nonconforming engagements as a condition of acceptance of the peer review. Non-acceptance could result in a firm being deemed non-cooperating, which could result in a referral to the AICPA. The AICPA deems such circumstances to be important in any case, but of great importance in the highly scrutinized area of employee benefit plan audits.